Categories
Computer & Network Security|Information Security

Simple Cybersecurity Tips for your Business

If you’ve ever had someone break into your home or even your car, you know the feeling of vulnerability and fears that accompany that experience. The fear and uncertainty can linger for months and even years.

Now imagine a break-in at your business that jeopardizes everything you have worked so hard to build. But this intruder is invisible, and there is no chance that the neighbors will see something suspicious and call the police. Someone in a distant coffee shop in another country can steal your bank account information, private employee data, and information about your clients. Security cameras and motion detectors are useless in detecting this kind of intruder. What does the aftermath look like? In the best-case scenario, you will spend a LOT of time and money cleaning up the situation and making things right. With a little luck, you might be able to get everything running normally again. In the worst-case scenario, you lose a significant amount of money, you are sued by employees and/or clients for not securing their information properly, and the devastation leads to your business not being able to recover.

According to Homeland Security, 44% of small businesses reported being a victim of a cyber-attack, with an average cost of approximately $9,000 per attack. Protecting your business from cyber threats has become a top priority and it takes everyone in your company working together to keep your business safe, from top leadership to the newest employee. It takes everyone in your company, from leadership to the newest employee, working together to keep your business safe. Here are a few tips from Homeland Security your company can apply.

SIMPLE TIPS FOR EMPLOYEES

  • When in doubt, throw it out. Stop and think before you open attachments or click links in emails. Links in email, instant message, and online posts are often the way cybercriminals compromise your computer. If it looks suspicious, it’s best to delete it.
  • Implement a backup plan. Make electronic and physical back-ups or copies of all your important work. Data can be lost in many ways including computer malfunctions, malware, theft, viruses, and accidental deletion. Your backup plan should include offsite storage.
  • Guard your devices. In order to prevent theft and unauthorized access, never leave your laptop or mobile device unattended in a public place and lock your devices when they are not in use.
  • Secure your accounts. Use passwords that are at least eight characters long and a mix of letters, numbers, and characters. Do not share any of your usernames or passwords with anyone. Create a unique password for each site that you visit. When available, turn on stronger authentication for an added layer of security, beyond the password.
  • Report anything suspicious. If you experience any unusual problems with your computer or device, report it to your IT Department.

SIMPLE TIPS FOR THE BUSINESS OWNER

  • Equip your organization’s computers with antivirus software and antispyware. This software should be updated regularly.
  • Secure your Internet connection by using a firewall, encrypt information, and hide your Wi-Fi network.
  • Establish security practices and policies to protect sensitive information.
  • Require employees to use strong passwords and to change them often.
  • Invest in data loss protection software, use encryption technologies to protect data in transit, and use two-factor authentication where possible.
  • Protect all pages on your public-facing websites, not just the checkout and sign-up pages.

In a perfect world, every employee would work their hardest to keep your network safe and secure. Since we don’t live in a perfect world, let this post help you determine next steps. Businesses often think they can’t afford outside help…until it’s too late.

If you would like to learn more about how you can protect your corporate data, please click here to contact us. SecurIT360 provides audits, scans, and analysis of various systems and businesses across multiple industries including legal, financial, utilities, and healthcare. Let us help you determine where you should spend your time and money protecting your information.

Categories
Computer & Network Security

Endpoint Detection and Response: Monitor and Mitigate Your Cyber Threat Environment

There’s one lasting cybersecurity misconception that’s misled many: that perimeter security is sufficient in itself. 

While preventing attacks using tools like anti-malware, access management, anti-phishing training, and SIEM are effective, they’re ultimately insufficient on their own. Endpoint protection and monitoring (EDR), paired with managed detection and response (MDR), provides the missing element here, pairing prevention (EDR) with response (MDR) to curtail any attempted intrusion before serious damage is done.

To make matters worse, threats have risen 400 percent since before the coronavirus—with a 40 percent growth in ransomware specifically. What’s more, the explosive growth of workers performing their jobs at home has greatly expanded attack surfaces. Here, we’ll delve into endpoint protection and response, its place in modern cybersecurity, and the benefits it supplies.

Why EDR is Relevant to Today’s Threat Landscape

Much of the internet and IT technology was not designed with security in mind. As such, security approaches are enormously varied, often unsophisticated, and rely on mistaken assumptions about today’s threat landscape.

Case-in-point is the industry’s overwhelming reliance on perimeter security or network security, often referred to as the castle-and-moat approach. The thinking is simple, use a few different technologies like firewalls, anti-malware applications, and other security tools to prevent each potential attack vector.

There’s no such thing as perfect defense against an unknowable threat landscape. Each year, organizations face a roughly a 50/50 chance of experiencing a cybersecurity incident. Between malware, ransomware, advanced attacks, insider attacks, and social engineering attacks, such incidents occur so often they’re almost predictable.

Social engineering attacks are a good example. Approximately 91% of data breaches start with a phishing email, according to a Deloitte study. One might assume that effective education and training could prevent most social engineering attack attempts. However, such attacks are incredibly sophisticated, often taking the form of a court notice, IRS refund, fax notices, and are successful through repetition. Falling prey may be a statistical likelihood.

In test attacks from cybersecurity firm Positive Technologies, a whopping 17 percent of employees fell for the fake scam (Done with permissions from leadership). Among those: 25 percent of managers, and 3 percent of security personnel.

While EDR itself can’t prevent an employee from an ill-advised disclosure of data to a phishing email, their later activity in the system—in elevating their privileges and moving across their system—would be visible to effective EDR.

What’s more, EDR serves another important function: reducing the crucial time period between network penetration and the discovery of compromise. Currently, companies take an average of 197 days before discovering an intrusion, according to a Ponemon study. Reducing discovery time can significantly decrease the cost of containment.

Given the extremely high volume of these attacks and the predictability with which they occur, then it follows that cybersecurity must not only prevent attacks but also focus on responding swiftly by containing or removing any such vulnerabilities.

How Endpoint Detection & Response Works

EDR complements typical network security by adding visibility in activity occurring on endpoints, analyzing the resulting data for signs of malicious activity or compromise, and issuing automated responses that contain or remove threats, and alert administrators.

Note that the added responsibility and technical sophistication necessary for effective EDR may be too much for many IT departments. That’s why managed detection and response, a service provided by many cybersecurity managed service providers, may be necessary to cover these responsibilities, 24/7 monitoring, and any necessary maintenance. Together, EDR and MDR combine to form a comprehensive incident response program.

Personal Devices in the Workplace Are On The Rise

The explosion in personal devices in the workplace forms one of the most pressing security concerns today. Approximately 90 percent of US employees use their smartphones at work, while 50 percent of companies with permissive personal devices usage policies had such devices breached, according to Trend Micro.

Given their enormous cost savings benefit and their preferred status amongst workers, this is unlikely to change. Still, this growth means business networks are hosting a high volume of endpoints that aren’t likely to be secure.

Popular operating systems, whether we’re talking about Windows, MacOs, IOS, Android, or others, rest on a foundation of insecure code and contain a wealth of vulnerabilities to boot. Also, the software they run may not be secure, and they’re easily able to download malicious resources from the web.

If such devices can be manipulated and controlled by hackers, either directly or through malware, one can’t assume trustworthiness. Attackers depend upon this weakness and use it to escalate their privileges to gain access to the resources they’re after.

Endpoint protection’s deep visibility shows which user owns the endpoint, the location in which it’s currently being used, any applications running on it, and any content it’s creating.

EDR greatly minimizes that risk, ensuring that, if and when a cybersecurity event occurs, it can be quickly shut down, through deletion, containment, and rapid notification of relevant personnel.

This is crucial as it currently takes organizations an average of 197 days to identify a breach and another 69 to contain.

Continuous Monitoring and Forensic Analytics

As we mentioned up top, perhaps the most transformative aspect of endpoint services is the greater visibility they lend to endpoint activity.

For instance, EDR can validate that packets coming from an endpoint have been created by a legitimate application. It can also monitor the file integrity of key resources, which are automatically flagged in the case of improper access to secure files and theft of sensitive data.

What’s more, this monitoring is continuous, meaning EDR is always on the hunt for signs of compromise, recording, and storing all related data.

The latter is essential in providing usable forensic data that can help security professionals understand circumstances surrounding any attack, and thus how to prevent the next one. Such investigations could uncover patterns of behavior behind such threats to predict future ones.

Real-time monitoring leverages file integrity monitoring of key data, applications, and devices to find compromise. This includes activities like changes to a malware-related registry, improper access to secured files, and sensitive data theft. EDR is also capable of monitoring critical system events like startups and shutdowns, license changes, hard disk failures, and changes to the systems clock. And with automated policy enforcement, any such event can be rapidly contained.

Single Source for Endpoint Management

The unprecedented visibility that EDR extends is crucial; users will find that having a centralized location to monitor network endpoints is immensely valuable and educational.

From here, policies can be set and automatically enforced. Historical data across each endpoint can be investigated, which can uncover routes to penetration not previously considered; every endpoint, affected user, and step in the hacking process.

Since EDR systems are tasked with monitoring all devices within a network, they’re often much easier to integrate into network infrastructure. Many EDR solutions are compatible with a wide range of security tools, allowing endpoint data to be analyzed alongside other security network data.

This accessibility is further enhanced by the simplicity and ease of use of many modern endpoint solutions. Drag-and-drop interfaces and easy-to-read analytics make them layperson-friendly—crucial if they’re to be understood by stakeholders.

Perhaps the most compelling, and necessary, component of an EDR solution is its ability to be remotely managed by cyber security professionals.

EDR remote management options allow trained and certified experts to monitor network activity, flag and respond to anomalous activity, and stop cyber attacks that would otherwise compromise your organization. Having experienced and trained security professionals on your side is a superior alternative to installing a piece of software and hoping the built-in software is sufficiently up-to-date and nuanced enough to effectively identify and respond to threats.

Where to Go From Here

The combination of endpoint monitoring with traditional network security gives organizations an unprecedented and holistic view of their organization’s threat surface—and the once-invisible activity occurring on it.

At SecurIT360, we are a team of skilled cyber security professionals that can partner with your organization to provide an EDR solution that is customized to protect your business, its data, and your bottom line. EDR can integrate with minimal lift from your team or changes to your existing security architecture.

Oh, and if you’re curious: the proper way to respond to a cybersecurity incident.

SecurIT360 is a managed services provider proficient in monitoring and incident response, assessments and penetration testing, compliance, and general cybersecurity consulting. Contact us to learn more.