Cyber Security

Cyber Tips for the Holidays

TOP 7 Cyber Security Tips For The Holidays

With the holidays approaching many busy Americans will be purchasing items and gifts online. The rise in activity will gear up the cyber thieves as well. Thieves will be targeting the vulnerable customers with their latest scams.

Even if you’re careful, internet shoppers will be exposing their personal information more frequently, which raises the scamming risk. Therefore, no better time than now to take a few moments and confirm you’re doing all you can do to protect your information and preventing cyber-crime.

Below we will highlight 7 Cyber Security Tips to Help Reduce Your RISK:

  1. Don’t Reuse Passwords

Despite security expert’s advice to NEVER reuse the same username and password across multiple websites, according to a 2017 Consumer Mobile Security App Use study by Keeper Security, a staggering number of people admitted to doing just that.

Respondents ages 18-30 stated they reuse passwords 87% of the time, while respondents ages 31+ reuse passwords 81% of the time. There’s no doubt remembering passwords is tedious, but taking this “short cut” can significantly make it easier for cyber criminals to access your accounts.

To make matters worse, if you use the same username, a hacker can simply guess your password and search or enter your username into popular online websites to get access to your accounts.

2. The Safe Way to Remember Passwords

There’s a lot of debate when it comes to password security and what actually qualifies as a secure password, but one thing is for sure – it’s not a good idea to save passwords in your browser. If your computer was compromised and all passwords were stored in your browser, hackers could easily gain access to all your accounts. As an alternative, consider using a secure password manager like LastPass or Roboform instead.

3. Use Secure Passwords

Whenever possible, use 2-step verification, which is often seen on popular websites like Facebook and Gmail when you’re prompted to enter your phone number in addition to your password. Mobile devices and some laptops offer 2-step verification in the form of fingerprint identification as well.

4. Update Social Media Privacy Settings

It’s a common mistake to assume your privacy settings will remain intact across social media profiles. In reality, social media networks can perform updates that suddenly make your profile public. This presents an opportunity for cyber criminals to gather data from your social profiles and use that information to gain access to your other accounts. For this reason, it’s a good idea to get into the habit of checking your social profile privacy settings once a month and Googling your name to see what your profiles look like to the public.

5. Close Down Old Accounts

While reviewing privacy settings across your social accounts, consider closing down old accounts you no longer use. In addition, you can disconnect old apps you’ve previously connected to your Google account. The more “connected” your Google account is to apps, the more likely it is that some of your information is being shared with unknown parties you might not be aware of.

6. Engage in Safe Online Shopping

If you plan to do some online shopping this season, consider creating a free email address via Gmail or Yahoo for online shopping sites specifically.

This allows you to keep your primary email address separate in the event your email is compromised or bombarded with junk email.

Use this “throw away account” for coupons, shopping sites or new websites you encounter.

Before you consider purchasing from a new website, be sure to Google the name of the business + reviews to see what others are saying and verify the website is legitimate. You’ll want to be especially cautious if the price of the product seems too good to be true.

7. Avoid Shopping on Public Wi-Fi Networks

While out and about on a shopping trip, be careful when accessing the web on public Wi-Fi networks. You might be tempted to order that hard-to-find item online while taking a break at your local coffee shop, but don’t give in to that temptation. Public Wi-Fi networks are a prime target for hackers. It’s best to use secure Wi-Fi networks for purchases or accessing banking information.

Most of all, be safe, be cautious and enjoy the holiday season!

0
Read More
Security Plan

Implement A Security Plan For Your Business

First, What is a Security Plan?

A Security Plan or System Plan documents the controls that have been selected to mitigate the risk of a system. The controls are determined by a Risk Analysis.

Assisting with the process NIST (National Institute of Standards and Technology) provides a catalog of controls with templates outlining the Cybersecurity Framework for Critical Infrastructure and Security Plan. Businesses may use the outline when creating their Security Plan.

How to Implement Your Security Plan?

1. Take an inventory of your physical and information assets (what are you protecting?).
2. Perform a risk assessment to determine what level of security is needed to protect your information assets.
3. Complete the checklist to make you aware of your security strengths and weaknesses
4. Complete an evaluation. Evaluate your findings and discuss recommendations to correct deficiencies and/or improve security with departmental administration and IT staff.
5. Develop a security plan. Create a plan with target dates for implementation.
6. Set Deadlines / Completion Dates
7. Project Management – Monitor the process from start to finish
8. Evaluate upon completion

Responsibilities for a Departmental Security Plan

  1. Inventory – IT Staff
  2. Risk Assessment – Systems Administrator
  3. Checklist – Systems Administrator
  4. Evaluation – Systems Administrator
  5. Plan – IT Staff & Systems Administrator

What does a simple IT security plan schedule look like?

Tasks Example:
  1. Draft Security Plan
  2. Submit Plan for review by other managers / outsourced IT company for this process.
  3. Edit
  4. Finalize Security Plan
  5. Submit to Board of Directors “if needed”
  6. Distribute the Plan to all Management
  7. Distribute the Plan to all Personnel
  8. Meet with Management – set dates – begin implementation
  9. Establish means to accomplish Security Tasks and events
  10. Establish Security Breach Committee
  11. Establish Proactive Security Committee
  12. Obtain and install required new equipment if needed (servers, workstations, programs, etc.)
  13. Implement new policies (ex – clean desk, remote working, etc.)
  14. Evaluate the implementation
  15. Evaluate Security Program
    1. Internal Review
    2. External Review
  16. Modify Security Program and Plan
    1. Schedule follow up meetings / audit
0
Read More
Surveillance Cameras in RI

Protect Your Surveillance Cameras

Did you know cyber-thieves can breach your surveillance camera system if not secured correctly?

Surveillance Cameras serve as a point of entry into the IP network of organizations of all types. As an IP based device and without proper measures to protect them, hackers can use them to shut down surveillance or to tap into the organization’s data. Both represent real risks that need immediate attention.

The good news is that there are immediate, high impact measures that security professionals can implement and architect to ensure your camera system is safe & secure!

If you have cameras or you’re preparing to install a new system, here are some tips you should be educated on:

  1. Camera Passwords ARE Important

    If your security cameras still use the default manufacturer password or a weak, common password, you are at immediate risk for a security breach. Hackers can write programs that will attempt hundreds of passwords in the blink of an eye. If your passwords aren’t updated regularly with significant difficulty, you are making it even easier for hackers to take down your cameras.

    Try utilizing a Secure Password Generator for creating strong passwords.

  2. Lock Down your Network

    Because cameras are often located in unsecured places around the perimeter of a building or in hallways, it is essential to ensure that your cameras are the only devices that can communicate across your network. Your network has a feature called MAC Binding that configures each network port to only accept the specific, unique MAC address from the camera bound to that port. This way, if a hacker tries to replace the camera with a laptop, the network will reject the communication. Seek tools to make this management easy and ability to upgrade.

  3. Isolate Your Cameras

    Don’t put cameras on the same corporate network as your workstations. Isolate your cameras with a Virtual LAN (VLAN) so that the only thing that can talk to them is the Video Management System (VMS).

  4. Don’t Ignore Unusual Events

    Take note of even short outages or sudden camera reboots. These small, seemingly insignificant events can indicate security breaches, such as foreign firmware uploads or hacker devices being introduced to the network.

  5. Two Operators equals Less Risk

    Your cameras should be set up with two logins the same way that your computers are set up; one login is a user with limited privileges, the other is an administrator with full access. The camera admin login should be used rarely for updates, and the user login should handle everyday tasks, like streaming video. That way, the more commonly used login cannot do as much damage if it falls into the wrong hands.

  6. Purchase Cameras from Companies with a Reputation for Security

    Not all camera brands are created equal. The security of certain brands and cameras with certain countries of origin have been questioned. Reputable companies should be on the forefront of security concerns, and have rapid response time to vulnerabilities. Do your research before a major system purchase.

For additional information on Secure Surveillance Cameras, please contact us below, we are always glad to assist!

0
Read More
Cyber Attacks on Banks

Exposing Weaknesses in Bank’s Cyber Security

Penetration tests are finding that banks are becoming guilty of web application vulnerabilities, and insufficient network security measures. As soon as the attackers access the internal network, they find that the network is secured no better than companies in other industries.

One weak element throughout banks, is the human factor. Attackers can bypass the best protected network perimeter using techniques, such as Phishing. The Phishing message can be sent to bank employees both at their work and personal email addresses. The Phishing method for bypassing the network perimeter has been used by almost every bank attacker.

Positive Technologies, generated a test which indicated – employees at 75% of banks reviewed had clicked on links in phishing messages, and those at 25% of banks entered their credentials in a fake authentication form. At 25% of banks, at least one employee ran a malicious attachment on their work computer. Penetration testers succeeded in obtaining access to financial applications in 58% of cases. At 25% of banks, they were able to compromise the workstations used for the management of automatic teller machines (ATM’s), which means the banks tested were vulnerable to techniques similar to ones used by Cobalt and other cyber-criminal gangs in actual attacks.

Moving money to criminal-controlled accounts through interbank transfers, a favorite method of the Lazarus and MoneyTaker groups, was possible at 17% of tested banks, while at the same proportion of banks, card processing systems were poorly defended, which would enable attackers to manipulate the balance of card accounts. Such attacks were recorded in early 2017 against banks in Eastern Europe.

An attacker collects the following information about the bank:

  • Information about network perimeter systems and software
  • Employees (including email addresses, telephones, positions, and names)
  • Partners and contractors, as well as their systems and employees
  • Business processes

Examples of preparatory actions:

  • Developing or adapting malicious software for the software and OS versions used in the bank
  • Preparing phishing emails
  • Setting up infrastructure (including domain registration, server rental, and purchase
  • of exploits)
  • Preparing the infrastructure for money laundering and cash withdrawal
  • Searching for money mules
  • Testing the infrastructure and malicious software

Conclusion

Penetration testing can indicate your organization’s weaknesses and how an attacker can wrongfully enter your system(s). Understanding how you can be hacked will help create a barrier to prevent breaches in the future. The key is to remember that if an attack is detected and stopped in time, intruders can be thwarted. Preventing losses is possible at any stage if appropriate protective measures are taken. Email attachments should be checked in an isolated environment (sandbox), instead of relying solely on endpoint antivirus solutions. It is critical to configure notifications from protection systems and react to notifications immediately. Therefore security events must be monitored by an internal or external security operations center (SOC) with use of security information and event management (SIEM) solutions, which significantly facilitate and improve processing of information security events. Cybercrime is continuing to evolve and advance quickly, making it crucial that instead of hiding incidents, banks pool their knowledge by sharing information on industry attacks, learning more about relevant indicators of compromise, and helping to spread awareness throughout the industry.

0
Read More
Locations

Corporate Headquarters
58 Waterman Avenue - North Providence RI 02911

MA Office
14 Holly Lane - Westport MA 02790

Toll Free: (888) 219-5296
Local: (401) 231-8130

Operating Live 24∙7∙365