Ulistic Projects Blog

Cyber attackers are highly motivated to obtain or corrupt your company’s data. But whether their motivation is to steal your funds outright, hold your data for ransom, practice espionage, or simply disrupt your business, most hackers cannot access your network without an “in.”

In other words, they require a login, personal access codes, or network access through malware to initialize their breach. Unfortunately, a recent report released by Verizon has concluded that 93% of the time, a cyber attacker’s “in” comes to them in the form of a social engineering attack on your employees.

The only way to prevent such breaches in your security is with proper cybersecurity training.

What is a social engineering attack?

Social engineering attacks are frankly less high-tech than traditional cyber attacks by highly knowledgeable tech criminals. In other words, they don’t require the extensive knowledge and tools needed to directly hack a highly protected computer system out of nowhere.

Social engineering attacks are more like street scams — only they’re usually done online or sometimes, over the phone. These scams use human psychology to fool individuals into willingly giving up sensitive information. In the case of your business, the targets are your employees.

There are several types of these attacks, including “phishing” and “pretexting,” which are quite similar and often go hand-in-hand. Phishing emails, however, remain the most common type of social engineering scam.

What are phishing emails?

In short, a phishing scam might be an email sent to the employees of your company that looks legitimate. It might (appear to) be from the employee’s bank, for example. It might request that your employee “click here” and login to (what looks like) the bank website so that the bank can “update your information” or “confirm your identity.”

A phishing email might also promise something to the recipient: “Here’s your free 50% off coupon! Click here!” or use a so-called emergency to illicit fear: “Someone has hacked your account. Click here to get it back.”

If your employee does indeed click on the malicious link of a phishing email, they will likely be taken to a blank or uninteresting page. In the meantime, however, the link click will have initiated the installation of malware onto the employee’s computer. This malware then enables the hacker to obtain sensitive information or disrupt or damage your company’s data.

How can company’s prevent phishing scams?

The reputational implications of any type of security breach — even one that doesn’t actually corrupt or steal your data or funds — can be enormous. Of course, it goes without saying that if you are caught in the crosshairs of a data ransom or cyber theft, the financial implications will be equally devastating.

As we’ve learned from the Verizon report, most security breaches are linked with phishing. Therefore, cybersecurity training for your employees is the best preventive solution you have for stopping security breaches before they start.

Employee training is not expensive, yet it is highly effective. Your employees should learn the following throughout their ongoing training:

• How to identify a range of phishing and pretexting scams
• How to proceed should they find an email, phone call, or social request suspicious
• Your company’s strict policies and procedures for communication (for example, “We would never send emails requesting personal information from our employees as this would only be done in person.”)
• Notice of increased risks for phishing scams around the holidays
• Notice of the most recent and common scams currently trending

Cybersecurity training should be frequent and come at regular intervals throughout the year as attack strategies often come randomly in spurts and habitually change tactics.

While cybersecurity training is your best line of defense when it comes to phishing and security breaches, it’s also important to hire a reputable IT managed service provider (MSP) to handle your network and security. Your MSP should have experience and broad skill in protecting their clients from network breaches. Contact qualified MSPs in your area today to learn more about protecting your business from cyber attacks.

Moving from hardware solutions to software solutions isn’t a new concept for technology professionals, but network infrastructure has traditionally been a hardware-focused world even as applications move to the cloud. With the introduction of SD-WAN, or Software-Defined Wide Area Networks, IT professionals find themselves needing to retool their understanding of flexible networks and security. The MPLS (Multiprotocol Label Switching) has been in use for decades and is an extremely reliable — yet pricey — option for connectivity. Today’s SD-WAN provides the modern organization with the flexibility, scalability, security and efficiency needed to stay competitive in a fast-changing world.

The Basics of SD-WAN

At its most basic, you can think of SD-WAN as a way to tie together a variety of disparate networks as it is equally efficient with internal as well as external internet and even cloud-based applications. Instead of a more rigid WAN network, SD-WAN allows you to configure your network quickly from a centralized location, reducing the potential of human error that can bring your network to its knees and productivity to a screeching halt. Since all variables are driven by software that you configure, this structure can be quickly scaled and new remote locations added without requiring an intense investment in time and physical hardware or redesign.

How Do You Manage a Software-Defined Network?

A key value that you gain when you shift to an SD-WAN is the ability to make shifts locally as well as globally from a centralized dashboard. This makes changes swifter, but also helps protect your network by ensuring that universal security standards are applied at all locations equally. Using an SD-WAN configuration gives you the added benefit of consolidated troubleshooting and error reporting so you can quickly identify any trouble spots or network hotspots and shift resources as needed to add speed and efficiency to your network — something that users are sure to appreciate, even if they never realize it is happening.

What Are the Business Benefits of SD-WAN?

Upgrading your network from a more restrictive model to SD-WAN has a variety of benefits for your organization. While some of these gains are realized upfront, others will continue to add value to your organization over time.

• The cost of connectivity using an SD-WAN is less expensive than traditional MPLS, an especially important point when you consider the bandwidth-heavy applications that business users require.
• While there is a high level of expertise required for upfront configuration of a software-defined network, ongoing changes are less intensive and can potentially save you consulting fees in the future.
• Your business users will appreciate that network availability is high because there is no need to take the network down to make configuration changes or upgrades.
• Your technology team is able to define networking rules in the language of business — SLAs, security restraints, apps and users — making the network easier to understand and maintain in the future.
• With Gartner noting that nearly 25% of businesses will utilize SD-WAN in 2019, there is a growing body of knowledge within the IT community that makes it easier to find resources to support your network infrastructure. The SD-WAN market is expected to grow to $1.3 billion by 2020.
• Cloud-based applications continue to emerge in all sectors of business, and it can be challenging to protect these applications without a consolidated hub of security rules. SD-WAN allows everything from SaaS to traditional connections to be covered under the same business rules.
• Branches and remote workers will appreciate having access to the same high quality of connection that they enjoy at the office, instead of having to deal with restrictive security procedures and application latency.

Instead of relying on the hardware to make decisions about connections speed and connections as with MPLS, SD-WAN makes agile decisions about the best way to connect users and the data or applications that they need to access.

What Type of Business Benefits from SD-WAN?

While there are many benefits of SD-WAN, there is one downside that can be a deal-breaker for certain organizations. Software-Defined WAN does provide extremely reliable uptime, but there can be more packet loss than you would see with a hardware-based network. In this case, you may want to consider a hybrid infrastructure that lets you gain the benefits of SD-WAN for the majority of your applications yet maintains any heavy applications that simply cannot abide packet loss on a more traditional MPLS. The majority of organizations are looking for ways to reduce their cost of connectivity and have very heavy use of their internet or intranet connections — making SD-WAN ideal. Businesses that are growing quickly or expanding into new regions are also likely to see gains from making the switch.

Many organizations are seeing that shifting to an SD-WAN model may help them future-proof their business by creating a flexible, scalable and secure model that can grow with their business. From the reduced cost of connections to the high availability environment, it’s clear that the conversation around SD-WAN will not be going away in technology groups around the world.

A healthy, growing business is almost always a good thing. Still, expansion brings with it certain responsibilities on your part.

If your business is growing quite quickly, it’s important to understand that large changes or adjustments may need to be made. This could mean hiring more employees, starting to provide employee health insurance, advertising more and spending more on marketing services, or obtaining more physical office space.

One area that you certainly won’t want to ignore as your business expands is your company’s information technology provider.

Many businesses who start small assume they can keep their IT provider as they grow. However, it’s important to realize that some providers aren’t equipped to handle larger businesses — those who often necessitate sprawling networks and extensive security needs.

To determine whether your company will soon require new IT services, consider the following questions about your current IT provider.

How familiar are they with your specific industry?

Often, when you’re just starting out, you’ll hire an IT provider who handles information technology services for a broad range of industries. Without a doubt, working with these types of providers will help your growing business by cutting costs. At the same time, you’ll still have your IT taken care of.

But as your business grows, you’ll want an IT provider with unique expertise in your industry. Niche IT providers who specialize in IT for hospitals, transportation services, or optometry offices, for example, are much more likely to provide you with better-quality service and improved security.

They are knowledgeable about and regularly brush-up on industry standards. They keep up with new and cutting edge technologies in your industry. And most of all, they are constantly aware of common security threats (and solutions) to businesses like yours.

Do they service other companies of similar size?

Take a look at who else your IT company serves. Are there any clients who match your company’s size? If so, do you believe those companies would also necessitate the same amount of attention and security as your company?

Even if your current provider services a company comparable to your size, if that company is a greeting card business and you own a chain of dental offices, you may have more to think about than just size. Namely, you’d have personal medical information within your network and a unique and crucial need to avoid breaches, scams, and possible liability catastrophes.

How often do you require troubleshooting services?

Are you already in near-constant communication with your IT provider for recurrent outages, network errors, slow-downs, and other problems?

Certainly, troubleshooting is one of the reasons you have an IT provider in the first place. However, the best providers should be able to set-up a network that requires infrequent service.

Moreover, preventable errors that happen once should not happen again. The downtime that results from problems in your network will inevitably hinder your business’s success. Moreover, as a company that’s growing, things will only get worse if you do not improve your service now.

How have they handled network problems to date?

When you have needed to make a service request in the past, what’s been your current provider’s track record?

Consider how easy they are to get in touch with. Are you able to speak with your own account manager or at least a representative who’s knowledgeable about your business?

How fast is your request handled? If it’s an emergency, such as a security breach or a system failure, how fast do they respond? If it’s a routine question or small system error, how fast do they respond?

Larger businesses need IT providers who know their business and are at-the-ready when a problem occurs. In fact, you should have a direct line to call when problems arise — one that answers to a live person.

Furthermore, as a growing business, you’ll want to anticipate that future problems will inevitably be more calamitous, especially when left unhandled for even a day or two. As your business expands, your IT provider must be immediately responsive, fully capable of handling any problem, and prompt in their service calls.

Have they presented a plan for accommodating your company’s growth?

First of all, have they taken notice of your company’s growth? A quality IT company will come to you first, noting that your company has been expanding and ideally, presenting a plan for your extended IT needs.

However, even if it’s you who needs to take the knowledge of your company’s expansion to your IT company, you’ll want to look for signs that they have a plan in mind to accommodate your anticipated needs.

They may, for example, suggest that you move from an as-needed payment plan to a monthly or yearly management plan. Many of the best IT providers who handle a range of company sizes will have at least these two options for their clients. When moving to a managed plan, you’ll be able to request assistance whenever necessary, paying a flat rate for their on-call care.

Find an IT Company Who Will Help Your Business Flourish

If, by evaluating the questions above, you’ve determined that it may be time to hire a new IT company, this certainly doesn’t mean that your current provider is entirely insufficient. It simply means that you’ve outgrown them, which in turn means that it’s time to move on to a more capable provider.

Taking the time to assess and realize your business’s extent of growth and possible outgrowth of an IT provider is an important step in your business’s expansion. Hiring an IT provider with adequate resources and capabilities to handle your expansion will ensure you’re fully prepared when it comes to your information technology — a foundational element that is, today, an invaluable component to businesses of all kinds.

Are you willing to pay the piper when it comes to cyberattacks?

Despite the growing number of cyberattacks on small- and medium-sized businesses, there is still a lack of awareness or proactive defense of the networks, computer systems, applications and devices being used. This inattention means it’s even easier for criminals to attack your business by worming their way into your data, stealing it and threatening to expose it. Other cyberattacks target the business itself, making systems and websites inoperable, costing businesses millions in the process.

Freeing the data or access often means paying a ransom, usually in the form of Bitcoin or some other cryptocurrency that’s impossible to trace.

How Much of an Issue is Cybercrime?

When it comes to cyberattacks on small businesses, the reality is, if you haven’t already been attacked, you will be. What matters is that you have the security protocols in place to make sure your business withstands these attacks and is not victimized by intruders looking to do harm.

The scope of cyberattacks, especially on SMBs, is staggering.

According to the 2018 HISCOX Small Business Cyber Risk Report, almost half (47 percent) of small businesses suffered a cyberattack in the previous year. Of those attacked businesses, 44 percent encountered a second, third or fourth attack. Eight percent had five or more attacks.

Yet the report shows a paradox. Business executives surveyed identified cyberattacks as one of their top two concerns, along with fraud. Sixty-six percent said they were concerned or very concerned about cyberattacks.

However, among those executives, the majority haven’t taken even basic steps to protect their businesses.

What Does a Cyberattack Mean to My Business?

If you do not invest in cybersecurity measures, you are a sitting duck. That means you’ll have to pay a ransom when your business is attacked. You will incur costs as well, including steps to identify and eradicate the intrusion, notify customers and regulators and pay for deep web monitoring or credit monitoring.

What is that financial cost? According to HISCOX, it’s $34,600 for small businesses. The 2018 Cost of a Data Breach Study: Global Overview conducted by the Ponemon Institute shows that among SMBs and enterprises, the worldwide average total cost is $3.86 million. The costs are increasing each year, too.

The Ponemon study shows some of the other inherent threats and disruptions a data breach can bring upon your business. Among key factors influencing the cost of a data breach, according to the study, are:

• The unanticipated loss of customers after a data breach is reported. Organizations that have established institutional trust and offer identity protection to victims are more successful in retaining customers.
• The scope of the breach and the number of records lost or stolen. Ponemon calculates the per-record cost at $148.
• Time. The longer it takes to discover the data breach and contain it, the more costly it is to the affected business.
• Scope of remediation. When an attack is discovered, your business is going to incur expenses it didn’t plan for, including for independent investigators, forensic analysis, auditing services, crisis PR management and continuing brand and reputation repair initiatives.
• Service needs. These included the demands for help desk services, marketing and communication, distribution of new account information or credit cards, legal costs, regulatory investigations and fines, product and service discounts to retain customers and increased insurance premiums.

The costs, both real and impressionistic, can cripple a small business that does not have the resources to recover from a cyberattack.

What Should Our Business Do To Protect Itself?

Protection begins with a thorough assessment of your systems and procedures to determine where there are vulnerabilities that need to be addressed. Working with a qualified managed service provider, you can understand where the exposures are and plan to fix them.

Your managed service provider will want to look at several components, including:

• Network security that’s based in next-generation firewalls to identify and contain unwanted activity
• Automated solutions to update anti-malware applications and install updates and patches
• Policies regarding access, password protocols and authentication

With the proper security in place, you can avoid paying a ransom and putting your business at risk.

Impacted Systems:

• Windows Server 2003
• Windows XP
• Windows7
• Windows Server 2008

Nonimpacted Systems:

• Windows 10
• Windows Server 2016
• Windows Server 2019

If you are still using Windows Server 2003 or XP, Windows 7, Windows 2008 R2, or Windows 2008 you could be in trouble. A wormable virus may be coming your way. The virus is designated as CVE-2019-0708.

This means that the virus can get into your system without you doing anything like clicking a malicious link. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights without your knowledge.

What Should You Do?

Microsoft has released a critical update for their Remote Desktop Services that impacts multiple Windows versions. The patches are for devices and systems that are both in and out-of-support, which is rare for Microsoft to do. This shows the importance of these patches.

The update addresses the vulnerability by correcting how Remote Desktop Services handles connection requests. To apply the patches, go to the Microsoft Security Update Guide for in-support systems and KB4500705 for out-of-support systems.

Note: Clients & Customers on a valid managed services agreement are being taken care of and there is no immediate action for any computer, server or other devices under a valid managed services agreement.

Microsoft recommends that customers running one of these operating systems download and install the update as soon as possible.

Does This Mean Even Systems Without Support Can Get The Patch?

Yes, Microsoft is aware that some customers are running versions of Windows that no longer receive mainstream support. This means that you wouldn’t have received any security updates to protect your systems from the CVE-2019-0708 virus.

Given the potential impact on customers and their businesses, Microsoft decided to make security updates available for platforms that are no longer in mainstream support.

All Windows updates are available from the Microsoft Update Catalog.

What Should We Do Before We Apply The Update?

It’s recommended that you back up all of your important data first. If you have a reliable backup, if the patch creates problems you can still access your data. You should do this before you install any patches.

What If We Can’t Apply The Patches?

If you can’t apply the patch for your system there are other things that you can do:

• If you don’t need the Remote Desktop Services, you can disable it.
• Block the TCP port 3389 (this prevents unauthorized requests from the Internet).
• Enable NLA (Network Level Authentication) for Windows 7 and Windows Server 2008.

Of course, the best thing to do is to contact your local IT services company. They’ll know exactly what to do.

What Is A Wormable Virus?

This means that any future malware that uses this vulnerability could propagate from one vulnerable computer to another. This is how similar malware like WannaCry spread around the world. Experts are worried that this flaw could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Here’s what Simon Pope, director of incident response for the Microsoft Security Response Center tells us:

“This vulnerability is pre-authentication and requires no user interaction,” Pope said. “In other words, the vulnerability is ‘wormable,’ meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. It is important that affected systems are patched as quickly as possible to prevent such a scenario from happening.”

Have There Been Any Attacks Yet?

Microsoft said they haven’t found evidence of attacks against this dangerous security flaw. But one could happen at any time. Right now they are trying to prevent a serious, imminent threat with these patches.

Simon Pope goes on to say:

“While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware.”

What Does The Microsoft Remote Desktop Do?

You use the Microsoft Remote Desktop application to connect to a remote PC or virtual apps and desktops made available by your admin. You can control your desktop computer and all of its contents from another computer.

The app lets you connect to your desktop from wherever you are. The access to the remote desktop happens over the Internet or via another network. It lets you interact as if you were physically working from your desktop.

The Remote Desktop application also gives the “master” computer access to all of the contents on the remote computer.

What Else Should We Know?

If you had updated from Windows 7 to Windows 10 or from Windows Servers 2008/2008 R2 to Windows Server 2016 or 2019, you wouldn’t need to worry. This is why it’s essential to keep your systems up to date.

Soon, on January 14, 2020, support will come to an end for all Windows Server 2008, 2008 R2 equipment and the Windows 7 operating system.

If you’re still using these servers or operating system, it’s crucial to replace them now so that there’s no disruption to your daily operations or loss of data.

Any hardware or software product that reaches its end of life is a potential gateway for hackers to enter through. In addition to the security hazard, there are other reasons why it isn’t a good idea to keep using old equipment such as unresolvable outages.

Where Can We Get Help?

Contact us to ensure your Microsoft desktops and servers are secure and protected from unauthorized intrusions.