Two-Factor Authentication Has Vulnerabilities as Well as Benefits

/in , /by

Achieving information security is a never-ending challenge as bad actors find ways to get around every new protective layer. Like all other information security technologies, two-factor authentication can be bested by a determined intruder.

Two-Factor Authentication Means Users Need More Than a Password

The idea behind two-factor authentication (2FA) is that passwords by themselves are relatively weak security. Instead of users needing just a password, they need to prove their identity in two different ways. These ways include:

  • Something you know, like a password.
  • Something you have, like a cellphone that can receive a single-use token.
  • Something you are, like your fingerprints or retinal scan.

It’s important to note that a password plus security questions is not an implementation of 2FA; the security questions and the password are both “something you know.” In effect, the security questions are simply secondary passwords.

Two-Factor Authentication Is Vulnerable to Attacks

Although 2FA adds an extra layer to security, that doesn’t make it invulnerable. There are several approaches a hacker can use to get past it:

  • SIM hacking. In this approach, the bad actor effectively takes over the phone number of the mobile device used as part of the 2FA. This enables them to receive the single-use tokens and login.
  • Phishing. Phishing can direct users to malicious sites where single-use passwords are captured. A hacker watching the site in real-time can use the token to access the targeted site before the token expires.

Making Two-Factor Authentication Effective

These vulnerabilities don’t mean that you shouldn’t use 2FA to increase the security of your systems, but it does mean you need to be smart about how you implement it.

In particular, there’s an implementation of 2FA that is not vulnerable to SIM hacking or phishing. Instead of a user providing a token that was sent to them, this implementation requires a hardware key to be plugged into the user’s device. Because of the extra cost and potential inconvenience, this may be most appropriate when you have highly sensitive data to protect. It’s also important to note that at least one version of a hardware key was itself found to be improperly implemented and vulnerable to attacks.

Two-factor authentication should also be integrated into an effective overall information security strategy. Employees need to be trained to detect and avoid phishing emails. Your infrastructure should include firewalls, blacklists, filters, and other controls that help protect employees and their credentials from dangerous sites.

CCS Technology Group provides comprehensive information security services that protect your valuable data. Contact us to learn how to use 2FA as part of an effective information security solution.

Additional Information Security Resources

Everyone Is a Participant in Information Security

Discover the Dangers of the Dark Web

Different Kinds of Malware Need Different Kinds of Defenses

Is the Dark Web All Bad?

/in , /by

Dark Web: (noun) – Part of the world wide web that is only accessible by utilizing special software, allowing users and websites to remain anonymous or untraceable. It exists on an encrypted network that uses masked IP addresses to maintain anonymity for users and site owners. This way, people who use the Dark Web for illegal purposes can’t be traced.

As you can see by the above definitions, the Dark Web can be a shady place where illegal transactions take place. Things like drugs, guns, counterfeit money, and credit card numbers can all be found, bought, and sold.

Chances are that if your business has been hacked, some or all of the stolen information is for sale on the Dark Web. This is why small to medium business owners need to make sure their security software is regularly updated against new and stronger threats.

But is the Dark Web only used for bad things? Surprisingly—no. It is estimated that only about a third of the people who visit the Dark Web do so for illegal activities.

Before we go any further, I’d like to bring up a little more info on the Dark Web and some of its misconceptions. Did you know that the internet you use every day is actually just the Surface Web? Also called the Common Web, Visible Web, or the Indexed Web, it is just the portion of the web that the general public has access to. We assume that it is the majority of the internet because we’ve labeled it the world wide web, right? Well, the Surface Web is only about one-third of the entire internet. Everything we have access to is, in reality, just the tip of the iceberg.

Underneath the Surface Web is the Deep Web. Also called the Invisible Web or Hidden Web. It is a portion of the world wide web whose contents are not indexed by standard search engines. 99% of the information on the Deep Web cannot be found through search engines like Google or Bing.

But are there positive aspects to the Deep Web and Dark Web?

The U.S. government uses both the Deep and Dark Webs to keep open channels to countries that are ruled by oppressive dictators, in case citizens of those countries want to send out news stories or ask for help. Media outlets, like the New York Times, host portals that allow people and whistle-blowers to send in news tips, anonymously.

That anonymity helps give people who are in bad situations or have no one in their lives to talk to, a means of expression and channels of help. There are groups for survivors of abuse that allow victims to name their abusers and also to get support from other survivors. There are groups for people with every type of addiction, anything from food, drugs, to gambling. Some countries punish their citizens arbitrarily, for such reasons as sexuality or religion. The Dark Web offers opportunities for people to create communities where they can share stories and tips or plan to meet in person.

You can even join a chess club and play with people from all over the world. There are chat rooms, dating sites, and gaming forums where you can talk about anything, anytime, without the fear of being monitored. People can freely share their feelings, express their challenges and even find help from these groups.

Freedom of expression is alive and well in the crevices of the Dark Web. If you’re an artist, you can share your passion with people who truly enjoy creativity and self-expression. The same goes for writers, poets, and musicians. There’s even a site where origami lovers post their beautifully folded ornate creations, and some of them are so intricate it’s hard to believe they started as a flat piece of paper.

You’re probably thinking, “With all the negative and scary stuff on the Dark Web, I’ll never even try to access it.” You want to stay safe and keep away from it, right? Well, sorry to tell you, but some of your daily excursions on the internet already access part of the Deep Web, and even the Dark Web, because of the anonymity they provide.

For example, your company’s intranet is on the Deep Web so search engines cannot see it. There are sites you may have joined that exist behind pay-walls or require special registration. Many databases and webmail pages are also tucked away below the Surface Net, so your personal information is not exposed.

If you belong to a Facebook group—guess what? Yes, that group is on the Deep Web. Otherwise, anyone can search for that page, read the posts, and request to join. If you use online banking, that information is also on the Deep Web. Sites that host medical information and legal documents are hidden there as well. As you can see, there is a need for the Deep and Dark Webs because of the security they offer.

If you choose to go to the dark side of the web, be careful. You just might find something beautiful, or you could accidentally stumble upon the worst aspects of human nature. Like everything else the world has to offer; when you’re exploring, be safe.

Get a Dark Web Scan to Identify Your Vulnerabilities

What you don’t know will hurt you. A Dark Web Scan can uncover if your data is for sale, and tell you if your personal or business data may be at risk.

Additional Dark Web Resources

Discover the Dangers of the Dark Web

What is the Dark Web and Why Should We Care?

Passwords – Outdated and Dangerous, But Necessary?

Passwords – Outdated and Dangerous, But Necessary?

/in , /by

Here’s a quick test – what do these seemingly random alphanumerical groupings have in common?

  1. 123456
  2. password
  3. 123456789
  4. 12345678
  5. 12345
  6. 111111
  7. 1234567
  8. sunshine
  9. qwerty
  10. iloveyou

That is a list of the top ten passwords used in 2018. Recognize any of these? If you don’t, you’re not necessarily in the clear, but your chance of becoming compromised or hacked is far less than someone who uses one of these passwords. If you do recognize these, you’re certainly testing your luck.

These days, creating and remembering passwords has become increasingly more challenging. If we had only one device that required a password, we could probably manage it quite easily. But with every device we use, most programs we need to do our jobs, and sites that require you to change your password every few months, it is estimated that the average person must memorize up to 191 different passwords. No wonder we often choose to take shortcuts!

The problem is over 80% of hacks are due to compromised credentials, otherwise known as stolen username and password information that are often traded on the Dark Web. In fact, in one month alone in 2018, Microsoft blocked 1.3 million attempts to steal password data, which would have led to dangerous phishing attacks, and other hacking attempts.

These harrowing statistics are why you hear the recommendations:

  • Never use the same password twice (IT Managers report 73% of all passwords used are duplicated in multiple applications, opening up multiple avenues for attack)
  • Never write down your passwords
  • Never share your passwords with anyone else
  • Never use real words or known information about yourself in your passwords
  • Avoid commonly used passwords (50% of all attacks involved the top 25 most used passwords)

Pay attention to that last stat: 50% of all attacks involved the top 25 most used passwords. See what we meant when we said if you recognized anything on that list you’re testing your luck?

Following all these rules and regulations, you’ll end up with passwords that are about 16-characters long, impossible to memorize, and, unfortunately, are still completely hackable (much more difficult, of course, but where there is a will, there is a way). So, what do we do now?

Password Manager

The first shortcut is a password manager. You can store all your passwords in one place. This makes remembering all your passwords much easier, but there you’re not out of the woods yet. The password manager is also protected by a password. If you’re utilizing a software like this, make sure that this password is especially complex, so that hackers aren’t even tempted, especially in the case of a brute force attack. If possible, turn on multi-factor authentication, especially on your password manager.

Multi-factor authentication

Many sites utilize multi-factor authentication. This extra layer of protection connects to your phone, email, or other authentication source, rather than relying solely on a password. We recommend enabling multi-factor authentication wherever possible. The only caveat here is make sure your secondary authentication source is equally secured with a strong password. No sense in double protecting yourself with a wide-open source.

Random Password Generators

These sites come up with secure passwords for you, but are typically a random jumble of letters, number, and symbols that are darn near impossible to memorize. If you’ve got a strong memory, this might be a good starting point, but if you’re like most of us, this may be more challenging than it’s worth.

How to craft the best password

Use a “Password Phrase” in place of random letters, numbers and symbols. Create something that’s easy for you to remember, but has no meaning to anyone else. For example I<3Fh@ck3rs43v3r!. Breaking this down, you get:

  • I –                  I
  • <3 –               Love
  • F –                 fooling
  • h@ck3rs –   hackers
  • 43v3r –         forever

This would be easy for you to remember because you understand the phrase, but difficult for a hacker to decipher because it’s not made up of real words. There’s no time like the present to get started and change your easy-to-hack passwords to something safer, because it’s always better to be safe than sorry.

Work at creating passwords that will be difficult to hack. Make sure to change them regularly. Never write them down, (especially on a Post-it Note stuck to your computer!). But most of all, make passwords an important part of your life. Don’t consider them a nuisance or a thorn in your side. Make a game out of creating passwords. Challenge yourself to be more creative each time you create one. Beat the hackers at their own game by making your password too time intensive to try and crack, and you’ll reduce your chance of your information showing up on the Dark Web.

Worried about your information already being available due to past weak password use?

If someone breaks into your home, you can usually document what’s missing so the police can track it down. This isn’t as easy with data. A dark web scan can reveal what information may have been exposed to help you take actions to correct course. Register for a dark web scanand we’ll run a scan that reveals your vulnerabilities.

Everyone Is a Participant in Information Security

/in , /by

The information security team may have security in their name, but that doesn’t mean they own it. Security requires the active participation of everyone in the company, from management to facilities staff, in order to prevent and respond to incidents.

Preventing Security Incidents

Everybody has a role in preventing a security incident:

Management: Management sets the standard of behavior for everyone else in the business. If managers are seen treating security casually, no one else will take it seriously, either. This means managers, including senior executives, need to participate in the security training that’s mandated for everyone else; they need to demonstrate safe computing practices, like not writing down passwords and sharing them with their admins; and treating compliance audits as beneficial, rather than a necessary evil.

Finance: The financial team needs to understand the value of spending on security and authorize the appropriate expenses. In addition, the financial team needs to understand the sensitivity of the data they work with and take steps to avoid falling for targeted spearphishing attacks that seek to steal account numbers or trigger funds transfers inappropriately.

Human resources: The HR team, through its training programs, is responsible for ensuring everyone receives the necessary information security training. In addition, the HR team has the responsibility for ensuring the hiring process employees appropriate background checks and handling disgruntled employees to minimize insider risks.

Facilities: Physical security of your premises is an important component of information security.

Information security: Of course, the information security team has a major role in preventing breaches through developing security strategies and implementing tools to protect valuable corporate data.

Everyone else: All employees are responsible for using safe computing practices, including creating strong passwords and not sharing them. Employees are responsible for paying attention to the mandated information security training and taking those lessons back to their workspaces.

Responding to Security Incidents

If you unfortunately experience a security breach, you need a solid incident response plan. Multiple teams will have roles in the response, including:

Management: Management is responsible for ensuring that the incident response plan is executed, as well as overseeing related activities.

Marketing and communications: One of the biggest challenges in responding to a breach is communicating the event and how you are responding to it. In addition, your teams may need to ramp up marketing to mitigate reputation damage and minimize lost business.

Legal and compliance: A data breach isn’t just an internal matter; depending on your industry and location, you may have to satisfy legal and regulatory mandates regarding notifications, compensation, and other breach-related events. Your legal and compliance teams will make sure you follow the letter of the law on these actions.

Information security: Your technology team needs to complete several different activities. First, they need to identify the impact of the breach and determine the extent of the data loss. Second, they need to discover the root cause that allowed the breach to occur, and implement a strategy to prevent that type of attack from recurring. In addition, they should conduct a thorough review to identify other vulnerabilities and take steps to reduce the risk you’ll be victimized through a different form of attack.

Learn more about creating a disaster recovery plan.

Contact CCS Technology to start developing a comprehensive information security strategy, or browse the additional resources below for more information on getting started.

Additional Information Security Resources

Create An Information Security Culture to Protect Your Data

Don’t Overlook These Information Security Basics

7 Common Mistakes That Place Your Data in Danger

Take These Steps to Avoid Expensive Ransomware Recovery Costs

/in , /by

Recovering from ransomware has cost affected entities millions of dollars—Baltimore spent more than $18 million to bring systems back to their normal state. To avoid budget-crushing costs, it’s imperative to defend against attacks and have a plan for responding to incidents.

Understand the Scope of the Needed Defenses

There isn’t a single measure you can take that will be effective against all ransomware, any more than there’s a single measure that will block all other kinds of malware. Defending against ransomware begins by understanding that defenses need to be widespread. Do a review of your data to identify the most vulnerable and most valuable so you can focus your efforts where you’ll gain the most benefit. Similarly, conduct a review of your network architecture to ensure the most important applications are isolated from the wider network.

Get Your Backups Ready

You can prevent some files from being corrupted by ransomware by setting filesystem permissions, but restoring from backups is often the only way possible to recover from a ransomware attack. It’s crucial that you ensure your backup procedures work. Make sure your backup scripts cover all critical systems, and run a test to ensure you know how to correctly restore a server. Keep a copy of the backup that isn’t connected to networked devices in order to prevent ransomware from accessing the storage.

Learn more in Don’t Lose Your Files to Ransomware.

Block Dangerous Software from the Network

If you can keep ransomware out of your network, you’ll never have to attempt to restore from backup. If you’re behind on installing patches, catch up now, and put a process in place to keep you up to date. Ensure firewalls, blacklists, and mail server filters prevent potentially risky files from reaching end users.

Protect User Devices

Take steps to prevent ransomware from spreading and limit the number of affected files if it reaches user devices. Turn off file sharing and disable Windows PowerShell and Windows Script Host. In Microsoft Office, disable macros. Ensure antivirus software is installed and do scheduled full scans. Don’t allow applications to run from App Data folders.

Train Users

Your users are your final backstop against attacks on your network. Train them on good computing practices in general, including recognizing and avoiding phishing attacks. Make sure users know who to contact in case of any suspicious email contacts. Users should know how to disconnect their device from the network and be taught to do so in case of a suspected ransomware incident. Learn more about creating an information security culture.

Ransomware is just one of the many cybersecurity threats businesses need to defend against. It’s important to develop a comprehensive, multilayered security strategy that offers comprehensive protection. Contact CCS Technology Group to learn about how our security services offer protection against ransomware and other information security threats.

If you’re serious about protecting your company – and you should be – there’s a two-pronged approach that will stop most ransomware dead in its tracks. You need solid employee education, and you need the right technical tools.
To find out how, download our guide: Ransomware 101 Guide.

Additional Information Security Resources

Discover the Dangers of the Dark Web

The Key Features to Look for In Your Firewall

6 Ways to Keep Your Cloud Secure

Discover the Dangers of the Dark Web

/in , /by

It’s too late for a Halloween story, but year-round, it’s the things in the dark that scare us. This is true in the online world as much as the real world.

The Dark Web Defined

The web lets us instantaneously access information and resources all around the world by typing a URL into a browser, but there’s a part of the web that’s not easily accessible. URLs that aren’t known to the search engines are called the deep web, and much of that is innocuous, such as pages under development that aren’t yet released to the public. A small corner of the deep web is the more dangerous dark web, where anonymity is preserved and criminality thrives.

The dark web is a vibrant marketplace, filled with stolen data (account numbers, social security numbers, passwords, and other personal information) and tools for hacking. When a data breach occurs, it’s often made possible by malware sold on the dark web, and the stolen data often ends up for sale there, as well. For all the value this data has to its owners, there’s so much of it that it’s cheap for criminals to buy: according to Experian, social security numbers sell for just one dollar.

Dark Web Dangers for Business

As both the source of hacking tools and the destination for stolen data, the dark web is a threat to data security. The dark web is also an inspirational source for criminals. There are those hacking kits that are available, plus guides on how to deploy malware and ransomware, and how to open fraudulent accounts. Wannabe criminals who don’t have their own technical skills can rent a botnet to execute a DDoS attack or buy admin credentials to gain access to a company’s systems.

It can be used in other ways to harm businesses, too. There are sites that aggregate personal information—not just your accounts but also your social media—that can be used to threaten executives.

Learn more in What is the Dark Web and Why Should We Care?

Shine Light into the Dark Web

For businesses to protect themselves against the dark web’s dangers, the first step is to know when the dark web is brushing up against them. Monitoring tools allow companies to detect if any data stolen during a breach has been made available on dark web sites. You can make sure the data is yours through watermarking or fingerprinting.

In addition to monitoring for data from your business, you should also monitor the dark web for references to your business, including names of employees. Monitor for references to specific software and hardware you use, as that chatter can reveal vulnerabilities and potential attacks.

Beyond monitoring, make sure you have a strong cybersecurity process in place. Ensure patches are applied quickly, firewall rules are correct, and consider intrusion detection and data loss prevention software to help prevent theft of data. Make sure your employees are trained to detect phishing emails and to use safe computing practices such as strong passwords.

CCS Technology Group provides security services to help businesses against the dangers of the dark web. Get a dark web scan to learn how to stay safe at Halloween and year round. What you don’t know will hurt you. A Dark Web Scan can uncover if your data is for sale, and tell you if your personal or business data may be at risk.

Additional Cybersecurity Resources

Create An Information Security Culture to Protect Your Data

6 Ways to Keep Your Cloud Secure

The cybersecurity employee training checklist

What is the Dark Web and Why Should We Care?

/in , /by

You’re happily humming along on the internet, thinking you’ve got a pretty good understanding. You can navigate your way around Google, Facebook, Amazon, and news sites. You’re actually only visiting four percent of the internet. There’s a whole world hiding beyond these safe surface-level sites, known as the Dark Web and it’s a much less hospitable place.

What exactly is the Dark Web?

The Dark Web is a conglomeration of websites that cannot be found on search engines or accessed via traditional web browsers because their location and identity is hidden through encryption tools such as TOR. TOR was originally created to protect military communication but now has a much broader utilization for both Dark Web purposes and highly secure communication. You typically have to access Dark Web sites utilizing TOR.

People create sites on the Dark Web in order to hide where they’re operating from, as well as to remain anonymous (TOR hides all IP information, identifying information, as well as data transfers). Over half of the sites on the Dark Web are used for criminal activities.

Why Do People Use the Dark Web?

One of the most prevalent uses of the Dark Web is buying and selling illegal goods, such as recreational drugs, weapons, fake identities, and organs. The proliferation of cryptocurrencies—like Bitcoin—has facilitated these sales. People living within totalitarian societies that restrict communication also take to the Dark Web to share their thoughts freely.

The most dangerous use of the Dark Web for businesses is the exchange of credentials (usernames and passwords) and identities. An individual’s stolen credentials can typically be sold on the Dark Web for as low as $1. Hackers utilize these purchased credentials to:

  • Gain access to important financial information and steal identities (access to a Bank of America account holding $50,000 can be purchased for $500)
  • Access accounts for further phishing attacks
  • Threaten people with exposure of sensitive information (Remember the Ashley Madison hack from a few years back? Those credentials were dumped onto the Dark Web and hackers leveraged them to expose users).
  • Compromise other accounts using the same passwords and perpetuate the sale of personal Information

What can you do about it?

The average citizen will never have a reason to access the Dark Web, but their credentials could easily be floating around, endangering their offline livelihoods. Once your credentials are released on the Dark Web, there is precious little you can do to have them removed. However, you should, at the very least, know when you’ve been compromised so that you can immediately act, like changing your passwords and activating two-factor authentication.

We recommend utilizing a full Dark Web monitoring service that alerts you if credentials appear on the Dark Web. These services constantly scan the Dark Web for your information and alert you whenever something suspicious appears. These alerts don’t necessarily mean a breach has occurred, but they are very good heads up that something bad may be coming. You can then create a plan of attack before any damage is done. Granted, there will be your fair share of false positives, but we firmly believe in operating in the better safe than sorry camp.

How should you get started with Dark Web monitoring?

Our team can run a preliminary scan of your domain revealing the likely breaches in the last 36 months. We’ll then review that report with you and come up with a plan of action to alleviate any major dangers. Click here to request a free dark web scan.

Or learn more in our other article Discover the Dangers of the Dark Web.

Additional Dark Web Resourcs:

What is the Dark Web & How to Access it

Battling the dark WEB

What is the dark web? How to access it and what you’ll find

Dark web data monitoring: 6 questions to ask

Create An Information Security Culture to Protect Your Data

/in , /by

Who do you rely on to keep your data safe? If your answer is your information security team, you’re only half right. Because everyone can cause a security incident (and insiders, either accidentally or deliberately, are the biggest cause of data breaches), information security is everybody’s job. Making everyone realize that requires deliberately creating a culture of information security.

Obstacles to a Security Culture

There are two main obstacles to creating a security culture: your management and your employees.

Management often gives lip-service to the need for information security, but doesn’t practice what they preach. Executives are likely targets for phishing attacks, but they’re often exempt from security awareness training. Many still share passwords and rely on administrative staff to generate reports and access online systems for them.

Employees see management not practicing safe computing, and reasonably conclude it isn’t really a top priority. The security training they receive is often boring or superficial. Their direct managers often emphasize getting the work done, even if it means taking security shortcuts.

Both managers and employees usually understand information security to mean technology that prevents data breaches. Building a security culture means changing that understanding; if you define information security as being about reducing risk rather than preventing a breach, it is easier to see how it’s everyone’s responsibility.

Learn more in Don’t Let These Obstacles Get in the Way of Your IT Security.

Talking About Information Security Is Key

Although much security training is ignored by employees, having conversations about security is key to changing awareness and attitudes. Look into new ways to make training for interesting and more impactful; the “gamification” of training rewards employees for the effort they put into it.

It’s also important to not only teach employees about strong passwords, but explain why they matter: what are the risks and consequences when poor security practices enable a breach. It also requires having a clear process by which employees can report suspected phishing attempts or other security incidents.

In addition, provide tools and processes that help employees use safe computing practices—but use them wisely; restrictions in places where they don’t really make sense will lead to employees searching for workarounds. Have a strong password policy, and give employees access to a password manager so they don’t write them down. Make sure you have an efficient process to grant employees access credentials so they don’t need to share them.

Learn more in The cybersecurity employee training checklist.

Security Isn’t One and Done

The most important way to make security a part of your culture is to make it clear that it’s an ongoing process—employees haven’t fulfilled their security responsibility simply by attending a once-per-year presentation. Have fun quizzes and security tests throughout the year, with rewards for employees who do well or who report potential incidents.

Make your security culture even more effective by deploying security tools that support safe computing practices and reduce the number of threats that get near your employees. CCS Technology Group provides security services that help employees keep your data safe. Contact us to learn more.

Additional Cybersecurity Resources

The Key Features to Look for In Your Firewall

6 Ways to Keep Your Cloud Secure

Closing the Most Common Cybersecurity Holes

Don’t Let These Obstacles Get in the Way of Your IT Security

/in , , /by

Information security should be a top priority for any business. You don’t make any money by having good information security practices, but you can lose a lot of money if you don’t: this year, the average cost per record of a data breach was $150, according to the Ponemon Institute. Multiply that number by the size of your database and you can see how the costs quickly mount up.

So if a lack of information security can be so costly, why are there so many data breaches? One reason is that it’s impossible for any defense to be 100 percent effective; there’s always the risk that one malware author will get lucky and break through. But more often, it’s because although companies know information security is important, it isn’t really a priority. There are too many obstacles that get in the way of implementing effective security:

  • Manual processes. When processes like patch updates and vulnerability scans need to be performed manually, it’s easy to make errors or neglect to apply them to some systems.
  • Complex infrastructure. Except for a brand-new startup, every business has a jumble of technology. Different hardware, different operating systems, different operating system versions, multiple software products, and cloud systems make it difficult to develop a comprehensive approach to security that can cost-effectively protect all resources.
  • Lack of budget. In most businesses, IT is a cost center, and that means limited budget that needs to be allocated between projects that help the business grow and projects that add security to protect the business.
  • Employees don’t use safe computing practices. How many computers do you walk past with passwords written down on sticky notes? Information security is everybody’s responsibility, but many companies don’t do a good job educating their non-IT employees about safe computing, including strong passwords and recognizing phishing attacks.
  • Overworked, under-trained IT staff. IT staff is often overwhelmed and spends most of its time fighting fires and putting out today’s problems. Getting training on the latest security threats and their defenses isn’t top priority and isn’t always in the budget.
  • Changing threats. The scope and source of security threats is constantly changing. It’s not just about dealing with new variants of existing malware. There are new kinds of malware, such as ransomware, which has been devastatingly effective in numerous instances. There are also new attack vectors, including mobile devices, the internet of things, and the cloud.
  • Lack of business support. Business management is focused on the business, not IT. They sometimes see information security measures, such as preparing and testing an incident response plan, as a distraction.

Security services from CCS Technology Group can help you overcome these challenges. Our proactive approach closes holes that make you vulnerable to current attacks and implements layered security and defense in depth strategies that help guard against future attacks. Contact us to learn more about how CCS Technology Group can help you protect your business.

Additional IT Security Resources

Closing the Most Common Cybersecurity Holes

The Key Features to Look for In Your Firewall

Phishing 101: What it is, how it works and how to avoid it

The Key Features to Look for In Your Firewall

/in , /by

Keeping your front door locked is the first step in keeping intruders out of your home. Keeping your network’s front door locked is the first step in keeping intruders out of your systems. A firewall provides that first line of defense for your business; here’s what to look for.

Technical Features

It used to be relatively simple for firewalls to offer protection. They blocked or allowed access based on rules regarding ports, protocols, applications, and IP addresses. It could be administratively challenging to keep track of the reasons behind the rules, making maintenance difficult, but the overall idea was straightforward.

Today the protection offered by firewalls needs to be much more technically robust and flexible. Threats come in so many varieties and are created and modified so frequently that limits based on lists of ports don’t offer enough protection. Instead, firewalls must:

  • protect applications regardless of port. Applications today aren’t always run on standard ports, so application-based controls need to be able to identify applications no matter which port they’re using.
  • control applications at the feature level. The firewall also should offer fine-grained controls to ensure application usage conforms to corporate policies. Many online services offer multiple functions, only some of which may be allowed.
  • identify users appropriately. IP addresses aren’t enough to determine who’s accessing your network. Where possible, user-based policies ensure access is limited appropriately no matter where a user connects from. Remote users need the same access and same limitations as on site users.
  • inspect encrypted traffic. It’s ironic that encryption keeps traffic safe as it travels over external networks but hinders safety once the data reaches your network. SSL inspection is critical to protecting you from dangerous traffic, but needs to be performed rapidly with minimal performance impact on end-users.
  • cope with the unknown. It isn’t enough to scan the traffic you expect; your firewall needs to be able to inspect and manage the traffic you know nothing about, including unknown applications and atypical ports. Blocking unknown traffic may prevent users from accessing needed services, but allowing unknown traffic presents a high risk to your systems.
  • minimal performance impact. We mentioned above that SSL inspection can potentially cause performance issues users notice; that’s not the only possible performance impact. Since all your network traffic goes through your firewall, even if all your firewall did was automatically say yes to everything, it would be a potential bottleneck due to volumes. Firewalls need the appropriate amount of ports, CPU capacity, and network in order to do their job without keeping other systems from doing their own jobs effectively.

Operations Features

Firewalls require oversight, but a solution with an easy to use dashboard and minimal routine administrative work eases the impact on your team. It’s also important that your firewall logs capture detailed information that can flow into analytics programs to identify possible attacks on your network.

Pricing

Finally, the cost of your firewall needs to fit your budget, but balance that investment against the potential costs of doing nothing. The estimated cost of a data breach is $150 per record stolen, according to the latest Ponemon report. With malicious attacks the main cause of breaches, the value of a firewall is obvious.

CCS Technology Group offers security services that guard your sensitive data with firewalls and other protective technology. Contact us to learn more about implementing an effective cybersecurity strategy.

Additional Security Resources

7 Common Mistakes That Place Your Data in Danger

Different Kinds of Malware Need Different Kinds of Defenses

6 Ways to Keep Your Cloud Secure