CyberSecurity Month – Small Business Tips

CyberSecurityBroadband and information technology are powerful tools for small businesses to reach new markets and increase sales and productivity. However, cybersecurity threats are real and businesses must implement the best tools and tactics to protect themselves, their customers, and their data. Visit www.fcc.gov/cyberplanner to create a free customized Cyber Security Planning guide for your small business and visit www.dhs.gov/stopthinkconnect to download resources on cyber security awareness for your business. Here are ten key cybersecurity tips to protect your small business:

1. Train employees in security principles.

Establish basic security practices and policies for employees, such as requiring strong passwords and establish appropriate Internet use guidelines, that detail penalties for violating company cybersecurity policies. Establish rules of behavior describing how to handle and protect customer information and other vital data.

2. Protect information, computers, and networks from cyber attacks.

Keep clean machines by having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available. (Our managed monthly service contract customers already have this taken care of.)

3. Provide firewall security for your Internet connection.

A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall. (We don’t recommend the free stuff as you always get what you pay for.)

4. Create a mobile device action plan.

Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.

5. Make backup copies of important business data and information.

Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud. (We recommend backup copies in both)

6. Control physical access to your computers and create user accounts for each employee.

Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel. (Definitely agree with the separate users and least

7. Secure your Wi-Fi networks.

If you have a Wi-Fi network for your workplace, make sure it is secure, encrypted, and hidden. To hide your Wi- Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. (Also make sure to segregate public guest traffic from private traffic.)

8. Employ best practices on payment cards.

Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations pursuant to agreements with your bank or processor. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.

9. Limit employee access to data and information, and limit authority to install software.

Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs, and should not be able to install any software without permission.

10. Passwords and authentication.

Require employees to use unique passwords and change passwords every three months. Consider implementing multifactor authentication that requires additional information beyond a password to gain
entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account. (Multifactor should be implemented on all web based applications from third party vendors.)

If your company is concerned about cybersecurity and wants to take the needed steps to protect yourselves, then contact us for assistance.

CyberSecurity Month – Entrepreneur Tips

cybersecurityEntrepreneurs face the same cybersecurity challenges and threats that larger businesses face but with limited resources, capacity, and personnel. Cybersecurity is especially important for entrepreneurs because they have the unique opportunity to integrate cybersecurity practices at the onset of their investments and business development.

DID YOU KNOW?

  • Approximately 77 percent of small firms believe their company is safe from a cyber attack, even though 83 percent  of those firms do not have a written security policy in place.
  • Unlike larger firms that can absorb the cost of a cyber attack, the consequences can be catastrophic for smaller ventures and entrepreneurs.

SIMPLE TIPS

  1. Use and regularly update anti-virus software and anti-spyware on all computers. Automate patch deployments to protect against vulnerabilities. (Our monthly maintenance takse care of this.)
  2. Secure your Internet connection by using a firewall, password protecting your Wi-Fi network, and changing default passwords for your wireless network and router. (Most businesses who buy a router from a local office supply store don’t take the time to change the default password and don’t know these devices are rarely updated by vendors.)
  3. Establish security policies and practices (e.g., using encryption technology) to protect sensitive data, including customer information and intellectual property.
  4. Use strong passwords and change them regularly. (Minimum recommended password length is 10 characters with upper and lower letters, numbers and symbols. Changing passwords should be monthly or quarterly if possible.)
  5. Protect all pages on your public-facing websites, not just the sign-up and checkout pages.
  6. Invest in data loss prevention software and use encryption technology to protect data that is transmitted over the Internet.If your company is concerned about cybersecurity and wants to take the needed steps to protect yourselves, then contact us for assistance.

Received Hacker Email

Hacker Email

Here is a recent email that I received from a “hacker” that was threatening to expose some secrets. It was an obvious fake email, but I wanted to take the time to educate on how to know a fake when you receive one:

Hacker Email Exposed

Strange Email Address: This email comes from “auf@cesco.com.br” which is an address unknown to me and the domain itself ends in BR which stands for Brazil which again I don’t do business in Brazil so why would someone from there be emailing me.

Poor English: It starts out with the over-friendly greeting and continues with “I hack your computer” then just doesn’t stop. This was likely something typed into Google Translate then pasted into an email.

They Have Everything: Unless you really have something to hide, then this should not scare you. You need to assume that anything that you post online is public information anyways – there are no secrets on Facebook.

Invalid Help: They offer to help with acquiring Bitcoin to pay them in then offer a site to find local ATMs that have this feature. They have no understanding of the area or what local banking services are available. If they know everything about me then they know where I live and could easily look up the local economic structure.

Internet Extortion: They are using extortion tactics to try and scare me into action. They are trying to “sell” me information security for $120, but if I gave into their demands then my email address would become an even more valuable asset as they would have someone they could regularly extort for funds.

What To Do

  1. Unless you have something to hide, ignore the threats. If you do have something to hide then I suggest you quit so that no one can have anything against you.
  2. Forward these emails to me. Include the “header” information by copying it from the File > Properties menu in Outlook as this will help to track down where they are from.
  3. Farmhouse Networking will alert the proper authorities about the malicious activity to help shut these scammers down.

If your company is receiving tons of SPAM or hacker email, then contact us for assistance.

Carbonite Removes Local Backups

carbonite

“Carbonite is ending support for the Mirror Image feature on October 15, 2018. Starting October 16, 2017, Carbonite will remove the Mirror Image feature from Plus and Prime accounts on a rolling basis, upon renewal. Mirror Image will be removed from all remaining accounts on the end-of-support date of October 15, 2018. ”

Local Backups

This revelation from Carbonite and the recent one from CrashPlan have left me worried about the future of backup for small business and home users. To have all files stored only in the cloud to me is just foolish. If I have tons of family photos and videos or store a bunch of music on my computer that I am relying on online only backups to keep safe – my recovery time will be weeks instead of hours. This is just not acceptable to me and I have a feeling it would not be to other people either.

If you  are using either Carbonite or CrashPlan for backup of your computer and the possibility of massive recovery times is unacceptable to you, then contact us for assistance.

Compliance Demands Managed Antivirus

computer virusIt continues to astound me how many businesses have a free version or home version of antivirus installed on their workstations at the office. There is no central management for the antivirus software to enforce the company security policy creates an infrastructure where each workstation can have a different level of protection or none at all. Leaving security up to the end-user is never a good idea that could easily lead to a virus infection. For those effected by HIPAA or PCI compliance having managed antivirus is a must.

PCI Compliance Regulations

Section 5.1 Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers).

Section 5.1.1 Ensure that anti-virus programs are capable of detecting, removing, and protecting against all known types of malicious software.

Section 5.2 Ensure that all anti-virus mechanisms are maintained as follows:

  • Are kept current,
  • Perform periodic scans
  • Generate audit logs which are retained per PCI DSS Requirement 10.7

Section 5.3 Ensure that anti-virus mechanisms are actively running and cannot be disabled or altered by users, unless specifically authorized by management on a case-by-case basis for a limited time period

In order to comply with all of these regulations there is no other choice than to use managed antivirus as it automatically updates, regularly scans and keeps logs in a central place.

HIPAA Compliance Regulations

45 C.F.R § 164.306 (2) Protect against any reasonably anticipated threats or hazards to the security or integrity of such information.

45 C.F.R § 164.308 (a)(5)(ii)(B) Protection from malicious software. Procedures for guarding against, detecting, and reporting malicious software.

These regulations are a bit more cryptic, but they do require antivirus to be installed, fully capable of protection and able to report. The best way to achieve this is to use managed antivirus.

If your company is using standard or free antivirus to protect your business workstations, then contact us for assistance.

CrashPlan for Home is No More

CrashPlan for Home

Effective August 22, 2017, Code42 will no longer offer new – or renew – CrashPlan for Home subscriptions, and we will begin to sunset the product over several months. CrashPlan for Home will no longer be available for use starting October 23, 2018.

What alternatives exist?

CrashPlan itself is suggesting that customers move to Carbonite for their personal computer backups. In order to get the same great combination of onsite & offsite backup that CrashPlan users are used to, Farmhouse Networking recommends using Plus package that includes the backup to an external drive. This package is on sale for $25 off the normal yearly cost. Small businesses with only one computer will also find this package to be the most secure way of backing up their important files for the least out-of-pocket costs.

If your business has more than one computer or a server, Farmhouse Networking recommends upgrading to a full business class Backup & Disaster Recovery (BDR) solution with Datto. This provides both the speed of on-site recovery with the resilience of off-site recovery via the cloud. On-site recovery is much simpler with this BDR solution as the device becomes a copy of the main computer or server in the case of failure. This takes recovery time down to minutes instead of days.

If your company is using CrashPlan for backups and are not ready for the move, then contact us for assistance.

DNS Filtering for Security & Productivity

DNS filteringAny Human Resources department manager will attest to the need for an Acceptable Use Policy as part of the Employee Handbook. It should clearly state the proper use of business-owned workstations and what traffic is allowed on the company network. Monitoring this policy is next to impossible for small businesses, yet ignoring it leads to infections, security breaches, and huge losses to the bottom line by wasted employee productivity. How does a company stay safe from the big, bad Internet?

Policy Creation

This may sound boring, but before any monitoring and enforcement can take place legally, there must be a clearly defined policy in place with consequences for violations. This policy must be signed by each employee. Only when signed policies are in each employee’s file, can measures can be taken to monitor and enforce the new written policy.

No Administrator Access

There is no reason for the average employee to need Administrator access to a workstation once it is setup properly for business use. Most employees do not need to install any software or make any major setting changes without first consulting management and/or network support personnel. Software and operating system updates should also be handled by network support personnel or by an automated process. Installation of additional hardware should be cleared with management and implemented by network support personnel. Workstations are a company-owned tool to be used by the employee only for the best interests of the company, not for personal file storage or entertainment purposes.

DNS Filtering

The Internet is an invaluable tool for business purposes. There are, however, many threats out there, and the common user has no idea how to avoid them. There are also innumerable distractions ranging from time wasters to those that are downright illegal. DNS Filtering inspects every internet request against a database of known sites and blocks bad traffic before it goes anywhere on the internet. This keeps your internal network assets safe from malicious sites and content that is inappropriate for business or bad for productivity. This is accomplished without interrupting or slowing down the normal flow of good traffic around the Internet.

If your company is looking to add layers of security to your network or increase productivity by limiting Internet time wasters, then contact us for assistance.

CIA hacking home routers with Cherry Blossom since 2007

CIA Cherry Blossom

In the latest dump of purportedly top secret CIA cyber exploits from WikiLeaks, dubbed “Vault 7”, there is evidence of a home router firmware modification called Cherry Blossom. (The CIA has never publicly acknowledged the programs nor the leaked Vault 7 documents.)

What is Cherry Blossom?

“The Cherry Blossom (CB) system provides a means of monitoring the Internet activity of and performing software exploits on targets of interest,” the WikiLeaks documents state. “In particular, CB is focused on compromising wireless networking devices, such as wireless (802.11) routers and access points…to achieve these goals.”

Among the companies whose wireless routers have reportedly been compromised are Motorola, Linksys, Dell, Netgear, US Robotics, Belkin, Asus, Buffalo, DLink and Senao. Cherry Blossom relies on implanting altered versions of the products’ firmware remotely posing as wireless upgrades. An implanted device is known as a “FlyTrap” and communicates via beacon with a CIA-controlled server known as CherryTree (CT).

If your company is a consumer grade home router instead of a business grade router, then contact us for assistance.

Powershell One Liner: Disable User Protocols

Here is a quick powershell one liner that I came up with when I got a request from Microsoft Support to disable user protocols. I did some research and found out that they meant the protocols or services used to access Office 365 Exchange Online.

Connect to Microsoft Office365 via Powershell

Open Windows Azure Active Directory Module for Windows Powershell as Domain Administrator and type in the following to connect to Exchange Online via Powershell:

Set-ExecutionPolicy RemoteSigned
$creds = Get-Credential
(Enter the Office 365 Administrator credentials then click “OK” button.)
Import-Module MsOnline
Connect-MsolService -Credential $creds
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $creds -Authentication Basic -AllowRedirection
Import-PSSession $Session

Disable User Protocols

Once connected to Office 365 via Powershell, here is the one liner to disable user protocols:

Set-CASMailbox user@company.com -ImapEnabled $False -PopEnabled $False -OWAEnabled $False -ActiveSyncEnabled $False -MAPIEnabled $False

Enable User Protocols

Here is the one liner to enable user protocols:

Set-CASMailbox user@company.com -ImapEnabled $True -PopEnabled $True -OWAEnabled $True -ActiveSyncEnabled $True -MAPIEnabled $True

If your company is currently using Office 365 and needs help translating commands given by Microsoft Support, then contact us for assistance.

Nagios Core SNMP Monitoring APC UPS

God has recently lead me to do some charity volunteer work for a worldwide organization and their IT department. My first project was to untangle their Nagios Core system and then take over the administration of that server and the monitoring of the rest of the network. Part of this volunteer work took place yesterday with deep dive into the Nagios framework, Linux and SNMP to allow monitoring APC UPS devices.

Initial Trip Off Course

My initial thought was not to re-invent the wheel and head to the Nagios Exchange to find a pre-made project that would elegantly provide monitoring APC UPS devices. I found the check_apcupsd project which looked simple and had a great screenshot. Little did I know what I was getting into. Turns out there are a couple undocumented dependencies for this including apcupsd itself and an undocumented connection to port 3551 which I could not find inside the portal page for the SMART-UPS 1500 network management card. After a couple hours of frustration I abandoned this and removed all linux packages associated with it.

Trip Down SNMP lane

After looking over other projects at the Nagios Exchange, I decided to research using SNMP to provide monitoring APC UPS devices. This lead me to an article by Mihai Radoveanu which provided the detailed steps to create monitoring APC UPS devices in Nagios Core. He details editing the command.cfg file to add the check_snmp and his own check_snmp_inverter to list of commands. (Please note that the check_snmp_inverter.sh file will need to be edited to Change the Home variable to point to the Nagios Core plugins directory) He details creating host templates, host groups, adding a separate configuration file to the main file which includes hosts and services. I prefer the more standards based approach to creating individual host files, adding them to a host group and then creating a service file that points to the host group. Made these changes to the Nagios Core framework and confirmed my configuration before making the changes live.

APC Changes Needed

Finally came the changes to the APC UPS network management card configuration:

Monitoring APC UPS - Main Page

  1. Login to the network management card webpage, click on Configuration > Network > SNMPv1 > Access then check the box next to Enable and click on Apply.Monitoring APC UPS - Configure SNMP
  2. Click on Configuration > Network > SNMPv1 > Access Control then click on a community name then type in the network SNMP community name and the IP address of the Nagios Core server. It will only need Read permissions. Click on Apply.Monitoring APC UPS - Configure SNMP Access

That is all that is needed. This introduction to the Nagios Core framework later allowed me to setup SNMP monitoring for the High Availability link ports between their Sonicwall 4600 devices.

If you are looking for expert monitoring of your network systems by highly trained technicians, then contact us for assistance.