Network

Multi-Factor Authentication

Multi Factor AuthenticationBack to Basics: Multi-Factor Authentication

Multi-Factor Authentication (MFA), or Two-Factor Authentication (2FA) are systems to identify a login with more than just a username and password. You have probably experienced Multi-Factor Authentication when logging into a banking app. They may have asked for a fingerprint or a one-time password they sent you. Often these apps will only ask for a second form of authentication if you are logging in from a new location.

MFA is a way to secure your login credentials beyond just using a password. Many users choose passwords that are easy to crack, or use the same password on multiple services. If one password is compromised, they are all compromised. MFA is an extra step to secure a given login.

Multi-Factor Authentication types are broken into three categories:

Something you know: Password, Mother’s Maiden Name, DOB, PIN.

Something you have: Cell Phone, USB token, RFID chip.

Something you are: Fingerprint, Retina Scan, Facial Recognition.

The most common form of MFA is an SMS text message to your phone. This extra step stops criminals from accessing an account where they have figured out the password. Also, the app or service could see this login attempt with the correct password, but not the second factor of the text message. This could prompt a notification from the service to re-set your password. Additionally, if you receive a text message and are not trying to log into your bank account, you know someone is trying to access your account. While SMS 2FA has its own set of vulnerabilities, it is still much more secure than only using a password.

We read an article last week that reinforces this theory. An Xbox user was not using MFA, and when his account got hacked, the hackers turned on MFA so that he couldn’t recover his password and get back in. Click here to read the article.

This article illustrates a great point. If a service you are using has an option for MFA, but you’re not using it, this opens up a huge vulnerability for the account. If the account gets hacked, the hacker can turn on MFA and make it nearly impossible to access the account again. In the case of the Xbox account, it was also tied to a bank account, so the hacker turned on MFA, locking out the original user permanently, then started buying games on the linked bank account.

Most companies will not let you back into the account if you don’t have the extra point of authentication. If 2FA or MFA is an option and you’re not using it, the hacker who breaks into the account will.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business

Knoxville Ransomware Attack

Knoxville RansomwareThe Knoxville city government was hit by a ransomware attack last week.

The city was forced to take down parts of their public facing website and shut down many of the servers required to do work in the city. The court system had to reschedule all Friday court appearances, and police officers were not responding to non-injury traffic accidents.

The Knoxville mayor, Glenn Jacobs, released a statement Thursday:

“Cyber-attacks can happen to anyone or any government no matter how good the defense is. In a lot of cases it’s not a matter of ‘if’ but a matter of ‘when.’ Our IT department has been in contact with the city and we stand ready to help if they need it.”

Initial reports indicate the breach occurred with the use of a spear phishing attack. Spear phishing is different from a general phishing attack, because the target is known by the criminals. Knoxville is the 51st state or local government to be attacked by ransomware this year. In 2019, 113 state or local governments were breached. The study below shows attacks are on the rise because they often work, and the city is forced to pay the ransom. The study also shows people are still the biggest liability in many of these attacks.

CyberEdge recently released its 2020 Cyberthreat Defense Report. Below are their top five takeaways from the report. They are interesting points to view the Knoxville attack through. Statistically attacks are up, they are up because they are working, and employee education is still one of the largest contributors to the criminal’s success rate.

  1. The bad guys are more active than ever. The percentage of organizations affected by a successful cybersecurity attack had leveled off during the previous three years, but this year it jumped from 78% to 80.7%. Not only that, for the first time ever, 35.7% of organizations experienced six or more successful attacks. The number of respondents saying that a successful attack on their organization is very likely in the coming 12 months also reached a record level.
  2. Ransomware attacks and payments continue to rise. Ransomware is trending in the wrong direction: 62% of organizations were victimized by ransomware last year, up from 56% in 2018 and 55% in 2017. This rise is arguably fueled by the dramatic increase in ransomware payments. 58% of ransomware victims paid a ransom last year, up from 45% in 2019 and 38% in 2017.
  3. People are the biggest problem. The greatest barriers to establishing effective defenses are: (a) lack of skilled IT security personnel and (b) low security awareness among employees. According to respondents, these are more serious than issues like too much data to analyze, lack of management support and budget.
  4. But IT security is having some successes. Respondents say the adequacy of their organization’s IT security capabilities has increased in all eight of the functional areas. They rated these improvements as greatest in application development and testing, identity and access management (IAM), and attack surface reduction through patch management and penetration testing.
  5. Advanced security analytics and machine learning are becoming “must-haves.” Implementations of advanced security analytics took off over the past year and are expected to keep rising. Organizations are showing a strong preference for IT security products that feature machine learning and other forms of AI.

Source: CyberEdge Group

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Small Business

Cyber Insurance Checklist

Cyber Insurance is a quickly changing market. Because this a dynamic market, not all agents stay current in the product offerings. It is important to work with an agent who has training in cyber insurance! Below is a checklist of some key factors to consider when purchasing a Cyber Insurance Policy.

Examples

To help understand possible coverage issues, consider these examples:

Wire Fraud: Will you have coverage if an email is intercepted and you wire funds to a criminal, vs. your vendor? This does not represent theft, the fact that you authorized the wire to a criminal is an authorized act. In the last blog I mentioned definitions, it is important to understand terms such as theft, phishing, etc.

Work from Home: Many companies have rushed into work from home modes. A few concerns are, do you have coverage for employees using personal devices to connect to the company network? The conditions section of a policy typically requires all systems to run currently supported operating systems, be properly patched, and current malware solutions installed. If your employees are working from home, and have been for a few months now, are you sure the systems still meet the required conditions of the insurance policy you signed?

Your Company

Does your policy cover damage done by employee owned equipment connected to your network or systems used in your work from home program?

What are the requirements to be eligible for coverage? What organizational measures must you have in place to qualify for the policy? Examples: Security Awareness Training, Incident Response Plan, or an Information Security Policy.

What requirements must be followed for a claim to be covered? Examples: Time frame to report an incident, customers must be notified of an incident, or insurer must be involved in ransomware negotiations.

What parts of the business does the cyber insurance policy cover? Do subsidiaries or branches need to be named specifically in the policy?

What are the parameters around workstations? Does the policy refuse to cover workstations that are not patched and updated?

Cyber Insurance Policy

Is the cyber insurance policy separate from other insurance you already have? Cyber insurance dependent on a current policy could limit coverage.

Is there a waiting period for policy to take effect after contract is signed?

What types of data breaches are covered under the policy? Are there parameters around how the data was stolen for the policy to cover loss?

If a ransom is paid, will the policy reimburse the payment? Are there limits or parameters on ransom payment?

What is covered in a Phishing attack? Some policies have specific language around social engineering attacks, what is covered, and financial limits to these types of attacks.

Does the policy cover

  • Security breaches within your organization?
  • Other companies you work with who process your data? Could be suppliers or vendors.
  • Data loss due to employee misconduct?
  • Acts of terrorism, acts of nation states, or purely international incidents?
  • Data loss due to malware?
  • Defacement of public facing website?
  • Damages to a third party if your systems are taken over and used to hack other companies or individuals?
  • Loss of earnings due to data, systems, or website being inaccessible?
  • Any incident that exposes information, be that confidential or protected?
  • Only data that is encrypted, or all data?
  • Fines, sanctions, and penalties incurred by a regulatory agency?
  • Expenses associated with legal or forensic work done after an incident?
  • Cost of litigation, legal defense, and/ or cost associated with regulatory inquiries?
  • Costs associated with affected customers? These could be customer notification, payment to affected individuals, and/ or coverage for settlements, damages, and judgements.

Insurance Company

Is the insurance provider accessible via phone 24/7/365?

Are there parameters in place that would increase insurance premium?

Quanexus IT Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business

File Sharing Options While Working From Home

Work From Home File SharingAs more employees are working from home long term, business owners are making decisions on how to keep them working securely. Today we will discuss basic cloud storage options and file sharing across a team for collaboration.

Most businesses will already have a service in place they process email through. The two most popular are Microsoft with Office 365, and Google. Both of these services also offer file storage and collaboration tools within the business suite. Microsoft offers OneDrive and SharePoint. These tools enable users to store and share files in the Microsoft Cloud. They also offer collaboration tools for users to share editing or viewing restrictions to other users. Google offers very similar tools at the business class level.

These integrated services offer a high level of security and may not add a cost to the business if you are already paying for the email services. Some businesses are shifting from a physical server to sharing files across a cloud service now that working remotely is becoming the new normal.

Other users might be looking for an independent file sharing option. Microsoft and Google are still good options in this category as well. Google offers 15GB of storage for free, with monthly pricing structures that go up for more storage. Microsoft 365 Home offers 1TB of storage, plus Word, Excel, PowerPoint, and Outlook for $100 per year.

Dropbox is another option for large file storage. They offer 2GB free, then $10 per month for 2TB. For most users, Microsoft 365 home is the best option because of the added bonus of Word, Excel, and PowerPoint, but for sheer file storage, Google is the winner with 2TB for $100 per year.

These “big three” options in basic file sharing, are constantly changing their plans to add more users. There are many other file sharing services out there, but these three are recognized by the industry as trusted and secure.

Quanexus IT Support Services for Dayton and Cincinnati

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Charles Wright in Cybersecurity, Information Security, Recent Posts, Small Business, Virtualization