Understanding PrintNightmare: a Print Spooler Vulnerability

PrintNightmare: Understand and Overcome

In June of 2021, Microsoft issued a warning entitled “Windows Print Spooler Remote Code Execution Vulnerability.” This vulnerability, known as PrintNightmare, leaves the print spooler open for a hacker to attack by allowing anyone to remotely install a printer ‘driver’ with the ability to execute malicious code and take complete control of a PC. The attacker could access data, create new accounts, and destroy users’ accessibility to their devices.

This is an ongoing issue. While there has been a security update from Microsoft addressing this vulnerability, it is not perfect, and many devices are still at risk. We will discuss ways to mitigate the problem and keep devices safe from this vulnerability. By following the steps in this post, you will be better equipped to handle these attacks and reduce the probability of becoming the next victim.

 

What is the Print Spooler?

The print spooler service is a software program that manages any print jobs that need to be sent to a printer server. In many cases, Microsoft relies on this program for the organization and control of its devices. It is an essential program for anyone needing to print, and it keeps the print jobs organized and in order. While the print spooler is a practical and often necessary tool, it can also be dangerous if it falls into the wrong hands.

Some of the most basic functions of a print spooler include:

  • Managing the files that are in the process of printing on the device
  • Monitoring the files that are in the process of printing on the device
  • Keeping everything in order and organized as the items print

Most Microsoft machines have the print spooler system automatically enabled, and many do not think twice about it when activating their device for the first time. After all, when hackers are not attempting to break into it, it can be a very beneficial (and often necessary) tool.

Since its original release, there have been few maintenance updates on the print spooler. It was this lack of improvement that could have left it vulnerable to hackers and attackers. However, in July 2021, Microsoft issued a security update addressing this vulnerability. They are recommending that users install these updates immediately. After all, you do not want to be the next company with a data security breach.

 

Understanding the PrintNightmare Vulnerability

The PrintNightmare vulnerability first appeared in a June 2021 release by two research teams. It was so named because of the versatile nature of this weakness across a variety of different products. Recently, the PrintNightmare shifted from ‘low’ severity to ‘critical’ severity. Users need to be aware of this as it grows worse.

To fully understand this vulnerability, it is important to be familiar with the print spooler and how attackers can use it to their advantage. This issue is a critical flaw that may need to be handled in-house while Microsoft works towards finding a permanent solution for all users. Otherwise, the system could be taken over by hackers. 

 

What Are the Vulnerabilities in the System?

Two central vulnerabilities lie inside of the print spooler system. Each serves as a different attack point for a hacker trying to find a way into vulnerable devices. It is critical to understand each of them so that you know the weak points that they target.

The core vulnerabilities include:

  • Local privilege escalation, ensuring that a hacker who gets into a computer with low privilege can elevate to an admin level on the device
  • Remote code execution, which can allow the systems to be weaponized either locally or by using a domain controller

These vulnerabilities can offer power to the attackers that allow them to take over many systems at once. 

 

How Can Hackers Use This to Their Advantage?

It can be a little bit difficult to understand what hackers can do with access to a print spooler. This device’s only job is to manage printing items and does not seem like it would be very threatening. It is a program that many people overlook, yet hackers can pose a massive threat if they gain access to this software.

This threat includes:

  • Hackers gaining access to sensitive information
  • Manipulating private and personal data to their advantage
  • Installing malicious programs onto the device

These are just a few of the things that can happen if an attacker gains control of a system through the print spooler. It can be a massive invasion of privacy.

 

How to Mitigate PrintNightmare

Since the security update addressing this issue was released in July 2021, the best practice for mitigating the problem of PrintNightmare is to install this update. However, this update may not completely eliminate the threat of PrintNightmare. Some systems are not able to install the update, and it can cause issues with some printing devices. Because this update is not perfect, there are other options that can reduce the threat, depending on the devices operating system.

Option 1: Disable the print spooler service on your device.

Taking this action will stop hackers from being able to access the print spooler, and therefore stop them from being able to access data. However, this action would also disable to ability to print completely.

 

Option 2: Disable the option for print spooler to accept client connections.

Taking this action will prevent remote printing operations, which will remove the attack vector. This means that remote printing will no longer be possible (though printing locally to a directly attached device would still be possible).

These workarounds are not ideal, because the print service will not be able to be used in the way it was intended, if at all. However, the alternative could be losing access to the device altogether due to an extensive attack. Again, the best practice would still be to install Microsoft’s security update addressing this issue. However, because this isn’t an option on all devices, we will go over how to implement these workarounds.

 

Disable the Print Spooler on Windows 10 Home Edition

If unable to install the security update, the print spooler on every single vulnerable item in the workspace can be disabled. Any device that has a print spooler can be hacked into and potentially pushed into other devices. Follow each of these steps carefully so that you don’t have to start over again.

Once all of the items are prepared, you should enact the following steps:

  • Open the Start Menu
  • Type ‘PowerShell’
  • Pick ‘Run as Administrator’
  • When asked if you want to allow the app to make changes to the device, answer yes
  • Type ‘Stop-Service-Name Spooler – Force’ and push enter
  • Type ‘Set-Service-Name Spooler -StartupType Disabled’ and push enter. This will keep the spooler from starting up again when the computer is rebooted.

This sequence should disable the print spooler on devices containing the Windows 10 Home Version and a few other varieties. If you have the Windows 10 Pro or the Enterprise edition, there are a different set of steps to follow to disable the print spooler. 

 

Disable the Print Spooler on Windows 10 Pro and Enterprise Edition

If you have Windows 10 Pro or the Enterprise edition, the print spooler will need to be disabled using the group policy editor. This method only works for those two systems.

To disable the print spooler, you will need to:

  • Open the run box by using ‘Win + R’
  • Type gpedit.msc
  • Press enter
  • Wait for the Local Policy Editor to open
  • Type ‘Computer Configuration > Administrative Templates > Printers
  • Click ‘Allow print spooler to accept client connections’
  • Click ‘Disabled’
  • Press ‘Apply’ and ‘OK’

These steps should effectively disable the print spooler on the printer and other devices that operate under these programs. If it doesn’t work, double-check that you have followed all the instructions completely. 

 

Can You Enable the Print Spooler If Needed?

Enabling the print spooler again might become necessary if a print job is required. This action might seem intimidating, as it could potentially reopen the systems to hackers. However, enabling it for a short period of time should be relatively low risk. 

 

Enabling for Windows 10 Home Edition

To enable the print spooler again after it has been disabled, there are a few steps that can be followed. On the device:

  • Open the Start Menu
  • Type in ‘PowerShell’
  • Pick the option ‘Run as Administrator’
  • When asked if you want to allow the app to make changes to the device, answer yes
  • Type ‘Set-Service-Name Spooler-Startup Type Automatic’ then hit enter
  • Then type ‘Start-Service-Name Spooler’ then hit enter

This sequence should enable the print spooler again. If the security update has already been installed, this can remain enabled. If it was disabled temporarily for the ability to print, it can be disabled as soon as the printing process is finished to ensure the device is protected. 

 

Enabling for Windows 10 Pro and Enterprise Edition

Just like with disabling the print spooler, a group policy editor is needed to enable the print spooler on Windows 10 Pro and Enterprise Edition. This specification is critical to note, as this will not work for other versions.

To re-enable the print spooler on these devices, these steps should be followed:

  • Open the run box using ‘Win + R’
  • Type gpedit.msc
  • Hit enter
  • Type ‘Computer Configuration > Administrative Templates > Printers
  • Click to allow the print spooler to accept client connections
  • Pick ‘Not Configured’
  • Press ‘Apply’ and then ‘OK’

This process should successfully enable the print spooler on these devices. As with the other method, this can remained enabled if the security update has already been installed. If not, it can be disabled until the next time it is necessary to print.

 

Will this security update completely eliminate the PrintNightmare problem?

As previously mentioned, the best practice for reducing the PrintNightmare issue is to install the security update. However, the update is not flawless. There is a long way to go until PrintNightmare is completely eliminated.

The July Emergency update:

  • Only worked on a few select devices, leaving the others just as vulnerable as before
  • Caused issues for users attempting to print to various printers
  • Affected receipt and label printers that connected with USB

This update has its flaws, which can affect any Microsoft device. Future patches in development will likely be able to fix the issues that the current update has. Hopefully, this comes in the next few months. Until then, users that are still vulnerable should disable the print spooler for the safest results.

This is just one of many ways that your company can be targeted and data can be lost. If you’re looking to be more proactive in your cybersecurity, we’ve created an outline of five critical components your incident response plan should have. Read more about it below.

 

Moving Past PrintNightmare

The PrintNightmare situation is a wake-up call for those unaware of how vulnerable the print spooler can be. Hackers can easily lock themselves into the system and change data belonging to the user. They can then make use of the device remotely or through a computer elsewhere.

This is dangerous for users who are not aware of this problem. With the knowledge you read here, you should understand how to mitigate the issue until the issue is completely resolved. If you’re unsure of whether or not your network is secure, take our free, self-guided IT Security Risk Assessment, or contact us today for a free, 30-minute consultation.

For all you Star Wars fan out there – this is a meme summary of the seriousness of the attack.

 

5 Ways to Make Cloud Computing Work for You

For many, “the cloud” is a familiar term, although many struggle to describe what it really is. Loosely, the cloud can refer to any number of servers accessed via an internet connection. Some people are familiar with the concept that it is a data storage center, but they aren’t aware of much more than that.

Recently, the need for more services that fall under the umbrella of cloud computing has grown. There are numerous ways to use cloud computing to your advantage, but there is undoubtedly a cloud computing service you can use regardless of your needs.

data stored in cloud fact

What is Cloud Computing?

Cloud computing is a way to utilize computing services via the internet in any number of ways. These services are offered by a number of businesses and are becoming commonplace in business. It’s estimated that the market growth for cloud computing services well over doubled from 2016 to 2022 (see Figure 1).

To understand how to make cloud computing work for you, you’ll need to understand what services you need to utilize the cloud.

rapid growth of cloud computing chart

Common Services Available via Cloud Computing

In addition to the simple file storage applications that most people are acquainted with, there are scalable services available from many vendors that allow businesses to tailor cloud computing to their individual needs. So, whether you only need access to a specific application or need assistance with all aspects of your computing needs, there is a service in mind for you.

File Storage and Data Backup

These two services often go hand-in-hand, and it’s hard to talk about one without the other. File storage and data backup are two cloud computing services that most people are familiar with, with companies like Google and Dropbox offering storage services. These cloud computing services have been available for years, and most people have utilized them in one way or another.
Data backup is where file storage can become something more than simply storing documents. Data backup services often offer guaranteed protection of your data, shielding them from viruses, unexpected data losses through hardware failure, and encryption to protect them from prying eyes. In addition to this, the data backup process is often automated, needing no oversight from a person, whereas backing data up on an external drive would need supervision.

Infrastructure-as-a-Service

Infrastructure-as-a-service, or IaaS, is another common cloud computing service and is often identified as one of the most used types of cloud computing services. IaaS is the utilization of a vendor’s service and storage, networking services, and data centers. When choosing to use IaaS, you’ll still be responsible for the applications and tools that your computers will be using, as well as their operating systems.

IaaS is a great way to save on expenses for the necessary hardware to run a business, like servers, storage, and networking. So if you are looking to save money on capital costs when starting a business that needs these things to function, IaaS is the best choice for you.

Platform as a Service

Another common online cloud computing type is platform-as-a-service, or PaaS, which allows businesses to utilize environments to develop, test, and manage the applications that they are working on. Software developers often use PaaS services to help avoid the costs associated with developing a new application.
Using a PaaS service allows users to avoid having to pay for operating systems, servers and storage, networking resources, and data storage. The only thing that the user is responsible for is the code for the application being developed.

Software as a Service

While most people are familiar with file storage and data backup services, most are also patrons of some sort of software as a service, or SaaS. SaaS is the utilization of cloud-based applications or software. Email services fall under this category, and most people have an email address, meaning that they have used a SaaS service.
Other instances of SaaS services include monthly subscription-based programs, like Office 365 or the Adobe Creative Cloud. When using a SaaS service, you are responsible for nothing but paying for access to it, if needed. The vendor is responsible for the application and development of it, the operating system, servers and storage, networking resources, and the data center. It is often more cost-effective to pay for subscriptions to a cloud-based application than to pay for the licenses needed for each computer in a company. SaaS is an excellent way to save money and is easily scalable to fit the client’s needs.

Data Analytics

All businesses have some sort of data analytics needs. We live in the digital age, and businesses are constantly collecting data. Analyzing this data is crucial and often more demanding in terms of resources than the initial collection of the data. Cloud computing allows businesses to access the resources that vendors have to process power, making the analysis of large data sets a simple task rather than something that can take a large amount of in-house resources.

Typically, these services are on-demand and affordably priced, allowing companies to allocate funds to other company needs. The money that would have traditionally been spent on the hardware necessary to process these large datasets stays in the pocket of the business, with only a small percentage of it being paid to the vendor, which can make a world of difference in terms of budget.

 

What are the Benefits of Utilizing Cloud Computing?

While there are many benefits to using cloud computing services, here are the five most relevant to business owners and what makes cloud computing work for you.

1. Cost

No matter how you look at it, using a cloud computing service allows the user to save money. These savings are almost always associated with the initial hardware costs to set up servers and data centers and the required human resources. When using cloud computing, vendors provide the physical aspects for most computing needs and the IT expertise to keep them running smoothly. While the services offered are still paid for, they pale compared to the cost of setting up similar services in-house.

2. Performance

The high performance associated with cloud computing services can be attributed to the vendor handling all of the hardware related to the service. These vendors often have access to a network of high-performance data centers and computer hardware, allowing for faster processing times and, in turn, quicker computing than an in-house data center would.

3. Speed

The services offered by a cloud computing vendor are bound to be faster than in-house operations. The services they offer are preset and on-demand, ready-made for their clients. Even if the computing is complex, the system is typically set up for such computing, allowing the client to avoid the need to allocate resources to resource-heavy operations.

4. Productivity

Many, if not all, cloud computing services are prone to automatic updates and scheduled patching or maintenance. The vendor taking on these services allows any in-house IT staff to avoid meager tasks like software or application updates, leaving them to tend to more important matters that the client is responsible for. Additionally, these updates are seamless and meant to keep the client on the most recent product or service available, meaning that they won’t fall behind as software updates. This is a problem with purchasing individual licenses as opposed to paying for cloud computing services.

5. Security and Reliability

Cloud computing vendors understand the importance of keeping data safe, which causes them to implement numerous security features into their services. Keeping your data protected is one of the best ways to keep your costs down, as any sort of breach is costly. Additionally, these vendors are reliable, as they understand the responsibility they have to keep your data safe from loss. Often, if there is data loss, disaster recovery is more manageable than if it were to happen in-house, as they can keep the data backed up in several locations at any given time.

The Future of Cloud Computing

Cloud computing is a market that most, if not all, businesses cannot get away from. The required costs to initially set up all of the needed hardware and networking resources for a business can be higher than what is feasibly affordable, but many vendors have stepped in to fill the needs of these businesses. Their presence on the market allows businesses to avoid these initial costs and reduce the necessary hours for IT in-house. 

Cloud computing services are entirely scalable and applicable to all businesses. Whether you need access to office applications or an entire infrastructure to get your business started, there is an option available to you via cloud computing. It really comes down to your individual needs and determining what options are best for you.

At Edge Networks, we’ve made many of our clients ’ transition to the cloud easier and more secure. Contact us today for a free 30 minute consultation.

Social Engineering: Common Methods, Examples, and Preventative Measures

What is Social Engineering?

Social engineering is a strategy that has invaded much of our world today. Around 98% of cyber-attacks rely on social engineering to get them their information. So how does social engineering work? Thieves and criminals attempt to use manipulation to trick individuals out of information, because it is easier to exploit a human’s ability to trust another than teaching themselves how to hack software. Knowing the techniques they use, how they use them, and how to prevent these attacks can come in handy.

 

Keep on reading to learn more about this sneaky strategy that many manipulators use. By the end, you should be much more prepared to take on one of these attacks if it should happen to you. With any luck, you will be able to avoid the many ways that a hacker may attempt to push themselves into your system.

 

Common Methods Used in Social Engineering

Those who use the social engineering tactic have a lot of methods that they can choose from. The way they try to get information from people spans across all platforms, from text messages to websites. Practically every industry on the market has been breached in some way by social engineering.

There are six main methods that social engineers will use to pry information from people. Knowing these could help you from falling victim to an elaborate plan. You should become familiar with them as best as you can.

 

1. The Whaling Attack

The whaling attack centers its target on a very specific group of people. It’s a sophisticated attack that works against those who have special access to systems that tend to be at a higher level than others. Someone who might experience a whaling attack would have a large sum of money hidden behind an intricate system.

When conducting a whaling attack, the criminal will typically do the following things:

  • Find a messaging platform that is often accessed by the user, such as an email
  • Craft a compelling message that entices the viewer to click it
  • Draw the user in and grab their information

Once the link or mail is clicked, that’s all that it takes. Most often, the message will seem urgent, and the user might want to respond immediately. It is critical to check where the item is coming from before following through.

 

2. The Watering Hole

The watering hole attack takes inspiration from the drinking spots where animals go to get hydrated for the day. Like this spot, the hacker will place harmful code on a popular website, targeting the types of people that they assume will visit that site. This leaves them vulnerable whenever they go to that particular site.

The attacker using this method will likely:

  • Wait until a particular moment to use this attack
  • Launch on a website or a software
  • Be quick and efficient

The watering hole technique is used when these attackers want access to a specific group of people. It could be anyone, from entrepreneurs to financial advisors. This one is a little harder to prevent since you cannot see it coming.

 

3. The Pretexting Method

The pretexting method targets those who fall victim to others telling them that they need assistance. The attacker might message the victim to let them know that they need their personal information to fix a problem on one of their accounts. This can be done through messaging or calling.

Often, someone using the pretexting method will:

  • Text without further notice, asking right away for information
  • Use that information, should they get it, to access the victim’s accounts

The damage is done when the victim gives up all of their passwords and usernames to these attackers. If you do not give it to them, it is harder for them to get it. They rely on human nature to provide a helpful response in a time of uncertainly.

 

4. The Baiting Attack

The baiting attack is perhaps one of the most common forms of attack. Through this, a link disguised as being helpful is sent out to a victim to manipulate them. However, it often contains malicious and aggressive software that will do them harm.

Often, these attackers will send out the link through:

  • Text messages
  • A messaging platform on social media
  • An email

These links are usually pretty obvious. However, some can be trickier than others. Any random link in an unexpected email should not be clicked for safety purposes. You could risk the entire security system of your computer or phone.

 

5. The Quid Pro Quo Attack

The quid pro quo attack is a lot like the baiting attack. However, there are a few things that set them apart from each other. This attack involves the baiter giving tasks to the victim, often pretending to be someone to help them with their device. These instructions will leave the device vulnerable for the attacker to swoop in.

This one is particularly tricky because the victim must perform the steps themselves. It is critical to avoid any instructions or advice that come from a source you are not anticipating. Being cautious can prevent your private information from slipping into the wrong hands.

 

6. The Phishing Attack

The phishing attack is seen most often. The phishing attack uses a variety of items to try to get a person’s attention. These often have emotional ties and pretend to be trustworthy individuals that the victim could trust. They also use companies and sources that seem legitimate to anyone who glances at them.

The individual using the phishing attack will:

  • Take on an identity tied to the victim
  • Send a message to get the victim’s attention with urgency
  • Wait for the victim to click
  • Gather their information

It’s all too easy for someone to fall victim to this trick. The phishing attack is especially dangerous because it targets people’s emotions. Emotions are a powerful thing, something that could take anyone down in an instant.

These malicious messages make up most cases of social engineering cyberattacks. Around 65% of these attacks utilize a form of phishing as the way that they gain access. The phishing attack is a simple way for hackers to claw their way into a system.

Examples of Social Engineering in Action

For many, it can be hard to understand this concept without putting it into action. We’ll dive into a few examples of social engineering, showing examples of attacks in specific locations where they might happen.

Not all attacks are created equal. Knowing what a few might look like can help you pick one out, no matter how different it looks from others that we have shown.

 

1. Examples of Whaling Attacks in Social Engineering

As the whaling attack is intended to target one particular type of person, there are very specific situations in which an act is carried out. We will go over a few examples to fully understand how this method of social engineering works.

The attacker essentially goes for the “whale” of a company, organization, or network. They will wait patiently and then will strike someone such as:

  • A prominent hedge fund founder over a network like Zoom
  • A small business owner through email
  • A firm CEO over a cyberattack

All of these are examples of whaling attacks in action. The hacker will wait until the moment is right. Then, they spring on the leader and attempt to pull as much money and access as possible from the person they have attacked.

 

2. Examples of Watering Hole Attacks in Social Engineering

As we have discussed, a watering hole attack targets a group of people involved in the same kind of industry or profession. The attacker will probe the website for a weakness that could allow them to infiltrate the website and those that make use of it.

Some examples of watering hole attacks include:

All these items targeted a website and those that visited it regularly. The attacks occurred once they had infiltrated the site and gained access to the hundreds of thousands of people who visited it every day.

 

3. Examples of the Pretexting Method in Social Engineering

Pretexting is the method of attack in which an attacker will contact an individual with an informational request. The individual will then respond with their personal information that the attacker can then use to gain access to more private information.

Pretexting can occur in a variety of formats. Some of them include:

  • An attacker posing as the CEO of a company and requesting personal information from employees
  • A social engineer acting as the leader of a bank and requesting personal information to assist a customer with an account
  • Someone working as a customer assistance rep and requesting access to a certain account to help

The pretexting method can sneak up on people rather unexpectedly. If you receive a message requesting any personal information, it is critical to double-check the source. Pretexting can happen to anyone who is not paying attention.

Never give out your personal information through a text message or email. This is a rare way to exchange this kind of critical information about your life. Unless you have had a verbal, in-person agreement, you should not be handing yourself out on the internet. It doesn’t matter how trustworthy they seem to be in the space.

 

4. Examples of the Baiting Attack in Social Engineering

Often, a baiting attack happens in the real world. A criminal might leave a hard drive or a link that, when clicked or entered, will lead the victim straight to harmful malware. From there, the attacker can get what they want.

Baiting can also involve advertisement online. These can be tempting for a user to click, with enticing images and headlines. When the victim clicks, they download the malware onto their computer or phone.

Malware can take many forms, such as viruses, ransomware, spyware, spam, and more. The first step to avoid all types of malware is staying educated on how they happen, where they come from, and what they can change into. Read the blog post below to discover 6 ransomware trends you should watch for in 2021.

 

5. Examples of the Quid Pro Quo Attack in Social Engineering

A quid pro quo is a high-level format of attack. The hacker asks for access to a company or a large organization in a method that sounds simple, easy, and harmless. From there, they can take control and finish whatever they have set out to do.

A quid pro quo attack might involve:

  • Someone offering assistance if an individual disables their security
  • A free fix for the cost of some personal information

Both of these offer to give something away, but for the victim to receive that thing, they must also give something in return. It sounds too good to be true, and often that’s because it is.

 

6. Examples of the Phishing Attack in Social Engineering

The phishing attack is a format of aggressive baiting. There are many different subcategories of the act, but the main point of it is to get ahold of personal information that the victim hands out.

A phishing attack can happen:

  • On a fake website
  • Through a faulty link
  • In an email or a mass text message

The phishing attack is the simplest, and yet it is also the most powerful. There is a large group of people who fall for this trick every single day.

 

Ways to Prevent Social Engineering

Standing up against social engineering is a critical part of existing in our society today. Everywhere, hackers make use of social engineering in an attempt to gain valuable information that could win them all of your money. How do you take a stand against such an aggressive and dangerous type of individual?

There are quite a few things that you can consider when trying to prevent social engineering from happening to you. Some of the best include:

  • Staying cautious at all times, no matter how trustworthy the coerce seems to be
  • Never giving out personal information unless you are confident of the situation that you are in
  • Using services to keep track of who is calling you and double-checking phone numbers or emails that you are suspicious of
  • Deleting requests for personal information before you can get involved
  • Giving a second thought to everything before you click on it
  • Ignoring offers and prizes, which are oftentimes fake when sent to you in a mailbox on the internet or in your physical mailbox

By staying on top of the game, you can prevent yourself and your assets from being corrupted by criminals using social engineering.

Are you concerned about the cybersecurity of your business? Edge Networks can help! Take our free, self-guided IT Security Risk Assessment, or contact us today for a free, 30-minute consultation.

Optimize Microsoft 365 For Better Security Without Spending A Dime

Microsoft Office has been around since 1990 & is here to stay. The newest product offering from Microsoft is Microsoft 365, an online suite that makes team collaboration easier.

Whether you have been a veteran user of Microsoft or this is your first experience, a cloud-based office suite will have new features to consider. Teams can now save documents in shared folders without calling the IT department or sending long chains of emails and edit documents in virtual meetings as everyone signs into the same document. The benefits of Microsoft 365 are revolutionary for teams and should be explored. 

Microsoft 365 is a great tool for team collaboration, and we highly recommend it for any sized office. Virtual teams, in-office teams, and everything in between will benefit from the vast features available in the web-based software suite. Although the software is web-based, you can still enjoy the benefits of downloading the Microsoft 365 suite directly on your computer or laptop. This suite enables you to get work done with your computer no matter where you may be.

That said, sharing or storing documents online requires care and proper security. This article will discuss a few ways to optimize Microsoft 365, some practical tips, and resources to learn more. 

 

Best Ways To Optimize Microsoft 365 For Users

Microsoft 365 is web-based. The main difference between this and old software forms is that user registration is not based on a product key. You may remember going to your local office supply store to purchase CDs, and those disks came with codes that you entered to verify ownership. Microsoft 365 is based on your Microsoft account, a web-based account connected to your email. This is a benefit because it allows you to use it on any device simply by logging into your Microsoft account. 
 
Logging into your Microsoft account on a public computer can create a risk. To keep your account safe when using these types of devices, we recommend:
  • Multi-Factor Authentication (MFA): By far, the most crucial way to protect your account is to enable Multi-Factor Authentication. This process ensures that you are the person logging into your account every time your account is accessed. That means if someone guesses your password, either by themselves or with the help of a bot, and you have a common password, you are likely at risk. You can still protect yourself without changing your password. MFA will send a code to your phone every time your account is accessed, and the person who is trying to log in will have to enter that code, even if they have the correct credentials. This protects your account and passwords. You can even download an app on your phone which automatically generates codes. These apps can be used for a variety of applications. Having all your codes in one place is very useful. It is essential to consider that a code generator is typically connected directly to your device. That means if your device is broken or stolen, there is only one way to recover those codes. This is usually a recovery sentence or a key if you use a code generator for MFA to safely store this recovery code.
  • Single Sign-On (SSO): This is a benefit of having an online account become more popular with workplace tools such as task managers. Let’s use Monday.com, for example. If you want to make logging in faster, more secure, and easier for your team, use SSO. In the example, this process connects your Microsoft account to your Monday.com account. This allows you to access Monday.com with your Microsoft credentials, saving you from having to remember an additional password. This SSO is better for your users because they do not have to create a new account for each tool you use, saving time with onboarding.

 

Visit Microsoft’s Security Portal

The Microsoft Security Portal for Microsoft 365 is an excellent tool for administrators to ensure their users are protected online. Among other things, the Portal is used to prevent spam emails and misuse of company email accounts. There are a few essential things to check out when logging into your Portal:
  • Security & Compliance: This section is important because it encompasses several key features to keep your users safe. This includes Threat Management, Policy, and Anti-Spam. These features, when correctly configured, will prevent external forwarding from your email address. If not enable, that gives hackers the ability to forward your data if they gain access to your network. It does not take any IT skills to know what settings to enable and disable within the Security & Compliance section. If you are having trouble, we suggest blocking external forwarding, enable anti-spoofing protection, and adding spam emails to the filter.
  • Consider Purchasing a Higher License: The better the license, the more the features. While this is true with most software, Microsoft keeps a few vital security features behind a paywall. One of these features includes link control for your documents stored in the cloud. If you share a document with a colleague or someone outside your organization, you have complete control over their access. You can send a document for editing and then restrict the access once the editor finishes. In addition, you can run tests on file links to ensure that they are only being shared with the people in need of knowing.
  • Exchanger Center: This is an excellent resource for businesses with legitimate email forwarding that needs to be kept secure. The Exchanger Center gives access to a user that needs to use certain features. You can add external contacts to the recipient’s menu, giving them the ability to forward and other features.
Microsoft’s Security Portal gives administrators the unique ability to keep their users safe without having to log in and manually change settings on each account. In addition, administrators have the power to assign users to groups. This ensures that the correct user has the right access to sensitive features such as forwarding.

Overlooked Tips and Tricks for Microsoft 365

Several companies have emails assigned to each employee. If an employee quits or is terminated, the company wants to preserve the user’s data without risking them compromising the account. To prevent paying extra to keep the older users’ accounts active to retain access to the data, Microsoft allows for Shared Mailboxes . This feature is unique because it will enable multiple users to access the data and files of the older user. For example, suppose the sales department loses a teammate. In that case, Shared Mailboxes allow the administrator to pass the information along to the other sales departments who can split the leads. 

Another great feature that is often overlooked is Azure AD Connect. This feature allows users to connect to their local server to work on their secure Microsoft 365 files. It syncs passwords and other information the local device needs for the user to do their job. 

Finally, we suggest offering training to your employees related to Microsoft 365. This training can be simple and cover essential items like the companies policy on spam and how to identify and report spam. You can cover features discussed like Shared Mailboxes, MFA, and Azure AD Connect in more detail. Do not skip this step. It is essential to make sure your users are aware of these features to protect your companies data. 

 

Microsoft 365 Final Thoughts & Resources

A hacker can be scary, cost you a lot of money, and in extreme cases, cause a company to go bankrupt. It is crucial to be protected online, and your company’s data is no exception. Keeping your business data safe with Microsoft 365 is easy and takes little time to establish. If you have not taken the time to review the Security Portal, make sure you get around to it soon. It will save your company time and money in the long run and protect you from hackers. 
 
Remember, when checking out these features, if you are unsure of what to do, there are plenty of resources available on the internet. Microsoft Office is a massive project that has a talented team backing it. The Microsoft Office team offers documentation on a helpful website. Common problems are answered, and in most cases, the documentation is all you need to determine the solution to a problem. That said, if you are still having trouble, there are some additional resources. Email support is available to users at every subscription level, and premium users can access chat and phone support. 
 
If you still cannot find the answer to your problem consider downloading add-ons and additional features that are available from third-party providers. Useful tools like Grammarly, Translator, and DocuSign can be added to a Microsoft 365 account to give users added benefits when working on projects. 
 
If you are overwhelmed by assembling your Microsoft 365 account, please reach out to our team at Edge Networks or schedule a call with us for a free 30-minute consultation.

Phishing 101: A Beginner’s Guide to Today’s Biggest Cybersecurity Threat

In today’s world, email is one of the most used means of communication. In fact, over 3.8 billion email accounts exist today, around half of the world’s population. If you have an email account, it’s likely that you also receive emails every day. We might receive newsletters we’ve signed up for, updates on deals from our favorite stores, or personal correspondence from friends and family. However, the one email we never want to receive is a phishing scam. Though these emails usually go to our junk folder, sometimes they make their way into our inbox to confuse and frighten us.

 

What is Phishing?

Phishing, a play on the word “fishing,” is a type of cyber attack . Attackers utilize email to perform this type of attack by throwing out a line via email to “fish” for your private information. 

Usually, the instigators of phishing perform the process like this: they create an email that looks like it’s coming from a reputable organization or company and trick the reader into thinking that the company needs something from them. They typically look for credit card information or for the user to click on or download a malicious link or document.

Similar to fraudulent telephone calls soliciting information or money, the goal of phishing is to get some kind of information from you that hackers can use to your disadvantage.

 

Phishing Kits

Surprisingly, phishing “kits” are readily available to hackers around the world. These kits are typically found on the  dark web  and are templates used to emulate prominent companies’ emails.

 There are websites that exist to combat phishing, making available to the public commonly received phishing kits so that people can watch out for them. A couple of these are  PhishTank  and  OpenPhish .

 What’s even more concerning is the number of phishing kits that exist (that we know of). One  study  found that there are 62 known kit variants for Microsoft, 14 for PayPal, and 11 for Dropbox.

There are a few steps to creating a phishing kit.

  • First, the legitimate website of the company people are using to phish is cloned.
  • Second, the login page is altered to include a credential-stealing script.
  • Third, modified files are put into a zip file to create the kit.
  • Fourth, the kit is uploaded to the fraudulent website, and the files are “unzipped.”
  • Finally, fraudulent emails are sent to unsuspecting people with links to the spoofed website.

The good thing is that there are ways to identify where phishing emails come from. Phishing kit analyzers can look at email addresses found in the kits and track actors down. They can even use the “from” part of the email to track multiple kits made by the same creator.

Of course, phishers always use fake names, leaving them virtually unidentifiable except by location, and thus, many successful phishing scams never find the instigator to hold them accountable.              

Types of Phishing

Though all phishing has the same ultimate purpose of getting a person’s private information, there are many ways to divide these cyber attacks. 

 

Purpose of the Attack

The first way to divide phishing into categories is by the intent or purpose of the phishing attack. Usually, phishers are trying to get the victim to do one of two things:

Give out private information: This type of phishing message seeks to trick users into giving out their important information. The kind of information they’re looking for varies, but it is commonly usernames and passwords used to get in some sort of important account or system. 

The most typical version of this scheme involves receiving an email that looks like it came from a major bank. Scammers send out the message to millions of people, knowing that at least some of them will be members of that bank. The victim is supposed to click on a link that takes them to the spoofed web page of the bank created by hackers and enter their information for the attackers to exploit.

Download malware: Like many spam messages, some hackers send out emails to get the victim to infect their computer with malware.

These messages are often disguised as resumes or other information that certain staff members may need. Once opened, the attachments in the email will infect the victim’s computer with malicious code. The most common type of malicious code is ransomware, with 93% of malware found to be of this type in 2017. 

 

Target of the Attack

Another way to differentiate between types of phishing attacks is by who the phishers are trying to target.

Sometimes, these emails aren’t targeted at all; attackers simply throw out the biggest net possible and hope to catch some information. A company called IronScales studied phishing emails and found that these are the most prominent sites hackers try to emulate:

  • PayPal: 22%
  • Microsoft: 19%
  • Facebook: 15%
  • eBay: 6%
  • Amazon: 3%

As described before, this is a very common trick performed by phishing hackers: trying to get victims to log into spoofed versions of prominent websites and thus give out their account information for hackers to use.

However, some phishing attacks are directed at very specific people. There are a couple of types of these sort of attacks that we’ve nicknamed according to the fishing theme.

Spear phishing: This type of phishing takes its name from the act of aiming at a very specific fish, as a fisherman does with a spear. Hackers that spear phish often use websites like LinkedIn to get information of employees of a certain company. Then, they send emails to important people such as those in the finance department to get sensitive information such as bank deposit details.

Whaling: This is a form of spear phishing aimed at the “big fish” of companies, CEOs, CFOs, etc. However, many of these types of scams also target people that are still high on the totem pole, but not as important as the chief executives, such as company board members. These scammers often target personal emails of these people and pretend to be their coworkers to get private information about the company or themselves.

 

Prominent Examples of Phishing

John Podesta:   One of the most consequential examples of phishing would be when Hillary Clinton’s campaign chairman accidentally gave his email password to hackers.

In this case, Podesta received an email that appeared to look like someone from Ukraine had gotten the password to his Gmail account. He was directed to a link to change his password, effectively handing it over to hackers.

This demonstrates the ability of phishing to affect even the most secure of email accounts.

 

University of Kansas: Five employees of the University of Kansas were attacked by hackers in 2016. They gave out their direct deposit information to the attackers, and lost money because of it.

The targets of phishing attacks can effectively be anyone, from your everyday person, to a prominent political figure, to university employees.

 

Why Phishing Happens

Criminals often take advantage of their environment and circumstances to exploit other people. While we can’t know why exactly people decide to phish for information instead of making a positive impact on the world, we can notice trends in when and why phishing scams occur.

Worldwide crises or even personal problems give criminals and hackers the opportunity to exploit victims by throwing out their phishing bait and hoping for a bite. 

 

 

In a recent article we wrote for our blog about how to maintain the cybersecurity of remote workers, we talk about an example of how cybercriminals have used the COVID-19 pandemic to scam people through text messages, social media, phone calls, and emails to disclose personal information. According to the 2021 Data Breach Investigations Report by Verizon, Phishing has utilized COVID-19 to pump up its frequency to being present in 36% of breaches, up from 25% last year”.  

 

How to Prevent Becoming a Victim of Phishing

The best way to learn how to identify phishing scams is to familiarize yourself with what these emails look like. You can visit the aforementioned websites that crowd-source phishing kits to learn about how hackers utilize email to attack people. 

In addition to getting acquainted with phishing kits and how they work, you can do a number of things to prevent you from becoming a phishing scam statistic:

  • Check the spelling of the URLs in emails, and of the email itself. A professional copywriter for email won’t make abundant mistakes as phishers sometimes do.
  • Look out for redirects from the original website that take you to the spoofed one
  • If you receive a strange email from a friend or family member, contact them directly instead of replying to the email
  • Don’t post personal information on the internet for everyone to see, including things like birthdays and vacation plans

As with anything, the first step to preventing being part of a phishing scam is educating yourself on how these attacks work. It’s crucial to remember that phishing is just one of the cybersecurity risks we face. If you’d like to find out how your company is performing and isolate weaknesses in your cyber defenses, schedule a call with us or take our free, self-guided IT Security Risk Assessment . 

Security Measures to Consider as Employees Return to the Office

Best Cybersecurity Practices for Your Employees as They Return to the Office during COVID-19

At long last, the COVID-19 pandemic seems to be slowing down, at least in the USA. Although millions of more people still need to be vaccinated, and there is a chance that the coronavirus will mutate and become dangerous once again, the next few months will likely continue to see a gradual lifting of pandemic restrictions. Some companies are already starting to ask their workers to return to the office. Even though many people are eager to get back to the way things were before the pandemic, office administrators and company executives need to consider several significant security measures as their workers return.

There are two primary security measures to keep in mind: digital security measures and pandemic security policies.

 

Security Measure #1: Remote Work and Digital Security Challenges

The COVID-19 pandemic caused a wide range of changes to the greater economy, but the most widespread of all was the sudden (and largely required) shift to remote work. According to  Mimecast Limited , 71% of employees are currently working from home.

 



 

Although remote work will no longer be strictly necessary once the pandemic is fully over, many companies are considering allowing certain segments of their workforce to continue to work from home, at least on a part-time basis. But while remote work can be convenient and even more productive for certain employees, it also introduces unique security challenges.

 

VPNs and Antivirus

One of the top cybersecurity recommendations we have is that organizations should look into upgrading or establishing VPN and antivirus software and policies for their workforces if they haven’t yet already. VPNs or virtual private networks help to mask IP addresses and prevent hackers or other cybercriminals from infiltrating your organization. Antivirus prevents malware and other digital threats from attacking your company’s data or systems.
VPNs can be beneficial for remote workers, especially if they like to do some of their work in public places on local Wi-Fi networks (such as coffee shops, etc.). Companies looking to maximize security should make VPN usage a requirement and educate their employees about how to use these new digital tools correctly and safely.
While VPNs can be very helpful for maximizing company security, it’s also important to remember that they aren’t foolproof. A VPN doesn’t prevent an employee’s computer from being hacked, so they still need to practice good digital hygiene to prevent compromising their company’s security as they work from afar.

Remote Log-In Protocols

By the same token, companies should endeavor to educate their employees about secure remote login protocols. Here are just a couple of ideas:
  • Never leave a work laptop or computer unattended
  • Never share workplace login info with anyone
  • Don’t use public Wi-Fi with a work computer (even with a VPN)
  • And so on.
By establishing remote login protocols now, any remote employees who continue working for your company from home won’t compromise your organizational security or allow bad actors into your systems.

These guidelines might seem like common sense for your responsible employees, but making them into companywide policies can protect your company in the event of legal trouble and help you to crack down on compliance if necessary.

Educating employees is essential for security; be sure to stay on top of current trends to help you avoid cyberattacks.

Have Cyber Hygiene Training Ready for Employees that Return to the Office

Beyond these remote work-specific tips, it’s never a bad idea to have “cyber-hygiene” seminars and quarterly meetings, especially for your in-person employees.
Digital hygiene is surprisingly relaxed in many organizations across America. If you want your workplace to be as secure as possible, you have to teach employees how to practice good digital hygiene, such as not leaving ID badges or other identifying information around, never sharing workplace passwords with anyone else, and more.
Cyber-hygiene training seminars allow everyone to get back on the same page as they re-acclimate to working in an office environment. Many employees have likely lessened their security practices during the pandemic, as many of them have primarily been working from home, but it’s time to get back to work and strive to keep the workplace secure in our modern, digital-focused environment.

Security Measure #2: COVID-19 Concerns – How to Keep Employees Safe

The other significant aspect of security as your workforce returns to the office focuses on pandemic concerns. Even though many companies are now allowing their employees to return to the office, we’re still in the midst of a pandemic. Even with increased vaccination rates throughout the country, it will likely still be some months before everyone is immune to the virus.
To that end, you should keep these strategies in mind to keep your employees safe as they return to the office.

Update Everyone on New Policies – Including Security Protocols – As They Return to the Office

Any office targeting 100% security and health compliance should update their current employees about new policies they might have implemented during the pandemic, especially the policies developed specifically for returning to work in the office.
Many of your employees might have even forgotten the standard security protocols in place before the pandemic. For both of these reasons, consider sending out a security protocol packet or email to employees before their first scheduled day of work back in the office.
For example, your office might consider installing a new security checkpoint before employees can enter your building. You can take the temperatures of ingoing and outgoing employees at this checkpoint, ask for ID badges to scan people in, and more. Still, this new security measure will go over a lot more smoothly with your employees if you alert them to it before they arrive.

Vaccination Requirements and Regular Tests

Your company might also consider adopting vaccination requirements, especially if you plan to bring your workers back into the office in waves. Vaccination requirements help ensure the lowest possible likelihood of COVID-19 transmission and bring peace of mind to all the employees already in the office.
If everyone at your physical workplace has been vaccinated, the chance of a coronavirus outbreak in your office is near zero.
Additionally, regular COVID-19 tests can help to bolster peace of mind and reinforce a sense of security and efficiency at your workplace. Tests should be used if vaccination is not yet available for everyone in your area or in the weeks and months leading up to 100% vaccination for your workforce.
Of course, these measures aren’t possible for every company, and some organizations may need all hands on deck ASAP. Still, if it’s at all possible to mandate vaccination before a return to office work, you’ll do any returning employees a big favor, maximizing their security to the best of your ability.

Social Distancing and Physical Barriers as Employees Return to the Office

As you enforce regular COVID-19 tests for your employees, you should still mandate some social distancing and physical barrier rules, particularly in crowded areas. Masks are always a good idea, especially as employees will still pass one another closely even while they generally adhere to social distancing restrictions.
Physical barriers, such as enclosed office cubicles, can help to bring privacy back to the workplace and prevent the spread of micro-droplets if employees want to take their masks off while seated at their desks.
These measures may seem a little restrictive, but they can help lower the likelihood of a COVID-19 flare-up. Even better, you can reassure your employees that these measures are only temporary until everyone in your office has been vaccinated or until the risk of COVID-19 subsides.

Keep Health and Disinfectant Supplies Readily Available

Lastly, you’ll want to keep lots of health supplies – such as hand sanitizer, soap and water, and antibacterial wipes – on hand and within easy access for your employees. Even once they get vaccinated, many employees may want to maintain top-tier hygiene to protect people they have back home.
Giving them the tools to stay healthy and to keep their workplaces clean will show your employees that you care about the safety of them and their families and will help facilitate an environment of safety and trust.

Find the Right Balance Between Productivity and Security as Your Employees Return to the Office

All of these security tips are crucial, but it’s important as an office administrator or executive to strike a balance between productivity and security. The point of bringing everyone back to the office is to bring collaboration back, as well as make everyone feel like they’re part of a team once again.
With this in mind, consider asking your employees what security measures or restrictions they feel would best suit them and their needs. An open-door policy (and establishing an ongoing dialogue between yourself and your workforce) is the best way to make sure you can keep your organization safe and secure, plus make your employees feel heard.
For instance, your office employees might not feel that masks are necessary if you have a vaccination requirement. Alternatively, several people who work for you might still feel strongly about social distancing and maintaining health protocols over the next couple of months because they have an immunocompromised family member at home. Regardless, having these discussions can help you calibrate your security response, at least regarding COVID-19 policies.
If your company is still working partially or fully remote, check out the blog post below for tips on how to maintain the cybersecurity of your remote employees.

COVID-19 has been challenging for us all, but things are starting to look up again. As we stick to secure practices and finish strong, we can reach the second half of 2021 healthier and more productive than ever before. 

If you’d like to find out where you company stands in terms of cybersecurity, schedule a call with us or take our free, self-guided IT Security Risk Assessment

6 Ransomware Trends All Employees Should Watch For in 2021

Ransomware is an ever-present and worsening problem in today’s society. It’s crucial to stay abreast of related trends, regardless of a person’s role or rank within a company. Here are six ransomware trends to consider sharing with your employees. 

1. Decision-Makers Paying the Ransom and Not Getting Results

Ransomware happens when cybercriminals gain access to files and encrypt them, then demand that the victim pay to get the data back. A recent report from Mimecast indicated that 52% of affected parties paid the amounts. However, only 66% of the entities in that segment recovered the data. Another 34% didn’t get any of it back, even though they paid the ransom.
Understandably, some people under pressure in desperate situations would opt to pay the ransom and hope for the best. However, you can decrypt your files for free with online tools, provided you know what kind of ransomware affected the system. Becoming familiar with those options is a smart thing to do in case you ever need the knowledge later.

2. Ransomware Volume Continues Growing

Unfortunately, with ransomware, you can safeguard a system against a few types and stay in the clear. Hackers regularly develop new, more damaging kinds, trying to always stay ahead of any defensive measures their targets might take.
Cybersecurity researchers at McAfee recorded a 69% increase in new ransomware between the third and fourth quarters of 2020. They also clarified that many of the attacks capitalized on vulnerabilities in work-related apps and processes, such as VPNs and remote management tools.
Read more about the recommendations we have to help mitigate against ransomware attacks in our post below.

3. Cybercriminals Increasingly Use Social Engineering

Online criminals who plan and deploy ransomware attacks use various methods to achieve their aims. They also typically choose targets that enable them to do the most damage, such as hospital networks.
Managed service providers (MSPs) are also commonly hit because criminals can affect all those companies’ clients. One such recent attack caused at least $20 million in losses. Although MSPs are common targets, other business types are at risk, too.
For example, a research paper indicated that social engineering attack rates climbed during the COVID-19 pandemic. The authors expanded their search beyond ransomware to include all internet threats. Still, they noted that the dramatic increase in people working, shopping and otherwise doing more things online likely caused the shift. Plus, some criminal campaigns specifically involved COVID-19-related messages to catch people’s attention.
weekly ransomware attacks chart

4. Cybersecurity Researchers Warn of Triple Extortion

Not long ago, the cybercriminals who caused ransomware attacks only locked victims’ access to their files. They then began more frequently using so-called double-extortion approaches.
In those cases, hackers stole files and threatened to leak the data unless they received payment. Cybersecurity security researchers recently explored a triple extortion tactic, first identified as an issue in October 2020.
Hackers still demand payment from their primary targets, locking down the data and threatening to leak it. However, a new aspect involved the hackers engaging with the people who had their data stolen. The first notable instance of this happened at a 40,000-patient Finnish psychotherapy clinic. Hackers emailed patients directly, saying they’d leak their therapy notes unless the people paid them not to.

5. Ransomware Remediation Costs on the Rise

Another worrisome ransomware trend is that it costs progressively more to fix these issues after they happen. A study showed that the average remediation cost in 2020 was $761,106. However, it’s now an estimated $1.85 million in 2021.
The study also found that fewer respondents reported experiencing data encryption from ransomware since the last edition of the research. However, since the costs to address the problem increased so quickly, the study’s publishers warned that cybersecurity teams should stay alert for complex attacks that are more likely to have higher financial ramifications.

6. Ransomware-as-a-Service Gaining Prominence

An increasing number of “as-a-service” brands cater to individuals and companies that need resources and want to reduce the logistics involved to avail of them.
For example, a manufacturing executive might work with a robots-as-a-service company. They can typically rent an industrial robot for a flat rate that includes installation, maintenance and any other necessities. Cybersecurity researchers are keeping a close watch on a trend where people offer ransomware-as-a-service, usually by marketing themselves on the dark web.
Ransomware groups even hire hackers that share their views and agree to operate within certain parameters. For example, the people who work for a ransomware group might only target particular countries or commit to never attacking specific industries. The groups hiring the hackers usually take a 20%-40% cut of the profits from attacks, with the person working on behalf of those organizations keeping the rest.

Ransomware Remains Concerning

These six trends highlight why ransomware isn’t going away. Criminals continually create new attack methods and think of additional tactics to raise their success rates. These patterns pose challenges for businesses, particularly since attacks can compromise essential data and systems. It can also take days or weeks to resolve them. That often means affected companies operate with restrictions that compromise their profits. It’s even harder to recover if victims opt to pay ransoms.

However, having an awareness of the trends is an excellent way to determine how to conquer ransomware in your organization. From there, consider how you might back up files, perform a cybersecurity audit or familiarize yourself with some of the social engineering tactics that criminals often use. 

Remember that employee training is vital for safeguarding against ransomware. Indeed, a company can follow cybersecurity best practices and still get attacked. However, relatively simple precautions like never interacting with unexpected links or files in an email can help workers play their part in reducing the likelihood of dealing with ransomware.

It’s important to stay on top of cybersecurity before it’s too late. If you’d like to learn how to build a solid Cybersecurity Incident Response Plan, check out our blog post below. To learn more about the health of your business’ cybersecurity, take our free, self-guided IT security risk assessment today.

 

 

Guest Writer: Devin Partida

Devin Partida is a data center and networks writer whose work has been featured on AT&T’s cybersecurity blog, Yahoo! and other notable publications. To read more from Devin, please visit ReHack.com, where she is the Editor-in-Chief.

10 Ways To Prevent A Security Breach In The Workplace

Among all the challenges businesses are facing today, cybersecurity is perhaps the most daunting. Many organizations across all industries don’t have the skills, technology, or staff to stand up against advanced attacks and have little knowledge about their attack space or what to do in case of a security breach. 

Much like Oregon Clinic’s 2018 data security incident , many companies don’t realize there is a problem until it is far too late. Instead, organizations should learn to take preventative measures and find ways to increase visibility to stop a security breach far before it starts. Read more about the 2018 incident below.

 

What is a Data Breach / Security Breach?

A data breach is considered the accessing of data without proper permissions. Though the definition sounds simple, data is valuable to cybercriminals, containing personally identifiable information (PII), company information, and even login credentials to administrative accounts.
As more companies make their way online, data breaches occur in large numbers. Plus, with advances in technologies and programs, attackers are now launching very sophisticated attacks that many companies are not prepared for.

The Frequency of a Security Breach

The Covid-19 pandemic forced many people inside and away from their typical 9 to 5 jobs. With many people unemployed and a boost in online activity, cyberattacks skyrocketed, reaching up to 192,000 coronavirus-related cyberattacks per week in May 2020 alone. The frequency of application attacks has increased over the years and is only expected to rise as attackers have more incentive to attack. 

No industry is safe from a cyberattack. The most commonly targeted industries  in 2020 were finance and insurance, manufacturing, and energy. Every single one of these deals with highly sensitive data that cybercriminals can sell to interested parties or use to steal the identities of employees and customers. 

As you can see in Figure 1 below, there are pretty significant differences in where industries ranked between 2019 and 2020, showing that any industry can be a higher target in years to come.

 

How Does a Security Breach Occur?

Data breaches come in many shapes and forms. Whether it’s a cybercriminal working outside the system or an insider with access, data could be at risk, and it’s crucial for all organizations to understand how they occur. Some of the most common attacks targeted toward organizations are listed below.

Ransomware

Large enterprises are a huge target for ransomware attacks, creating a need to secure their systems aggressively. If ransomware makes its way onto a system or device, hackers could encrypt or corrupt data, demanding a fee for its release. 

Staying educated on current ransomware trends can help you predict and prevent data breaches. Check out our blog post below for our 2021 ransomware trend predictions.

 

Malware

If you or your employees get frequent requests on the web to upgrade your network security, you could be at risk for malware insertion. A click of a malicious link will download malware that affects and slows the entire system. The result is a crashed system and/or compromised data.

Phishing

Phishing is becoming a more significant issue than ever before, with many cybercriminals upping their game when it comes to phishing emails. Phishing involves the mimicry of a legitimate website in an attempt to gain user trust and steal sensitive information. If employees don’t know how to watch out for phishing, they could put your entire system in danger.

Denial of Service (DoS)

Hackers sometimes create robots that are meant to overflood a system. If an organization’s configurations are not strong enough, hackers could program robots to flood entire systems with traffic, knocking them off of the internet and out of use for their customers.

Workplace Mistakes that Increase Risk of Security Breach

More organizations than ever are turning to the web for their day-to-day dealings. Though the web is efficient, it leaves them prone to cyber threats that could expose sensitive data. The workplace is crawling with unsecured practices ranging from employees up to security analysts.
Some common mistakes include:
  • Accidental sharing
  • Weak password selection and renewal policy
  • Employee misuse of network
  • Weak security configurations
For a more aggressive approach to decreasing risk, companies should incorporate preventative measures and educate their employees on the importance of iron-clad security. Below, we’ll discuss ten preventive measures you and your employees should start practicing today.

10 Ways to Prevent a Security Breach in the Workplace

Cybercriminals are always on the lookout for an opportunity to strike. Keep them from ever getting close by adding these ten practices into your workplace.

 

1. Make a Solid Password Policy

Too many times, employers leave employees to set their passwords. As a way to easily remember, they may wind up selecting things that are far too easy to remember. Maybe their birthdate, their child’s name, the name of their pet. These things are far from secretive, especially with the whole world sharing on popular social sites.
As a means of prevention, organizations should amp up their password policy and have a randomly allocated password with a mix of letters, numbers, and symbols. Though you might have to reset passwords a time or two, that is far better than dealing with a security breach that puts company and client data at risk.
When incorporating a new employee and setting them up with credentials, always explain the importance of password protection and encourage them not to share information. Plus, as an extra layer of protection, configure your system to update user credentials often to keep passwords random.

2. Don’t Forget to Update

Do you know those notifications that pop up from time to time with updates? We know all too well how annoying they can be, but they should never be skipped for security purposes. Updates are there to keep your system and all software current and sometimes are meant to improve security measures.
Plus, you get an extra perk when you keep your system updated, enjoying seamless surfing and faster executions. One issue that comes with updates is that they can take a long time. Still, with the proper scheduling, you could have your team get them done after hours and come into work the next day with an updated system.

3. Check Your Router

Advanced hackers no longer need to insert USBs into your hard drive or get employees to click malicious links. These days, they can gain access to your system from thousands of miles away, especially if configurations are not up to par. Just like other parts of your system, your router is an important piece that needs proper security.
When setting up and configuring your router, choose to enable encryption that turns text unreadable to both human and robotic attackers.

4. Learn the Art of Backups

Data is a cybercriminal goldmine. With customer and company data, attackers have the opportunity to do a number of things, including: 

  • Identity theft
  • Selling of data lists to advertisers 
  • Gain access into unauthorized areas
  • Crash an entire system 

With the amount of data coming into systems of all sizes, management and storage are a bit of an issue. That’s why frequent backups can take care of storage issues and prevent security breaches. Backups keep data safe and prevent common security threats like ransomware from affecting databases.

 

One issue with frequent backups is storage. Organizations need a lot of space that’s accessible at all times and is protected from dangers. Options like the cloud are a common choice as it is secure and readily available. Whatever organizations choose, it should be secure and be able to hold backups as they come along. 

Of course, even backups fail. Check out our blog post below on how to protect your data when disaster strikes.

 

5. Firewalls, Anyone?

You’ve probably heard of a firewall but might not know why it’s crucial. You can think of it as your system’s first line of defense against cyberattacks. When configured properly, they keep malicious executions from happening and keep outsiders from breaking into the system. Though firewalls can be a hassle for some users, they are much less of a headache than a data breach.
When configuring your firewall, make sure to be strict regarding unknown IP addresses, unknown users, and zoning. All of these will help to keep a secure barrier around your system and keep unwanted traffic out.

6. Have a Plan in case of Security Breach

Breaches happen more often than you might think. The last thing you want to happen is to experience a breach and not knowing how to deal with it. Instead, create a plan that will help you tackle the issue just in case a breach happens. If you suspect that your system has been compromised, you should kick the plan into gear and don’t forget to:
  • Identify the Threat (Ask all the “W” questions to get to the bottom of it)
  • Contain it
  • Get rid of it
  • Recover your system
  • Document and reflect
Most companies do not know how to respond to an attack and could do so too slowly, putting their information and customer credentials at risk. Because every company that intercepts data and has some kind of online connection is a risk, they should have some sort of plan that will help them identify a data breach. Plus, after each attempt, they should keep everything on record just in case there is a reoccurring issue.

7. Encryption of Data in Transit

No matter what form data is in, it’s susceptible to theft. However, data in transit has a higher risk simply because it is passing from one place to another. That’s why encrypting data that’s constantly in motion is essential. If an attacker happens to get ahold of the data, they will not be able to make any sense out of it.
When data is encrypted, the only time it will convert back t readable text is if the location checks out as a safe location or the receiving party has access to passwords to unencrypt.

8. Get Employees on Board

The ordinary person doesn’t often think about cybersecurity. Most believe that, with a password, you should be protected. Also, they don’t really know how advanced cybercriminals have become in their tactics, unable to imagine the scale at which they can cause damage with a successful application attack.
As a preventative measure, you should teach employees the importance of securing your system and the common types of attacks that could take place. Letting them in on the “why” of security will make them more aware of their time online and help them notice when they spot something that seems odd or out of place.

9. Advanced Virus Detection

For some systems, legacy antivirus software won’t do the trick. Attackers are getting more sophisticated in their methods and know antivirus software inside and out. Modern-day virus detection is on the rise and something that organizations should look into as a part of their protection methods.
Many cutting-edge programs increase the visibility of systems and automate tasks instead of leaving them to worn-out security teams. Incorporating interactive and automated real-time detection into a system and across cloud infrastructures can help.

10. Audit, and Audit Again

Any time that malicious activity is spotted, companies should do their part to document efficiently. In that way, they can have a list of attempted breaches or actual breaches to refer back to. It will also serve when testing for vulnerabilities in the system, helping them get to the root cause faster.
Regularly checking your system is an excellent way to become familiar with your system and get better at detecting malicious activity. The faster that activity is spotted and identified, the less harm that an attacker could potentially do. Always keep track of finding during an audit and schedule frequent audits so that nothing takes you by surprise.

Prevent a Security Breach Before it Happens

It’s no longer enough for companies to add one form of virus protection to their system and forget about it. These days, the attack surface has increased, bringing more opportunities for cybercriminals to act. That’s why companies of every industry should implement preventative practices and share them with their employees. 

Combining prevention along with up-to-date methods of detection, organizations have a solid defense against all kinds of common attacks, able to detect them and stop them before they get ahold of sensitive data. Because business is shifting out of store and online, organizations must adapt and protect themselves and their users from the possibility of a security breach. 

Are you concerned about the cybersecurity of your business? Edge Networks can help! Take our free, self-guided IT Security Risk Assessment, or contact us today for a free, 30-minute consultation.

How to Maintain the Cybersecurity of Your Remote Workers

The Sudden Jump to Remote Work: The Need For the Cybersecurity of Your Remote Workers

In August 2020,  Malwarebytes (PDF)  released a report including data from a survey conducted with 200 IT and cybersecurity professionals examining the impact of COVID-19 in the security world. They found that over 50% of IT employers stated their biggest work from home (WFH) challenge was training remote workers to work at home most securely and compliantly.
 
This daunting challenge is shared by many, from IT professionals to small-business owners.  You can’t escape the cybersecurity risks of working from home because there are always security issues with working remotely. However, with the quick jump from working in an office space to working remotely, many employees were undoubtedly left even more vulnerable to cyberattacks than before.
 
Although there is no way to ensure your team is 100% secure, we want to share a few working from home cyber security best practices and remote employee security tips to help you and your team stay protected.

Work from Home Security Tip #1: Educate Your Employees

Working remotely places more responsibility on individual employees to ensure security, but you should never assume they know the slightest thing about cybersecurity. Creating a plan to focus on cybersecurity for remote workers will help you in the long run. In an ideal world, security would be everyone’s responsibility, but that’s not the case when employees feel they are already overwhelmed with their current responsibilities. 

 

Set and Communicate Expectations 

Add that to the chaos of working from a distraction-filled home, where there may be children running around, a dog that needs walking, or a quick chore that needs to get done. It’s difficult for anyone to keep cybersecurity at the forefront of their mind with the endless distractions when working from home.
This is where you come in to provide helpful resources and clear expectations to ensure your company’s security in the form of education and a solid work from home security policy.
Setting clear expectations for remote employees doesn’t have to be complicated. It can be as simple as sending an email or as detailed as a remote working security policy they’re required to sign. Just remember, it should be easily accessible and clearly outline the company’s expectations as they work from home, including security guidelines, plans, and policies.

Phishing and Malware

Many people think cybersecurity attacks aren’t a real threat to them until it’s too late. Cybercriminals adapt along with the world’s current events and will take any opportunity to get what they want. A more recent example of this is with COVID-19.
When the second round of stimulus checks was approved, the IRS warned that scammers may reach out through text messages, social media, phone calls, and emails to disclose personal or bank information. These scammers would often use words such as “stimulus” and “coronavirus” and offer opportunities to invest in companies producing COVID-19 vaccines.
This serves as a great example to remind your employees to avoid phishing scams and malware, which are as high a risk as ever when working from home. Remember that there are many affordable resources available to help you manage IT security problems like phishing and ransomware attacks, such as KnowB4 or Proofpoint, and the cost is worth your peace of mind.

Password Management

Did you know that in 2019, compromised passwords were responsible for 81% of hacking-related breaches? Good password management practices can save you a lot of money, time, and heartache in the long run. Always train your employees to practice good password management.
A secure password includes:  
8-Character minimum length
Both upper and lowercase letters
At least one number
At least one special character
When possible, enable multi-factor authentication for an extra step of security. Schedule an annual password audit, never reuse old passwords, and don’t post your password in an unsecured location (such as in your device’s “notes” app, programmed as a device contact, or in an unsecured excel file). A great way to ensure cybersecurity for remote workers is to ensure your passwords are secure is by using a password manager, such as Dashlane, Last Pass, or 1Password, to keep your passwords in one place and create unique passwords for every account.
Remember that your employees have a lot going on outside of work, and you can’t expect them to become cybersecurity professionals overnight.

Work from Home Security Tip #2: Ensure Device Security

The good news is that many employers were able to supply their staff with devices to work remotely. The bad news is that not many employees were trained in caring for and ensuring the security of these devices. One of the most critical things you can do as an employer is to encourage your employees to have good work from home security awareness and to keep their devices secure through updated software, regulated personal devices, and avoiding unsecured networks.

Up-to-Date Software

Software updates can seem like a nuisance at times. It’s easy to click “Remind Me Later” when prompted to update but doing so can leave you vulnerable to attacks. Cyber threats are continually changing, which means operating system providers need regular updates to combat and keep on top of them. When you update your software regularly, you are less vulnerable to compromise the data on your devices.
One of the best ways to ensure your software is updated is by enabling automatic updates when possible. This takes the stress of manually updating off you and allows the system to update on its’ own, usually late at night when you most likely won’t be using it. If automatic updates aren’t possible, you can set a reminder to do it when you’re home from work or about to get in bed, so it can be updated by the time you need your device again.

Personal Device Use

 Another critical factor in the security of your devices is understanding and regulating personal device use. Personal devices can be easily compromised, which is why it’s startling that 48% of workers use the same passwords in both their personal and work accounts. Workers also seem to be prioritizing the security of their personal accounts over their work accounts, according to LastPass’ Psychology of Passwords global report (PDF).
What this means for you is that your employees’ flawed security behaviors or complacency with password management can likely extend into your business. Make sure you take the time to create a remote working security policy for company devices and educate your employees about how they should use them. One should only use their work-issued laptop for work-related business and avoid similarities in their personal and professional passwords, which can quickly lead to a company data breach, creating more security issues with working remotely.

Avoid unsecured Wi-Fi Networks

According to the 2019 State of Remote Work report from Buffer, the second most common location employees work from is coffee shops and cafes at 37%, with the first being working from home. While coffee shops and cafes can be a great environment for productivity with a change of scenery and great coffee a few feet away, it’s important to remember cybersecurity risks can be even more prominent with unsecured Wi-Fi networks.
Never trust networks that are not password-protected. If the network does request a password, you should still remain vigilant. It’s not difficult for someone to find out the network password at a local coffee shop and create a fake connection with the same password to steal personal user data. If possible, use a Virtual Private Network (VPN), which means cyber criminals can’t read your data, even if they gain access to them.
VPNs are great, but many of them have been put through recent stress with more and more remote workers using the network, slowing it down. If your policy allows it, and if you’re confident the network you’re using is secure, consider unloading the VPN and only using it when necessary.

Work from Home Security Tip #3: Support Your Team

The final way to ensure your employees are secure at home is by supporting your team. You can’t expect your team to know the ins and outs of cybersecurity (or even the basics) without learning how to maintain security for remote employees yourself. After that, you can provide support, education, and resources for your team.

IT Support

Even if you make every employee go through cybersecurity training or sign a policy, cyberattacks can still occur. You should provide vigilant IT support and make sure your company is prepared to respond to a data breach or security incident at any time.
Additionally, you should also consider investing in a cloud-based service and secure collaboration and communication channels for your team to help keep work things in one place for everyone.

Adjust Your Expectations

The COVID-19 pandemic has thrown a curveball at us all. Many people have had to give up things they love because of it. Whatever it may be, it’s essential to adjust your expectations and understand that many people are struggling right now.
According to the Mental Health Index: U.S. Worker Edition, between November and December 2020, there was a 48% increase in the risk of depression, and employees’ focus dropped 62% – a record low since the start of the research in February 2020.

 

Remember that now more than ever before, and that your role requires you to listen, be patient, and expect changes in employee performance during this time.   

The COVID-19 pandemic has required businesses to reevaluate how they approach many things, including cybersecurity. Cybersecurity in itself is a difficult topic to tackle, and even more so when you consider how to maintain security when employees work remotely. The best way you can help ensure your team’s security at home is by educating your team, ensuring device security, and providing support for your employees. 

Are you concerned about the cybersecurity of your company’s remote environment? Edge Networks can help! Take our free, self-guided IT Security Risk Assessment, or contact us today for a free, 30-minute consultation.

8 Good Cyber Hygiene Tactics to Keep Your IT Humming

Keep Your IT Humming with These Cyber Hygiene Tactics

Maintaining a healthy and secure IT environment is crucial for any organization. Just like practicing good personal hygiene keeps us healthy, adopting strong cyber hygiene tactics ensures the smooth functioning of your IT infrastructure. Whether you’re a small business owner or part of a large enterprise, implementing these eight essential cyber hygiene tactics will help keep your IT humming and safeguard your valuable digital assets.

Server and Network Management Basics

Server and network management can be a daunting task for many, regardless of administrative experience. 

There are a few key baseline areas to focus on as you mature through IT progression. 

 

First Things First

The management of your devices should begin as soon as they hit the loading dock. It all starts with asset management.

 

Asset Management

Asset management should be at the core of your management strategy. Asset management documentation should contain, at a minimum: 

– Location of the device 

– Device manufacturer 

– Serial number of the device 

– Warranty information 

– System owner contact information 

– System administrator contact information 

Other good items to include: 

– Base Operating system version 

– Hardware installed such as CPU, RAM and port capacities, installed and available 

– ROM or BIOS version and configuration 

This data can assist in planning device lifecycles and when doing financial allocation and depreciation. It can be held in something as simple as a spreadsheet or as complex as an asset management system. 

 

cyber hygiene tactics

Configuration Management 

Configuration management is just what you might think. It is the collection of the past and present configuration of a device. This data is typically managed with a configuration management database or system. It contains items such as: 

– Operating system version and patch levels 

– Third-party applications and plug-ins and version 

– Hardware configuration including RAM, CPU, Network Interface Cards (NIC) and other installed components. 

– IP addresses 

– Connected devices

– Switch port speeds and duplex 

The list of items tracked, known as Configuration Items (CI), should include everything so that you can effectively and efficiently manage your devices. 

Why is this data important? It is important because it helps you ensure your systems are up to date.  It can help troubleshoot a problem caused by a recent change or assist during a disaster when you need to replace and recover a failed component.

 

Change Management 

Change is the addition, modification or removal of anything that could affect your IT devices and services. Change management is the process (the rules) that governs how change happens. 

The scope of change management should include all IT services, CI’s, technical processes and related documentation. This data is stored in a change management database (CMDB). 

Any changes made in the environment should start with a Request for Change (RFC). An RFC is a formal proposal for a change to be made in change management. An RFC includes all the details of a proposed change and can be recorded by either paper or electronic means. More mature organizations use software tools to track and manage these requests. 

 

Types of Change

There are three main types of change in change management: Standard Change, Normal Change, and Emergency Change.

Standard Change

A standard change is a pre-approved change that is low risk, relatively common and follows a defined procedure or work instructions. For instance, the password change of a user every three months is a good practice. It is common, and when the user follows the instructions, they can change the password easily. 

Standard changes do not require an RFC to be submitted. Standard changes are logged and tracked using different mechanisms within the change management process. These changes are typically logged as a service request and are managed by the service desk. 

Normal Change

Normal change is every change that is not classified as a standard or emergency change. If a new feature has been introduced for a new service or existing service has been updated, this is an example of a normal change. For instance, a software update or addition is an example of normal change classified in change management. 

Emergency Change

The third type of change is emergency change. Instead of extending an existing service or introducing a new service, emergency changes are initiated generally to solve a major incident or implement a security patch. Emergency changes must be introduced as soon as possible. For example, if a security exploit has been identified that can harm the company, customer data, or reputation due to data loss or leakage, this is a critical issue and must be fixed immediately. 

The change management process will normally have a specific procedure for handling emergency changes. Normal change procedure can be more bureaucratic and can take time to get all approvals to implement them, but because since emergency changes must be implemented as soon as possible, there can be faster and specific procedures or checklists for handling emergency changes.

 

Catch a CAB

The Change Advisory Board (CAB) is a group of people that advises the Change Manager in the assessment, prioritization, and scheduling of changes during the change management process.
 
The change manager is the ultimate responsible person for coordinating, organizing, prioritizing, and managing changes in an IT service provider. However, several departments, stakeholders, and organizations interact with IT Services in service delivery. 
 
 So, when managing and implementing changes in the IT services, representatives of these departments or organizations advise the change manager. For example, a department using a service can advise the change manager on what happens if the change does not happen successfully. The CAB usually consists of representatives from IT Services, Business, Suppliers, and Partners. 
 
The Emergency Change Advisory Board (ECAB) is a sub-set of the change advisory board who make decisions about high impact emergency changes. Let’s consider the example we gave previously. Suppose you have been notified that there is a security leakage in the system.  
 
After developing the security fix for this issue, and to implement this change, an immediate meeting is organized to get the stakeholders’ opinion about this emergency change. 
 
Membership of the ECAB depends on the nature of the emergency change and may be decided when a meeting is called. Only the relevant stakeholders are called to the mee ting to notify the change. However, in normal changes, the change advisory board comes together regularly to advise the change manager appropriately. 

Good Cyber Hygiene Tactics to Implement

Last, but certainly not least, it is important to remember to take care of small housekeeping details to keep your devices humming. Here are some critical but easy ones. 

1. Review logs – Check logs on your devices to ensure that the system and security are not providing obvious red flags. Having an event monitoring tool makes this task easy and provides granularity on important events occurring. 

2. Archive logs – Logging takes up a lot of space. Ensure that you save these logs to long-term storage regularly so you can still review them if needed. 

3. Maintain separate admin accounts – Do not give administrative privilege to an administrator’s daily account. Assign complex passwords and controls to these accounts. On devices, create accounts specific to that device for both reporting and administrative functions. 

4. Service accounts – Create separate service accounts on servers that are members of the domain and not local. Ensure a complex password is used, and proper controls to the accounts are followed. 

5. Antivirus/AntiMalware – If possible, use centralized management and reporting for this software. Aside from real-time protection, make sure to schedule a routine task to do a deep scan. 

6. Service packs, patches and updates – Threats are evolving on an hourly basis. Have a process or use a tool that keeps your devices in sync with the latest critical updates. 

7. Device monitoring – Use the manufacturer’s tools or consolidated monitoring to know when devices are down, have heavy RAM or CPU use, run out of storage space, or experience network flooding. 

8. Backup critical data – Perform regular backups of your data and system states. Keep local and offsite/cloud-based copies of this data in the event you may need to restore. 

 

As you have read, both documentation and good operational discipline are mainstays to a more reliable and predictable IT environment. It is never too late to start implementing good cyber hygiene tactics, and the process is continuous. 

We at Edge Networks know that when managing your IT, there can be a lot of moving parts and potential pitfalls Remove the burden of managing your IT with our flat-fee IT managed services programContact us to schedule a free, 30-minute consultation today.