Author Archives: Maria Koblish

WUDO or WUDON’T

A few weeks ago, as part of a GAP analysis for an upcoming PCI (Payment Card Industry) compliance audit, I was examining all of the network traffic passing between the client’s PCI network (in scope), and the regular corporate network (not in scope).  This gets a little wonky, but let me take a moment to provide a little background.  This particular client processes a huge volume of credit card transactions, so they are required by their card processing company to pass an annual compliance audit.  Because card processing systems are typically connected in some way to other parts of the corporate IT infrastructure, establishing what part of the infrastructure that is “in scope” is very important, as only the “in scope” part of the infrastructure is audited.  We do this type of work fairly often for our clients, as it falls well within our expertise from an IT perspective, and often we are managing both the PCI and corporate networks.

So, back to what I discovered.  We examine network traffic passing between the card processing network and the corporate network to confirm that access has been restricted.  The idea is that if the corporate network is breached in some way, the hackers cannot get to PCI data.  During this process, I discovered some network traffic between Windows 10 workstations that I could not readily explain.  After digging a little deeper, I discovered a “feature” in Windows 10 that I was not aware of, something I was not happy about.  Baked into Windows is a new technology Microsoft dubbed “Windows Update Delivery Optimization” (WUDO) that is turned on by default for all editions of Windows 10.  WUDO is a new windows service designed to deliver Microsoft updates from PC’s that have already been updated.  WUDO functionally resembles BitTorrent and uses peer-to-peer network connections to spread the load for supplying Windows updates to PCs rather than relying on Microsoft’s centralized Windows Update servers.  Depending on your version of Windows, WUDO can provide updates only to other PCs on your local network, or PCs that are actually out on the internet (a whole separate problem).

WUDO was not really a secret, as Microsoft mentioned peer-to-peer update delivery back in 2015 as a new feature for Windows 10 Update for Business.  Users can disable WUDO entirely or limit its reach by changing settings in Windows 10.

After giving some thought to how this service works, the network traffic that gets generated between PC’s, and the potential opportunities that might provide to the hacking community, we have opted to disable this service from every Windows 10 workstation that we manage.  It doesn’t take a genius to wonder what would happen if one of the distribution PCs gets hacked, and someone figures out how to modify the cached updates.  Even if this service cannot be used to infect other machines, it seems like it could also be used as a “denial of service” attack where a corrupted update is distributed to a larger group of machines that causes those machines to blue screen or not boot.

We take a lot of pride in knowing about these kinds of “features” before they are released by a software manufacturer, so it is a little embarrassing that I was not aware of WUDO, and that as a company, we discovered it by accident.  I was happy that we discovered it during an audit, as that is the reason why auditing is important and actually works.

To borrow a line from a very famous play, “To WUDO or not to WUDO, that is the question”

Our answer – WUDON’T

Are You PCI DSS Compliant?

The payment card industry is a delicately balanced ecosystem of players: vendors, payment transaction devices, networks and infrastructure. Every player is co-dependent on mutually assured success.

Are You PCI DSS Compliant?

The payment card industry is a delicately balanced ecosystem of players: vendors, payment transaction devices, networks and infrastructure. Every player is co-dependent on mutually assured success. That can’t happen with security vulnerabilities.

With every payment card transaction, the security of cardholder information is paramount. Secure payment transactions are the heart of why the Payment Card Industry Security Standards Council was formed in 2006 by major credit card companies. Recognizing the need for uniform guidelines, the Council outlined a set of requirements for all businesses that process payment card transactions designed to protect cardholder data and minimize risk of data breach due to security weaknesses.

What Are the PCI Compliance Requirements?

Processing payment card transactions without cardholder data is an impossibility. The requirements outlined in the Payment Card Industry Data Security Standards (PCI DSS) are designed to safeguard cardholder data. PCI DSS defines minimum security standards for processing or storing cardholder information in key areas:

  • Build and Maintain Secure IT Systems and Networks
    • Install a firewall for your network
    • Change passwords often and never use any system or device default settings
  • Protect Sensitive Cardholder Information
    • Store cardholder information in secure environments
    • Encrypt cardholder data transmissions across public networks
    • Use tokenization, randomly generating replacement values (token) for sensitive data
  • Establish Processes to Identify and Address Security Vulnerabilities
    • Train staff on security protocols and best practices regularly for consistency
    • Regularly verify software or programs for the latest in security updates
    • Develop and maintain secure systems and applications
  • Implement Strict Access Controls
    • Restrict access to cardholder data
    • Assign a unique ID to each person with computer access
    • Restrict physical access to cardholder data
  • Regularly Monitor and Test Networks
    • Track and log all network access
    • Routinely test security systems and processes
  • Define a Formal Information Security Policy
    • Maintain a policy that outlines information security for employees

These areas and more are outlined in the full PCI DSS requirements, but you can also get the highlights in the Quick Reference Guide in less than 40 pages. While neither is a quick read, both are found in the Document Library and both go into greater detail about the minimum requirements all businesses must meet to accept and process payment card transactions.

Why Should You Become PCI DSS Compliant?

PCI DSS compliance is mandated by the credit card companies to protect cardholder data and reduce credit card fraud. Meeting the requirements means that your business is better protected from the substantial fines imposed on those processing payment card transactions negligently, in violation of agreements with credit card processors.

Auditing your payment card process for PCI compliance is complex and confusing – but there are steps you can take to simplify the experience. You have resources that can help you understand the compliance process so you can be confident your payment card transactions are safeguarded instead of worrying about how to mitigate losses due to security weaknesses and data breaches.

What does it mean to be PCI compliant? It means your customers can have peace of mind that you are actively protecting their information – while protecting your business.

Being compliant is a win-win situation.

Key Lesson Learned from The SolarWinds Breach

Last week saw the news emerge of one of the most sophisticated and wide-reaching cyber security breaches we have seen.

The breach involved hackers, penetrating software provider SolarWinds and placing a form of malware within an update of their Orion software. The result is that the malware found its way into the IT environments of an estimated 18,000 public and commercial organisations across the globe including some significant US Government departments.

Although we are familiar with the threats of malware and cyber security breaches, the scale and level of sophistication behind this attack re-emphasises an important lesson, whatever steps we take to prevent the penetration of our corporate networks, there still remains a very real risk that an attack can get through.

Lesson Learned: Detection is as Important as Prevention

Whereas it is important that every organisation takes the appropriate steps to protect their IT environment and end-users from cyber threats, it is equally important, as demonstrated from last week’s news, that you have the tools and capability in place to detect a breach if it penetrates your perimeter.

The ability to quickly spot abnormal activity within your network and applications is key in identifying malicious activity quickly and providing the level of intelligence required to isolate an attack in order to minimise impact and enable remediation.

As the perimeter of your corporate environment continues to extend to include public cloud environments and remote end-user devices, the challenge of securing this perimeter becomes a greater challenge. Add to this the reality that cyber-attacks are becoming ever more sophisticated, frequent and persistent, you need a way to be constantly monitoring for potential breaches.

A key solution that we offer at Thrive is Cisco Umbrella. It provides a comprehensive range of capabilities that monitors your end-to-end environment and constantly learns what is normal and abnormal based on intelligence from the world’s internet traffic. It can see every packet, end-point and application and quickly detects activity within your environment that could be associated with a security breach.

How Can Thrive Help?

Whether you are concerned about the SolarWinds breach, or similar breaches that just have not yet been discovered, we can help you to quickly put in place monitoring to help detect potential threats inside your environment.

The team at Thrive are here to help.  Through the Umbrella PoC, we can quickly identify any potential breaches inside your network perimeter, including indicators of compromise associated with the SolarWinds breach, help you identify affected areas of your infrastructure and assist you with the necessary steps to remediate. Learn more about our Cybersecurity Services today.

Your O365 Mailboxes are Backed-up, Right?

More and more organisations are electing to move their corporate email service to O365.  It removes the burden of managing email servers from your IT team, it gives that peace of mind that your corporate email is safe in a highly resilient cloud environment and it provides your end-users with accessibility from any location using any device.

However, it is very common that when migrating email services to O365 that organisations simply stop the prudent step of backing-up their end-user mailboxes and critical documents held within SharePoint, OneDrive or Teams.

When it’s gone, it’s gone…

We’ve all been there, the desperate hunt for that important email, a key notification from a customer or supplier, an instruction to a colleague or critical information you noted down in an email you sent. You know it was there, but why can’t you find it?

We have become dependent on email; it is the primary way we communicate both formally and informally and most of us cannot start to contemplate the impact personally or for the business we work for if we were to lose the contents of our mailbox.

The reality is, O365 does not back-up your mailbox. It is simply a case of when an email has gone, it has really gone.

So what could possibly go wrong…

O365 is a resilient platform, so what possibly could go wrong? Although this is correct, there are still risks to the content of your mailboxes. We all accidentally delete things.  How many times do you go hunting in your deleted items folder and save the life of a critical item? This is fine if you catch your mistake within the time-period items are retained in your deleted items folder, but what happens after that?  The good news is that Microsoft provides you with a further 14 days of grace where you can go to the ‘recoverable items’ folder and save items removed from your deleted folder, but after that, it’s really gone.

But the accidental delete is probably the least concerning. Even in the world of O365 there still exists the prevalent threat of Malware, either originating on the end-user device or within an email itself. Within seconds this can attack the contents of your mailbox deleting items or rendering your inbox inaccessible.

There is also the risk of end-users intentionally, permanently deleting their emails either with good intentions of tidying things up or as a malicious act when exiting the business, both of which could lead to the business losing critical information.

How do you back-up O365 Mailboxes, SharePoint, OneDrive & Teams

Whereas there is no option within O365 to recover mailboxes and shared documents to a particular point in time, the good news is that there are many tools available that allow you to connect to O365 and take full and partial back-ups of each user’s account.

At Thrive we make this even easier by providing a fully managed service to protect your O365 environment. We leverage what we believe to be the best solution on the market from Veeam to comprehensively back-up your O365 mailboxes to our secure cloud and also an option to back-up items residing in SharePoint, OneDrive and Teams. We are able to configure this service to your Recovery Point and Recovery Time objectives and then provide you with the peace of mind that everything is safe.

We provide this as a ‘Backup-as-a-Service’ offering where you pay a small monthly fee per active mailbox backed-up regardless of its size or required retention period. We also provide the option to back-up your collective SharePoint sites, OneDrive and Teams folders and base the cost of this service on the capacity required. To help you work out the cost for protecting your O365 environment, we have produced a simple online calculator that enables you to understand the options available.

In the meantime, if you have any questions regarding backing up your O365 mailboxes or your wider applications and data environment, contact us today.

What is a Shared Responsibility Model in Software as a Service?

Software as a service (SaaS), sometimes called on-demand software, is one of the many benefits of migration to the cloud. SaaS offerings follow a subscription-based model, and allow IT staff to remain focused on high-value tasks for the business, executing strategies quickly and more effectively. However, an often-overlooked aspect of utilizing SaaS, is who is responsible when an issue arises.

Typically, the SaaS provider will publish an SLA with roles and responsibilities as it relates to the service, and in most cases, the roles and responsibilities will follow a shared responsibility model. In a shared responsibility model, the SaaS provider and the customer will each be responsible for various components that make up the service. The SaaS provider will be responsible for things under their control, such as physical infrastructure, environmental, and compute infrastructure, and the client is responsible for transporting and securing the data that is part of the SaaS offering.

One of the largest SaaS offerings on the market is Microsoft Office 365, and they do a great job of showing shared responsibility (see below).

As depicted in the Microsoft Office 365 shared responsibility diagram, the customer is responsible for the information and data that is stored in Microsoft Office 365. For example, without any additional backup protection, Microsoft can only retrieve data deleted within their limited 14-day retention period, showing you how important it is to protect that data. Additionally, it needs to meet the retention requirements identified by the organization. With the increase in the remote workforce (and the amount of data being utilized in applications like email, One Drive, Share Point, and now Teams), it’s critical that this data is not forgotten, especially as it relates to data protection and/or compliance. This isn’t just Microsoft though. Most SaaS providers follow similar models of shared responsibility, and without proper backup, that data is extremely vulnerable.

If you’re using Microsoft Office 365 or another SaaS offering and you aren’t able to properly back it up, or you aren’t sure if you hold the responsibility of doing so, consider Thrive, the preferred cloud provider. Thrive protects your data wherever you store it: on-site, off-site, in the private or public cloud, and even hybrid environments. For systems of all sizes, Thrive ensures ready, reliable access to your essential data.

For more information on how Thrive can help your business, contact our team of experts today.

Cybersecurity for the Home

Think cybersecurity is only for the workplace?

Cybersecurity for the home is also essential.

The bad guys are targeting your home and family as well. And now that many workers are remoting into their employer’s network for some or all of their work week, there’s been a surge of attacks.

Attacks during the pandemic have included bogus sign-in pages for popular video conferencing software, malicious emails purportedly coming from company executives, fake requests from the IT support team asking users to download updates or software, and more.

It’s imperative workers remain as vigilant as they are in the workplace. Here are eight ways to defend yourself from cyberattacks.

1. Be vigilant

The first step to security is awareness of the threats. Have at least a basic understanding of the various ways cyber criminals attack people and computers. Without this knowledge, it will make it easier for you to fall for cyber schemes.

2. Change your Wi-Fi default password

Don’t forget to change the default admin password on your Wi-Fi router. Make it strong, just like you would for your normal accounts.

3. Keep track of all devices connecting to your network

It seems like everything connects to the Internet now. Game systems, refrigerators, baby monitors, TVs, and other devices utilize your network. As such, you should also keep the accounts related to these devices as secure as possible. Keep those passwords strong!

4. Just say no to recycled passwords

Chances are you have more accounts and passwords now than you had just several years ago. Don’t be tempted to use the same (or similar) passwords across multiple accounts. If a hacker breaks into one and you’ve recycled the password, you’ve enabled them to wreak even more havoc.

5. Update ’em!

Don’t ignore notices for software or firmware updates. There’s usually a very good reason for these. Oftentimes, these address recently discovered vulnerabilities. Not updating could potentially leave a “window” open for cyber criminals to exploit.

6. Think before you click

We’ve said it numerous times before, and we’ll say it again. Think before clicking on something. This is especially true when you’re distracted. With elevated social engineering and hard-to-detect phishing emails, it’s getting harder to determine if a fake email really is fake. Be wary of attachments and hyperlinks, especially if you weren’t expecting the communication. When in doubt, contact the sender by phone or a new email.

7. Use a firewall

If your router doesn’t have a built-in firewall, you may want to consider utilizing a firewall for added defense. As we’ve mentioned many times, layering your defenses is an effective way of protecting yourself against cyber criminals.

Every new defensive measure will frustrate attackers.

8. Disable your network (when you’re out for a while)

Leaving for an extended period of time? Going on vacation? You may want to consider turning off your home network if you don’t need it. This will essentially shut down hackers’ attempts to take advantage of your absence.

Cyber criminals are opportunists. They take advantage of less-than-ideal situations. Follow the above tips to help protect yourself. Cybersecurity for the home is as essential as it is in the office.

Like these tips for cybersecurity for the home? Want more? Sign up for Thrive’s blog. Handy, easy-to-follow advice sent directly to your inbox.

5 Ways to Help Protect Your Medical Practice from Cybercrime

Looking to protect your medical practice from ransomware and other cyber threats?

The health care industry is a big target for cyber criminals.

Why is this?

Clinics, hospitals, and health-care providers are treasure troves for hackers. Personal information, sensitive data, and financial information are there for the taking for those who are patient and cunning. And cyber criminals are extremely patient and cunning.

To compound matters during the COVID-19 pandemic, U.S. And European medical providers have seen a surge of attacks. Cyber criminals are opportunists, and they are ready to take advantage of any situation where you might be compromised. The pandemic has certainly compromised many.

The FBI’s Internet Crime Complaint website has logged millions in complaints.

With the rise in attacks, and some workers working remotely, owners and managers need to stay especially vigilant. Here are five tips that help can help you protect your medical practice from cybercrime.

1. Layer your defenses

One of the best ways to protect your data is by layering your network defenses. Because there is no single piece of hardware or software that will prevent all the numerous threats out there, building up layers can make it much harder for determined criminals to breach your defenses.

2. Educate your staff

You can’t defend against what you don’t know. It’s important you and your staff are aware of the types of cyber attacks that are being made. Know about social engineering, business email compromise, and ransomware and the various malware that can cripple your systems or even take you out of business.

3. Keep it updated

Ensure all your software, anti-virus, and other apps and security remain up-to-date. There’s usually a good reason for most updates. Oftentimes, vulnerabilities are shored up and defenses are beefed up. Keeping things out-of-date may keep a window open for hackers to exploit.

4. Think before you click

Foster the mentality of thinking before clicking on something. This is especially true when something seems fishy, overly urgent, or has hyperlinks and/or attached documents. Even if the sender appears to be from a colleague or trusted source, always take the time to make sure. Hackers are getting better at impersonating people and companies.

5. Make backups. The right kind of backups.

Most are in agreement data backups must be made. But what kind? Backups must be verified regularly, replicated off-site, and should be image-based. You must be able to get back to business in the case of disaster.

Enjoy these tips? Check out more tips from the Thrive blog.

Premera Blue Cross Fined $6.9 Million for Data Breach

What’s the price of a data breach?

  • Loss of customer trust.
  • Tarnished reputation.
  • Stolen intellectual property.
  • And in the case of Premera Blue Cross, millions of dollars in the form of a HIPAA fine.

Because of escalating cybercrime, many business leaders have made cybersecurity a corporate priority.

Social engineering and increased complexity in cyberattacks make it harder and harder to discern what’s real and what’s a threat. Malicious emails look genuine, that hyperlink to a special deal leads to a compromised site, and communication from your “boss” is actually from a crook.

Data breaches can be a disastrous consequence of such duplicity. One wrong click can literally cost you millions. With Premera, phishing emails led to their costly data breach. The breach went undetected for the better part of a year between 2014 and 2015, exposing over 10 million people’s sensitive data, including social security numbers, dates of birth, email addresses, and bank account information.

“This is definitely a wake-up call for business and organizations, especially those dealing with sensitive information,” said Brian Walker. “No longer can you put off network security as a priority.

“From educating your staff about the numerous threats out there, to building a layered defense to help block increasingly insidious attacks, every company needs to address this.”

“October is National Cybersecurity Awareness Month,” said Aaron Allen. “That tells you things are so bad that we need to dedicate a month to spreading the word about cybercrime. We urge you to start building your defenses (if you already haven’t started). We are here to help.”

Thrive specializes in cybersecurity. From individual security services all the way up to addressing all security needs of a company, Thrive can help keep your systems, people, and data safe. We can also help with compliance so you can avoid big fines and other nasty consequences.

Contact us today for tips, advice, or a free security consultation.

 

5 Ways to Stay Safe From Emotet

How’s your cybersecurity?

Cyber attacks are continually on the rise, and one of the top threats is back on the scene in a big way.

Emotet attacks have surged recently, and it’s bad news for network admins, business owners, practice managers, and all other professionals who depend on computer networks.

It’s such a threat that the Cybersecurity & Infrastructure Security Agency released an alert regarding Emotet. From the alert, they state:

Since July 2020, CISA has seen increased activity involving Emotet-associated indicators. During that time, CISA’s EINSTEIN Intrusion Detection System, which protects federal, civilian executive branch networks, has detected roughly 16,000 alerts related to Emotet activity.

CISA observed Emotet being executed in phases during possible targeted campaigns. Emotet used compromised Word documents (.doc) attached to phishing emails as initial insertion vectors.

 

What is Emotet?

Well, what is this big threat?

Emotet is a malware that typically gets a foothold in an IT system via malicious email. Because of sophisticated social engineering – deceptive tactics designed to make emails and communication seem legitimate – this malware can actually bypass traditional signature-based security measures and breach your network through what’s oftentimes the weak link in your organization: your people.

Yes, clicking on a malicious link or opening a malware-infused attachment can lead to bad news for your network and data.

“What makes Emotet even more dangerous than your run-of-the-mill malware is it’s hard to identify because it’s a polymorphic virus, one that has ever-changing code,” said Aaron Allen. “This can make it a nightmare to clean up because there’s no set-in-stone file or code to look for.

Emotet also has worm capabilities, which can allow it to spread across a network without any input from other users. Once Emotet is in, it can cripple your IT system quickly.

“Among other things, Emotet can steal passwords and sensitive information, install other malware like ransomware, cover up its tracks, and even use the victims’ computing power to send out spam.”

 

“How can I keep my company safe from Emotet?”

“Emotet can do a lot,” explains Brian Walker. “And the authors are constantly working on new modules and enhancements. It can seem daunting, but there are potent ways you can protect your company and data.

“Here are 5 ways to stay safe from Emotet and other malware.”

1. Use multi-factor authentication.
Multi-factor authentication adds an additional step or two to authentication (such as a confirmation on your smartphone), making it harder for someone to get into your accounts.

2. Block certain email attachments.
By not allowing certain files to even get in to your network (.exe, .zip, .doc, etc.), you can greatly reduce the amount of attachment-based attacks.

3. Be careful with removable media.
Ask your network users to exercise caution when using removable media such as USB hard drives and flash drives.

4. Keep things updated.
Putting off that update? Don’t! Keeping your software, firmware, and security updated is just a baseline security task that just needs to be completed. Oftentimes, these updates shore up vulnerabilities. Along the same lines, don’t continue using deprecated software and operating systems. Don’t make it easy for the bad guys.

5. Think before you click.
Yes, it sounds obvious. But it really is an important concept and can seriously mitigate risk. Before clicking on a hyperlink or opening an attachment, take a moment to process things. Do you have a funny feeling? Does the message seem out of place or untimely? Are there rough edges or blatant grammatical errors in the message? When in doubt, get with your IT department or managed security provider on next steps.

 

“Cybersecurity and digital hygiene are incredibly important these days,” continued Walker. “We’ve seen cases where one wrong click literally led to a network outage and thousands in recovery.

“Need a cybersecurity tune-up? Perhaps you’re just starting out and want to get a good security foundation. Contact us today for a free consultation.”

6 More Safety and Productivity Tips for Remote Working

Looking for tips for remote working?

With many workers still computing from home, cybersecurity and productivity continue to be corporate priorities.

With so much going on, it can certainly be challenging to keep up with best practices, avoid security pitfalls, and continue to do your best job.

Here are six more tips for making the most of your remote work environment. If you missed the last post, be sure to check it out! More tips to come.

1. Separate your personal and work accounts

Don’t do your personal business on your work computer, and don’t do work on your personal computer. Accessing personal accounts and files on your work computer often violates company security guidelines.

2. Think before your click

You’ve no doubt heard this said countless times. But it’s still as relevant as ever, and is perhaps one of the best tips for remote working. Don’t just blindly click on hyperlinks in email, websites, and social media. When in doubt, always pause to consider carefully or seek advice from your IT department.

3. Ensure your data is backed up

Data backup is the ultimate failsafe. In the face of disaster, rolling back to a current backup can get you back to business promptly. A managed backup, business continuity, and disaster recovery service like Thrive’s DRaaS can be the perfect option – and last line of defense against cyberattacks or system failure – for your company.

4. Get rid of the bloat

Have a bunch of unnecessary apps, extensions, add-ons, modules, etc.? If you’re using your personal PC as your work computer, it’s a good idea to clear out the bloat. These can be infrequently patched and thus can present vulnerabilities.

5. Use a modern browser

Still using a non-supported browser? Switch to a modern browser, pronto. Ask your IT department if they have a preference.

6. Don’t leave your devices unattended

Getting your work done on the go? Finishing up that project at the coffee shop? Don’t leave your devices out in the open. Thieves and cybercriminals alike are all too happy to take a phone, tablet, or laptop.