As businesses become more and more connected to the internet, the threat of a data breach only increases. A study conducting by the University of Maryland in 2017 discovered that, on average, computers with internet access are attacked every 39 seconds. While this figure may be worrisome, this should come as no surprise to most. As technology continues to progress, becoming more and more a part of not only businesses but individual’s lives as well, criminals will try harder and faster to obtain access to confidential information. These attacks are not cheap either. A study conducted by IBM found that on average, a cyberattack can cost $3.86 million. This number does not just reflect the damage the breach cost, but it also factors in loss of business, time spent on recovering, and damage to reputation. Taking steps to prevent an attack from happening is imperative. One must have the proper equipment and policies set in place in order to counter cyberattacks. However, attackers are becoming smarter, more resourceful, faster, more aggressive. Many of them are also playing the long game as well. Lying dormant in a companies, or individual’s computers or server, waiting for the perfect moment to attack. While cyber security specialists are doing there best to stay 1-step ahead of criminals, there is only so much that can be done. Therefore, instead of playing a game of cat and mouse with attackers, cyber security specialists should be turning their attention towards using machine learning and AI to aid them in this constantly evolving battle. Why Machine Learning and AI Should Be Recruited Cybersecurity usually relies on methods of created static rules and policies that act as barriers to attackers. These barriers, regardless of how strongly built, are susceptible to cracks and leaks, allowing for unwanted guests to enter. This creates a constant game of catch up, rather than enforcing constant protection. This is especially true since cyber criminals are constantly evolving their viruses, making them stronger and harder to detect. If rules are not kept up to date, and scheduled maintenance is not regularly done, disaster can strike at any moment. Machine learning and AI can help level the playing field. Even though cyber security specialists will remain as the last line of defense against attacks, AI and machine learning can be used as the first line of defense. AI and machine learning are constantly updating and learning, feeding off information from databases about cybersecurity and networking, as well as information from its experiences while deployed. AI and machine learning add automation to your cybersecurity team, aiding them in evolving and keeping your data safe from criminals. Hammett Technologies is specialized in cybersecurity, using only the latest cybersecurity software and hardware to keep your data safe. When you partner with Hammett Technologies, you hire a partner who learns your employees, your business, and your process.
If you are like many users, you visit many different sites and have a plethora of passwords between those sites. The idea of creating a strong password consisting of letters, numbers, special characters, symbols, etc., can be quite daunting. Not to mention it is recommended that you have a different password for each site your register an account on. With all of this considered, it is no wonder many become overwhelmed when trying to think of a secure password. I mean, who can remember “J%^dh@udS!@#$”? Because of this, you may have fallen victim to using the same password for most, if not all, of the websites you hold an account on. This is not only a safety hazard, it also spells disasters if one of these websites gets compromised. Or perhaps you use numerous passwords, but they consist of simple words and numbers that relate to your life. These kinds of passwords are easier to guess than you can imagine. Maybe you do have long, complicated passwords, but in an attempt to remember them you have written them down and placed them next to your computers. This is dangerous as well, especially if other use your computer as well! However, with this guide, we hope to guide you down the right path to making safe, secure, and easy to remember passwords! First, to understand what a strong password is, we must understand what makes a password strong. The key features of a strong password are its length, a variety of letters (using both upper and lower case), symbols, and numbers. Make sure you leave all personal information out of your password. However, what is the use of a complicated strong password, if you cannot remember it? Not to worry, we will arm you with advanced password creating techniques that will not only keep your online identity secure! Your first strategy in creating a strong password is to make it easy to remember but hard to guess. Avoid the pitfalls of making your password “password”. This password is laughably weak. A password this simple is easily guessed by both humans and machines and will leave your online identity in shambles. Some of you may be asking, “Who on Earth is using “password” as a password?”. Well you would be surprised to know that it is one of the most commonly used passwords to date. There are also the passwords that use a persons last name and birth date. These kinds of passwords are also easy to crack by those who are close to you. I know your neighbor Bill seems like a nice guy, but maybe he’s too nice. However, perhaps you have been trying to make a strong password and have created “P0W3Rful”. First you must be aware of the length. Length of this password is far to short and the substitutions you have made are easily guessed by both human and machine as well. Now that we are aware of the numerous pitfalls, we can begin to discuss how to create a strong password! Here are a few examples of good passwords: G00D_2H4v3_$$: You could use this one for a bank account (Good to have money). 4sh00Ping_0NAMZ: This could be used for your Amazon account (4 shopping on amazon). Having now thought of a password that is perfect in length and randomness, you have begun your march down the correct path to internet safety. However, you are not safe yet. You must remember to not reuse the password, write them down anywhere, or share them. After spending all that time thinking of a good password, last thing you want is for someone to crack it by seeing it written down next to your computer. Or if you are to get hacked, at least you can rest easy knowing your other accounts are still locked away because you used a different password for each site! The last rule is extremely important but can also be given some slack. If you are to share your password, make sure that you only do so with someone you trust 100%. If you have even a shred of doubt that they do not take internet security as seriously as you, do not share your password with them. Another option for those who have too many accounts, or are too nervous to create their own passwords, is to use a password manager! Password managers like LastPass can generate completely random passwords up too 100 characters in length. All you must do is think of a super secure master password and you are ready to go! Now that you have been armed with the tools to create smarter, safer passwords, go forth and secure your defenses! If you have any questions about cyber security or want a partner that will take your businesses cyber security seriously, consider Hammett Technologies! At Hammett Technologies we put your online security as a top priority. Be with a team you can trust, become a Hammett Technologies Partner today!
Computers around the world are continually generating records that occur. While some of these are routine checks, others are hostile, aimed at gaining access to or even destroying your network. However, by checking and reviewing the log files, you can stay on top of these issues. From malware, damage, and loss and legal liabilities, log files contain all the day to day information of your network. Therefore, it is important to practice event log management daily. It must be collected, stored, analyzed, and monitored to meet and report on regulatory compliance standards like PCI and HIPPA. WHY LOG MANAGEMENT IS IMPORTANT Every transaction and event that takes place on a machine on your network generates a log file. Microsoft-based systems use Windows Event Log files. When working on Windows, monitoring the event logs is crucial. Windows Event Log files all contain crucial information, but of all of them, the Security Log is the most important. The security log provides log in events as well as what each user is doing. It is vital that your IT security team understands the Windows Security Log to spot a vulnerability or attack accurately. However, this information can be overwhelming and exhausting to look through. If you use an Event Log Management tool, you can accurately and precisely navigate through log files, allowing you to find that single file that is causing an issue. Event Log Management is a crucial component in ensuring security and compliance, and it is essential to review all logs. SECURING THE CASTLE The top priority for any company should be security. Keeping the company safe from outside attacks that aim to disrupt customer’s data, exploit employee data, or crash a company’s server. However, attacks from the inside are just as real and can cause catastrophic damage. This is not to say that keeping your network safe from the outside is any less important, but you must be mindful of an attack from the inside. Perhaps you have an employee who is curious about financial records and wants to start drama among the workers or an employee who is upset about a decline for a promotion or pay increase and wants to delete years of data. These employees can create a backdoor into the network or give themselves admin privileges, attempting to fly under the radar from security. However, if you have a well-established ELM strategy, you can monitor these internal attacks accurately and stop them before they turn nuclear. PCI – DSS AND HIPPA COMPLIANCE Payment Card Industry Data Security Standard (PCI-DSS) provides IT professionals that handle consumers credit cards data. Any business that claims PCI compliance have to be able to show compliance in their yearly audit. If it is discovered that they are not, denial of processing and storing credit cards can occur. HIPPA requires a reliable audit trail to protect the personal data of all medical patients. HIPPA has two different significant rules: Privacy and Security. Medicaid and Medicare require, along with building an IT infrastructure and strategies to protect against threats to personal information, but there must also be preparations made for investigations of security breaches should they occur. Furthermore, you must be able to provide enough information to be able to establish occurred events, when they occurred, as well as what or who has caused them. Ways to Manage Events and Logs There are numerous ways to go about handling the logs for your networks, and WhatsUp Gold offers some of the best ways to do so: 1. Define your Audit Policy Categories Audit policies in Windows record the security log events found on your network’s log files for your company. With Microsoft Windows NT systems, audit policies have to be put in place manually on each server and workstation. However, Windows 2000 and 2003 Active Directory domains allow for Group Policy, which enables you to set universal audit policies for groups on the servers and even the domain. 2. Log Records Are Merged Automatically By default, decentralized records, such as Windows events logs and Syslog files, record their log activity. However, if you want to gain a “big picture” view of what is going on within your network, admins in charge of security and compliance need to be able to merge Windows event logs and Syslog files into one another in order to be able to monitor thoroughly, analysis, and report. It is necessary that you maintain your log data! Many compliance standards require data to be stored up to seven years. However, if you automate the process, life can become much more accessible. Automation can assist in data retrieval and the longevity of log data. It is important to remember: Archived logs must be readily obtainable. Automation helps reduce the risk of corruption. The larger the company, the more users and machines. With more users and machines comes an increase in bandwidth and network traffic, which will only further complicate the log file. Automation can greatly assist in making sure all data is collected. Usually, administrators use an event log management tool to record log event data from the servers and workstations. Make sure you find an event log management tool that supports a method to re-import collected log files into the database if they are needed. 3. Event Monitoring, Real-Time alerts & Notification Policies While your company may have most, if not all, Windows-based machines, it is important to branch out from the Windows event log monitoring system. Consider using Syslog as well. They have support for switches, routers, firewalls, IDS, as well as support for UNIX and Linux based systems. Most products that perform real-time scanning and monitoring of logs require the use of an agent. However, if you can find a software package that can be used without an agent, go for it. This avoids many issues upon initial setup and continued maintenance. Every company has a different classification of what they find important, and what they want to be listed in the logs. The one security research
As technology continues to advance, so do those who aim to use it to exploit others. According to Accenture, when a business suffers a cybersecurity attack, an estimated $2.4 million is spent on recovery, and it takes an estimated 50 days to recover from the attack entirely. On a global scale, the average business can expect to spend on recovery is estimated to be as high as $3.86 million, with another attack within 24 hours with a 27.9% chance (via 2018 Ponemon Report). It is essential that businesses understand this threat, and that investing in preventative measures, such as automation, is important to maintaining a business’s security. What is a Data Breach? According to the 2018 Cost of a Data Breach Study, to classify an event as a “data breach” an individual’s medical record, financial record, and/or debit card information must be placed at risk. This type of information can become exposed due to malicious or criminal attack, system glitch, and even human error. How Does a Business Avoid Data Breaches? In order to prevent a data breach from occurring, a business must invest in a strong cybersecurity team. With the support of a robust cybersecurity team, a business has a better chance of staying ahead of malicious hackers. Furthermore, extensive pressure testing can also aid in prevention. Pressure testing a businesses network environment can reveal vulnerabilities, as well as aid in innovation, keeping your cybersecurity ahead of the attackers. However, one of the most important defenses a business can invest in is automation. What is Automation and How Can It Improve Cyber Defense? When it comes to cybersecurity, automation is your best defender. According to 2019 Study on the Cyber Resilient Organization, automation, in the cybersecurity field, refers to investing and enabling in cybersecurity technologies that assist or replace human intervention in the identification and containment of cyber exploits or breaches. Furthermore, for these technologies to function correctly and efficiently, artificial intelligence and machine learning, must be appropriately implemented. Automation creates a symbiotic relationship with businesses cyber resilience. It reduced the chances a business has of encountering a data breach, as well as the frequency of them occurring. Investing in automation allows for a business to feel more confident in its ability to track, prevent, and contain potential cybersecurity incident. However, while automation does remove humans from the identification and containment procedure, it does not mean that cybersecurity professionals are irrelevant. A business should keep a full staffed cybersecurity team to assist in training, as well as regular maintenance of the automation processes. Furthermore, a fully staffed cybersecurity team can develop a Computer Security Incident Response Plan (CSIRP), which significantly assists in detection and containment. Automation is a necessary part of a company this wished to keep their client’s information save and save money. According to the 2018 Cost of a Data Breach Study, on average, the losses of a company that has fully and effectively implemented automation to their cybersecurity defense, are $2.88 million, while a company that has decided to skip on automation suffers $4.43 million in losses. Automation is an essential tool for any business looking to improve its cybersecurity and cyber resilience. What Other Steps Should a Business Take to Continually Improve its Cyber Resilience? Automation is a crucial component to any businesses cybersecurity detail, but businesses cannot overlook other key personnel and details either. Security intelligence systems can save a company as much as $3.7 million. Companies that take full advantage of encryption and effectively use it can save as much as $1.4 million annually. Properly implementation of a firewall can prevent 2.5 million in losses yearly as well. Perhaps the most often overlooked factor is maintaining a sufficient budget for cybersecurity, which can save a company $2.8 million annually when appropriately maintained. As stated earlier, keeping a fully staffed cybersecurity team crucial to maintaining the network, leading to $2.1 million in savings for the company; however, no team is without its leader. Hiring a Chief Information Security Officer (CISO) can further improve security, as well as save a company $2 million yearly. Lastly, and an added measure as to what automation cannot accomplish is proper training and cybersecurity awareness meetings. Training and informing employees on cybersecurity not only helps to prevent human error, but it also saves a company $1.5 million every year. Automation is crucial, but implementing other cybersecurity personnel and details in equally important in maintaining a proper network. As technology continues to progress, the threats do as well. Therefore, it is up to businesses and cybersecurity teams to implement the proper tools necessary to defend against attacks that can wreak havoc and cause data breaches. At Hammett Technologies we understand the importance and can help evaluate and develop a plan to help train employees and prevent data breaches, ensuring your company’s data remains secure.
Tax season is no doubt a happy time for many Americans. The extra boost in cash from paying taxes makes everyone’s wallet feel great! However, where there is money, there are unwelcome guests. While many are preparing their taxes and W-2 forms, hackers are busy developing malware to infect and steal information from unsuspecting victims. It is important that we understand how these hackers aim to get access to banking information. What to Look For? The majority of these attacks come from email spam. By making the emails appears to be from large firms such as Paychex and ADP, these hackers aim to deceive people into opening and downloading malicious Microsoft Excel files. One downloaded, the Excel file will execute one of the most effective banking Trojans, Trickbot. While these attacks usually target businesses, that does not mean an individual will not come across this attack. The cybercriminals do their best to disguise the email as friendly, going as far as to replicate the names and emails of HR services and accounting companies. By making the email appear to be from someone the recipient knows, or is aware of, the guard of that person is lowered, making them more likely to open attachments. Just one unaware person can allow Trickbot to enter the company and spread to every computer on the network. What is Trickbot? Trickbot is malware specifically designed to silently infect a computer and steal sensitive data such as, banking credentials. Once the credentials are acquired, the Trojan proceeds to setup wire fraud directly from your own computer. Once infected, hackers have complete control over your machine, and can spread the attack to any other machines that are on the network. Trickbot is a top ranking Trojan and is still in development, adding new “skills” to the virus, making it even more destructive. What Can I Do to Stay Safe? In order to keep yourself protected during tax season, follow these safety tips: The IRS only uses snail mail as a means of communication. Therefore, if you receive an email, phone call, text message, social media message, do not respond. If you receive an email and it seems suspicious, do not click, open, or download any attachments or links. If the email is from someone you know, it is best to verify with the sender before opening any attachments, ZIP files, or RAR files. Disable macros by default in all Office applications. If a downloaded office attachment asks you to enable macros immediately close the excel and delete the file. Many malicious files need macros enabled in order to execute, and this includes Trickbot, which uses excel to inject its malicious code. Use updated antivirus protection and ensure you are protected against Trickbot. Make sure your computer is up to date and has no pending updates. By taking these extra steps you can ensure that you do not become the victim of Trickbot.
Another example of how someone will attempt to trick you into giving out your personal information! Please, make sure you are always paying attention when going through your email. If an email appears sketchy, it most likely is! Most of the time, the biggest give away is the senders email address! The email address “accounts@office365.micros0ft.tech” should stand out as a red flag. Upon closer inspection you will notice that the “O” in Microsoft is in fact a “0”(zero). Once you notice something like this, make the email as spam and move along! Remember to always be on the lookout! If possible, get in contact with the company that email appears to be from! This will help you gain peace of mind, as well as notify the company of a possible issue!
Unfortunately, this attack may affect those of you who travel the most. If you have stayed at any of the following Starwood brand hotels, including the Marriot, your information could have been compromised. Westin Sheraton The Lucury Collection Four Points by Sheraton W Hotels St. Regis Le Méridien Aloft Element Tribute Portfolio Design Hotels If you have stay at one of the hotels, it is in your best interest that you assume your information has been compromised! Take precautions and prepare yourself for a variety of social engineering attacks. What to Look For Spear Phishing Alert: Starwood Preferred Guests accounts have been breached, therefore it is likely that attackers have access to both your work and personal email addresses. Now, having your email address, attacks will send you emails that appear to be from real corporations, in an attempt to gain further access to your personal information! Be on patrol for these kinds of email, and if you do spot one, mark it as spam and report it immediately Copycat Phishing and SMS Phishing: With your information now floating around in the wild, attackers will try numerous methods in order to gain further access into your personal information! Marriot has made a statement saying it would email any Starwood Preferred Guests as well as those who may be impacted. Therefore, it is safe to assume that the attackers will now always be sending you and email that will look almost identical. Therefore, to air on the side of caution, do not open any emails, click on any links, or download any attachments that have come from the Marriott or Starwood Hotels. Furthermore, do not respond to any voicemails, or texts that claim they are representatives from the hotels listed above. Instead, look up the hotel and call them directly yourself! Have a Chat with Accounting: Odds are you have a business credit card, and if you have stayed at one of the following hotels in the past 4 years, odds are the bad guys have that same exact card now. Therefore, ask accounting to watch the card for any suspicious activity! If you use your own credit card and get reimbursed, call your bank and inform them of the situation, change your password, and monitor your account closely! Do Not Search for “WebWatcher”: Marriott is offering those who were targeted in the US, Canada, and the UK, a free, one year subscription to a Kroll Identity Service called “WebWatcher”. This service monitors “internet sites where personal information is shared”. Decoded that means they watch hacking sites on the deep web for compromised data records. DO NOT search the web for this program. This search will lead you to programs that, while they carry the same name, are hosts to spyware and other dangerous viruses. If you want to sign up for the free monitoring service, follow the links at info.starwoodhotels.com to country specific versions. Traveling Safe When leaving for an office trip or vacation make sure you: before leaving the office while packing in the taxi at the airport in flight at meetings and conferences at the hotel Following these steps will make sure that you are secure when traveling!