Category Archives: Data Security

Securing Data in the Cloud

Securing Data in the Cloud

Storing data in the cloud allows for easy management and accessibility over the internet. According to the Goldman Sachs analysts, as of 2020, around 23% of all IT workloads are processed in the cloud. As with any storing solution, cloud storage poses risks for security, including a loss of sensitive data, violation of other controls, insider threat, and malware. However, the number of companies using cloud storage has increased, so it is important to practice cyber hygiene when migrating to a cloud service. A data breach through accessing cloud data may be hard to prosecute, as the data can cross international borders. With cloud storage, there is an absence of physical protection of the data. The following tips will ensure safe cloud computing best practices.

Encrypt Data

Data should be encrypted when in transit and at rest. Use a strong encryption algorithm, such as AES- 256. Also, salt your keys and passwords. Using PGP for public key based encryption and decryption to enhance your encryption standard. It is also important to encrypt data on your end devices along with encryption in the cloud. Additionally, metadata should be encrypted so that PII is undecipherable after it leaves the on- premises point of origin.

Separate the Data Path and the Control Path

The control path can use public cloud services to provide orchestration and management functions at scale. On the other hand, the data path should be entirely on- premises. File data should never be transmitted outside the enterprise security perimeter.

Ensure Local Backup

Having local backups will allow for business continuity in the event that cloud storage is compromised. Data should also be backed up frequently.

Avoid Storing Sensitive Information

No storage solution is 100% free of security risks, and cloud storage is no exception. Avoid storing any PII or proprietary information in the cloud.

Use Strong Access Control Methods

Have strong password requirements such as minimum password length and complexity requirements. Using multifactor authentication will add to cloud security.

Classify data to assign explicit access controls to each type of data. For example, an employee in accounting does not need access the HR records. This will allow you to monitor activity within data. Restrict and control content with permissions, expiry dates, and password protected links.

Know Your Cloud Provider

Enterprises should always make sure their cloud storage partners offer geo-redundant storage with high levels of data durability, as well as extensive industry security and compliance certifications. Insist on rigorous compliance certifications like PCI DSS and SOC 2. Companies should make note of the cloud provider’s user agreement and ensure that the provider’s goals align with the company’s goals.

The company should also make note about the provider’s process in the event of a breach. They should take into account maintenance and management controls, as well as other measures the provider has taken to ensure that the system is always up to date with patches. The company should have a good understanding of the cloud provider’s recovery options.

Other Tips

  • Test your cloud security setup
  • Install antivirus
  • Have a defined and enforced data deletion policy
  • Use a VPN and private network
  • Identify security gaps between systems


Cybersecurity in the Age of the Coronavirus: The Impact on Business Operations

Cybersecurity in the Age of the Coronavirus: The Impact on Business Operations

As the global workforce shifts to remote work, business operations and management face a number of obstacles. As mentioned in the previous article, the line between our work lives and our personal lives are blended now more than ever. Pre- pandemic predicted cybercrime will cost companies $6 trillion globally. According to research, last year, governments and government organizations were attacked most often, followed by industrial companies, healthcare, education, and finance. 

Business networks are now accessible from home, posing a risk to the security of business operations. We’ve seen changes in the way leadership makes decisions for business performance. During these unprecedented times, the movement to cybersecurity concentration is rapid, with little to no room for error. Cybersecurity is built in layers and it is impossible to protect a network forever. However, leadership must conform to a balance between risk mitigation and business efficiency.

In this day and age, business leaders are getting a daily lesson in large scale systematic failure during COVID- 19. They see and read how quickly COVID- 19 spread around the world and how it affects economic, social, political, and business systems. It is imperative to provide real- time capability and adaptability of the company’s cybersecurity defenses. The gap between cybersecurity risk and defensive effectiveness is as wide as it’s ever been for most companies, and experts warn that it could get even worse once the pandemic subsides. New cybersecurity risks will emerge and defense has to continue to be ahead of them.

Board members often ask “Are we spending enough on cybersecurity?” rather than “What do we need to protect, what is the value of what we need to protect, and how secure is it for what we’re spending?”. Digital success and failure start at the top, so they need to have a deep understanding of how cybersecurity complexities work. Some say the pandemic is actually helping companies by urging executives to focus on cybersecurity and their digital business system, calling for a structural reform for some companies. 

IT teams who once had physical access to employee machines now lack the time and accessibility to address commonplace issues. The absence of onsite diagnostic teams calls for automated threat reporting and diagnostic tools such as endpoint detection and response. Business Continuity Plans and Disaster Recovery Plans are important to the flow of business operations by ensuring that resources are available, to keep employees online, and to guarantee constant communication.

Additionally, the way employees access data is now heavily reliant on VPNs. As a result, VPN gateways are running at or near capacity. This means that corporate IT departments need to leverage all the tools at their disposal to keep loads manageable so that the VPN gateways aren’t overwhelmed and unable to provide the necessary access for remote workers. Because of this, just one DDoS attack can take down an entire company. Cybercriminals know that employees are more exposed and less cautious when working from home, so it is important that IT stays up to date with software patches and take appropriate actions to mitigate risks. 

Along with higher VPN precautions, companies have been increasing the use of advanced concepts of threat hunting, including detection and incident responses. It is not possible to keep the threat out of the perimeter forever, so it is important to seek out the target and actively address it without giving up a basic layer of protection. Organizations have also invested in educating employees on cyber threats and their impact. Organizations have reported higher victimization of phishing emails, prompting the adoption of more innovative approaches.

Security teams are now emphasizing employee security awareness and training. Doing this while providing a basic layer of protection can create a more effective prevention and defense strategy. Organizations that do not practice cyber hygine have reported higher phishing victimization.

The risks of entering networks through third- party vendors have also increased. There is more evidence of attempts to insert malicious code, exploit external suppliers and outsourced technologies, generating higher threats and more vulnerabilities. Organizations have shown a higher dependency on outsourced tools to maintain ongoing operations such as marketing and communication tools. This may result in the higher exposure of sensitive data, expanding the potentials for supply- chain attacks. There are also more consumer- oriented online services such as E- commerce websites that are open to public access. These websites are overloaded with requests, and many of the financial processes are now made as online procedures. Phishing through these E- commerce websites is aimed at victims as both individuals and professionals.

Experts urge companies to proceed with caution. Reducing reliance on office VPN and migrating to a cloud solution is a must. Also, lock down the supply chain, as they can be an entry point for hackers. Ask your suppliers what they do to maintain security. Scale up benefits of cloud migration to virtualize the workforce. CISOs must switch their focus to four main points, rather than sticking with the traditional viewpoints.

  1. Focus: Focus on supporting only those technology features and services that are critical to operations. Focus on employee safety on the frontline.
  2. Test: Test the company’s incident response plan, business continuity and disaster recovery plan, and vendor requirements right away. Eliminating risk is impossible, but you can reduce the risk associated with a poor response.
  3. Monitor: Monitor all resources, including collaboration tools and endpoints.
  4. Balance: Cybersecurity teams are likely to receive a flood of urgent requests for cybersecurity. Allow policy exceptions that will allow teams elsewhere in the organization to get work done.

Many organizations never really take cybersecurity projects seriously because they are lower priority, but the Coronavirus has pushed cybersecurity projects to the forefront. Management has acknowledged that things will not go back to the way they used to be. This transition period marks a point in time where there are distinct opportunities for a new and more aggressive type of cyberattack to damage or slow business rather than the traditional goal of attaining money from many parties.

Security and Privacy Issues with Zoom

Security and Privacy Issues with Zoom

With the increase of employees turning to remote work during the pandemic, companies have been relying on video conferencing platforms, such as Zoom, for regular meetings and communication between employees. According to Check Point, there have been 1,700 new Zoom domains registered since the pandemic began, a quarter of these domains were registered just in the past week. Attackers have noticed the spike in users, which raises concerns for businesses that use Zoom. There have also been an increase in privacy concerns due to the sensitivity of information that is now being transferred over the platform.

In Zoom conferences, anyone with the right link can enter a teleconference and share a screen, even without a Zoom account. There have been new complaints about users being Zoom- bombed, which is when unwanted guests intrude on video meetings for malicious purposes. Recently, two online classrooms in Massachusetts were interrupted by an anonymous attacker during instruction. During the online classroom meeting, an unidentified person yelled profanity during instruction before shouting the teacher’s home address. Another classroom was disturbed by an intruder who displayed his hate tattoos to all the students and the teacher.

There have been several of these intrusions on online classrooms as well as in business conferences. Users have made several reports of conferences being interrupted by graphic images and threatening language. As a result, many schools and businesses have completely switched to other platforms, such as Microsoft Teams and Google Hangouts.

This is not the first time Zoom had security flaws in their platform. In 2019, security researcher Jonathan Leitschuh found a vulnerability in the Mac Zoom Client. When a user downloaded the Zoom app, Zoom silently installed a hidden web server on the device without the user’s permission. This web server allowed websites to join in on any Zoom call when their video camera was activated, a flaw that also impacted Ringcentral. This web server remained on the device, even if the Zoom app was uninstalled. At the time, there were 750,000 companies using Zoom for business purposes that were put at risk due to this vulnerability. Apple and Zoom have since resolved this issue for Mac users.

Another vulnerability found by Check Point researchers was quickly fixed by Zoom. Zoom calls had a randomly generated ID number between 9 and 11 digits long that allowed users to locate and join a specific call. Check Point researchers were able to predict which were valid meetings and join in on them. Zoom allows video conferences to have hundreds of participants, so it was easy for an attacker to join a call unnoticed. Zoom recently changed the randomly generated numbers into a more “cryptographically strong” one, added more digits to meeting ID numbers, and made requiring passwords default for future meetings.

Allowing vulnerable servers to run on devices makes it easier for attackers to intrude on conferences. While removing the vulnerable web server was a big help, attackers are still able to access meetings over Zoom. Officials warn businesses and individuals about an increase in phishing emails for attackers to enter and exploit networks. These can be especially detrimental to remote workers, as cybersecurity and information security is often weaker at home than in the office. Check Point researchers confirmed that at least 70 of the newly created Zoom domains were being used maliciously, often as phishing websites in order to steal unsuspecting users’ personal information.

Users have also expressed concerns over Zoom’s privacy flaws. Zoom allows hosts to see if participants have been on a different screen for more than 30 seconds. Additionally, for paid subscribers, a host can record the meeting and have access to text files of any active chats that take place during the meeting. The host can then save these files to the cloud where it can be shared and accessed by other authorized users.

Earlier this week, there were questions raised about Zoom sharing customer data with Facebook, even if the users did not have a Facebook account. The Zoom app notified Facebook when the user opened the app, details on the user’s device including where the device is located and phone carrier, and a unique advertiser identifier created by the user’s device. With this information, companies could target a user with specific advertisements. This practice is not new and is fairly common with major applications. Several apps use Facebook’s Software Development Kit (SDK) to implement features on their apps, which ultimately sends information to Facebook. This concern has since been addressed and fixed by Zoom. Zoom now enables users to log in with Facebook via browser, rather than through the Facebook SDK.

The privacy of Zoom calls has particularly raised concerns for parents whose children are now using Zoom for education. However, Zoom claimed that their service for schools complies with federal laws on educational and student privacy.

Many officials are worried that Zoom has not taken any precautions when dealing with the spiked volume of users. The New York Attorney General warns that the existing security practices may not translate well with the volume and sensitivity of data now being transferred through Zoom.

Zoom’s cloud meeting app is now one of the most popular apps being downloaded on iPhones. Here are some tips to protecting your Zoom conferences:

  • Keep conferencing private rather than public and refrain from posting the links to your conferences on social media
  • Keep the screen- sharing feature only to the host
  • Lock meetings when they are in session so no new participants can join
  • Mute participants and disable the file transfer feature when it is not in use
Coronavirus and Ransomware

Coronavirus and Ransomware

According to Health Care Dive, 1,500 health care companies have been hit by a ransomware attack in the past four years. Healthcare companies like hospitals and clinics are often a target for these attacks because they store sensitive information and commonly lack cybersecurity. Ransomware attacks have changed in the past week as the Coronavirus pandemic impacts hospitals and healthcare organizations around the world.

Brno University Hospital

On March 13, Brno University Hospital in Brno, Czech Republic was hit by a ransomware attack that led to the cancellation of surgeries and the re-routing of all new patients to nearby St. Anne’s University Hospital. Brno University Hospital is one of the Czech Republic’s biggest COVID-19 testing laboratories. As the origin of the attack remain unknown, the attack was severe enough for the IT team to shut down the entire hospital’s infrastructure. This resulted in the delay of dozens of Coronavirus test results and surgeries.

Security experts warn that hospital staff has no time to worry about cybersecurity during this time. Flavius Plesu, founder and CEO of OutThink, claims that cybercriminals are remorseless and actively target healthcare facilities. Plesu and other professionals believe that prevalence of ransomware attacks will only increase during this crisis. Experts urge healthcare companies to continue providing as much cybersecurity training to their employees as possible.

Champaign- Urbana Public Health District

Just weeks prior to the Brno University Hospital ransomware attack, cybercriminals targeted the Champaign- Urbana Public Health District in Illinois. The ransomware was called Netwalker and it entered the network using a phishing campaign. Attackers have posed as helpful news article companies, healthcare providers, and public health agencies to lure victims into clicking the attachments in the emails that they send. In February, the World Health Organization (WHO) warned individuals about phishing scams related to the Coronavirus.

A Change of Heart?

As we’ve seen cybercriminals exploit healthcare organizations during the pandemic, one ransomware operator has pledged to avoid attacking them. According to BleepingComputer, operators of the Maze Ransomware stated that they will stop “all activity versus all kinds of medical organizations until the stabilization of the situation with the virus”.

Operators of DoppelPaymer Ransomware expressed that they do not normally target hospitals and will continue no to during this time. They added that if the group accidentally attacks a hospital, they will decrypt the victim’s data for free.

However, other operators were not as generous. Operators of the Netwalker Ransomware stated that no one, including them, has a goal to attack hospitals. Although, if they do attack a hospital by accident, the hospital must pay for the decryption.

In the event that a hospital becomes a victim of a Ransomware attack, Emisoft and Coveware have partnered together to offer free ransomware services. Their goal is to allow hospitals to remain operational in the shortest time possible following an attack.

Tips for Ensuring Cyber Safety When Working From Home

Tips for Ensuring Cyber Safety When Working From Home

As organizations shift to remote work during the viral outbreak, employees become vulnerable to cyber attacks if they are working outside of a secure network. This raises concerns for IT Security professionals. Some of these challenges include establishing a secure connection through all employee devices and keeping up to date with security patches and updates. It is crucial for all employees to be aware of security risks when working from home in order to ensure business continuity. Take these steps to securing your company’s data while working remotely.

1. User Education

Employees are often the main target for cyber crime. One crime cyber criminals often engage in to access a company’s network is phishing. A common example of phishing is when an attacker sends out an email to an employee, posing as a legitimate person or organization, and persuades the employee to click the attached link. Employees are often tricked into entering their employee ID and password.

Users should be trained on what a phishing email looks like and who to report to if they receive a suspicious email. Cyber criminals take advantage of employees that work from home, as there is usually less security in one’s home than at the office.

2. Secure Workspace

Ensure that employees are practicing physical machine safety as much as cyber safety. Employees should not work in a public area if they are working with sensitive information and should always lock their computers when unattended. Although working remotely takes place of working in the office, employees should continue to use best practices for physical machine safety.

Employees should also ensure that they are working through a secure connection. Employees should avoid working on public WiFi and should always use a VPN connection if the company has one. IT Security should make certain that VPN patches are up to date.

3. Monitor and Log

As employees will be accessing the company’s network from a number of endpoints, it is important to perform continuous monitoring and logging. The IT Security team should be notified immediately when an untrusted connection is made, and respond quickly to the alert.

4. Review Company Policy

Policies and procedures should be reviewed by all employees before starting to work remotely. This will provide guidelines when working from home. Some policies to review include:
– Access Control Policy
– Mobile Device Management Policy
– Alerts & Notifications Policy
– Network Security Policy
– Physical Access Control Policy
– Transmission Security Policy

Ryuk Ransomware

Ryuk Ransomware

How to Protect Your Organization from Ransomware Attacks

Ryuk Ransomware is a type of ransomware that targets businesses and corporate environments. Ryuk enters victims’ systems and encrypts their data. The attackers demand payments via Bitcoin cryptocurrency and instructs victims to deposit the ransom into a specific Bitcoin wallet to decrypt their information. A Russian hacker group named Wizard Spider has been responsible for the execution of Ryuk since August 2018. Since Ryuk’s appearance in 2018, threat actors have netted over 708.50 Bitcoins across more than 52 transactions, totaling over $3.7 million.

How does Ryuk work?

The malware enters a system when a victim clicks on a phishing email or clicks a pop up ad with Ryuk embedded in it. A dropper is triggered, which examines the system’s architecture. The dropper then writes an executable that corresponds to the system, which begins the encryption process. Ryuk is preconfigured to inject malicious code into 40 processes and 180 services including antivirus tools, databases, and back ups.

How can I protect my organization from Ryuk?

Ryuk can be detrimental to any business or organization. Although prevention is key, it is important to know what steps to take in the event that your network is compromised.

1. Compose Annual Employee Security Training

Employees are often the weakest link to information security, so it is crucial that they are educated on cyber attack methods and risks. They should be able to identify phishing emails and trained to avoid advertisements and illegitimate websites on their work machine.

2. Implement a Well- Written Disaster Recovery Plan and Business Continuity Plan

In the event that your organization is attacked, you should have procedures in place to continue with business processes. A necessary item to include in these plans are data back- up processes; where the back up data is stored and how to retrieve it. Another important step is prioritizing all your assets that are imperative to business functions.

3. Continuously Update

It is crucial to frequently update your anti- virus software, firewalls, and operating systems to prevent an attacker from exploiting any security holes. Run routine security scans on all machines and perform regular Security Risk Assessments. Additionally, check that your Disaster Recovery Plan is updated frequently and working.

The Importance of IT Security Policies

The Importance of IT Security Policies

IT security policies are necessary in organizations as they define who has responsibility of what information within the company. Policies are the baseline of all procedures and should be maintained regularly.

Why Do Organizations Need Security Policies?

IT security policies outline rules for user and IT personnel behavior. These policies also identify consequences for not adhering to them. Policies are also crucial in ensuring compliance with regulations such as NIST and HIPAA. Policies should define risks within the organization and provide guidelines on how to reduce these risks. They should be modified to fit the company’s need.

Writing an Effective IT Security Policy

  1. Conduct a Security Risk Assessment to identify all your critical assets, vulnerabilities, and controls in your company. Use this assessment to determine ways to reduce or eliminate these risks.
  2. Determine the scope of the policy including who the policy will address and what assets will be covered.
  3. Ensure your policy is written to be easily understood by employees and enforced by management. Employees need to be explicitly aware of the consequences of not complying with the policy. These policies will help with the development of procedures, so it is important to write the policies clearly.
  4. Update your policies at least once a year to keep them up to date with your company’s procedures and security concerns.

Common IT Security Policies:

  • Access Authorization
  • Acceptable Use
  • Breach Notification
  • Change Management
  • Data Backup Plan
  • Employee Screening
  • Employee Training
  • Encryption and Decryption
  • Media Security
  • Network Security
  • Password Management
  • Secure Development
  • Security Incident Response
  • Vendor Management
  • Vulnerability Management

The need for certain IT security policies is dependent on the company data itself. For example, if a company handles customer health data, they should consider implementing a HIPAA Acceptable Use Policy.

Is Your Password Secure?

Is Your Password Secure?

Tips for Creating a Strong Password

Passwords can be an inconvenience to remember, especially when you have dozens of applications and accounts to log into everyday. However, with the increase in phishing and ransomware attacks, passwords can be the main line of defense when securing your data. Once an attacker knows your password, your personal data and your company’s data may be at risk. Employees are often the weakest link of any organization’s information security, so it is important to ensure that you and your employees follow these tips. These steps should be outlined in a strong, detailed password policy.

1. Use a longer password with a mix of letters, numbers, and symbols.

Making passwords more complex can hinder the possibility of an attacker guessing the password. Using an easy password such as NYClover can be strengthened by adding numbers and symbols. For example, the password N3wY0rkC!tyL0v3r is more secure.

2. Never use a word or phrase that is easy to guess or contains personal information.

Using personal information such as your middle name or birthday can be risky, especially when it is found on your social media. Using full words or phrases in your passwords may also make them easy to guess. See the list of 1000 most used passwords and avoid using them.

3. DO NOT use the same password for all your accounts.

Using the same password for all your accounts can be dangerous. By doing so, an attacker may be able to access all of your accounts with just one password.

4. Never write down your passwords on paper.

Writing down your passwords can make you a target for shoulder surfing. Passwords managers, such as LastPass, should be used to remember your passwords and should also have a strong master password.

5. Use Multifactor Authentication (MFA).

Using MFA can help secure your account just incase your password is compromised. MFA can be a one time code sent to your phone or email. Google allows users to set up MFA manually.

6. Change your passwords consistently.

Passwords should be changed on a regular basis, just in case your current password gets compromised. Many applications require users to change passwords after 90 days or X increment, while others may just recommend changing your password after a certain period of time. Best practice is to change your password on a consistent basis, preferably 90 days or less.

Top 10 Overlooked Security Risks: 3 of 10

Data Destruction and Disposal

Companies often forget about data once they stop using it day-to-day. Leaving outdated data on sunsetted systems increases your potential exposure in the event of a data breach. Ensure that data no longer actively used is properly disposed of and devices that contain data, such as laptops, old hard drives and USB drives are properly DoD data wiped or destroyed. Retired company laptops may still retain recoverable data on their hard drives even after formatting. A policy-driven culture enforcing proper destruction and disposal of retired equipment is best practice.

Top 10 Overlooked Security Risks: 2 of 10

Shared or Weak WiFi Passwords

Allowing employees or guests to share a single WiFi password prevents you from controlling who is accessing your company network. Once a person has your WiFi password, they can access your network at any time, even from outside your building’s locked doors, or potentially after you have terminated them, leaving you with no control. Users should always connect to WiFi using a unique username and strong password that company staff can enable and disable as needed. Company policy should always enforce users to use strong passwords so your Wifi password cannot be guessed or compromised.