Tag: security bytes

Blog

Protecting Your Business Mac Computer from Cyber Infections: Tips to Know

Tips to Protect Your Mac Computer from Cyber Threats

Mac computers have an excellent reputation when it comes to cybersecurity, but they can still be targeted. Find out about protecting your Mac from threats.

Mac Cyberattacks

Malware, ransomware, phishing—the cyber threats on the internet abound, and these threats are generating an astounding cost to the people who rely on computer systems to do business. To date, the cost of cyber infections has racked up billions of dollars in costs to unwitting business owners, some of which thought they were protected. Even though Macintosh (Mac) computer systems are highly regarded for their security, they are still at risk. Here are a few tips you should know.

1. Keep your Mac properly updated.

Without a doubt, one of the biggest reasons Mac computers fall victim to a cyber-attack is because they are not updated as they are meant to be. The developers of the Mac operating systems, whether it is one of the older Mac OS versions or something more modern like Mojave, send out frequent security patches as new updates. If you have automatic updates turned off or do not take the time to update your computer manually, you could easily miss an important line of defense.

2. Use good security programs on your business Mac.

Just because you have a Mac that has a stellar reputation for protecting itself against cyber threats, it does not mean that you should not go a step further and install a good security program. These software programs are designed to catch all those things that get past the existing Mac firewalls and security defenses.

3. Keep your Mac free of unnecessary programs.

Every user has them—those unnecessary programs that are really not used often enough to be counted as valuable or useful. These unnecessary filler programs take up valuable space on your Mac computer and slow it down. If the system is already slow, it can make it harder to recognize when something is awry and something fishy is going on. Plus, the more unnecessary programs you have that you never use, the easier it is for malicious software to latch onto something and set up shop on your computer because you will never see it.

4. Get educated about the biggest threats to security on your Mac.

Knowledge is a powerful defense tactic no matter what type of computer or OS it is that you rely on as a business professional. You should take the time to familiarize yourself with the biggest MAC cyber threats and the types of cyberattacks most often occurring today. You should familiarize yourself with things like:

  • Phishing and how phishing attacks are carried out as well as how to avoid them
  • Ransomware and how it gets latched onto your Mac system
  • How to avoid things like malware that get attached to legitimate software

Whether you use your Mac for everyday tasks and projects at work or you have a system of Mac computers utilized by multiple employees and users within your organization, it is critical to protect your business Mac computers properly. Work with a managed IT service company to implement the best security measures and negate Mac cyber threats.

Blog

Are SAML-enabled Enterprises Needed?

SAML-enabled Enterprises Increase Network Security with SSO

SAML helps organizations implement single-sign-on. End-users need a single username and password for system access. SAML simplifies management of network security  

One of the first things most of us do when we arrive at work is sign-on to the corporate network. On the rare occasion that we have to sign on to a specific application, we’re irritated. Why is the separate sign-on necessary? The simple answer is SAML.

SAML Enterprises

What is SAML?

SAML stands for Security Assertion Markup Language. It is an open standard for sharing information across an enterprise for authentication and authorization of the end-user. It’s what lets you sign on once to access multiple applications. For SAML to work, all applications must communicate using the SAML specification. If an application cannot support SAML, the end-user will have to sign on separately.

How Does SAML Work?

A single-sign-on (SSO) environment has an identity provider where the user’s identity information is stored. When the end-user wants to use an application in the SSO environment, the application or service provider makes a request to the identity provider. The identity provider authenticates the end user’s identity and responds to the service provider’s request. The end-user is either granted or denied access.

A simplified SAML process for an end-user named Joel might flow like this:

  • Joel tries to sign on to his work computer. His sign on initiates a request to the company’s identity or SSO provider, asking for authentication.
  • The SSO provider authenticates Joel’s identity and grants him access to the network.
  • Joel launches his email program. His request initiates an exchange with the email application referred to as a service provider.
  • The service provider is configured to authenticate using SSO, so the application asks the identity provider for authentication of Joel.
  • The identity provider responds to the service provider with a digitally signed response that identifies Joel.
  • The SAML-formatted response either authenticates and authorizes Joel for the email application or denies access.
  • The service provider validates the identity provider’s response and either grants or denies access to the email application.
  • Joel accesses his email via the service provider’s application, based on the identity provider’s response.

All requests and responses must conform to the SAML protocols for exchanging information.

Why Use SAML?

SAML centralizes the authorization process. It also externalizes authentication to a separate identity provider. The configuration provides several benefits for both the end-user and the organization.

  • SAML provides a standard for deploying internet-based single sign-on.
  • SAML raises security access to the highest level. An identity provider can enforce a high level of authentication, such as Two-Factor Authentication, even if the individual applications do not support a high degree of authentication.
  • SAML simplifies the sign-on process for the end-user, who only has to remember a single user name and password.
  • SAML offers a single point for deactivation by centralizing access rights.
  • SAML enables the identity provider to audit access across SAML-enabled applications.

With a SAML-enabled enterprise, administration and monitoring of user access are reduced. Using an identity provider with a higher level of authentication than other applications within the network increases security. Allowing end-users to sign-on with a single username and password minimizes the number of times individuals require assistance because of forgotten passwords or usernames. The ability to control user access from a single point enables an organization to de-activate end-users quickly.

Blog

Chrome Users Need to Update Now

Why Google Chrome Users Should be Concerned About Security Patches

Does Your Organization Use Google Chrome? Find Out Why Recent Security Flaws Have Created an Urgent Need to Update Your Devices’ Browsers Immediately  

Google Chrome Updates

If users in your organization use Google Chrome, there is a high chance that several of those systems are creating an opportunity for hackers to install malware. Google recently identified a major security flaw with its Chrome browser that impacts Windows, Mac, and Linux-based devices. Although Google has released a security patch to correct the security vulnerabilities, the patch fixes two separate problems.

Security Vulnerabilities

One of the security vulnerabilities Google identified is Chrome’s audio component. The other vulnerability is tied to the browser’s PDF library. Both allow unwanted modifications or corruptions to memory data. This allows hackers to elevate privileges on the device or within applications installed on the device. If someone is able to gain administrative access to a system or software on a system, the individual could make unwanted changes or wreak havoc on the device’s operating system. There is also a high chance that a hacker could install malware or execute malicious code on the device.

Version

The version of the browser that fixes the security issues is 78.03904.87. Although the Chrome browser may be configured to automatically update itself in the background upon launch, it is a good idea to manually check each device. The browser can be manually checked by selecting the Help menu and then “About Google Chrome.” If there is an update available, the browser will automatically search for it and find it. The browser’s version will also be displayed in the “About” section. If the listed version is 78.03904.87 or later, then the device has received the necessary security patch.

If there are problems with the browser updating, it may need to be removed from the system and reinstalled. Some organizations have an automatic process to uninstall and reinstall applications from the server once the devices connect to the organization’s network. Reports can be run to see which systems still have outdated versions and technicians should manually check those systems to diagnose why automatic updates are not going through.

Other Considerations

A system that is not receiving automatic updates from Google Chrome may have other issues. Technicians should check for the following:

  • Is the anti-malware program up to date and running correctly?
  • Is the OS receiving approved updates and are these updates installing?
  • When was the last time the system pinged the network?
  • Has the system been restarted recently?
  • If the system has been disconnected from the organization’s network, how long has it been offline?
  • Has a malware scan recently been run? Were any malicious items identified and removed?
  • Are there are any suspicious executables or unauthorized programs installed?

Sometimes wiping a system and completely reinstalling the OS are the best courses of action. Signs that a device may be too infected, corrupted, or outdated include the presence of unauthorized or suspicious applications, more than 100 pending OS updates or a previous update date that is more than a month old, and an anti-malware program that will not update or run a scan correctly. Before wiping a system and reinstalled the OS, a technician should check for and back up any user data that may be installed on the device’s hard drive. However, the data should be carefully scanned for any malware infections prior to transferring it back onto the system.

Blog

What Are Your Company’s Responsibilities Following a Data Breach?

Learn from Marriott’s Example: Notification Responsibilities After a Data Breach

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. Know the laws in your state.  

Cyberbreach Marriott

To answer this question, let’s start with the example experienced by Marriot International recently when a breach exposed the social security numbers of the hotel chain’s associates. Then, we’ll look at the federal and state requirements for notifying those impacted by a breach that involved their data.

How Did Marriott International Employees Fall Victim to a Data Breach?

Marriott International told some of its employees that their social security numbers (SSNs) had been exposed to an unknown person. The risk came from a vendor that handled documents for the hotel chain.

On September 4, 2019, Marriott found out that someone access information recorded on those documents, which included subpoenas and court documents. The notification, which came two months after the incident, merely stated that someone may have accessed the records, which is all hotel representatives claim to know. The potential breach impacts over 1,500 Marriott employees. On October 30, the hotel started sending notifications via regular mail for anyone it hadn’t been able to find.

Those impacted will receive free credit monitoring as well as identity theft protection for one year at the company’s expense. Notification and credit monitoring services are part of recent data breach laws, but one must wonder what took Marriot so long to notify the victims.

Why Did Marriott Have a Difficult Time Finding Victims?

Marriott received a list of those impacted, but most had no address. This may be the most significant factor in the delay. And, it’s not an unusual one. Company records breached by hackers may be incomplete in the best of circumstances, and this information was sitting in several external systems.

The unnamed firm said all Marriott employee data was deleted from its system. One of the problems in cases like this is storing data in multiple systems, which increases the risk of theft and data breaches. Marriott no longer partners with the vendor.

What Are Your Company’s Responsibilities in Case of a Data Breach?

The FTC recommends following these steps, some of which are legally required.

Secure your Operations

Move quickly to take whatever steps are needed to secure your systems. Otherwise, your data breach can result in a series of breaches. Mobilize or form a breach response team to shore up your network against further loss.

Fix Vulnerabilities

As part of the fix, you need to anticipate questions that clients, associates and the authorities may have. Put together clear questions and answers to post on your website. Direct communication may ease frustration and concerns, especially if it takes some time to identify those impacted, as in the Marriott cases.

Work with forensic experts to track to determine what records were at risk.

Notification

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. You must notify the affected parties when personal information is involved. Check the laws in your state as well as the federal laws and consult with your legal team regarding your responsibilities.

Blog

Stop Hackers Cold: Eliminate These Common Entry Points

Weak Points in Cybersecurity Hackers Love

Do you know where hackers are most likely to gain access to your private data? Discover the favorite entry points and how you can stop them.  

Cybersecurity Threats

It seems like every week that there are reports of another massive data breach hitting the news. The number of users affected is almost unimaginable. Cybercriminals accessed 983 million records at Verifications.Io and 885 million records at First American Financial Corp., alone. Its scary stuff, but what’s even more terrifying is the majority of compromised companies never show up in the papers.

During the first half of 2019, there an average of 30 data breaches per day. So, how are hackers stealing so many records so quickly? They have their ways.

Four Places Cybercriminals Love to Steal Your Data From

1. Old Websites. The internet is a graveyard of abandoned and unprotected half-built sites which are the favorite hunting grounds for hackers who are on the lookout for easy and virtually risk-free hacking opportunities. Although it is true that most of these sites contain nothing more than a few email addresses and dummy accounts, every so often, a cybercriminal can strike goldmine. On occasion, legacy and demo sites for large businesses are still connected to the company’s servers and provide a nice backdoor to confidential data.

You can protect your business by completely removing old sites from online and limiting which sites have access to your servers.

2. Free Code. Many sites offer free code snippets that you can use for free on your website. All you have to do is download it and you can save hours of time and thousands of dollars. Good deal, right? Well, have you ever heard the Japanese saying, “There is nothing more expensive than something free?” When it comes to the code for your website, it is a motto you should take to heart. Using someone else’s free code for your company’s website could be the most expensive mistake you ever made. While clean, secure codes for free does exist online, the majority of what you will find is usually poorly written, and as solid as a sieve.

Stop hackers from using embedded backdoors in public code by not using it for mission-critical websites.

3. Unsecured Cloud Storage. Everyone is talking about the benefits of cloud computing and cloud storage, and it seems like businesses can’t wait to make the jump to working on the cloud. But before trusting your company’s confidential data to any third-party cloud storage solution, you better make sure the vendor has tight security. Many big-name companies like Facebook and Microsoft forgot to ensure their third-party vendors had the proper security, and the results were embarrassing and costly data breaches.

Carefully choose who you use for outsourcing and take an active role in protecting your data, even if it is hosted on a third-party’s server.

4. Unprotected APIs. Does your business use custom apps that utilize APIs? If the answer is yes, you may be exposing your confidential data to hackers without knowing it. While in-house app developers spend a great amount of time safeguarding your app itself, from exploits, the APIs you are using from an outside developer to power your app may be a gaping hole in your defense.

Review the end-user agreements for the APIs you use and conduct penetration tests to check for vulnerabilities.

In the end, protecting your data and the confidential information of your customers falls on your shoulders. No one can be perfect when it comes to online security, but every single business can do better.