If you’re looking for a roadmap to a more secure system, we’ve got you covered. Check out this list to discover 10 actions you can take using the tools provided in Microsoft 365 to better protect your business from cybersecurity threats. And don’t forget, Coretek Services is here to help you every step of the way.
I have solutions from many vendors in my IT environment. How can Microsoft help me secure our entire digital landscape?
Keep your data protected as your business grows and changes with the times. Whether you’re adding apps, devices, or moving to the cloud, Microsoft 365 ensures your data is secure without overburdening your security team.
In the digital age, your business must offer customers increased security and privacy without breaking the bank. Security across all your devices is key to ensuring you’re protected. Safeguard cyberthreats proactively with enhanced and constantly updated tools and anomaly detection policies. At Coretek Services, we know this can be a challenge, that’s why we’re here to help. Contact us today to create a robust and secure IT system that your customers expect and that you’ll be glad you have.
Hopefully you were one of the prepared organizations who avoided the latest Ransomware worms that made its way around the globe this past week. This worm crippled dozens of companies and government entities, as it impacted over 230K computers in 150 countries. Most of the infections were in Europe, Asia, and the Middle East, so if you did not get hit, you were either prepared, or lucky. This blog post will help you be prepared for when this happens again, so that you don’t have to rely on luck.
Patch everything you can, as quick as you can
The exploit at the root of this Ransomware worm was resolved in MS17-010, which was released in March of 2017, giving organizations more than enough time to download, test, pilot through your UAT (User Acceptance Testing), and deploy to Production. While introducing new patches and changes to your environment carries risk of breaking applications, there is far more risk in remaining unpatched – especially security specific patches. Allocate the proper resources to test and roll out patches as quickly as you can.
Run the newest OS that you can
While the EternalBlue exploit that was patched by MS17-010 was applicable to every Windows OS, you were safe if you were running Windows 10 due to a security feature called ELAM (Early Launch Anti-Malware). Many of the infected machines were running Windows XP, or Server 2003, that did not get the MS17-010 patch (Microsoft has released a patch for these OS variants after the infection, please patch if you still have these in your environment). It is not possible to secure Windows XP or Server 2003. If you insist on running them in your environment, assume that they are already breached, and any information stored on them has already been compromised (You don’t have any service accounts logging into them that have Domain Admin privileges, right?).
Proper perimeter and host firewall rules help stop and contain the spread of worms. While there was early reports that the initial attack vector was via E-mail, these are unconfirmed. It appears that the worm was able to spread over the 1.3 Million Windows devices that have SMB (Port 445) open to the Internet. Once inside the perimeter, the worm was able to spread to any device that had port 445 open without MS17-010 installed.
Turn off Unnecessary Services
Evaluate the services running in your desktop and server environment, and turn them off if they are no longer necessary. SMB1 is still enabled by default, even in Windows 10.
These types of attacks are going to be the new normal, as they are extremely lucrative for the organizations who are behind them. Proper preparation is key, as boards are starting to hold both the CEO and CIO responsible in the case of a breach. While you may have cyber-security insurance, it may not pay out if you are negligent by not patching or running an OS that stopped receiving security updates 3 years ago. I would recommend to be prepared for the next attack, as you may not be as lucky next time.
Additional Layers of Defense to Consider
For those over-achievers, additional layers of defense can prove quite helpful in containing a breach.
1. Office 365 Advanced Threat Protection – Protect against bad attachments
2. Windows Defender Advanced Threat Protection – Post-breach response, isolate/quarantine infected machines
3. OneDrive for Business – block known bad file types from syncing
Good luck out there.
The arms race between cybercriminals and security firms has reached a fever pitch. Today end users and businesses alike are faced with the growing threat of Ransomware. This is a type of malware that locks and encrypts devices and files preventing access unless a specific amount of money (Ransom) is paid. In 2015, the FBI received roughly 2,453 complaints related to Ransomware malware attacks, which amounted to $24.1 million in losses.
Ransomware relies on social engineering to spread through infected phishing emails, attachments, or malicious content running on infected websites. Once a machine has been compromised, the malware executes and encrypts all data files. This includes local files as well as network drive file storage. After the files are encrypted, they are unrecoverable unless a “ransom” is paid to the attacker. Outside of restoring from a backup the only way to restore the data is to pay the distributor of the malware. (Whoa!)
Initially, individual home users were targeted — but the focus of these attacks has shifted, and businesses are now their primary targets. The shift of the attacks has made these Ransomware companies very profitable, and as such the problem is growing rapidly. As the malware continues to evolve and become more sophisticated, the organizations have grown and now have full time employees dedicated to developing and improving the malware. They leverage some of the most sophisticated phishing and social engineering techniques seen to date. The threat posed by Ransomware is growing and should not be underestimated by our clients.
To mitigate your risk ,the Internet Crime Complaint Center (IC3) division of the FBI recommends the following:
- Always use antivirus software and a firewall. It’s important to obtain and use antivirus software and firewalls from reputable companies. It’s also important to continually maintain both of these through automatic updates.
- Enable popup blockers. Popups are regularly used by criminals to spread malicious software. To avoid accidental clicks on or within popups, it’s best to prevent them from appearing in the first place.
- Always back up the content on your computer. If you back up, verify, and maintain offline copies of your personal and application data, ransomware scams will have limited impact on you. If you are targeted, instead of worrying about paying a ransom to get your data back, you can simply have your system wiped clean and then reload your files.
- Be skeptical. Don’t click on any emails or attachments you don’t recognize, and avoid suspicious websites altogether.
IC3 additionally says if you believe you are a victim of ransomware to file a complaint with the FBI and suggests disconnecting from the internet to avoid any further data loss if you receive a message demanding payment.