In the past, the technological requirements and needs of the US government have always been quite different and in many ways unique to how businesses in the private and public sectors typically operate. So in response to these unique and evolving requirements, Microsoft created a specific platform for their public and private sector customers – Microsoft 365 Government. This platform has addressed many of the compliance struggles that government cloud computing has faced in the past.

From their website Microsoft states the following about their Microsoft 365 Government platform:

Microsoft 365 Government is a set of productivity, security, and mobility cloud software capabilities tailored for US government agencies and contractors sponsored to hold controlled, unclassified information. Delivered through unique environments that meet the most stringent of compliance requirements, Microsoft 365 Government is a cloud offer for US government customers that matches as closely as possible the features and capabilities of Microsoft commercial cloud enterprise offerings.

Whether an organization is public or private sector, many are moving away from in-house data centers and into the cloud. However, if an organization will be handling government data, specifically data from the DoD or Federal government, there are certain cybersecurity regulations and compliance requirements that must be met before the data they are utilizing can be stored in the cloud. 

For those organizations out there that are current Microsoft 365 Commercial customers and are either currently working towards, or planning on becoming CMMC compliant, a new change has been enacted that may require you to upgrade from Microsoft 365 Commercial to either Microsoft’s Government Community Cloud (GCC), or Government Community Cloud High (GCC High) platforms. 

Microsoft’s Government Community Cloud(GCC) Government Community Cloud High(GCC High) is used across various US Federal, state, local, and other government entities. It is also used by organizations that deal with certain types of sensitive or controlled government data that may possess more strict regulatory or compliance requirements. 

Different Versions of Microsoft 365 

Microsoft actually offers three different environments for their Microsoft 365 platform, here is a quick explanation of each.

Microsoft 365 Commercial

This particular environment is built to FedRAMP Moderate standards and can be customized and configured to meet NIST 800-171 compliance, but does not fully meet the requirements for DFARS 7012 compliance.

Although not officially asserted, it is expected that Microsoft 365 Commercial will meet CMMC Levels 1-2.

Microsoft 365 GCC

Microsoft GCC, or Government Community Cloud, in a nutshell is a government focused copy of the commercial environment. What this means is that it has many of the same features and functionalities, but features data centers ONLY in the continental United States and segregated from commercial organizations, as mandated by FedRAMP Moderate. As with the Microsoft 365 Commercial environment, it can be customized and configured to be 100% NIST 800-171 compliant. 

Microsoft 365 GCC High

Microsoft GCC High, or Government Community Cloud High was created specifically to meet the needs of DoD and Federal contractors that need to meet the strict cybersecurity and compliance requirements. GCC High can be thought of as a copy of the Microsoft DOD cloud environment for use by DOD contractors, cabinet-level agencies, and cleared personnel. One critical distinction: when handling classified data, environments have a high side and a low side, the high side existing so users can handle classified data. GCC High is not considered a high side environment, it only received the “High” name because it meets FedRAMP High impact requirements.

For many government regulations, standards, and compliance requirements, organizations must make sure any personnel working in the environment meets the requirements of specific government background checks. GCC High acts as a data enclave of Office Commercial. It’s compliant with DFARS, ITAR, NIST-800 171, NIST-800 53, and CMMC.

For organizations planning to or required to meet CMMC Levels 3-5, they should deploy Microsoft 365 GCC High. 

GCC High is not required to meet CMMC compliance at any Level, however Microsoft recommends for organizations planning or required to meet CMMC Levels 3-5 should deploy Microsoft 365 GCC High. The Commercial and GCC versions of Microsoft 365 can be customized and configured to meet NIST 800-171, and the majority of CMMC’s requirements.

Put simply, there are 3 major steps that are required to be met in order to obtain access to the GCC High environment.

• Identifying Need and Confirm Eligibility
• Validating Eligibility
• Submit for Licensing

Identifying Need and Confirm Eligibility

Because not every organization that is part of or connected to the US government will need access to the GCC or GCC High environment, it is important to first identify if the need for either of these environments exists.

In order to be eligible, an organization must be classified as a government organization, or are currently authorized to purchase government contracts, and eligibility can be extended to cover entities or organizations that handle data that falls under specific governmental regulations and compliance requirements. 

Validating Eligibility

After an organization has determined that Office 365 GCC or GCC High is the right solution for its requirements, it has to confirm and validate its eligibility with Microsoft in order to obtain access to a Microsoft 365 Government cloud environment. This step is crucial because Microsoft does not offer commercial trials for Office 365 GCC and there are no trials for the GCC High or the DoD environments.

Most often, companies fail these first two steps, and as a result are refused licensing for GCC High. Ensuring that your organization meets the baseline qualifications and requirements for GCC or GCC High is vital in order to obtain the licensing to access the GCC or GCC High cloud environment.

SME Can Help!

Once your organization has obtained approval to access the GCC or GCC High environment, our team of highly trained and qualified professionals here at SME can assist your organization by setting up tenants for the Microsoft GCC or GCC High cloud environments with the best security practices and standards, as well as migrating your currently existing data from Microsoft 365 Commercial environment.

March 20th marked the first day of Spring for 2021, so it’s time for annual Spring cleaning right? Dragging the old stuff out for a yard sale, packing the last of the holiday decorations up and beginning to take full advantage of the warmer weather and the days we’re stuck inside due to the Spring rain. As many of us find ourselves tidying up more, and cleaning around the house, or yard, we all should also take the time to clean out our computers and other devices as well.

When we clean out our computers and other devices, it’s not just about dusting off the screens or blowing out, and wiping down the keyboards. It’s also very important to clean the hard drive, USB and charge ports, update the software, and work on uninstalling outdated, or unused programs and apps.

Not only can this increase the lifespan of these devices but it can also help them to run faster, and operate better. In order to do this, we should take the time to properly clean the hardware, and software. Here are some helpful tips for both cleaning the hardware and the software of your computers, and other devices. 

Hardware

If you’re running a laptop with fans or a desktop computer whether it’s for personal, business, or even gaming, it’s crucial that you keep the fans cleaned out and running smoothly. Regularly cleaning the dust off of fan vents can help prevent the computer from overheating and potentially breaking causing you to lose all of your valuable information stored on it. 

This can be a fairly simple task, and can be achieved with little less than a can of compressed air that you can pick up at many local supermarkets or other stores. However, if you do not feel comfortable doing this yourself, give your local Computer Repair store or a local reputable IT person and ask if they provide hardware cleaning services. Most often, these places will utilize what specialized tool called a DataVac and use it to blow out dust out of the machine, and safely clean other areas of the computer.

Another helpful tip is to clean out the data ports on computers and devices, this can also be done with compressed air and many times something like a toothpick, you would be very surprised, and maybe a little grossed out by how much dust and gunk can get stuck inside the charge port on your mobile device or tablet and inside the USB ports on your computer.

Power surges can damage computers, and many people don’t realize that power surges can cause surge protectors to lose their ability to do their jobs, protecting from surges. It’s a good idea to check them from time to time, especially after a notable power surge.

Software

Cleaning a computer or other devices software not only helps protect the data stored on it, it also helps the computer operate more smoothly and efficiently. Using antivirus software can ensure that malware stays out of the system, but that antivirus needs to be regularly updated. 

To keep your software cleaned out, and running as smoothly and efficiently as possible:

• Delete outdated/unused programs
• Download and install software updates/patches.
• Perform backup operations:
  • Take a full backup of the harddrive, photos, videos, and any other important data.
• Perform maintenance tasks often. 
  • Run antivirus/antimalware scans, defragment hard drives, download and apply updates/patches.
• Defragment the Hard Disk Drive (HDD) (not applicable to Solid State Drives (SSD)). Computers can slow down if the data on the HDD is fragmented. To address this, Windows has a disk defragmenter tool that is built into the system and can be set to run automatically.

While installing updates, check to see if the programs/apps on the device are even being used, and consider deleting any programs/apps, and files no longer in use. Uninstalling and decluttering these unused or outdated programs/apps can ensure that your device doesn’t get bogged down with unnecessary data. It also limits the number of programs malware might attempt to hijack the device in order  to gain access to the system.

In order to help detect hard drive issues that could lead to other potential problems, Microsoft provides a Check Disk tool for WIndows operating systems. Check Disk  will scan for and repair issues such as file system errors or bad sectors. If you have never performed a Check Disk scan before, run a full scan, which enables automatic repairs. However, the process may take a few hours, so sit back and relax while it works it’s magic.

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

How many times have you heard someone mention that “We have locks, we don’t need security cameras” or “We have a firewall setup, we don’t need an IDS/IPS, or the need to segment our network”. More often than not, we have heard someone we know, or overheard someone say this. When it comes to cybersecurity, even if you are an expert or an ametuer, and even though you may have a firewall, an IDS/IPS deployed, or install antivirus or advanced malware protection, you can not simply assume that you are safe and secure.

IT Teams are generally tasked with the responsibility of employing a strong defense-in depth strategy. This means taking the steps and means to implement prevention, detection, response controls, all tied together with an active security awareness campaign.

Think of your organization as a castle, then think of Defense-in-Depth as the high walls, the draw-bridge, and the moat full of alligators, all designed to work in unison to protect the castle from intruders.

In order to adequately protect the network and assets, successful organizations implement a layered and cross-boundary strategy to ensure that even if one or more protective measures fail, there will be other defenses in place to protect your environment, and organization. This strategy is typically referred to as “Defense-in-Depth”, and is used as an information assurance strategy to provide multiple, redundant, and layered defensive countermeasures in order to protect valuable data and assets in the likelihood that a security control mechanism fails, or a vulnerability is exploited. If one control fails, another immediately takes its place in an attempt to thwart an attack.

The Defense-in-Depth strategy originates from a military strategy of the same name, whose goal is to delay the potential for an attack, rather than outright defeating it with one strong line of defense. This same concept is utilized in cybersecurity as a multi-layered approach can be applied to all levels of IT systems, as it increases the security of systems, and addresses the many different attack vectors a network can introduce. Each layer of security introduces complexity and latency while requiring that someone actively manage it.

Protecting your information assets requires a combination of different technologies to create these multiple layers of security. There are several important security layers that can provide the means to implement prevention, detection, and response controls, some of the most essential can include measures that provide the means:

• Firewalls, Web Application Firewalls, System dependent firewalls (Windows Firewall)
• Intrusion Detection Systems / Intrusion Prevention Systems
• Identity and Access Management / Access Control 
• Change Management / Patch Management
• Enterprise-wide Antivirus / Antimalware applications
• User Awareness Security Training

Prevention controls are used to stop an attack before it has the chance to start. This can be done in several ways:

• User Awareness Training: training users not to click links in email, open unexpected attachments, visit unsafe sites on the web, downloading games, music or movies from peer-to-peer (P2P) networks, or allowing insecure means to remote into their machines.
• Configuring firewalls to restrict access
• Not allowing users to install software on company devices, or allowing users to make system wide configuration or settings changes.
• Only allowing designated IT staff to have admin rights to workstations.
  • Malware runs in the security of the context of the current user.
• Not allowing users to disable antivirus/antimalware controls.
• Disable remote desktop connections unless connected through enterprise/company VPN services.
• Enabling browser based controls, pop-up/ad blockers, screening downloads, and enabling automatic updates

Detection controls should identify the presence of malware and then alert administrators, and potentially prevent the malware from carrying out its attack. Detection needs to occur at multiple levels, the entry point of the network, each host device/workstation, and at the file level. Some of the common detection controls include:

• Real-time firewall detection of suspicious network connections, or file downloads
• Both Host-based and Network-based IDS/IPS solutions
• Obtaining baseline (normal behavior), reviewing, and analyzing firewalls, IDS/IPS, operating systems, application logs, network logs, and antivirus/antimalware logs for Indicators of Compromise (IoCs)
• User Awareness Training to recognize suspicious activity
• Help Desk, or equivalent training in order to respond to incidents.

Employ multiple layers, avoid duplication, and use common sense.

SME provides fully managed security solutions including Firewalls, Virtual Private Networks, Remote Access and Intrusion Detection Systems, all of which can be used in combination to add layered defenses to your network. Each customized security solution is monitored 24x7x365 from our Secure Network Operations Center, allowing our team to respond to potential threats as they are happening. For any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

There are a wide variety of tools available that can be utilized in order to detect attacks and exploits, and take further steps in order to block, mitigate, and prevent cyber attacks. These tools can include things like firewalls, spam filters to reject annoying emails, and antivirus/anti-malware to protect endpoint systems are utilized by almost all organizations, regardless of their size. Another significantly valuable security tool that is becoming more prevalent across organizations is a network IDS / IPS, or Intrusion Detection System / Intrusion Prevention System. If you are unsure of what either of these tools are, don’t worry; we’re going to provide a brief description of what they are.

What is an IDS? 

An Intrusion Detection System, or an IDS can be either a software application or a hardware appliance with the purpose of passively monitoring network traffic to search for suspicious activity, and potential threats, which will then send out alerts when such activity is discovered. An IDS is pre-programmed to analyze network traffic and identify patterns in that traffic that may indicate a potential cyber attack.

IDS systems are typically placed into two categories/types:

• Host-based
• Network-based

The difference is where the sensors for the system are placed, whether it be on a host, endpoint, or on a network. With there being different types of IDS systems, there are also different methods of deployment and detection. Beyond the location of where the IDS is deployed, IDS systems also differ in how the detect and identify intrusions:

• Signature Detection
• Anomaly Detection
• Hybrid Detection

How Does an IDS Work?

An IDS is a passive technology that detects potential threats and then generates alerts, which in turn allows incident responders, analysts, engineers, and stakeholders a means to investigate and respond to the occurrence of the threat. It is a common misnomer that IDS systems provide protection to endpoints or networks, IDS do not provide active protection to these systems or networks. An IPS (Intrusion Prevention System) on the other hand does actively defend endpoints or networks from threats.

What is an IPS?

An IPS, or Intrusion Prevention System can be thought of as being similar to a firewall. It is a network security and cyber treaty prevention technology that actively monitors and examines network traffic to detect and prevent known threats instead of just raising an alarm or sending out alerts like with an IDS. Similar to that of an IDS, most IPS’ use both Signature Based and Anomaly Based Detection methods for detecting threats, but also have one method that is unique as well; which is Policy Based Detection.

How Does an IPS Work?

Typically an IPS is placed directly behind a firewall so that it may provide an added layer of analysis in order to actively scan for potential threats. Intrusion Prevention Systems work by actively scanning all traffic going to the network, just a few of the different types of threats that an IPS is programmed to monitor for and block are:

• Denial of Service (DoS) attacks
• Distributed Denial of Service (DDoS) attacks
• Different types of known exploits
• Worms
• Viruses

IPS’ perform real-time packet analysis, thoroughly inspecting every single packet that travels through the network. If a packet is detected that contains a potential threat, an IPS can terminate the TCP session, reprogram/reconfigure the firewall to prevent those packets in the future, or remove/reconfigure the malicious content in the packet.

Why You Need a IDS/IPS

Hackers are continuously developing new exploits and attack techniques in order to circumvent our network defenses. No network is impenetrable, and no firewall foolproof. An IDS/IPS can be a key addition to an organization’s network/infrastructure because it enables you to detect and respond to malicious network traffic. 

The main benefit of an IDS/IPS is that it ensures that IT personnel are notified when an attack or breach is taking place. 

If I Have an IDS/IPS Why Do I Need a Firewall?

Some of you may be wondering this often asked question, “If I have an IDS/IPS in place, why do I need a firewall?”. This is because the IDS/IPS does not actually keep out intruders, it keeps track of the attempted breaches, the firewall on the other hand is what actually keeps the intruders and malicious traffic from getting into the system. Think of it this way, the firewall is the first line of defense, a sort of security guard in a sense. 

If the firewall is the security guard, IDS/IPS are security cameras. The firewall explicitly restricts access by screening the traffic and deciding what is permitted and what is not based upon certain criteria. However, an IDS/IPS monitors this traffic and then spots patterns or anomalies in activity, which will then send out an alert if anything suspicious is detected. This is why a continued effort of actively monitoring your firewall, updating your filtering controls, and allow/deny rules and policies is crucial to ensuring that you have the best security possible. This way you’re getting an idea of who, or what is trying to get into the network.

SME provides fully managed security solutions including Firewalls, Virtual Private Networks, Remote Access and Intrusion Detection Systems. Each customized security solution is monitored 24x7x365 from our Secure Network Operations Center, allowing our team to respond to potential threats as they are happening. For any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

What is the CMMC Interim Rule? 

Are you a DoD prime or subcontractor? If yes, then the answer to this question is an important one, if not slightly complex. This Interim Rule took effect on November 30, 2020, so the sooner you understand how it affects your existing as well as new contracts, the better. There is a lot to digest within the requirements—all 110 of them—but we will simplify some of the basics to bring you up to speed.      

Who 

The Defense Acquisitions Regulation System released a new Interim Rule implementing its Cybersecurity Maturity Model Certification (CMMC) program to supplement the existing DFARS regulations. The new mandate affects CMMC cyber rules for all DoD contractors with systems that process, store, or transmit CUI. 

Why 

This Interim Rule was necessary to provide immediate improvements to DoD contractor security in the current DFARS requirement while the implementation of the CMMC program is still in development. The CMMC program is expected to be a phased rollout over the next five years. 

What 

The new Interim Rule has some updated requirements including performing NIST SP 800-171 Self-Assessments, complete a System Security Plan (SSP) with a Plan of Action and Milestones (POAM), and upload information into the Supplier Performance Risk System (SPRS). 

Let SME help you navigate the complexities of the new CMMC Interim Rule. We will start with getting a handle on where your company currently stands and address your cybersecurity compliance gaps so you do not miss out on contract awards. Give us a call 703-378-4110 or email info@smeinc.net. 

An uncomfortable reality that many businesses have to worry about are data breaches, which are becoming much more frequent, but are also getting much craftier and more sophisticated; and the amount of data being compromised is increasing rapidly. Unfortunately, another uncomfortable reality is that most companies are completely unprepared to handle a data breach if they were to fall victim to one.

As data breaches are becoming more common by the day, it is imperative that businesses be proactive about their cybersecurity posture, and ensure that they are putting protective, and preventative measures in place before disaster strikes. One way of doing this is by using a Virtual Private Network (VPN), a VPN can be one of the most important tools that a company uses to protect itself from, and aid in preventing data breaches.

Think of a VPN as a hidden tunnel that you can take from one place to another

Essentially, a VPN connects two separated computers, or networks securely and privately over the Internet. In more technical terms, by using a suite of security protocols a VPN creates an encrypted tunnel between your device, and a remote server, or network. All your traffic is then routed through this secure tunnel, this allows for both the confidentiality and authenticity of the information that is being passed through the VPN tunnel, away from prying eyes.

Most importantly, all users, whether they are home users, startups, small, medium, and large businesses-stand to benefit from using a VPN. When it comes down to it, a VPN will secure your internet traffic and can minimize, and prevent data theft incidents.

The following are some of the more basic reasons your business can benefit from using a VPN:

• Enhanced Security: You may not think that your company will need a secure, private tunnel or remote access to the internal network. However, given the events of the last year due to the covid-19 pandemic, many businesses have had to resort to having their employees work remotely from home. In order for business operations to run as smoothly as possible, the employees will need to be able to access the same internal data, but from an external location. Or you (as many companies do nowadays) may have resources such as apps, data, or forms hosted externally in a cloud-based environment. Providing VPN access to your employees will guarantee that they not only have a secure way of connecting to your network, but a secure means for accessing internal resources, all the while ensuring that the data or other resources are intercepted in the process.
  
• Remote Workforce: As stated above, if the last year has proved anything, it’s that more of America’s workforce can do their jobs from home than previously thought. If your employees are working from different locations, how can you be sure that the network they’re using to connect to the company network is secure?
  
• Access Control: Without proper access control measures in place, the wrong people might get access or too much access to resources they shouldn’t, or on the other side of this, the people who need access to get the job done can’t do so because they lack the proper access. A VPN also acts as a sort of Access Control system by authenticating and authorizing users by evaluating their credentials, then verifying that the person is who they claim to be. Once they are authenticated, and then assigning the appropriate access levels and permissions associated with the users credentials.
  

SME offers The Nextwall™ Security Suite featuring VPN technology and we also implement and support security solutions from Cisco, Dell, Sophos, and more.

Nextwall™ VPN technology is engineered to provide secure Wide Area Network (WAN) connectivity to public and private enterprises, ensuring that only authorized users can access the network and that data cannot be intercepted.

SME provides fully managed security solutions including Firewalls, Virtual Private Networks, Remote Access and Intrusion Detection Systems. Each customized security solution is monitored 24x7x365 from our Secure Network Operations Center. For any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

Ransomware attacks have caused many organizations to lose highly important or sensitive data. Most recently, it has come to light that Kia, the vehicle manufacturer has suffered a ransomware attack where the attackers are demanding $20 million in payment in order to decrypt the data. 

While prevention is the best defense for ransomware, once a ransomware attack has already occurred, the best chance to recover the data is to maintain regular data backups, otherwise you’re only option left is to pay the ransom, and in some cases, even that does not guarantee your data will be decrypted. However, as critical as it is to protect your data — you must also take measures to prevent backups from getting encrypted by ransomware as well.

What is Ransomware?

Ransomware is a form of malware, or virus that encrypts data and files on a victim machine, which then prevents users from accessing their files. When ransomware infects a system, it starts searching for files and then begins encrypting them, oftentimes it will encrypt all of the files on the machine. Attackers hold the key that can decrypt the files, which they commonly will offer to give to the victim once a ransom payment has been made, but it is not always a guarantee.

Most ransomware will display a ransom notice/pop-up to users, usually by replacing their desktop background image or placing a text file with instructions in the folders it has encrypted. The ransom notice demands payment, which may be between hundreds and several thousand dollars, most typically to be paid in cryptocurrency to keep the transaction anonymous, and untraceable. 

Backup and Recovery, aka Disaster Recovery

Data backup and recovery is the process of backing up your important data in the event of a loss and setting up secure systems that allow you to recover the data as a result. Data backup requires the storing copies and archives of computer data to make it accessible in case of data compromise, corruption, or loss due to deletion. 

Data can only be recovered from an earlier time if it has been backed up. This is often referred to as operational recovery. Recovery from a backup typically involves restoring the data to the original location, or to an alternate location where it can be used in place of the lost or damaged data. A proper backup copy is stored in a separate system or medium, such as tape, from the primary data to protect against the possibility of data loss due to primary hardware or software failure.

Disaster Recovery Can Prevent Loss Due to Ransomware

Performing and maintaining regular backups and part of a Disaster Recovery plan is the best way to protect yourself against Ransomware. If you have a clean backup of your data when a ransomware attack hits, and are also able to prevent ransomware from reaching the backup and encrypting it too, then you have a safe and easy way to recover without having to pay the ransom.

Here are some best practices and tips to protect your backups against ransomware:

• Keep an offline backup — keep a copy of the backup offline. If/when ransomware hits, the malware can attack anything that the infected system has access to. Keep an offline backup, this will mitigate the risk. Another tip is to use traditional backup tapes, which are impossible for ransomware to attack.
• Make use of immutable storage — also known as WORM (Write-Once-Read-Many), immutable storage can store data and lock it to prevent further modification. Immutable storage ensures backups remain unchanged.
• Endpoint protection on servers containing backups — modern endpoint protection platforms can detect ransomware as it begins to infect a system, mostly by recognizing its strange behavior. These platforms can lock down the infected systems and isolate them from the network to prevent the ransomware from spreading. This can be extremely useful for all organizational endpoints but is especially important on the backup server itself.
• Increase backup frequency — see how often you are backing up your own data. Backup frequency will determine how much data can be lost in a ransomware assault. Even if you are backing up once a day or once every few hours, consider the cost of losing all the data since the previous backup. 

The 3-2-1 Backup Method

The 3-2-1 backup method is a recommended best practice for recovery and backup, and can also help mitigate ransomware risks. No backup strategy is foolproof, but following the 3-2-1 rule is probably the most recommended way to prevent data loss.

Here is how 3-2-1 backup works:

• Keep 3 copies of your information — one main copy and two backups.
• Use 2 distinct media formats — for example, SSD drive, tape, magnetic disk or cloud storage.
• Keep 1 of those copies offsite — the most secure option is to store data to a tape and deposit it in a very secure location. Another option is to automatically take a snapshot of the data and send it to a disaster recovery location.

Tips for Testing Backups

• Test from your regular backups, in whatever media you use.
• Don’t just test a couple of files. Make sure you can restore entire directories, servers, or applications.
• Restore to a different computer or server.
• Keep a copy of the install disks for your backup software with the backups themselves.
• Be sure to document the process for restoring or reinstalling applications, especially if there are any special tips or tricks needed to perform the task. Put this into a text file in the application so that it gets backed up with everything else.

SME offers both Managed Backup solutions and Cloud Backup Storage solutions that ensure reliable backups of your data, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

Happy Valentines Day from the SME family. Many of us enjoy this time of the year, but did you know that hackers do too. 

But what exactly do hackers love…?

Last week we posted our blog post What Hackers Love: Home Edition, where we covered a few topics that hackers typically love when attacking or breaching home networks. This week we’ll be covering a few topics that hackers love to look for when attacking enterprise networks.

These topics cover businesses of all sizes. From the small mom and pop shop, or the online business, to large organizations. What’s discussed here is applicable to any business.

Hackers Love: Unpatched Systems

Unpatched systems, and software can be a magnet for malware and viruses. Especially if it is a widely used app like Adobe Flash or Internet Explorer. A classic example is the Conficker worm on Windows that was discovered in late 2008, which took advantage of unpatched versions of Microsoft Windows.

From 2019-2020, the most exploited software applications were Adobe Flash, and Internet Explorer

https://www.verdict.co.uk/top-software-vulnerabilities-2019/

Around 60% of small businesses get hacked every year as hackers are finding new ways to break into computer systems. As cyber attacks become more prevalent, proper network security is more important than ever to reduce, and mitigate the risk of a data breach and maintain not only your customers’ data, but their confidence in your company and your reputation.

Many companies are taking proactive security measures to lower their risk of vulnerabilities — one of the major ones being patch management. Patch management has often been ignored as part of cyber security, but its importance and the benefits it can provide shouldn’t be ignored.

Hackers Love: Lack of Encryption

Encryption is the process through which data is encoded so that it remains hidden from or unreadable to unauthorized users. Encryption helps protect sensitive data, and can enhance the security of communications between not only apps and servers, but between yourself and your customers. When data is encrypted, even if an unauthorized person or entity gains access to it, they will not be able to read it.

If you think your business is too small to benefit from encryption technology, think again. Encryption has largely been thought of as a more advanced form of data security, expected to be seen in large enterprises rather than small companies. However, cyber threats are growing among organizations of all sizes, especially small businesses, which are more likely to have fewer resources with which to protect themselves than large corporations. As the threat landscape continues to grow, encryption is becoming an increasingly critical component of any company’s security strategy.

Organizations large and small, and across industries are implementing encryption technology to protect their customers and employees Personally Identifiable Information (PII), company secrets, financial data, and more. Malware attacks, and phishing are on the rise, password protection is not enough, and even if your data is hosted in the cloud, at the end of the day, you’re still at risk. 

Hackers Love: Flat Networks / No Network Segmentation

Network segmentation is the practice of breaking up a larger computer network into several small sub-networks that are isolated from one another. Network segmentation is also a key part of PCI DSS compliance requirements. The PCI Security Standards Council calls for the use of network segmentation in order to help isolate all system components that are used to store, process, or transmit credit/debit cardholder data or other sensitive authentication data.

Setting up and configuring network segmentation can be a tad bit of a hassle starting out but the benefits of segmenting your network can massively outweigh the challenges. Some key benefits of network segmentation include:

• Slowing Down Attackers, Buying You More Time. If an attacker breaches your network, and that network is segmented, then it will take some more time for the attacker to break out of that segmented portion of the network to get at the resources they’re actually after.
  
• Increases Data Security. Segmenting networks makes it easier to protect the most sensitive data and internally-facing network assets. This extra layer of separation between servers containing sensitive data and everything else outside of the network can drastically reduce your risk of data loss or theft.
  
• Reaffirms Policy of Least Privilege. Network segmentation makes it easier to restrict user access to sensitive information and systems. If a user’s access credentials are compromised—or abused, this can be invaluable for protecting that information. Essentially, network segmentation helps protect your business against both internal and external threats.
  
• Reduces Damage from Attacks. Because strong network segmentation can help keep attackers from breaking out of a system before you’ve contained the breach and cut off their access, it can help to minimize the damage caused by such breaches.

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

It’s February so you know what that means, Valentine’s Day is right around the corner. Not only do many of us enjoy this time of the year, hackers do too.

So what exactly do hackers love…?

Hackers Love: Default Credentials for Networks & IoT Devices

One of the easiest ways a hacker can gain access to your network, or devices is through weak password policies. Are you still using the same password that came with the router you bought? Or the Wi-Fi camera system you have set up? Nine times out of ten, these devices that you have purchased and connected to your network are using default usernames and passwords, that are also very easy for a hacker to guess. Whenever you purchase a new device to connect to your home network, always change the default username and password, and use strong passwords! If you need help creating one, use this website to generate a strong password.

Any sort of device that you can find on the market these days that is aimed at convenience and connects to your home network is referred to as IoT, or the Internet of Things. 

https://eclature.com/10-most-popular-iot-devices-in-2020/

For more tips on securing your home network and IoT devices, check out our blog post on how to better secure your home network.

Hackers Love: Password Reuse & Weak Passwords

As mentioned above, hackers love default credentials, so it is imperative to always change those default usernames and passwords to something else that is harder for the hackers to break into. This does not mean you should create usernames or passwords that are easy to guess, or continuously reuse the same password over and over; whether it be for home networks and devices of the online services and apps you use everyday. 

You should get in the habit of creating long, strong passwords that will be very difficult for a hacker to guess, and even in this case, do not reuse the same password for another service. There is nothing easier to do than guess someones password, lookup their email address(es) in https://haveibeenpwned.com/ ,use some OSINT (Open Source Intelligence) and a little bit of Social Engineering , or run a brute force attack to guess what their password(s) might be.

To become more efficient and aid in convenience, use a password manager like LastPass, or BitWarden. A password manager makes it easier for you to manage all of the passwords you use for your online accounts and even offline accounts. Better yet, many of these services are free. Here’s a list of some of the most highly rated password managers.

Hackers Love: People Who Click Stuff

One of the most common causes of data breaches or malware infections is from unwitting people who click stuff that they’re unsure of. More commonly referred to as phishing, and still remains at the top of the list for a hackers tool kit. The increase in frequency and sophistication only drives hackers to use phishing schemes more and more against their targets. As long as people are unknowingly clicking on malicious links, or attachments, or downloads, this trend will continue. 

In order to better familiarize yourself with phishing and to increase your own cyber hygiene, check out our blog posts.

Simple Steps to Securing Yourself Online

Phishing

SME is here to help increase security posture and get rid of those sleepless nights, for any IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net.

Privacy is important, it’s why people lock the doors to their cars, or their houses at night, install home security systems on their homes, or even take out a lock box at a bank. So why should privacy of one’s data be treated any differently? as more and more  of our personal data becomes stored online,, and we share more information online, data privacy is becoming more important than ever before.

Data Privacy Day began in the United States and Canada in January 2008 as an extension of the Data Protection Day celebration in Europe. Data Protection Day commemorates the Jan. 28, 1981, signing of Convention 108, the first legally binding international treaty dealing with privacy and data protection.

Hundreds of millions of people are completely unaware of and uninformed about how their personal information and private data is being used, stored, or shared in our online society. Data Privacy Day aims to inspire communication and empower individuals and organizations to take action in order to better protect themselves and their personal data online. The US, Canada, and dozens of countries across Europe recognize January 28th as international Data Privacy Day. These countries have united in an effort to empower individuals and organizations to respect privacy, safeguard data and enable trust world wide.

Data privacy relates to how data, or personal information about each of us should be handled based on its relative importance. But what does relative importance mean? An example of this is like telling someone you just met your name, or giving them your phone number. However, you wouldn’t tell a stranger or most people for that matter your  Social Security Number, or tell anyone the pin to your ATM card; information of that level of importance you want to keep protected right?

This goes with data privacy online as well!

In the digital age, information and data is everything. It’s how many major businesses make millions or billions each year. By obtaining and selling information or data about each and every one of us! We typically think of data privacy as critical personal information, otherwise known as Personally Identifiable Information (PII), or Personal Health Information (PHI). Information like our Social Security Number, health and medical records, financial data, including bank account, debit and credit card numbers. 

However, the most basic of information still can be considered sensitive,like our full names, addresses and birthdates. This type of information can be used in social engineering or phishing against unwitting users.

One final recommendation to help you keep your online and personal data private is to regularly assess and update the privacy settings on your social media accounts. If you don’t, you may be sharing a lot more than just your name with complete strangers and even potential cyber-criminals — a clever enough cyber-criminal could use that information to steal your identity or a lot more.

Here at SME Inc, our goal is to make IT easier, this includes assisting you in protecting your privacy online. We provide both Security Awareness Training, Phishing simulations, and several other Compliance Solutions. To find out more about these services or any other IT/security related questions, please give us a call at 703-378-4110 or email info@smeinc.net