LeeShanok IT News

Hackers Mailing Bad USB Drives

Register

The new year is just around the corner! As the calendar turns, it’s a great time to reflect on what you want from the year ahead. Here are our top five IT resolutions for 2022.

Top 5 IT New Year’s Resolutions

1. Set your IT roadmap – What goals do you have for your technology next year? What will no longer be supported in 2022? What kind of support will you need? A clear destination makes the journey much easier.
2. Schedule annual cybersecurity training for everyone at your company. Cybercrime is expected to increase again in 2022. Education is the best defense, make sure everyone is well trained. Our next cybersecurity training is Thursday Jan. 13th. Register Here.
3. Get adequate cyber insurance – With the increasing risk, cyber insurance is growing more and more important. Make sure you have an appropriate policy. Riders on your general liability policy may no longer be enough.
4. Invest in collaboration – The shift to hybrid and fully remote work is expected to continue in 2022. Make sure you’re getting the most from your collaboration tools so your teams don’t become isolated.
5. Thoroughly assess your cloud strategy – Businesses are expected to continue migrating more functions to the cloud. This opens to the door to higher efficiency and lower costs but getting the migration right can be difficult. Each vendor, their reliability, security, and functionality all must be carefully considered.

As always, LeeShanok is happy to help! Let us know how we can help you stick to these resolutions, or any others you’re making for 2022.

LeeShanok Network Solutions is Turning 25!
On January 1st, LeeShanok will officially turn 25! We’re excited we can finally rent a car, but we’re even more excited to continue helping you manage your technology.

Our success is thanks to you, our clients. Since 1997, you have challenged us to grow and adapt. The technology landscape is entirely different today than it was back then but supporting happy clients has kept us motivated to keep learning and keep getting better.

From the entire LeeShanok team, our sincerest THANK YOU! We have a lot of exciting things planned to celebrate, stay tuned!

Your Technology Partner,

The LeeShanok Team

Phoenix:  602-277-5757         Tucson:   520-888-9122         ITNews@leeshanok.com

Last week, a significant cybersecurity vulnerability was identified dubbed Log4j or Log4Shell. The vulnerability allows hackers to remotely control a victim’s computer/server by running malicious code using an exploit in the Log4j library. The exploit is easy to execute and very widespread because the Log4j library is used in many software packages and online systems.

Because of the ease of attack, its widespread nature, and the potential damage, this is considered riskier than 99.61% of all cybersecurity vulnerabilities

What Hackers Are Doing Currently, hackers are primarily scanning for vulnerable devices and taking control of them to mine for cryptocurrency. However, it is possible for them to take much more malicious actions using this exploit.

What LeeShanok is Doing We have seen scans and remote control attempts on several of our clients’ servers. Thankfully, next generation firewalls have successfully blocked these attempts at gaining control. If you are not sure if you have the correct type of firewall protecting you, ask your account manager.   For all of our managed IT clients, we are automatically patching using the following process. This is included in your managed IT plan: 1. Checking to see if a breach has been attempted 2. If so, checking to see if any payloads have been executed 3. If so, assessing the risk level of the payload 1. If the risk is low, performing a malware scan 2. If the risk is high, taking the system offline and restoring from backup 4. Applying security patches and rebooting if needed 5. If there is a next generation firewall, confirm it is configured to block intrusion attempts 6. Perform a vulnerability scan to confirm the patch was successful If you are not a managed IT client, and you would like our team to assist with assessing your systems, please reach out to us for support. What You Should Do Stay alert for any updates/patches pushed out by your other technology vendors and install them immediately. Keep an eye out for further communication from LeeShanok pertaining to your unique situation.   The LeeShanok Team   Phoenix:  602-277-5757         Tucson:   520-888-9122         ITNews@leeshanok.com

IT cyber security is designed in layers. Digital threats to a company usually originate from outside. Threats that breach a layer tend to settle in and seek other devices at the same layer. When the attempt to breach the next layer is made, malicious programs will make attempts from multiple devices. By the time inner layers are breached, many devices have already been compromised, and exfiltration of company data has probably already occurred. See Why Cybersecurity is Important.

With network infrastructures that include both on-premises and cloud-based infrastructure, layering your network cybersecurity to protect it all can be challenging. Historically this would require unique solutions for each part of the infrastructure, but today there are solutions available that simplify and consolidate monitoring and management. There are many ways to protect against threats. Below are actionable ways to improve your firm’s cybersecurity.

End Users & Devices

Protect Wi-Fi Network Access from Cyberattacks

Many firms have both staff Wi-Fi and guest Wi-Fi networks. There’s usually a password required to connect to the staff Wi-Fi, but many times the guest network has no password. This opens the door for direct cyberattacks against connected devices. Use a password on all your firm’s Wi-Fi networks.

Another issue emerges with Wi-Fi authentication when an employee is terminated. The terminated employee could park close by and connect to the guest Wi-Fi (open) or staff Wi-Fi network (Wi-Fi password still the same), where they could launch attacks against other connected devices or seek company data to steal.

Most firms do not change the Wi-Fi password on termination of an employee because it requires all remaining employees to change the password in the devices they connect with. As time goes by, more and more terminated employees will have access to the company’s Wi-Fi networks. Adding a RADIUS Server to your Wi-Fi authentication fixes this by coordinating with the user’s Active Directory (AD) account. When an employee is terminated, simply marking their AD account “inactive” prevents them from connecting to the Wi-Fi network. No other employee’s access is affected.

Security Measures on Mobile Devices

Regardless of operating system, many employees use personal mobile devices to read company email, log in to cloud accounts, generate and send quotes, and other tasks that require access to company networks and data.

These employee devices may not meet sophisticated cybersecurity measures the company demands from connected devices, and are therefore vulnerable to external access and cyberattacks. If an employee loses their device, all the data and stored credentials may be available to cyber criminals.

To guard against these risks, it’s important for companies to use a Mobile Device Manager (MDM) and enroll all personal phones that are used for company business. Good MDMs push group security policies to enrolled devices, and also locate or wipe a lost phone. Employees should also set up “Find My Phone” while they have the device in their possession so that lost devices are easier to recover.

Utilize Group Policies for Cybersecurity

Group policies are central rules that can be applied to all devices that access company resources. Common cybersecurity policies can be designed for all user accounts and devices at time of login. Policies can also be designed by groups. For example, senior management devices have different cybersecurity rules than front-line workers.

Pushing out cybersecurity policy in this fashion eliminates the need to sit at each device and configure its security in case of a security breach, and it provides common security policies to all employees with certain job types or common access to specific data stores.

Improve Employees’ Password Management

Many employees have a favorite password they never forget, and they use it across multiple websites and their domain login. A data breach at just one of those sites, and all the employee’s accounts are compromised. A better strategy is to use a different password on each site, but that can be impossible to remember without writing them down, another risky practice.

The best strategy is to use a company-wide password manager that generates complex passwords and provides access to password folders via role-based policies. Some password managers provide segmentation of each user’s passwords with their own secure folder, allowing them to manage both their personal and professional passwords. With this strategy, your employee only needs to create and memorize one strong password for the password manager.

Enable Multi-Factor Authentication on All Your Accounts

Enabling two factor authentication for adds a layer of protection to each user account’s sensitive information on personal devices. When logging in, after the username and password are accepted, the site sends a text or notification to an authenticator app on your phone. If you verify the notification, then the connection is completed.

Strong authentication is particularly useful in squashing security risks like a stranger’s attempt to access one of your online accounts and trying to steal your personal data. You would receive notification about a login attempt but did not initiate it. That would be a good time to change the account password to a different strong password, as it’s clear someone has the current credentials or personal information.

Individuals can reduce their cyber risk by enabling MFA on many individual sites, but a faster way is to have your IT department or your managed IT service provider require it for all accounts.

Require Cybersecurity Training

The user is the most important security measure, and an educated user fortifies all other layers of security. Up to 95% of cybersecurity breaches are the result of human error, so it’s important to have all employees regularly trained on cybersecurity best practices.

Keep your business safe with one of the many webinars and in-person trainings are available, but it’s important to select a provider who is knowledgeable and has invested in the quality and delivery of the material.

LeeShanok’s IT Security for the Common Worker series is a free, monthly webinar that teaches cybersecurity best practices to employees of all levels of IT skill. LeeShanok also offers custom, in-person training to Arizona businesses.

Local Network Infrastructure

Assess Your Network Infrastructure and Security

Before making changes to your network, it’s important to assess what you currently have and create a network diagram if one does not exist already. Making changes without understanding the current network layout can result in additional complexity and reduced security.

If you’re not sure where to start, most managed IT service providers (MSPs) offer network assessments that generate documentation of the infrastructure, credentials, configurations, and recommendations to improve security.

Some MSPs like LeeShanok also offer network security assessments, which includes network assessment documentation, along with analyses of the security posture and risks that are present. A network security assessment may also include penetration testing to test actual vulnerabilities.

Segment Your Network

If you have two Wi-Fi networks (like a staff and guest network), segmenting the two into VLAN 1 & VLAN 2 provides a security barrier. Devices and sessions running in one VLAN are blocked from accessing devices in the second VLAN. Network segmentation can be physical or logical and involves breaking down a network into smaller subnets.

Segmenting your public Wi-Fi architecture and maintaining software updates helps simplify management of firewall policies, reduces the overall attack surface, and strengthens your firm’s security.

Proactively Manage Infrastructure

It is very important that the cybersecurity of your network not be a set-and-forget exercise. Even the best defenses see reduced protection over time as bad actors test for and identify vulnerabilities. Many smaller firms use home-grade devices, resulting in big security holes for sophisticated breach strategies.

It is challenging and expensive for internal staff to continuously manage these risks, which is why many use a “set and forget” strategy. Professional Managed IT Service Providers solve this by specializing in proactively securing, fixing, and updating technology more affordably than additional internal staff.

Consider hiring a Managed IT Provider if your internal resources aren’t able to regularly research and deploy new cybersecurity strategies to keep up with the evolving threat landscape.

Replace Legacy Devices

Improve your cybersecurity posture by replacing aging devices with new devices that have more sophisticated and coordinated security features. Work with your internal IT or your managed IT service provider to select new devices that align with your overall IT strategy.

Following deployment, it is also important for you or your managed service provider to actively manage infrastructure components, keep their firmware and software up to date, and investigate all notifications when threats are detected.

Update Firmware and Software in All Devices

Many attacks exploit vulnerabilities in networking, server and end-user devices. Manufacturers respond to discovered vulnerabilities by developing and releasing updates and patches to both firmware and embedded software. Most devices do not automatically install updates, so there is human involvement needed to search for and install updates to devices. This process should be repeated at least quarterly for all infrastructure devices. Learn how to Update Firmware in Network Devices.

Software suites also regularly release updates and patches to be installed. Some are installed automatically, while others need to be manually installed. All employees should be keeping software up to date.

Use SSL VPN for Site-to-Site Connections

Virtual Private Networks (VPNs) have been a secure method to remotely connect to company resources for years. Unfortunately, most VPN software apps have vulnerabilities that can allow a hacker to gain admin access to the interface, opening it up for rogue connections to a company domain.

Upgrade to SSL VPN connections, which require an SSL Certificate be purchased and imported into each connected firewall to establish trust. New VPN software is required on end user devices to allow connection via SSL VPN.

Other permanent VPN tunnels may be used to connect a local network to a cloud hosted environment like Microsoft Azure. SSL VPN should be used here as well to protect the connection and access to the hosted environment.

See LeeShanok’s IT News articles on:  SSL/TLS Migration for PCI Compliance, Work Remote Securely

Manage Firewall Ports

Firewall ports are used for computer-to-computer communication. Many firewall ports are open by default, like 443 for internet traffic. Some ports should be managed more actively, opening when network packets need to pass and then closing until the next packets need to pass.

Ports can be closed by disabling the service or using network firewall rules that Deny-All-Permit-By-Exception (DAPE). Also disabling Universal Plug and Play (UPnP) in the firewall prevents any computer in the network from opening ports without challenge.

Enabling both network firewall and host-based firewall capability is a best-practice. Enabling firewall rules will block external services, but should be tested to make sure desired services can still communicate.

On end-user computers, port management is done by antivirus apps. It’s usually fine to allow the default configuration, but some firms may have a group policy that pushes out different security policies to all end-user devices.

Set Up GeoLocation and GeoBlocking

Certain geographies are known to present greater cybersecurity risks. For example, more cyberattacks originate from China and Russia than any other countries. GeoLocation estimates where a connection originates, and GeoBlocking blocks connections from those regions.

If your company doesn’t do business in a risky geography, it should be GeoBlocked by default. Most newer firewalls have this option available.

Cloud Infrastructure and Services

Migrate from Backups to Business Continuity & Disaster Recovery

To recover from a breach, infection or ransomware, backups are the best method. Traditional backups usually involved an external USB drive physically plugged in to a server or end user computer. This backup method may not include cloud-based data, it doesn’t protect against an on-premises disaster, and recovery may take longer.

Modern backup capability includes business continuity and disaster recovery (BCDR), which backs up operating systems, Active Directory configurations, and storage. BCDR usually involves an on-premises backup which has the ability to complete a restoration in a few minutes or hours, rather than the days or weeks a server re-build requires. There’s also a redundant cloud-based backup in the event of an on-premises disaster.

Backup your Cloud Environments

Modern backup strategies should also include important Software-as-a-Service (SaaS) accounts like Microsoft 365 or Google Workspace. Microsoft protects their data center and all data from natural disasters and failures. However, you are responsible for data loss due to human error, external hackers, malicious insiders, and more.

Approximately 90% of all companies use the cloud in some capacity and falsely assume data is backed up automatically. SaaS Protection for cloud accounts is a must-have for a modern backup strategy.

Monitor Dark Web for Compromised Company Credentials

Dark web monitoring generates reports of users in your domain whose usernames and passwords are found for sale on the Dark Web. A Dark web monitoring service can notify you when those credentials are compromised, so you can have the employee reset passwords and enable Multi-Factor Authentication.

LeeShanok offers a complimentary Dark Web Scan that shows the compromised usernames and passwords of everyone with an email address on your company’s domain.  

Migrate from EDR to XDR

Endpoint Detection and Response (EDR) is the traditional method of monitoring endpoints for advanced persistent threats and new malware that may evade defenses. Extended Detection and Response (XDR) spans across platforms, endpoints, on-premises environments, cloud environments, and endpoints.

XDR usually provides a “single pane of glass” view for monitoring and responding to threats. XDR also uses artificial intelligence (AI) to scan various logs from multiple platforms and provide accurate, context-rich alerts.

Plan for Secure Access Service Edge (SASE)

SASE is a new framework in which networking and security converge into a single integrated service that works at the cloud edge to deliver networking and security functions as a service. With widespread cloud adoption, the SASE model simplifies and consolidates many different networking and security functions.

The technology is still in its early stages, but expect to adopt this model soon if your organization hasn’t yet. As an example, Cisco’s SASE offering includes:

• SD-WAN
• Cloud security
• Zero trust conditional access
• Umbrella security
• Secure access by DUO
• ThousandEyes for network outage monitoring

Hire a Managed IT Security Provider

As you can see, improving cybersecurity can be a challenging task. It requires constant vigilance and a high degree of technical expertise. Threats like ransomware are increasing every year, and businesses of every size are lucrative targets.

Many companies choose to hire managed IT service providers for their IT security. It’s generally more cost-effective, and the knowledge pool is deeper than what can be achieved with most internal IT teams. LeeShanok has been providing IT security since 1997. Request a complimentary network assessment to find out where your network is vulnerable, and which steps are most important for you to take.