Posts

Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe

69 Not too long ago, the New York Times’ website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company’s website? What’s to stop someone from sending visitors of your site to an adult site or something equally offensive?

The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspapers’ Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Times’ attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted.  Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now… There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road. Here are a few ways to stay safe:

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

So what else can be done?

Set Up a Registry Lock & Inquire About Other Optional Security

A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

CLICK HERE for a free network assessment and avoid cybercrime with Cognoscape.

4 Easy Ways to Boost Your Web-Surfing Security

The internet has become more of a necessity than a luxury. With social networks becoming more popular and the usage of the internet becoming more widespread, it’s important to make sure that you’re secure online.

Here are 4 easy ways you can protect yourself online.

 

#1) Don’t Overshare

When you’re spending lots of time on your favorite social networks, it can be tempting to post lots of personal information, including your location and your full name. But sharing those kinds of things can really compromise your privacy!

Check out the privacy settings for your online profiles and make sure that your personal information is not available to the public.

 

#2) Watch Out For Scammers

Have you ever received an email from a random person stating that you were an heir set to receive a huge fortune?

Or maybe you’ve received an email from someone you don’t know that included a sob story and a desperate plea for financial help.

Either way, these types of emails are scams – the scammers use your sympathy or excitement against you, get your credit card information, and steal your money or your identity.

Make sure that you are careful about which emails you take seriously and respond to. Remember – pretty much anyone can email you. Make sure you use discretion so you can keep your money and information secure.

 

#3) Protect With Passwords

Many popular websites require you to register, create a password, and log in to gain full access. While some people see this as an inconvenience, it’s truly a good way to keep your data secure and private.

Be sure that, when you create a password, you make it one that’s difficult to guess. Use varied capitalization, use numbers, and try not to use a dictionary word. That way, you can feel confident that your accounts are safe from hackers.

 

#4) Safe Shopping

It’s important to follow best safety practices when you’re shopping online. After all, you’re likely using your credit or debit card. You don’t want that information to get into the wrong hands! Make sure that you never enter your credit card on a page that is not encrypted. When a page is encrypted, the web address will begin with “https” instead of “http.”

Also, make sure you never enter your social security number. No seller should ever need that information – if they do, it’s likely that they’re trying to scam you

Another good practice is to check out the seller’s reviews and policies. You can shop a lot more confidently if you know other people have had a good experience purchasing from the seller.

 

Why stop there? It’s good to make sure you’re secure when you’re casually using the internet, but it’s also important to make sure that your company networks are secure. I mean, you could lose your money, your clients, or even your business if a hacker accessed and used your data!

Here at Cognoscape, we’ve got the security solutions you need to gain peace of mind and keep your critical information safe. Contact us today, and let’s work together to prevent security breaches.

Top 3 Benefits of Network Security Services

If you’re running a business, you need to make sure that your network is secure – there’s no question about it.

Imagine. What would happen if a hacker infiltrated your network and accessed your critical data? You could lose that data or, even worse, you could lose your company!

Don’t leave your company vulnerable and risk losing everything you’ve worked so hard for. There are several ways your company can benefit from network security services – here are the top 3.

 

#1: Peace of Mind

It can be a challenge to safeguard your business from security threats since hackers are constantly devising new ways to steal data and wreak havoc on businesses.

So, what can you do about these security threats?

Luckily, you don’t have to face them alone. By taking advantage of network security services from Cognoscape, you can gain the peace of mind that you need. You’ll be able to sleep well at night knowing that your network is not at risk and your valuable company information is safe from harm.

 

#2: Productivity

When you aren’t dealing with security breaches and network security issues, you’ll be able to empower your employees to be more productive. You’ll also save your software and hardware from harm caused by security breaches.

Instead of dealing with downtime and the stress of losing critical data, you and your employees can focus on your job duties. That way, everyone can work as efficiently as possible instead of being unnecessarily disrupted.

 

#3: Compliance

Every company has certain regulations in place that are set to improve efficiency.

Here at Cognoscape, we understand that adhering to the security compliance regulations for your industry is not an option – it’s a necessity. You can trust that the security solutions you’ll receive from Cognoscape will meet all of the security compliance regulations necessary.

 

It’s easy to see how network security can lift a huge burden from your shoulders and improve your company processes. Contact Cognoscape today for a network security solution, and let’s work together to help your business succeed.

Stay Secure My Friend… More Hackers Targeting SMBs

Many SMBs don’t realize it, but the path to some grand cybercrime score of a lifetime may go right through their backdoor.  SMBs are commonly vendors, suppliers, or service providers who work with much larger enterprises. Unfortunately, they may be unaware that this makes them a prime target for hackers. Worse yet, this may be costing them new business.

Larger companies likely have their security game in check, making it difficult for hackers to crack their data. They have both the financial resources and staffing power to stay on top of security practices. But smaller firms continue to lag when it comes to security. In many cases, the gateway to accessing a large company’s info and data is through the smaller company working with them. Exposed vulnerabilities in security can lead cybercriminals right to the larger corporation they’ve been after.

25 Cybercriminals Target Companies with 250 or Fewer Employees

In 2012, Symantec research confirmed that cybercriminals are increasingly targeting smaller businesses with 250 or fewer employees. Attacks aimed at this demographic practically doubled from the previous year. This news has made larger enterprises particularly careful about whom they do business with. This means that any SMB targeting high-end B2B clientele, or those seeking partnerships with large public or government entities, must be prepared to accurately answer questions pertaining to security. This requires an honest assessment of the processes taken to limit security risks.

View Security Measures as Investments

CIOs must start viewing any extra investment to enhance security as a competitive differentiator in attracting new business. Adopting the kind of security measures that large enterprises seek from third-party partners they agree to work with will inevitably pay off. The payoff will come by way of new revenue-generating business contracts that will likely surpass whatever was spent to improve security.

Would-be business partners have likely already asked for specifics about protecting the integrity of their data.  Some larger entities require that SMBs complete a questionnaire addressing their security concerns. This kind of documentation can be legally binding so it’s important that answers aren’t fudged just to land new business. If you can’t answer “yes” to any question about security, find out what it takes to address that particular security concern.

Where a Managed Service Provider Comes In

Anyone who isn’t yet working with a Managed Service Provider (MSP) should consider it. First, a manual network and security assessment offers a third-party perspective that will uncover any potential business-killing security risks. A good MSP will produce a branded risk report to help you gain the confidence of prospects to win new business.

A MSP can properly manage key elements of a small company’s security plan. This includes administrative controls like documentation, security awareness training, and audits as well as technical controls like antivirus software, firewalls, patches, and intrusion prevention. Good management alone can eliminate most security vulnerabilities and improve security.

Stay secure and CLICK HERE for a free network assessment. Managed IT could prevent a security breach.

Network Security tools are not always enough

Network Security tools and antivirus products do not provide complete protection from the Viruses and Malware that threaten businesses on a regular basis.  Common sense and intuition can help fill the gaps where network security tools leave off.  A recent example comes from a client who correctly DID NOT open the attachment and referred the email to our team for analysis.  Working for a lawfirm, our client knew that such a notification would arrive as a certified letter instead of just an email to a distribution list.  The email came in as follows:

From: Douglas Rosenthal – Attorney [mailto:doug.rose@douglasrosenthal.com]
Sent: Monday, August 02, 2010 3:04 PM
To: Recipients
Subject: Cease and Desist

Dear Sir

It has come to our attention that your website contains a logo thatis identical/substantially similar to our copyrighted Work.
Permission was neither asked nor granted to reproduce our Work and your Work therefore constitutes infringement of our rights.
In terms of the Copyright Statutes, we are entitled to an injunction against your continued infringement, as well as to recover damages from you for the loss we have suffered as a result of your infringing conduct.

In the circumstances, we demand that you immediately:
1. remove all infringing content and notify us in writing that you have done so;
2. credit all infringing content to ourselves.
3. immediately cease the use and distribution of copyrighted material;
4. undertake in writing to desist from using any of our copyrighted Work in future without prior written authority from us.

Attached is a list of the copyrighted material in question.

We await to hear from you.

This is written without prejudice to our rights, all of which are hereby expressly reserved

The email attachment is a Microsoft Word document named 822010.doc with a size of 112,532 bytes.  Opening the document you see what looks like a PDF file named infrige_documents.pdf with the instructions “(double click to view)”.

A quick look at the properties of the embedded file (In Word 2010 – Right Click on the file/Packager Shell Object Object/Properties) shows the embedded PDF file is really an executable named  INFRIG~1.EXE with a description of “Ufouonkt Uvadb”.  The file name was even a misspelling of INFRINGE, another clue that the whole thing is bad.  Launching this file would have launched a virus that would attempt to infect the computer.  When I tested this file, only 17% of the the world’s anti-virus engines would have flagged it as bad.

With any email or pop up message we advise our clients to either call us or forward the email so we have a chance to prevent a much bigger problem.  When in doubt, DO NOT open items or click messages when you can easily pick up the phone and get the help of an IT professional.

Information Security and your Business

A recent study released by Symantec Corporation reveals that many small and mid-sized organizations are recognizing the importance of information security. On average, SMBs are now spending approximately $51,000 per year to protect their company information. This is a substantial increase from last year when one-third of SMBs didn’t even have antivirus protection in place. SMBs risk cyber attacks and loss of confidential data and devices.  In today’s hyper-wired world that could mean the difference between success and having to shut down.

Stephen A. Cox, President and CEO of the National Council of Better Business Bureaus states, “The average cost of fraud for self-employed and small-business owners is about $4,627.” But your bottom line isn’t the only thing at risk. By failing to protect your customer data, you could put them in danger of credit card fraud and identity theft. Below we’ll cover some simple safeguards your company can put into place to prevent information theft:

1. Employee awareness – Employees are the gateway to your company’s information. Create and implement Internet security guidelines. Then, educate your employees and make sure they are following them. This can be as simple as requiring periodic password changes to updating your employees on the latest threats and how they can prevent them.

2. Protect important business information – Use data encryption so prying eyes can’t intrude. Maintain wireless security. Limit employee access to important information such as: credit card numbers, customer information or employee records. Important data in the wrong hands could become detrimental.

3. Create a Backup and Recovery Plan – You can’t predict the future but you can be prepared for it. A virus could spread through your system or a flood could ruin your equipment. Make sure you back up your data to an external source as frequently as possible in case the unexpected occurs.

Information Security is crucial to all businesses. In recent news, the Federal Trade Commission charged social media site, Twitter, for failing to adequately safeguard user information. Their failure to protect user accounts led to account attacks on both President-Elect Barack Obama and CNN host Rick Sanchez.  Twitter has not only suffered monetary losses, but has also lost trust and respect of some of their users.

Invest in protecting your company’s data now so you don’t have to deal with a disaster later.

“When a company promises consumers that their personal information is secure, it must live up to that promise.  Likewise, a company that allows consumers to designate their information as private must use reasonable security to uphold such designations.” – David Vladeck, director of the FTC’s Bureau of Consumer Protection.