Sara J. Beebe

Employees-weakest-link

Why Employees are the Weakest Link in Your Cybersecurity Business


When many business leaders consider the security of their operation, the first things that come to mind are locks on the doors, proper outdoor lighting, and perhaps a security guard on-site, then they begin to look inward and consider their cybersecurity. Toward that end, they invest in the latest and greatest firewalls, antivirus, anti-malware, firmware, and other software fixes while overlooking the most important aspect of their security integrity: their employees.  Why are employees your greatest cybersecurity threat and what are you to do about it?

The very nature of human beings with their curiosity and need for stimulation, information and novelty make them the prime target for hackers who want to infiltrate your business network and its data.  Therefore, full buy-in of the company security endeavors will require an alliance between IT, which should understand your operating needs and HR, which should comprehend the foibles and psychology of human beings that can make them gateways to cyberattacks. It is simply not good enough that your employees remember to update passwords regularly; they need to understand how a hacked company system affects them directly. To this end, your IT team should work with HR to develop training which garners staff support for the security processes that need to be implemented.

Here are a few of the issues this composite team needs to address:

Impact on the Company of Down Time and Security Breaches – Explain in the clearest terms how downtime in the company network affects everyone. Use examples such as Ransomware or Spear Phishing attacks or other situations in which your business could lose data or computer access – thus affecting the ability of your company to remain in operation and therefore to employ people!

Lack of Awareness – Simple though it may sound, regular training and reiteration of concepts like having strong passwords, proper storage of customer information, use of locking drawers or file cabinets, how the company uses multi-factor authentication and data access principles should be ongoing practices. In addition, all personnel should know how to properly dispose of drives, reports, etc. when they are no longer needed or pertinent. Last here is the need to inform employees of the importance of system/software updates for both company equipment and approved BYOD mobile phones and other devices, as well.

Hazards of Using Unsecured Networks – This is particularly problematic with BYOD environments including commuting vehicles (e.g., the train and subway), cafés, etc. which are typically unsecured networks. Your employees need to be aware that all online activity conducted on such networks can be visible, putting devices and sensitive company information in peril. To minimize this risk, explain the difference between using HTTP and HTTPS prefixed sites – the later carries encryption protocols – on any device (laptop, smartphone, etc.) used for work related activities and help them to understand which work is best left to be performed in the office on company secured devices. Another off-site peril comes from Juice jacking (stealing data by monitoring public charging stations) in which a hacked wireless charging port can allow cybercriminals to record what is being written or watched on a device as well as download programs to said device. Personnel who frequently work outside the office should be trained to understand the risks of using public access networks and a few means of minimizing same, such as plugging into an electrical outlet or using their own powerbank, having different passwords for each app and device they use, and waiting to perform personal interactions until at home and only installing apps from official marketplaces. Best, have them use a VPN (Virtual Private Network) set up by your IT team that provides for encryption of data moving between them and any end user whether they are at home, traveling or otherwise working outside the office.

IoT (Internet of Things): a Door to System Access – With the growing complexity of the business operating environment you may find you have manufacturing equipment as well as simple office equipment such as printers connected wirelessly to your server. These additional pathways offer opportunities for an employee to involuntarily undermine your security by tapping into equipment not meant to be part of their peripherals. In order to minimize this risk, have your IT team set up not only different passwords for this equipment but different router levels, as well, which prevents certain devices from ever ‘seeing’ other devices they shouldn’t. Turning off equipment when not in use will help to mitigate cross system access as well. These steps can also help prevent an unintended internally produced Denial of Service (DoS) attack or Distributed Denial of Service Attack (DDoS) in which equipment or websites crash from an overload of demand.

Don’t forget, your IT team consists of all your employees. To this end, think about the cybersecurity culture you want to create. For instance, have your IT team start broadly sharing new concepts learned trade events , which can keep lines of communication open between departments and can help your staff understand new threats and preventive actions they can take before your business is targeted.

In addition, savvy IT members don’t put all their eggs in one basket; they may like vendor X who provides software X and has worked with them for years but they stay aware for news of failures of this protective service and are willing to jump ship to vendor Y if that is in the best interest of your company. Better, working with an outside company, in addition to your in-house staff, who is not a single service provider and whose sole interest is in being knowledgeable about multiple software security tools, techniques and processes and is willing to embrace your company’s unique business protection requirements can be a valuable asset.

Finally, keep in mind that a disgruntled employee with any system access can pose a threat to your business (e.g., copying trademarked or other business sensitive information for purposes of corporate espionage) and containing them is the territory of HR. However, a coordinated effort between your employees and IT, with the help of training developed actively with HR, will strengthen the personnel link in your cybersecurity chain, in addition to bringing added value to your employee morale due to your consideration of their need to understand, so that they are able to actively participate in protecting your company and their jobs.

Be safe out there!

Read more
Raccoon-Malware

Raccoon Malware: A Threat to Cybersecurity


As if you didn’t have enough difficulty maintaining your cybersecurity, now there is a masked bandit on the loose – for a fee!

Raccoon (a.k.a. Mohazo, Revealer and Legion) malware appeared out of the former USSR in early 2019, is still very active, is available on the dark web for approximately $200 per month, and has a development team which not only creates frequent updates (such as the ability to steal FTP server credentials) but which responds to user requests for enhancements (e.g., keylogger as a possible upcoming feature). The ease of use via a simple dashboard and excellent customer service, if you can believe that, make this malware a long-term threat to your information systems. Unfortunately, its popularity with hackers appears to remain quite steady.

What does Raccoon do? It is an information stealer operating as a MaaS (Malware-as-a-Service) model. Creeping in through phishing and other attack modes, it is able steal data from up to sixty (60) applications, including the leading web browsers.

It has also been used to access cryptocurrency, credit card and e-mail accounts, plus other applications through which data is gathered in order to perpetrate financial and identity fraud against victims. Once the desired information has been accessed, whether it be screenshots, OS data, system settings, or simply the usernames and passwords from various browsers and activities, the data is sent by zip file to the hacker. This ease of use has created over 100,000 infected devices since even the non-tech savvy can operate this malware.

As noted above, Racoon often arrives through phishing scams, ones which can take many forms. It can be deployed within attachments to e-mail spam, a Dropbox .IMG file or even as “bundled malware” wherein it is attached as a rider to a legitimate software download. However, the most popular distribution vehicle for this software is the use of exploit kits, which can deliver the malware without the user’s knowledge while the user does something as routine as surfing the web.

How can your IT personnel work to protect your company and resources from this threat?

As usual, the emphasis on employee awareness of the need to protect company assets by not opening suspicious content (including malvertisments which may occur on legitimate sites) must be paramount. Training staff to recognize and resist social engineering lures which attempt to bait those clicks is also necessary.

In addition, the BYOD/T (Bring Your Own Device/Technology) environments which allow employees to use their own software, hardware, and/or cloud storage may create a Shadow IT situation which opens your business to these attacks. Your entire IT team, and especially the IT security group, should be aware of this possibility and be active in using up-to-date firewalls and other pertinent software to diminish unauthorized accessing of your systems. For remote employees, your IT team should install on their devices the same antivirus, anti-malware and other safety software as is used by the business at large. Employees using hardware or software not recognized by the protocols implemented by IT should not be allowed system access.

Finally, since Raccoon also scans the caches created by browsers and apps as well as broken downloads, recent files, and other junk that is problematic or infrequently used, a proper repair tool that can sort through and delete these items is essential.

Never forget, your team’s knowledge and skill is an invaluable part of safeguarding your data and business. Proper use of antivirus, anti-malware and other tools to search for and destroy these types of programs is essential. Moreover, their understanding that these threats, especially the ever adapting Raccoon, require constant vigilance; ongoing cybersecurity training meant to thwart those who seek to wreak havoc within your business is vital to your security and peace of mind.

Be aware and take care!

Read more
application-of-virtual-machine

5 Applications of Virtual Machines


The word application is everywhere these days, typically shortened to “app,” particularly when one speaks of a mobile technology solution.  You have a weather app on your phone that allows you to dial up the weather anywhere in just an instant, another in your car to help you navigate to new locales, etcetera.

These specifically designed applications of technology serve you well but when it comes to creating a virtual machine (VM), the difference is that you are creating an application in the older sense of the word.  Per Merriam-Webster an application is: “an act of administering or laying one thing on another”.  When applying a virtual machine (or machines) onto your business computing system you are not necessarily seeking to create one specific new computing application but an overlay which will be used to enhance your overall system and so produce an environment that will serve your company and its’ employees better.

Given below are a few of the common benefits of VMs for organizations who use them:

The multiplicity of Operating Systems

A VM enables the running of operating systems (OS) that would not normally be compatible with your host system (e.g., Windows on a Mac or an Apple overlay on a Linux configuration).  By simulating multiple computer systems from one console users are able to toggle amongst systems and displays from a single workstation. Thus VMs provide the experience of using multiple computers at the same time; ideal for creating complex servers with multisystem needs.   An added advantage of this type of overlay is that users who are comfortable with one OS, perhaps an older non-supported version of Windows, can have their preference available, regardless of the overall company OS, thus aiding them to work efficiently.

Reduced Overhead

Overhead comes in many forms: salaries, benefits, hardware purchases, software licensing, etc. The ability to run multiple OS on a single piece of hardware reduces the need for office machinery as well as its upkeep and operational costs (say a utility bill for electricity to power and cool the machinery).  Fewer physical servers due to running more systems on each one also reduce costs via a reduction in floor space required!

Safety Net for Data – Rapid Disaster Recovery and Auto Backups

Since virtual machines are set up using a hypervisor (a piece of hardware, firmware, or software that creates your virtual machines, allocates resources to them, and then manages them) or similar technology which creates a layer between your physical computer and your virtual machine, the various systems remain entirely separate from each other; this adds an important layer of security to your operations which can help prevent faulty applications or corrupted files from infecting your host machine. For example, if you download a corrupted or infected file on your VM, the hypervisor will prevent the file from getting to your host machine.

In addition, since VMs make regular copies/snapshots of their operations history there is little risk of data loss – making for a highly effective disaster recovery solution as these copies can be revisited as necessary or, in more severe recovery scenarios, moved to another device.  Further, the negligible hardware overhead of your virtual environment poses a lower risk of system failure to your server in the first place.  Finally a VM set-up allows you to various applications while you determine what works best for your business needs during development.

Scalability

Since physical space for as well as maintenance costs of additional hardware are not a factor in a VM environment, your company and its systems can grow and change more easily.  VMs enable you to add and remove applications with no physical overhead, so that an expanding virtual infrastructure doesn’t require complex budgets for hardware resources. This simulated hardware is a flexible solution to an expanding company server, with multi-application, multi-user needs.

Centralization

The use of virtual machine environments can allow for the consolidation and more efficient management of your IT needs via a single console with commercially available VM software helping to monitor all of your systems, applications, and OSs from a single dashboard. Additionally, use of a VM performance monitoring tool to collect data and metrics for your network on a regular basis can help to ensure the system is functioning well and there are no impending issues. With proper centralization and monitoring you will be able to track trends (such as which VMs are consistently reaching resource limits), more effectively approach capacity planning and disk space usage as well as flag any VMs regularly experiencing crashes, delays, or application issues.

Before we conclude, note needs to be made of a special virtue of the flexibility of VMs, one highlighting many of the benefits noted above, which is their usefulness for Software Development and Testing.  Testing in-development software is enhanced as applications can be installed on the VM and then reset to a saved state whenever needed. Also, if you are trying out a new application and aren’t sure how it will perform under certain conditions, you can test it on a virtual machine and then reset it to a particular state if it crashes or you want to try something new. This is a definite advantage as doing this on a physical machine may leave you with unexpected crashes and issues even after you uninstall the test software. The isolation from the host OS of the test software on a virtual machine creates a much safer test environment. Plus, you can determine whether an application you are developing works well on all OSs or has bugs in some operating systems but not others.

As always, knowledgeable IT personnel can help you determine which hypervisor is best for your VM needs, what type of VM to create, how to optimize performance and maintain or increase network speed via proper resource allocation, how to reduce background applications, and which configurations are best for differing users. Use of proper monitoring tools can also enable your personnel to track network traffic and user experience to help prevent bottlenecks, maintain efficiency, and prevent frustration. A well developed VM is not just an efficient means of keeping abreast of changing business and IT needs but a thing of beauty.

Plan well and enjoy your new computing environment(s)!

Next Steps to Take

Read more