The Top 5 Reasons Why Your Business Needs a Strong Firewall
In this age of global connectivity, protecting your business's assets and data is more important than ever. Almost all businesses are connected to the Internet for a wide variety of services. These include email, search, social media, and cloud storage. While much of this traffic is outbound, the fact is that the same Internet connection also allows inbound traffic. That is where having a strong hardware- or software-based firewall comes into play. You can use it to protect your business network from unauthorized access.
Here are the top five reasons why your business needs a strong firewall:
1. A Firewall Is Your First Line of Defense against Hackers and Other Unauthorized External Users
A firewall acts as a barrier, or shield, between your internal business network and the rest of the Internet. Without a firewall, it is possible for external users to access your private business assets. While many organizations use Network Address Translation (NAT) to bridge Internet and external IP addresses, NAT will not block incoming traffic. Only a firewall can do that. Without a firewall, your organization's assets and data are at risk.
2. A Firewall Lets You Block Access to Unapproved Websites
In addition to stopping unauthorized external users from accessing your network, a firewall can stop your users from accessing specific external websites. For instance, you could set up a policy that blocks access to social media sites like Facebook from your network.
3. A Firewall Can Protect Your Business from Malicious Code
Some strong firewalls will inspect the traffic going into and out of your network. They look for and block viruses, worms, spam, and other unwanted Internet traffic. They will also log intrusion attempts as well as other violations to business policies. This enables you to examine unauthorized access attempts and other suspicious activity.
Many of these strong firewalls will also let you maintain a list of known malicious applications and known good applications. They will block the malicious applications, while enabling the good ones.
4. You Can Use a Firewall to Meter Bandwidth
A firewall can do more than just provide security. You can also use it to meter and limit the network bandwidth flowing through it. For example, you can limit the network bandwidth allowed for things like non-business videos, music, and images, thereby reserving bandwidth for higher priority business traffic.
5. You Can Use a Firewall to Provide VPN Services
Many firewalls provide site-to-site connectivity through Virtual Private Network (VPN) services. Through this VPN functionality, mobile device users and users at remote sites can securely access your internal network resources. This enhances productivity, collaboration, and data sharing.
Cybercriminals Are Posing as Job Applicants to Spread Ransomware
If your business is hiring, you should be aware of a new phishing attack in which cybercriminals are posing as job applicants. Falling victim to this attack may leave your business infected with the GoldenEye ransomware. This phishing campaign was initiated in Germany, but security experts expect it will go global.
How the Attack Works
Hackers like to target HR staff members because they often open emails and attachments sent by strangers. In the GoldenEye attack, cybercriminals are sending phishing emails that have the word "application" in the subject line to HR departments. The emails include two attachments: a PDF file and a Microsoft Excel spreadsheet.
The PDF file, which does not contain any malicious code, is a cover letter. Its purpose is to reassure HR staff members that they are dealing with a real job applicant. To make the cover letter seem more legitimate, the hackers even include a person's photo. The cover letter tells the HR staff members to see the attached Excel file, which supposedly includes a resume, references, and an aptitude profile.
If the HR staff members open the Excel spreadsheet, a visual element indicates that the information is loading. An accompanying message tells them to "please use the editing options to display the aptitude profile". This is meant to trick the HR staff into clicking the "Enable Content" option, which will appear if Excel is left at its default setting of "Disable all macros with notification". A Word macro is a small program that lets you execute complex procedures with a single command or keyboard stroke. In this case, the macro's commands instruct the computer to download the GoldenEye ransomware from a remote server and install it.
Once installed, GoldenEye first encrypts the victim's files. Afterward, it displays a ransom note that asks for 1.3 bitcoins to decrypt the files. But the ransomware does not stop there. It restarts the computer and encrypts the hard disk's master file table (MFT), which cripples the computer. The victim then receives a second ransom note that asks for an additional 1.3 bitcoins to decrypt the MFT. GoldenEye uses different algorithms and keys to encrypt the files and MFT, so victims need to pay both ransoms if they have not backed up their files and applications.
What You Can Do to Protect Your Business
The most important way to protect your business from the GoldenEye ransomware is to regularly back up your files and applications. Having backups on hand means you won't have to pay any ransom. However, it won't prevent a GoldenEye infection. For this reason, you might consider taking the following precautions:
- Let the HR staff know about the dangers of enabling Excel macros. Assuming that the default macro setting has not been changed, the only way to unleash GoldenEye is if the HR staff (or someone else involved in the hiring process) opens the attached Excel file and allows the macro to run. Thus, warning the HR staff about the dangers of enabling macros is a good idea.
- Educate the HR staff about phishing emails. Taking the time to educate HR staff about the GoldenEye phishing email as well as how to spot other phishing emails will help reduce the likeliness of them falling victim to an attack.
- Use anti-malware software. While anti-malware software might not catch this macro-based attack (the macro contains download commands rather than the actual ransomware), it is still important to use anti-malware software. It can detect the malicious code that does make it onto a computer.
Take Action Now as Waiting Could Be Costly
If you do not regularly back up your business's files and applications, now is a good time to get a process in place. Not doing so might mean you have to pay multiple ransoms if one of your computers becomes infected with GoldenEye — and paying the ransoms does not guarantee you will get the keys needed to decrypt your files and applications. If you need help in developing and implementing a backup strategy, contact us.
How to Use Microsoft's New Privacy Dashboard
Microsoft automatically collects data about the people using its products and services, often storing that data in the cloud. To make it easier for users to see what information is being collected and stored about them, Microsoft has launched a new, web-based privacy dashboard. If you have a Microsoft account and use any of the company's products or services, consider checking it out.
Besides letting you view the data, the privacy dashboard gives you the option of removing it from the cloud. The dashboard also lets you know how to stop your data from being collected in the future.
To access the privacy dashboard, you need to go to the Stay in control of your privacy web page and sign in with your Microsoft account information. From the dashboard, you can view the following types of data and remove them from the cloud if desired:
- Cortana data: Cortana is a personal digital assistant found in Windows 10 computers, Windows 10 Mobile and Windows Phone 8.1 smartphones, and a few other devices. To provide personalized recommendations, Cortana collects and stores information about you from various sources, including your emails, text messages, calendar entries, and contacts.
- Browsing history: Cortana gathers and stores your browsing history in Microsoft Edge to help answer your questions and provide personalized suggestions. This information is separate from the browsing data that Edge stores on your device. Clearing the browsing history through the privacy dashboard will remove your browsing history from the cloud but not from your device.
- Search history: When you use the Bing search engine while logged in to your Microsoft account, the company stores your search history in the cloud.
- Location data: Microsoft stores the last known location of your Windows 10 and Windows 8.1 devices in the cloud. It also stores location data from Bing and health-related GPS-based activities.
- Health data: If you subscribe to Microsoft Health or HealthVault, your activity and fitness data (e.g., daily steps taken, heart rate) is stored in the cloud. Plus, any medical records you put into the HealthVault are stored there.
The privacy dashboard also has links to resources that discuss how to manage the privacy settings for other Microsoft products and services, such as Office and Skype. In addition, it includes links to the pages on which you can manage your third-party advertising and Microsoft marketing preferences. Microsoft plans to add more functionality and data categories to the dashboard in the future.
6 Reasons Why Remote Monitoring Should Be a Part of Your IT Management Strategy
If your company is like most businesses, your computer systems play an important role in your daily operations. To make sure those systems are secure and operating at peak efficiency, PowerOne's remote monitoring service will watch over them, gather information and even remediate any issues or problems.
Here are six reasons why you should use a remote monitoring service to keep an eye on your computer systems:
1. Your Business Can Avoid Downtime
When your computer systems go down, you lose time and money, so having as little unplanned downtime as possible is ideal. With remote monitoring, you can set alerts that trigger when a problem starts to develop. This early notification means issues can be resolved before they develop into a crisis that causes downtime.
2. Every Device Is Monitored and Supported
Almost any device can be monitored remotely, including servers, routers, firewalls, and laptop and desktop computers. In addition, updates and other changes can be implemented without you or your employees needing to take any action.
3. Problems Can Be Addressed Immediately
With remote monitoring, your computer systems are watched around the clock. This 24x7 service means that solving tech troubles does not have to wait until the morning.
4. Security Measures Are Monitored
Cybercriminals like to target small and midsize businesses because they are often unprepared for attacks. A remote monitoring service can keep an eye on the security measures you have in place so that you know they are working properly. Plus, if you are attacked, you will know immediately rather than finding out days or weeks later. Early detection often limits the damage and reduces the level of effort needed to restore the affected systems.
5. You Can Handle Problems from Any Location
Thanks to remote monitoring, it does not matter where you, your computer systems, or your employees are. When an issue arises, you will be contacted to find out how you want it handled, and those instructions will be carried out. This means that you do not even need to leave the comfort of your own home to take care of a problem. This aspect of remote monitoring is especially appealing to businesses with facilities in distant or rural locations.
6. Your Computer Systems' Health Is Tracked
Remote monitoring collects data about your computer systems over time. When viewing this data in monthly or quarterly reports, long-term trends can be identified before they reach levels that would trigger an alert.
New PCs won't run Windows 7/8.1
If you are thinking about upgrading your PC hardware in the near future you need to start thinking about upgrading to Windows 10 now. Microsoft has warned that new computers running the latest Intel and AMD chips will only run Windows 10. Now, it seems that moment of transition has finally arrived.
In advance of an expected Windows 10 Creators Update, owners of newer systems with Intel 7th-generation Kaby Lake chips and AMD Ryzen chips are reporting their systems aren't receiving Windows 7 or 8.1 updates anymore. According to Microsoft's support pages, it's been long known that newer hardware will eventually be Windows 10-only. That hardware includes Intel's 7th-generation chips, AMD Ryzen and Qualcomm's 8996 series of chips.
Systems with older hardware should still be receiving updates. Older-generation CPUs (including Intel's sixth-generation Skylake) will support Windows 7 and Windows 8.1 until Jan. 14, 2020, and Jan. 10, 2023, respectively.
For a more in depth discussion of this topic read ZDNet's in depth story:
http://www.zdnet.com/article/microsoft-begins-blocking-updates-for-older-windows-versions-on-newer-hardware/
Breaking Alert: Massive Memory Leak Exposes Passwords
On February 23, 2017 web services and security firm Cloudflare announced a massive memory leak that affected numerous websites, possibly including popular ones that you may have used.
Google's Project Zero team discovered the leak and reported it to Cloudfare on February 18, 2017. The leak, dubbed Cloudbleed, exposed passwords and private data. Software collaboration site Github has created a list of possibly affected websites:
See Github's list of potentially affected sites →
What You Should Do
Details of the news are still coming in. Based on what we know so far, here's what we recommend you do:
1. Change your passwords.
2. Share this alert with your friends.
If your friends' passwords get compromised, it could result in phishing attacks using their address books, which means you could be targeted.
Contact PowerOne if you (or your friends) need help setting up a password management tool or dealing with the fallout of this security issue.
How to tell if email is fake, spoofed, or spam
How to tell if email is fake, spoofed, or spam
By now, you've heard about phishing – fraudulent emails that masquerade as communications from a legitimate source that trick unsuspecting readers into giving up personal information or compromise their machines with spyware or viruses. Thankfully, email filtering and security has improved a great deal over the past few years. Unfortunately, no matter how effective the security, some phishing emails will always make it to the inbox – that's where you come in. Here are some tips to help you identify a phishing or spoofing email.
Don't trust the name
A favorite phishing tactic is to spoof the display name of an email. It's easy to set the display name of an email to anything – you can do it yourself in Outlook or Gmail. It's the simplest and most easily detected form of e-mail. Spoofing involves simply setting the display name or “from” field of outgoing messages to show a name or address other than the actual one from which the message is sent. When this simplistic method is used, you can tell where the mail originated by checking the mail header.
You can't trust the header
It's not just the display name that can be spoofed, but also the email header. Emails are built on some very old technology (in Internet terms): SMTP, or Simple Mail Transport Protocol. When you send an email, it goes to a SMTP server first, then the message is relayed from SMTP server to SMTP server across the internet. When the message arrives at its penultimate destination, the email is stored in the recipient's mailbox at a POP3 (Post Office Protocol 3) server. Finally, the message is fetched by an email client so the recipient can read it. While this may seem complicated, the important thing to remember is that SMTP just passes along what it was given. Clever fraudsters can fool the SMTP server into sending along an email that isn't legitimate.There are several, technical ways to figure out if this is the case, but the simplest method is to see where the “reply to” section of the full header will lead you to. If it indicates that your reply would be redirected to an address that's different from the sender's address, then you have good cause to be suspicious.
Hover before you click
Clicking links in emails is inherently risky – you don't know where a button, link or video will actually send you. But, if you hover your mouse over any links embedded in the body of the email, you can see the raw link. If it looks strange, don't click it – there's a good chance the email is fraudulent.
Remember the basics
If an email has spelling mistakes, requests personal information, or is written in threatening language, you should be suspicious. If you did not initiate contact with the sender, be wary and think where they could have found your contact details.
Trust your instincts
Given today's e-mail infrastructure, there's not much that can be done to prevent spoofing. Companies and organizations can tighten up their mail servers. This just makes it a little more difficult for criminals, not impossible. Appearances can be deceiving. Just because an email has convincing logos, language, and a seemingly valid email address, does not mean that it's legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don't open it. If something looks off, there's probably a good reason why. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message. A legitimate email can always be resent if deleted by mistake.
Crysis Ransomware Infects Windows, Mac, and VMware Machines
Click on the image in our email to get further information about ransomware in general The following article details only one type.
The Crysis ransomware is quickly yet quietly spreading to businesses across the globe. Even though it is more common and destructive than the Locky ransomware, Crysis has not received nearly as much press attention.
Two traits make Crysis one of the most troublesome ransomware variants:
- Crysis works on multiple platforms. Crysis can infect Microsoft Windows computers and phones, Apple Macintosh computers, and some VMware virtual machines.
- A Crysis infection can be considered a data breach. Besides encrypting files for ransom, Crysis sends the infected computers' names and some of the computers' encrypted files to a remote server controlled by cybercriminals. As a result, a Crysis ransomware attack can be considered a data breach. This is particularly problematic in businesses governed by regulations such as the U.S. Health Insurance Portability and Accountability Act (HIPAA) and the EU Data Protection Regulation.
How Crysis Is Spread
Crysis is mainly spread through phishing emails. Sometimes, the phishing emails contain attachments that have double file extensions, which make the malicious files appear as non-executable files. Other times, the phishing emails include URLs that lead to malicious websites.
Cybercriminals are also spreading Crysis by disguising it as an installer for various legitimate programs such as WinRAR, Microsoft Excel, and iExplorer. They are distributing these disguised installers in online locations and shared networks.
Another way Crysis is spreading is through self-propagation. It uses a variety of self-running files to spread to other machines, including Windows Phone devices and other computers on the same network.
What Crysis Does
Once on a computer, Crysis uses Advanced Encryption Standard (AES) and Rivest-Shamir-Adleman (RSA) algorithms to encrypt more than 185 file types on fixed drives, removable drives (e.g., USB drives), and network shares. It even encrypts many operating system files, which can make the computer unstable.
After the files are encrypted, Crysis sends the computer's name and a number of encrypted files to a remote server controlled by the cybercriminals. It also delivers a ransom note to the victim. The ransom varies, typically ranging from 0.8 to 1.8 bitcoins. (The exchange rate fluctuates, but a bitcoin is usually worth more than $500 USD.)
In Windows computers, the ransomware deletes any shadow copies made by the Volume Shadow Copy Service so that the victim cannot recover the files. It also creates new registry values that enable it to run every time the victim logs in to the computer. This makes it more difficult to remove the ransomware.
How to Protect Your Business from Crysis
To protect your business from Crysis, it is best to prepare a multilayer defense. The first line of defense is to make sure that all your computers and Windows Phone devices are protected against known vulnerabilities. This is achieved by using anti-malware software and regularly updating the operating system and applications on each device.
The second line of defense is educating employees about the dangers of opening attachments and clicking links in emails from unknown senders. It is also helpful for employees to receive some training on how to spot phishing emails
The last line of defense is to regularly back up files and systems on your business's computers and test those backups. This will not prevent a Crysis infection and the subsequent data breach, but it can save you from having to pay the ransom.
Contact your IT service provider for help in getting these lines of defense in place. PowerOne can also recommend other measures you can take to protect your business from Crysis and other ransomware.
Microsoft Is Ending Support for Several Business Applications in 2017
First, from the team at PowerOne, we wish you a very Merry Christmas and a Happy New Year!
The year 2017 marks the end of the line for five Microsoft applications: Office 2007, Exchange Server 2007, SharePoint Server 2007, Visio 2007, and Project 2007. Microsoft will no longer support these applications because they are at the end of their lifecycles.
If your business is running any of these applications, you should consider upgrading them before the support stops. Here are the dates to remember:
- On April 11, 2017, support will end for Exchange Server 2007.
- On October 10, 2017, support will end for SharePoint Server 2007, Office 2007, Visio 2007, and Project 2007.
What Will Happen after These Dates
When the five applications reach their respective end-of-support dates, you can, of course, continue to use them. However, it is important to understand the changes that will take place.
The most important change is that Microsoft will stop updating the applications. This means that you will not receive updates that fix security issues, address bugs, or add functionality.
Another change is that you will no longer have access to any free or paid support for those applications through Microsoft's various support programs. The free online content about the applications will continue to be available, but Microsoft will not update it moving forward.
How Using Unsupported Software Can Impact Your Business
Using unsupported applications can have serious repercussions. First and foremost, your business will be more susceptible to cyberattacks because the applications will not be receiving updates to patch any new security vulnerabilities found in them. Cybercriminals often exploit software vulnerabilities to gain access to computer systems. Many cybercriminals even keep track of when vendors stop supporting popular applications. Once the support has ended, they launch new cyberattacks that target those applications.
Having unpatched software can also make it harder to achieve compliance with regulations and standards that govern the protection of sensitive data. If you cannot protect your applications from new cyberattacks, you might be found in noncompliance with those regulations and standards. Noncompliance can result in penalties and higher costs. It can even result in lost business and lost business opportunities as customers seek to do business with companies that are in compliance.
Finally, using unsupported software means that you cannot turn to Microsoft for help. Microsoft will no longer answer technical questions about applications that have reached the end of their lifecycles. The only Microsoft resources that will be available are those that have been already posted, such as knowledge base articles and webcasts.
The Time to Decide Is Now
Using unsupported applications is a gamble because of the potential consequences. However, upgrading can be expensive and time-consuming. PowerOne can help you decide whether it is best to upgrade now, in the future, or at all. If you decide to upgrade, we can go over your options, such as whether to keep the applications on-premises or move them to the cloud.
Computer Preparedness Checklist
1. ENSURE YOU HAVE A BACKUP
- If you are a PowerOne SAP or Flat Fee IT customer please contact PowerOne if you need reassurance of your backup status. It's a good practice to frequently backup your data files to an external drive or memory key to prevent loss of data, as well as to store it in a secure, safe place. If you are unsure or need help with this, contact PowerOne. Print a copy of your important/emergency contacts and take them with you in the event that you do not have access to them from your phone or computer, you'll have them available to use via a landline.
- DO NOT ATTEMPT TO BACKUP THE WINDOWS OPERATING SYSTEM FILES NOR PROGRAM FILES. If a computer needs to be recovered because of damage caused by disk failure or hardware failure, the Windows operating system files and the standard enterprise wide program files such as Microsoft Office will be installed when the computer is re-imaged.
- If you hold the physical installation media to software, consider making a copy of it, if you are licensed to do so. PowerOne does not keep copies of your unique software.
2. SECURE YOUR EQUIPMENT
- Computers:
- Shutdown the operating system.
- If connected to a surge protector or UPS - unplug the surge protector or UPS from the wall outlet (or unplug power cables from the surge protector or UPS if wall outlet not accessible).
- If no surge protector – unplug the power cables from the wall outlet (or back of the computer if wall outlet is not accessible).
- Unplug Ethernet cable from back of computer or docking station.
- Elevate from the floor if possible.
- Printers:
- Power off the printer.
- If connected to a surge protector - unplug the surge protector from the wall outlet (or unplug power cable from the surge protector if wall outlet not accessible).
- If no surge protector – unplug the power cable from the wall outlet (or back of the printer if wall outlet is not accessible).
- Unplug the Ethernet cable from the back of the printer.
- Unplug phone cable from the back of the printer (if fax line connected).
AFTER THE STORM
PowerOne will work as quickly as the circumstances permit to restore network connectivity and services should you go down. As you reconnect your office equipment make sure to reconnect them to your surge protector or UPS as they were before. You can contact PowerOne for assistance with setting up your PC and peripherals. Expect power surges, brownouts, and fluctuations for at least several days or longer after power has been restored. All the effort you went through in preparation may be lost if you take a hit after the storm.
HELP
PowerOne storm emergency helpline is 352-253-2213.