What is the Dark Web and Why Should We Care?

You’re happily humming along on the internet, thinking you’ve got a pretty good understanding. You can navigate your way around Google, Facebook, Amazon, and news sites. You’re actually only visiting four percent of the internet. There’s a whole world hiding beyond these safe surface-level sites, known as the Dark Web and it’s a much less hospitable place.

What exactly is the Dark Web?

The Dark Web is a conglomeration of websites that cannot be found on search engines or accessed via traditional web browsers because their location and identity is hidden through encryption tools such as TOR. TOR was originally created to protect military communication but now has a much broader utilization for both Dark Web purposes and highly secure communication. You typically have to access Dark Web sites utilizing TOR.

People create sites on the Dark Web in order to hide where they’re operating from, as well as to remain anonymous (TOR hides all IP information, identifying information, as well as data transfers). Over half of the sites on the Dark Web are used for criminal activities.

Why Do People Use the Dark Web?

One of the most prevalent uses of the Dark Web is buying and selling illegal goods, such as recreational drugs, weapons, fake identities, and organs. The proliferation of cryptocurrencies—like Bitcoin—has facilitated these sales. People living within totalitarian societies that restrict communication also take to the Dark Web to share their thoughts freely.

The most dangerous use of the Dark Web for businesses is the exchange of credentials (usernames and passwords) and identities. An individual’s stolen credentials can typically be sold on the Dark Web for as low as $1. Hackers utilize these purchased credentials to:

  • Gain access to important financial information and steal identities (access to a Bank of America account holding $50,000 can be purchased for $500)
  • Access accounts for further phishing attacks
  • Threaten people with exposure of sensitive information (Remember the Ashley Madison hack from a few years back? Those credentials were dumped onto the Dark Web and hackers leveraged them to expose users).
  • Compromise other accounts using the same passwords and perpetuate the sale of personal Information

What can you do about it?

The average citizen will never have a reason to access the Dark Web, but their credentials could easily be floating around, endangering their offline livelihoods. Once your credentials are released on the Dark Web, there is precious little you can do to have them removed. However, you should, at the very least, know when you’ve been compromised so that you can immediately act, like changing your passwords and activating two-factor authentication.

We recommend utilizing a full Dark Web monitoring service that alerts you if credentials appear on the Dark Web. These services constantly scan the Dark Web for your information and alert you whenever something suspicious appears. These alerts don’t necessarily mean a breach has occurred, but they are very good heads up that something bad may be coming. You can then create a plan of attack before any damage is done. Granted, there will be your fair share of false positives, but we firmly believe in operating in the better safe than sorry camp.

How should you get started with Dark Web monitoring?

Our team can run a preliminary scan of your domain revealing the likely breaches in the last 36 months. We’ll then review that report with you and come up with a plan of action to alleviate any major dangers. Click here to request that scan.

Additional Dark Web Resourcs:

What is the Dark Web & How to Access it

Battling the dark WEB

What is the dark web? How to access it and what you’ll find

Dark web data monitoring: 6 questions to ask

Create An Information Security Culture to Protect Your Data

Who do you rely on to keep your data safe? If your answer is your information security team, you’re only half right. Because everyone can cause a security incident (and insiders, either accidentally or deliberately, are the biggest cause of data breaches), information security is everybody’s job. Making everyone realize that requires deliberately creating a culture of information security.

Obstacles to a Security Culture

There are two main obstacles to creating a security culture: your management and your employees.

Management often gives lip-service to the need for information security, but doesn’t practice what they preach. Executives are likely targets for phishing attacks, but they’re often exempt from security awareness training. Many still share passwords and rely on administrative staff to generate reports and access online systems for them.

Employees see management not practicing safe computing, and reasonably conclude it isn’t really a top priority. The security training they receive is often boring or superficial. Their direct managers often emphasize getting the work done, even if it means taking security shortcuts.

Both managers and employees usually understand information security to mean technology that prevents data breaches. Building a security culture means changing that understanding; if you define information security as being about reducing risk rather than preventing a breach, it is easier to see how it’s everyone’s responsibility.

Learn more in Don’t Let These Obstacles Get in the Way of Your IT Security.

Talking About Information Security Is Key

Although much security training is ignored by employees, having conversations about security is key to changing awareness and attitudes. Look into new ways to make training for interesting and more impactful; the “gamification” of training rewards employees for the effort they put into it.

It’s also important to not only teach employees about strong passwords, but explain why they matter: what are the risks and consequences when poor security practices enable a breach. It also requires having a clear process by which employees can report suspected phishing attempts or other security incidents.

In addition, provide tools and processes that help employees use safe computing practices—but use them wisely; restrictions in places where they don’t really make sense will lead to employees searching for workarounds. Have a strong password policy, and give employees access to a password manager so they don’t write them down. Make sure you have an efficient process to grant employees access credentials so they don’t need to share them.

Learn more in The cybersecurity employee training checklist.

Security Isn’t One and Done

The most important way to make security a part of your culture is to make it clear that it’s an ongoing process—employees haven’t fulfilled their security responsibility simply by attending a once-per-year presentation. Have fun quizzes and security tests throughout the year, with rewards for employees who do well or who report potential incidents.

Make your security culture even more effective by deploying security tools that support safe computing practices and reduce the number of threats that get near your employees. CCS Technology Group provides security services that help employees keep your data safe. Contact us to learn more.

Additional Cybersecurity Resources

The Key Features to Look for In Your Firewall

6 Ways to Keep Your Cloud Secure

Closing the Most Common Cybersecurity Holes

Don’t Let These Obstacles Get in the Way of Your IT Security

Information security should be a top priority for any business. You don’t make any money by having good information security practices, but you can lose a lot of money if you don’t: this year, the average cost per record of a data breach was $150, according to the Ponemon Institute. Multiply that number by the size of your database and you can see how the costs quickly mount up.

So if a lack of information security can be so costly, why are there so many data breaches? One reason is that it’s impossible for any defense to be 100 percent effective; there’s always the risk that one malware author will get lucky and break through. But more often, it’s because although companies know information security is important, it isn’t really a priority. There are too many obstacles that get in the way of implementing effective security:

  • Manual processes. When processes like patch updates and vulnerability scans need to be performed manually, it’s easy to make errors or neglect to apply them to some systems.
  • Complex infrastructure. Except for a brand-new startup, every business has a jumble of technology. Different hardware, different operating systems, different operating system versions, multiple software products, and cloud systems make it difficult to develop a comprehensive approach to security that can cost-effectively protect all resources.
  • Lack of budget. In most businesses, IT is a cost center, and that means limited budget that needs to be allocated between projects that help the business grow and projects that add security to protect the business.
  • Employees don’t use safe computing practices. How many computers do you walk past with passwords written down on sticky notes? Information security is everybody’s responsibility, but many companies don’t do a good job educating their non-IT employees about safe computing, including strong passwords and recognizing phishing attacks.
  • Overworked, under-trained IT staff. IT staff is often overwhelmed and spends most of its time fighting fires and putting out today’s problems. Getting training on the latest security threats and their defenses isn’t top priority and isn’t always in the budget.
  • Changing threats. The scope and source of security threats is constantly changing. It’s not just about dealing with new variants of existing malware. There are new kinds of malware, such as ransomware, which has been devastatingly effective in numerous instances. There are also new attack vectors, including mobile devices, the internet of things, and the cloud.
  • Lack of business support. Business management is focused on the business, not IT. They sometimes see information security measures, such as preparing and testing an incident response plan, as a distraction.

Security services from CCS Technology Group can help you overcome these challenges. Our proactive approach closes holes that make you vulnerable to current attacks and implements layered security and defense in depth strategies that help guard against future attacks. Contact us to learn more about how CCS Technology Group can help you protect your business.

Additional IT Security Resources

Closing the Most Common Cybersecurity Holes

The Key Features to Look for In Your Firewall

Phishing 101: What it is, how it works and how to avoid it

The Key Features to Look for In Your Firewall

Keeping your front door locked is the first step in keeping intruders out of your home. Keeping your network’s front door locked is the first step in keeping intruders out of your systems. A firewall provides that first line of defense for your business; here’s what to look for.

Technical Features

It used to be relatively simple for firewalls to offer protection. They blocked or allowed access based on rules regarding ports, protocols, applications, and IP addresses. It could be administratively challenging to keep track of the reasons behind the rules, making maintenance difficult, but the overall idea was straightforward.

Today the protection offered by firewalls needs to be much more technically robust and flexible. Threats come in so many varieties and are created and modified so frequently that limits based on lists of ports don’t offer enough protection. Instead, firewalls must:

  • protect applications regardless of port. Applications today aren’t always run on standard ports, so application-based controls need to be able to identify applications no matter which port they’re using.
  • control applications at the feature level. The firewall also should offer fine-grained controls to ensure application usage conforms to corporate policies. Many online services offer multiple functions, only some of which may be allowed.
  • identify users appropriately. IP addresses aren’t enough to determine who’s accessing your network. Where possible, user-based policies ensure access is limited appropriately no matter where a user connects from. Remote users need the same access and same limitations as on site users.
  • inspect encrypted traffic. It’s ironic that encryption keeps traffic safe as it travels over external networks but hinders safety once the data reaches your network. SSL inspection is critical to protecting you from dangerous traffic, but needs to be performed rapidly with minimal performance impact on end-users.
  • cope with the unknown. It isn’t enough to scan the traffic you expect; your firewall needs to be able to inspect and manage the traffic you know nothing about, including unknown applications and atypical ports. Blocking unknown traffic may prevent users from accessing needed services, but allowing unknown traffic presents a high risk to your systems.
  • minimal performance impact. We mentioned above that SSL inspection can potentially cause performance issues users notice; that’s not the only possible performance impact. Since all your network traffic goes through your firewall, even if all your firewall did was automatically say yes to everything, it would be a potential bottleneck due to volumes. Firewalls need the appropriate amount of ports, CPU capacity, and network in order to do their job without keeping other systems from doing their own jobs effectively.

Operations Features

Firewalls require oversight, but a solution with an easy to use dashboard and minimal routine administrative work eases the impact on your team. It’s also important that your firewall logs capture detailed information that can flow into analytics programs to identify possible attacks on your network.

Pricing

Finally, the cost of your firewall needs to fit your budget, but balance that investment against the potential costs of doing nothing. The estimated cost of a data breach is $150 per record stolen, according to the latest Ponemon report. With malicious attacks the main cause of breaches, the value of a firewall is obvious.

CCS Technology Group offers security services that guard your sensitive data with firewalls and other protective technology. Contact us to learn more about implementing an effective cybersecurity strategy.

Additional Security Resources

7 Common Mistakes That Place Your Data in Danger

Different Kinds of Malware Need Different Kinds of Defenses

6 Ways to Keep Your Cloud Secure

Don’t Overlook These Information Security Basics

The reason companies fail at information security isn’t because they aren’t installing the latest high-tech defensive software. It’s because they aren’t taking care of the security basics, like installing patches on time. What are some of the other information security basics you might be overlooking?

Managing employee access

Employee access rights shouldn’t be permanent. As job functions change, you should review and revise their access to match the responsibility of their roles. While ideally you’ll do this as soon as they take on a new role, at least review access privileges annually. Even more important, when employees leave the business, you should be sure to disable their access immediately.

Changing default passwords

Admin/admin? Everybody knows that login and password, including the bad guys. It’s easy to overlook changing passwords after you install new software, but it’s necessary in order to keep your systems secure. Use a unique admin password on all your systems in order to ensure you’re protected.

Reviewing security logs

Don’t just review log files after a breach occurs. Log files should be reviewed on an ongoing basis in order to spot breach attempts before they succeed. This doesn’t have to be a purely manual effort; there are good analytics tools to help identify suspicious behavior.

Enforcing secure mobile device usage

It’s convenient to have employees use their mobile devices to conduct business, but it also can be risky. Develop your “bring your own device” policy, teach employees safe mobile computing practices, and consider using mobile device management software to enforce your policies.

Protecting the cloud

Relying on your cloud provider for security of your data in the cloud is a mistake. Information security in the cloud requires both your organization and your cloud provider to take steps to protect your data. In addition, employee “shadow IT” usage of cloud resources can lead to security risks you aren’t aware of; consider using tools that help you detect unauthorized usage of cloud services.

Learn more in 6 Ways to Keep Your Cloud Secure.

Verifying configuration settings

Many security vulnerabilities, especially in the cloud, are the result of incorrect system configuration. Don’t rely on default settings, but make sure you explicitly set them to the values you need. Limit the ability to modify configurations to authorized employees, and use tools to detect configuration changes so they can be reviewed and verified. Use automation to ensure configurations are deployed consistently across all your resources.

Performing risks assessments

There are too many potential security threats to address all of them at once. In order to get the most value from the actions you take, it’s important to assess the risks you face so you can prioritize your responses.

Securing information resources requires implementing basic and advanced controls at multiple levels, including the network, the cloud, and endpoints. CCS Technology Group offers IT security services to help you comprehensively address your information security needs. Contact us to learn how our services can help protect your critical systems and data.

Additional Security Resources

Closing the Most Common Cybersecurity Holes

Is Your Network Safe From Cyber Attacks?

Ransomware 101: Keeping Your Organization Safe

6 Ways to Keep Your Cloud Secure

The simplest way to migrate to the cloud is to lift and shift your applications, migrating them exactly as they are. That doesn’t work for security, though. To make sure your cloud resources are properly protected, you need to review the security features offered by your cloud provider and make sure you implement them properly. You should check out the following:

1. Cloud provider compliance certifications

Meeting your own security standards is easier when the cloud provider offers a strong base. If the cloud provider offers infrastructure certified to meet the compliance standards relevant to your industry, be sure you deploy to that environment.

2. Encrypt your data

Store data in an encrypted format to keep it protected. You can usually easily turn on database encryption in the cloud. It’s simpler to allow the cloud provider to manage the encryption keys, though you’ll gain additional security if you manage them for yourself. Depending on how encryption is implemented, encrypting stored data may not require any application changes, making it compatible with a lift and shift migration.

3. Use identity and access management controls

Identity and access management (IAM) lets you limit access to your cloud resources. You may be able to use the same IAM tools in the cloud as in your data center, allowing you to lift and sift this security control as well. In either case, make sure privileges are set properly.

4. Don’t adopt default cloud configurations

The default configurations established by many cloud providers are not security conscious. Don’t assume they’re set the way you need them. Make sure these settings are appropriate for your applications and modify them when they are not. Where possible, use templates or base cloud images that have the settings you need built in to create all your cloud instances.

5. Separate production, test, and development environments

Because cloud lets you create and shut down instances as needed, you may see recommendations to speed production deployments by turning the “test” instance into production and creating a new test instance the next time you need it. The problem with this is that test environment configurations are often not as secure as those needed in a production environment. You’ll lose a little deployment speed but gain a lot of additional security by keeping the distinction between environments.

6. Don’t forget about the devices that access cloud

Securing your cloud resources requires more than just securing the cloud; it requires securing the devices that access the cloud. Don’t forget about tools such as firewalls to protect your network, and consider mobile device management software to protect your cloud from mobile device risks.

CCS Technology Group’s cloud services ensure your cloud provides a cost-effective, efficient, and secure environment that meets your IT needs. Contact us to learn more about building and using cloud safely.

Additional Cloud Security Resources

Closing Common Cybersecurity Holes

7 Common Mistakes That Place Your Data in Danger

Protecting Your Business Against Phishing Emails

Craft An Effective Disaster Recovery Plan

If you don’t want to be scrambling in the middle of a crisis, you need a plan. Here’s what to think about as you develop your disaster recovery plan to make sure you get out of the situation and back into normal operations fast:

Communications plan

There’s bound to be lots of confusion during an incident, but you don’t want there to be any confusion about who’s in charge. Make sure your plan identifies who decides to invoke the disaster recovery plan and how this will be communicated to everyone who needs to be involved in the recovery.

Scope of potential threats

Crises come in all sizes, from a single accidentally deleted critical file to a fire that destroys your primary data center. Spend time assessing a variety of possible situations and determine how you’ll match your response to the size of the outage.

Lists of systems and people

You’ll need a complete list of all hardware and software that your business uses, as well as network diagrams. Also create a list of all the staff you’ll need to help bring the systems back online, including their contact info. Include contact info for third parties, such as vendors and partners, that may need to make changes on their side to connect to your recovery site.

Priorities and targets

It isn’t possible to bring up all systems at the same time, and it usually isn’t necessary. Take your list of systems and evaluate the priority of each system so you know where you need to focus your effort. For each system, set a specific recovery time objective and recovery point objective, specifying how rapidly you need to restore that system to operation and how much data you can afford to lose. Once you know these numbers, you can craft a recovery strategy for each application to meet those targets.

Recovery procedures

Document the details of the recovery procedures for each application, including the complete details of the commands that need to be executed. Identify the other processes the application depends on in order to start up. Include validations that allow you to confirm the application is running properly in its recovery mode.

Fallback procedures

Once the disaster is over, you’ll want to resume operations in your normal production environment. Executing fallback processes can be as complex as the disaster recovery procedure itself, so document the process to the same level of detail.

Once your disaster recovery plan is complete, schedule a test to validate that it works. Then update the plan with any corrections, clarifications, or critical information that was missed the first time around. Because your infrastructure changes continually, your plan should be a living document. When you place new resources into production, you should also update your plan to include them. The entire plan should be periodically reviewed and tested, at least annually, to make sure there are no omissions and that it works with your current infrastructure.

CCS Technology Group provides comprehensive disaster recovery services. Contact us to find out how you can make your plan more effective.

Did you know three out of four small businesses have no disaster recovery plan at all? Learn more in Why a Business Continuity Plan is Essential.

Additional Disaster Recovery Resources

7 Common Mistakes That Place Your Data in Danger

Backups Are Not A Disaster Recovery Solution

The Differences Between Backups, Disaster Recovery, and Archiving Matter

Don’t Click That Link! Protect Your Business Against Phishing Emails

The weak point in your information security strategy is your people. There’ll always be somebody who falls for a phishing email and clicks on a dangerous link. It’s important to take steps to block dangerous emails.

Phishing Techniques

All online phishing techniques send emails or texts that try to trick employees into allowing malware into your organization or to expose sensitive data. There may be a link to a malicious website masquerading as a legitimate site that prompts employees for login credentials. There may be an attachment that contains malware, including ransomware, that executes when the file is opened. Or the email can impersonate a legitimate contact and request information such as account numbers.

Spear phishing is a targeted form of phishing. Rather than a generic email, these messages are targeted to specific employees and carefully crafted to be believable. CEO fraud uses an email that pretends to be from a senior executive and requests employees to make a financial transaction, such as transferring funds to the attacker’s account.

Learn more in Phishing 101: What it is, how it works and how to avoid it.

Protecting Against Phishing

Guarding against phishing requires both technology that attempts to block the phishing messages and dangerous websites, plus training that teaches employees to recognize them.

Technical Solutions

Antivirus software and spam filters can keep out malware, and web filtering can prevent users from connecting to known dangerous sites. All systems should be kept up to date with security patches. Data loss prevention software can help prevent data from being removed by unauthorized users. Use multifactor authentication to block hackers who’ve gained passwords.

Training Solutions

Perhaps the most important thing to know about training employees is that you need to train all your employees, including senior executives. Senior executives are frequently targets of phishing because their passwords grant access to sensitive systems.  Remind employees not to click on attachments from unknown senders, to double-check all URLs before clicking on them, and not to share their passwords via email.

Training isn’t a one-time process, either. New employees need to be trained, not just current employees. All employees need a periodic refresher. You can also consider periodically creating your own phishing email to test employees and identify personnel who need additional training.

Learn more in Different Kinds of Malware Need Different Kinds of Defenses

With more than 3 billion malicious emails sent daily, there’s a strong chance they’re landing in your employees’ inboxes frequently. Even the best employee can have a moment of carelessness or inattention that leads to a dangerous click, but proper employee training in conjunction with other information security measures can help minimize the risks and the consequences. CCS Technology Group provides security services that educate your employees and guard your systems from threats. Contact us to learn more about protecting yourself from phishing and other cyberattacks.

Additional Cybersecurity Resources

Closing the Most Common Cybersecurity Holes

Spoofing: What it is and how to avoid it

Why a Business Continuity Plan is Essential

Different Kinds of Malware Need Different Kinds of Defenses

One of the reasons information security is so difficult is that there are so many different threats you need to defend against. Malware can take many different routes to get into your systems, and once there, it can do many different things. Keeping your data safe requires protecting against all of those different potential paths and actions.

Malware Can Take Different Routes Into Your Systems

As computers get more and more connected and more of our work and personal lives move online, there are more and more ways for malware to penetrate your defenses. The potential vectors include:

  • viruses. A virus attaches itself to legitimate files so it executes along with the underlying file.
  • worms. Small and self-replicating, worms spread without any user action.
  • trojan. Like the Trojan horse, this malware dresses up as legitimate software to hide its dangerous instructions.
  • malvertising. Online ads aren’t just annoying; they can include malware. In some cases the malware can execute automatically.

Malware Can Do Different Things

Once malware gets into your systems, it allows the hackers to use your systems and steal your data. Malware has the capability to:

  • steal data. Malware can steal data in different ways. One type of malware does this by keystroke logging; by capturing users’ data entry, hackers can learn passwords, account numbers, and other sensitive information. Other types of sophisticated malware can target specific files.
  • hold data hostage. Sometimes hackers don’t want your data, but they know you need your data. Ransomware encrypts your data files so you can’t read them and requires you to pay a ransom (usually in bitcoin or other cryptocurrency) to regain access. This malware can completely shut down your operations until you pay or restore data from clean backups.
  • redirect your browser. Some malware, called adware, displays unwanted advertising. This malware can sometimes take over browsers and redirect them to pages with ads rather than the requested site.
  • turn your PC into a bot or cryptominer. Malware can take over your PC and force it to perform other operations, including participating in a DDoS attack, emailing spam, or cryptomining. This malware doesn’t harm your device or data directly, but can result in poor performance.

Protecting against all these types of malware requires a comprehensive information security strategy. Tools such as firewalls and antivirus software can help keep dangerous software out of your systems. Training users is key to recognizing phishing emails and other malware that makes it through the automated systems. CCS Technology Group helps businesses develop and deploy complete cybersecurity solutions to protect vital company data. Contact us to learn more about the different threats your data faces and how you can defend against them.

Additional Cybersecurity Resources

7 Common Mistakes That Place Your Data in Danger

Phishing 101: What it is, how it works and how to avoid it

Spoofing: What it is and how to avoid it

Don’t Lose Your Files to Ransomware

Think about that panicky feeling you get when you lose one file. Now scale that feeling up and imagine the panic after losing all your files. That’s how you’ll feel if a ransomware attack makes it impossible for you to access any of your data.

Ransomware is a kind of malware that holds your data hostage. When you’re attacked by malware, it encrypts all your data. Since you don’t have the key, you aren’t able to read it. Typically you’re asked to make a payment in cryptocurrency in exchange for the key. If you don’t pay up by the deadline, the key is discarded and your data is lost for good.

Ransomware can be difficult and time-consuming to recover from; one town had to rely on typewriters when their computers were down after an incident. If you don’t have typewriters tucked away in a closet, here are some options to help prevent and respond to ransomware incidents.

Prevent Ransomware Attacks

It’s impossible to completely protect yourself from a ransomware attack; like any other malware, they spread through phishing and social engineering methods that trick your employees into opening dangerous attachments. Training employees is important but not foolproof.

Keeping up with your operating system patches is an important measure, as it reduces the number of vulnerabilities for hackers to exploit. You should also use antivirus software and whitelisting software to block malware and prevent unapproved applications from executing.

Ensure you have a reliable backup and disaster recovery process. This won’t prevent you from becoming a ransomware victim but will reduce the panic if you do.

Recover from a Ransomware Attack

The first thing to know about recovering from a ransomware attack is that you should never ever pay the ransom! For one thing, there’s no guarantee that you’ll receive the decryption key. Plus, once you pay ransom, you’ve shown that you’ll pay ransom, and you make yourself a target for additional ransomware attacks with bigger and bigger ransom demands.

Identify the ransomware that attacked you and see whether there’s a decryptor. This will let you recover your locked files without paying the ransom.

If there isn’t a decryptor (and it’s really not that likely you’ll find one for the exact version of the attack that victimized you), you’ll need to do a scan to remove the malware from your system and then restore files from a clean backup. Unfortunately you’ll lose any new files or modifications made between the time the backup was created and the time you were encrypted—good motivation for doing backups at least nightly. You’ll need to make sure the backup isn’t infected with the malware as well, as some ransomware can attack shared drives.

Then protect yourself from future attacks by hardening your cybersecurity strategy and making sure your backups aren’t vulnerable, perhaps by storing them in the cloud. CCS Technology Group information security services help you develop and implement an approach that protects you against ransomware and the many other common malware threats that target your systems. Contact us to learn more.