Hacker is infiltrating a business’s network system from a remote location

Brief History of Information Technology Security

People are fiercely driven by ‘what is going to happen’ rather than ‘what has happened’. Due to the growing concern of intellectual property vulnerability, people have begun to investigate further into the past. By understanding the history of technology security you might be able to safeguard against potential threats. Information technology security protects sensitive assets and property through the use of technology processes and training. High concerns that stem directly from information security are protection of confidentiality, integrity, and availability.

“The more you know about the past, the better prepared you are for the future.” -Theodore Roosevelt

The Early Years

Despite the efforts of the “CIA Triad” (or more commonly known as the Parkerian Hexad) on confidentiality/control, information integrity, authenticity, availability, and utility, they were not able to guard against all threats. Early mainframes used by the military were connected to phone lines called ARPANET (precedent to today’s internet), which allowed integration of information between government data centers. A special ARPA squadron began to determine additional steps for better security by studying the unsecure points between the data centers and the public. Their studies jump started the first few precautions focused on mainframe operating systems. MIT, Bell Labs, and General Electric were the first pioneers to build multiple security levels and passwords into their mainframes.

The Boom of Hacking

Computer system hacking began in 1970’s with the boom of emerging telecommunication technology. Ready to ‘stick it to the man’, a group of hackers found a way to infiltrate the telephone and computer networks in order to make free long distance calls. Also known as “phreakers”, these groups were pioneers for organized crime against unsecured networks. After Ian Murphy’s crime of stealing information from military computers in 1986, the Computer Fraud and Abuse Act was created. The Emergency Response Team was created to alert computer users of network security issues after Robert Morris unleashed the Morris Worm to thousands of defenseless computers.

The Growing Concern

Although public use of the Internet is barely 20 years old, malicious Internet activity has turned into a major criminal enterprise for over a decade. Businesses are now under attack by big threats that can leave them defenseless and exposed. Growing concern for the safety of personal/business information comes from the accelerated worldwide use of electronic data and the heavy amount of business conducted over the internet. With this expedited advancement and expansion, more and more people are putting their personal information online, making them vulnerable for an attack. In 2010, a group of the nation’s top scientists concluded in a report to the Pentagon that “the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well.”

We recognize that monitoring technology activities are important to continue to protect the safety and security of your business. If you have any questions or concerns about your technology contact Cognoscape today.  

Brief-History-of-Information-Technology-Security

IT Security and its Evolution

Technology has advanced thanks to the hard work and innovation of many people over several decades throughout history. Although information technology – the application of any computers and software to process, store, retrieve, and transmit electronic data – is a major part of our lives today, there was a simpler time before the revolutionary spark of digitization. Few predicted how significant information technology and IT security would become in our lives and the way we conduct business. Here is an overview of the development of IT security throughout history.

1970s

The 1970s marked a time in information technology history that saw an emergence in the exploration of microcomputers. At this time, Steve Jobs and Steve Wozniak – pioneers of the personal computer revolution – met and eventually collaborated on what would become Apple computers. The first modern day hackers also appeared during this time and invented a way to circumvent phone systems to make free calls – a practice that later become known as “phreaking.” It was this decade that witnessed the convergence of technology and commerce. Computers, video games, cars, and space exploration are only a few of the many technologies which developed and improved tremendously within these ten years.

1980s

There are a surprising number of tech gadgets from the 80s that define life as we know it today. The first IBM personal computer, called “Acorn,” was introduced using Microsoft’s MS-DOS operating system. Sears & Roebuck and Computerland sold the machines, and this was when the term PC was popularized.

Apple invented “Lisa,” the first personal computer to offer a GUI (graphical user interface), with features like a drop-down menu and icons in a machine aimed at individual business users. In 1985, Microsoft announced Windows in response to Apple’s GUI. This decade subsequently brought about the era of malware, with the first computer virus for MS-DOS called “Brian.”

1990s

Mosaic, known as the original web browser accredited to popularizing the World Wide Web, was released. By allowing users with little to no technical expertise to browse the online realm, this fueled a period of massive growth of the Internet as well as the community of online users. The 1990s also brought upon the dawn of the modern IT security industry. AOL suffered through the first real phishing attacks as hackers began stealing users’ credentials. Tim Berners-Lee, a researcher at a high-energy physics lab in Geneva, invented HyperText Markup Language (HTML) – giving rise to the World Wide Web.

In 1997, Microsoft invested $150 million in Apple – which was struggling at the time – ending Apple’s court case against Microsoft in which it alleged that Microsoft copied the “look and feel” of its operating system.

The 2000s and Beyond

The 21st Century saw a swarm of new computer viruses, such as ILOVEYOU, spread fervently across the Internet, taking advantage of security holes in software made by Microsoft and other major tech companies. Adware and spyware entered the scene with programs such as Conducent and CometCursor. In 2003, the amount of data created surpassed the amount of all information created in the rest of human history combined. The Internet became so central to commerce that opportunities for hackers grew exponentially.

In 2010, a group of the nation’s top scientists concluded in a report to the Pentagon that “the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well.” In 2015, Apple released the Apple Watch while Microsoft released Windows 10.

PCI-Compliance-IT-Security

4 Signs that You’re Out of PCI Compliance

Compliance with the standards set by the Payment Card Industry (PCI) Security Standards Council can be cumbersome and flat out difficult. And the punishment for non-compliance can be stiff penalties and fines – or even worse, non-compliance could allow a hacker or data thief to get into your company’s systems and steal critical data from you or your customers. To avoid these unsavory outcomes, it is best to make sure that your business gets PCI compliant and maintain that compliance status. It is critical that you know if your company is PCI compliant so that you can keep your business protected from fines and hackers alike. Here are some of the ways that you can know if your business is not compliant. If any of these signs describe your business, then it is time to make a change and get back into compliance.

You Store Cardholder Data

Storing cardholder data means that you have highly sensitive information that can be stolen on your systems. To maintain PCI compliance, you should not save or store any cardholder data, whether in digital or written form. To avoid storing cardholder data, you can use a card reader, POS terminal, or a payment processor that doesn’t retain that information. That way, you don’t have to think about protecting or encrypting that data on your systems.

You Don’t Have A Separate Network For Payment Processing

PCI compliance can put extra pressure and security measures on your network. That’s why it is a good idea to have a separate system for your regular business connection just for payment processing. This is especially relevant if you are using IP-based credit card terminals.

You Don’t Automatically Log Customers Out

When your customers log in and make a purchase, they might be doing so on a public computer or at a public kiosk. When they leave that computer, they might forget to log out, allowing another person to stumble upon their open session and make unauthorized purchases. Make sure that you avoid these kinds of scenarios by automatically logging your users out of their sessions after a set period. If for example, users are automatically logged out after five minutes being idle, you have a significantly higher chance of stopping unauthorized purchases.

Your Employees Don’t Have Unique Login Information

To be PCI compliant, all of your employees need to have their unique login information for sensitive systems. That way, if there an issue, you know which employee was responsible.

regulatory compliance

Three Most Important Facts About Regulatory Compliance

When it comes to regulatory compliance, even the most enthusiastic managers can quickly get bored. It’s not hard to see why—regulatory compliance can be a long and frustrating process if you are trying to stay compliant without any professional help. Because regulatory compliance is so complex, it can be difficult to understand some of the legal concepts behind the process. That’s why we’ve broken down the three most important facts, so that you can easily know what’s vital to your business without having to pore over dozens of policy documents or looking through legalese.

  1. You Need Physical and Digital Security Policies

Sure, digital security policies get all of the press. And they are absolutely critical to your company’s regulatory compliance, as well as your long term success. But you need physical security policies too. You need to specific which employees are allowed physical access to particular facilities. This includes guests and vendors too—you have to be able to know who is able to access server rooms and other rooms that house critical IT infrastructure. These policies breed accountability. In order to uphold these physical security policies, you can use key codes, badges, or other ways to regulate access.

  1. Compliance Issues Must Be Relayed To Employees

Because regulatory compliance issues are so complex, it can be difficult to make them seem relevant and purposeful to employees. But if your regulatory compliance efforts are to succeed, you must let your employees know the importance of compliance and train them to make sure that they are up to date. The best way to do this isn’t to throw complex legalese at them, but to use simpler terms. Compliance isn’t always black and white, there are always grey areas, and your employees need to know what is expected of them when they encounter a grey area.

  1. There Are Hidden Benefits To Compliance

Often, it is assumed that there are no benefits to regulatory compliance other than avoiding fines and penalties. That isn’t true. There are hidden benefits to compliance that your business can take advantage of. Compliant businesses are more up to date on industry trends, and generally have more streamlined employee processes, where employees know what the appropriate decisions are. Compliance can improve standardization across your business, which can ultimately result in greater efficiency as well. Businesses that are compliant tend to have greater transparency, with workers at all levels—from the top down—more aware of what is expected of them.

Network Security Specialist

Take Advantage of A Network Security Specialist for Your Business

The more our society becomes dependent on technology, the more we see an increase in data breaches, cyber crimes, and leaking of sensitive information. This is why the government and businesses of all sizes are focusing more of their efforts on network security. When it comes to keeping your information safe, you can’t go at it alone. Network security specialists are in high demand for assisting companies with their online safety needs. Below we discuss the importance of working with a network security specialist to keep your business secure and information safe.

 

Role of a Network Security Specialist

Your network security specialist is in charge of safeguarding your computer system and protecting it from threats. Threats may be external or internal in nature, but some of the biggest threats to network security generally come from outside sources. The network security specialist will install firewalls and programs that issue alerts when there is an attempt to infiltrate the system. Network security specialists are constantly updating their level of knowledge to keep up with the growing technology industry.

 

Advantages of Hiring a Network Security Specialist

Having a network security specialist in your arsenal of weapons to combat hackers has many advantages, including:

 

Protection of Company Data

Part of the job of a network security specialist is to constantly monitor the flow of information within the network, prevent unauthorized users from accessing sensitive data, and check on bandwidth usage. This data may be pertaining to customers when dealing with companies like banks or other large corporations. Information such as phone numbers, account numbers, credit card numbers, addresses, and emails can become exposed. Government agencies will have information that pertains to internal communications and secret operations, posing as threats to national security. A network security specialist is vital to the safety of these organizations’ information.

 

Setting IT Infrastructure Usage Rules

A network security specialist is one who is in charge of designing and implementing security protocols within a computer network. This involves having control over the data that users have access to and setting up password authentications and firewalls. The specialist is able to block access to particular websites as well as prevent the installation and usage of certain applications that may pose a threat to the network infrastructure. With a network security specialist on board, they will be able to catch employees violating company computer policies and notify their manager.

 

Custom Security for Your Network

Your network security specialist will sit down with you and create a plan that is specific to your business’s needs. There is no “one-size-fits-all” model for any company and should never be offered to clients. Your custom network security plan will help your business grow much quicker by eliminating potential technology roadblocks that pop up. If you do not have a network security specialist working with your organization, you run the risk of losing customers to security breaches.

 

We want to be your network security specialist! Contact us today and we will discuss the best path for your company to follow when it comes to data and network security.

Network Security

Benefits of Network Security

You’ve spent countless hours, days, months, maybe even years building your business…what if everything you had worked for was ruined because of a security breach? All it takes is one bad security breach and you’re out of business. This is why your company needs CognoSecurity. Let’s look at the benefits of network security.

Reduced Stress

With CognoSecurity you will never lose sleep over stressing about your business’ security. We will handle everything so that you don’t have to. Now you have more time to focus on making your business even more successful, because you know it’s safe with CognoSecurity.

Decreased Risk

Think about all of the risks you’re taking without having your business protected by network security. Are you willing to risk your business’ reputation? What about your data? Or even your entire company? If not, you need network security to make sure none of these things are put at risk.

Disaster Recovery

Unexpected things happen – that’s just life. But wouldn’t it be nice to be prepared for the unexpected? Well, with CognoSecurity you can be. When disaster strikes, CognoSecurity will help your business recover quickly, whether you’ve suffered a security breach, natural disaster, or anything else that might happen.

Increased Productivity

When you aren’t stressing over network security issues and security breaches, you and your employees can focus on the business’ success. You’ll become more productive and you’ll also save your hardware and software from any potential harm caused by security breaches.

Ready to protect your business from harm? Let’s talk today about your business’ security needs.

Malware for Christmas

Don’t get caught by this holiday email scam!

The holidays are a busy time for all of us and with the advent of online shopping to avoid the crowds we are becoming conditioned to receiving purchase related emails from a variety of sources.

The cyber crime community is well aware of this and a new trend in cyber crime using fake order confirmation and other typical purchase-related emails has been noticed, as reported by internet security company Malcovery. The primary payload of these emails is the malware known as ASProx, a particularly nasty trojan that collects email addresses and passwords from it’s victim’s computers, then turns the infected machine into a botnet relay allowing spam messages to be passed through it.

Malcovery reports that in December 2013, spammers used ASProx to deliver fear in the form of a Failed Delivery email from CostCo, BestBuy, or WalMart.  Malcovery analysts identified more than 600 hijacked websites that were used as relays to prevent detection by causing the spammed links to point to websites that had been “white listed” until the very day of the attack. People responded because the email told them their Christmas gift shipment had been delayed and the only way to get a refund was by clicking the (infected) link.

This year the scammers are getting even craftier and their tactics have changed. Fake order confirmation emails appeared after cyber Monday with titles like “Thank you for your confirmation,” “Order Confirmation,” “Thank you for buying from [company name],” “Acknowledgement of Order,” and “Order Status.”. The email content now targets people’s greed by saying that a delivery (that they didn’t order) is waiting for them:

“We are happy to inform you that our online store HomeDepot.com has an order whose recipient details match yours.  The order could be received in any Local Store of HomeDepot.com within the period of 5 days.  Open this LINK to see full information about your order.”

Opening the link infects the victim’s machine.

Another trend is with hijacked credit card numbers. Instead of charging several hundred dollars on a single credit card – which is immediately noticed and blocked – online thieves are now content to charge several thousand people $20 – $30 each, which is less likely to be noticed by either the bank or the victim.

Cognoscape is committed to your security

There are a few simple rules to follow whenever you open your inbox:

  • Ask yourself: Were you expecting this email?
  • Check the sender’s address – hover over the address to verify the sender
  • Check the link address – hover over the link to read the address it is sending you to. Does the domain name look valid?
  • Learn to spot fake domain addresses
  • If you have any concerns DO NOT click the link, instead type the address into your browser and access the information from there
  • Review your credit card statement regularly for fraudulent transactions
  • Remember scammers target people’s greed – if it sounds too good to be true, it probably is!

Would you like to learn these techniques and have them taught to your colleagues? Cognoscape are now providing a series of lunch and learn presentations to avoid phishing scams and keep you safe from these attacks. Fill in the “Request a Consultation” form to the right of this blog post if you would like more details.

Don’t forget your friends need to know about this too – please share this post!

shutterstock_211420975

Top 5 Reasons You Need Network Security At Work

Conducting day to day business can be consuming and stressful. Making sure that your company network is secure does not always rank number one on your list of things to do. There are so many things that need to be tended to! Here are the top 5 reasons why network security should be your top priority:

1. First and foremost, without network security at work your livelihood is at stake. As a business owner, most of your important documentation and records are stored on a computer. Leaving your network unprotected means that at any time your system could be infiltrated by unwanted viruses, trojans or even worse – malicious hackers who could obtain and distribute personal information.

2. Not only can your vital company information can be compromised, your identity could be stolen and used. Different types of computer viruses and trojans do different things. If a virus relays information to a third party your identity could be used by that person or worse. It could be sold to other people.

3. If losing your identity isn’t bad enough, it can get worse. Without network security you could unknowingly provide internet predators with your customer’s information. This means that your reputation as a company is at stake. Any business owner would agree that a good reputation is your best asset and a bad reputation could mean your demise.

4. By having a good network security system in place, you will be saving money in the long run. Companies that are constantly putting out fires and spending unnecessary money to fix problems as they occur. Each time they pick up the phone to call an IT specialist money flies out the door. By being proactive you will keep your budget minimal.

5.  Using network security guarantees that you will be successful in your endeavors. By protecting your assets you will be able to focus on what you do best. Safeguarding your network allows others to trust in your ability to conduct business and do what is best for everyone.

Network security at work is beneficial in many ways. It helps you to save money. It also offers security to your team of employees and customers. Network security prevents unexpected problems. In conjunction with these benefits, network security is necessary to safeguard your personal information and that of your affiliates. Without network security your business could be in serious jeopardy.

70

Why SMBs Must Proactively Address the Threat of Mobile Hacks

70More cyber criminals are targeting small-to-medium sized businesses. One reason for this is too many workplaces have insufficient bring-your-own-device (BYOD) policies in place. Some have none at all. Although firms are generally more knowledgeable about network security risks than in years past, they still woefully underestimate the security vulnerabilities linked to mobile devices like smartphones and tablets.

This is a real cause for concern since data breaches have the ability to put many already financially challenged SMBs out of business.

If customer/client data has been breached, there could be potential litigation costs, and naturally, lost goodwill and an irreparable hit to brand or company reputation.

Don’t Just Say You’re Worried About the Bad Guys… Deal With Them

SMBs say they view network security as a major priority but their inaction when it comes to mobile devices paints a different picture. An April 2013 study found that only 16% of SMBs have a mobility policy in place.

Despite the fact that stolen devices are a major problem in today’s mobile workforce, only 37% of mobility policies enforced today have a clear protocol outlined for lost devices. Even more troubling is the fact that those firms who have implemented mobility policies have initiated plans with some very obvious flaws.

Key components of a mobility policy such as personal device use, public Wi-Fi accessibility, and data transmission and storage are often omitted from many policies.

Thankfully, most SMB cybercrimes can be avoided with a comprehensive mobility policy and the help of mobile endpoint mobile device management services.

A Mobility Policy Is All About Acceptable/Unacceptable Behaviors

Your initial mobility policy doesn’t have to be all encompassing. There should be room for modifications, as things will evolve over time. Start small by laying some basic usage ground rules, defining acceptable devices and protocols for setting passwords for devices and downloading third-party apps. Define what data belongs to the company and how it’s to be edited, saved, and shared. Be sure to enforce these policies and detail the repercussions for abuse.

Features of Mobile Device Management Services

MDM services are available at an affordable cost. These services help IT managers identify and monitor the mobile devices accessing their network. This centralized management makes it easier to get each device configured for business access to securely share and update documents and content. MDM services proactively secure mobile devices by:

  • Specifying password policy and enforcing encryption settings
  • Detecting and restricting tampered devices
  • Remotely locating, locking, and wiping out lost or stolen devices
  • Removing corporate data from any system while leaving personal data intact
  • Enabling real time diagnosis/resolution of device, user, or app issues

It’s important to realize that no one is immune to cybercrime. The ability to identify and combat imminent threats is critical and SMBs must be proactive in implementing solid practices that accomplish just that.

CLICK HERE for a free technology assessment.

69

Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe

69Not too long ago, the New York Times’ website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company’s website? What’s to stop someone from sending visitors of your site to an adult site or something equally offensive?

The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspapers’ Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Times’ attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted.  Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now… There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road. Here are a few ways to stay safe:

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

So what else can be done?

Set Up a Registry Lock & Inquire About Other Optional Security

A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

CLICK HERE for a free network assessment and avoid cybercrime with Cognoscape.