Layered Security for Business

Methods & tools for a safe online business environment

Layered Security for businessIntroduction 2

Infection vectors 4

Via email 5

Drive-by-Download 5

Free Software 5

The fight against business oriented cyber threats 5

#1: Workstations’ Security 6

#2: Patch Management 7

#3: Managed Antivirus 8

#4: Web Protection 8

#5: Mail Protection 9

#6: Monitoring & alerting 10

#7: Backups 11

Onsite backup 11

Offsite backup 11

Are you at risk? 12

The Solution: cloud-to-cloud backup 12

#8: Education 12

Need an Expert to manage these for you? 13

Steps to take if infected 14

Ransomware/Cryptolocker 14

Phishing email / cloud - email has been compromised 15

IntroductionIn a world where everyone, from individuals to large corporations base their activity on online tools and cloud data storage, the cybercrime is increasing exponentially. According to current data, in the last 5 years, hackers and other cybercriminals moved their center of operations from

Layered Security for businessidentity theft and petty crime to a pro level. Nowadays you don’t have to take your gun and put yourself in danger in order to rob a bank. You just need to be clever enough to exploit its security vulnerabilities.

In such shady times, the cybercriminals’ sweet spot are small to medium businesses because they generally have poor security and thus create enough opportunities to make hacking efforts worthwhile. Also, even if the security system is strong, users are not always at their best behavior and this leads to another type of vulnerability that can be easily exploited.

The situation is a bit different with large organizations where the purpose of a dedicated online security solution is understood correctly. However, these corporations are not immune to attacks and vulnerabilities appear all the time.

There are 2 very powerful attack tools that hackers and ill-intentioned people can use, and they are described below.

#1: Ransomware

This is malware that encrypts all the data on your network until a ransom is paid. The software is very dangerous for companies especially considering the fact that all it takes is just one infected workstation to spread throughout the entire network. Even more, the infection is usually delivered via phishing emails, online advertising, compromised websites, unpatched programs, and free software

According to security researchers, there were more than 4 million samples of ransomware in the second quarter of

Layered Security for businessdownloads.

The Ransomware will deny access to your own files and all files you had access to on servers and cloud storage bringing your whole business down. There are ways to fight this, but with the latest version, there is no method to recover your data unless you pay a very expensive ransom to the cyber criminals or you have good backups to recover from.

Just imagine a hospital or an accounting firm with all their files blocked. There is no way for staff to do their job and people’s lives or finances are at stake. What do you do then?

Read more about the CryptoWall virus here.

2015.

Out of these, 1.2 million were new.

In 2016, the number of new ransomware instances will grow.

#2: Phishing Emails

If we take a look at statistics, most threats are delivered via email (93%) while the other 7% are delivered via compromised websites, Facebook & social media malicious links.

A phishing email tricks users to give away their cloud email or storage login details targeting customers using G Suite, Microsoft Office 365, Dropbox and other similar tools. This causes a series of problems and is often spread to all your contacts making you responsible for spreading the vulnerability.

Read more about this here

Infection vectorsThere is one important thing that you have to remember about ransomware viruses: the infection can’t be taken over without some user action. You must access a certain link or download a specific file in order to allow the virus to penetrate your system.

Below are described the most common ways a user could help viruses like CryptoWall to infiltrate your network.

Layered Security for businessVia email

As we already mentioned, most infections happen via the oldest form of electronic communication: the email. The most common form is either an attachment with a harmless extension or a simple link. Once the user clicks to access the link or download the file, the virus is released.

Drive-by-Download

This type of infection happens via a compromised website with auto Virus installers or vulnerabilities buried deep in software tools an office worker uses every day. Regardless of the fact that it’s an older browser version or an unpatched version of Microsoft Office, these vulnerabilities open the door to malicious software.

Even though most of these are solved quickly (if found in new versions), the damage is already done for those companies that were attacked.

Free Software

Who is not tempted to use free software? However, even if you have the amazing opportunity to play an expensive game for free or simply run a crack for an office tool, you should think twice before installing. Aside from the fact that you disrespect the work of those who put together the software, you may also be in for a karmic resolution and infect the entire network in a few simple steps.

For instance, there was a time when Minecraft users were targeted. Attackers offered users a “mod” version of the game and with this, a sleeper version of the ransomware virus that would activate weeks later.

The ingenuity of these attacks is that, in most of the cases, the infection happens as a voluntary action taken by the user.

The fight against business oriented cyber threats The market is filled with antivirus solutions, but these are not enough to protect you from this new generation of cyber-criminal activity.

In our vast work experience, we have encountered situations when computers with the latest antivirus solutions have been compromised. An antivirus may make the spreading of the virus a bit more difficult, but the updated versions are prepared to face even the best ranked solutions on the market.

Layered Security for businessSo, to combat these very effective ransomware and hacking tools, we have created a unique 8 steps layered security package for businesses that is specifically targeting these 2 issues.

#1: Workstations’ Security

Step 1: Remove Admin Rights for Users

A recent report from Microsoft shows that removing admin rights mitigates 97% of critical Microsoft vulnerabilities. This is mostly due to users being tricked to open malicious email links or visit malicious websites which download and install ill-intentioned software like CryptoWall.

By removing the permission for the user to install these malicious programs, it drastically reduces the risk for the computer to become infected.

Having end users requesting assistance from IT support to install software will increase the workload on the IT department. However, there will be far less work in comparison to trying to recover from a CryptoWall ransomware attack.

Step 2: Install the latest Operating System and programs

● Increase security with the latest Operating Systems;● Install the latest version of Microsoft Office;● Ensure Macros are disabled in Office and can’t be turned on.

Enable drive encryption for laptops. This way, if one of your company’s laptops gets lost or stolen, your company data can’t be extracted if the laptop is protected by a

powerful password and the drive encryption is enabled.

Step 3: Reduce the attack surface

This means limiting users’ rights on installing software apps on the work stations. For example, the following apps are not needed for general office activities:

● Adobe Flash – it is not necessary in the world of HTML5 and it’s the most attacked vector for malware exploits (e.g. the CryptoLocker). Even more, it needs continuous patching to be secure. Prevent users from installing Adobe Flash by removing the Admin rights.

Layered Security for business● Shockwave● QuickTime ● SilverLight

By removing all the software packages that are not necessary for the job, your workstations will be more secure. Less software = less vulnerability

Also, don’t forget to update to the latest versions for the software you do use.

#2: Patch Management

The Australian Defense signal’s directorate report says that up to 85% of network breaches (hacking) could have been avoided if computers and server were up to date with security patches.

Windows Automatic Updates are not enough and not recommended. These are designed to patch only the operating system & Microsoft Office. Other installed software like Adobe Reader and Java require updates which are not covered by the Windows updates.

Even more, there are times when Microsoft might get it wrong and an update will cause issues with your computer. Failed updates often happen and you won’t be aware of it leaving your network vulnerable. This is why it's important to have an IT expert review the updates and check if they won’t cause issues with your system.

Our recommendation is to have a 3rd party Patch Management for all your computers and servers. This allows the central management of all the computers and servers and you will be alerted when patches need to be installed. You or the Network Administrator can approve & schedule updates when suitable. It’s also important to be aware of failed update installations so you can take appropriate action.

Read here to find out more

Every second Tuesday, Microsoft releases their regular patch updates

known as “Patch Tuesday”.

Onsite Helper receives notifications if updates

have not installed successfully so action can be taken to rectify the issue and keep the

network secure.

The most attacked software application in the world is Adobe Acrobat Reader. This happens because the app is installed on almost every computer running Windows

today. Not updating software like this is a huge vulnerability!

#3: Managed Antivirus

Business managers should not cheap out on their antivirus solutions!

Layered Security for business

You should never cut the budget in front of your business’ online security! Trying to save on a few bucks because the Antivirus should work the same is one of the worst decisions you could make. Even more, you should stay as far away as possible from free versions!

It’s no surprise that an antivirus that you pay for provides better protection than a free version! However, not all antivirus solutions are the same. Some do a great job while others are notorious for slowing down computers. Read here to find out more

Onsite Helper provides Managed

Antivirus for its clients.

Here are some features you should look out for when selecting the antivirus software:

● Protection against polymorphic malware like CryptoWall V4● Detection and blockage of suspicious activity like programs trying to encrypt files● Protection on both workstations & servers● Centralized reporting and alerting to IT Support

#4: Web Protection

Keep your business safe by getting protection against websites pushing malware, phishing, proxies, spyware, adware, botnets and spam with Web Protection.

Most threats come via email using a harmless looking link to a website. The virus is on that website and it will download into your computer or will capture the users’ email and password.

Having Web Protection, these sites will be detected as being malicious, protecting the user from infecting the entire network.

Read here to find out more

Onsite Helper provides Web

protection for its clients

Here are some features to look for when selecting the Web Protection:

● Blocks users from visiting suspected and confirmed unsafe sites● Helps employees to stay productive with common-sense web browsing policies

designed for the workplace

Layered Security for business● Stays on top of bandwidth usage with alerts when devices exceed thresholds● Filters internet activity by day, category, and URL to reveal trends, spikes and

irregularities● Offers detailed reporting tools to let you analyze browsing activity and demonstrate

the effectiveness of web security● Centralized administration for the entire business and alerting of issues.

The CryptoWall ransomware and Phishing Cloud Login hacks are usually delivered via email.

#5: Mail Protection

Statistics say that 93% infections come via email. Sadly, most businesses are completely discovered on this aspect as they do not implement adequate email protection.

In our day-to-day activity, we’ve seen businesses compromised because they let their emails management out to the exchange server, G Suite, or Microsoft Office 365. These services don’t have enough protection to prevent malicious emails arriving in your staff Inbox!

Onsite Helper provides Web

Protection for its clients

It’s always recommended to implement a 3rd party email filtering service that works seamlessly with any on-premise or cloud-based email infrastructure (Office 365, G Suite,

Exchange and others). This service will filter all emails before they arrive at your email server, whether on premises or in the cloud.

An email filter provides the following benefits:

● Prevents emails with viruses from getting into your network (CryptoWall for example), with zero-hour antivirus defense, virtualization-based malware detection technology and traditional signature-based antivirus engines.

● 99%+ spam detection rate● 24/7/365 continuity - if your email server goes offline, the email filter will store your

emails and then deliver them to your server once it comes back online. So, no lost emails.

● Protects intellectual property by tracking email communications

Layered Security for businessRead here to find out more

If you’re using cloud based email like G Suite or Office 365, it’s highly recommended to implement a 2 step authentication to prevent intruders from logging into your cloud services. The 2 step authentication requires the user to provide an

additional password or code in order to have access to emails.

This code is usually generated on request and delivered to a mobile phone or a USB dongle you need to insert into the computer. This makes it almost impossible for hackers to get in even if a user accidently gives the username & password. They will need physical access for the second code and this is definitely a lot more difficult to obtain.

If you are interested, here you will find more information about the 2 step authentication.

#6: Monitoring & alerting

Viruses and malware threats are silent killers that operate in the background. Usually, when you actually remark them, the damage is already produced and the recovery is quite difficult. A proactive monitoring and alerts system is the best way to prevent issues before they happen. However, if something happens, the person in charge will be informed on time and he/she will be able to address the issue quickly before doing too much damage.

The software can be installed on all your computers and servers as well as other devices like Network Attached Storage (NAS) & Routers. You will be provided with reports and receive instant alerts via email or SMS if important events are triggered.

Onsite Helper provides

Monitoring & Alerts for its clients

Items that you will definitely want your IT team informed on would include:

● Suspicious login attempts to a computer or server● Virus detected on a computer● Malicious website blocked ● Operating system, applications, or antivirus software is not up to date● Internet, computer, or server is offline for a period of time● Other computer, server & network health checks ● Status of onsite and offsite backups

The reports should be analyzed by your IT team on a regular basis (daily, weekly, or monthly) and action should be taken accordingly. It’s also recommended to do a full security audit of the whole business at least once per year. Here are some of the items to look out for on your security audits.

Layered Security for business#7: Backups

Even if you enforce the all the recommended steps above, there is still a very small chance your business could be compromised. That’s why, it’s ideal to have a backup in place to protect your data either from user error or system failure.

However, the backup is not a full bulletproof method, and they may fall short in some areas. That’s why we recommend the 3-2-1 backup approach where you have the same data in 3 locations.

● 1 is the current working directory on the server.● 2 is an onsite backup copy easily & quickly accessible. ● 3 is an offsite copy of the data to protect the business in the event of fire or theft.

Onsite backupThe onsite backup solution we recommend is an image based backup software called Shadow Protect. This has to be installed on the server in order to create a full backup image of your server and send it to a designated PC on the network.

In a disaster scenario where the server becomes non-operational, this backup PC can be turned into a temporary server and can be booted up in minutes causing minimal downtime to the business. Staff can continue their work while the primary issue is rectified.

Offsite backupOffsite cloud storage is highly recommended for the backup of your important files and folders. It will protect the business in the event of a disaster such as fire where local server and backups may be destroyed.

Having multiple backup versions is also important. You may need to revert the entire business data to a previous week or month if the infection took place a while ago. If you are interested, here you will find additional information on important features for the offsite backup.

G Suite & Microsoft Office 365 have a very stringent and reliable email exchange and document sharing/sync platform. However, it does not eliminate the risk of users’ accidental or malicious activities. This is a vulnerability that is external to Google &

Microsoft and should be seriously considered.

Are you at risk?Some common scenarios where your business may be at risk include the following:

● A workstation is infected with CryptoWall and encrypts infected shared data in Google Drive, Dropbox or OneDrive.

● Employee who leave the business and delete items from their emails which they do not wish their employers to see.

Layered Security for business● Members of the staff who may move important items into the trash can (by accident

or on purpose). This is automatically emptied by the system every 30 days and important data may be lost forever.

● Employees who move or delete shared files and folders from Google Drive without the consent or knowledge of other users.

In all these scenarios, crucial data can be lost beyond retrieval.

The Solution: cloud-to-cloud backupThe best safeguard against the situations described above is to organize a cloud-to-cloud backup service. Here you’ll find more detailed information on cloud to cloud backup.

Our best recommendation is to use Spanning Backup (please see www.spanning.com). This service is safe, reliable and easily accessible by users and business administrators,

who are able to restore data whenever they wish. Furthermore, they offer unlimited data backups and a snapshot backup feature where users can access historical versions of their data. There is also a great search feature to quickly find the items you suspect may have been deleted. This means that you can do individual restores.

As a Spanning partner we can take care of the setup and ongoing management of this for you.

#8: Education

The final step in creating a secure online business environment is to educate every member of your business on how to keep safe when on the internet.

Staff should know about:

● Identifying fake emails – teach them to pay attention to details by checking the email address when receiving emails. Often the name appears correct but the email address is something completely different. Dead giveaway this is malicious.

● Not opening attachments; especially from unknown senders - known ransomware attachments include messages like: “emails from Aust Post”, “Invoice needs to be paid”, “I have shared a document with you”.

● Not trusting emails from colleagues - their account could have been compromised and it could be a phishing email trying to get credential information.

● Not accepting calls from Microsoft or other software providers - hackers often call employees and talk them through installing remote access so they can “fix their computer”. This is not the case; in fact it’s the opposite!

● Apply Multi Factor Authentication (MFA) on all online logins e.g G Suite, Dropbox etc

You want to know more about being prepared in case of an incident? Read here about how to recover from a compromised account

Layered Security for businessNeed an Expert to manage these for you?Onsite Helper implements the 8 layered security system described above with a 3 stage process:

1. Assess

The Onsite Helper team comes to your office or uses remotely login to your systems to provide an assessment of your vulnerabilities with recommendations and quotes on how to fix these.

2. Address

Onsite Helper is able to supply all the necessary software and licenses as well as implement the 8 layers of security to protect your business.

3. Monitor

Onsite Helper provides ongoing monitoring and maintenance of your systems to make sure the 8 layers of security are always in place.

If you would like more information on this, please call 03 9999 3106 or email enquiries@onsitehelper.com

Layered Security for business

Steps to take if infectedSometimes, the worse has happened and an infection took place. Here are a few steps to follow, in order to make sure you will manage to get out of this alive.

Ransomware/Cryptolocker

If your files have been locked and encrypted, here are the steps to follow:

1. Disconnect everything from the network- this includes computers, routers, mobile devices, Bluetooth devices, and more

2. Identify the type of infection - usually ransomware software target a certain or several areas of your network. Check to see what is actually affected:

a. Mapped or shared drives and foldersb. Network storages c. External storage like HDDs or USB devicesd. Mobile devices like phones, cameras, tablets, and otherse. Cloud-based storage check your DropBox account, Google Drive, OneDrive

account, and any other account you own.3. Identify the name of the virus that holds your files captive (CryptoWall, CryptoLocker)4. Find a way to recover your files. This could go in two separate ways:

a. Use your valid backup files to put everything back togetherb. Attempt to decrypt the files - usually older versions of Cryptowall have already

been analyzed by specialists and there are ways to get your files back. However, this is not possible for newer versions and if you can't recover from backup then best to call Online Helper’s specialists or explore other options.

5. Pay the ransom - even though this is not a recommended course of action, sometimes this is the only way to gain quick access to your files/devices. You can even negotiate with your data kidnappers so the ransom will be smaller. Once the final amount is established, you will have to follow these steps:

a. Determine the payment method (usually BitCoin)b. Reconnect the affected devices to the Internet (network isolated from other

computers/servers) and check for the address where the ransom should be sent. Usually this is specified in the message that lets you know you’ve been infected.

c. Make the payment and wait a few hours (max 24) to begin the file decryptiond. Make sure something like this never happens.

If all these steps look too complicated, you can always call Online Helper’s specialists. We are experienced with such situations and will solve the problem quickly.

Layered Security for businessPhishing email / cloud - email has been compromised

The email is one of the most important ways of communication in the business world. Not only you keep most of your clients’ details on an Electronic Agenda attached to the email, you also send and give access to important files.

So, what steps must be taken when your email address has been compromised?

1. Let the specialist know - regardless of the fact that you will call your network administrator or the company that deals with your network, make the call as soon as possible.

2. Reset the password on the account you think it’s been compromised3. Make sure your old login details are not stored on other devices4. Check to see if other devices have access to your email account5. Asses the damage and try to recover what you can6. Make sure something like this doesn’t happen again.

All these steps are thoroughly explained here, but if you feel like the problem is beyond your knowledge, call our team of specialists. Onsite Helper will always be there to help you!

If you would like more information on this, please call 03 9999 3106 or email enquiries@onsitehelper.com