Historically, Ransomware is known for encrypting files, restricting company access, and demanding some form of ransom to regain that access.   Businesses wisely install modern backup solutions that allows them to recover from Ransomware without paying a ransom.  Like any business whose revenue stream is shrinking, criminal businesses need to adapt and evolve to stay relevant.  This is where the evolution of Ransomware comes in.

The cybercriminals (MAZE and REvil) are adjusting their targets to raise their success rates.  They are aiming for industries and companies known to possess valuable data.  The common victims are in finance, healthcare, legal, and hi-tech product manufacturing.  Small businesses are a part of this common victims demographic because they cannot afford the most advanced security technology and large security teams.  The bad guys know it and exploit it.

Their tactic is changing too!  Instead of encrypting files and demanding a ransom, they want to get inside, find valuable data, steal it, and then encrypt files as a notice to the end user that they are in control.  Once the cybercriminals have control, they threaten to leak the company’s sensitive information.  Their ultimate goal is to hold the company image hostage and demand ransom to keep the data private.  Cybercriminals are evolving their targets, technique, and demanding much larger ransoms than previously seen.

1. FUNDAMENTALS
   • Patching – Keep you computers and servers up to date with the latest security patches. Keep endpoint security (anti-virus) updated with the latest signatures so it knows about the newest threats.  Ensure network security device firmware is updated to the most secure versions.  This limits the vulnerabilities a cybercriminal can exploit to gain access to a company’s data.
   • Segmentation – Configure the network to separate systems where sensitive and valuable data is stored & processed from the end user computing environment which is the most vulnerable and easily infected. This keeps breached or infected computers from spreading to the protected environments.
   • Multi-Factor Authentication – Require this 2^nd level of authentication on any systems that are accessible from the Internet. Three key examples are Email, Remote Access, and Web Applications.  This will help prevent unwanted visitors from getting in through different password stealing and cracking methods
   • Limited Local Admin – Computers require a user to have “Local Admin” privilege to install software. Malware is simply software with bad intent.  To help negate the ability of malware to install without warning, users should not be the “Local Admin” of their computer
   • Plan – Have cybersecurity and incident response plans. Have a 3^rd party test your security and plans.

2. EMAIL SECURITY
   • Anti-Phishing – Enabling these security measure on your email system helps to minimize the phishing emails from ever getting into the Inbox. Phishing emails and the links contained within are the #1 vector for malware/ransomware
   • Targeted Threat Protection – This advanced security measure evaluates and/or cleans email attachments which are another very common vector for carrying malicious software.
   • Staff Training – Ongoing training of your end users is critical to protecting your company. Informed users know what to look for and how to identify suspicious emails.  Tactics are always changing so a recurring program of training and testing is a modern requirement

3. ADDITIONAL LAYERS OF SECURITY
   • Endpoint Detection and Response – These are modern security tools that utilize AI, machine learning, and advanced forensic techniques to prevent and/or quickly detect malicious activity. This is an important additional layer that goes beyond the capability of the anti-virus in use over the last 25 years.
   • File Encryption at Rest – Deploying a solution to encrypt the most sensitive data while at rest in your system will prevent the criminals from accessing the contents. They may be able to steal a file or folder, but they will not be able to open.  If they don’t have any sensitive material to release, they can’t hold anyone up for ransom
   • Data Loss/Theft Detection – There are many types of technology that evaluate networks for inappropriate movement of data. They are able to detect when data is moving out of the company to unexpected places, in an unexpected manner, and/or is data is not allowed to be on the move.
   • 24/7 Security Monitoring –If there are not humans monitoring systems and reacting to abnormalities, systems and procedures are only partially successful

In short, the attackers are always advancing targets and techniques to be more effective and profitable.  A mix of sound fundamentals, advanced tools, and trained eyes will go a long way to prevent companies from suffering irrecoverable reputation damage.  

The post RANSOMWARE IS UPPING ITS GAME AGAIN, IT’S TIME TO UP YOUR GAME TOO appeared first on Runwell Solutions, Inc..

Another misconception is that a network firewall, antispam, antivirus/antimalware on your computer, and a decent password means security is covered.  As attackers continue to outperform traditional tools and develop more complex methodologies, increased layers of security become necessary. For example, neither a basic firewall, nor traditional antivirus will defend against a new strain of Ransomware.  Tools using behavior monitoring and artificial intelligence should be considered to help prevent previously unknown threats.  Antispam does not know how to detect Phishing attempts or evaluate threats contained in email.  Email attachment and link reputation scanning are a must have since email is one of the top vehicles for threats.  The list goes on and on of the tools that should be considered to protect your data wherever it is accessed and stored.

According to a Better Business Bureau survey, 55% of small businesses lack the resources (manpower) and knowledge to develop a cybersecurity plan and run it.   You can have all the cybersecurity tools in the world, but if skilled people are not watching the shop, those tools will be limited in their security effectiveness.  Fortunately, Security as a Service, A.K.A. Managed Security, is available to provide the tools, manage them efficiently, monitor for emerging threats, and serve the needs of small and medium businesses. 

Contact Runwell Solutions® today to learn about SkyShield, a comprehensive Security as a Service solution, purpose built for today’s small and medium businesses.

The post Half of You Reading This Experienced the Effects of a Cyber Attack Last Year appeared first on Runwell Solutions, Inc..

Like so many negative stories in our world, we have become numb to the flood of information about Cyber-attacks.  Some of the biggest attacks ever occurred in 2017 and 2018, but did not receive the media acclaim that the Target, Home Depot, and Sony attacks did in years’ past.  WannaCry, Petya, and Emotet attacks created great problems locally and internationally to organizations large and small, but that is not history.  Cyber-criminals continue to modify and advance these attacks to be more effective, resulting in some scary statistics.

• Number of overall attacks doubled in the last year (Over 17 Million Per Week).
• Sophistication has increased as we now see more unknown, first time attacks than previously known attack types (43% to 57%).
• The global cost of Cyber-crime has quadrupled since 2015 (Up to 2 Trillion a Year).
• Nation states are targeting US companies for their intellectual property, and the rate of attacks is increasing daily.

Fortunately, making a few adjustments  can have a big impact for your company:

1. Follow the Basic Rules, They Are Not Optional

Asset Inventory – Keep track of your IT assets because if you don’t know what you have, you don’t know what needs attention.

Acceptable Use Policy – Document network security controls and inform your employees about following them.  It is for their own safety and the good of the company.

BYOD Policy – Unknown and personal devices that make their way onto your network are undocumented liabilities. Create and document what is allowed, when it is allowed, and how they may access the network and Internet.

Patching – Keep operating systems (Windows, MAC, Linux, Android, iOS) up to date with the latest stable security patches.  Update software known to commonly have security flaws (Adobe, Flash, Java, etc.).

Least Privilege – Minimize user and software privilege. Only provide administrator rights to those who truly require it to perform their daily job/system functions.

Segmentation – Use firewalls, VLANs, and other security dividers to separate parts of the network that should not communicate with each other.

Monitor – Have responsible parties evaluate policies and alert logs on a regular basis.  If you don’t have the ability internally, hire a managed security service.

Audit – Routinely audit your internal security policy and security tools for effectiveness and ability to meet compliance requirements.  Have 3^rd party vulnerability and penetrations tests. performed on a regular basis (yearly at minimum).  Test your users’ response to phishing attempts.

2. Prevent, Be Proactive

For many years, security philosophy focused on how quickly you could detect and clean up a virus, malware, or intrusion.  Would you wait for a robber to enter your house before figuring out how to handle the situation?  Of course, not!  You have door and window locks, an alarm system, a service that notifies the police of an unlawful attempt at entry.  So treat your network and computer systems with the same preventative and proactive approach.  There are fantastic security tools and services that adhere to this approach and you should implement them.

3. Respond Efficiently

Be prepared for when, not if.  Steps 1 and 2 are an effort to prevent attacks and minimize the damage done if one occurs, but you still need to be prepared if your network is compromised.  Knowing what to do and who to call is critical.  Did you know that the first thing you need to do, after a breach occurs, is take forensic backups of your systems?  Most companies set about restoring their systems from backup and, while this may speed their return to operations, it immediately destroys any evidence of the attack.  This not only makes it difficult for law enforcement to take legal action against the perpetrators, it may also make it difficult for the company to make an insurance claim for damages.

4. Your Data is Valuable, Protect It Everywhere It Goes

You might think of a firewall as a tool to protect the network or anti-virus as a software to protect your computer, many people do.  What we’re really trying to protect is valuable data and access to that data.  Now that we have established your data is what is most important to protect, shouldn’t it be protected anywhere it sits and any place it is accessed?  Implement security and threat prevention everywhere!

– Email
– Web Browsers
– Cloud Storage
– Cloud Servers
– Software as a Service (SaaS)
– Mobile Devices
– External Storage (USB Sticks and Hard Drives)
– Data Centers
– Computers and Laptops

Your critical data may be accessed and/or stored in any of these places. Think about it. Protect it.

In summary, cyber-attacks and threats are growing, changing, and impacting people and companies around the world.  The good news is you don’t have to resign yourself to being a victim.  Take action, make adjustments, and get some help to prevent your company from becoming a statistic.  Contact Runwell Solutions® at 610-376-7773 to discuss a cybersecurity plan right for your business.

*Thank you to Check Point Software Technologies, Fortinet, and the Runwell Solutions® Cybersecurity specialists for the use of their research and suggested best practices in the creation of this article.

The post CYBER-CRIMINALS ARE IMPACTING BUSINESS AT AN ALARMING RATE – DEFEND YOURSELF appeared first on Runwell Solutions, Inc..

Passwords.  We all have them, and lots of them.  People in our industry will tell you that they need to be long, complex, and unique.  But is that really practical?  Is it really possible to have a unique password, that is long and complex for each and every digital account you have?  No, it’s not.

Password Strength Statistics:

See which passwords need attention

Password Generation Form:

Easily create very complex passwords

Browser Plug-In for Automatic Form Fill-in:

Not susceptible to hacking as described in this post

Activity Shortcuts

Launch URLs, copy usernames & passwords, etc.

The post Password Management appeared first on Runwell Solutions, Inc..

Recently, the bad guys have upped the ante with a new, very sophisticated method of phishing.  The process works like this:

1. The attacker works to compromise an email account; could be anyone…could be you
2. Once compromised, they scan your Sent email looking for recent “active” correspondence
3. They use that recent correspondence to send an email to all of the original recipients, impersonating you!
4. In the email, they’ll include a malicious attachment or link to a malicious Website
5. They’ll surround the attachment or link with information that makes it appear as though you are sending this email

Part of the challenge with this type of attack is that, if no one alerts the victim that their email has been compromised, the victim has no idea they’re being impersonated.  But the real and obvious danger is to the recipients.  The malicious, phishing emails are being sent as responses to real correspondence.  They could include a legitimate subject, an actual signature with a corporate logo, familiar names and nicknames, and so on.  Some of these emails have been seen with legitimate requests for documents, which were replied to with a “document” which was unfortunately malicious.

What you should do:

• If you receive an email that looks suspicious, call the sender and ask them if they sent the email
• If someone calls you about receiving a suspicious email from you, notify your IT staff or company and immediately change your password
• As always, if something doesn’t feel right, don’t click on it or open it
• If you do open an attachment or click on a link, and something doesn’t look right, shut down your computer and contact your IT staff or company.  Do not forward the attachment to other people in your organization.

If you need help securing your email system, please don’t hesitate to give us a call.  If you have opened an attachment and are dealing with an outbreak, please call us right away.  We have a plan and know what to do.

The post BOLO: New, Highly Sophisticated Phishing Attacks appeared first on Runwell Solutions, Inc..

Why auto-fill passwords are so dangerous

In 2015, the average Internet user had 90 Online accounts, a number that has undoubtedly grown since then. This has forced users to create dozens of passwords, sometimes because they want to practice healthy security habits and other times because the platforms they’re using have different password requirements.

Web browsers and password manager applications addressed this account overload by allowing usernames and passwords to be automatically entered into a web form, eliminating the need for users to hunt down the right credentials before logging in.

Unfortunately, the process of tricking a browser or password manager into giving up this saved information is incredibly simple.  All it takes is an invisible form placed on a compromised Web page to collect users’ login information without them knowing.

Using auto-fill to track users

Stealing passwords with this strategy has been a tug-of-war between hackers and security professionals for over a decade. However, it has recently come to light that digital marketers are also using this tactic to track users.

Two groups, AdThink and OnAudience, have been placing these invisible login forms on websites as a way to track which sites users visit.  These marketers made no attempts to steal passwords, but security professionals said it wouldn’t have been hard to accomplish.  AdThink and OnAudience simply tracked people based on the usernames in hidden auto-fill forms and sold that information to advertisers.  This is scary stuff…a hidden form, which you can’t see, requesting auto-fill information from your browser, which your browser will provide without your knowledge or consent.

One security tip for today

Turn off auto-fill in your Web browser.  It’s quick, easy, and will go to great lengths to improve your account security.

• If you use Chrome – Open the Settings window, click Advanced, and select the appropriate settings under Passwords and Forms.
• If you use Firefox – Open the Options window, click Privacy, and under the History heading select “Firefox will: Use custom settings for history.” In the new window, disable “Remember search and form history.”
• If you use Safari – Open the Preferences window, select the Auto-fill tab, and turn off all the features related to usernames and passwords.

This is just one small thing you can do to keep your accounts and the information they contain safe.  For managed, 24×7 Cybersecurity assistance that goes far beyond protecting your privacy, call us today.

The post Saving Passwords in your Browser? appeared first on Runwell Solutions, Inc..

Runwell Solutions® cybersecurity services keep your business one step ahead of resourceful criminals. We are introducing an additional layer of protection to the SkyShield Cybersecurity solution in the form of Cybersecurity Awareness Training.  Cybersecurity Awareness Training will empower your staff to identify and understand spam, phishing, spear-phishing, malware, ransomware, and social engineering.  With this training, your business can establish a human firewall to effectively block hackers and criminals, and keep you protected.

Using SkyShield Cybersecurity Awareness Training, we can test your employees with simulated, randomized phishing attacks and provide ongoing training with interactive modules, videos, games and newsletters.  We can also provide you with reports which demonstrate the results of phishing tests and training progress.  SkyShield Cybersecurity Awareness Training will keep employees on their toes and security at the forefront.

If you’re interested in learning more about Cybersecurity Awareness Training and especially if you’re not using SkyShield to protect your business, please call us today.

The post Securing the Human appeared first on Runwell Solutions, Inc..