Many of us are probably aware in the weeks following the Colonial Pipeline attack that ransomware attacks are a serious concern that all of us face. Many cyber-criminals are agnostic on who they target with ransomware, victims can range from large multinational corporations, to local hospitals, even individuals like you or I, and in this most recent instance; highly crucial U.S. infrastructure. This attack had a direct effect on millions of Americans and as a result, led to long lines at the gas pump and even gas shortages in some states along the Eastern Seaboard. 

Headlines, news stories and anxiety about how soon a fix would be implemented, this was what was on the minds of many of us during the weeks after the attack. In the end, Colonial Pipeline paid the hackers roughly $4.4 million dollars in order to have their data decrypted. 

However, after all of the stories, and buzz about the incident, many people may still be wondering what exactly ransomware is, how it works, and why it is becoming more popular for cyber-criminals. Our goal for this post is to provide some answers to these questions.

What is Ransomware?

Ransomware is a form of malware, or virus that encrypts data and files on a victim machine, which then prevents users from accessing their files. When ransomware infects a system, it starts searching for files and then begins encrypting them, oftentimes it will encrypt all of the files on the machine. Attackers hold the key that can decrypt the files, which they commonly will offer to give to the victim once a ransom payment has been made, but it is not always a guarantee.

Most ransomware will display a ransom notice/pop-up to users, usually by replacing their desktop background image or placing a text file with instructions in the folders it has encrypted. The ransom notice demands payment, which may be between hundreds and several thousand dollars, most typically to be paid in cryptocurrency to keep the transaction anonymous, and untraceable.

How Does Ransomware Work? 

Ransomware can enter a network in several different ways, the most common of which is from being downloaded, however other means of infection can come from social engineering. These downloads can come in the form of email attachments, or programs that are disguised to perform a specific function or task, but in fact are carrying the ransomware. Once downloaded, the ransomware program then begins attacking the system and then begins encrypting all of  the data and files on the system, adds a new file extension to the files and makes them inaccessible and unusable. There are even much more sophisticated variants of ransomware than can spread themselves throughout networks and systems without human interaction, much like a computer worm. 

Ransomwares Rise to Popularity

Ransomware attacks have grown in popularity in recent years for several reasons, the most likely reason being that more times than not, ransomware victims will end up paying to have their data decrypted so cyber-criminals see it as an easy means to an end for making money.

Some other reasons that it is becoming more widespread:

• Use of new techniques for encrypting data (encrypting the entire drive instead of just certain files)
• Ransomware and other types of malware kits are becoming more readily available that can be used to create malware on demand
• Malware and ransomware creators are becoming more sophisticated with their design and development, many are using generic interpreters and cross platform technologies so the malware can be spread to more victims.
• Ransomware and other forms of malware are becoming easier and easier to use. Cybercriminals do not have to be tech savvy in order to use, send, or spread the ransomware. 
• Ransomware marketplaces can be easily found online, offering different variants of malware/ransomware that can be purchased and used to their choosing.

There is a silver lining to this cloud. Ransomware can be mitigated and even prevented, if you would like to read more about this, check out one of our previous posts. Ransomware Prevention: Backups & Data Recovery

SME offers both Managed Backup solutions and Cloud Backup Storage solutions that ensure reliable backups of your data. For any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

A fact that many businesses and organizations have difficulty accepting is that their employees are one of the biggest risks to their overall security posture. Human error is still considered the leading causes of data breaches and compromises. 

However, with proper Security Awareness Training and provided with the fundamental understanding and knowledge to identify threats, your employees can act as another line of defense altogether, and even become one of your greatest assets. When designing, developing and implementing a Security Awareness Training program, it is vital to ensure that you take into consideration all of the cyber threats that your organization is most likely to face, and address those directly with your employees. 

The goal of this post is to discuss some of the more common Security Awareness Training program topics.

Phishing

I’m sure many of you reading this have received a call about your car’s extended warranty, or a call from the IRS of Social Security Administration. Phishing scams are still one of the most common attack methods that cyber criminals use in order to gain access to an organization’s network and resources. These threat actors play on fear, emotions, or empathy in order to take advantage of human nature and our inherent ability to trust others, and an ingrained need to help those in need. They do this by creating a sense of urgency or fear, by offering some sort of incentive like free stuff of “Stays at the Hamptons”, or “A free cruise”. 

Password Security

Passwords are still the main source for authentication measures used by organizations, and poor password security can be one of the biggest threats to enterprise level security. A large majority of your employees can have upwards of a dozen or more accounts that require a username (most typically their email address), and a password. The following tips are very important to include in training content.

• Passwords should be randomly generated
• Always use a different, unique password for each online account
• Passwords should contain a combination of letters, numbers, and symbols
• To make managing all of these accounts easier, use a password manager
• When possible, always use Two-Factor or Multi-factor Authentication to reduce the risk of compromised passwords

 Safe Internet Habits

Almost every employee in the workplace, especially so in tech. Have access to the internet. Security Awareness Training programs should be sure to incorporate safe internet habits in and outside of the workplace to further protect the network and your employees from threat actors. 

• Ability to spot, and recognize spoofed domain names
• What the difference between HTTP and HTTPS is and why it is important
• The potential dangers of downloading software from untrusted or suspicious websites
• The inherent risks and dangers or entering login credentials into suspicious or untrusted websites

Social Networking Risks

More and more organizations are using social media as a form of both customer service and a way to connect and build relationships with their customers, and even generate online sales. Unfortunately for them, cybercriminals have also started utilizing social media to create another attack surface that can put organizations reputation, and systems at risk.

An organization should have a section in their Security Awareness Training program that focuses on social networking and should limit the use of social networking on premises and should inform and train employees on the threats that social media can present online.

Removable Media

Removable media such as CDs, and USB drives can be useful to organizations to share and transfer documents, however, they can also be very useful for cybercriminals. Threat actors can enable malware to bypass an organization’s security measures and defenses. Malware can easily be installed on the media and configured to execute automatically, or can even trick employees into clicking and opening the file by naming the file with something enticing. These malicious media can be used to install malware like ransomware, steal data, and even destroy the system they’re installed on.

• Inform employees to never plug or insert untrusted removable media into a computer 
• Take any untrusted device to IT or Security Team for scanning and approval
• IT/Security Team should disable autorun on all computers

Clean Desk Policy

Organizations should take time to inform their employees of Clean Desk Policies. What this means is that employees are not leaving sensitive information out on  their desk for passersby or others to glance at and see. These can be in the form of printouts, papers, sticky notes, etc that can be easily taken by thieves and seen by prying eyes. Before leaving a work space, all sensitive and confidential information should be securely stored. 

Physical Security

Security Awareness does not just have to apply to computers or other electronic devices, employees should also be made aware of the potential physical security risks in the workplace.

• Employees should be made aware of what “shoulder surfing” is, and how to counteract it
• Employees should be made aware to ensure and verify other peoples credentials to prevent “impersonation”
• Informing employees to not leave passwords written on pieces of paper on one’s desk
• Leaving company issued devices out in the open
• Not locking or logging off of company issued computers when leaving one’s desk

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

A fact that many businesses and organizations have difficulty accepting is that their employees are one of the biggest risks to their overall security posture. Human error is still considered the leading causes of data breaches and compromises. 

However, with proper Security Awareness Training and provided with the fundamental understanding and knowledge to identify threats, your employees can act as another line of defense altogether, and even become one of your greatest assets. When designing, developing and implementing a Security Awareness Training program, it is vital to ensure that you take into consideration all of the cyber threats that your organization is most likely to face, and address those directly with your employees. 

The goal of this post is to discuss some of the more common Security Awareness Training program topics.

Phishing

I’m sure many of you reading this have received a call about your car’s extended warranty, or a call from the IRS of Social Security Administration. Phishing scams are still one of the most common attack methods that cyber criminals use in order to gain access to an organization’s network and resources. These threat actors play on fear, emotions, or empathy in order to take advantage of human nature and our inherent ability to trust others, and an ingrained need to help those in need. They do this by creating a sense of urgency or fear, by offering some sort of incentive like free stuff of “Stays at the Hamptons”, or “A free cruise”. 

Password Security

Passwords are still the main source for authentication measures used by organizations, and poor password security can be one of the biggest threats to enterprise level security. A large majority of your employees can have upwards of a dozen or more accounts that require a username (most typically their email address), and a password. The following tips are very important to include in training content.

• Passwords should be randomly generated
• Always use a different, unique password for each online account
• Passwords should contain a combination of letters, numbers, and symbols
• To make managing all of these accounts easier, use a password manager
• When possible, always use Two-Factor or Multi-factor Authentication to reduce the risk of compromised passwords

 Safe Internet Habits

Almost every employee in the workplace, especially so in tech. Have access to the internet. Security Awareness Training programs should be sure to incorporate safe internet habits in and outside of the workplace to further protect the network and your employees from threat actors. 

• Ability to spot, and recognize spoofed domain names
• What the difference between HTTP and HTTPS is and why it is important
• The potential dangers of downloading software from untrusted or suspicious websites
• The inherent risks and dangers or entering login credentials into suspicious or untrusted websites

Social Networking Risks

More and more organizations are using social media as a form of both customer service and a way to connect and build relationships with their customers, and even generate online sales. Unfortunately for them, cybercriminals have also started utilizing social media to create another attack surface that can put organizations reputation, and systems at risk.

An organization should have a section in their Security Awareness Training program that focuses on social networking and should limit the use of social networking on premises and should inform and train employees on the threats that social media can present online.

Removable Media

Removable media such as CDs, and USB drives can be useful to organizations to share and transfer documents, however, they can also be very useful for cybercriminals. Threat actors can enable malware to bypass an organization’s security measures and defenses. Malware can easily be installed on the media and configured to execute automatically, or can even trick employees into clicking and opening the file by naming the file with something enticing. These malicious media can be used to install malware like ransomware, steal data, and even destroy the system they’re installed on.

• Inform employees to never plug or insert untrusted removable media into a computer 
• Take any untrusted device to IT or Security Team for scanning and approval
• IT/Security Team should disable autorun on all computers

Clean Desk Policy

Organizations should take time to inform their employees of Clean Desk Policies. What this means is that employees are not leaving sensitive information out on  their desk for passersby or others to glance at and see. These can be in the form of printouts, papers, sticky notes, etc that can be easily taken by thieves and seen by prying eyes. Before leaving a work space, all sensitive and confidential information should be securely stored. 

Physical Security

Security Awareness does not just have to apply to computers or other electronic devices, employees should also be made aware of the potential physical security risks in the workplace.

• Employees should be made aware of what “shoulder surfing” is, and how to counteract it
• Employees should be made aware to ensure and verify other peoples credentials to prevent “impersonation”
• Informing employees to not leave passwords written on pieces of paper on one’s desk
• Leaving company issued devices out in the open
• Not locking or logging off of company issued computers when leaving one’s desk

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

As often as some topic relating to cybersecurity is in the news, whether its online fraud, ransomware, or the almost weekly discussion of a new data breach, or form of serious exploits or hacks, one would assume that many of us would have some of the basic terminology memorized right? Not exactly; as long as cyber attacks continue to perpetuate the daily or weekly news cycle, there’s always a new term or buzzword that gets thrown around into the mix.

Our overall goal with this post is to take some of the most commonly used cybersecurity terms and lay them out as plainly as possible so that they are not only easy to understand, but easy to remember. We hope that in reading these terms, the next time you come across one while reading or hearing it, you’ll know exactly what it’s referring to.

1. Software – a set of instructions that tells a computer how to perform a certain task. Also known as program, or application.
   Examples: Microsoft Office, Internet Explorer, Mobile Apps
   
2. Hardware – The physical components of a computer, or other device.
   Examples: Motherboard, CPU, RAM, Hard Drive
   
3. Server – A computer that provides data to other computers (ie it serves other computers).
   Examples: Database server, Email server, Web server, Cloud server, File server
   
4. The Cloud – the cloud is nothing more than a set of high storage servers that are accessed over the Internet. The purpose is to store, and access data remotely rather than on your own physical device.
   Examples: Apple iCloud, Amazon AWS, Dropbox, Google Apps, Microsoft Office Online
   
5. Virtual Private Network (VPN) – a tool or service that protects your information and privacy online by protecting your internet connection. VPN’s do this by masking location and encrypting web traffic.
   Examples: NordVPN, ExpressVPN, IPVanish
   
6. Domain – computers, printers, telephones, and other devices that are interconnected and administered with a common set of rules. Also known as a Network Domain.
   Not to be confused with Domain Name.
   
7. Domain Name – unique, easy-to-remember address used to access websites.
   Examples: google.com, whitehouse.gov, smeinc.net
   
8. IP Address – a unique address that identifies a device on the internet or a local network. The internet version of a home address for a computer.
   Examples: 127.0.0.1, 192.168.0.1
   
9. MAC Address – a hardware identification number that uniquely identifies each device on a network. Commonly assigned by the manufacturer to a piece of network hardware (like a wireless card or an ethernet card).
   Example: 00:1B:44:11:3A:B7
   
10. Data Breach – an incident that exposes confidential or protected information. A breach might involve the loss or theft of your Social Security Number, bank account or debit/credit card numbers, personal health information, passwords or email.
    Examples: Target, Equifax, LinkedIn
    
11. Exploit – a program, or code, designed to discover and take advantage of a security flaw or vulnerability in an application or computer system, typically for malicious purposes such as installing malware.
    Examples: EternalBlue, WannaCry, Petya/NotPetya
    
12. Malware – short for malicious software, malware is an umbrella term for a number of malicious software variants designed to cause harm to computers and computer users.
    Examples: viruses, trojan horses, worms, adware, ransomware, rootkits, and spyware.
    
    1. Virus – a type of malware that can be either malicious code or a program written to alter the way a computer operates and is designed to spread from one computer to another.
       Examples: Code Red, ILOVEYOU, Slammer, CryptoLocker, Zeus
       
    2. Trojan Horse – a type of malware that is often disguised as legitimate software.
       Examples: Backdoor Trojan, Fake Antivirus Trojan, Keylogger Trojan, Mailfinder Trojan.
       
    3. Worm – a type of malware that spreads copies of itself from computer to computer.
       Examples: Morris Worm, Koober, SQL Slammer, Stuxnet, WANK.
       
    4. Adware – software that displays unwanted advertisements on your computer. Adware programs will tend to serve you pop-up ads, can change your browser’s homepage, add spyware and spam your device with advertisements.
       Examples: Fireball, Gator, DeskAd, DollarRevenue, Appearch
       
    5. Ransomware – a constantly evolving form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable.
       Examples: WannaCry, CryptoLocker, Bad Rabbit, Petya, Locky, Jigsaw
       
    6. Spyware – malicious software designed to enter your computer device, gather data about you, and forward it to a third-party without your consent.
       Examples: CoolWebSearch, Zlob, Gator, TIBS Dialer, Internet Optimizer.
       
    7. Rootkits – a computer program designed to provide continued privileged access to a computer while actively hiding its presence.
       Examples: NTRootkit, HackerDefender, Machiavelli, Stuxnet, Flame, Zeus.
       
13. Bot/Botnet – networks of hijacked computer devices (“bots”) that are used to carry out various scams and cyberattacks.
    Examples: Mirai, Mariposa, Kraken, 3ve.
    
14. Denial of Service (DoS) – a malicious attempt to overwhelm a web property with traffic in order to disrupt it’s normal operations.
    
15. Distributed Denial of Service (DDoS) – a malicious attempt to disrupt the normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic.
    
16. Phishing/Spear Phishing – a type of social engineering attack often used to steal user data, including login credentials and credit card numbers.
    
17. Social Engineering – the art of manipulating people so they give up confidential information.
    
18. Clickjacking – attack that tricks victims into clicking on an unintended link or button, usually disguised as a harmless element.
    
19. White Hat Hacker – an ethical computer hacker, or a computer security expert, who specializes in penetration testing and other testing methodologies that ensure the security of an organization’s information systems.
    
20. Black Hat Hacker – a hacker who violates computer security for their personal profit or malice

We here at SME hope that the definitions to some of these commonly used terms will assist you in knowing what exactly is being referred to when you hear them, or what they are in regards to.

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

It may come as no surprise to many of us that cyber attacks across the globe are on the rise. As more devices and systems are being connected to the internet, and people are continuing to share, or store personal data on these devices and systems, this creates extra attack surfaces that hackers can use to try and steal this data.

Some common examples of cyber attacks and types of data breaches are:

• Malware
• Phishing
• Spamming
• Spoofing
• Spyware
• Trojan Horses
• Viruses
• Rootkits
• Zero Days
• Identity Theft
• Extortion
• Ransomware
• Denial-of-Service (DoS)
• Distributed Denial-of-Service (DDoS)
• Stolen hardware/software
• Password sniffing
• Breach of access/access controls
• Website defacement
• Web browser exploits
• IM/Email Spamming
• Intellectual Property theft
• System infiltration
• Cross-Site Scripting (XSS)
• Credential Reuse Attack
• SQL Injection
• IoT Based Attack
• Wi-Fi Cracking

As you can tell from this list, there are tons of ways that hackers can make use of in order to get into our systems and steal our data. In an attempt to try and adequately protect not only ourselves, but also our business or organization from any number of these possible cyber attacks, we must first understand what a cyber attack is.

NISTS Computer Security Resource Center describes a cyber attack as:

An attack, via cyberspace, targeting an enterprise’s use of cyberspace for the purpose of disrupting, disabling, destroying, or maliciously controlling a computing environment/infrastructure; or destroying the integrity of the data or stealing controlled information.

One might ask, “what can I do to protect myself, or my business from a possible cyber attack?”. How can you prevent, or at least make it more difficult for hackers to exploit your systems, and steal your data?

Our goal with this post is to provide a short list of the Top 10 tip that a business can perform in order to increase the security posture of their business or work force.

1. Keep Software and Systems Up-to-Date

Most cyber attacks occur because our software or systems are not up to date or fully patched, which leaves weaknesses in systems, known as vulnerabilities. These vulnerabilities can then be exploited by hackers in order to gain access to the system and eventually to the network; and once they are in, it is often too late.

2. Security Awareness Training for Staff/Employees

Users will always be the weakest link in the security chain, and will almost certainly be the most common way hackers get access to private systems and data. For hackers, phishing and social engineering are still very common entry points into company networks. Employees need to be regularly trained on common security awareness techniques like checking links before clicking them, and checking email addresses from supposed senders. 

3. Install and Configure a Firewall

Putting your company’s network behind a firewall can prove to be one of the more effective ways to defend from a cyber attack. A well configured firewall can provide protection against hackers by shielding your company’s computers or network from malicious or unnecessary network traffic. Firewalls can also prevent malicious software from infiltrating a computer or network via the internet.

4. Implementing Endpoint Security 

Endpoint security is the practice of securing the entry points of end-user devices such as desktops, laptops, and mobile devices from being exploited. Endpoint security systems secure these entry points on a network or in the cloud from cyber attacks. These paths need to be protected with specific endpoint protection software. 

5. Perform, and Maintain Regular Backups

When a cyber attack does occur, it can often lead to disaster in the form of damages, theft of data or intellectual property, and loss of reputation. This is why it is crucial for data to be backed up in order to avoid not only serious downtime, but the loss of data and the potential for serious financial loss.

6. Perform Access Control

This may come as a surprise, but not all of the possible attack surfaces that hackers can use will be remote or from the internet; but can actually be physical as well. Ensuring that only those who should have access to the systems or networks inside of the company is imperative not only to business security but business continuity. Another often overlooked fact is employees leaving unlocked desktops open while they are away from their desks. All it would take is a hacker to insert a USB device containing malware into a system that would allow them access into the machine or the entire network and infect it.

7. Wireless Security

Any device that connects to the internet can be infected, this means that if an infected device is connected to a company network, then the entire network can subsequently become infected as well. Securing networks, and hiding them could potentially be one of the safest actions that a company can take to ensure their wireless systems are secure.

8. Separate Accounts for Each User

Anytime there is more than one user connecting to the same account, this can put not only the credentials for the account, and the account itself at risk; but also the network and the business itself. Having separate accounts for each user, and providing them with their own set of login credentials for every application and program.

Ensuring that every staff member or employee has their own logins can help in reducing the total number of attack surfaces that hackers can take advantage of. Also, businesses will also get the benefit of increased usability, on top of the added layer of security.

9. Account & Access Management

Another often overlooked risk that many businesses face is allowing employees to have the ability to install software, apps, or other programs onto business owned devices. These actions could ultimately compromise the businesses systems/devices and further put the network and business at risk.

Having administrative rights and blocking employees from installing software or even accessing certain data on the network will provide greater overall security to the business.

10. Enforce Strong Passwords

As unfortunate as it is, it’s becoming more and more known that many employees reuse the same password for multiple logins. This habit, as convenient as it may seem, can actually turn out to be very dangerous for a business. Once a hacker has figured an employees password, if the employee has set the same password for multiple accounts, then  the hacker may have login access to multiple accounts as well. 

Ensuring the employees are not only using different passwords for every login account they may have, but also enforcing a strong password policy can be incredibly beneficial to a businesses security. 

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

Although the media headlines often highlight major data breaches of large corporations and government agencies, the majority of businesses being hacked are small businesses. Why is this the case?  Most small businesses do not have layers of security in place to protect them, so attackers consider them low hanging fruit. 

According to Verizon’s 2020 Data Breach Investigations Report, 28% of all cyber-attacks and data breaches in 2020 occurred in small businesses. And according to Fundera roughly 60% of all small businesses that are victims of a cyber-attack go out of business within six months.

As many of you are aware, the title industry is in the attacker’s direct line of fire.  The good news is that effective IT security is not beyond reach. Here are a few cybersecurity tips that can benefit your business.

There was a 424% increase in new small business cyber breaches in 2020.

Network Security

Implementing a network firewall with Intrusion Detection and Prevention capabilities (IDS/IPS) is crucial.  A firewall protects your network from malicious traffic and an IDS/IPS properly monitored can stop an attacker in their tracks. Unmanaged systems do not provide adequate security.  Attackers are working around the clock and so should your security.

Performing regular network vulnerability testing, internally and externally, can identify risks giving you the opportunity to remediate before being hacked. Many of the common vulnerabilities identified include legacy or otherwise unsupported operating systems, poor patch management, and exposed systems.

It is essential that workstations, servers, and laptops are updated and patched on a regular basis.  The WannaCry ransomware attack quickly infected 150 countries and targeted computers that were unpatched.  It is important that not only Microsoft updates/patches are consistently applied but also third-party software such as Adobe, JAVA, and Anti-Virus programs need to be maintained.  There are managed systems available to ease administration and ensure timely and consistent updating/patching occurs.

Back Up

Having a backup and understanding where your data is stored is critical.  There are several backup scenarios available.  Whichever scenario fits your business the important factors remain the same:  Make sure your data is in a secure location, is encrypted during transit and storage, and regularly test that the data can be restored.  You do not want to be in the position where your back up is needed and find that hardware is not available, the time to recover is days or weeks longer than expected, or it won’t restore properly.  Consider keeping backups of your backups.

Security Policies and Procedures

With the ongoing concern about keeping business and client data safe it is vital to have security policies and procedures in place.  Employees need to understand what is expected of them and be given the proper tools and technology to safeguard business and client data.  For many businesses writing security policies and procedures can seem like a daunting task.  There is no reason why you can’t start small and add to them.  One simple yet very important policy is a password policy.  According to Verizon’s 2018 Data Breach Investigations Report, 81% of hacking-related breaches leveraged either a stolen and/or weak password.  Every password can be hacked it is just a matter of how much time it takes.  A basic 7-character password consisting of lower case letters can be cracked in seconds.  The longer and more complex a password is the longer it takes to crack.  Make it difficult for the hackers and they will move onto lower hanging fruit.

Multi-Factor Authentication

ALTA announced at the end of last year that they have added a requirement, effective January 2020, to the ALTA Best Practices for multi-factor authentication (MFA) to be enabled on all remotely hosted or remotely accessible systems storing, transmitting, or transferring non-public personal information.  Multi-factor authentication provides another layer of security as it requires a code to be put in when you are logging into a system or email from a different location.  In the event an attacker is trying to log into your systems or email you will be sent a notification with a code that someone is accessing your systems from a different location.  Without this code the attacker will not be successful, giving you time to go in and change your password and make sure your systems are secure.  This announcement from ALTA shows that the Best Practices are not going anywhere and are more important than ever.

Security Awareness Training

Security Awareness Training, which is a required layer of security, is the missing link across many small businesses.  All of the previously mentioned layers of security can be implemented, however, if your employees are not trained on how to recognize and handle everyday security risks your business is still at serious risk.  Employees are the number one target of attackers who expect they have not been given the necessary training and tools.  One of the main problems the title industry is facing now are phishing emails. ALTA reported a 480% increase in wire fraud attacks in 2016, many of these attacks involved phishing emails.  Implementing a comprehensive and ongoing Security Awareness Training program is your best line of defense against these attacks. Educate and empower your employees; everyone is part of the security team!

It is very important that small businesses take pro-active approaches to IT security.  Avoiding the necessary steps is only going to increase your chances of falling victim to an attack.  Implementing and maintaining the proper layers of security can be complex and requires knowledge of the ever changing landscape of the IT security world.  When choosing a company to assist your business, it is important to choose a company with proven expertise in IT security.  Cybersecurity threats are continuing to rise, now is the time to take action to protect your business and client data.

How SME Can Help

SME has been working with businesses in the title industry for several years, and our team of professionals not only understands the industry, but all the risks that the industry faces. The importance of protecting the information of customers is crucial for the title industry, and title agents alike. This is why Title Agents are expected to meet the ALTA (American Land Title Association) Best Practices, so that they can have the knowledge to the protect non-public personal information of their customers.

To find out more about our compliance solutions, or any other IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

In the past, the technological requirements and needs of the US government have always been quite different and in many ways unique to how businesses in the private and public sectors typically operate. So in response to these unique and evolving requirements, Microsoft created a specific platform for their public and private sector customers – Microsoft 365 Government. This platform has addressed many of the compliance struggles that government cloud computing has faced in the past.

From their website Microsoft states the following about their Microsoft 365 Government platform:

Microsoft 365 Government is a set of productivity, security, and mobility cloud software capabilities tailored for US government agencies and contractors sponsored to hold controlled, unclassified information. Delivered through unique environments that meet the most stringent of compliance requirements, Microsoft 365 Government is a cloud offer for US government customers that matches as closely as possible the features and capabilities of Microsoft commercial cloud enterprise offerings.

Whether an organization is public or private sector, many are moving away from in-house data centers and into the cloud. However, if an organization will be handling government data, specifically data from the DoD or Federal government, there are certain cybersecurity regulations and compliance requirements that must be met before the data they are utilizing can be stored in the cloud. 

For those organizations out there that are current Microsoft 365 Commercial customers and are either currently working towards, or planning on becoming CMMC compliant, a new change has been enacted that may require you to upgrade from Microsoft 365 Commercial to either Microsoft’s Government Community Cloud (GCC), or Government Community Cloud High (GCC High) platforms. 

Microsoft’s Government Community Cloud(GCC) Government Community Cloud High(GCC High) is used across various US Federal, state, local, and other government entities. It is also used by organizations that deal with certain types of sensitive or controlled government data that may possess more strict regulatory or compliance requirements. 

Different Versions of Microsoft 365 

Microsoft actually offers three different environments for their Microsoft 365 platform, here is a quick explanation of each.

Microsoft 365 Commercial

This particular environment is built to FedRAMP Moderate standards and can be customized and configured to meet NIST 800-171 compliance, but does not fully meet the requirements for DFARS 7012 compliance.

Although not officially asserted, it is expected that Microsoft 365 Commercial will meet CMMC Levels 1-2.

Microsoft 365 GCC

Microsoft GCC, or Government Community Cloud, in a nutshell is a government focused copy of the commercial environment. What this means is that it has many of the same features and functionalities, but features data centers ONLY in the continental United States and segregated from commercial organizations, as mandated by FedRAMP Moderate. As with the Microsoft 365 Commercial environment, it can be customized and configured to be 100% NIST 800-171 compliant. 

Microsoft 365 GCC High

Microsoft GCC High, or Government Community Cloud High was created specifically to meet the needs of DoD and Federal contractors that need to meet the strict cybersecurity and compliance requirements. GCC High can be thought of as a copy of the Microsoft DOD cloud environment for use by DOD contractors, cabinet-level agencies, and cleared personnel. One critical distinction: when handling classified data, environments have a high side and a low side, the high side existing so users can handle classified data. GCC High is not considered a high side environment, it only received the “High” name because it meets FedRAMP High impact requirements.

For many government regulations, standards, and compliance requirements, organizations must make sure any personnel working in the environment meets the requirements of specific government background checks. GCC High acts as a data enclave of Office Commercial. It’s compliant with DFARS, ITAR, NIST-800 171, NIST-800 53, and CMMC.

For organizations planning to or required to meet CMMC Levels 3-5, they should deploy Microsoft 365 GCC High. 

GCC High is not required to meet CMMC compliance at any Level, however Microsoft recommends for organizations planning or required to meet CMMC Levels 3-5 should deploy Microsoft 365 GCC High. The Commercial and GCC versions of Microsoft 365 can be customized and configured to meet NIST 800-171, and the majority of CMMC’s requirements.

Put simply, there are 3 major steps that are required to be met in order to obtain access to the GCC High environment.

• Identifying Need and Confirm Eligibility
• Validating Eligibility
• Submit for Licensing

Identifying Need and Confirm Eligibility

Because not every organization that is part of or connected to the US government will need access to the GCC or GCC High environment, it is important to first identify if the need for either of these environments exists.

In order to be eligible, an organization must be classified as a government organization, or are currently authorized to purchase government contracts, and eligibility can be extended to cover entities or organizations that handle data that falls under specific governmental regulations and compliance requirements. 

Validating Eligibility

After an organization has determined that Office 365 GCC or GCC High is the right solution for its requirements, it has to confirm and validate its eligibility with Microsoft in order to obtain access to a Microsoft 365 Government cloud environment. This step is crucial because Microsoft does not offer commercial trials for Office 365 GCC and there are no trials for the GCC High or the DoD environments.

Most often, companies fail these first two steps, and as a result are refused licensing for GCC High. Ensuring that your organization meets the baseline qualifications and requirements for GCC or GCC High is vital in order to obtain the licensing to access the GCC or GCC High cloud environment.

SME Can Help!

Once your organization has obtained approval to access the GCC or GCC High environment, our team of highly trained and qualified professionals here at SME can assist your organization by setting up tenants for the Microsoft GCC or GCC High cloud environments with the best security practices and standards, as well as migrating your currently existing data from Microsoft 365 Commercial environment.

March 20th marked the first day of Spring for 2021, so it’s time for annual Spring cleaning right? Dragging the old stuff out for a yard sale, packing the last of the holiday decorations up and beginning to take full advantage of the warmer weather and the days we’re stuck inside due to the Spring rain. As many of us find ourselves tidying up more, and cleaning around the house, or yard, we all should also take the time to clean out our computers and other devices as well.

When we clean out our computers and other devices, it’s not just about dusting off the screens or blowing out, and wiping down the keyboards. It’s also very important to clean the hard drive, USB and charge ports, update the software, and work on uninstalling outdated, or unused programs and apps.

Not only can this increase the lifespan of these devices but it can also help them to run faster, and operate better. In order to do this, we should take the time to properly clean the hardware, and software. Here are some helpful tips for both cleaning the hardware and the software of your computers, and other devices. 

Hardware

If you’re running a laptop with fans or a desktop computer whether it’s for personal, business, or even gaming, it’s crucial that you keep the fans cleaned out and running smoothly. Regularly cleaning the dust off of fan vents can help prevent the computer from overheating and potentially breaking causing you to lose all of your valuable information stored on it. 

This can be a fairly simple task, and can be achieved with little less than a can of compressed air that you can pick up at many local supermarkets or other stores. However, if you do not feel comfortable doing this yourself, give your local Computer Repair store or a local reputable IT person and ask if they provide hardware cleaning services. Most often, these places will utilize what specialized tool called a DataVac and use it to blow out dust out of the machine, and safely clean other areas of the computer.

Another helpful tip is to clean out the data ports on computers and devices, this can also be done with compressed air and many times something like a toothpick, you would be very surprised, and maybe a little grossed out by how much dust and gunk can get stuck inside the charge port on your mobile device or tablet and inside the USB ports on your computer.

Power surges can damage computers, and many people don’t realize that power surges can cause surge protectors to lose their ability to do their jobs, protecting from surges. It’s a good idea to check them from time to time, especially after a notable power surge.

Software

Cleaning a computer or other devices software not only helps protect the data stored on it, it also helps the computer operate more smoothly and efficiently. Using antivirus software can ensure that malware stays out of the system, but that antivirus needs to be regularly updated. 

To keep your software cleaned out, and running as smoothly and efficiently as possible:

• Delete outdated/unused programs
• Download and install software updates/patches.
• Perform backup operations:
  • Take a full backup of the harddrive, photos, videos, and any other important data.
• Perform maintenance tasks often. 
  • Run antivirus/antimalware scans, defragment hard drives, download and apply updates/patches.
• Defragment the Hard Disk Drive (HDD) (not applicable to Solid State Drives (SSD)). Computers can slow down if the data on the HDD is fragmented. To address this, Windows has a disk defragmenter tool that is built into the system and can be set to run automatically.

While installing updates, check to see if the programs/apps on the device are even being used, and consider deleting any programs/apps, and files no longer in use. Uninstalling and decluttering these unused or outdated programs/apps can ensure that your device doesn’t get bogged down with unnecessary data. It also limits the number of programs malware might attempt to hijack the device in order  to gain access to the system.

In order to help detect hard drive issues that could lead to other potential problems, Microsoft provides a Check Disk tool for WIndows operating systems. Check Disk  will scan for and repair issues such as file system errors or bad sectors. If you have never performed a Check Disk scan before, run a full scan, which enables automatic repairs. However, the process may take a few hours, so sit back and relax while it works it’s magic.

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

How many times have you heard someone mention that “We have locks, we don’t need security cameras” or “We have a firewall setup, we don’t need an IDS/IPS, or the need to segment our network”. More often than not, we have heard someone we know, or overheard someone say this. When it comes to cybersecurity, even if you are an expert or an ametuer, and even though you may have a firewall, an IDS/IPS deployed, or install antivirus or advanced malware protection, you can not simply assume that you are safe and secure.

IT Teams are generally tasked with the responsibility of employing a strong defense-in depth strategy. This means taking the steps and means to implement prevention, detection, response controls, all tied together with an active security awareness campaign.

Think of your organization as a castle, then think of Defense-in-Depth as the high walls, the draw-bridge, and the moat full of alligators, all designed to work in unison to protect the castle from intruders.

In order to adequately protect the network and assets, successful organizations implement a layered and cross-boundary strategy to ensure that even if one or more protective measures fail, there will be other defenses in place to protect your environment, and organization. This strategy is typically referred to as “Defense-in-Depth”, and is used as an information assurance strategy to provide multiple, redundant, and layered defensive countermeasures in order to protect valuable data and assets in the likelihood that a security control mechanism fails, or a vulnerability is exploited. If one control fails, another immediately takes its place in an attempt to thwart an attack.

The Defense-in-Depth strategy originates from a military strategy of the same name, whose goal is to delay the potential for an attack, rather than outright defeating it with one strong line of defense. This same concept is utilized in cybersecurity as a multi-layered approach can be applied to all levels of IT systems, as it increases the security of systems, and addresses the many different attack vectors a network can introduce. Each layer of security introduces complexity and latency while requiring that someone actively manage it.

Protecting your information assets requires a combination of different technologies to create these multiple layers of security. There are several important security layers that can provide the means to implement prevention, detection, and response controls, some of the most essential can include measures that provide the means:

• Firewalls, Web Application Firewalls, System dependent firewalls (Windows Firewall)
• Intrusion Detection Systems / Intrusion Prevention Systems
• Identity and Access Management / Access Control 
• Change Management / Patch Management
• Enterprise-wide Antivirus / Antimalware applications
• User Awareness Security Training

Prevention controls are used to stop an attack before it has the chance to start. This can be done in several ways:

• User Awareness Training: training users not to click links in email, open unexpected attachments, visit unsafe sites on the web, downloading games, music or movies from peer-to-peer (P2P) networks, or allowing insecure means to remote into their machines.
• Configuring firewalls to restrict access
• Not allowing users to install software on company devices, or allowing users to make system wide configuration or settings changes.
• Only allowing designated IT staff to have admin rights to workstations.
  • Malware runs in the security of the context of the current user.
• Not allowing users to disable antivirus/antimalware controls.
• Disable remote desktop connections unless connected through enterprise/company VPN services.
• Enabling browser based controls, pop-up/ad blockers, screening downloads, and enabling automatic updates

Detection controls should identify the presence of malware and then alert administrators, and potentially prevent the malware from carrying out its attack. Detection needs to occur at multiple levels, the entry point of the network, each host device/workstation, and at the file level. Some of the common detection controls include:

• Real-time firewall detection of suspicious network connections, or file downloads
• Both Host-based and Network-based IDS/IPS solutions
• Obtaining baseline (normal behavior), reviewing, and analyzing firewalls, IDS/IPS, operating systems, application logs, network logs, and antivirus/antimalware logs for Indicators of Compromise (IoCs)
• User Awareness Training to recognize suspicious activity
• Help Desk, or equivalent training in order to respond to incidents.

Employ multiple layers, avoid duplication, and use common sense.

SME provides fully managed security solutions including Firewalls, Virtual Private Networks, Remote Access and Intrusion Detection Systems, all of which can be used in combination to add layered defenses to your network. Each customized security solution is monitored 24x7x365 from our Secure Network Operations Center, allowing our team to respond to potential threats as they are happening. For any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.