Philadelphia Area: (610)558-1730
Toll Free: (888)330-5378

Security

SEARCH MORE

Is your company at risk from ransomware?

Ransomware came to prominence in 2013, with the rise of the original CryptoLocker malware.

Most ransomware uses the AES algorithm to encrypt files. To decrypt files, hackers typically request payment in the form of Bitcoins or alternate online payment voucher services.

Forms of Ransomware

  • Jigsaw, a form of ransomware, encrypts then progressively deletes files until ransom is paid. The ransomware deletes a single file after the first hour, then deletes more and more per hour until the 72 hour mark, when all remaining files are deleted.
  • Cerber targets cloud-based Office 365 users and is assumed to have impacted millions of users using an elaborate phishing campaign. This type of malware emphasizes the growing need for SaaS backup.
  • Crysis: This form of ransomware can encrypt files on fixed, removable, and network drives and it uses strong encryption algorithms and a scheme that makes it difficult to crack within a reasonable amount of time.
  • TeslaCrypt also uses an AES algorithm to encrypt files. This ransomware targets Adobe vulnerabilities, installs itself in the Microsoft temp folder, then demands payment for the return of your data.
  • TorrentLocker, in addition to encrypting files, collects email addresses from the victim’s address book to spread malware beyond the initially infected computer/ network.
  • Le Chiffre is designed to run manually on a compromised system. Cyber criminals automatically scan networks in search of poorly secured remote desktops, logging into them remotely and manually running the virus.
  • Locky is typically spread via an email message disguised as an invoice. When opened, the invoice is scrambled, and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting a large array of file types using AES encryption. The spam campaigns spreading Locky are operating on a massive scale.
  • ZCryptor is a self-propagating malware strain that exhibits worm-like behavior, encrypting files and also infecting external drives and flash drives so it can be distributed to other computers.

 

As ransomware has evolved, backup and security have become inseparable. A proper business network security protection strategy is needed to safeguard your applications and data from cyber threats.

 

Nettology’s Methodology for Ransomware Protection

Nettology recommends putting multi-layered safeguards in place to protect your business infrastructure against ransomware. Of critical importance is a Network Vulnerability Assessment.

Answers to these four questions will determine your network security risk:

  1. How are you backing up your servers?– We recommend an image-based backup solution which takes a snapshot of your data, applications and servers before the infection occurs. Data protection solutions, like Datto, take snapshot- based, incremental backups as frequently as every five minutes to create a series of recovery points and allow businesses to run applications from backup copies of virtual machines. Nettology is a Datto partner serving the greater Philadelphia area.
  2. How often do you scan your Firewall and Servers for vulnerabilities? We examine your firewall configuration and look for any Open Ports, and ensure that all Firmware is up-to-date and has been patched regularly.
  3. Is your Email Spam\Antivirus Solution tweaked appropriately? – We assess your email and anti-virus spam filtering solution. There are certain type of file attachments that you don’t want to let through to the desktop!
  4. Which websites are you blocking? – We suggest a web content filtering solution that prevents employees from browsing non-business related and potentially infected sites where viruses and malware is waiting to automatically download.

 

For more information, read our blog: Why Image-based Backup Is An Important Component Of A Small Business Plan

More information on Datto.

Nettology can help your business with ransomware virus removal and recovery. But why wait until that happens? Call us today and let Nettology help you protect your business network infrastructure.

Nettology's cyber security ransomware datto solutions
Read More

Why Imaged-Based Backup is an Important Component of a Small Business Continuity Plan

Data is the most valuable asset in your company.  To protect it, you probably use backup measures that maintain redundant copies of datasets on site or even in the clouds to a schedule.  With data backups, you can restore individual data files and folders to a specific timeline; but, restoration is completed one file at a time and is time-consuming.

While data backup safeguards the contents of files and folders, it cannot reproduce the machine should it become damaged during a catastrophic event.  Reconstructing or even virtualizing a server requires files as well as applications, drivers, and systems.  Restoring a machine using just a data backup can take days to put all the pieces back together, resulting in downtime and lost business.

File level data backup is not enough to support business continuity!   

Imaged-based back-ups support a stronger business continuity strategy by taking copies of entire machine hard drives including all associated data in a particular time interval. By providing a more complete data picture, imaged-based backups are faster and more reliable than with a file-based solution. You can quickly restore servers with the applications and operating systems in tact.  In addition to restoring individual files from backup images, an imaged-based backup supports bare metal restores that involves repairing a computer from scratch.  You can also boot virtual machines and run them on another device locally or from a Cloud datacenter.

For example, if a hard drive dies, an image-based backup of the server can run in the cloud as a virtual office, enabling employees to connect to it until the server is repaired or replaced.  In some configurations, a virtualized system can run on the same network without the need for Internet support.

IDC reports that 60% of small businesses doing data backup are only using local, on-site storage devices.  While a data backup is still a viable course of action in protecting information, it should work hand in hand with image-based backups for a more comprehensive solution.  Data backup specialists such as Datto are integrating image-based back-ups as an integral component of continuity solutions for small businesses.  The benefits clearly out weigh the costs.

Nettology works with small businesses in creating a business continuity plan that takes into consideration your operating environment, budgets, and future needs.  We start with an evaluation of your current processes to identify weaknesses and problems before creating a plan that outlines specific strategies such as imaged-based back-ups for a quick restoration of business operations in the event of an emergency.  Contact us today to discuss your business continuity concerns at 888-330-5378 or complete the online inquiry form.

image based backup
Read More

Tips on Securing Company Data Beyond the Infrastructure

As news headlines report recurring events of data breaches affecting American institutions, government parties and public figures, businesses of every size must take a closer look at the security of their data that goes beyond data backup. Employee interactions, third-party interfaces, remote devices and even outdated software can affect the safety of your data.  Here are some tips to address potential security threats in these areas:

 

Guard Against Internal Threats

According to PWC’s 2014 US State of Cybercrime Survey, more than one in four enterprise data security events originate with insiders such as current and former employees. Poorly trained workers, weak passwords, file sharing, unattended computers and unenforced data security policies can weaken the security of company data. In some instances, bad employee behavior results in leaked passwords and stolen files.

 

Data Security Tip: Ensure that laptops have encrypted hard drives only accessible with a 2nd authentication method such as a token or fingerprint scanner. Encourage employees to use password phrases instead of simple passwords and change them for different sites (social media, email, Intranet, etc.) to reduce the chance of hackers getting access to everything at once. And change passwords often as part of company protocol. All systems should have methods to implement password complexity and forced changes.

 

Strengthen Vendor Interfaces

Many companies use application programming interfaces (APIs) to move information between their and vendor programs to expedite processes by eliminating duplicate work. However, depending on the size of a company, hundreds of vendors could be operating within a corporate system, posing potential threats to data confidentiality and integrity. Unfortunately, many businesses do not address third-party data security. According to a 2016 Ponemon Institute report on third party data risk, many IT and data security professionals find it difficult to manage cybersecurity incidents involving multiple vendors.

 

Data Security Tip: Ensure that all vendors review and sign a corporate data security policy that requires notification of any breaches involving your data. Encrypted email and multi-factor authentication should be used wherever possible. Third party software that provides access to corporate data should have additional security mechanisms.

 

Create BYOD Policies

With the growing trend of Bring Your Own Device (BYOD), employees are using their own mobile technology in the office, at home and while traveling to access corporate data. While potentially increasing productivity by enabling employees to maintain constant connectivity to the office, the use of various mobile devices not owned by the company poses challenges regarding unauthorized access to corporate data, uploading viruses and losing information. Some of the most popular mobile devices such as smartphones and tablets are prone to attacks by hackers as employees connect to external Wi-Fi spots without properly security protocols.  A lost or stolen device connected to a corporate network also can spell disaster.

 

Data Security Tip: Companies supporting BYOD should have policies that outline protocols for workers to access data remotely and incorporate mobile management platforms that ensure devices are securely encrypted and can be remotely wiped if lost or stolen. Parsing outgoing emails for private information such as social security numbers or Private Healthcare Information (PHI) is an added step companies can take to mitigate risk. Locking out external devices such as USB drives is another popular option.

 

Update Software

Software updates guarantee that applications are working with the latest security features. Hackers are known to exploit flaws in software that may exist in previous versions, providing access to corporate data. The same holds true to infrastructures with aging servers and older operating systems. While seemingly operating at sufficient capacity, older technology is prone to higher security risks as hackers understand their vulnerabilities.

 

Data Security Tip: Companies must pay attention to firewall\network firmware upgrades as they address security holes and other issues. Keep track of server and PC operating systems end of life to know when support or upgrades will discontinue from the manufacturer. Another option is considering on-demand cloud technology such as Microsoft Office 365 that provides the latest version of Office applications on any device.

 

Nettology can help IT departments maintain the security of corporate data through technical administration and support for hosted applications such as Office 365, firewall/VPN devices, as well as firewall management between client sites and hosted cloud data centers such as Amazon Web Services and Microsoft Azure. Contact us today to discuss your data security concerns at 610-558-1730 or complete the online inquiry form.

 

network vulnerability assessments, cyber security
Read More

Creating a Secure and Consistent Network with a Network Monitoring Solution

Chances are your computer network is a vital part of your business. When your network is down, you lose productivity, profit, and customer satisfaction.  So continuous and detailed monitoring of your network is crucial, along with alerts sent to an administrator in case of an network device outage, server outage, network intrusion, or ransomware attack. Here are some questions to ask when making a decision on a network monitoring plan that is best for your business.

What?

What specifically do you want monitored?  Most importantly you need to know if something on your network is down.  You need to know what servers are running which applications on what OS, how many desktops, and how many remote access devices are running on the network.  Every network is different but there are specific areas that all network monitoring solutions should cover – Firewalls, Routers, Server Hardware, Patch Management, Software Hardware Asset Management, Web Content Filtering.

How much?

Network monitoring solutions can range from free (open source tool) to a couple thousand dollars a month, depending on the complexity of your network. Having a good understanding of your network map is important to finding a network solution that will work best for you.

Which one?

Depending on the available resources in your IT department, you may choose to implement yourself. Spiceworks seems to be a good choice for those on the DIY path.  More complex solutions such as Solar Winds and PRTG require significant time and have more of a learning curve. Many managed Services IT Providers use agent based monitoring such as Kaseya.

If you are choosing to outsource your network monitoring you need to make sure you the provider understands the topology of your specific network very well and can provide after-hours support.  If network monitoring seems a bit daunting to take on by yourself, or if you would like some additional help for your IT staff, call Nettology Philadelphia IT support on 610-558-1730. Nettology also offers Network Assessments, Security Assessments and IT Assist Support Packages that include Network and Server Monitoring to keep your network protected and running smoothly.

Nettology network monitoring solutions
Read More

Ransomware and RDP – Are you vulnerable?

 

As an IT Company that manages many clients across many platforms we see trends that are often overlooked by internal IT staff. The sheer nature of our business enables us to look at things in volume from the top level.  One of the most prevalent security issues we see is the exponential growth in ransomware virus infections. A ransomware virus such as Cryptowall and Crypolocker (to name just a few) locks all of your files and provides instruction on how to unlock them. Seems simple enough right? Not so fast. The only way you can get the “key” to unlock your files is to follow the instructions of the hacker which is different with every virus. But the basic gist is that you have to pay for the key with a bitcoin. At this point 99% of folks don’t even understand what a bitcoin is let alone how to pay for something quickly with bitcoin. The process is very involved and most bitcoin “wallet” companies require multiple verification and a connection with your bank checking account to get setup. This part sometimes takes a day or so. Then there are limitations on how much money you can instantly transfer and convert to a bitcoin per day. And while you are sorting out setting up the payment the “clock” is ticking because the hackers instructions tell you that the ransom will be doubled if you don’t pay in 24 hrs. And if you finally get this key, it sometimes will take another week to go through every file on your network to unlock them. Now we all know that having a really good and verified backup is the best prevention from having to go through this nightmare but even restoring large amounts of data from either a local or cloud backup can take days. Bottom line is you don’t want this stuff on your network.ransomware

Ransomware infections are no longer occurring only via an end user clicking on a bad zip file. The latest trend is a brute force attack on the standard RDP (Remote Desktop) port 3389 . There are scripts out there that are doing port scans on firewalls that have open RDP ports. The script finds the opening and hammers away at common usernames and passwords, so if there is one weak password on your network that’s bound to that RDP server, this hack will find it and you will have some nasty stuff installed on your network in pretty short order . One of the answers here is to make sure RDP is not open from the outside and your organization is using a VPN solution.

Close those RDP ports now and stay vigilant!

business network security
Read More

The Small Business Network Consultant is Dead

Long Live the Small Business Network Consultant

As an IT infrastructure business network consultant, I have had the opportunity to work on many small to mid market corporate networks. From rock solid and secure (although is anything really secure these days?) to really shoddy excuses for a business network. My job is to help – to be able to look at both the big picture functionality and efficiency of the network as well as the details of what makes it work properly and securely or not to so securely (as I have come to find all too often). There is a certain confidence you get when you can actually see the datacenter, the physical security and the underlying hardware on which precious company data is housed. Having the ability to look at that Cisco ASA firewall, observe all the green lights on your EMC SAN or HP server array hard drives, and know that you have built so much redundancy into the Client and you have covered all your bases should there be an issue is what I thrive on. It’s a good feeling knowing that if you can sleep at night because their data is protected then your Client can rest easy also.

Enter Cloud Computing and its inevitable revolution of providing “As a Service” for everything including your refrigerator. Say goodbye to the traditional “Small Business Network Consultant” at least as we know it. Why put a “Microsoft Small Business Server” in your office for thousands of dollars when you can pay monthly for more services and flexibility? (Maybe one reason is because the Microsoft Small business server does not exist anymore – but we wont go there just yet.)

A sad truth is many organizations (even startups) are now bypassing the Consultant and spinning up servers by reading directions on the hosting companies website. OK so not everyone can do this but if you are even slightly tech savvy you can get through some of the wizards and viola – you have a server and you did not have to pay a consultant!! Pretty cool huh – that you had your web developer put up a database and file server for you in the cloud and your livelihood is running on it!

Well on the surface that may have been a good cost saving business decision but wait there’s more ……..

There is a very scary part to this scenario that I have observed over the last two years. Companies are bypassing traditional common sense security practices assuming that the servers and databases the put up in the cloud are secure. Because they skipped over the “network design and consulting” step basic security principles are not being followed. There are major assumptions about the underlying hardware and redundancy (or lack of) provided by the hosting provider. I have seen companies that are doing business with fortune 100 companies that do not have any firewall or intrusion detection solution, and have servers that have no business being public facing with dangerous and unnecessary ports open to the outside world. I have seen servers are built with zero redundancy. Companies have invested tens of thousands of dollars on application development and customization but yet they have no methodology for backing up the images of these servers. While the hosting company they are using provides various services including firewalls, imaging, and high availability, they are not implemented. Entire architectures have been built with significant “single points of failure”. The basic building blocks of traditional network security and efficiency are being skipped because it was easy and inexpensive to do, and these folks clearly were not given proper direction. Unfortunately this is not just one company, I am seeing this over and over again.

We can’t just lay blame on the companies (well maybe). Are we a dying breed or has the Small Business Network Consultant not adapted quickly enough to the Cloud paradigm? We can’t just sit on that MCSE Certification from 10 years ago and hope none of our clients “catch on to this whole cloud thing”. Consultants need to educate themselves to truly consult in this rapidly changing environment. There is an immense amount of cloud based infrastructure technology out there to learn and the industry is maturing quickly. Amazon Web Services has developed an entire curriculum and certification program around their services. Microsoft is modifying many of their partner competencies and certifications to adapt to their Azure and Office 365 service offerings. There are also many third party solutions are out there that fill the gaps missing from the hosting providers.

Good network consultants are desperately needed to right the ships of many companies that have strayed into uncharted clouds. So if you are an IT Consultant that has lost your way, get it in gear, start learning, and start consulting again! And if you are a Business Owner or IT Director in the midst of making decisions on Cloud infrastructure, call your friendly neighborhood IT Consultant.

Long Live the Small Business Network Consultant – Be it Dead or Alive!

small business network consultant
Read More

GET A QUOTE








X