Working from home with cyber security

Taking Your Work Home: Are You Secure?

With the capabilities of remote access, either through telework or on mobile devices, many companies are asking the question:

How do I maintain my cyber security when my employees work remotely?

Whether you have one employee working on a mobile device while on a business trip or your entire staff telecommuting from home, your cyber security shouldn’t be sacrificed for convenience. By understanding your options and working with a quality IT services provider, you can safely navigate the cyber world and keep your business protected, no matter where you are.

Cyber Security and Telework

Maintaining your cyber security while allowing your employees to work remotely can be a challenge, but it can be accomplished with minimal risk if you plan ahead and choose the right options for your business.

First and foremost, the Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security published by the National Institute of Standards and Technology (NIST) says to “assume that communications on external networks, which are outside the organization’s control, are susceptible to eavesdropping, interception, and modification.” If you don’t expect someone to infiltrate your network, you won’t be protected when someone tries. Always prepare for the worst-case scenario.

How do you do that? You should start by choosing the best telework option for your business’s needs and budget. There are four basic ways to secure your network while allowing remote access to employees.

  1. Tunneling Using a VPN Gateway
    Virtual Private Network (VPN) gateways create secure access from the employee device to the VPN gateway and onward to your internal network. In this way, your enterprise-level cyber security measures are extended to the VPN, which acts as a secure tunnel for employees to work through. Some VPN gateways can even extend your business’s firewall rules to the employee computer no matter where they are working by use of a very light, portable device. A great advantage when travelling on business.VPN gateways offer several great telework features, but while communication is protected through a VPN gateway, the employee’s computer could still be at risk of transmitting infected data if the computer itself is compromised. Depending on the amount of traffic it needs to carry, VPN gateways can be quite an investment, requiring third-party software or dedicated servers. Even so, the benefits often far outweigh the cost when secure communication is important.
  2. Portals
    This method of remote access happens primarily through a browser-based webpage or virtual desktop. All applications and data are stored on the portal’s server and cannot be downloaded or saved on an employee’s device without permission. This is a good way to keep control over who is accessing your data and how it is used. It may also be a cheaper option than purchasing a VPN gateway.The danger with portals depends on what permissions the employee has while accessing the portal. If the portal allows an employee to access other areas of the internet while connected, it could provide an unintended avenue for criminals to access your network. It’s safer to restrict employees’ access to other programs while the portal is in use. The more access an employee has, the less secure the connection becomes.
  3. Remote Desktop Connection
    Remote desktop connection allows an employee to remotely control a computer physically located at your business via an intermediate server or third-party software. When the two computers are connected, applications run and data is saved only to the computer in your office, and your network’s cyber security measures are enforced. Your remote device merely displays the work performed on your office machine.

    Due to the direct access, remote desktop connection is considered high risk in cyber security terms. Proper configuration is critical.  When set up correctly, communication between the two computers is encrypted for the data’s protection, but it is also encrypted from the organization’s firewalls and threat detection. No matter how good your cyber security measures are, if the employee’s home computer doesn’t have the same protections as the office workstations, malicious data can slip into your network unnoticed during a remote desktop connection.
  4. Direct Application Access
    Direct application access is probably the lowest risk to your cyber security measures out of all the remote access methods because it is best used only with low-risk applications. In this method, employees can remote into a single application, usually located on the perimeter of your network, such as webmail. The employee doesn’t have access to the entire network, allowing them to work on select applications without exposing your internal network to danger.Though there is much less danger posed by direct application access, it generally doesn’t allow for extensive work to be done. There is very little connection to data on your network, and little ability to take data to another application if needed. It is best used when traveling or on a mobile device where complete access to the network is not necessary.

Mobile Devices

Telework isn’t the only way employees access your network. Mobile devices have become ubiquitous to work on-the-go, but if you fail to protect these devices, your business and your clients may suffer. There are basic security recommendations for securing any mobile device, including thorough employee training in cyber security, strong encryption, keeping software up-to-date, and supplementing your security with third-party anti-malware/anti-virus software. While these fundamental methods keep the average device secure, if you’re dealing with sensitive or confidential data on your network you may need additional safeguards.

NIST’s Guide to Enterprise Telework offers detailed suggestions for protecting any business when it comes to mobile and telework access, including:

  • Limiting networking capabilities (such as Bluetooth) not necessary for work.
  • Turning on personal firewalls, if available.
  • Requiring multi-level authorization before accessing your business’s network.
  • Restricting other applications allowed on the device.

Perhaps the most important piece of advice NIST has for mobile devices is not to treat them as mobile devices at all: “Given the similarity between the functions of mobile devices, particularly as they become more advanced, and PCs, organizations should strongly consider treating them similar to, or the same as, PCs.”

It may also be beneficial to use a mobile device management (MDM) solution to maintain control of a mobile device in case of theft or accidental loss. With an MDM, you can locate, lock, or remotely destroy any data on the mobile device. This way your sensitive information won’t fall into the wrong hands, even if the device can’t be recovered.

Best Practices for Maintaining Cyber Security

Regardless of the type of remote access you decide on, there are a number of opportunities to shore up your cyber security defenses:

  • Establish a separate, external network dedicated solely to remote access. If something does infect the server, it won’t spread to other parts of your network.
  • Use encryption, multi-level authentication, and session locking to protect your data.
  • Keep your hardware and software patched and updated, including your employees’ remote computers.
  • Manually configure employee computer firewalls and anti-malware/anti-virus software.
  • If possible, physically secure computers with locking cables in any untrustworthy place, such as hotels or conference areas.

The amount of preparation needed to secure your business’s mobility is an important investment. A good managed IT services partner can walk you through the process and make sure your business is safe and productive anywhere. For help setting up a telework network, contact the experts at Anderson Technologies by email at info@andersontech.com or by phone at 314.394.3001.

Malware Solutions for Infected Website

No Bones About It: Infected WordPress Plugins Could Cripple Your Website

Anderson Technologies combines web hosting services with unparalleled customer service to help a local business stay online: “To be with Anderson Tech is really comforting because I know that I’m in good hands. Any communication I have is going to be forthright, honest, and addressed.”

Customer service and availability are what keeps your business thriving, something Greg Thompson of Country Acres Pet Resort and Country Acres Rescue knows all too well. When Country Acres’ websites stopped loading consistently and started bombarding visitors with malware-laced links, Anderson Technologies stepped in to find a solution to keep Thompson and his team doing what they do best—providing a home away from home for pets and connecting rescue animals to their forever families.

Hosting Provider Frustrations Are More Than Pet Peeves

In summer 2017, Country Acres’ websites started slowing down and crashing, so Thompson contacted his web hosting provider. “Each time they would say, ‘We’re so sorry, we’ll get right on it!’ and either the situation would continue to be unresolved, or we’d see an improvement and then shortly thereafter [the problem] would start occurring again.”

After working his way through the chain of command, Thompson finally got the web hosting provider to admit that their servers had been breached, leaving Country Acres’ two websites vulnerable to malicious malware injection. “The other company had not been honest or forthright at all about the true problem,” Thompson explains. “I got frustrated enough that I started looking at a way out.”

This problem isn’t uncommon. Over 30 million websites were hacked in 2017 alone, equating to about 80,000 websites infiltrated daily. Malware hacks can cause sites to slow down dramatically, or worse, inject code into site data to trick visitors into clicking popups containing malware or viruses.  When a company’s website is its primary method of connecting with new and returning customers, being unavailable for even one day can make a significant impact on business.

Thankfully, Thompson brought his malware problem to Mark Anderson, principal of Anderson Technologies. Once Anderson explained that Country Acres’ websites could be easily migrated to a more secure hosting provider, Thompson was ready to join forces and invest in his business’ success.

Cloud-Hosted Servers Prove to Be the Cat’s Meow

As soon as Thompson described the exasperating situation to Farica Chang, director at Anderson Technologies, the team jumped into action. “Web traffic is an important part of Country Acres’ visitor interaction,” says Chang. “It was imperative to get them up and running on our secure hosting solution as soon as possible.”

First, the Anderson team migrated both websites to their own cloud servers before cleaning up the code. This way, the sites lived in a safe environment and weren’t in danger of being reinfected with the same malware. Once isolated, the team performed a full investigatory scan and isolated the 642 files injected with malicious code.

After removing the suspicious code, the Anderson Technologies team tested every page of both Country Acres websites to ensure that the malware had been completely eradicated. An infected WordPress plugin had to be repurchased because the original license expired under the old hosting provider, and the new plugin was patched to prevent similar malware infiltration.

The results were almost immediate. “I saw an instant increase in our business, actually,” describes Thompson, “because when people go to your website and it doesn’t work or doesn’t load, a lot of times they just look elsewhere. It was a really important fix and looking back on it now, I wish I had done it sooner.”

Cyber Security Is Man’s (and Machine’s) Best Friend

Though Anderson Technologies was able to get Country Acres’ websites back in business in a matter of days, some fixes aren’t as straightforward. “Everyone with a website should be concerned about its security,” says Chang. “Automated code allows hackers to cast a wide net and look for vulnerabilities on many sites simultaneously. Every day our security monitoring tools send us alerts regarding malicious web bots trying to gain access to client web servers.”

Caution and prevention are enormously important when it comes to cyber security, but a partnership with a dedicated IT team is invaluable in times of unexpected crisis. Thanks to quick action and professional communication, Country Acres continues to provide malware-free services to all its two- and four-legged customers.

“Basic, traditional customer service,” is what Thompson says ultimately makes Anderson Technologies stand out from his previous web hosting provider. “It was refreshing to actually call up and have somebody answer the phone and return emails. You take those things for granted when you’re with a company that’s doing what they’re supposed to do, but after what I’ve been through it was pretty refreshing.”

Whether you need a new hosting provider or your website just isn’t performing optimally, contact Anderson Technologies today for a free consultation.


Snapshots of Furry Friends from the Anderson Technologies Family

Image at Top of Page (clockwise): Nicki, Howl, Oren, Mochi, Daisy

Image Below (clockwise): Emmett, Spoons & Sonny Boy Williamson, Sophie, Luna

Snapshots of furry friends from the Anderson Technologies family (clockwise): Emmett, Spoons & Sonny Boy Williamson, Sophie, Luna

Cyber vulnerabilities Meltdown and Spectre

Don’t Have a Meltdown: Shedding Light on the Spectre/Meltdown Vulnerabilities

Researchers are beginning 2018 with a bombshell as they publicize information about Meltdown and Spectre, two hardware vulnerabilities that affect millions of machines around the world.

This tech news story is breaking, but until it evolves and more comprehensive solutions become available, we’ll give you the information you need to understand how you could be affected by these vulnerabilities.

What Are Meltdown and Spectre?

An exhaustive explanation of the vulnerabilities and how they work can be found here, but both threats work similarly by abusing an exposure in CPU cache timing. Meltdown allows an unauthorized application to access information from other programs via side channels in the operating system. Spectre fools more secure programs into giving up information from their own caches and overriding authorization to the caches of other programs.

Meltdown is the lesser of two evils; this hardware vulnerability only affects certain Intel processors, and Windows, Linux, and macOS have already released initial patches that prevent the unauthorized access of your sensitive information. Spectre, however, is proving to be a much trickier adversary. It removes the barriers between concurrently running applications, allowing information like passwords, messages, and other sensitive data to be accessed by a third party without permission.

Who Is Affected by These Vulnerabilities?

These particular vulnerabilities leave no trace in a system’s code, which makes the exposures easier to exploit for cyber crime. Meltdown has only been verified on Intel processors (all models produced since 1995, excluding Itanium and Atom), while Spectre affects almost every modern processor. Research has confirmed the vulnerability on Intel, AMD, and ARM processors, but devices like your smartphone could also be at risk.

Cloud servers are especially vulnerable because of the amount of data living on a single server.

Amazon and Google reported that their respective cloud services are no longer vulnerable against Meltdown, as both companies patched their server infrastructures  against this vulnerability.

US-CERT has not found any active exploitations of these vulnerabilities, even though researchers have been able to successfully replicate these bugs in lab settings. However, with the public release of this data, expect hackers to begin taking advantage of this hardware weakness. It is important to take the necessary steps to protect your devices and your data.

What Can I Do to Protect Myself?

Unlike most technical vulnerabilities, Meltdown and Spectre can’t be fully resolved with a simple software or firmware patch. These threats are caused by a fault in the physical hardware of most modern processors, making replacing your hardware the only 100% fix. Meltdown patches are available for affected machines, but the catch is they may do more harm than good for some users. Older processors (or ones that run more complex CPU processes) are reportedly experiencing performance issues, anti-virus flaws, and stop errors. Consult your managed IT services provider to determine whether the most current security patch will help or hinder your particular machine.

Mozilla recently issued a browser security patch and a Safari patch was just released today, but if you’re a Chrome user, Google recommends utilizing site isolation to stay safe for the time being until the release of Chrome 64 due on January 23, 2018. It’s best practice to update your devices and programs as soon as they become available. Keep an eye out for new updates in the coming weeks and stay in contact with your cyber security expert.

While Meltdown and Spectre seem alarming—and their potential for harm is quite vast—these vulnerabilities existed undetected for years. Google reported their discovery of the threats to Intel and AMD months ago, and since then the companies have been collaborating to develop and test fixes. New hardware should no longer contain these vulnerabilities.

The cyber security experts at Anderson Technologies do everything possible to keep you apprised of the latest digital threats. (Read our articles on the Equifax hack and the Wi-Fi vulnerability KRACK.)

We’ll let you know more about Meltdown and Spectre and how they could affect you as information becomes available. In the meantime, to learn more about our managed IT services action plan and how to mitigate against vulnerabilities like this in the future, contact us at 314.394.3001 or info@andersontech.com.

Cyber Security Employee Training

Cyber Security Training for Employees: What Does Common Sense Mean?

The new year is here, and a useful resolution for every small business is training employees on how to stay safe online. Many small businesses rely on their employees’ common sense when it comes to password creation, email threats, and avoiding unsavory websites, but what exactly is common sense in cyber security terms? Someone untrained in cyber security techniques won’t have the same kind of common sense as someone steeped in the latest security threats and updates. That’s why formal cyber security training for employees should be an important part of every business.

Your small business can benefit from more in-depth cyber security training for your employees, and the best course of action would be to enlist the help of a local IT consulting company or your managed IT service provider. They are the experts and know what common mistakes can lead to trouble for your business and your bottom line. Regardless of who provides the training, there are a few key topics any instruction on common sense habits should include.

Secure Passwords

Passwords remain the most wide-spread form of identity verification on the internet, so how a user creates a secure password is important. For years, websites and apps demanded passwords of at least eight characters, capital and lowercase letters, at least one number, and a special character. Most people think they have a strong grasp of what makes a secure password. Unfortunately they’d be wrong, thanks to new cyber security guidelines.

Last year the National Institute of Standards and Technology (NIST) released the Digital Identity Guidelines. This report states that the current method of password creation is making passwords more predictable because people “have only a limited ability to memorize complex, arbitrary secrets, so they often choose passwords that can be easily guessed.” When a site enforces the letter, number, symbol requirements, people tend to make predictable alterations to that easily-guessed password, or they end up writing down the password in order to remember it. Neither option makes the password very secure.

The new guidelines suggest that users be allowed to make longer, more memorable pass phrases that are not easily guessed. Memorability is more important than complexity. Randomized passwords are still the strongest option, but may lack memorability. A password manager such as LastPass or Dashlane could be the best solution, allowing the user complex, randomly-generated passwords without the need for memorization.

Email

Emails are key to most phishing and spear phishing campaigns, so training your employees on this cyber security threat is crucial. Criminals hope to trick an unsuspecting user into clicking on a link or attachment that leads to or contains malicious content. Thankfully, common sense generally tells people not to click on a random link pasted into the body of an otherwise empty email, even if it comes from someone on their contact list. But, as with passwords, our understanding of common sense needs to be updated.

Spear phishing campaigns have become dangerously sophisticated, and knowing how to stay safe online means being skeptical of anything that feels a little off. Emails from companies about services you didn’t buy, unexpected closure of accounts, or missing information are all ways criminals lure you into clicking on a link in an email.

Teach your common sense to look beyond the layout and familiar logos. Spear phishing can often be identified by misspelled email addresses or country codes that don’t belong to the company. A user must be vigilant, as these changes are subtle and sometimes hidden by a name in place of an email address. Hover over the links or name to reveal the full address without clicking on it. Make sure to double check anything that doesn’t make sense.

Another way to ensure you’re not caught by a spear phishing attempt is to always go to a company’s website manually rather than from a link provided. Some criminals use links that send you to a fake mirror website to trick you into logging into your account. The criminal records your login information and then has access to the real account with you none the wiser. By choosing to go to your account from another tab or window without clicking the link, you can verify if something is actually wrong with the account without the risk of giving up your information.

Surfing the Web

Common sense for how to stay safe online starts with the business owner. Installing an enterprise-level firewall is the first and best defense against a cyber attack. These can often be configured to your business’s needs and block content you don’t want employees viewing on a company computer. Sites with disreputable content are prime targets for cyber criminals. Ensuring your employees never access unsafe sites will protect your company.

It’s also important to activate any “safe search” functions within your browser and on your anti-virus and anti-malware programs. This runs any site you search for through a list of sites known to be compromised. These sites can come up in any search without you realizing it. Criminals create websites meant to trick you into thinking it is a legitimate business and even hack into real sites. Safe search is another layer of common-sense IT protection.

These are just a few of the common sense procedures your employees should follow. For cyber security training and in-depth answers to common sense mistakes, turn to Anderson Technologies, a St. Louis IT consulting company that offers on-site training seminars for small businesses. Let our expert consultants teach you what to avoid to keep your business safe. Contact Anderson Technologies at info@andersontech.com or call us at 314.394.3001.