Cyber Security

Destination Unknown – Cybersecurity without a defined objective is a path to disaster

TechMgmt.jpg

Destination Unknown – Cybersecurity without a defined objective is a path to disaster

Vacation time!

Let’s start this cybersecurity discussion by taking a little vacation – or at least pretend to take a vacation. Before going on vacation, people usually plan for the trip ahead of time.

Scenario 1: Planning for a vacation.

When planning a vacation, most people take the following steps:

  1. Determine the budget.

  2. Choose the destination.

  3. Decide when to go on vacation (busy season, hot, cold, vacation days available at work, etc.).

  4. Decide where to stay (choose hotel, condo, Airbnb, etc.).

  5. Choose mode of transportation (plane, car, boat, etc.).

  6. Book flights, rent car, plan your driving route, etc. 

  7. Book babysitter, dog sitter, house sitter, etc.

  8. Plan activities while on vacation.

  9. Begin the journey to the destination.

  10. Arrive at the destination.

  11. Have fun!

All the above has a cost element to be considered, which can cause the vacation plans to change.  Ideally, a budget would be created at the beginning of the process to help with planning the vacation and determining what is and is not doable. Although, a budget should be the first step in the planning process, people oftentimes choose a desired destination, and then adjust the budget accordingly.

Another important step when planning a vacation, is to do enough research to make informed decisions and properly budget for each part of the plan, especially if traveling to a new destination. People will often turn to friends and/or family for suggestions and input when planning a vacation, but friends and family may not be able to give the best advice. For example, how could they recommend a hotel if they’ve never been to the destination? 

Therefore, it’s also important to utilize outside resources for information and contact experts who are able provide information on destinations, price, pros and cons, hotels, activities, etc. The hard part is knowing who to trust. Some “experts” are more concerned with selling certain products or services even if they may not be the best option. So, it’s usually a good idea to gather information from various people and resources before making informed decisions.

Cybersecurity Time!

If the same logic is applied to businesses when choosing cybersecurity solutions, it reveals a dangerous tendency. 

Scenario 2: Choosing and implementing the best solution and level of cybersecurity

When planning for cybersecurity implementation, business leaders should take several steps:

  1. Determine the budget.

  2. Choose the level of security needed for the business.

  3. Analyze each security element to understand what it does and doesn’t do.

  4. Based on the analysis, determine the priority and order for implementing each element.

  5. Determine who will be responsible for assessing the solution options.

  6. Decide when to begin implementing the security solutions.

  7. Decide who will be involved in the implementation process.

  8. Plan the implementation process and any impact to the business (downtime, users, etc.).

  9. Ensure all relevant parties have been informed, then begin implementation.

  10. Implement the solution and test (sometime in phases or using pilot groups).

  11. Complete implementation and make the necessary adjustments.

  12. Conduct a post-review of the project to determine areas for future improvement.

Planning a Vacation vs. Planning Cybersecurity Implementation

While planning a vacation can be challenging, it is exponentially more difficult to plan and implement cybersecurity. 

When planning a trip, people usually have some sense of what the budget should be or at least know what they can and cannot spend.  Most businesses don’t even have a budget for cybersecurity, so there’s no starting point.  In fact, most companies don’t even have an IT budget, so they certainly don’t have a security budget.

While understanding the purpose for each part of a trip, the reason for it, and pros and cons is relatively easy, understanding the different levels of cybersecurity is not easy at all. Due to the technical nature and the complexity of cybersecurity, it’s difficult to educate CEO’s (buyers) on the different levels of cybersecurity. Translating technology and then articulating the risk/value can be extremely challenging.

Also, like the “experts” people may consult when planning a vacation, many “cybersecurity experts” try to sell solutions to businesses that may not be the appropriate solutions and/or security level. In addition, many IT professionals don’t know how to implement or even determine the best security solutions.

Start with Communication

CEO’s and C-level executives:

  • Cybersecurity is extremely complex, so it’s always wise to consult with multiple experts during the planning and implementation process.

  • When in doubt, ask: If you need more clarification, ask questions until you understand. Ask your IT resources to use analogies or imagery to help you understand.

  • Stay as involved as you possibly can before, during and after the implementation process.  

If you are an IT professional:

  • Before drowning the CEO with cybersecurity jargon, find a way to communicate and educate in terms that the management team can understand: Like the “vacation scenario”, try using analogies, imagery, etc. to explain technology.

  • Don’t be afraid to seek advice from external resources and/or other IT professionals. Technology is complex, and constantly evolving. So, it’s impossible to have all the answers.

Effective and consistent communication is imperative for businesses to appropriately address technology and cybersecurity risks. 

The following provides ways to help overcome this challenge in order to effectively plan and implement cybersecurity:

Define, Determine and Decide

As the diagram below illustrates, there are various levels of cybersecurity.

Step 1. Define and understand each level.

  • Because it includes technical jargon, this diagram may need to be explained in a way that business management and users can understand.

Step 2. Determine what level of security the company currently has.

  • None, Basic, Advance or Comprehensive

Step 3. Decide on which security level to target during implementation.

  • Keep in mind that it takes time and money for a company to start from “None” and move directly to “Advanced”.  So, when trying to decide on a level, remember 80% of all security incidents are due to employees. When in doubt, start with solutions that will address employee driven risks for prevention – AV, training, email ATP. 

SecurityLevels.png

Step 4. Implement, monitor and communicate

·         Once the desired level is agreed upon, begin implementation and continue to monitor and communicate the current state of risk as the company progresses towards the desired cybersecurity level.

·         Using a simple diagram, like the one below, is a helpful tool to use when explaining the progress of implementation to management. 

This diagram illustrates an example of an organization that has a “Yellow risk level” while also showing what has been completed and what has not.

SecurityStatus.png

Step 5. Update management on an ongoing basis

  • Once a communication method is in place, it’s important to update management on the cybersecurity status on an ongoing basis. 

The diagram below is another example of a helpful communication tool to use when explaining the cybersecurity status to management.

SecurityCommunication.png

Embrace the journey!

Effective cybersecurity management never ends. Therefore, if security solutions and levels are not proactively monitored, the risk level can move from Yellow to Green and then back down to Red.  Firewall failure, equipment beyond end-of-life, anti-virus expiration, etc. can cause immediate changes in risk levels.

Cybersecurity is about continuously mitigating risk and keeping businesses from going out of business.  But, in order to successfully mitigate risk, a disconnect between management and IT cannot exist. The IT industry continues to struggle with effective communication – especially when it comes to cybersecurity. Because of this, over 58% of all cyberattacks target small to mid-sized businesses and over 60% of businesses that are hit with a cyberattack go out of business.

Albert Einstein defined insanity as doing the same thing over and over again and expecting different results. It’s time for the technology industry to stop the insanity of ineffective and/or complete lack of communication with business owners and executives about cybersecurity. 

It’s important to take a step back to understand the ‘why’ then work on the ‘what’.  Create a communication method that works for the business, then begin focus on the ‘how’ and ‘when’ to take the appropriate action.

 

Is your business as safe as you think it is? What you need to know to keep your company secure.

With the increase in cyber threats, coupled with the confusion and lack of knowledge about cybersecurity, how do you know if your company is secure?  How do you know if you’re doing the right things at the right time?  The whole topic of cybersecurity is overwhelming and there’s not anything “fun” about it. So, it’s easy to avoid, but at what real risk to the company?

Monsters!

CyberMonsterDespite all the statistics that point to the fact that businesses, without the proper security measures, will likely suffer from a cyberattack, cyber threats are still being viewed as scary, but unlikely to occur. Most businesses still see a cyberattack as the monster under the bed, and cybersecurity as protection against the highly unrealistic possibility that there will ever actually be a monster under the bed. But unfortunately, these “monsters” are very real, and the number of attacks continues to escalate. It’s critical for businesses to have the correct security measures in place to keep the “monsters” from being able to even enter the front door.

One security solution does NOT fit all

Be cautious of cybersecurity providers who offer the same solution to every client. Every company is different, so expectations should be set based on many factors: size of the business, type of business, industry, etc. Also, no two businesses require the same IT solutions, support, software, or hardware. So, having tailored and specific IT security is crucial.

Is your business insecure?

If you’re reading this blog, then you’ve been warned! Now, what are you going to do about it? If you want to keep your business safe from cyber threats, knowing your risk level is a good first step to take before addressing each risk.

The following questionnaire addresses this by asking some basic questions that any business owner or management team should be able to answer.  While some of the topics are technical in nature, the questions are driven from a focus on the business itself.Questionnaire

Cybersecurity Preparedness Questionnaire

Answer each question below and tally your score. After completing the questionnaire, total your score to determine the level of risk for your company.

Yes: 0 points  No: 5 points  Unsure: 5 points

  1. Do you have a cybersecurity budget review annually?
  2. Do you have a written information security policy signed by every employee?
  3. Has your company reviewed its cybersecurity policies and procedures within the last year?
  4. Do you have a person designated as your security officer?
  5. Do you have a written incident response plan that is reviewed annually?
  6. Have you tested your incident response plan within the last 12 months?
  7. Do you know if you have any compliance or regulatory requirements?
  8. Have you defined the level of cybersecurity needs based on your business and compliance requirements?
  9. Have you provided security training to your employees in the past 12 months?
  10. Do you provide security training to employees on an annual basis?
  11. Can you employees identify sensitive information that could compromise the company if stolen?
  12. Do you know where your sensitive data is stored?
  13. Do you have cyber insurance that is reviewed annually?
  14. Are employees prevented from administrative privileges on your network or computers?
  15. Does your company have an acceptable use policy?
  16. Does your company consistently enforce policies around the acceptable use of computers, email, internet?
  17. Do employees regularly update passwords on company-issued computers/devices?
  18. Do your employees lock their computers when away from their desk, even for a few minutes?
  19. Do all your computers have anti-virus software that is regularly updated?
  20. Does your company have data backups onsite and offsite verified at least once a year?

Low Risk: 0-10 Moderate Risk: 15-25 High Risk: 30-50 Escalated Risk: 55-100

What now?

Once you’ve identified your risk level, what now?  If you answered “unsure” to any of the questions, do the necessary research to confirm the answer.  Once you have a “Yes” or “No” answer for every question, you will have a better idea of your true exposure and can begin prioritizing which areas to address first to mitigate the risk.

Don’t put your head in the sand!Headinsand

If you didn’t score a 10 or below, then getting to the green, (low risk range), won’t happen overnight. It takes time and, most importantly, full commitment and buy-in from ownership and senior leadership. But, as I mentioned, cyber threats are not imaginary monsters. So, don’t pretend they don’t exist and hope that nothing bad will happen. At Fluid, we understand the process can be overwhelming. Even determining the priority of what to do first can be a challenge. Luckily, we have a team of experts dedicated to cybersecurity. So, please feel free to reach out to us for help. Don’t wait until it’s too late!

Happy #$%@ New Year’s!! My Money is Gone!

HoodedHackerThis scam is downright scary!

Time is of the essence on this blog, so I tried to find a title that will grab your attention. I hope it did. I don’t get overly dramatic in my blogs, but this one is warranted for how bad it is. I also try to use graphics to break things up a bit, but I didn’t want to spend more time trying to make things “artsy”.

If you’re going to read anything, please read this. It might just save you thousands of dollars.

A small business owner and close friend of mine, we’ll refer to as “Joe”, texted me on December 22nd, (yes, right before Christmas), livid he had been conned out of thousands of dollars by a very elaborate and well executed scam. Now Joe is no dummy and pulling one over on him is no small task, but the detail these scammers deployed was no match for even an astute businessman.

So what happened?

The target, Joe, uses Chase Bank for his business and personal finances, which becomes important later.  All the money in both his personal and business accounts was stolen within minutes! How?... Joe gave the hackers the information they needed to steal it.

The chain of events.

Joe received a call from Chase Bank’s “Fraud Department” stating there was suspicious activity on his account, and transactions were made in a foreign country. Joe then explained that had recently been to Mexico on vacation – a common destination when you live in Texas.

Being a diligent and rightfully cautious person, Joe checked the number calling him and it matched the phone number on the back of his Chase credit card. The hook was set!!

The “Chase representative” stated because there were fraudulent attempts on his account, he needed to close both accounts, personal and business, and transfer the money to new, “safe” accounts. Then, the representative said he would text Joe a code for him to read back, which once again came from a legitimate number.  A two-factor authentication, using texted codes, to a mobile number is common practice, and no cause for alarm.  The representative then used this code to access both accounts and change the real password, one the hacker could then use.

In real time, the hacker used the common online payment app, Zelle, to clean out both personal and business accounts. It should also be noted that the scammer on the phone spoke excellent English and sounded legitimate, which is another well thought out tactic and different from the obvious “rich uncle” accents from Eastern Europe or other countries.

Worst nightmare!

Now being suspicious, Joe went into a Chase branch location and they verified that it was, in fact, NOT Chase. The real Chase representative mentioned this was the second time in a few days they have dealt with this same scam.  Panic now set in!

Pain and no gain.

While in the branch location, Joe had to immediately close all his accounts, open new accounts, while simultaneously working with the bank’s fraud department to try and reverse the transfers to get his money back.

When the Chase fraud department did their initial forensics, they discovered the transfer was made using a relative’s name.  This means the hackers gained full access to the account information, including the list of approved people and accounts to transfer money to and from.  Because the hackers chose a relative as the person receiving the funds, Chase would not escalate until Joe could confirm and ‘prove’ funds were not transferred to the family member as a legitimate transfer. The hackers purposely chose a family member knowing it wouldn’t get escalated.

It’s important to note that the phone number showing on Joe's caller ID matched the number on his Chase credit card.  At one point, Joe hit ‘call back’ feature on his phone to automatically dial the Chase number, which was directed back to the fraudsters (a tactic called number spoofing). The Chase fraud department advised Joe to always manually dial the number and not use the automatic call back feature on your mobile phone to ensure that you’re calling the correct number. In addition to closing his accounts and opening new accounts, Joe also has to identify and contact the numerous legitimate personal and business vendors and payers he works with to update their new account information.  More pain.

At the time of this blog, the success of reversing the scam is unknown. The bank stated it would take up to 30 days to determine if Joe would get the money back. To add insult to injury, Joe is also now locked out of online banking for 60 days.

This is one of the most elaborate and well thought out cons I’ve ever seen, requiring multiple people who know exactly how people use banking, and more importantly, people who know exactly how banks and their fraud departments work.  They were always one step ahead of the victim and I’m certain there are more to come!  So be diligent, be doubtful, beware.

Ho, Ho, Ho No! I've been hacked!!

With the holidays upon us, it's not only the kids getting excited.  Hackers also love the holidays and the gift of giving takes on a whole new meaning.  Increasing malicious activity during the holiday spending spree is no coincidence.  Don't be a victim!  Take some tips from this blog by IBM SecurityIntelligence to be more diligent.  Hacky Holidays?

Cybersecurity - "You can't handle the truth!"

I’m a guy who likes sports and movies, and my wife tells me that I’m constantly quoting sports analogies and movie tag lines. Guilty as charged.  So, why do I do that???  Because I can quickly state a movie quote or sports reference to explain a situation to someone, without having to spend an hour doing so. If I tell someone “you just fumbled”, knowing this person likes or understands American football, he or she will immediately know they made a mistake.  Notice how I stated ‘American football’ lest I confuse it with the round ball version and defeat the very purpose of my analogy.

ManYelling

The problem is, if I use my linguistic mojo on people who don’t follow sports or movies (yes, those people do exist), I not only don’t get my point across, I confuse them.  Many times, I get that tilt-of-the-head puppy look and then a nod, never asking me to clarify what I meant.  It’s surprising how many people never ask the question – I don’t understand, what do you mean?

This can be very frustrating and even a cause for escalating arguments and disagreement later.

To clarify, here’s an example of a recent conversation when discussing a company project…

Me: “We’re at the one-yard line!  It’s time to punch it across the goal line!” Colleague: “Got it!  You can count on me!”

A week later…

Me: “So that project was completed, right?” Colleague: “No, I’m still working on it.  I need to add some more detail." Me: “What!  I thought I told you and we agreed this needed to be done asap!? Like yesterday.” Colleague: “Oh, I’m sorry.  You didn’t tell me it was urgent.” Me: “I did tell you it was urgent.  Remember ‘the one-yard line’, ‘the goal line’?” Colleague: “Yeah I kind of recall something like that.” Me: “Then why didn’t you get it done??” Colleague: “Why are you yelling at me?  I have no idea what you meant.” Me: “Why didn’t you ask?

And the downward spiral continues.  The frustration level for everyone is extreme.  Worse yet, the project was not completed, and the company suffers.

I see this same scenario over and over again as it relates to technology and business – especially with cybersecurity.

Get serious about cybersecurity SecurityGuard

Articles are published every day stating how businesses aren’t taking cybersecurity seriously enough only to be completely ignored.

I constantly come across articles that give real statistics showing how businesses think they are secure, yet they have recently been breached or compromised!  How is that possible?  Why do businesses, led by extremely smart people, continue to ignore the very real threat that cybersecurity breaches and hackers can easily compromise their business’ livelihood?  Why do they continue to have incidents, and not learn from them?

Some studies show, many business owners rely on their insurance policy to save them instead of protecting their assets proactively.  I believe some of that is true, but I believe the real issue is a complete disconnect in communication.

The danger of miscommunication

MiscommunicationThere is a very real and dangerous disconnect in communication between business and IT!

I read an article recently that was trying to get businesses to understand the importance of cybersecurity and the importance of communication between IT and business.  Here is how the article begins…

 

ArguingDigital transformation is happening rapidly in every industry. As companies move toward software-defined infrastructures (SDI) connected to powerful cloud ecosystems, they can tap into the near-real-time intelligence from the data gathered from every edge of their business, helping to drive faster business decisions and changing the way they serve their customers.

Rapid transformation, however, without a solid plan, can produce cybersecurity vulnerabilities. As infrastructures go virtual, security models need to shift. To avoid serious risks and security management issues, companies need to identify challenges, strategize, collaborate, pilot, test, and evangelize. *

 

Did you have to read it twice?  Did you understand even part of it?  What exactly is ‘every edge of their business’?

“Trust me, Greg, when you start having little Fockers running around, you'll feel the need for this type of security.” Meet the Parents, 2000

Yes, I did it, I used a movie line from the great film “Meet the Parents” to make my point.  If you haven’t seen the movie, you have no clue what I’m talking about.  Business leaders have not seen the cybersecurity movie!!  They don’t understand a word coming out of your mouth (another movie reference).

Don’t allow technology to get lost in translation

LostTranslation

In all seriousness, business leaders have not taken the time and do not have the time to learn all the parlance of cybersecurity.  Yet, we keep pummeling them to death with cyber techno-speak.

The reality is, both business and technology leaders have a responsibility to their companies, their employees, and themselves to learn enough about each other to make the conversation relevant.  I can keep showing business owners all statistics. But, most of them still don’t properly plan for or budget for cybersecurity, and most will only do so after they’re hit with ransomware or have a breach.  But what is ransomware?  What is a breach?  What do they look like? What is the actual cost to the business now and in the future?

This is not a one-sided issue. IT professionals also need to learn how to translate technology jargon into terms that business owners can understand.

The same case can be made for IT experts making an effort to understand the language of business and understand the impact they are having.  When business owners and leadership speak in terms of EBITDA, CAPEX, OPEX, Life Time Value, Gross Margins, Net Margins, Cash Management, etc., they are speaking a language immediately understood within the group, but many times foreign to the IT group.

At some point, business owners, leadership, and even board members must work with IT experts to start taking cybersecurity more seriously.  Both parties must be willing to have an open dialog where each is not afraid to ask questions, educate and translate into terms each party can understand, to make better business decisions.

If you want to have a discussion regarding your business and how the cybersecurity landscape impacts your company now and in the future in a language you can understand, contact us! We will be happy to advise and educate you in this increasingly complex space.

May the force be with you!

 

* AT&T Cybersecurity Insights Vol 7

What you don't know CAN hurt you!

BlindMan Cybersecurity continues to be a real problem for small to mid-sized (SMB) companies because they honestly believe it will not happen to them.  To make matters worse, in a recent article by Dark Reading, 51% of SMB leaders are convinced their companies are not a target for cybercrime.  You can read the article here.  With the large number of security incidents we respond to within the SMB community, it is very surprising and discouraging businesses continue to ignore cyber threats.

Small to Mid-Sized Companies Do Not Act Until AFTER They Have Incurred Multiple Cyber Incidents

Unfortunately, what we find is that companies take preventative action only after they have been hit multiple times.  You read that last line correctly.  We see companies have an incident, incur very large unplanned expenses to deal with it, and continue to 'do nothing' until they are hit again and again.  I have to believe this is primarily due to the lack of understanding of the real risk of cyber threats at a business level, coupled with it being a blind spot in business management - I don't know what I don't know.

The Security Industry is Partly to Blame

The cybersecurity industry is partly to blame for the lack of understanding and visibility in the business community because, as an industry, cybersecurity continues to communicate in very technical jargon and terms business owners and management simply cannot understand and do not have time to try and figure out.  This creates a disconnect between the business and the very solutions available to proactively address mitigating the risk related to cyber attacks.

If business owners were armed with information showing what is actually occurring within their business on a regular basis, communicated in terms they can understand, not only would they enable the experts to help remediate issues proactively, they would have detailed information on employee behavior and actual traffic moving in and out of the business.  Security reports provide extremely valuable and powerful information which can be used not only to thwart cyber threats, but also create and enforce general company policies on how business assets are being used.

You can see sample report showing one month of actual data obtained from proactively deploying and monitoring security here Security Report

I believe if business owners could SEE what is actually happening, they would be much more likely to address the very real cyber threat risk.  At a minimum, they would have to decide to do nothing knowing bad things really are happening.

 

Your Cyber Security is Failing!

managed-security-services  

When you take a course in school or work and you get 100% on the test, it’s a great feeling.  Perfection!  How smart are you!  When you get 100% on every test, every time, you have truly mastered the subject and are clearly an expert.  It’s something you might even want to boast about to your friends; what an accomplishment!

But what if the scenario was turned 180 degrees and you received a 0% on every test.  Your feelings are completely opposite.  You are discouraged, frustrated, even embarrassed.  Your confidence is shot and you certainly don’t want to be bragging about it to your friends.

This is the scenario we see in cyber security.  When we deploy our cyber security solution for a new client, we have a very methodical process for the implementation and configuration of the solution based on the clients’ needs.  Part of the process includes continually capturing real-time data and then reporting those findings on a monthly basis.  We review these security reports with our clients so they can see and understand what is actually happening in their company.

Every company fails security 100% of the time!

What we have found interesting is that we find an issue or issues that need immediate remediation 100% of the time.  Think about that for a minute.  Every single time for every single client they fail.  This is not something the company wants to deal with, it is very frightening to them, and they certainly do not want to boast about it to others.

Often times we have already remediated issues in real-time as we are monitoring their security, but many times it takes working with the company management to determine what they want to do.  As an example, if we find a company computer suddenly is trying to broadcast malicious content out through the company’s internet connection, we will be immediately notified, shut-down and ‘clean’ the identified computer.  We certainly do not want to wait until the end of the month to address the issue.

Other issues are more dependent on what the company management team wants to do.  During our initial monthly review of the report, there are often issues related to how employees are using company systems.  For example, employees are accessing inappropriate websites, usage of social media sites such as YouTube, Facebook and Pandora are excessive and saturating internet bandwidth.  We also see attempts to access the company network from other countries, such as China, Romania, North Korea, etc.  In these cases, the company management almost always is shocked and says “We don’t do business with those countries!  Why are they trying to access our information!?”.

This is an example where we need to have a discussion with management to confirm what is legitimate and what is not.  Using our service, we can block websites and countries permanently and selectively, or the company may want to write and issue an Information Security Policy that states what the company policies are for appropriate use.  In the latter case, the issue is handled through policy and not technology.

You can’t address what you can’t see

In all these cases, the primary issue is that companies without proper security in place are in a state of being blissfully ignorant.  They do not see anything going on so they assume everything is good.  Once we shine a light on security, their eyes are wide open because they can now see what is actually happening.  Having the information allows us, working with the company, to address and remediate issues.

The larger implication is companies without proper security are playing with fire.  While some issues are not extremely damaging, it is only a matter of time when a malicious event becomes a major security incident the company must respond to.  Imagine you are a health provider, law firm or any company (since every company has sensitive and private information) and find you have a breach and private information has been leaking out of the company.  The status just went from green to red, requiring significant and immediate effort from many different people – the incident response plan.

The point is, in today’s world, it is better to know and have a planned response than to continue to be in the dark.  We know 100% of companies we work with will have issues to address, we also know most companies continue to operate in the dark believing it won’t happen to them.  As scary and uncomfortable as it may be, I would certainly rather operate from a position of knowing rather than taking the chance and hoping nothing will happen.  After all, we know from actual data, ‘nothing will happen’ actually never happens.

Security Delivered in a Box

With news of breaches occurring daily, cyber security has been forced to the forefront of every business.  The challenge is cyber security is a very complex subject to address with many layers using names confusing even to technical people.  Trying to decipher and understand all the layers and what is appropriate for your business is nearly impossible without a team of experts to guide you along the way.  Often the result is having multiple vendors provide different layers of security that do not work well together, are difficult to manage, and ultimately more expensive. For this reason, Fluid spent a year researching to find a better way.  What we found was very interesting.  There were many security companies offering specific pieces of an overall solution – one vendor offering a firewall, another offering anti-virus, and another offering cloud based security, and so on.  This was the very overly complex scenario we were trying to avoid.

Using this knowledge, Fluid developed a set of solutions to address each layer of security in a unified way that can be centrally managed, while in turn reducing the number of vendors involved and related cost.  The result is security in a box, a menu of security solutions to address each layer of security with options for increasing security levels to meet the specific needs of a business.

You are covered from the end user to the cloud!

SecurityInABox

The primary aspects in a consolidated solution had to include the following –

  1. Centralized management of all security devices and software
  2. Consistent ongoing management and monitoring of security events for remediation
  3. Proactive notification of threats
  4. Detailed monthly reports showing actual data related to the specific client environment and usage
  5. Inclusion all necessary hardware, software, and support renewals (firewalls, network switches, wireless access points, cloud based firewalls, etc.)

Whether it’s 3 devices or 3,000, Fluid can procure, configure, implement, and manage security using a single standardized process.

The results for our clients have been fantastic!

After implementation of the service, we review the initial monthly security report with our clients and without exception, the report shows activities they had no idea were occurring.  Not only do they have visibility to what is actually happening in their business, they now can do something about it.  Whether it is through creating a company policy or having Fluid systematically block certain traffic, the business is now in control.

In addition, because the service is all-inclusive and standardized, it can very easily scale as the company grows.  We have many clients that open new branch offices around the country and we can very quickly deploy the solution to those locations and add them to the overall solution.  In addition, each location receives its own monthly security report, so analysis and action items can be done at the location level.

The reports are an extremely valuable tool for ongoing cyber security monitoring and remediation.

SecRpt1

Visibility to outside attempts to infiltrate company systems allows specific geographic based controls.

SecRpt2

A primary role of any cyber security is to block malicious attacks and intrusions.  Monthly reports show details on specific attacks.

SecRpt3

If a deeper inspection is needed, we can even go to the user level to analyze what is occurring.  This has been especially helpful for situations where there may be one or two rogue users that need to be addressed.

SecRpt4

Unfortunately, employees are the number one source for security incidents.  Knowing what they are doing is necessary to continue to improve security training and make adjustments to security policies.

SecRpt5

Fluid’s Security-as-a-Service includes everything you need, out of the box, to secure your business!  Contact us now to learn how 214-245-4118 or wade.yeaman@fluiditservices.com.

Wanna Cry?

As you may know, on May 12, hackers launched a global ransomware campaign against tens of thousands of corporate and governmental targets. The ransomware encrypts files on an infected computer and asks the computer's administrator to pay a ransom in order to regain access.  

The ransomware attack is apparently spreading through a Microsoft Windows exploit called “EternalBlue,” for which Microsoft released a patch in March. That month Fortinet released an initial IPS signature to detect vulnerabilities against MS17-10. This signature specifically looks for SMB type vulnerabilities. Earlier this week, Fortinet updated their IPS signature to further enhance detection. It appears this update detects the ransomware. Today, they released an AV signature that detects and stops this attack. (Third-party testing has confirmed that Fortinet Anti-Virus and FortiSandbox are blocking the attacks.)

 

We strongly advise customers to take all of the following steps:

  • Apply the patch published by Microsoft on all nodes of the network.
  • Ensure that the Fortinet AV inspections as well as web filtering engines are turned on to prevent the malware being downloaded and to ensure that our web filtering is blocking communications back to the command and control servers.
  • Disable via GPO the execution of files with extension WNCRY.
  • Isolate communication to ports 137 / 138 UDP and ports 139 / 445 TCP in the networks of the organizations.

 

If you would like more information on how to protect your network, use the link below to register for the Fluid IT Services/Fortinet Security event on June 6, 2017 @12pm:

 

Register Now

 

Please feel free to read the latest posts on this subject, published by the FortiGuard Labs team:

https://blog.fortinet.com/2017/05/12/protecting-your-organization-from-the-wcry-ransomware

http://blog.fortinet.com/2017/05/15/wannacry-ransomware

 

 

Are You Prepared for a Cyberwar?

We make it our business to protect yours. Former white hat hacker Joshua Petty will be presenting the unexpected sources of security threats and how to defend yourself. In light of the recent global ransomware attacks, this information could prove invaluable. We think you should be there.

Fortinet is the largest security appliance vendor, and when partnered with Fluid IT Services you know that your information is protected. The topics over lunch will cover simple ways to harden your infrastructure, how to manage your security with minimal effort, and arming your staff to become more security conscious.

Space is limited, so register today to secure your place at the table. We look forward to your participation.

Tuesday, June 6, 2017 @12pm

Maggiano's Little Italy 6001 West Park Blvd.

What you can expect:
  • Security insights from the experts
  • Fine Italian dining
  • GOPRO giveaway with all the accessories to get you started

Register Now

Security Breaches: The Kiss of Death for Small Business

For romantics, a kiss signifies love, affection, or respect. Unless you receive the kiss of death, which signifies that your days are numbered. For small business, a cyber-security breach is the dreaded kiss of death. security metrics 2.0Here are some stats that’ll start your heart from recent studies from Property Casualty 360 and Small Business Trends:

- 62% of cyber-attacks are focused on small to medium businesses - Only 14% of these businesses rating their ability to mitigate an attack as highly effective - Average cost of a breach for a small business, including damage or theft of assets and disruption of normal operations is slightly over $1.8M - 60% of small companies will go out of business within six months after an attack

While it may be surprising that 60% of SMBs attacked will be out of business, once you understand the typical cost of a successful attack, it’s far less surprising.

So do small business owners just give up in the face of these threats? Nah, that’s not the way entrepreneurs roll. Most small businesses can outsource the mitigation of this risk for less than $1K per month, offloading both the risk and the time that it takes to manage a security solution. For a small business, this can be the difference between life or death, much like an insurance policy.

In the world today, it’s no longer a matter of IF your company will be hit by a cyber-attack, it is a matter of WHEN. The question that you should ask yourself is, “Do I have almost 2 million dollars to handle it retroactively, or does it make more sense to spend $1,000 per month to proactively protect my livelihood and my customers?”

For a frank discussion on cyber-security and ways to mitigate these risk, reach out to Fluid. We can help.

[gravityform id="1" title="true" description="true"]

Don't let bureaucracy slow down your cyber security program

Fluid Security FrameworkBusinesses don’t have the time, budget or skills to adequately cover and mitigate all the very real security risks that could take them out of business at any time.  Nor do companies want to hire full time staff just to manage security. In a new global report from the Center for Strategic and International Studies along with Intel Security, the importance of senior leadership supporting cyber security implementation is made crystal clear. Here's a great summary of the report from Help Net Security: Attackers thrive in a fluid market, while bureaucracy constrains defenders.

Fluid handles this by providing a comprehensive layered approach to security for the entire organization, creating a security fabric to cover it all – Security-as-a-Service.

It’s not a matter of if but when you will have a security incident.  Be prepared.  Be proactive. Be responsive.  Be responsible.  If you would like to learn more about Fluid’s Security-as-a-Service offering, please contact us.