The Covid Security Challenge

In a survey of over 200 Threatpost readers, about 52% revealed that their organizations are prepared. However, they still have some groups of employees who present security challenges when it comes to work from home (WFH) approaches. Around 30% said that they feel that they’re fully prepared to make the transition to remote working.

Looking At The Statistics

Around 13% revealed that they are only prepared to move a minority of their employees to online platforms. About 70% of the respondents consider remote working as a fairly new strategy. Meanwhile, one-third of the survey’s respondents admitted that less than 20% of their user bases telecommuted well before the social distancing measure was imposed to prevent the spread of COVID-19.

About 11% said those who worked remotely are “road warriors.” Amid the coronavirus pandemic, 40% reported an increase on the attacks on their remote footprint. There’s the other 10% who reported a rise in coronavirus-themed scams. Before the week ended, 81% committed that at least 50% of their workforce would be WFH. But there’s a problem, about 47% of those who wish to shift their workforce to remote working admitted that their security teams don’t have any emergency plan in place.

Common Issues Raised

The respondents that the top challenges they faced when it comes to securing their remote footprints is end user security awareness. Another issue is having sensitive data housed outside the office and transmitting it through the open internet. Insufficient foot print visibility, VPN costs, mobile security, and patching as well as updating are a few other concerns.

Cybersecurity Challenges

There are many moving pieces. Companies need to deal with confidentiality, integrity, and availability concerns. Businesses who wish to move to remote working needs to ensure regular updates and upgrades as well as timely intervention responses.

They also have to have a plan in place in case the device is lost or stolen. They also have to keep some type of patching cycle and that includes possibly non-domain devices into that.

Short-term Cybersecurity Strategies

Even with the Bring Your Own Device (BYOD) approach, you still need to enforce policies and implement strategies like remote management and monitoring. A lot of administrators are finding less resistance to such arrangement since the coronavirus pandemic. You also need to tell users that even with BYOD, they are still susceptible to online attacks, which could compromise their personal accounts, data, and information during this challenging period. Always remind them that these measures are for their protection and the organizations.

SpartanTec, Inc. Benefits

• Ease of administration - Ideal for remote situations
• Protection model - No intervention required, managed service, No rollbacks to manage, No suspicious files
• Can augment existing protection or provide coverage of BYOD or critical infrastructure while you’re away
• Stay on top of patches while workers are remote - No need for WSUS or manual local management
• Secure remote device data - Full disk encryption with BitLocker

Call SpartanTec, Inc. if you need the help of an IT expert to make sure that your cybersecurity isn’t compromised once you move to WFM amid the coronavirus pandemic.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

All About Online Tools During The Coronavirus Pandemic

A bigger part of the world’s workforce is transitioning to digital platforms and the tools that help with the productivity and the connection are the educational and healthcare platforms, messaging apps, and video conferencing, to name a few. It is crucial to know the ways such tools can affect your digital security and privacy during the coronavirus pandemic.

Below are a few things you need to know to help you make informed decisions when it comes to finding what works not only for you but for your communities as well. You’ll also learn how you can use privacy and security best practices to protect yourself as well as others.

Free Slacks

There are a lot of articles written about the data retention issues of Slack especially when it comes to the software’s free version. With several organizing groups and mutual aid networks coalescing on Slack to support the communities, it’s crucial for users to be aware that the firm keeps their messages when they’re using the free plan and the could not delete them automatically. Slack, by default keeps all of the messages in a channel or workplace as long as the workspace still exists.

For paid workspaces, you can alter the number of messages that are kept in the database of Slack. In case you are using the free version, this option won’t be available to you.

Schools Moving to Online Learning

Surveillance must not be a required to get an education. However, even before school districts began moving their coursework and classes to digital forums to follow the social distancing protocols, surveillance has become a common thing in schools. The possibility of surveillance to ramp up is alarming especially because of the move to digital learning.

If your school is utilizing or thinking of using Gaggle, Social Sentinel, GoGuardian, Bark, and Securly, then you should check the guide to privacy for students. It tackles several surveillance and privacy concerns that such techonlogies raise, with methods to cut back the data that’s being tracked, advocacy methods, and risk mitigation strategies.

Telehealth and Non-HIPAA Platforms

The HHS has changed the HIPPA regulations during the coronavirus pandemic, letting health care providers to utilize applications like Facebook Messenger, FaceTime, Skype, Hangouts, Zoom, and etc so they’ can remotely provide care to their patients. In case your health care provider is using a platform or application that’s not covered by the HIPAA, you should ask them about the security measures they have in place to make sure that your privacy is protected at all times. You should also ask what their timelines and plans are for moving to other platforms that are HIPAA compliant.

Tools for Assessing Risk and Staying Safe Online

If you know how to minimize risk then you can keep yourself as well as others safe when there’s crisis. Here are a few tips you need to know if you want to improve your IT security Myrtle Beach.

• Assess the select the tools or software that you use to make sure that they work for you
• Find out about the very best cybersecurity practices when communicating with other people and add them into your tools and routines
• Create strong passwords by using a password manager
• Make sure that you have enabled 2FA for as many accounts as you can
• Know what your needs are and select the perfect VPN for you

Call SpartanTec, Inc. if you want to know more how to protect yourself and your family from online threats as more and more people spend time online while on community quarantine due to the COVID-19 crisis.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

The malware at the heart of the campaign is Emotet, which began life as a banking trojan, but it has morphed into something quite different in recent times.

It's now a full-fledged botnet and its creators are leasing it out to anyone who can pay.

Make no mistake, the latest configuration of Emotet isn't a threat to be taken lightly. Last year, it accounted for almost two thirds of malicious payloads delivered via phishing attack. The malware was heavily used throughout much of 2019, suffered a marked decline during December, and then came roaring back to the fore in January of 2020.

While the major thrust of this latest campaign is aimed at financial institutions, a small number of attacks have been made against companies in the media, transportation, and food industries.

The campaign is being conducted largely by phishing emails that contain a Microsoft Word Document that pretends to be an invoice for a service recently rendered. The email subject line varies but in all cases it mirrors the invoice and/or bank details.

Naturally, if a recipient attempts to open the invoice, he or she will get a popup box indicating that Macros must be enabled in order to properly view it. If the recipient clicks the button to enable macros, the malicious payload will be installed.

This is time tested and a reliable method of getting malicious code onto target machines. It's been around for years, but it's still in use because it's so effective. Make sure your employees are aware of the threat and stay vigilant. If the early indications mean anything, 2020 is going to be a very trying year.

If you have business in the financial sector, don't leave your network, systems, and devices unprotected. Call SpartanTec, Inc. now.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

New Phishing Emails Use Convincing Security Credentials

Unit 42 is a research division of Palo Alto Networks. Their researchers have discovered a sneaky and surprisingly effective phishing campaign that appears to have been launched in January of this year (2020).

When targeted by this attack, a user will get an email containing a braded document containing the name of a legitimate cybersecurity provider.

The name of a known cybersecurity provider alone generates a certain amount of trust in the reader. In addition, the email contains a password protected document, which naturally is the kind of security that a company in the security business would utilize.

Most of the emails contain subject lines that indicate the recipient is entitled to a refund or a free security product upgrade. That builds on the trust already established and gives the user an enticement for opening the enclosed file that has been password protected "with their security in mind."

Naturally, nothing could be further from the truth. If the user unlocks the protected file, he or she unwittingly enables the macros embedded in the file, which will then activate and install NetSupport Manager. The manager is surprisingly a completely legitimate remote access control program, but used here for nefarious purposes.

As long as it's running quietly in the background, it gives the people who sent the email a secret inroad into the machine and the network it is connected to.

Not only is the use of a known cybersecurity firm name a sneaky bit of social engineering, but the use of a perfectly legitimate remote connection tool is as well. That is because no antivirus software on the planet would flag the tool, which gives the hackers using it in this way a completely untraceable means of gaining access to a wide range of networks.

Be on your guard against this threat. It's insidious, and the folks behind it could do a lot of harm to your company. Call SpartanTec, Inc. now and let our team of IT experts help you.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Treat Ransomware As Data Breaches And Report It Right Away

It’s only been a few months into the year but there’s already been a significant increase in the use of ransomware that steals data. It is a type of ransomware that encrypts the data of the victim and extracts it to the server of the attacker.

The data that’s been stolen will then be used to force the victim into paying their specified ransom. But, evidence shows that cybercriminals also utilize the data to execute phishing attacks on customers and business partners of the victim firm.

IT experts suggest that businesses disclose these ransomware incidents as soon as possible. Reporting incidents, especially the ones that involve ransomware that’s can exfiltrate data is important to prevent other companies from falling victims to a similar attack.

Lack of Disclosure

As of the moment, companies are not legally required to report ransomware incidents. Organizations that have fallen victim to ransomware could fix the problem, by paying or not paying the cybercriminals and resume regular business operations, without telling their partners, customers, or the public about the cyberattack.

This is a common response with traditional ransomware. The data of the company was encrypted but it was not read, altered, or extracted. In theory, PII or personally identifiable information was exposed so the company doesn’t have to deal with business interruption and reputational loss that come after they report the incident.

This kind of reasoning won’t hold up when it involves data-stealing ransomware. Nemty, DoppelPaymer Sodinokibi, Maze, and other ransomware groups have started using methods that allow them to extract the data of their victim to a remote server where they could read, manipulate, and use the data however they like. The data that was stolen will be used to force their victims to pay the ransom. But it can also be used for spearfishing attacks.

Data Theft and Spear Phishing

Spear phishing refers to a cyber attack that targets certain people in a company to access crucial data like staff credentials, financial data, in this situation, deliver ransomware through suspicious email attachments.

Given that actors have access to the data of the company, and in some cases, emails – lets them make very convincing email messages. In certain instances, those emails might even look like a reply to a message, which makes it look like it is a legitimate email to the victim.

Companies Stand Silent When It Comes To Cybersecurity

When a business face a ransomware attack, its business partners, suppliers, and customers will be on the lookout for targeted attacks. But, this is not the case. Because organizations are not required to report ransomware incidents, there is some motivation for businesses to come forward and admit that their company was hit by ransomware.

What Should Businesses Do?

Data stealing ransomware are becoming increasingly rampant. Now is the time to start referring to ransomware incidents like data breaches.

All ransomware incidents must be thought of as data breaches until they are proven otherwise. Governments create a legislation wherein ransomware attacks to be considered as data breaches and ask the affected business to immediately issue notifications.

Call SpartanTec, Inc. now and let our team set up the most effective cybersecurity measures to protect your business against today’s most common online threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

5 Ways To Prevent Data Breaches

Businesses need to prioritize data security especially these days when high profile information security breaches are almost always making the headlines. Organizations today face a one in four chance of having an information data breach that would cost about $2.21 million over the next two years. The aftermath of a data breach includes distrust, revenue loss, decreased loyalty among customers, and a negative reputation for your brand.

Prevent Information Security Breach

Asset Inventory

Visibility of what software and hardware assets you have in your network, as well as physical infrastructures, would help you get a greater understanding of the security posture of your organization. An asset inventory could also be used to create ratings and categories around the vulnerabilities and threats your assets may come across with. Ratings and categories for these vulnerabilities could assist you in prioritizing the remediation efforts that would occur on these assets.

Information security breaches add emphasis to endpoint protection. It’s not enough to have an antivirus installed to prevent a major breach. As a matter of fact, if you depend only on your antivirus software, you’ll be leaving your endpoints such as your laptops and desktops, widely exposed. Your devices would become the entry points for breaches.

An in-depth endpoint solution would utilize encryption to stop data leaks and loss, implement unified policies to protect data across all your endpoints, networks, servers, thereby lowering the possibility of a data breach.

Vulnerability and Compliance Management

Using a VCM or vulnerability and compliance management tool or at least completing a vulnerability assessment can help you pinpoint weaknesses, gaps, as well as misconfigurations in the security within your virtual and physical environments. VCM could check your IT assets and infrastructure continuously for compliances, vulnerabilities, as well as configuration best practices. An effective VCM lets you develop an action plan for remediating such vulnerabilities and designate them to the appropriate employees.

Audit Security Posture Regularly

Undergoing audits on a regular basis to determine potential new openings in governance and compliance would help in your security posture validation. A security audit would be a more comprehensive assessment of your business’ security policies compared to the penetration testing or vulnerability assessment. A security audit will take into account the dynamic nature of the business and how the company deals with information security Myrtle Beach.

Common Questions During A Security Audit

• Does your business have documented policies about information security?
• Did you set up escalation profiles, management processes, and processes document and monitored, and a playbook in case there’s a breach?
• Did you prepare network security mechanisms?
• Did you set up a log and security monitoring?
• Did you come up with a Disaster Recovery & Business Continuity Plan?
• Did you test your applications for security flaws?
• Do you have a change management process set up at each level within the IT setting?
• How do you back up your files and media? Who can access the backup? Have you tested your restore procedures?
• Have you reviewed the auditing logs? When do you review them?

Employees Must Be Trained and Educated

Once you have completed your security policy audits, you can now implement a written employee policy that involves data security and privacy. You need to conduct security training regularly so that all of the staff members know about these newly created policies since they won’t comply with policies they are not familiar with. When you are setting up your security policy for your staff, you should take into account training on these things:

• Using different unique passwords on devices that are used at work
• Enforcing a documented system for employees, contractors, or vendors who are set to leave your company (laptop access, key cards, passwords, etc.)
• Training staff on the importance of reporting data security leaks or information security breach
• Developing a policy that will describe how your staff should deal with, get rid of, restore, and even send data

Your staff requires training on the kinds of phishing attacks that take place these days. Phishing is a common method used by cybercriminals to spread ransomware in an organization. If you could train and educate your staff about the signs to search for in a dubious email, your business will be well served.

Call SpartanTec, Inc. now and let our team of IT experts help you establish security measures and protocols to mitigate online security threats.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-420-9760
https://www.spartantec.com/

Old School Virus Called KBOT Is Hitting Networks

There was a day when worms were once common, terrifying threats on the internet. In the early days of the world wide web, there were a number of famous attacks that were considered highly advanced for their time.

Time and technology have moved on of course, and these days, modern malware is significantly more advanced.

Except for KBOT. KBOT is a blast from the past. Recently discovered by Kaspersky researchers, KBOT has been dubbed "the first living virus in recent years that we have spotted in the wild."

They describe the virus as follows:

"KBOT poses a serious threat because it is able to spread quickly in the system and on the local network by infecting executable files with no possibility of recovery. It significantly slows down the system through injects into system process, enables its handlers to control the compromised system through remote desktop sessions, steals personal data, and performs web injects for the purpose of stealing users' bank data."

As you can see from this brief description, this piece of malware might be old school, but it's a serious threat. By destroying the files it infects, it's not just a matter of getting rid of the infection. Invariably, you'll have to reinstall all the infected code on the PC.

In addition to being a highly destructive virus, it's also designed to steal vast quantities of data. Then it makes a priority of connecting to its command and control server once it establishes a hold so it can send back any data it's been coded to target.

If it's not already on your radar, it certainly deserves paying attention to. If you find yourself unfortunate enough to be on the receiving end of a KBOT infection, know that it will cause a tremendous amount of damage and bring your network to its knees before you get it under control.

SpartanTec, Inc. is here to analyze your network and help you design a plan to keep your data secure.  We work with companies of ant size and can provide services from a secure firewall to 24/7 monitoring.  Contact us for a free analysis.

SpartanTec, Inc.
Myrtle Beach, SC 29577
843-418-4792
https://www.spartantec.com/