Blog

simple cybersecurity tips

If you run a small- to medium-sized business (SMB), chances are that you’re already aware that cybersecurity should be a concern. In fact, a recent survey from AppRiver found that more than half (58%) of SMBs in the U.S. are more worried about getting hacked than they are about a flood, a fire, a transit strike, or even a physical break-in of their offices.

The question is, what are you going to do about it? Staying secure on a budget can be a challenge for SMBs – a problem that’s often exacerbated by a lack of in-house security expertise. Turning to cost-effective managed services is a good solution – but there are also plenty of tactics that you can implement to minimize your risk.

Understand the Hacker Tricks of the Trade

Cyberattackers are savvy and adaptable, but there are a few common techniques that they use on a regular basis. Understanding what these are can help you protect your business.

Far and away, the most common way an attacker infiltrates networks and harvests sensitive data is through phishing.

Phishing works like this: A victim will receive an email claiming to be from someone they know, or from an organization they recognize or perhaps even deal with often. These emails sometimes clearly stand out as spam, but in other cases, the impersonation will be hard to spot: the adversary will take great pains to make it look and sound like a legitimate email, complete with authentic-looking logos.

Within that phishing email will be a malicious link, attached document, or an app. When a user clicks on a link, it will take them to what looks like a legitimate page with a log-in screen. That page is actually fake (or “spoofed”), and when the victim puts in his or her credentials, the hacker is able to grab them and gain unauthorized access to the victim’s account. In the case of an attachment or app, opening it usually results in malware being installed on the victim’s machine. That virus or a trojan gives hackers access to the data on the victim’s computer or phone (for instance, it could be a keylogger, which captures what the victim types to uncover user names and passwords), and also allows them to gain a foothold on the company network.

There are also watering-hole attacks to worry about. Here, an attacker might create a fake website that offers information that a specific target might be interested in – industry-specific articles or “how-to” blogs, for instance – while in the background it is executing malware on the visitor’s computer. In a variation of this, adversaries create fake mobile apps that appear to do something useful; but when installed, they turn out to be malware.

A third common attack method is via malicious Wi-Fi networks in public places. A hacker can use software to set up a wireless access point (with an innocuous or attractive name like “free public Wi-Fi”) – and once someone has connected to it, a hacker can intercept and eavesdrop on any traffic that flows through it.

There are other techniques out there as well, but these are common tricks to watch out for.

Employee Training: A Crucial Line of Defense

All three of these attack types require the user to take some kind of action – click on a link, download an attachment, visit a dodgy website, download a rogue app, or connect to an untrusted Wi-Fi network. And that means that the attacks can be prevented with good security hygiene.

Training your employees is a critical first line of defense against these opportunistic kinds of attacks. For starters, implement the doctrine of verification: Before clicking on a link or downloading an attachment in an email, send a separate email to the supposed sender to make sure the person did indeed send the message – especially for anything unsolicited. Better yet, pick up the phone and call the person.

Another training tactic is to learn to always hover over a link to make sure it’s the legitimate address. Malicious links won’t have the proper URL – however, they may have similar-sounding URLs. If the message claims to be from the Bank of Peter, the malicious link may read something like www.bankof.peter.com or www.bankofpeeter.com instead of www.bankofpeter.com.

In a similar vein, employees should be trained to never download an app from a third-party app store. Even if they do download something from Google Play or the Apple App Store, advise them to read the reviews to make sure all is on the up-and-up; sometimes bad apps do get through.

And finally, on-the-go employees should be wary of public Wi-Fi, and should always verify the legitimate SSID with the airport, café, or other operator of the space. It’s also a good idea to use a VPN – there are plenty of free offerings.

Require Best Practices

Along with basic security training, SMBs should always ensure that best practices are being carried out. For instance, all software should be kept up-to-date. Most of the time, a malicious attachment or watering-hole attack will only be successful if there are unpatched software vulnerabilities on the target machines.

For any cloud services, employees should be required to enable two-factor authentication (2FA), which will make it necessary to enter a one-time password that’s sent to a mobile phone before the user can log in. That way, even if hackers somehow gain a user’s credentials, they still won’t be able to log in because they don’t have access to that user’s mobile device.

Speaking of which, password hygiene is critical as well. Businesses should be thinking about complex passwords which include a combination of letters, numbers, and special characters. SMBs should require that their users change these often, are unique and not used anywhere else. In a similar vein, users should make sure that their website security questions are difficult – not information that could be gleaned from social media or elsewhere, such as your mother’s maiden name or the city where you were born – and consider making up the answers to thwart hackers even further.

Simple Administrative Fixes

Beyond user actions, there are simple actions that SMB network administrators can take to help their companies get out of the “low-hanging fruit” camp. Most hackers are looking for an easy score. Anything that raises the bar of effort for them – even a little bit – will cause them to move onto the next potential victim rather than expend any more time and effort on something that isn’t easy.

To start, enable firewalls and traffic encryption – you can easily enable the basic tools that come with your networking gear. Secondly, make sure that all default passwords on devices connected to the network are changed to unique combinations, and keep the software and firmware up-to-date. Next, replace any systems with outdated operating systems like Windows 7 – Microsoft no longer supports these, and there are known vulnerabilities that hackers can easily exploit to gain access.

And finally, think about permissions. Take steps to manage and limit access to data, drives, and systems for those employees that don’t need it. Also, don’t forget to deactivate access for those who don’t need it anymore – ex-employees are a leading cause of data theft.

The bottom line: as a small business, you are a primary target for hackers. Make time for these easy steps today to avoid difficult situations in the future. Need help securing your business or want to learn more? Visit www.tpx.com/managedIT or call 888-407-9594.

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.

 

 

healthcare cybersecurity

The healthcare industry continues to be a prime target for hackers, given its store of confidential medical records, Social Security numbers, and insurance data. This type of patient information carries a premium on underground Dark Web markets – it can be used for lucrative fraud efforts, or to mount convincing email attacks designed to deliver viruses and malware.   

Hospitals, doctors’ offices, and other healthcare facilities have a responsibility (both legal and ethical) to reduce the risk of data exposure for their patients. But the reality is that outdated systems, vulnerabilities in medical devices, and a lack of in-house IT resources are big obstacles for many healthcare businesses.    

It’s this perfect storm – underprepared organizations and people willing to pay top dollar for stolen data – that has led to an increasing number of data breaches in the healthcare vertical. You may have heard of a recent UConn Health phishing attack that impacted 326,000 patients; or how Navicent Health, the second-largest hospital in Georgia, had to notify patients that their personal data was potentially breached after their email system was compromised. Some breaches are also inadvertent; for example, medical device maker Zoll Medical reported in March that the personal information of more than 277,000 patients was exposed during a recent server migration.   

In all, adding up the public figures, breaches are compromising the personal health information (PHI) of over 2 million people per month.  

Investing in cybersecurity is something that all healthcare companies should do – but that’s often easier said than done, especially if other mission-critical spending trumps that investment. Nevertheless, it’s critical to take cybersecurity seriously. If your organization is making the choice to put off investment in defending your patients’ data, here are 10 stats that are worth considering.  

  1. The healthcare sector is the most-targeted industry, accounting for 41 percent of all cybersecurity breaches reported in 2018, according to Beazley Breach Insights. 
  2. The healthcare segment actually experiences twice the number of cyberattacks as other industries (source: Fortinet). In 2017, there were an average of 32,000 intrusion attacks per day per organization, compared to about 14,300 per organization in other industries.
  3. Healthcare also has a significantly higher rate of insider breaches than any other sector, Beazley found. This is particularly dangerous as it’s harder to track down attacks from within.
  4. The same firm found that about a third of healthcare’s reported breaches were related to hacking or malware attacks, with another 31 percent caused by accidental exposure such as database misconfigurations. That means that a third of the breaches are entirely avoidable.
  5. About 39 percent of healthcare organizations are hit daily or weekly by hackers, according to the Radware 2018-2019 Global Application and Network Security report. And, only 6 percent of respondents said they’d never experienced a cyberattack. 
  6. Ransomware – where a criminal infects a network with malware that encrypts files and prevents users from accessing them until a fee is paid – primarily targets healthcare. In fact, hospitals account for up to 70 percent of all ransomware attacks, according to analysis from an MIT professor and researcher. 
  7. Cleaning up from an incident is not cheap: Executives from the National Association of County and City Health Officials say that healthcare breaches can cost up to $400 per patient; and yet, only 33 percent of the industry has taken the preventative measure of protecting themselves properly. 
  8. When everything is taken into account, healthcare cyberattacks cost $1.4 million on average in recovery. This cost is directly tied to a loss of productivity, reputation damage, and service disruption, among other business impacts.
  9. There are other costs too: Hospitals spend 64 percent more annually on advertising for two years following a breach, in an effort to repair the hospital’s image and minimize the loss of patients to competitors. 
  10. And finally, the danger is only growing. According to a 2019 Bitglass study, the average number of individuals affected per healthcare breach was 39,739 in 2018 – more than twice the average of 2017. 

Healthcare will continue to be a lucrative target for hackers throughout 2019, with weaponized ransomware, misconfigured cloud storage buckets, and increasingly sophisticated phishing emails. Security threats will continue to increase in sophistication as we become more and more dependent on technology.   

“Digitization continues to increase, supply chains are becoming more complex and attacker sophistication is improving,” according to a Moody’s Investors Service report  

Yesterday was too late, but today is better than tomorrow to improve your security posture. Act today: Schedule a free consultation with TPx to find out how to meet the challenges of securing patient data using reliable, cost-effective managed services. Visit www.tpx.com/managedIT or contact your TPx representative to learn more. 

 

About the Author

Lucie Hys is a Senior Product Marketing Manager at TPx. She is currently leading the marketing efforts for the company’s MSx suite of managed services. She has been working in marketing for more than 9 years, with the last four focusing on the cybersecurity industry. Lucie graduated with an MBA from Florida Gulf Coast University. In her spare time, she is an avid fitness enthusiast and a passionate traveler. 

 

Whatever changes are in store for the future, one constant that we all will continue to face is the need to protect our data and infrastructure from increasingly complex digital threats. TPx is on the forefront of managed security services, offering a range of turnkey options to protect your critical data and IT systems without the cost and hassle of doing it all in-house. We’ve been able to establish these world-class – and industry-leading – solutions thanks to a team of professionals that runs our state-of-the-art security operations centers (SOC) in St. Louis, Missouri and Portland, Maine. A close-knit group of security analysts and engineers comes together there to deliver high-value, and highly effective, security services for our customers.

Inside Our SOC

TPx Security Operations Center

In a cyber landscape increasingly colored by spyware, ransomware, data breaches, denial-of-service attacks and many others, our SOC delivers TPx customers peace of mind. Most of the team’s time and effort is focused on enabling and managing the security features that are built in to each customer’s firewall.

The TPx SOC was built from scratch to respond to today’s critical need for security services. Developed by former security experts from the United States Department of Defense, it employs both digital and physical protections to its operations, including multistep access protection that includes:

This enhanced physical data protection is driven by requirements like HIPAA, PCI and CPNI standards. It was all designed into the SOC so our clients can rest assured they have all the layers of protection they need, and that they can meet stringent government and industry standards for maintaining sensitive data in key industries.

Meet Some of Our Team Members

Technology is nothing without people.  With this in mind, we’d like to introduce you to some of the members of our growing managed security services organization. It’s thanks to them that our customers can focus on their own businesses by day and rest easy at night.

Steve previously worked as a system engineer for St. Charles County, where he was in charge of network security. He also taught IT and mathematics classes for more than two decades, and has spent his time collecting a slew of certifications along the way. Steve taught IT courses at ITT Technical Institute for 12-and-a-half years, and he taught mathematics at other colleges for more than a decade prior to that. Steve brings no shortage of certifications to the TPx table, including: CCNA, CNA and MCP in 2003 Server; the A+, Security + Certified Authorization Professional (CAP) certifications from ISC2; and many more. When he’s not honing his technical expertise, Steve likes to sing karaoke, play guitar, and fly radio-controlled jets, airplanes and helicopters.
Bob has been on the front lines of fighting Internet abuse for the past 10 years. As a Certified Ethical Hacker, he knows the threats, how you can be attacked, what can go wrong in a response, and what to do to proactively protect your network. When not fighting cybercrime and sifting through forensic data, Bob enjoys playing Afro-Cuban percussion and building electric ukuleles.
Bryan is a network security engineer bringing almost 20 years of experience from his time in the U.S. Army – and in various roles afterwards – in the areas of systems, network, and security administration and engineering. He holds a BSc in Information Systems Security and has numerous security certifications. When he isn’t busy working to keep networks safe, you’ll find Bryan relaxing with coffee and a book, in the kitchen trying out a new recipe, or cheering (probably a little too loudly) for one of the Boston-area pro sports teams.
Charles is a security analyst at TPx, where he monitors networks for security breaches and investigates violations when they occur. He also configures firewalls, sets up virtual private networks (VPNs) and adds upgrades. Charles holds a bachelor’s degree in Information systems and cybersecurity. In his spare time, he enjoys basketball and cooking.
Jesse was originally an IT intern with TPx. He has since forged a path into the MSx Security team where he excels as the team supervisor, working on the best ways to maintain and secure networks. Working with the MSx Security director and product manager, he ensures that customers receive the white glove treatment they deserve.

These are just some of the talented folks behind it all, allowing TPx to offer our 24/7/365 protection and mitigation against viruses, ransomware, DDoS attacks and an increasingly sophisticated array of threats to businesses – all with the highest standard of excellence.

TPx has a full range of state-of-the-art protections and mitigation services, all offered on a cost-effective, managed basis. Managed security is always up to date, which means that the latest threats and security incidents can be quickly identified and receive an immediate response. Call your TPx representative today to find out how we help you navigate the always-evolving threat landscape.

 

About the Author

Adam Weber leads the development of TPx’s security product offerings. He has more than 15 years of experience in security and cybersecurity, both in the public and private sectors. He is a 12-year U.S. Army veteran in communications and was deployed to two combat zones. He has also worked with U.S. government agencies like U.S. Transcom (U.S. Military Transportation Command), DISA (Defense Information Systems Agency), and NGA (National Geospatial Agency). In his spare time, he is a computer and technology hobbyist who enjoys building his own networks, servers, labs, and security infrastructure. Adam holds an MBA from McKendree University and CISSP, CASP, CEH, and Security+ certifications.

 

RSA 2019 in San Francisco

Over 42,000 people attended the RSA Conference at the Moscone Center in San Francisco last week.  For those who aren’t familiar with RSA, it is the largest and probably most influential global cybersecurity event, bringing together people and companies from all over the world to talk about security practices and technology.

Heavy rain in the Bay Area did not deter anyone from attending – in fact, this year’s conference was bigger than ever. Hundreds of vendors filled up the show floor, waiting to impress the attendees with their products. They took up not only the north and south halls of the Moscone Center, but also the space between them.

Equipped with comfortable shoes, an empty bag for swag, and an abundance of curiosity, I hit the show floor ready to talk security. Like with any other conference, if you can look past the fancy displays and badge scanning, you can find many smart people to engage in conversation. I started out by talking to some of TPx’s security vendors such as Fortinet, Webroot, CounterTack, Rapid 7, and NetScout.

I expected to hear a lot of buzz about AI and machine learning this year, as that was a big theme last year. However, it became clear after talking to our vendors and many other attendees that there wasn’t going to be a specific trend this year.  It was more about going “back to basics,” building a layered approach when it comes to cybersecurity and technology:

Here are some of my favorite quotes from our vendors:

Stephan Tallent, Fortinet’s Sr. Director, MSSP & Service Enablement: “Managed security service providers were out in full force as many sought to simplify the daunting security challenge that RSA illuminates with the myriad of security vendors on display, all vying for attention. So many security vendors, so few that actually share and operationalize threat intelligence across the attack surface.”

George Anderson from Webroot: “Customers want less complexity, more simplicity, more integration, and more one-stop-shop places to go to. Often people are too focused on security as being products and technology and not enough being about human beings.”

This year’s RSA Conference only served to reinforce that TPx is doing the right thing for its customers by offering managed services that address a layered approach.  TPx doesn’t look to replace IT teams, but rather help companies augment their IT teams with enterprise-level technology and services that most small and mid-sized businesses can’t afford doing on their own, especially not 24/7.

If you attended RSA this year, what were the highlights of the conference for you? Share them with us in the comments.

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.

 

stay secure on a limited budget

The ambition and dedication of small and midsize businesses (SMBs) drive the modern U.S. economy. These businesses face special challenges in the IT space because they don’t have the staffing, institutional knowledge and financial resources that larger enterprises do.

The Threat Landscape for SMBs

99.7% of all U.S. businesses have fewer than 500 employees. That huge footprint makes SMBs a prime target for cyberthreats, cybercrimes, and data breaches and theft – and an attack can have a devastating effect on an SMB’s viability.  The small to midsize business is an increasingly attractive target to malicious actors and cybercriminals because it is often unable to maintain the tools, skills, knowledge, and staff required to adequately defend the business.

According to Barkly, 57% of SMBs reported an increase in cyberattack volume in the last year. However, even though cyberattacks are becoming more sophisticated, only 36% of SMBs expect to be willing or able to increase their cybersecurity budget in FY2019.  These numbers point to a chilling existential risk to the survival of SMBs that rely on access to their data.

The Securities and Exchange Commission (SEC)’s Public Statement plainly states:

Cybersecurity is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses. The reason is simple: small and midsize businesses (“SMBs”) are not just targets of cybercrime, they are its principal target. In fact, the majority of all targeted cyberattacks last year were directed at SMBs.

Why Are SMBs Being Targeted?

The same SEC Public Statement also indicates that many SMBs cannot handle a cyberattack effectively on their own.  A survey in the same report indicated that as many as 27% of SMBs have no cybersecurity protocols at all, and as many as 60% of them did not respond to a cyberattack correctly.  These conditions are exactly what a cybercriminal or malicious actor needs to continue perpetrating their attacks.

The question of “why” SMBs are being targeted at such high rates is easy to define.  It’s much harder to change the characteristics that make SMBs a high-priority target.  However, one thing is certain: money is a primary motivator for cyber adversaries. Cybercriminals are either trying to steal the SMB’s money directly, or they’re looking for data that they can sell for a profit on the black market.

Whether the discussion about how to assist SMBs in their cyber defense is about training, education, tools, skilled employees, around-the-clock monitoring, or using the most up-to-date technology to mitigate threats and vulnerabilities, the sticking point is always about the budget, the financials, and the overall impact on the business plan.

Managed Solutions for SMB Cybersecurity

Some SMBs will attempt to “go it alone.”  According to a report from Trustwave and Osterman Research, in 2014 SMBs spent $156 per user on security solutions (software, hardware, services and other technology), compared to $72 for enterprises.  Of this spend, only about 19% was dedicated to managed or cloud services.

The conclusion of this report indicates that security solutions for SMBs are often too expensive to purchase outright, which is why Managed Service Providers (MSPs) have been a financial relief to them.  Investments in inclusive infrastructure solutions, software solutions, computing solutions, or expert staff are cost-prohibitive for most SMBs.  MSPs provide these solutions at a fraction of the cost.  MSPs have the knowledge to monitor for, assess, analyze, report on, mitigate, and remediate cybersecurity threats and vulnerabilities for many customers at once, without having to undertake the onerous financial burden that an SMB would undoubtedly face on its own.

Some of the solutions a Managed Services Provider can offer include:

  1. Triage – Underskilled and undertrained IT staff face an insurmountable task when looking at the sheer quantity of passive and active attempts to infiltrate a network or device. Every SMB has specific data that is important to its business plan, and has unique and proprietary systems that require protection.  Additionally, there are often industry standards, regulatory compliance requirements and customer data protections that dictate what can or can’t be done.  MSPs can implement prioritization techniques that analyze the severity of attack attempts and appropriately implement policies that thwart them.
  2. Automation – MSPs can purchase more state-of-the-art tools and appliances, allowing them to implement automated tasks and alerting. This gives MSPs an advantage that many SMBs cannot afford to implement.  A streamlined and automated workflow of alerting, reporting, mitigating, or even remediation can result in large financial savings rather than waiting on a human being to perform the same tasks.
  3. Education and Training – Cybersecurity training and education is a never-ending task. MSP security analysts and engineers undergo constant training on tools and appliances, and they continue to accumulate security certifications in quantities that SMBs would likely never be able to afford.  Additionally, MSPs can provide user training to inform their customers of the dangers in the cybersecurity landscape.  Some of these dangers include opening unknown emails, clicking unknown ads, implementing poor passwords, connecting to unsecured WiFi networks, and browsing dangerous websites.
  4. Up-to-Date Technology MSPs have the budget and the business plans to purchase high-quality products from specialized vendors in the cybersecurity space. As a result, MSPs can offer SMBs a top-grade solution that would otherwise be unattainable for them.  Next-generation firewalls, backup and recovery, endpoint detection and reporting are all tools that are now available to SMBs through MSPs at a fraction of the cost of implementation.

By working with an MSP, your business can reduce the costs of downtime and business interruption, while spending less on salaries and minimizing turnover. You’ll also save on related costs like training, education, and specialized equipment and services which come with the MSP’s extensive in-house teams.

Ready to see how TPx can help you stay protected while cutting costs? Talk to a TPx specialist today.

 

About the Author

Adam Weber leads the development of TPx’s security product offerings. He has more than 15 years of experience in security and cybersecurity, both in the public and private sectors. He is a 12-year U.S. Army veteran in communications and was deployed to two combat zones. He has also worked with U.S. government agencies like U.S. Transcom (U.S. Military Transportation Command), DISA (Defense Information Systems Agency), and NGA (National Geospatial Agency). In his spare time, he is a computer and technology hobbyist who enjoys building his own networks, servers, labs, and security infrastructure. Adam holds an MBA from McKendree University and CISSP, CASP, CEH, and Security+ certifications.