Data security isn’t the easiest thing in the world to plan for, especially if your organization doesn’t have any dedicated security professionals on-hand. While protecting your data with traditional methods, like passwords, firewalls, and antivirus, is important, what measures are you taking to make sure a thief isn’t just walking into your office and taking off with your technology?
If you don’t have guards or security cameras in place, you’re more likely to suffer from a physical security breach, which can be just as devastating as a digital breach. Ask yourself how comprehensive your security really is. Why not use it as an opportunity to protect your business’ physical assets? With the threat landscape the way it is these days, it’s no surprise that organizations focus on the digital aspect of security, but some people are just old-fashioned and would rather infiltrate a business the traditional way.
It’s also important to keep in mind that not everyone is going to be the perfect employee. You might have a couple of bad apples in the bunch that want to steal business resources. In this case, digital security might not mean much, but physical security like locked doors and so on could make all the difference in keeping them from making decisions that are bad for both themselves and your business.
Basically, you need to take a dual approach: You need to consider both digital security and physical security for the following reasons:
- Data access is restricted to those within your organization, but even the best employees make mistakes.
- A tiered approach means that employees only have permission to access data they need for their immediate work responsibilities.
- Knowing who is accessing devices and data, as well as when they are doing so, can help you to resolve issues as they occur.
Let’s consider a couple of scenarios where it helps to have physical and digital security. Access control limits who can access specific information, so if the data is corrupt or missing, then you’ll have a clear idea of who is responsible for it. On the off-chance that it wasn’t the employee, then you know their credentials have been stolen and abused by a cybercriminal. Access monitoring is helpful for this, as it can also determine when someone is accessing data, as well as where they are located. Thus, if someone from another country is accessing data in the wee hours of the morning, it’s likely that you have a digital security problem on your hands.
As far as physical security goes, consider what would happen if you didn’t keep track of the people who access the sensitive parts of your business. If something were to come up missing, having a cloud-based security system with digital playback as well as complete access control with logs, would let you go back and check to see exactly who had access, and what the situation was before so that you can get to the bottom of the problem.
Therefore, to make sure that you’re keeping your data as secure as possible from all avenues of attacks, we recommend you work with the folks from Thrive. We can help you ensure security. To learn more, contact us today.
Security Monitoring Now Offered with Thrive’s Managed Microsoft 365 ServicesMicrosoft 365’s line of cloud-based apps offers the most customizable, user-friendly suite of collaboration and productivity tools on the market today. With the ability to connect anyone, from anywhere, on any device, the question of security inevitably comes into play. An increasingly remote and global workforce means that it can be more difficult to identify suspicious logins, and end-user devices are more at risk for attack since they are not within a controlled office setting.
Microsoft 365 Security Monitoring
Security monitoring and alerts are not inherently a part of Microsoft’s cloud-based collaboration suite. Things like suspicious logins or multiple login attempts, permissions changes, or changes to user settings are logged, but not analyzed. Thrive’s intelligent security software monitors these logs and flags suspicious activity for further review. Depending on the type of event and level of severity, Thrive either quickly blocks the hacking attempt or reaches out to your internal team for further action.
Thrive monitors approximately twenty crucial logs for suspicious activity. Here are some of the top areas of concern.
Suspicious Remote Logins
With a global workforce working remotely, it can be more difficult than ever to identify when a login looks suspicious. While a large number of hacking attempts originate in countries like Bulgaria, Pakistan, and Russia, true workers living in those areas still need daily access. Using geofencing and IP identification, Thrive’s intelligent monitoring software can better pinpoint and block true fraudulent login attempts.
Permissions Changes
Any user with administrative rights can grant or restrict the administrative rights of others, as well as make changes to security settings protecting your organization’s data. When any user is granted administrative permission rights, Thrive’s team is automatically notified. Unless previously notified of the change, our team of cybersecurity experts reaches out to your identified point of contact to confirm whether the change was genuine or malicious.
Changes to User Security Settings
Similar to administrative rights changes, individual user settings are monitored for changes.
A hacker who has already successfully infiltrated your system can add or remove MFA to further block the real user from regaining access and establish themselves as the true account holder. Once the real user is locked out of their account, the attacker is then free to steal as much data and cause as much damage as they can. With Thrive’s security monitoring, actions like these are automatically flagged for more serious review so the account can be quickly shut down.
Multiple Password Resets or Multiple Login Attempts
Brute force attacks are among the most common forms of infiltration, as they are extremely simple and reliable. Relying on users having weak passwords, a program goes to work guessing a user’s password until it eventually cracks it, if the password is simple enough. Oftentimes this software is ‘smart’ enough to fly under the radar and avoid flag-raising account lockouts. Guessing just the right number of times every day, however, typically goes undetected. Thrive monitors for suspiciously high numbers of unsuccessful login attempts to block hackers from ever gaining access.
Targeted Event Monitoring
If you subscribe to Microsoft’s collaboration tools, contact us to talk about expanding your security coverage and improving your cybersecurity posture today.
Proactive IT Management Works BetterHow does your company manage its technology? Does it struggle with the idea of managing multiple workstations, server units, networking components, mobile devices, and more? If so, then read on—we have some tips to help you better manage the many different technological parts of your organization.
Keep in mind that this is general advice that can be applied to just about any company. If you want specific advice, we are happy to have a discussion with you through a consultation!
Less Is More
The more complex an IT infrastructure gets, the more difficult it gets to manage. Therefore, to keep your infrastructure as easy to manage as possible, we recommend keeping things simple, or as simple as is appropriate for your business practices. The reason for this is that IT infrastructures with large amounts of varied software and hardware can be difficult to keep centralized and monitored without a dedicated technician to keep tabs on it.
Proactive is Better
If we asked you whether it is better to deal with problems that have derailed your productivity or to prevent them entirely and dodge that bullet, what would you say? Proactive maintenance is one of the most important parts of running any IT infrastructure. If problems persist and grow to be so bad that they cause downtime, then you are leaving money on the table and putting your business at risk. It’s better to just keep the issues from growing to become this bad in the first place.
Outsource When Necessary
We know that not all companies have access to the same talented group of IT technicians, and this lack of talent can often lead to businesses foregoing IT maintenance altogether or relying on existing resources that are not adequately trained or prepared to handle this responsibility. In situations like this, you can rely on outsourcing to an appropriate third party. Even if you have an in-house IT department, outsourcing can be a valuable investment to save your business
If you want to take the guesswork out of IT management, Thrive can help with that, too. Our trained technicians can provide all of the support you need to ensure maximum productivity and efficiency with your network and IT resources. To learn more, contact us today.
SEC Proposal Could Bolster US Financial InfrastructureProposed on February 9th, SEC 38a-2 would help bolster the cybersecurity posture of investment institutions in the US by holding undersecured, non-compliant parties responsible for fallout and reporting of breach events. Now reinforced by cyber attacks related to tensions abroad, this proposal would strengthen the US’s financial infrastructure by incentivizing to stop ignoring the importance of protecting sensitive data from cyberattacks.
What Is SEC 38a-2?
The SEC’s proposal would promote improved cybersecurity resiliency for investment companies and advisers and hold them responsible for the federal reporting of successful attacks and maintaining a strong cybersecurity posture. The proposal looks to establish 3 key areas of compliance: policies and procedures, reporting, and disclosure practices.
Policies and Procedures
-
Risk Assessment
Periodic risk assessments would be required for compliance. Documentation outlining findings and prioritization of mitigation tactics would also need to be maintained by for potential future audits
-
Maintenance and Monitoring of User Security and Access
Regulated investor and advisors would be responsible for minimizing user-based risk by ensuring that unauthorized access to information systems is blocked. This includes authentication techniques like MFA and 2FA as well as periodic password resets.
-
Information Protection
Organizations would be required to periodically assess user access to the information contained on their systems to ensure that sensitive data is being adequately protected. Logged information such as where and how information is stored, accessed, or transmitted are included in this required review.
-
Threat and Vulnerability Management
A plan for threat detection, mitigation, and remediation, as well as vulnerability monitoring, would need to be outlined and executed.
-
Incident Response and Recovery
Investment companies would be required to have procedures in place to detect, respond to, and recover from attacks. SEC reporting procedures would also be required as part of this plan.
Reporting
Under the new proposal, investment companies must report “significant adviser cybersecurity incidents” to the SEC on new Form ADV-C within 48 hours of detection. This Form would gather information regarding the scope and nature of each incident, including information such as what information was compromised, how the firm plans to recover from the incident, were clients or law enforcement were notified, and if the incident is covered under a cybersecurity insurance policy. These reports would not be publicly available after filing.
Disclosure
Documentation would be required to be available to investors and clients outlining the ’s cyber readiness plans, along with any incidents that had occurred within the previous 2 years. This information is believed to enable investors to make more informed decisions when choosing to remain with or begin engaging with an adviser.
Improving Infrastructure Resiliency
The SEC’s new proposed rules are grounded in section 206 of the Advisers Act. Learning from past malware attacks, the intent of this new proposal would be to bolster investor confidence and protect them from advisers and investment companies not doing their part to protect and recover sensitive information. With the intention to hold all regulated entities accountable for cybersecurity compliance, under Rule 38a-2, these entities could no longer put security measures on the back burner, and jeopardize the stability of our financial infrastructure.
Internal IT is Not the Only Option
The measures proposed above do not need to be fully planned or executed internally to the investor or adviser required to maintain compliance. Thrive’s experienced cybersecurity and compliance teams are experienced in providing NextGen technology services to the financial services industry. From private equity to investment banking institutions and everything in between, Thrive is here to help our clients achieve and maintain superior protection from the known – and the unknown.
How to Get Your Team on Board with Your Security StrategyIt can be tough to get your staff to care about your business’ network security, especially if they don’t consider it part of their day-to-day tasks or responsibilities. However, network security is not just isolated to your IT department; it matters to everyone, and if you can convince your staff to adhere to best practices, your security will be that much more effective moving forward. Here are seven tips you can use to get your staff to care about network security.
Be Up Front
There is an inherent secrecy about cybersecurity that flies in the face of what needs to be done when training your employees, which is being up-front and honest about the threats that malicious entities on the Internet can pose to your organization. In theory, your employees should have a vested interest in the continuity of your business, so therefore, they should also be invested in protecting its future through protecting its network security.
Make it a Personal Investment
Your business stores quite a lot of information, including employee personal data. If they know that their data is at risk if they are careless with their approach to security best practices, they will be more likely to stick to them. After all, why would they willingly put their own data on the line?
Top Down Security
Everyone within your business needs to know that they can become the target of a hacker at any given time. This includes those in management and at the executive level. Security should start at the top. If employees notice that their superiors are taking appropriate action, they will be more likely to fall in line.
Gamify Your Process
When incentives are involved, anything can become more engaging. Gamification can empower your employees to engage in better security practices by offering them a score based on their efforts. A little healthy competition can be a huge motivator when nothing else seems to work.
Standardize Procedure
To get people to follow the rules, there must first be rules to follow. If you can establish procedures that are easy to follow, your employees will be more likely to stick to them. Be sure to have policies that are clearly outlined and accessible to employees whenever they need to learn more about them, and above all else, be sure to keep them consistent.
Start from Day One
Both current and new employees need to be made aware of how important cybersecurity is for your business. If you establish proper security practices right from the start, your employees will be more likely to stick to them over time. After all, trying to get your veteran employees to follow new rules and regulations will likely lead to some pushback, at least initially.
Keep Training
The most important part of training your staff on security practices is ensuring that they are kept up-to-date over time and routinely tested on their adherence to security protocols. Through comprehensive training and routine retraining, you can make sure that your employees are not only understanding the security measures you implement, but also that they are putting them into practice.
Thrive can help your business implement security measures and training policies to keep your employees safe and knowledgeable about the countless threats out there. To learn more, contact us today.
Navigating the March 2022 Microsoft Price IncreaseAfter March 1st, you may notice an increase to your bill for your Microsoft Office subscriptions purchased through Thrive or elsewhere – a change you’ll be familiar with if you tuned in to our webinar on the topic. As Microsoft moves away from their cloud-based service provider (CSP) model to the updated New Commerce Experience (NCE), these price changes affect monthly costs for their six “Modern Workspace” plans while also establishing three subscription tiers: monthly, yearly, and three-year terms. Additionally, flexible plan changes such as seat decreases during the plan term, seat plan downgrades, and even Microsoft partner swapping will come at a premium under the higher-priced monthly plan offered under the new NCE.
Microsoft Subscription Model Updates
Microsoft is now offering three subscription models under NCE- monthly, annual, and three-year terms. The details of the three-year plans have yet to be released, but what we do have are the details of the monthly and one-year plans, as described below.
Price Increase
Subscribers to monthly plans who did not opt into a yearly plan prior to March 1st will see a several dollar per-seat price hike on their next invoices. Those who committed to annual subscriptions prior to March 1st won’t notice any difference in their bill for the next 12 months.
Monthly costs for the six Modern Workspace plans will change as follows:
Office 365 E1: $8 $10
Office 365 E3: $20 $23
Office 365 E5: $35 $38
Microsoft 365 Business Basic: $5 $6
Microsoft 365 Business Premium: $20 $22
Microsoft 365 E3: $32 $36
Plan and Seat Downgrades
Under the CSP model, yearly commitment users had the ability to downgrade seat plans and even reduce the number of seats they held on a month-to-month basis. Under the NCE plan, yearly or three-year committed seats are not eligible for downgrades or reductions. The ability to freely remove seats and downgrade subscriptions during the plan period is still an option available under a monthly plan, but it comes at a 20% premium.
What Do I Do Next?
If you missed the window of opportunity to lock in your current pricing, don’t panic. While there is no way to reinstate the lower pricing your organization enjoyed previous to this month’s price hike, you do have time before your plan renewal period (or before July 1st, whichever is sooner) to strategize and decide what’s best for your business. If your organization has a relatively stable number of users throughout the year, it might be best to choose a plan(s) for those seats and commit to a yearly contract through the NCE – that way, you will be protected in the event of any future increases or plan changes that happen throughout the year. If your organization has a seasonal influx of workers, it may make sense to keep a portion of your seats on a monthly plan – while the flexibility associated comes at a premium, it wouldn’t make sense to pay for those seats for an entire year when they’re only utilized for a few months. Here are the key dates to keep in mind as Microsoft moves all users to NCE plans:
March 10th: All new subscriptions must be NCE Monthly, Annual, or Three-Year Terms
June 30th: Last day to renew CSP subscriptions for a maximum of 12 months
July 1st: All renewals of existing subscriptions must be done with an NCE plan.
Your Trusted Microsoft CSP
Thrive knows that budgets are tight, but access to Microsoft’s software and services is vital to the success of your company. Thrive’s team of experts is here to help you navigate these plan changes and price increases to choose the combination of subscriptions that works best for you. Contact us today.
How to Properly Evaluate Your SecurityHow effective is your cybersecurity? It seems like a simple question, but no less important to consider and determine as the answer could be the difference between a prevented breach and a successful one. In order to keep track of your business’ cybersecurity preparedness, it is important that you regularly evaluate it. Let’s go through the essential steps to performing such an evaluation.
Step One: Figure Out Where Your Weaknesses Lie
The first step to evaluating your cybersecurity is to identify where your biggest shortcomings are—otherwise, what chance will you have to fix them? Threats are always being improved and developed anew. Figuring out which parts of your business’ technology are due for an upgrade is key to shoring up the weaknesses that these upgrades can resolve.
If a simple upgrade or patch isn’t the answer, this will help you figure out what is. Maybe someone needs additional training to reinforce secure processes, or maybe an unreported complication has your team resorting to workarounds that open you up to attack. In essence, you need to know what problems need to be solved before you can solve them.
Step Two: Apply Trusted Methods that Meet Established Standards
When all is said and done, it really isn’t that hard to figure out what you need to do to protect your business. There are assorted organizations that have publicized the best practices that they recommend (or actually, urge) businesses to abide by in order to minimize modern cyberthreats. If you aren’t sure whose recommendations you should be following, don’t hesitate to give us a call and ask. We’re happy to help you figure out what needs to be done.
The same can and should be said of any industry-based regulations and compliances that might apply to your business. Things like the Payment Card Industry Data Security Standard (PCI DSS) apply to most businesses in operation today, and there are some industry-specific guidelines that could severely hinder one’s success if they are not followed. Knowing what applies to your business and abiding by any applicable rules and laws will only help make your security more effective.
Step Three: Figure Out if You Have the Resources You Need
Somewhere along this process, you might have a moment where you feel a little overwhelmed by everything that is expected of you—and that is completely understandable. It is, in a word, a lot. While your cybersecurity is obviously very important, you still have to run the business you’re trying to protect… and unfortunately, fully-credentialed IT professionals don’t come cheap.
There is one glaring exception, though, that can give you the opportunity to enlist the skill of a full team of professionals of this caliber for a manageable monthly cost. This is how the managed service model works. By relying on our team members for however much of your IT-related needs as you wish to use us for, you can rest assured that you have the resources needed to manage your business’ essential tools and technology in a secure fashion. Maybe you have us handle your security while your in-house team maintains your IT, or vice versa. We can scale our services to precisely fit your needs and budget, without shortchanging any security requirements you may have.
Step Four: Plan Your Cybersecurity’s Future
While it may be obvious that planning for cybersecurity after a security incident is the most perfect example of “too little, too late,” more businesses than you’d think still follow that approach. Some of them do so without even realizing it, simply because they haven’t considered how cyberthreats change over time and how easily they could find themselves in the crosshairs someday.
Fixing this requires a proactive approach. Take the time now to devise a security plan and policies for your business to follow—particularly if a security incident were to darken your doors—and train your team to do so automatically. Once you have this plan established, break it out every now and then to review it and adjust it as need be… cyberthreats change over time, after all.
Thrive is Here to Help You at Every Step
As a managed service provider, a large part of what we do is centered around the idea of cybersecurity, so we have a lot of experience with fulfilling each step of this process. Find out what we can help your business accomplish by contacting Thrive today.
Avoiding Cyber Warfare Collateral DamageAs tensions at the Ukraine-Russia border continue to rise, the likelihood of widespread security threats follow suit. Today’s militaries allocate significant effort and resources into their cyberattack forces, far different from the kinds of conflict seen just 10 years ago. These expanding arsenals of cyber-based weapons may be initially targeted at adversaries but collateral damage will inevitably impact those not directly involved in the conflict.
The Cybersecurity and Infrastructure Security Agency (CISA) recently released a document encouraging organizations of all shapes and sizes to do everything they can to improve their security postures and enhance their own security protocols in response to the increased risk of international cyberattacks. Private-sector reports of potentially destructive malware and even website defacement are among some of the top threats impacting entities in Ukraine, and those assaults could soon hit home in the US and other nations as well.
Here are some of the top things you can do now to improve your cybersecurity posture and protect your organization.
Reduce the Likelihood of a Successful Attack
Perform a Security Health Assessment
Evaluating your organization’s cybersecurity posture by performing a security health assessment is the first, and arguably the most important, step in mitigating risks. It’s important to evaluate current protocols and security management against the Center for Internet Security’s (CIS) 18 control areas to create a more comprehensive look at your risk profile. Using this risk profile, your company can lay out a strategic plan to assess potential weaknesses and bolster your cybersecurity posture.
Find and Fix Vulnerabilities
With Vulnerability Management and Advanced Patching services, you can initiate proactive remediation of security vulnerabilities while also staying up-to-date with external software vendors’ patches as they are released. Quick identification of existing vulnerabilities through recurring scans ensures they’re mitigated before they’re exploited.
Understand and Secure Your Cloud Services
Maintenance and optimization of existing cloud services are vitally important when choosing to move your data storage off-premise and into the cloud. Thoughtful, supervised migration paired with 24×7 monitoring, management, and support are necessary to protect your existing data and control who has access.
Detect Potential Intrusions Faster
NextGen Firewall
A NextGen Firewall paired with a Security Information and Event Management (SIEM) solution secures your valuable data while also resulting in actionable intrusion alerts. This threat data allows your business to identify and mitigate vulnerabilities sooner. Additionally, filtering malicious or just unwanted web traffic paired with advanced application control stops threats before they reach your users.
Advanced Endpoint Detection and Response
Advanced Endpoint Detection and Response (EDR) is a vital tool for managing threats originating from endpoint devices. Planning for fully automated, proactive security for all device types running on current or legacy OSs means no attack route is left open. EDR protection monitors for the behavior of malware, ransomware, and other attacks and is not reliant upon known attack signatures. As a result endpoints are protected from the ever evolving arsenal of attacks available to threat actors. As the remote workforce continues to expand, endpoint security is becoming a must-have.
Be Prepared if an Intrusion Occurs
Have a Plan
It is estimated that 90% of businesses will fail without a disaster recovery plan (DRP) in place, which is why it is extremely important that both small and large businesses alike must have one. This custom group of policies, tools, and procedures are built to plan for the recovery of lost assets following a cyberattack or other disaster. DRPs typically include role planning for key personnel, backups & backup checks, a detailed inventory of all assets, and a communication plan for vendors and customers. Similarly, a business continuity plan identifies the most important processes within your organization so that, following a disaster, those processes are addressed before others to bring you back online as soon as possible.
Conduct Tabletop Exercises
What’s a plan worth if you’ve never practiced it? Similar to a fire drill, walking through your DRP and/or business continuity plan step-by-step with the associated team is important to ensure everyone knows their role and action plan following a breach. Verifying roles before an incident occurs improves recovery time and minimizes the potential for lost data.
Maximize Resilience by Implementing and Testing Backup Procedures
If your organization is the subject of a destructive cyberattack, getting back to ‘business as usual’ as quickly as possible is the top priority. With Disaster Recovery as a Service (DRaaS), your organization will be ready for anything that causes unplanned downtime – from a cyberattack to a power outage. Real-time system replication is stored at an alternate recovery site and managed by a team of disaster recovery specialists to ensure that your data and applications are ready to restore quickly and efficiently in the event of a disaster.
So What’s Your Plan?
Not all cyberattacks or breaches need to end in disaster. As long as your organization is aware of their cybersecurity posture and adequately prepared to identify, mitigate, and recover from a breach, the effects on the organization can be quite minimal. If you’re not sure where to start, Thrive’s team of cybersecurity experts are here to help. Contact us today to get started.
The Importance of Cybersecurity InsuranceCybercrime has, unfortunately, become commonplace, with one expert estimating that computer-based theft will cost the world $10.5 trillion by 2025. This has made cybersecurity insurance a must-have for businesses.
However, many companies who have purchased this type of insurance have learned a hard lesson in the past few years – insurers will not pay claims or renew policies unless the policyholder follows the guidelines of what’s required to protect a company’s computer network and data from attacks.
Simply put, many businesses think that it’s enough to just purchase this type of insurance, receive a claim payment if an intrusion occurs, then return to normal operation.
Unfortunately, a cybersecurity insurance plan on its own is absolutely not enough and must be supplemented with network defense tools, employee education modules, and documented recovery plans.
Your Business’s New Homeowners Insurance
Most people who have homeowner’s insurance understand they may have to perform some preventative maintenance in order to receive a claim for any damages that may result.
For example, an insurer might warn a policyholder that his or her property requires upgrades to its electrical system. And, if down the line there is an electrical fire, the insurer will not pay out a claim for these damages if the policyholder did not make the necessary upgrades or pull the right permits to show they were made.
It’s no different with cybersecurity insurance. Businesses have to meet certain contingencies in order to say they’ve done all they could to protect themselves from cyber-based crimes. After all, a ransomware attack or data breach is no different than a burglar entering a property and stealing a person’s most valuable possessions.
Insurance companies are not charities, and those that issue cybersecurity policies have had to pay out a lot of money in recent years, with one cybersecurity insurance specialist stating they processed more claims in the first half of 2021 than any other time period. They won’t do so anymore unless a business has done all it can to lock its doors.
Reducing the Attack Surface
Insurance companies want businesses to reduce their attack surface as much as possible – in essence, do all they can to reduce the vulnerabilities that can result in a successful cyber attack.
In the eyes of insurers, this requires companies to implement the following:
- EMAIL PROTECTION. An estimated 96% of cybercrimes happen via a phishing attack generated via email. To retain coverage, businesses must put in place multiple layers of protection to prevent a malicious email from reaching an end-user.
- TRAINING. In the event that a malicious email gets past the organization’s firewall and email filtering, companies are asked to provide frequent training for employees on what they should look out for to prevent a cyberattack, such as how to identify phishing scams.
- NEXTGEN ANTIVIRUS PROTECTION. Older antivirus protections rely on an established, and often out of date, database of known threats. Utilizing traditional antivirus software requires endpoints (ex: the laptops that employees have at home) to make required updates so that they’re referencing the most ‘up-to-date’ data. This causes a severe lag as hackers and those who write malware are often many steps ahead. The most modern antivirus software offers real-time protection and greater intelligence when scanning for malware. NextGen antivirus protection monitors traffic 24/7 for faster, more accurate recognition of potential threats. Instead of reviewing files and traffic to identify if something suspicious happened in the past, NextGen antivirus protection catches attacks as they are attempted.
- MULTI-FACTOR/2-FACTOR AUTHENTICATION. Phishing attacks require someone to give up their unique password. Companies that enable 2FA or MFA have significantly increased protection over their valuable data due to the added layer(s) of authentication needed for login. With 2FA and MFA, even if an attacker obtains a password they likely won’t be able to get the token or extra code needed to cause a successful breach.
Plugging the Holes
IT security awareness and best practices are not just the responsibility of one person, but instead must be a focal point for an entire company. It is often overwhelming for companies without a dedicated IT team to understand what’s needed to meet the standards of a cybersecurity insurance policy, and even more of a task to deploy the preventative measures needed to stay in compliance.
Thrive’s expert team of cybersecurity professionals can help you review your policy and discuss the wide range of security options, training services, and full supervision of IT software available to keep your data protected.
Learn more about where your company stands today by scheduling a cybersecurity risk assessment with Thrive.
Malware is Everywhere, Even Your AdsDo you ever see an advertisement for a free download of a popular Windows application and think, “Wow, this sure sounds too good to be true!”? Well, it most definitely is, and hackers use these malvertisements to infect computers with malware and other threats. Specifically, malvertising is used to download three different types of malware, all of which can cause harm to unwary businesses.
This particular type of malvertisement threat, a new campaign targeting users in Canada, the United States, Europe, Australia, and Nigeria, aims to capture usernames, passwords, and other sensitive credentials from users.
The three types of malware commonly installed through this new malvertising campaign–dubbed Magnat by Cisco Talos–include, according to ZDNet, a malicious browser extension that has the same capabilities as Trojan malware. In other words, it provides a backdoor entrance to the user’s system. This malware is as-yet undocumented and appears to be custom-built, and it has been developed over the course of the past several years. The other malware installed using this campaign is a password stealer.
While the malicious browser extension (also a keylogger) itself and the password stealer are cookie-cutter malware that have been around for quite some time, the backdoor is something else entirely. The backdoor, dubbed MagnatBackdoor by researchers, allows attackers to gain remote control over a PC without being detected. It also adds a new user and installs keyloggers and other malware that allow the attackers to steal information like usernames, passwords, and other sensitive credentials. According to researchers, the threat works much like a banking trojan, and aims to steal credentials for either individual sale on the Dark Web or for use by the attackers.
The malware is primarily distributed through malicious adverts–advertisements that link to malicious file downloads–for popular software solutions. These campaigns are obviously causes for concern, but it’s important to remember that they are nothing new. We have been around the block a time or two with these types of threats, so we know how to combat them. Malvertisement is not a new concept, and it has been around for a long time, so it’s no surprise that hackers would continue to use this avenue to infect PCs.
Thrive can help your business stay secure from online threats of all kinds, and while we cannot stop your employees from clicking on questionable advertisements, we can help to inform them of why they shouldn’t be doing such a thing in the first place, and block a lot of bad content before it gets to them. To learn more about what we can do for your business, contact us today.