Wow cool! A device that lets you know, via Internet, when your milk is beginning to sour! And a connected thermostat – turning the heat up remotely an hour before you get home to save money…and “smart” fitness monitors, baby monitors, watches… and so goes the list of fancy smart devices.

Slow down. Don’t buy a single smart device until you ask yourself these 15 questions. And frankly, there’s a lot of effort in some of these questions. But, security isn’t always easy. Check it out.

• Was the company ever hacked? Google this to find out.

• If so, did the company try to hide it from their customers?

• Review the privacy policies and ask the company to clarify anything—and of course, if they don’t or are reluctant…hmmm…not good. Don’t buy a device that collects data from vendors that fail to explain data security and privacy.

• Does the product have excellent customer support?

• Is it hard to get a live person? Is there no phone contact, only some blank e-mail form? Easily accessible customer support is very important and tells a lot about the product’s security level.

• Does the product have vulnerabilities that can make it easy for a hacker to get into? You’ll need to do a little investigation for this information on industry and government websites.

• Does the product get cues for regular updates? The manufacturer can answer this. Consider not buying the device if there are no automatic updates.

• Does the product’s firmware also automatically update? If not, it is not good.

• Is the Wi-Fi, that the device will be connected to, secure? Ideally it should be WPA2 and have a virtual private network for encryption.

• Will you be able to control access to the product? Can others access it? If you can’t control access and/or its default settings can’t be changed…then be very suspicious.

• What data does the device collect, and why?

• Can data on the device traverse to another device?

• Ask the gadget’s maker how many open ports it has. Fewer open ports means a lower chance of malware slithering in.

• Is stored data encrypted (scrambled)? If the maker can’t or won’t answer this, that’s a bad sign.

• Ask the manufacturer how the device lets you know that its batteries are low.

The perception in the industry seems to suggest that most businesses are overwhelmingly using the cloud these days. Surprisingly, the truth is that only 37% actually are. However, within the next four years – by the year 2020 – that number is expected to more than double to a whopping 80%. As  many businesses leave their outdated legacy networks behind, there’s inevitably going to be a scramble to address security challenges that arise from the confluence of cloud and mobile technology as it is widely adopted across companies. One solution for managing the overflow of data is to deploy a Cloud Access Security Broker, or CASB.

One of the biggest challenges, one faces while working with cloud, arises from the fact that data has become ever more accessible from mobile devices. Companies that adopt common cloud providers like Dropbox, Google Drive, or OneDrive can suddenly store, sync, and share data at will. Employees sync files to the cloud on their mobile devices in order to access them instantly even when they’re out of the office.

Of course, having data at the fingertips is a good thing. It helps employees to be more productive, efficient, and accessible. However, this genre of  boost to the workflow is a double-edged sword. After all, mobile devices are also one of the leading contributors to data breaches because files aren’t encrypted by default when they’re synced to these devices. This oversight leaves data vulnerable and easily accessible if the mobile devices get lost or stolen. And with 70 million smartphones stolen each year, it is  easy to see how that can amount to a lot of missing data – and why the widespread move to the cloud has the potential to become a massive security headache.

For example, say an engineer syncs several folders full of data to her Dropbox account to continue work at home and then accesses it on her tablet at an off-site meeting. Maybe some of those files contain confidential client information like Social Security Numbers and other identifying data. Also, some of the files can be trade secrets or intellectual property. Others may contain the company’s financial details. Maybe some of the folders have so many files in them that she’s not even sure what she’s syncing. Then, say she accidentally leaves her tablet in a taxi on the way back from the meeting. If her company is relying on the cloud provider’s default security measures (which don’t encrypt the synced files), the company has already suffered a data breach. Those files can be easily accessed by a malicious actor, which can lead to financial problems, client alienation, and massive damage to the company’s reputation.

It really is a challenge to monitor all files being synced between managed and unmanaged mobile devices, and to keep data safe when it’s proliferating on the cloud at a pace which is too quick to keep track of.

Enter the CASB

CASBs have conjured up an almost magical solution for companies seeking to bolster security, improve visibility, and make the confluence of mobile activity and the cloud more manageable. They are making waves in the market nowadays. A CASB provides a centralized location for administrators to monitor the movement of their teams’ data. The platform grants visibility into how files are being accessed and shared and by whom; enforces compliance with federal regulations; maintains data security; and deploys and enforces threat prevention measures. CASBs that access SaaS applications’ APIs, make it easy to monitor files on devices even when there’s a BYOD policy in place. That’s important when so much data is moving off the network and into the cloud, constantly being carried into and out of the office on smartphones and tablets. A CASB lets admins scan files for keywords and ensure that the files that need to be encrypted are actually encrypted. It also lets admins know when a file is being shared externally and when it’s being synced. The best part is that it doesn’t change the user experience at all, making it easy to deploy and easy for employees to use without the hassle of switching to a clunky platform for the sake of security.

So let’s revisit our hypothetical engineer who leaves her tablet in the cab. If her company had deployed a CASB, her team’s administrator could have seen that she was syncing company files to her mobile device, scanned them for keywords indicating confidential or sensitive information, and either stopped the process or ensured adequate encryption and security controls. What’s more, once the employee lost the tablet, admins could have easily revoked access to the files with the touch of a button to make sure that no data got into the wrong hands.

A CASB provides organizations with the kind of visibility and security measures they really need to keep track of their ever-changing, ever-mobile data. At a time when 74 percent of U.S. organizations allow or plan in the next year to allow their employees to use personal devices at work, maintaining control over corporate data is paramount. It is been clear for very long that protecting the perimeter is no longer enough.  Even deploying smart measures like encryption isn’t sufficient  anymore either. The sheer volume of files being created, synced, and shared in today’s workplace is effectively unmanageable without a CASB that lets you know exactly where all your sensitive files are and lets you keep them secure.

In today’s world, companies are constantly attacked by hackers, but what if those attacks come from the inside? More companies than ever before are dealing with insider security threats. Here are 11 steps that all organizations should take in order to mitigate these threats and protect important company data:

Always encrypt your data – If you want to minimize the impact of an insider threat, always encrypt your data. Not all employees need access to all data and encryption adds another layer of protection.

Know the different types of insider threats – There are different types of insider threats. Some are malicious, and some are simply due to negligence. Malicious threats may be identified by employee behavior, such as attempting to hoard data. In this case, additional security controls can be an effective solution.

Do background checks before hiring – Before you hire a new employee, make sure you are doing background checks. Not only will this show any suspicious history, it can stop you from hiring any criminals or those associated with your competitors. Personality tests can also red flag the propensity for malicious behavior.

Educate your staff – Educating your staff about best practices in network security is imperative. It is much easier for employees to use this information if they are aware of the consequences of negligent behavior.

Use monitoring solutions – There are monitoring solutions that you can use, such as application, identity and device data, which can be an invaluable resource for tracking down the source of any insider attack.

Use proper termination practices – Just as you want to be careful when hiring new employees, when terminating employees, you also must use proper practices. This includes revoking access to networks and paying attention to employee actions on the network in the days before they leave.

Go beyond the IT department – Though your IT department is a valuable resource, it cannot be your only defense against insider threats. Make sure you are using a number of programs and several departments to form a team against the possibility of threats.

Consider access controls – Access controls may help to deter both malicious and negligent threats. This also makes it more difficult to access data.

Have checks and balances for all staff and systems – It is also important to ensure there are checks and balances in place, i.e. having more than one person with access to a system, tracking that usage and banning shared usernames and passwords.

Analyze network logs – You should collect, store and regularly analyze all of your network logs, and make sure it’s known to everyone that you do this. This will show the staff that you are watching what they are doing, making them less likely to attempt an insider attack.

Back up your data – Employees may be malicious or more likely they make big mistakes. And when they do, you’d sleep better at night knowing you have redundant, secure cloud based backup to keep your business up and running in the face of all kinds of problems.

Personal mobile devices and external data access promotes flexibility and improves employee productivity. However, it opens up the possibility of security breaches.

Simple things like forgetting to log out or losing a device can spell disaster to any business. But appropriate security policies and mobile content management software help businesses to mitigate the risks without hindering employee productivity.

BYOD (bring your own device) trend toward the use of employee-owned devices is sweeping the world by storm. Higher internet speeds, widespread cloud adoption and the increasing number of mainstream software packages going mobile, bring up the functionality of mobile devices at par with desktop computers. Most text documents and spreadsheets can now be edited on a mobile device without any limitation. And custom-built apps mobilize business tools that were previously available only within the office.

“BYOD strategy is the most radical change to the economics and the culture of client computing in business in decades,” said David Willis, VP of the flagman research centre Gartner in a statement published on the company’s website. “The benefits of BYOD include creating new mobile workforce opportunities, increasing employee satisfaction, and reducing or avoiding costs.”

According to Gartner’s predictions, by 2017, half of employees will require staff to use their own devices for work purposes in a bid to increase productivity, employee satisfaction and provide a flexible working environment.

The benefits of BYOD programs, however, come with a number of challenges concerning data security and the security of devices from which this data is accessed.

Firstly, companies need to ensure that confidential data remains confidential and employees can only access what is relevant to their job. This means implementing a mechanism that is robust, yet not onerous on the user. It may also mean an update in the company’s data architecture in order to enable the simplification of  provisioning and the clarification of access level hierarchy.

Secondly, there is a need to enforce device security features. Things like requiring employees to enable screen locks, disabling password caching and removing questionable apps, all help to create a more secure working environment. An extra step would be to create a list of approved devices to streamline tech support and increase compliance.

Thirdly, employees need to become more vigilant in regards to physical safety of their devices. Phones and laptops often get stolen or damaged. Users can ensure data safety by installing backup software and uploading data to a secure cloud. In the event of device loss or accidental damage, backups can be restored on a new device thus providing business continuity.

In Australia alone, more than 100,000 mobile devices are reported lost or stolen every year. This equates to 2,000 each week or one device every six minutes, according to the data published on Australian Mobile Telecommunications Association website. While not all of these devices would be used for corporate data access, the statistics are staggering.

And finally, BYOD policies need to be applied to all staff without exception. Security policy may quickly become useless if it is ignored by people in leadership positions.

Acronis Data Protection Trends Research revealed that out of the 41% of surveyed organizations with a BYOD policy in place, 25% made exceptions to policy rules giving company executives access to the most sensitive data, placing the whole company at risk if their mobile device was compromised.

It is a given that BYOD is here to stay. It is also obvious that it came about with its own security challenges, giving companies no choice but address the issues in order to stay competitive in this increasingly mobile-focused world.

The good news is that help is now readily available. Data protection vendors have been working extra hard to develop turnkey solutions for enabling mobile environments, known as Mobile Content Management (MCM) systems. Many of them include ongoing technical support, making expert knowledge available to customers whenever they need it.

One such solutions is Acronis Access Advanced. It is specifically designed to enable BYOD while maintaining high standards of data security by way of managing the level of content collaboration needed to foster a productive workforce while ensuring secure access and sharing of vital corporate content. Its granular policy controls enable companies to manage users, apps and data and be responsive to the changing mobile environment.

If you don’t have any clear BYOD policies in place, you have to do some serious analysis and strategizing. Developing best practices for mobile devices and external data access may prove to be critical for the survival of your organization.

Cybercriminals know that the best way to get their claws on the next victim is to appeal to their emotions, not logic.

There are a lot of scary things in life, and one is learning that your computer has been infected with a virus. If this happens, you’re now vulnerable to spending money on getting rid of the malware. The tactic of scaring users is called scareware.

• A pop up tells you “Warning! Your Computer Has Been Infected with Malware!”
• The pop-up can be triggered by visiting an infected website or by making a bad click.
• The pop-up can’t be closed out, or if it can, another appears.
• Additional information in the pop-up lures you into clicking a link inside it, such as buy some downloadable security software that will destroy the virus.
• Once the alleged security software is downloaded/installed, it crashes your computer—even if you already have a legitimate security software program in place.
• You’re screwed at this point. (Hope you had all your data backed up before this happened!)

Here’s another way the scam can unfold, from someone who wrote to me:

I was notified by a notice supposedly from Windows Security that my PC has been attacked.  They claim that all my PC ID numbers were stolen and that Russia had got about 8-12 other IDs.  They took control of my computer and said they scanned it to find this out. They claimed the only way that I could clear this problem was to have them clear it for $199.99 and security for 1 year (sic) for $149.99.  They said the only way to accomplish this was by check.  They said it couldn’t be done by credit card because (sic) numbers would be stolen too.  I refused to go along with that plan and closed them out.  

P.S. I checked my account and it is paid thru 6/2016. How do I know if I get a notice from Windows that it is legit? 

All windows notifications come via Windows Update. That “pop-up” emanates via your notifications area on your taskbar and NOT a popup via your browser. What a mess!

Protect Yourself

• Use security software only from a name-brand company.
• Keep it updated.
• See a pop-up? Close it out. Never click inside it—which you can’t do if you close it out immediately.
• Exit the site you think triggered it.
• Play it safe and run a scan using your legitimate security software.

Often, hucksters prey on the consumer’s desperation, which is why it is no surprise that the No. 1 rip-off (at least between 2011 and 2012) was the popular market of bogus products promising weight loss.

VICE (vice.com) interviewed psychologist Maria Konnikova about how cyber cons are so successful—even with the most ridiculous sounding bait (Nigerian prince, anyone?).

The bait becomes more attractive when the target is receiving an influx of cyber attention. Sad to say, this trips up a person’s rationale, making them susceptible to the huckster’s plan.

Konnikova is quoted as stating, “Few things throw us off our game as much as so-called cognitive load: how taxed our mental capacities are at any given moment.” She explains that people are vulnerable when the con artist hits them up with their scheme while the victim is distracted with Twitter, texting, etc. In short, it’s cognitive overload.

Konnikova is the author of the book, “The Confidence Game: Why We Fall For It, Every Time.” In the book, she mentions that victims such as the U.S. Navy were too humiliated to prosecute the crooks who conned them. She tells vice.com: “Because admitting it [getting rooked] would mean admitting you’re a sap.”

And in this day of rapidly evolving cyber technology, the huckster’s job is becoming easier. With all kinds of pathways he can snag a victim. These pathways can be dating sites and pop-up ads which warn that your computer has been infected. But something else is on the crook’s side: the false sense of security that all this techy mumbo jumbo gives the common users—who thereafter let their guard down.

Despite all the parodies and mockeries surrounding the so-called Nigerian prince scam (aka 419 scam), it’s still out there in full force and effect. Look how technology has made it swell. And it will continue evolving as long as people want something for nothing. Why else would the Powerball swell to over 1.3 billon. “The basic contours of the story won’t change,” Konnikova tells vice.com.

Another factor is that some people equate online with credibility: “It’s online so it must be legitimate,” is the mindset. According to this mindset, the Loch Ness Monster must really exist, since there are many stories about it online. Despite how irrational this mindset is, scammers know that many people think this way and will design their ploys to look even more legitimate (with creative layouts, slogans, links, etc.).

Though it takes skill to be a successful huckster, they can’t get the job done without the victim being “vulnerablized” by cognitive overload.

When surfing the web, all of us, every now and then, stumble upon the pages that fail to load. The browser tab may return some obscure references. This article reviews the most common instances.

Our target is 403 Forbidden message. It is getting gradually associated with adware invasion. That is, the message ‘403 Forbidden’ appears on your screen if the page you have requested fails to load. As experts try to get insight into some resources involved with unfair advertising practices, they face the obstacle. The page does not open.

Why does it happen? One may say there is no good reason. Nice try, but not in the case of adware backed pages. They do not load intentionally if requested by random IP’s. The only allowed visitors come from the IP’s listed in the advertisers’ databases. Which IP’s get listed that way? The ones with the adware onboarded. It is the adware that makes the browsers on affected PC’s request access to the page. Only in such cases the request gets satisfied.

Is it true that 403 Forbidden always designates the case of unfair advertisement? No. A website may actually need protection from hackers.  If so, some IP’s could be banned for security reasons. Should your IP be engaged into spamming or another Internet scam, you may be restricted from visiting the pages that apply enhanced security policy.

If affected by adware, you are basically unlikely to encounter the 403 Forbidden tab when opening the malvertising URL. Quite in contrary, you belong to the pool of the compromised, forced to visit the annoying resource on and on. Others, those free of the adware, would not be able to reach the page and be presented with 403 Forbidden notifications.

The restriction pursues two goals. First of all, it is meant to set up a refined traffic. The concept has lately been introduced by IT security observers. It describes the traffic moderation chiefly for the purposes of refining it so that it would meet the advertiser’s demands. What the advertisers would demand is that the visitors are more likely to buy what they promote. People are likely to buy what they need, and how can one possibly judge what others would need? In the Internet era, your online activities are logged into the browser history. Modern adware acts as spyware retrieving the history. The history is reviewed with automated tools so that the ads presented through the gateway of a restrictive page would be a likely match of the user’s demands.

People may be unable to see the page content and stare at the above error report, for their computers have not been hacked. Their browsing history and other details are unknown to the hackers so that they cannot ensure the ads match the visitors’ profile. It is important to note the match does not ensure the quality of ads whatsoever.

The controversy about 403 error may seem to rather increase as you read the above speculations. To sum it up and make thing clear, let us lay it down another way.

403 Forbidden informs you the page has recognized your request, but you have failed to satisfy its acceptance criteria. There are two basic cases for the failure. The first one is now tending to dominate; it is when the page is backed by certain adware. The advertising campaign does not welcome random visitors as they deteriorate the refined traffic. Hence, the users are banned as they have not been affected by the adware. If that is the case, your PC has not been hit by the adware. If you are an IT researcher or enthusiast, you need to be aware of the adware and may help the victims to understand why they encounter recurrent redirects to the pesky pages. They say, realizing the problem is halfway to resolving it.

The case 1 of 403 Forbidden is basically a good one. If you see 403 Forbidden under the circumstances of case 1, your PC is free of the adware.

Case 2 implies the opposite for the viewer. It happens as your IP or other details match certain criteria indicating you as unfair or otherwise unwanted actor. For instance, there is a website called stopforumspam.com. It runs a database of IP’s to be blamed for committing forum spam. If your IP gets listed, perhaps it has been hacked, and the spammers abused it so that certain forums may restrict your access to their threads. If you believe the URL you are trying to reach is a decent one, yet it bans you, you may try to contact its administrator. The simpler but somewhat tricky way to omit the restriction is to apply VPN services. The VPN basically provides one with a third party IP, which is hopefully not listed as the spammer’s one.

The spammer’s restriction is just one example. You may get blacklisted for other reasons. Perhaps, you do not try a black hat hacking yourself, but that means somebody has engaged your computer into certain indecent activities.

Schematically, the workflow of actions when stumbling upon 403 Forbidden notifications is as follows:

Forbidden report:

Case 1. The page is a reputable one: you are blacklisted. Check your PC for viruses, contact the blacklisted databases after ensuring the cleanup has completed, as appropriate. If reaching the blocking URL is critical, consider using a third-party IP as available with a range of redirecting services e.g. VPN.

Case 2. The website is actually or potentially tricky or otherwise malicious:  you are not allowed to visit it most likely due to the so-called refined traffic policy. Good news is there is no adware onboard. Other users are infected, though. You are encouraged to share the info on the misbehaving URL with IT security circles to prevent further development of annoying, virus backed advertisement.

Ransomware is a continuously growing threat to individual computer users and organizations worldwide. It typically leverages an uncrackable combo of RSA and AES cryptosystems to deny the availability of one’s important files, subsequently demanding a fee for data recovery.

The ransoms range from $200 up to $10,000, depending on the malware family and the number of machines plagued in the course of an attack. Having originally targeted PCs running Windows, ransom Trojans have lately come to also hit Linux and Mac computers, as well as mobile devices.

According to the FBI’s Internet Crime Report, ransomware is one of the three hottest issues in the present-day cyber threat landscape, along with business email compromise and email account hacks. The losses reported by 2,453 victims in the U.S. last year amounted to $1.6 million. Compared to the corresponding statistics for 2014, the victim count nearly doubled in 2015. The actual expenditures, however, were much more impressive and reached $24 million, considering the total costs incurred in mitigating the damage.

Computer users compromised by a single strain called CryptoWall from April 2014 to June 2015 lost $18 million, with 992 complaints filed by those attacked. That’s just a breakdown based on cataloged incidents in the United States alone, whereas the big picture is certainly much more terrifying.

Researchers from Kaspersky Lab did their own research and came up with a report on ransomware assaults reflecting the global state of things on this arena. The company detected 2,900 new ransomware variants during the first quarter of 2016, which demonstrates a 14% increase compared to the fourth quarter of 2015. The prevalent ransomware families in Q1, 2016 were TeslaCrypt, Locky, CTB-Locker, Petya, and CryptoWall. As per the 2014 – 2015 comparative annual breakdown, there has been a 48.3% spike in the quantity of identified ransomware samples.

A total of 753,684 users around the globe fell victim to ransom Trojans in 2015. The infected users spent $300 on average to recover their frozen data. The impact tends to get much more disastrous if the crypto threat hits an organization with a large IT infrastructure. For instance, a compromised hospital in Los Angeles ended up paying the attackers a Bitcoin equivalent of $17,000 in February 2016. Another noteworthy fact is that the cybercriminals behind the notorious CryptoLocker strain have been reportedly earning an astonishing $30 million in ransoms every 100 days since 2014.

Meanwhile, most companies are ill-prepared for the challenge stemming from ransomware. According to a survey of 200 attendees of RSA Conference 2016, only 38% of IT executives claimed they were very confident that their company could recover from a ransomware attack without losing critical data. Furthermore, 73% of the respondents believe critical infrastructure providers are more vulnerable to these compromises than other organizations.

While the ransomware menace persists and keeps evolving, end users and companies should maintain secure data backups, steer clear of suspicious links, regularly install software patches and use reliable anti-malware suites.

Breach. The word calls to mind all sorts of things, from Shakespeare to spy movies. Almost all involve attackers breaking in from outside. Tom Cruise suspended inches above the floor in Mission: Impossible is but a glamorized, Hollywood image. In reality, most data breaches today happen with help from the inside — unintentionally.

While headlines about intruders grab attention, the real turning points for data security are the little mistakes that users make. From mishandling devices to time-saving shortcuts, users create security loopholes that must be closed for meaningful data security to take place.

Learning from others’ mistakes

The news is filled with stories of massive data thefts these days. From the Target and Home Depot losses to the OPM debacle, we want to know who did it. But knowing who is not as important as figuring out how. To prevent the next breach, companies have to look at the security loopholes that were exploited in previous intrusions. No matter how much policing takes place, there will always be hackers lurking in the shadows. The smart organization works on preparation… not just prevention.

Here are the most common security loopholes that intruders depend on to practice their craft and the steps needed to close them.

Spam filters can’t save you now

Yes, after all these years, people are still opening questionable email attachments. Just ask Sony. Their astounding loss of intellectual property, privacy and profits all started by a worker pulling an email out of their junk folder and opening the malware-laden attachment. Consistent reminders about security protocols are important. Using recent news stories of breaches as examples can help employees stay interested and understand what is at stake. The problem occurs, however, when people unquestioningly open email attachments and click on links without a second thought because they simply trust the sender.

While many of the phishing attempts of yesteryear are quickly caught by spam filters, it’s the concerted effort put into methods like “spearphishing” that quickly surpass spam filters and land employees, and their companies, in hot water. Spearphishing is a method where a hacker studies their targets, gains context, and then sends an email that would be indistinguishable from a malicious attempt, all by cloaking itself in familiar and confidential details. That is, if a hacker gains access to the secretary’s email account, they can quickly study up on their communication with the CEO and use those details to dupe the CEO into clicking on a link and thereby giving away the keys to the kingdom.

Even the trusted hotspot is not to be trusted. From network intrusions to stolen credentials, WiFi is a dream for hackers and a nightmare for security-minded IT professionals. While best practice is just to avoid open wifi networks, VPNs can help—but only if used properly. And remember that even security protocols like WPA are beginning to crumble in the face of consistent efforts to break them. The biggest loophole here comes from the increasingly mobile, BYOD-dependant workforce that many companies rely on. Company BYOD policies can also include setting devices to ask permission when connecting to WiFi and mobile device management software that allows for locking or wiping data in case of loss or theft. Beyond the hazards of public WiFi, even those digital nomads with your own, personal WiFi hotspots are far less secure than you might have initially imagined. How so? First, an estimated majority of mobile hotspots that are out in the wild today have the password of the admin account on the device automatically set to be the same as last 6 chars of the IMEI address.

While many hotspots have seemingly secure passwords, the formula is actually getting simpler. Today’s technology for gaining the IMEI number is certainly expensive, however we all know that once this technology gets replicated, the price will dramatically drop and availability will rise.

That corporate “guest” WiFi? It’s a cesspool. While we’re on the topic of WiFi, even that unsecured, unmonitored guest WiFi you offer can be a source of security loopholes. While employees may behave, for fear of repercussions, on your regular company WiFi, they may treat the guest WiFi as their own, personal playground.

While employees may never think to visit those sites that sit on the darker side of the World Wide Web while on the primary network, that guest network gives them a feeling of anonymity. The problem here is that employees are then jumping back and forth from secure to insecure WiFi, and bringing with them the malware that goes along with those sites. The employees are doing this naively and the bosses are blind to the threats. So, if you must offer WiFi to guests, lock it down and make it subject to the same policies as that of your primary network.

What it all means

Cyber security boils down to effective layering. From end-user education, best practices and workstation protection to firewalls and system-wide antivirus protection, IT departments need to work actively to thwart attacks. But knowing when the threat has become a reality can make all the difference in closing those trust loopholes before the damage is done. Everyone wants your data. Some already have access. Only you can seal the breaches.

Evolving technology in networking is allowing for significantly higher data throughput which translates to higher internet speeds available to consumers & organizations. For consumers it means high definition Netflix streaming without having to wait for buffering. For business, it unlocks a world of possibilities to move hardware, applications and servers that previously were run on site, into the Cloud. With this, many organizations are considering the opportunity to move their telecommunications hardware into the Cloud and take advantage of VoIP (Voice over Internet Protocol).

Communication is vital to any well run business. Continuously implementing new measures and techniques to improve communication within a business and with clients is essential for any growing business. VoIP phone systems come in a number of flavors- two of the main variations for a business are Hosted PBX systems and on-site IP PBX systems that use SIP trunking. There are positives and negatives with both systems so it is essential you comprehend them before converting to VoIP.

When planned and executed correctly, both a Hosted PBX or an on-site IP PBX system can help to reduce the bottom line of an organization’s communications expenses. They can also bring a variety of functionality benefits over outdated PSTN & ISDN telephony.

Ask your provider the below questions when considering the change to VoIP.

Does the system support your specific communications needs?

Generally speaking, VoIP phones are much more feature rich than the phones for traditional PABX systems however, these extra features mean nothing to the user if the VoIP system does not support the key functions that are required by an organization. Make a list how your organization uses your current phone system and how your call flows are currently set up. Ensure your provider can demonstrate how their proposed VoIP system will handle the same tasks. Ask for a live demonstration of the system and compare functionality side by side.

Does the VoIP system have a guaranteed uptime?

If the VoIP provider’s system is not accessible, it’s likely your system won’t be able to make or receive phone calls. Additionally, when using a Hosted PBX system, if the provider’s system isn’t working, you will not be able to use the phone system at all. This means simple tasks like accessing voicemail will not work. A guaranteed uptime of 99.99% is the equivalent of a possible 52 minutes of downtime over a 12 month period. Make sure you understand the exact implications of system downtime on the proposed VoIP solutions you are considering.

What happens if the system potentially goes down?

Many businesses will agree that missed calls can potentially result in thousands of dollars in lost revenue. When a VoIP system goes down, most businesses opt to have an automatic forward for phone calls to an alternate network. Ask your VoIP provider what backup actions are offered when either your local internet goes down or when there is a total internet network outage. There will also be different failover measures for a power blackout and a hardware failure on premise. It’s extremely important that you have pre-planned and pre-configured failover protocols in place that automatically activate during an outage. These backup measures can allow communications to continue and prevent the potentially expensive effects of missing important phone calls.

Does Fax work over VoIP?

Faxing over a VoIP can be hit and miss. This is because faxes were designed specifically for the outdated analog networks. If your organization depends on faxes, it is imperative to ensure you have a VoIP compatible fax service that meets your requirements. Some providers may offer fax conversion services that utilize your existing fax hardware whilst others offer a virtual fax service which runs off software or online applications. Make sure you have the necessary information about how faxes will work over your VoIP system before making any changes. This will avoid potentially irreversible problems arising in the future.

How easy is it to upgrade the system?

Many VoIP systems are brilliant for scalability and involve little if any upgrades to allow for increases in the number of users and higher call volumes. Most Hosted PBX phone systems can scale to complement any business size. When you are speaking with a VoIP provider, you should advise them how many users will be accessing the system at one time. This information is important to help determine whether an On-Premise IP PBX and or a Hosted PBX phone system will best suit your needs. It is imperative you continuously plan for the future when it comes to your communications strategy as your needs today will be very different to those in a few years.

Is the VoIP platform secure?

It is extremely important to ensure your VoIP provider has up-to-date and frequently upgraded security protocols in place. One potential weakness of a VoIP phone system is that, if not properly protected, hackers can find their way into your system and make unsolicited calls. These unwelcome intrusions can often go unnoticed and allow hackers to run up thousands of dollars in phone calls that you will be liable to pay. If you are considering a Hosted PBX solution, these security measures are completely up to your VoIP provider to manage for you. When opting for an on-site IP PBX, some of these security measures will be your responsibility and will require strict settings on your firewall to keep out unwanted intruders.

Hackers bank heavily on tricking people into doing things that they shouldn’t: social engineering. A favorite social engineering ploy is the phishing e-mail.

How a hacker circumvents two-factor authentication

• First collects enough information on the victim to pull off the scam, such as obtaining information from their LinkedIn profile.
• Or sends a preliminary phishing e-mail tricking the recipient into revealing login credentials for an account, such as a bank account.
• The next phase is to send out a text message appearing to be from the recipient’s bank (or PayPal, Facebook, etc.).
• This message tells the recipient that their account is about to be locked due to “suspicious” activity detected with it.
• The hacker requests the victim to send the company (which is really the hacker) the unique 2FA code that gets texted to the account holder upon a login attempt. The victim is to wait for this code to be sent.
• Remember, the hacker already has collected enough information (password, username) to make a login attempt. Entering this data then triggers a send of the 2FA code to the victim’s phone.
• The victim then texts back the code—right into the hacker’s hands. The hacker then uses it to get into the account.
• The victim made the cardinal mistake of sending back a 2FA code via text, when the only place the victim is supposed to enter this code is the login field of their account when wanting to access it!

So in short, the crook somehow gets your password (easy with brute force software if you have a weak password) and username or retrieved in a data dump of some hacked site. They spoof their text message to you to make it look like it came from the company of your account.

Red flags/scams/behaviors/requests to look out for:

Pay Attention!

• You are asked via phone/email/IM etc to send someone the 2FA code that is sent to your mobile (prompted by their login attempt).
• If you receive the 2FA code, this means someone is trying to gain access to your account. If it’s not you, then who is it?
• Never send any 2FA code out via text, e-mail or phone voice. Never. Consider any such request to be a scam.

KeRanger is the first working Mac ransomware virus, and it’s not theoretical, it’s real and in the wild. The attacked Transmission app was spread from the official Transmission webpage earlier this spring. It had a completely different code signature compared to the original one formerly issued to sign the Transmission app. It indicates the app in itself was changed and re-signed by the cyber attacker.

The revamped duplicate of Transmission contains a file called General.rtf that is, in fact, an executable but not the rich-text document it claims to be. Once the app is started, this file is reproduced to another file called kernel_service in the user Library folder. This kernel_service process continuously runs in the background environment, as well as generates more processes and files among which is kernel_time. This file possesses a timestamp, utilized to determine when three days have passed. After three days, the ransomware virus “explodes” and starts encrypting all documents.

It is going to encrypt every single file contained in the Users folder, together with data possessing typical document extensions located in the Volumes folder. This means that files situated on attached external hard disk drives, servers, etc. In each and every directory where files have been locked, a file dubbed README_FOR_DECRYPT.txt is formed, bearing guidelines for how one can purchase a decryption key.

The point that this ransomware virus will encrypt external hard disks and linked network volumes signifies it may encrypt backups such as Time Machine backups located on a Time Capsule. Even worse, there exists a smallscript in the app named _encrypt_timemachine. This indicates your backups, that you may wish to preserve unchanged in case of a ransomware attack, may as well fall prey to this virus.

Surprisingly, there are absolutely no persistence techniques used by this virus. The kernel_service process will continue working, however if you rereboot the PC, it will not launch again automatically. You should re-open the affected Transmission app to be able to re-activate the malicious process.

Apple has equally introduced detection of this ransomware virus to revoke the developer certificate utilized to sign the dangerous copy of Transmission. This implies new attacks are no longer possible without an upgrade of the KeRanger virus. Nevertheless, it’s worth mentioning that in case you launched the contaminated copy of Transmission on your Apple computer at least once, Apple detection procedures will not protect you from starting the infection ever again. Your Apple computer will regard it secure at this stage, as it has been successfully launched earlier.

Lots of people might be lured to pay the ransom to return their documents. Yet, it’s a terrifically bad approach. In the Windows environment, paying out the ransom often leads to receiving a key that may not properly decrypt the data files. On the other hand, it additionally can lead to transmitting funds to the hackers but receiving absolutely nothing in exchange, or getting a key that doesn’t really operate correctly just because the ransomware was poorly-written.

For those who have installed the Transmission app lately, it’s best to remove the app and restart your computer. This will put a stop to re-activation of the KeRanger virus.

It’s not the very first time that Apple customers have been attacked via a torrent client, but in past times this kind of problems have only been related to adware. Think thoroughly before dealing with torrent clients in the future.

Attacks on cloud-based services rose from 19 percent two years ago to 33 percent in 2015, according to Arbor Worldwide Infrastructure Security Report XI, 2016. As the number of enterprises moving data via cloud architecture rises, so do attacks on cloud-based services.

With 6 out of 10 network buyers planning to increase cloud-related spending this year, enterprises need to have a plan for security, both on-premise and in the cloud.

Enterprises should consider these three areas of security concern before undertaking a large-scale cloud deployment.

1. Cloud Access

Employees no longer sit at a desk in one location. They work remotely; they access the network from conferences and coffee shops. In fact, 95 percent of employees work from mobile locations — meaning any place other than their office — at least once a month, according to Forrester’s Business Technographics Telecom & Mobility Workforce Survey.

These users rely on a public internet connection, opening up a variety of vulnerability points.

Here are three ways to monitor and protect access when a public internet connection is key:

• A managed cloud firewall with Network Address Translation (NAT) can be an easy way to protect internet connections. Outsourcing the management frees up internal resources for other projects and allows users to respond quickly to the demands of the business.
• Secure Remote Access or other IPSec solutions are options for securing public internet ports used by mobile employees and provide access to the entire network. These solutions also provide a low cost, reliable avenue for remote global site expansion projects and cloud connections.
• Secure Socket Layer (SSL) VPN can remove the need for client software compatibility and only provides access to pre-specified applications and services. If you’re serving a significant number of mobile users, check with your cloud provider to ensure client or SSL connections are feasible.

If users aren’t dependent on the public internet to access resources, migrate to a virtual private network (VPN) connection for cloud access. Reducing publically addressable end-points helps minimize the complexity of managing security and takes advantage of the inherent security aspects of private connections. Microsoft Azure, Amazon Web Services and Google Cloud all offer this option with various network partners.

2. Data Storage and Use

Data loss protection (DLP) and data encryption continue to be hotly debated security topics.

DLP provides a view of where data is stored across cloud, mobile and on-premise environments and helps enterprises with the use of that data. Some cloud service providers are starting to offer DLP content detection, monitoring and protection on their servers. In the future, DLP will become a feature in network-based security cloud gateways.

Another key to securing data is to take a full view of what data, and its value, is stored by your company.

Due to the complexity and cost of encryption, you need to prioritize what should be encrypted and the best method for your business.

An “encrypt everything” model in the cloud can interrupt application function, reporting and search functionality. For the user, encryption can seem too invasive to their daily work stream, which often results in creative circumvention of security systems.

Various data encryption models to consider include:

• Full Disk Encryption
• Container or Volume Encryption
• File or Folder Encryption
• Application Encryption

Traditional on-premise devices introduce a single point of failure and often lack the scalability that cloud applications require. Utilizing network-based security gateways and encryption offered by cloud providers are one way to scale this process.

3. End Users

Uneducated employees are a company’s biggest cyber risk. However, an educated user can be an asset for security, identifying and reporting anomalous situations like phishing attacks. Security initiatives should include employee training and security certification.

The challenge is assessing and prioritizing vulnerability points to use resources wisely for the biggest impact. The first step should be an independent vulnerability assessment and penetration test project.

This third-party tool will help assess areas of weakness — maybe phishing attempts to employees — and prioritize risk vulnerabilities.

By educating end users and identifying the biggest security risks, you can start to take action to remediate the issues and create a uniform security posture.

Connecting to applications in the cloud has become a networking way of life, and so too has the challenge of securing these deployments. It’s tough to stay ahead with the constant introduction of security technologies and both budget and staffing constraints.

While these three areas are key for 2016, we may see a noticeable shift in deployment or needs in 2017.

As we look toward our future in the cloud, we must also look toward avenues for securing our future.