On May 8th, 2024, Ascension, one of the titanic healthcare institutions in the United States, found itself in the grip of a sophisticated ransomware attack.

A worker inside the organization downloaded a malicious file they thought was legitimate. That one mistake plunged their network into chaos, endangering the privacy of countless patients. The attackers encrypted the company’s data, demanding a ransom for access, and threatened to expose millions of patients’ and employees’ sensitive information unless paid within 48 hours.

Over a month, from May 8th to June 14th, the attack disrupted Ascension’s normal operations, forcing some of its hospitals and clinics to postpone or cancel appointments, surgeries, and other services. The company also had to shut down its online portal and phone lines, leaving many patients and staff in the dark about their health records and schedules.

How could this happen to Ascension?

This raises the question, how could a cyberattack penetrate a well-defended organization like Ascension and hold it hostage? It’s necessary to consider both the sophistication of the attackers and potential vulnerabilities within the organization’s cybersecurity framework. Even with robust security measures, hackers continuously evolve their methods, exploiting the slightest oversight or weakness. Phishing campaigns, for instance, have become increasingly more intelligent, often tailored to deceive even the most vigilant employees. These can serve as a gateway for attackers to infiltrate an organization’s network, planting ransomware that gradually encrypts data until it seizes control over critical systems.

Moreover, the complexity of IT environments, especially in large institutions with thousands of servers and endpoints, creates innumerable points of potential failure. Regular maintenance, updates, and patches are required to safeguard against vulnerabilities; however, the sheer scale can lead to lapses, providing attackers with a window to exploit. Once inside the network, attackers can move laterally, escalating their access rights undetected due to insufficient segmentation of networks or inadequate monitoring of internal traffic. This blend of ingenuity by attackers and inevitable gaps in an organization’s security posture allows such devastating cyberattacks to take root and exert a stranglehold on vital operations, underscoring the relentless arms race between cybersecurity defenses and cybercriminal tactics.

What was the impact of the attack?

Evidence from their cybersecurity investigations indicated that the attackers were able to take files from seven of the approximately 25,000 servers they have across their network. These files contained Protected Health Information and Personally Identifiable Information.

Ascension’s reputation, financial situation, and legal standing were all under scrutiny following the attack. The company dealt with a public backlash from its customers, who felt betrayed and vulnerable because of the breach. Because of this, they face potential lawsuits from the victims of the attack, who could claim damages for the exposure of their confidential information and the disruption of their medical care. They even encountered regulatory scrutiny from the authorities, who could impose fines and sanctions for the violation of HIPAA and other laws that protect the privacy and security of health data.

Downtime is expensive, and though Ascension had disruption protocols and procedures in place, patient care delivery and clinical operations suffered as multiple systems were shut down. The approximate cost of downtime for larger organizations is roughly $16,000 per minute ($1 million per hour).

Additionally, delays stretched well beyond the one-month timeframe after the Electronic Health Record (EHR) came back online because there was extensive backlogged data entry from that period that needed to be completed.

What can we learn from this incident?

The attack on Ascension was a wake-up call for the healthcare industry. It serves as a good reminder that no organization is immune to cyberattacks and that the consequences can be devastating and far-reaching. It’s also a critical reminder that prevention is better than a cure and emphasizes the role end-users play in your organization’s safety.

Here are some best practices that can help organizations protect themselves from cyberattacks:

• Prioritize regular staff training about cyber threats and best practices to avoid them, such as using strong passwords, avoiding phishing emails, and reporting any suspicious activities.
• Continuously foster a culture of security. Encourage employees to take ownership of their role in maintaining organizational security and to report suspicious activities without fear of reprisal.
• Conduct regular risk assessments and audits of your IT systems and networks, and identify and address any vulnerabilities or gaps.
• Consistently monitor and analyze your network traffic. Continuous monitoring can detect unusual activities that may indicate an ongoing attack, allowing for swift action.
• Implement robust backup and recovery plans and test them frequently to ensure that the data can be restored in case of an attack.
• To prevent unauthorized access and tampering with data, use strong encryption and authentication methods and limit the access and privileges of users and devices.
• Update and patch software and hardware regularly, and use the latest security tools and solutions to prevent the exploitation of any known or unknown vulnerabilities.
• Implement multifactor authentication (MFA). Requiring more than one form of verification to access sensitive systems and data greatly enhances organizational security.

The unfortunate incident involving Ascension serves as a poignant reminder of the vulnerabilities that exist. While this event was undoubtedly traumatic and had significant repercussions for the organization, it also provided a valuable learning opportunity for the rest of us.

By analyzing and understanding the breach at Ascension, we can all emerge better prepared and more robustly protected for the future.

Feeling uneasy about your security?

In the wake of such advanced cyber threats, it’s clear that maintaining robust security measures is not just recommended; it’s essential. At CCB Technology, we understand the complexities and evolving nature of cyber threats. Our suite of services, including comprehensive Phishing Awareness Training, round-the-clock monitoring, and expert breach remediation, are designed to fortify your defenses and restore your confidence in your digital security posture.

Partner with us and take a proactive step towards safeguarding your organization against the unpredictable challenges of cybersecurity. Let’s work together to build a resilient and secure future.

Contact us today and learn how we can tailor our solutions to meet your unique security needs.

The post A Single Click: Lessons from Ascension’s Ransomware Attack appeared first on CCB Technology.

Changing the Way We Work

We’ve already seen self-checkout technology reduce the retail workforce, and AI-powered live chat is driving the customer support profession to extinction. Self-driven vehicles may completely change the transport industry, putting truck drivers and logistics workers out of business. Automated phone and scheduling services may also end the need for office administration staff.

Many other professions won’t be safe for long, either. Hospitals and pharmaceutical chains are using automated machines to replace human pharmacists. Surgeons are now competing with sophisticated surgical robots. Recently, a law algorithm obtained a 70 percent success rate when tested in thousands of cases.

Predictions are that AI will transform the global economy, affecting as high as 40 percent of jobs as we know them today. However, in all things where there is change, there are both negative and positive. AI in the workplace offers both and could potentially transform industries for the better.

Potential Benefits of AI Integration

Boost Efficiency and Productivity

One of AI’s key benefits is increased efficiency and productivity. According to the Nielsen Norman Group, user performance improved by 66% across three case studies. AI-powered systems can automate repetitive tasks, saving time and resources and allowing employees to focus on more strategic, complex work. For example, AI can optimize manufacturing production processes, reducing errors and increasing efficiency.

Improve Data Analyzation

AI integration will allow for quicker, improved decision-making since it can analyze large amounts of data and find trends and patterns that may not be apparent to humans. Using AI in the financial industry could mean an increase in the GDP by 7% since AI algorithms can analyze market data to make investment recommendations and help businesses make data-driven decisions that gain a competitive edge.

Skills and Training for the AI Workforce

AI is also initiating many new job opportunities for the next generation directly related to the AI field and several associated with IT, including computer support specialists and software developers, with nearly a half-million additional positions are expected in the next decade. Additional skill sets will be needed in coding, data analytics, and systems infrastructure.

The future AI job market demands both formal education and continuous learning. While it will necessitate educational institutions to offer AI-related courses and programs, AI’s rapid advancement will require lifelong learning, critical thinking skills, and ongoing development to stay updated in the field.

Ethical Considerations in AI Employment

The potential for bias is one of the key ethical considerations in AI algorithms. Since AI systems learn from data, biased or discriminatory data may perpetuate those biases in AI output. For example, an AI algorithm used in hiring could discriminate against certain demographic groups, so establishing diverse and unbiased datasets will be needed.

Data privacy and protection are other ethical considerations that AI could impact, leading to concerns about privacy and the security of personal information. It will be crucial to establish robust data protection policies that give individuals control over their personal data being used within AI systems.

The bottom line is that transparency and accountability will be important in using AI systems because they can be complex and challenging to understand. AI integration in employment will mean establishing fair, explainable, and ethically used systems.

The Future Outlook in the Age of AI

The job market will likely undergo significant changes as AI continues to advance. However, the job outlook depends greatly on the adoption and implementation of AI technologies. Businesses and policymakers will play a huge role in determining its inclusion in the workplace and, therefore, the extent to which it impacts jobs.

The future of work in the age of AI is dynamic and evolving. While there are concerns about job displacement, there are opportunities for new roles and job functions. Balancing automation and human-based labor will be essential to ensure a sustainable and inclusive workplace.

By embracing AI technologies and investing in skills development, individuals and organizations can navigate the changing work landscape and thrive in an AI-driven economy.

Fascinated by the possibilities of AI?

AI is weaving its intricate web deeper into the fabric of our daily lives and will soon become an indispensable tool in the workplace. But do we truly comprehend its capabilities or what we may be relinquishing by letting it in? Our upcoming Tech Strategy Summit on September 19 was built for business leaders and IT professionals looking to dive into the world of artificial intelligence, with a special focus on Microsoft Copilot.

Check out this video by Marc Laliberte, a Tech Strategy Summit speaker with WatchGuard Technologies. He discusses the good, the bad and the ugly of AI in cybersecurity.

Don’t miss it. Sign up today!

The post Artificial Intelligence and the Future of Work appeared first on CCB Technology.

1. Go Offline

Our first action is to cut off any communication between potential viruses and the attackers that sent them.

BEFORE YOU DISCONNECT:

If you haven’t already, open this blog on your mobile device so you can continue to follow along and disconnect your compromised device.

To go offline, you’ll need to unplug your ethernet cable or turn off Wi-Fi on your device.

How to unplug your ethernet cable:

Press down on the plastic clip at the top or bottom of the plug. Pressing down on the clip will release the anchor, allowing you to pull it from the device.

How to turn off Wi-Fi (wireless internet):

1. From the Windows desktop, click the Wi-Fi icon at the bottom right-hand of your screen. Utilize the touchscreen (if available) or mouse to select the on-screen options.
2. From the Wi-Fi section (on the right, above the taskbar), click the connected Wi-Fi network address.
3. Click Disconnect.

2. Start Your Antivirus Software

Next, open your trusted antivirus software. Select the option for a full or comprehensive system scan and start it. This is your digital defense force; let it find and neutralize any threats. If you don’t have antivirus software, now is the best time to pick one up. If you’re on a work computer, talk to your IT department to get their preferred software installed as soon as possible.

 Kaspersky Free, Bitdefender Free or Avast One are great free options if you can’t afford to sign up for a paid version!

Note: If you have disconnected from the internet and have not previously installed antivirus software, you can download the installer on a different device and transfer it over with a USB drive. Copy the installer to the computer that needs to be scanned, install the software, and use it to clean the PC. Once you are done cleaning the PC, scan the USB drive (if possible) before removing it to use somewhere else!

3. Change Your Passwords

If there is a chance you’ve been compromised, it means those attackers could have also gained access to your personal accounts! Let’s make sure to lock any potential invaders out. Start with your most sensitive accounts – email, online banking, social media, or anything that holds valuable personal or financial information. Remember, each account needs a strong, unique password!

If you struggle to keep track of all your passwords, now is probably a good time to consider installing or enabling a password manager like 1Password or Bitwarden. Both options are considered leaders in the password manager category. Password Managers help by storing your login information for all your websites, suggesting long, unique passwords, and then auto-filling the password area when you return to the website to help you log in with complex credentials you might not otherwise be able to remember. This ensures that no two accounts utilize the same credentials, so if one account is compromised, the others are likely safe!

4. Monitor Your Accounts

Despite having updated your passwords, it is important to remain vigilant and closely monitor your accounts for any suspicious or abnormal activities in the coming days. If something looks odd, get in touch with the support of the webpage, or in the case of a bank, call their fraud line immediately.

Some examples of suspicious activity include replies from people you haven’t contacted, emails to reset passwords or two-factor authentication codes appearing when you haven’t requested them!

5. Report the Phishing Attempt

Reporting the incident helps protect others, too. Inform your workplace’s IT department if it’s a work device or your email provider if it came via email. You can also report phishing attempts to your local law enforcement cybercrime unit or your country’s equivalent of the Federal Trade Commission (FTC) in the U.S. Learn more about reporting or report an event directly to the FBI here!

6. Learn and Adapt

You’re now part of the informed internet users’ club, more prepared to spot and avoid phishing attempts in the future. Stay vigilant! Always scrutinize the sender’s address and think twice before responding to unsolicited messages asking for personal information.

And… you’re done! A big sigh of relief is in order. You’ve acted promptly and wisely to protect your digital self. Remember, this guide is here for you anytime you need it. Stay safe, friend!

Additional resources:

8 User Tips for Identifying Phishing Emails

Microsoft 365 Information on Phishing Emails

Microsoft’s Most Common Phishing Trends

ITGovernance’s Easiest ways to Spot a Phishing Email

The post What to Do if You Clicked on a Phishing Link! A Step-by-Step Guide. appeared first on CCB Technology.

Myth 1: MFA Means Extra Steps Every Login

Many believe that MFA requires additional verification every time they log in. The truth is modern MFA systems often utilize ‘adaptive’ or ‘risk-based’ authentication. This intelligent approach considers factors such as your location and device type¹. If everything seems usual, you might only need your password. If something’s off, then the system asks for additional proof, striking a balance between a smooth user experience and strong security.

Myth 2: MFA Always Requires an App on a Cell Phone

A common belief is that MFA is synonymous with having a special app on your cell phone. While some MFA methods involve using an app to receive a verification code or notification, this is NOT the only approach. Multifactor Authentication can also be performed via biometrics (like fingerprints or facial recognition) ², hardware tokens³, or even text messages⁴. It’s important to remember that MFA is designed to be flexible, ensuring everyone can use it, irrespective of their device.

Myth 3: MFA is Just for Compliance

Some people also think MFA is just a compliance check for regulatory bodies. Yes, many compliance frameworks require MFA, but it’s not its sole purpose. MFA is a robust security measure offering strong protection against unauthorized access to accounts. It’s more than ticking a compliance box; it’s about safeguarding your sensitive data.

Myth 4: MFA is a Quick Fix for a Security Breach

The notion that MFA can be enabled after a breach to quickly fix security issues is outright dangerous. Multifactor Authentication is not a reactive solution, but a proactive measure to prevent unauthorized access. When an organization implements one of the various MFA solutions before a breach occurs, it can significantly reduce the risk⁵. It should be part of a larger security strategy, including strong password practices, regular software updates, and security education.

In Conclusion

Multifactor Authentication is an accessible, intelligent, and proactive security measure that doesn’t solely rely on cell phone apps to meet compliance requirements. Remember, the purpose of MFA is to keep your digital life secure by verifying your identity when some sort of risk is present, preventing unauthorized access. By dispelling these myths, we hope to encourage more people to adopt this essential layer of online protection.

Want to learn more about your MFA and IT Security options?

CCB offers a wide variety of security services that allow you to choose the right solutions for your needs. We‘ll help you get secure and stay secure. Tell us about your IT security needs▸

Footnotes

1. Microsoft, “Adaptive MFA” 
2. National Institute of Standards and Technology, “Biometric Authentication” 
3. Microsoft, “OATH Hardware Tokens” 
4. Microsoft, “Set up Text Messaging as Your Verification Method” 
5. Microsoft, “One Simple Action You Can Take to Prevent 99.9% of Account Attacks.” 

The post Dispelling the Myths of Multifactor Authentication appeared first on CCB Technology.

Ransomware is among the largest cybersecurity threats impacting business and personal data today. This presents a unique set of challenges for IT staff tasked with defending against the various forms and sheer volume of attacks. Understanding what data is at risk during a ransomware attack is critical to preventing massive business disruptions.

Businesses and their IT teams need easy, secure tools to get the most out of their data while keeping it safe as data volumes, infrastructure, and online threats grow.

So, how do you prepare? 

 1. Clean, reliable backup

Previously, having a clean, reliable copy of your data meant you could restore your system without paying the ransom – and it was a dependable strategy. Today, the landscape has changed dramatically, and new ransomware strains specifically target backup agents, software, and files to essentially hold your backups hostage and deny users access to them.

Creating a multi-layered defense is necessary to protect your backups – and access to those backups must be quick, simple, and easy. Why? Attackers are increasingly entering primary environments via endpoints and gaining access to backups first before compromising production environments and shutting things down. 

2. Immutable snapshots

Legacy backups are no longer enough, but luckily there is a solution to this problem – snapshots. 

Snapshots offer a quick “picture” of a server, encompassing its files, software, and settings, at a particular moment in time, just as the name suggests.

Generally, snapshots are an instant capture and preserve a point in time without transferring or duplicating existing data. This is why snapshots go hand-in-hand with most modern backup approaches to provide a stable, unchangeable image to do a backup.

With snapshots, you completely change your posture against cyberattacks because they are fundamentally impervious to attacks. Rather than defending or protecting, they minimize the spread of an attack by not being affected by it in the first place. This is similar to the “write once read many” (WORM) method of data storage, meaning it can’t be altered or modified once written.  

3. Replication

Although virtualization can provide effortless duplication, many companies fail to adequately back up their virtual machines.

Multi-tiering your replication procedures can help you defend against man-in-the-middle (MIM) cyberattacks which some replication technologies are susceptible to. Built-in and encrypted at the cluster level, but also covered through third-party integrations where this happens simultaneously.

4. Hyperconverged Infrastructure

More effective at protecting data than traditional systems, hyperconvergence is a progressive way to simplify your IT operations. HCI pools resources into an infrastructure that can be managed with cloud-like ease for the entire stack (hypervisor, storage, etc.). Virtualization software turns many high-performing processors into multiple virtual machines with their own virtual processors, thus allowing each OS to run its own set of programs independent of other OS running on different processors.

Storage protocol-based attacks simply won’t work with HCI infrastructure. Properly architected HCI solutions radically reduce the attack surface by eliminating storage protocols, not simply virtualizing SANs.  

5. Security through integration

Using various security tools makes management more challenging and less effective. Combining data protection and cybersecurity allows for secure data, systems, and applications reducing the overall risk of cyber threats.

This requires integrated tools that deliver anomaly detection, active protection, air-gapping, immutable storage, and multifactor authentication controls allowing continuous measurement and protection for recoverability. The goal is to identify and address issues, ensure data and business application restoration, and enhance security measures to minimize business risk while providing effortless protection.
  

Now that you know what the five keys to ransomware protection are, let’s consider the best approach to each one.

Scale Computing is a leader in edge computing, virtualization, and hyperconverged infrastructure solutions.

Working together with great partners like Scale Computing helps us ensure your organization’s cyber defenses work smarter, not harder.

Here’s how:

 1. Clean, reliable backup

With Scale Computing’s integration with familiar third-party backup vendors, users can benefit from various levels of distinctive storage subsystems. Host-level backups can be performed without needing an agent installation on guest VMs. Protecting virtual hosts on the Scale Computing appliance is as easy as selecting the desired VMs.  

With scheduling capabilities that are flexible enough to implement almost any backup strategy, traditional full and incremental backups can be part of the past.

2. Immutable snapshots

Scale Computing protects every virtual workload with snapshots, meaning you can recover in minutes by reverting to a previous snapshot. These snapshots are immutable – they can’t be altered or deleted by their VM in any capacity. Having snapshot immutability means an admin can rapidly respond to a ransomware attack by cloning a previous snapshot taken before the attack was deployed, create a new VM from it, and power it up.  

When cloning takes seconds, recovery is fast. 

3. Replication

All Scale Computing software systems include a free, built-in feature for system-to-system replication at the per-VM level. System-to-system replication operates non-stop, sending modifications to a secondary system as quickly as possible, with the snapshot functionality serving as the foundation for VM alterations.

Replication follows the snapshot schedule assigned to a virtual machine and can clone snapshots as often as every 5 minutes for solid recovery goals.

4. Hyperconverged Infrastructure

Some hyperconverged architectures already withstand attacks simply by eliminating legacy attack surfaces used by ransomware bad actors. Scale Computing’s true HCI integrates bare metal at all layers, such as the compute storage, virtualization, management layers, and data protection features, instead of traditional systems that combine these components from different vendors using open network protocols.

5. Security through integration

There’s no need to juggle multiple solutions. Scale Computing is unmatched in architectural flexibility and native backup and recovery to avoid data loss. It integrates with leading advanced backup and proactive ransomware third-party software vendors, like Acronis, to take data protection to any level customers need.  

In closing

An organization can’t prevent a ransomware attack completely. But, it is possible to mitigate the most negative effects of an attack by improving storage and data recovery systems before one happens.

If business continuity and ransomware protection are important to you, contact us and find out how simple and affordable it can be.

The post 5 Keys to Ransomware Protection appeared first on CCB Technology.

Weak passwords exist because of the simple convenience of being easier to remember. Strong passwords should be complex, random, and unique for each account and at least 12 varied characters long. Obviously, not something easy to commit to memory! So how do you train users and ensure they’re creating strong passwords? 

What End Users Can Do

Let‘s start with the basics. Here are important password practices to share with employees to teach and inspire better password habits. 

1. Don‘t reuse passwords.

If hackers access one account, they could gain access to other accounts that reuse that password. 

2. Don‘t leave passwords unsecured.

No post-it notes, notebooks, or unencrypted text files. 

3. Don‘t share.

Keep your accounts and your passwords safe by keeping them to yourself. Never give coworkers access. Every employee should have unique login credentials.

4. Make long, complex passwords.

A 7-character complex password can be hacked in roughly 31 seconds. Compare that to a 12-character version that uses upper and lower case letters, numbers, and symbols – it would take 3000 years!  

5. Change breached passwords.

The only thing worse than using a weak password is continuing to use one that has been breached! In 2021, 70% of users still reused compromised passwords found in breaches from the previous year. 

6. Use a password manager.

If your company offers one, learn how to use it. You only need to remember one password since the password manager will create and store them for all your accounts.

7. Change passwords at least annually.

The more vulnerable an account or site is, the more frequently your password should be changed, but at a minimum, change all your passwords annually.

What Your Organization Can Do 

When you consider that more than 40% of all breaches involve stolen credentials, managing passwords for your organization should be a vital part of your security strategy.

1. Use an Identity Access Management (IAM) solution.

An IAM authorizes the right users the proper access to your organization‘s applications, systems, and data. Once you have policies and procedures, adding and deleting access based on roles and responsibilities becomes efficient and quick.

2. Implement Multifactor Authentication (MFA).

Multifactor authentication (MFA) is one of the best security measures to protect against attacks. It forces potential hackers to bypass multiple authentication measures before gaining access to an account. Get it done if you’re still among the 50% of companies that still haven’t implemented it.  

By adding a second verification step, you can stop attackers before they access credentials, increasing the chances of stopping an attack before it starts. But because passwords are the main factor in MFA, authentication will be strongest when you also protect your passwords with a credential management solution.

3. Offer and require a password manager.

Passwords generated with a password manager are fundamentally impossible to crack and take things like a pet‘s name out of the equation! A password manager gives you more control over password quality, reduces the need for password resets, and alleviates the issue of reused, shared, or stolen passwords. Use a password manager wherever you can. It’ll allow users to create completely random passwords without having to create or re-type them.

An Offer Worth Considering 

WatchGuard recently introduced AuthPoint Total Identity Security. It contains everything you need for a complete MFA solution available as one package. Total Identity Security includes the AuthPoint MFA solution, Corporate Manager, and Dark Web Monitoring services so that you can enforce a strong password policy with the best user experience.  

With WatchGuard’s Corporate Password Manager, users can retrieve their corporate, personal, and shared vault passwords using the AuthPoint app and/or browser extension when they need to access their apps or systems. This allows organizations to add non-SAML Cloud applications to the Web SSO Portal for more robust authentication and a smooth SSO experience.

Want to learn more about your MFA and IT Security options?

Talk to your CCB Account Manager. CCB offers security choices that allow you to choose the right solutions for your needs. We‘ll help you get secure and stay secure.

The post Guidelines for Creating Strong Passwords appeared first on CCB Technology.

Here are eight questions to ask to help you identify a potential phishing attempt:

1. Is the sender familiar?

When it comes to identifying phishing emails, rushing can be your downfall, so slow down. If the sender is unfamiliar, do a thorough analysis. Check the display name and email address. Using banks, credit cards, and big retailers, scammers will impersonate display names to appear legitimate. Be sure the domain matches the organization’s name – @microsoft can become @microsaft or @microsoft123. Check online for legitimate URLs.

2. Is the greeting generic?

If you are doing business with someone, they should be using your name – it’s simple to personalize an email these days. If the email starts with “dear sir or madam,” you can be sure it’s not your bank or credit card company. Hackers may also avoid using a salutation altogether and move you directly to take action through a link.

3. Are there spelling and grammar errors?

These errors can be due to poor language translations, but they aren’t always mistakes. Sometimes they are meant to bypass spam filters that block keywords and phrases to prevent phishing attempts. They also weed out targets with greater attention to detail that are less likely to fall for their bait. Bottom line: legit businesses know how to spell.

4. Is the message urgent or threatening?

Pushing you for a quick response is a common trick to get you to act without thinking. Messages like “recent account changes” or “your package couldn’t be delivered” are screaming for immediate attention. Don’t respond, or click attachments or links, until you are 100% confident that the email is from a trusted source. If you can’t determine that, try contacting the organization through ways you trust.

5. Are they asking for personal information?

Never send personal information through email – reputable companies won’t ask you to do that. Be suspicious if they request you to provide login credentials, account numbers, payment information, etc.

6. Are the email domains consistent?

Always check embedded links in an email by hovering the cursor over them, but don’t click on them! If the link address doesn’t match the embedded link, it is most likely malicious and redirecting you to a phishing website. Remember, never click on a domain without a URL that starts with https.

7. Are there suspicious attachments?

Malicious attachments are an easy way for attackers to deploy malware onto your device and gain access to sensitive data. Look for file types like .exe, .scr, and .zip. Most reputable institutions will direct you to their website to download documents or files – they don’t randomly send you emails with attachments.

8. Is it an urgent internal request?

Don’t automatically trust emails from internal sources if you have concerns about the email – like requests for urgent attention or asking for sensitive information. HR-related emails are top on that list and most often involve a financial verification or change. Message or call to confirm the sender is legitimate.

Think the email you’re looking at is a phishing attempt?

Don’t just delete it. Flag it as spam mail so your email client will know to move these types of emails to your spam folder in the future, ensuring you don’t accidentally open them going forward.

Phishing attacks are becoming increasingly sophisticated, and you simply won’t always be able to detect them. If you think a phishing attack has fooled you, immediately report it to your IT department. Don’t let embarrassment hold you back. Your IT team will be able to determine if the email you received is legit, run a virus scan, and address suspicious activity.

So, should you lose sleep over phishing attempts? No, there are a lot of phishing emails out there, but fortunately, antivirus, firewalls, and spam filters stop most of them from ever getting into your inbox – so you won’t have to see them often. You only need to be prepared to defeat the few that get through. Stay educated and be cautious and discerning about what you open or click on.

Don’t be fooled by scammers – contact CCB to learn more about our security offerings and how we can help you train your users.

The post 8 User Tips for Identifying Phishing Emails appeared first on CCB Technology.

Sometimes it’s an explanation that just seems “off.”
Sometimes it’s a gut feeling around trust that you try to rationalize away.
And sometimes, you don’t have a clue until it’s too late.

No one likes to think an employee, vendor, or other business relationship would do anything to compromise their business, however that threat is real. Cyber-attacks can come from the inside – whether deliberate or not, and the warning signs are usually there. Do you know what they are?

What defines an insider threat?

Simply put, it stems from people who have a connection to your business. Current or former employees, vendors, contractors, partners – people who have legitimate reasons to access your networks, systems, or data and can potentially damage your business using those privileges.

It’s important to recognize that not all insider threats are intentionally malicious. It’s estimated that most compromises result from reckless or careless activities that are often missed or overlooked. Either way, over a third of organizations have been affected by an internal attack, and 70% overall say they are more concerned about internal threats than external ones.

Understand what to look for.

Internal threat indicators are often dismissed, meaning damage can be done over a more extended period and become costly. Knowing what signs to look for will help you act quickly and develop internal safeguards and policies to reduce their impact.

Unintentional compromise

Stress, distraction, the pressure of deadlines, or being short-staffed can contribute to accidentally clicking on a phishing email, miskeying a code, or accepting a questionable request. Another often missed opportunity for data loss is your employee’s personal equipment, like a cell phone or home computer. Do they have up-to-date virus software or password management? Is a PIN required to open a personal cell phone if it’s misplaced? Accidents happen, so it’s critical to arm employees with knowledge about social engineering and the due diligence required to protect themselves and your organization.

Concerning changes in behavior

Emotional, financial, or relationship stressors may entice some to participate in acts they wouldn’t consider otherwise. Listen for verbal dissatisfaction about the company, pay, and work expectations. Watch for attitude and performance changes or changes in time spent working off-hours. Addressing behavior changes will reduce your potential risk.

Data or technology actions

A sudden increase in accessing shared drives, copying large volumes of files, or emailing documents to personal accounts could indicate your data is a target internally. Watch for someone accessing files or folders that don’t relate to their job role or trying to get around security protocols, like tampering with anti-virus or changing privileges.

Accountability and trust issues

Employee training is only as good as employees’ willingness to participate and apply what they have learned. Finding ways to reinforce good behavior and call out careless actions is essential. Unfortunately, some will continue to do what they want or don’t want without regard for your business’s safety. Reinforce that behaviors are monitored, and everyone is expected to act responsibly.

Weak security and unsafe practices

So, where does the fault lie if your house gets burglarized because you left the front door open? Poor digital and physical security protocols can increase the chance of exploiting a vulnerability. Is the company server behind a locked door? Are visitors to your business being properly vetted? Be aware of and address opportunities for anyone to damage or steal property.

Take preventative measures.

Recognizing behavioral factors, warning signs, and areas of vulnerability is the first step in protecting your organization. Still, things can escalate quickly without an action plan in place that will detect and reduce the impact of an internal cyber-attack.

Here’s a checklist of things you can do to reduce your risk:

• Complete a risk assessment

• Pinpoint and address your vulnerabilities

• Identify and protect critical assets

• Document governance and control policies

• Enact entitlement controls and access privileges

• Invest in data loss prevention (DLP) tools

• Incorporate integrated security technologies

• Maintain strong security and patch management

• Reinforce your email security

• Provide regular cybersecurity user training and testing

• Do additional training for those in highly targeted positions

• Encourage a strong culture of trust and accountability

Want to be better prepared against insider threats?

Your business needs a security strategy that brings together people, processes, and technology to defend your organization effectively.

CCB is here to help you with:

• Risk and vulnerability assessments
• Consulting on best practices for security policies and protocols
• End user security awareness training and testing with reporting
• A customized integrated security approach for your organization
• Managed Detection and Response

We have solutions – so you can avoid a situation.

The post Identifying Potential Internal Threats appeared first on CCB Technology.

A friend of mine works for a local industrial supply company that, within the last year, went from a small business to a mid-sized one as a result of an acquisition. She recently told me some company executives had received an email with a link to a document, and three of the group clicked the malicious URL. As a result, a hacker gained access to several areas of their systems, and their one-and-only IT person was being blamed.

Sadly, she isn’t the first person I know who has been through a company breach. While companies of all sizes are targets, the small to midsize ones are experiencing the majority of successful attacks. As high as 55% of companies in this category have experienced a data breach, with 53% having multiple occurrences. Smaller organizations’ elevated attack success rate is often simply due to insufficient budget for adequate cybersecurity tools and resources.

Data breaches are becoming extremely costly to businesses and, in many cases, result in significant fines and legal fees. They not only hurt financially but cause damage to a business’s reputation and put customers and employees at risk. That’s why organizations are rapidly embracing cyber insurance to limit their liability and ease the burden of recovery in the event of cybercrime.

What is cyber insurance?

Regular business insurance does not cover cyber incidents or data breaches – they often exclude them. Cyber insurance policies generally start with business liability related to a data breach involving sensitive customer information and progress to more robust policies with additional coverage to help prepare, respond, and recover from a cyber-attack.

What does cyber insurance cover?

There are multiple layers to how cyber insurance policies are constructed, but four primary risk areas are considered in the process: privacy, security, operational, and service. Policies are generally written based on first-party and third-party coverage:

First-party covers costs related to:

• • Extortion demands
  • Legal counsel
  • Investigative/forensic services
  • Data or identity recovery services
  • Lost income due to business interruption
  • Public relations/crisis management
  • Fees, fines, and penalties

Third-party covers costs related to:

• • Damages to customers or partners impacted
  • Settlement expenses due to lawsuits
  • Costs related to litigation in regulatory inquiries

Cyber insurance has no one-size-fits-all policy since company size, industry, revenue, and geographic location are all considerations. As with any insurance, policies, and pricing vary widely from one provider to the next.

Why consider cyber insurance?

Protecting your business with cyber liability insurance will help you respond and recover quicker after an incident. In addition, your business may need coverage if you store or process sensitive data – like digital payments, medical or financial information, or personal data about customers. Ultimately, the question is, “What would happen to your business if you faced a cyber-attack today?”

How does cyber insurance work?

We’ve made it easy and put together a complete guide on what you need to know about cyber insurance and how to qualify. It includes a comprehensive checklist so your organization will be eligible for cyber liability insurance and better prepared in the event of a cyber-attack.

The post What is Cyber Liability Insurance? appeared first on CCB Technology.

But printers… not so much.

Is network printer security really a thing?

Companies have been maintaining tight control of physically printed documents for as long as there have been printers. That’s important and necessary, but many companies don’t realize that they may be wide open to attack because of poor network printer security measures.

If you’re like I was at first, you might think there’s not a lot that could go wrong with printing other than paper jams or forgetting how to replace ink cartridges, but network printers are just as vulnerable to malware and hackers as PCs.

According to InfoTrends, there are almost 30 million printers and multifunction devices in offices and homes throughout the U.S. and Western Europe that are connected to a network. If malware is installed on a printer, hackers can do all sorts of nasty things, including:

• Get access to confidential or sensitive information
• Launch denial-of-service (DoS) attacks
• Access saved copies of documents
• Send unauthorized print jobs

According to HP, in a survey of 300 IT and security pros, just 16 percent of respondents think that printers are at high risk for a security breach. Yet there are hundreds of millions of business printers in the world and less than 2 percent of them are secure. Yikes!

It’s not too late to implement network printer security measures. Here are four things you can do to protect your printers and your business from attacks.

1. Assess what printers are networked

Do all printers need to be connected to your network or only certain ones? Having an unsecured printer connected to your network is like an unlocked back door to your business. One thing you can do, at least until you get proper security measures in place, is unplug from your network. If there is no physical or wireless connection, hackers can’t compromise your network.

2. Pay attention to the basics

Since most networked printers can be accessed remotely with a password, the simplest thing you can do to secure a printer is to change the default password when you set it up. If you haven’t done this – stop reading now, get up, and GO CHANGE IT! And throw in a few unexpected characters to make it more difficult to break. You may thank me later.

You also want to keep the printer firmware updated. Printer manufacturers send out firmware updates as new threats are uncovered so check for them regularly and then USE ‘EM! If you’re as easily distracted as I am (Look! Squirrel!), set up a recurring reminder on your calendar. It’s not difficult to do and it’s another layer of protection.

3. Use encryption

If you’re printing any sensitive information – employee files, confidential company information, or customer invoices – don’t trust that sort of data to an unencrypted network!

When you send a print job over a secured network using encryption, your information will be converted into undecipherable code to hackers. It just makes sense to use encryption so the print job can’t be intercepted, or at least interpreted, on its way to the printer.

Many multifunction printers, copiers, and scanners also have hard drives that store the documents, faxes, images, etc. that are going to be or have been printed. Make sure those drives are also encrypted so that if you are attacked that information is not compromised either.

When you retire a printer, make sure you wipe the drives. In 2010, Affinity Health Plan, a managed care plan company in New York State, returned multiple photocopiers to their leasing agent without wiping the information on the drives. Confidential data for almost 350,000 individuals were found on the drives. That HIPAA violation cost them 1.2 million dollars. Ouch!

4. Purchase secure printers

Okay, I don’t mean to be a shill for any particular printer company, but HP printer security is a standout among secure printing solutions.

HP network printers offer unique technologies designed to thwart attackers’ efforts and then fix themselves. These features automatically trigger a reboot any time they detect an attack or other anomalies.

Every time the printer is started, HP Sure Start checks the integrity of the BIOS code and defaults to a safe copy if it is compromised. It then checks the firmware to be sure it is a known code digitally signed by HP. If not, it reboots. Then it checks the security settings and fixes them if needed. Finally, it monitors the printing process in real-time and reboots if it detects an attack. Pretty cool stuff.

Other printer manufacturers have network printer security features as well. Take advantage of them and keep yourself secure!

Who knew that just a lowly printer could leave a company vulnerable to malicious attacks? Now you do!

Need to beef up printer security?

I hope I didn’t scare you too much, but network printer security is no joke! CCB Services can help you replace or secure your printers to make sure hackers can’t get in. Before you print… contact CCB to protect your business from network printer vulnerabilities.

The post Network Printer Security: 4 Ways to Stay Protected appeared first on CCB Technology.