info@adserosecurity.com   813.616.5055
Menu

Category Archives: Uncategorized

Securing Data in the Cloud

Securing Data in the Cloud

Storing data in the cloud allows for easy management and accessibility over the internet. According to the Goldman Sachs analysts, as of 2020, around 23% of all IT workloads are processed in the cloud. As with any storing solution, cloud storage poses risks for security, including a loss of sensitive data, violation of other controls, insider threat, and malware. However, the number of companies using cloud storage has increased, so it is important to practice cyber hygiene when migrating to a cloud service. A data breach through accessing cloud data may be hard to prosecute, as the data can cross international borders. With cloud storage, there is an absence of physical protection of the data. The following tips will ensure safe cloud computing best practices.

Encrypt Data

Data should be encrypted when in transit and at rest. Use a strong encryption algorithm, such as AES- 256. Also, salt your keys and passwords. Using PGP for public key based encryption and decryption to enhance your encryption standard. It is also important to encrypt data on your end devices along with encryption in the cloud. Additionally, metadata should be encrypted so that PII is undecipherable after it leaves the on- premises point of origin.

Separate the Data Path and the Control Path

The control path can use public cloud services to provide orchestration and management functions at scale. On the other hand, the data path should be entirely on- premises. File data should never be transmitted outside the enterprise security perimeter.

Ensure Local Backup

Having local backups will allow for business continuity in the event that cloud storage is compromised. Data should also be backed up frequently.

Avoid Storing Sensitive Information

No storage solution is 100% free of security risks, and cloud storage is no exception. Avoid storing any PII or proprietary information in the cloud.

Use Strong Access Control Methods

Have strong password requirements such as minimum password length and complexity requirements. Using multifactor authentication will add to cloud security.

Classify data to assign explicit access controls to each type of data. For example, an employee in accounting does not need access the HR records. This will allow you to monitor activity within data. Restrict and control content with permissions, expiry dates, and password protected links.

Know Your Cloud Provider

Enterprises should always make sure their cloud storage partners offer geo-redundant storage with high levels of data durability, as well as extensive industry security and compliance certifications. Insist on rigorous compliance certifications like PCI DSS and SOC 2. Companies should make note of the cloud provider’s user agreement and ensure that the provider’s goals align with the company’s goals.

The company should also make note about the provider’s process in the event of a breach. They should take into account maintenance and management controls, as well as other measures the provider has taken to ensure that the system is always up to date with patches. The company should have a good understanding of the cloud provider’s recovery options.

Other Tips

  • Test your cloud security setup
  • Install antivirus
  • Have a defined and enforced data deletion policy
  • Use a VPN and private network
  • Identify security gaps between systems


Cybersecurity in the Age of the Coronavirus: The Impact on Business Operations

Cybersecurity in the Age of the Coronavirus: The Impact on Business Operations

As the global workforce shifts to remote work, business operations and management face a number of obstacles. As mentioned in the previous article, the line between our work lives and our personal lives are blended now more than ever. Pre- pandemic predicted cybercrime will cost companies $6 trillion globally. According to research, last year, governments and government organizations were attacked most often, followed by industrial companies, healthcare, education, and finance. 

Business networks are now accessible from home, posing a risk to the security of business operations. We’ve seen changes in the way leadership makes decisions for business performance. During these unprecedented times, the movement to cybersecurity concentration is rapid, with little to no room for error. Cybersecurity is built in layers and it is impossible to protect a network forever. However, leadership must conform to a balance between risk mitigation and business efficiency.

In this day and age, business leaders are getting a daily lesson in large scale systematic failure during COVID- 19. They see and read how quickly COVID- 19 spread around the world and how it affects economic, social, political, and business systems. It is imperative to provide real- time capability and adaptability of the company’s cybersecurity defenses. The gap between cybersecurity risk and defensive effectiveness is as wide as it’s ever been for most companies, and experts warn that it could get even worse once the pandemic subsides. New cybersecurity risks will emerge and defense has to continue to be ahead of them.

Board members often ask “Are we spending enough on cybersecurity?” rather than “What do we need to protect, what is the value of what we need to protect, and how secure is it for what we’re spending?”. Digital success and failure start at the top, so they need to have a deep understanding of how cybersecurity complexities work. Some say the pandemic is actually helping companies by urging executives to focus on cybersecurity and their digital business system, calling for a structural reform for some companies. 

IT teams who once had physical access to employee machines now lack the time and accessibility to address commonplace issues. The absence of onsite diagnostic teams calls for automated threat reporting and diagnostic tools such as endpoint detection and response. Business Continuity Plans and Disaster Recovery Plans are important to the flow of business operations by ensuring that resources are available, to keep employees online, and to guarantee constant communication.

Additionally, the way employees access data is now heavily reliant on VPNs. As a result, VPN gateways are running at or near capacity. This means that corporate IT departments need to leverage all the tools at their disposal to keep loads manageable so that the VPN gateways aren’t overwhelmed and unable to provide the necessary access for remote workers. Because of this, just one DDoS attack can take down an entire company. Cybercriminals know that employees are more exposed and less cautious when working from home, so it is important that IT stays up to date with software patches and take appropriate actions to mitigate risks. 

Along with higher VPN precautions, companies have been increasing the use of advanced concepts of threat hunting, including detection and incident responses. It is not possible to keep the threat out of the perimeter forever, so it is important to seek out the target and actively address it without giving up a basic layer of protection. Organizations have also invested in educating employees on cyber threats and their impact. Organizations have reported higher victimization of phishing emails, prompting the adoption of more innovative approaches.

Security teams are now emphasizing employee security awareness and training. Doing this while providing a basic layer of protection can create a more effective prevention and defense strategy. Organizations that do not practice cyber hygine have reported higher phishing victimization.

The risks of entering networks through third- party vendors have also increased. There is more evidence of attempts to insert malicious code, exploit external suppliers and outsourced technologies, generating higher threats and more vulnerabilities. Organizations have shown a higher dependency on outsourced tools to maintain ongoing operations such as marketing and communication tools. This may result in the higher exposure of sensitive data, expanding the potentials for supply- chain attacks. There are also more consumer- oriented online services such as E- commerce websites that are open to public access. These websites are overloaded with requests, and many of the financial processes are now made as online procedures. Phishing through these E- commerce websites is aimed at victims as both individuals and professionals.

Experts urge companies to proceed with caution. Reducing reliance on office VPN and migrating to a cloud solution is a must. Also, lock down the supply chain, as they can be an entry point for hackers. Ask your suppliers what they do to maintain security. Scale up benefits of cloud migration to virtualize the workforce. CISOs must switch their focus to four main points, rather than sticking with the traditional viewpoints.

  1. Focus: Focus on supporting only those technology features and services that are critical to operations. Focus on employee safety on the frontline.
  2. Test: Test the company’s incident response plan, business continuity and disaster recovery plan, and vendor requirements right away. Eliminating risk is impossible, but you can reduce the risk associated with a poor response.
  3. Monitor: Monitor all resources, including collaboration tools and endpoints.
  4. Balance: Cybersecurity teams are likely to receive a flood of urgent requests for cybersecurity. Allow policy exceptions that will allow teams elsewhere in the organization to get work done.

Many organizations never really take cybersecurity projects seriously because they are lower priority, but the Coronavirus has pushed cybersecurity projects to the forefront. Management has acknowledged that things will not go back to the way they used to be. This transition period marks a point in time where there are distinct opportunities for a new and more aggressive type of cyberattack to damage or slow business rather than the traditional goal of attaining money from many parties.

SOC 2 and NIST 800-53

SOC 2 and NIST 800-53

Both SOC 2 and NIST 800-53 play a large role in regulatory compliance. Both aim to protect data in the cloud and are critical in today’s environments to ensure information security. The SOC 2 Framework and NIST 800-53 Publication go hand- in- hand, and adhering to both sets of controls will provide your company with sufficient data protection.

In order to assess our information systems, we first need to take a closer look at both SOC 2 and NIST 800-53.

SOC 2

SOC 2 is a framework created by the American Institute of Certified Public Accountants (AICPA). SOC 2 is one of the most used frameworks in the technology industry and applies to all organizations and enterprises where customer data is stored and processed in the cloud. SOC 2 is unique to each individual organization and can be lined up with specific business practices. SOC 2 also aligns with requirements of today’s cloud environment.

Trust Service Criteria (TSC)

The Trust Service Criteria (TSC) serve as the control areas for managing a reporting on information and systems. The five TSC are as follows:

  1. Security: Protection of resources against unauthorized access. Examples include multifactor authentication and an intrusion detection system.
  2. Availability: The accessibility of system, products, or services as stated in the Service Level Agreement (SLA). An example would be a failover cluster.
  3. Processing integrity: Whether or not a system achieves its purpose. Assessing if the system processing is complete, accurate, timely and authorized.
  4. Confidentiality: The information is restricted to a specified set of persons or organizations, as stated in the agreement. For example, using encryption and network security tools.
  5. Privacy: Personal information is collected, used, retained, disclosed and destroyed in conformity with the commitments in the service organization’s privacy notice, and with criteria set forth in generally accepted privacy principles issued by the AICPA.

Type 1 and Type 2

A SOC 2 Type 1 Audit assesses systems at one point in time. It tests to see whether the system’s design is suitable to meet the relevant trust principles. A SOC 2 Type 2 Audit tests the operational effectiveness of systems over a period of time. Most companies will start with a SOC 2 Type 1 and then follow with an annual SOC 2 Type 2 audit. 

Requirements

The main requirement for SOC 2 is that the organization must develop written policies and procedures that are followed by everyone. The organization must also actively monitor all systems and information, ensuring that there is no unusual activity or access. It is also crucial that the organization sets up automatic alerting for anomalies when accessing data.

NIST 800- 53

NIST 800- 53 is a publication providing comprehensive security controls for federal information systems, published by the National Institute of Standards and Technology (NIST). NIST 800-53 covers steps in Risk Management Framework. It includes 8 control families and over 900 requirements. Organizations may also adhere to controls which apply to them and the security level of the data they store (Low, medium, or high). These controls can be tested during a SOC 2 audit. NIST provides guidance for complying with FISMA.

FISMA

To demonstrate compliance with NIST 800-53, organizations should look to becoming compliant with the Federal Information Security Management Act (FISMA). FISMA is a requirement for federal agencies to develop, document, and implement an information security and protection program.

Some specific goals of FISMA include:

  • Implementing a risk management program
  • Protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction
  • Ensure the integrity, confidentiality and availability of sensitive information

FISMA requires organizations to do the following:

  • Maintain an inventory of information systems.
  • Categorize information and information systems according to risk level.
  • Maintain a system security plan.
  • Implement security controls
  • Conduct risk assessments.
  • Certification and accreditation.
  • Conduct continuous monitoring.

Best practices for FISMA are geared towards federal agencies that protect sensitive data. Best practices and requirements include encrypting everything, keeping up to date with FISMA standards, classifying information as it is created, and maintaining documentation of FISMA compliance efforts.

Compliance with both SOC 2 and NIST 800-53 provide organizations with a number of benefits, especially increasing data security. The main difference between the two is that SOC 2 is part of the System and Organizational Controls (SOC) framework, and NIST 800-53 is a publication. A full mapping of SOC 2 and NIST 800- 53 can be found on the AICPA website.

Security and Privacy Issues with Zoom

Security and Privacy Issues with Zoom

With the increase of employees turning to remote work during the pandemic, companies have been relying on video conferencing platforms, such as Zoom, for regular meetings and communication between employees. According to Check Point, there have been 1,700 new Zoom domains registered since the pandemic began, a quarter of these domains were registered just in the past week. Attackers have noticed the spike in users, which raises concerns for businesses that use Zoom. There have also been an increase in privacy concerns due to the sensitivity of information that is now being transferred over the platform.

In Zoom conferences, anyone with the right link can enter a teleconference and share a screen, even without a Zoom account. There have been new complaints about users being Zoom- bombed, which is when unwanted guests intrude on video meetings for malicious purposes. Recently, two online classrooms in Massachusetts were interrupted by an anonymous attacker during instruction. During the online classroom meeting, an unidentified person yelled profanity during instruction before shouting the teacher’s home address. Another classroom was disturbed by an intruder who displayed his hate tattoos to all the students and the teacher.

There have been several of these intrusions on online classrooms as well as in business conferences. Users have made several reports of conferences being interrupted by graphic images and threatening language. As a result, many schools and businesses have completely switched to other platforms, such as Microsoft Teams and Google Hangouts.

This is not the first time Zoom had security flaws in their platform. In 2019, security researcher Jonathan Leitschuh found a vulnerability in the Mac Zoom Client. When a user downloaded the Zoom app, Zoom silently installed a hidden web server on the device without the user’s permission. This web server allowed websites to join in on any Zoom call when their video camera was activated, a flaw that also impacted Ringcentral. This web server remained on the device, even if the Zoom app was uninstalled. At the time, there were 750,000 companies using Zoom for business purposes that were put at risk due to this vulnerability. Apple and Zoom have since resolved this issue for Mac users.

Another vulnerability found by Check Point researchers was quickly fixed by Zoom. Zoom calls had a randomly generated ID number between 9 and 11 digits long that allowed users to locate and join a specific call. Check Point researchers were able to predict which were valid meetings and join in on them. Zoom allows video conferences to have hundreds of participants, so it was easy for an attacker to join a call unnoticed. Zoom recently changed the randomly generated numbers into a more “cryptographically strong” one, added more digits to meeting ID numbers, and made requiring passwords default for future meetings.

Allowing vulnerable servers to run on devices makes it easier for attackers to intrude on conferences. While removing the vulnerable web server was a big help, attackers are still able to access meetings over Zoom. Officials warn businesses and individuals about an increase in phishing emails for attackers to enter and exploit networks. These can be especially detrimental to remote workers, as cybersecurity and information security is often weaker at home than in the office. Check Point researchers confirmed that at least 70 of the newly created Zoom domains were being used maliciously, often as phishing websites in order to steal unsuspecting users’ personal information.

Users have also expressed concerns over Zoom’s privacy flaws. Zoom allows hosts to see if participants have been on a different screen for more than 30 seconds. Additionally, for paid subscribers, a host can record the meeting and have access to text files of any active chats that take place during the meeting. The host can then save these files to the cloud where it can be shared and accessed by other authorized users.

Earlier this week, there were questions raised about Zoom sharing customer data with Facebook, even if the users did not have a Facebook account. The Zoom app notified Facebook when the user opened the app, details on the user’s device including where the device is located and phone carrier, and a unique advertiser identifier created by the user’s device. With this information, companies could target a user with specific advertisements. This practice is not new and is fairly common with major applications. Several apps use Facebook’s Software Development Kit (SDK) to implement features on their apps, which ultimately sends information to Facebook. This concern has since been addressed and fixed by Zoom. Zoom now enables users to log in with Facebook via browser, rather than through the Facebook SDK.

The privacy of Zoom calls has particularly raised concerns for parents whose children are now using Zoom for education. However, Zoom claimed that their service for schools complies with federal laws on educational and student privacy.

Many officials are worried that Zoom has not taken any precautions when dealing with the spiked volume of users. The New York Attorney General warns that the existing security practices may not translate well with the volume and sensitivity of data now being transferred through Zoom.

Zoom’s cloud meeting app is now one of the most popular apps being downloaded on iPhones. Here are some tips to protecting your Zoom conferences:

  • Keep conferencing private rather than public and refrain from posting the links to your conferences on social media
  • Keep the screen- sharing feature only to the host
  • Lock meetings when they are in session so no new participants can join
  • Mute participants and disable the file transfer feature when it is not in use
Coronavirus and Ransomware

Coronavirus and Ransomware

According to Health Care Dive, 1,500 health care companies have been hit by a ransomware attack in the past four years. Healthcare companies like hospitals and clinics are often a target for these attacks because they store sensitive information and commonly lack cybersecurity. Ransomware attacks have changed in the past week as the Coronavirus pandemic impacts hospitals and healthcare organizations around the world.

Brno University Hospital

On March 13, Brno University Hospital in Brno, Czech Republic was hit by a ransomware attack that led to the cancellation of surgeries and the re-routing of all new patients to nearby St. Anne’s University Hospital. Brno University Hospital is one of the Czech Republic’s biggest COVID-19 testing laboratories. As the origin of the attack remain unknown, the attack was severe enough for the IT team to shut down the entire hospital’s infrastructure. This resulted in the delay of dozens of Coronavirus test results and surgeries.

Security experts warn that hospital staff has no time to worry about cybersecurity during this time. Flavius Plesu, founder and CEO of OutThink, claims that cybercriminals are remorseless and actively target healthcare facilities. Plesu and other professionals believe that prevalence of ransomware attacks will only increase during this crisis. Experts urge healthcare companies to continue providing as much cybersecurity training to their employees as possible.

Champaign- Urbana Public Health District

Just weeks prior to the Brno University Hospital ransomware attack, cybercriminals targeted the Champaign- Urbana Public Health District in Illinois. The ransomware was called Netwalker and it entered the network using a phishing campaign. Attackers have posed as helpful news article companies, healthcare providers, and public health agencies to lure victims into clicking the attachments in the emails that they send. In February, the World Health Organization (WHO) warned individuals about phishing scams related to the Coronavirus.

A Change of Heart?

As we’ve seen cybercriminals exploit healthcare organizations during the pandemic, one ransomware operator has pledged to avoid attacking them. According to BleepingComputer, operators of the Maze Ransomware stated that they will stop “all activity versus all kinds of medical organizations until the stabilization of the situation with the virus”.

Operators of DoppelPaymer Ransomware expressed that they do not normally target hospitals and will continue no to during this time. They added that if the group accidentally attacks a hospital, they will decrypt the victim’s data for free.

However, other operators were not as generous. Operators of the Netwalker Ransomware stated that no one, including them, has a goal to attack hospitals. Although, if they do attack a hospital by accident, the hospital must pay for the decryption.

In the event that a hospital becomes a victim of a Ransomware attack, Emisoft and Coveware have partnered together to offer free ransomware services. Their goal is to allow hospitals to remain operational in the shortest time possible following an attack.

Tips for Ensuring Cyber Safety When Working From Home

Tips for Ensuring Cyber Safety When Working From Home

As organizations shift to remote work during the viral outbreak, employees become vulnerable to cyber attacks if they are working outside of a secure network. This raises concerns for IT Security professionals. Some of these challenges include establishing a secure connection through all employee devices and keeping up to date with security patches and updates. It is crucial for all employees to be aware of security risks when working from home in order to ensure business continuity. Take these steps to securing your company’s data while working remotely.

1. User Education

Employees are often the main target for cyber crime. One crime cyber criminals often engage in to access a company’s network is phishing. A common example of phishing is when an attacker sends out an email to an employee, posing as a legitimate person or organization, and persuades the employee to click the attached link. Employees are often tricked into entering their employee ID and password.

Users should be trained on what a phishing email looks like and who to report to if they receive a suspicious email. Cyber criminals take advantage of employees that work from home, as there is usually less security in one’s home than at the office.

2. Secure Workspace

Ensure that employees are practicing physical machine safety as much as cyber safety. Employees should not work in a public area if they are working with sensitive information and should always lock their computers when unattended. Although working remotely takes place of working in the office, employees should continue to use best practices for physical machine safety.

Employees should also ensure that they are working through a secure connection. Employees should avoid working on public WiFi and should always use a VPN connection if the company has one. IT Security should make certain that VPN patches are up to date.

3. Monitor and Log

As employees will be accessing the company’s network from a number of endpoints, it is important to perform continuous monitoring and logging. The IT Security team should be notified immediately when an untrusted connection is made, and respond quickly to the alert.

4. Review Company Policy

Policies and procedures should be reviewed by all employees before starting to work remotely. This will provide guidelines when working from home. Some policies to review include:
– Access Control Policy
– Mobile Device Management Policy
– Alerts & Notifications Policy
– Network Security Policy
– Physical Access Control Policy
– Transmission Security Policy

The Importance of IT Security Policies

The Importance of IT Security Policies

IT security policies are necessary in organizations as they define who has responsibility of what information within the company. Policies are the baseline of all procedures and should be maintained regularly.

Why Do Organizations Need Security Policies?

IT security policies outline rules for user and IT personnel behavior. These policies also identify consequences for not adhering to them. Policies are also crucial in ensuring compliance with regulations such as NIST and HIPAA. Policies should define risks within the organization and provide guidelines on how to reduce these risks. They should be modified to fit the company’s need.

Writing an Effective IT Security Policy

  1. Conduct a Security Risk Assessment to identify all your critical assets, vulnerabilities, and controls in your company. Use this assessment to determine ways to reduce or eliminate these risks.
  2. Determine the scope of the policy including who the policy will address and what assets will be covered.
  3. Ensure your policy is written to be easily understood by employees and enforced by management. Employees need to be explicitly aware of the consequences of not complying with the policy. These policies will help with the development of procedures, so it is important to write the policies clearly.
  4. Update your policies at least once a year to keep them up to date with your company’s procedures and security concerns.

Common IT Security Policies:

  • Access Authorization
  • Acceptable Use
  • Breach Notification
  • Change Management
  • Data Backup Plan
  • Employee Screening
  • Employee Training
  • Encryption and Decryption
  • Media Security
  • Network Security
  • Password Management
  • Secure Development
  • Security Incident Response
  • Vendor Management
  • Vulnerability Management

The need for certain IT security policies is dependent on the company data itself. For example, if a company handles customer health data, they should consider implementing a HIPAA Acceptable Use Policy.

Is Your Password Secure?

Is Your Password Secure?

Tips for Creating a Strong Password

Passwords can be an inconvenience to remember, especially when you have dozens of applications and accounts to log into everyday. However, with the increase in phishing and ransomware attacks, passwords can be the main line of defense when securing your data. Once an attacker knows your password, your personal data and your company’s data may be at risk. Employees are often the weakest link of any organization’s information security, so it is important to ensure that you and your employees follow these tips. These steps should be outlined in a strong, detailed password policy.

1. Use a longer password with a mix of letters, numbers, and symbols.

Making passwords more complex can hinder the possibility of an attacker guessing the password. Using an easy password such as NYClover can be strengthened by adding numbers and symbols. For example, the password N3wY0rkC!tyL0v3r is more secure.

2. Never use a word or phrase that is easy to guess or contains personal information.

Using personal information such as your middle name or birthday can be risky, especially when it is found on your social media. Using full words or phrases in your passwords may also make them easy to guess. See the list of 1000 most used passwords and avoid using them.

3. DO NOT use the same password for all your accounts.

Using the same password for all your accounts can be dangerous. By doing so, an attacker may be able to access all of your accounts with just one password.

4. Never write down your passwords on paper.

Writing down your passwords can make you a target for shoulder surfing. Passwords managers, such as LastPass, should be used to remember your passwords and should also have a strong master password.

5. Use Multifactor Authentication (MFA).

Using MFA can help secure your account just incase your password is compromised. MFA can be a one time code sent to your phone or email. Google allows users to set up MFA manually.

6. Change your passwords consistently.

Passwords should be changed on a regular basis, just in case your current password gets compromised. Many applications require users to change passwords after 90 days or X increment, while others may just recommend changing your password after a certain period of time. Best practice is to change your password on a consistent basis, preferably 90 days or less.

How to Prevent Ransomware Attacks Against Your City Network

So what is a Ransomware attack?

You may have read in the news lately about a new and growing threat to municipal computer networks, ransomware attacks. These attacks can be crippling, and can shut down entire cities for weeks or even months. They can have devastating consequences and can cost hundreds of thousands of dollars in ransom just to get a city’s network back online. The good news is, these types of municipal malware attacks are preventable.

Hows does a Ransomware Attack Work?

A ransomware attack, such as Cryptolocker or Triple Threat (which combines Emotet, TrickBot and Ryuk) work by gaining a foothold somewhere your network, usually through a phishing campaign to city employees, or by gaining access to the network through out of date software. Once they are in the network, they spread from machine to machine and server to server to infect as many machines as possible. Once they have infected a large enough number of machines, they activate and begin encrypting all the data stored on every computer. One the data is encrypted, users will be given the ransom demands on their computer screens. Ransom demands can range from $75,000 in bitcoins, as in the Baltimore attacks, or range into the hundreds of thousands, as in the $600,000 Riveria Beach attack ransom.

How do I prevent a Ransomware Attack?

Preventing a ransomware attack is always your best option, potentially saving your city hundreds of thousands of dollars is losses. Luckily preventing a ransomware attack is doable. Here are 4 basic steps you should take to prevent ransomware attacks on your municipal network:

1) Update, update, update

Most malware attacks take advantage of out of date software and operating systems with security holes. Make sure your entire network, all servers and end user desktops and laptops are updated with the most current version of Windows or MacOS and that automatic updates are enabled. Monthly updated are critical to your security.

2) Use Anti-virus / Anti-malware software on everything

A strong antivirus software is one of the best defenses against ransomware attacks. Ensure that every server, desktop and laptop in your network has an up-to-date copy of some antivirus software running on it. Make sure that automatic definition updates are enabled and that the machine is being being protected with realtime protection or with daily scans.

3) Ensure your Disaster Recovery Plan is in place, and working

Recovering from an attack after the fact, without paying the ransom, is near impossible, unless you have a well planned, tested and functioning Disaster Recovery Plan. That means ensuring that all your servers and data are backed up on a daily basis and stored offsite. A good rule of thumb is the 3-2-1 backup rule. Always have 3 copies of your data, 2 of them should be on different types of storage and 1 of them should be offsite. With a solid Disaster Recovery Plan, recovery from a ransomware attack can be a simple as cleaning your servers and restoring your data.

4) Know your network and software

Do you know what is currently on your network? Do you know if your machines are updated? How well is your anti-virus software working? Knowing exactly how well protected your network is can be the difference between ransomware taking over your network and staying safe. Perform regular Security Risk Assessments to ensure you are properly protecting your network and data from attacks.

An Ounce of Prevention is Worth A Pound of Cure

Preventing ransomware in your cities network is defiantly one place where this old adage holds true. Taking four the basic steps outline above to protect your municipal network will go a long way to preventing ransomware attacks. Recovering from a ransomware attack can be a nightmare, so plan ahead, practice good IT hygiene, and you can significantly lessen the risk of a municipal ransomware attack.

So what exactly is a Security Risk Assessment?

So what exactly is a Security Risk Assessment?

A Security Risk Assessment (or SRA) is an assessment that involves identifying the risks in your company, your technology and your processes to verify that controls are in place to safeguard against security threats. Security risk assessments are typically required by compliance standards, such as PCI-DSS standards for payment card security. They are required by the AICPA as part of a SOC II audit for service organizations and are also requirements for ISO 27001, HITRUST CSF and HIPAA compliance, just to name a few. Because of this, security risk assessments can go by many names, sometimes called a risk assessment, an IT infrastructure risk assessment, a security risk audit, or security audit.

Security Risk Assessments are performed by a security assessor who will evaluate all aspects of your companies systems to identify areas of risk. These may be as simple as a system that allows weak passwords, or could be more complex issues, such as insecure business processes. The assessor will typically review everything from HR policies to firewall configurations while working to identify potential risks.

For example, during the discovery process an assessor will identify all databases containing any sensitive information, an asset. That database is connected to the internet, a vulnerability. In order to protect that asset, you need to have a control in place, in this case it would be a firewall. You have now taken the first step in mitigating risk.

A Security Risk Assessment identifies all your critical assets, vulnerabilities and controls in your company to ensure that all your risks have been properly mitigated.

Why do I need a
Security Risk Assessment?

A Security Risk Assessment is vital in protecting your company from security risks.  Imagine being tasked with remodeling a house, without being told what’s wrong with it first. A security risk assessment provides you with the blueprint of risks that exist in your environment and gives you vital information about how critical each issue is. Knowing where to begin when improving your security allows you to maximize your IT resources and budget, saving you time and money.

Whats the difference between Risk Management and a
Security Risk Assessment?

This is one of the most common questions when people begin to read through security or compliance requirements. The short answer is: a Security Risk Assessment is a point-in-time review of your companies technology, people and processes to identify problems. Risk Management is an ongoing process where you round up all the identified risks in your company and work towards eliminating them.

Security Risk Assessments are deep dive evaluations of your company, or maybe even a specific IT project or even a company department. During the assessment, the goal is to find problems and security holes before the bad guys do. The assessment process should review and test systems and people, looking for weaknesses. As they are found, they are ranked based on how big of a risk they are to the company. The resulting report will identify systems that are working well and properly secured, and those that have issues. A Security Risk Assessment will typically have very specific technical results, such as network scanning results or firewall configuration results.

Risk Management is an ongoing effort to collect all the known problems, and work to find solutions to them. Think of a Risk Management process as a monthly or weekly management meeting. Each week, risks and problems are identified, ranked and then discussed to ensure that nothing is slipping through the cracks. The goal of a Risk Management process is to continually improve the security of a company and work to eliminate all risks as they occur.

What types of systems are involved in a
Security Risk Assessment?

A Security Risk Assessment is a far reaching review of anything that could pose a risk to the security or compliance of the company. Each assessment is tailored to fit the exact purpose and scope requested by the client. Assessments can involve any of the following elements:

Infrastructure

  • Facility Power & Redundancy
  • Backup Power, UPS & Generator Capacity
  • Facility Cooling Capacity & Redundancy
  • Facility Fire Suppression Systems
  • Server Wiring and Cabling
  • Server Rack Infrastructure
  • Facility Physical Security & Tracking Systems
  • Facility Camera & Alarm Systems

Servers & Systems

  • Server Inventory including detected OS’s
  • Server Vulnerability Reports
    Server Resource Utilization
  • Server Backup Processes
  • Redundancy / High Availability Configuration
  • Anti-Virus/Anti-Malware Systems
  • IT Asset Inventory Processes
  • Server Update Processes
  • Identity & Authentication Systems

Network

  • Complete Network Discovery Mapping
  • Discovered Network Inventory List
  • Internal Network Device Vulnerability Scan
  • External Network Device Vulnerability Scan
  • Firewall Vulnerability Scan
  • IDS/IPS Review
  • SPAM Filtering Review
  • Web Filter Device Review
  • Data Loss Prevention Systems Review

Application Scanning

  • Discovery of all internal web applications
  • Discovery of all external web applications
  • Application Vulnerability Assessment
  • Application Server Vulnerability Scanning

Information Security

  • Sensitive Data Inventory
  • Data Classification
  • Data Risk Analysis
  • Data Encryption Review
  • Access Authorization Procedures Access Controls

Policies

  • Comprehensive IT Policy Review
  • Disaster Recovery Plan Review
  • Business Continuity Plan Review
  • Device and Media Control Policy Review
  • Software Development Procedure Review
  • Security Incident Procedure Review
  • Log Monitoring Process Review
  • Workforce Security Policy Review
  • Workforce “Hire and Fire” Policy Review
  • Risk Management Process Review

So How do you perform a
Security Risk Assessment?

A Security Risk Assessment typically covers all aspects of a company from IT to Operations to HR and Accounting. An assessment is a labor intensive process, although each assessment is unique to match the company and scope, they typically take 30-60+ days and contain the phases outlined below:

Initial Discussion

Adsero schedules a conference call to discuss your company, your procedures and what your goals are during the Risk Assessment process. 

Onsite Discovery

Next our team of experts will spend time at your facility to perform an onsite review of your technology and processes. 

Analysis

Adsero Security’s analysts then take the information gathered during the onsite visit and begin identifying risks and controls you may have in place already.

The Report

Once all the analysis is complete, you will receive a complete Risk Assessment report that outlines all your assets, vulnerabilities and risks. The report includes recommendations on how to improve your overall security and compliance.