Prevalence of hacking requires law firms to have strong cybersecurity plans in place that comply with state, ABA, and local bar association regulations.
What Are The Top 5 Cybersecurity Challenges on the Minds Of Legal Professionals Across The US Going Into 2019?
Almost every day, there are new reports of cyber attacks on large corporations or small businesses. All are vulnerable. It does not matter if it is a retail giant like Target or a solo practice law firm.
Marriott Hotels is the most recent company to report a significant attack. Personal information of 500 million guests was compromised. The attack lasted over four years before it was discovered. During that time, the personal information, including names, addresses, credit card information, and possible passport numbers of those who stayed at or made reservations at a Marriott, were all discoverable by the attackers who breached the system.
Currently, 15 Chicago law firms are defendants in a class action lawsuit where plaintiffs allege the firms had inadequate cybersecurity which subjected their confidential information to discover. No actual breaches of the systems occurred and no known compromise of data has been detected. The firms were sued based merely on the possibility that there could be a compromise of confidential information due to the inadequate data protection systems utilized by the law firms.
Owners and managers of small law firms may think this only happens to large companies or large law firms. Unfortunately, that is not true. Smaller firms are also depositories of sensitive material. They may have information hackers would like concerning intellectual property, wills, trusts, and other confidential legal information.
In December 2017, the American Bar Association (ABA) published the results of a survey it conducted in which there were more than 4,000 respondents. An alarming 25 percent reported they had no cybersecurity policy in place and 7 percent said they did not know whether or not their firm had a such a policy.
The National Law Review reports that hackers find lawyers not particularly tech-savvy, so are easy targets for cybersecurity breaches. The consequences for a breach can be severe: loss of files, loss of confidential client information as well as client credit cards and other personal information. Also, firms incur the cost of repairing the damage. This includes both the financial cost of repairing the damage to the technology and loss of files, and the intangible need to repair damage to the firm’s reputation. There may even be consequences due to a breach of the ABA Model Rules requiring law firms to have protection of their sensitive data.
Top 5 Concerns for Cybersecurity for Law Offices in 2019
There are some law office cybersecurity concerns for 2019. Solo and small law firms mainly need to be on the watch for any or all of the following situations that may subject the firm to a breach of its cybersecurity system.
1. Exploitation of day-to-day employee activities.
The ABA reports that this activity is responsible for the most successful cyber attacks. An email appears to be from a client, or maybe a friend or family member that instead contains malware. The employee unwittingly opens the document which allows the hackers access to the personal and confidential files of all of the firm’s clients. The malware often has a mushrooming effect so that it will enable the hackers to access to not only the law firm client files, but access to the data the clients have on their systems.
If an employee uses an unprotected WiFi at a coffee shop, the entire office files are easily hacked into and malware may infect all of the confidential legal files of the law firm. This can happen even if the employee does not open any suspicious files and only does routine work.
2. Watch out for ransomware. Ransomware is one of the easiest hacking methods that exist. It does not even go after sensitive information but blocks everyone in the firm from accessing the office files unless a ransom is paid. It enters the system when an employee opens a particular email or clicks on an unknown zip or pdf file. It can even come in through a USB drive. Remote desktop applications are the most vulnerable.
3. Firms must understand that discarded devices compromise cybersecurity. A few years ago, a managed care healthcare provider returned its copy machines to the retailer when the lease on them was up. No one thought about computers having a hard drive that contained sensitive material. The disposed of devices included electronic health records of more than 344,000 people. The healthcare provider was fined by the U.S. Department of Health and Human Resources. Also, it had to pay to have the copiers returned to it so it could implement a new security plan for protecting the private information contained on the hard drives.
In addition to sensitive information being contained on the hard drive of a copy machine, the data may be on a cell phone and any other mobile device. When these devices are not correctly disposed of, the information can fall into the wrong hands. This could be an ethical violation of the ABA Model Rules in addition to the money it will take to deal with the unauthorized use of sensitive information.
4. Have a breach preparedness plan in place. The response to a cybersecurity breach is “a critical component to managing its impact and damage.” A law firm that has experienced a breach can minimize the consequences of bad press by informing those whose data was compromised about the incident before someone else does. This may mean going public with the information. Doing so will at least give control of the situation to the law firm and not to outside sources. Although the firm’s reputation will still suffer, it will not take “an additional beating” by being accused of hiding the fact of the breach.
5. The law firm’s cybersecurity plan must be compliant with state regulations. All 50 states now have a data breach notification law. Thirty states have legislation concerning cybersecurity. The ABA has rules pertaining to cybersecurity as do many state bar associations. It is up to each law firm to understand and comply with all the relevant laws and association rules.
To learn more about your cyber security law office concerns for 2019 and how to protect your confidential data, contact Parkway Tech. You can reach the IT firm online or by calling (336) 310-9888.
Cybersecurity has never been more important to law firms. After all, you deal with clients’ sensitive personal and financial information as well as details of their legal cases that those who mean them harm would love to learn about.
Cybersecurity has never been more important to law firms. After all, you deal with clients’ sensitive personal and financial information as well as details of their legal cases that those who mean them harm would love to learn about. The problem is that most lawyers are not IT experts. Sure, you’re great in a courtroom or negotiating a settlement on behalf of your client, but few good attorneys have the expertise or the time and energy at the end of the day to make sure that their computer files are impervious to increasingly savvy cybercriminals. That’s why having an IT partner like Parkway Tech is so important.
Cybersecurity concerns facing small law offices in 2019
Keeping your computer files safe is an ongoing process; it’s not something that you do once and then moves on to the next task. But, how much attention to cybersecurity is enough to be deemed a reasonable effort? It might be useful to see what other small firms are doing. According to a recent study by the American Bar Association (ABA).
Some firms, particularly those who use Macintosh computers, admitted to not using any measures to protect their digital files. Of those that did spend resources last year to beef up their cybersecurity, the majority (55%) said they did so to meet their fiduciary responsibilities.
Things to consider when developing a cybersecurity protocol
1. Vendor security. According to the American Bar Association, one of the top vulnerable places for law firms is the cybersecurity of their vendors. They see firms “increasingly writing language into contracts that require suppliers and vendors to take minimum specific measures to protect data.” This is in response to some massive industry hacks that have been linked to poor cybersecurity in supplier with links into the attacked company. That’s where a good IT partner like Park
2. Email security. Email correspondence continues to be an Achilles heel for most law firms. An entry-level staff member opening an attachment with a virus or other malicious code can potentially infect the entire firm’s database. Interestingly, while 75 percent of respondents in the ABA survey viewed emails as a potential threat, only 58 percent have a program in place to protect against such a threat.
What you can do to beef up your firm’s cybersecurity
The ABA ranked the average small law firms cybersecurity procedures, and protocols are at 3.5 out of 10. More effort is needed in this area to protect your sensitive data adequately. It’s not overly dramatic to say that a data breach could threaten the very existence of your firm.
No lawyer should be expected to be an IT expert. You have clients and employees to concentrate on, not to mention spending time with your family. That’s where a good IT partner like Parkway Tech can be invaluable. We are more than just computer technicians; we are IT professionals who know and understand the unique security concerns of law firms. Cybercriminals are always upping their game and developing new ways to compromise your data. You need a diligent company that can match this challenge and stop such threats before they even develop.
At Parkway Tech, we take a somewhat different approach to IT solutions. We understand that every law firm is unique. That’s why we begin by getting to know you, your firm and your hope and dreams for the future. We don’t recommend any product or course of action until we’ve taken the time to learn about your specific needs. We feel one of our strengths is our relationship-driven approach to IT solutions.
We’ll help you develop a cybersecurity package that is virtually impenetrable to hackers. We’ll include not just your office computers, but also your mobile devices, your cloud apps and storage, and your contracts with those potentially vulnerable third-party vendors. We understand that leaving anyone spot vulnerable puts your entire system at risk.
About Parkway Tech (Your Legal IT Services Team)
Located in Winston-Salem, Parkway Tech has been helping small and medium-size law firms with their IT needs, including cybersecurity, since 2008. We pride ourselves on our friendly, responsive customer service. We’re so confident that you’ll be thrilled with our service, we offer a 90-day money-back guarantee. That means you can “test drive” our services for more than a month and get all of your money back (cheerfully) if you aren’t satisfied with our team and our services. Not many other IT specialists make that offer.
To learn more about how Parkway Tech can help free up your time as well as help your law office keep your data secure, meet your fiduciary responsibility to your clients and stop worrying about cyber threats, visit parkwaytech.com or contact us at (336) 310-9888.
Law firms today are increasingly relying on digital tools to provide lawyers and other staff with more flexible access to information, deliver on-demand law information to clients and reduce reliance on paralegals and other administrative staff.
Law firms today are increasingly relying on digital tools to provide lawyers and other staff with more flexible access to information, deliver on-demand law information to clients and reduce reliance on paralegals and other administrative staff.
These technological advances have allowed law firms to innovate, develop new revenue-generating services and reduce operating expenses. However, with those advances comes an added risk. With the use of more digital solutions, law firms are exposing their data to greater exposure to cyber attack. The impact of a data breach could be devastating to a law firm, resulting in the loss of clients and reputation.
The growing reliance on technology is why data security for law firms has become more essential than ever. Finding the right legal IT provider that understands law firm needs and can develop comprehensive security solutions is a critical step for law firms.
What Threats Are Law Firms Likely to Face?
Hackers know all too well how critical it is to keep client data safe. That’s why law firms are such a likely target. The American Bar Association’s 2018 annual meeting included a panel discussion to address the risks and the need for active defense. “The consensus of the panel was that cyber attacks are inevitable, and that preparation for law firms was necessary to avoid not only the hardware issues but also post-attack consequences,” the ABA wrote.
Ransomware is a significant risk. A hacker who gains access to sensitive systems can lock out users, cripple a website and demand payment in cryptocurrency before functions are released.
While anti-virus and anti-phishing software have long been a part of a corporate defense against such attacks, hackers are finding new weapons. Cryptoworms are one such example. These invasive programs act similarly to malware and ransomware with one significant distinction. Cryptoworms, once embedded, do not need manual instructions from a hacker to identify and steal personally identifiable information.
As long as hacking remains a lucrative option, hackers will continue to develop new destructive weapons. That’s why data security services for law offices are still needed.
What Solutions Do Law Firms Need to Deploy?
Preventative measures are the first line of defense for law firms. The problem is that like other small- and medium-sized businesses, many law firms do not create a comprehensive layer of securities. Anti-virus software alone is not enough. Here are the main components of a thorough strategy:
What Structure Is Necessary for Cybersecurity?
Policies and procedures need to be in place that guides your law firm’s technical solutions.
Explicit, clear policies about cybersecurity need to focus on keeping client data and employee information secure. These policies need to be distributed to all employees and discussed not just in new-employee orientation sessions but as part of annual mandatory training.
Employees need to understand that most cyber attacks start with an unknowing employee clicking on an email link or visiting a damaging website. Effective training raises employee awareness and gives them tips on what to look for to prevent attacks. Some organizations even issue phony phishing emails to test how well employees understand company policy.
Policies should focus on the following:
How Do I Prepare to Respond to an Attack?
Law firms need to have an incident response plan that’s a core part of your business continuity plan.
Your incident response plan should include well-defined roles for staff responsibilities during and after an attack, including:
Who Can Help Our Law Firm with Cybersecurity?
Parkway Tech specializes in helping law firms with their IT needs. We understand the importance of keeping sensitive law firm information protected and secure.
At Parkway Tech, we have a relationship-driven approach, taking time to learn about your firm’s needs and goals. In addition to robust cybersecurity solutions, we offer data backup and recovery, business continuity planning, IT consulting, cloud computing and remote help-desk support. To learn how we can help keep your law firm protected, contact us.
In July 2018, an article published by Naked Security stated that SamSam, one of the latest ransomware threats, has been one of the most costly and dangerous attacks in history. SamSam leeched at least $6 million from unwitting victims, some of which were well-known businesses and government operations.
SamSam ended up costing the Colorado Department of Transportation upwards of $1.5 million as of April 2018, according to the Denver Post. The FBI and Department of Homeland Security (DHS) agencies have stepped in with recommendations to help business owners keep themselves and their data protected from not just SamSam, but other malware as well.
1. Make changes to systems that rely on RDP remote communication.
If you don’t use the RDP service, disable it. If you do rely on remote communication, work with an IT consulting agency to implement upgraded patches that conform to current system operations.
2. Use firewalls to protect open RDP ports.
If your system utilizes open RDP ports and public IP addresses, make sure these are rightly protected with a firewall. Virtual private networks should be used to access these ports, so make sure all users understand how to access the systems even once they are protected.
3. Beef up system passwords and lockouts.
One of the easiest ways to defend against brute-force attacks is to beef up your passwords and lockouts that are in use. USA Today says passwords should be a random collection of characters (upper and lower case), at least eight characters long, and that you should use a different password for each application. Use strong passwords among shared devices just the same as you would on the internet.
4. Utilize two-factor authentication processes.
Two-factor authentication processes offer an extra layer of security for applications that have it available. Many business owners skip doing two-factor authentication because it saves time, but this is an easy way to make systems more secure.
5. Pay attention to system updates as they become available.
System and software updates are hugely important, whether they are manually implemented or automatically added. These updates are frequently released as new threats emerge to the surface that would otherwise compromise an existing system. Never turn off automatic system updates and have a business security expert check your system for updates on occasion.
6. Implement a reliable backup strategy.
If something happens and your system is compromised by a SamSam ransomware attack, you need to have a backup plan already in place. Therefore, it is critical to implement a reliable backup access strategy so your system and your data can remain accessible.
7. Enable system logs and keep them for at least 90 days.
System logs will record every login attempt through RDP ports and other applications. In the event of an attack, IT analysts will be able to pinpoint the exact time that the system was infiltrated, which can be really helpful to solve the problem.
8. Follow guidelines for accessing cloud-hosted services.
If you do have cloud-hosted data that you frequently access, follow that provider’s rules for accessing your data and do not ignore their guidelines. These rules are specifically in place to keep your information protected. If you are using third-party services that require RDP access ports, make sure the service is following the latest safety practices.
9. Keep network exposure at a minimum for critical hardware.
In other words, if you have a hardware system that can function without being interconnected to all other devices on the network, then operate it as a standalone component. Just because you can connect everything in the modern technology setting, it does not always mean that you should. If SamSam or another ransomware attacks, hardware that is not connected can be safe. Likewise, it is good if you turn off sharing between printers and other devices unless it is absolutely necessary.
10. Restrict users from running software and opening emails.
There should only be trusted people within your business who are allowed the privilege of running software on any system. Therefore, make sure all users have a clear set of outlined access permissions and restrictions. It is also essential that email attachments are carefully handled, which means not every user should be allowed to open, access, or view email attachments.
Even though protecting your business from SamSam ransomware and other business cybersecurity threats can be time-consuming, it is these lines of protection that will save you from an expensive attack. Reach out to a cybersecurity expert for more information about adequately protecting your business network.
A recent sextortion scheme highlights the vulnerability users face when their data is stolen and used against them.
The widespread threat made it seem as though a hacker had compromising video of a victim taken while visiting adult pornographic websites. The scammers threatened to release the video unless they were paid in bitcoins.
Here’s a closer look at the threat and how to prevent such ruses in the future.
What Happened in the Sextortion Case?
The latest fraud was different from earlier sextortion cases in one significant aspect. Victims were targeted with an email that appeared to come from their very own email account.
In the past, similar hacks used passwords to an adult website that had been stolen in a data breach. The scammer would threaten to release information about the victim’s activity in exchange for cryptocurrency.
Are These Schemes Successful?
The risk of public embarrassment is a powerful motivator for many victims who would rather pay than be exposed for visiting questionable websites. The recent scheme was first noted in the Netherlands, where it reportedly netted €40,000 in short order. That kind of quick cash is highly motivating to hackers looking to make a large amount of money fast.
What Did the Sextortion Email Say?
The English version of the scam had a subject line that included the victim’s email address and “48 hours to pay,” e.g. “firstname.lastname@example.org 48 hours to pay,”
In broken English, the scammer claimed to be part of an international hacker group that now had access to all accounts and gave an example of a stolen password.
Throughout several months, the email alleged, the victim’s devices were infected with a virus from visiting adult websites. Now, the hackers had access to a victim’s social media and messages.
“We are aware of your little and big secrets … yeah, you do have them,” the email continued. “We saw and recorded your doings on porn websites. Your tastes are so weird, you know.”
The email further claimed to have recordings of the victim viewing these websites and threatened to release them to friends and relatives. It demanded payment of $800 in bitcoin within 48 hours of reading the message. If the funds were received, the data would be erased. If not, videos would be sent to every contact found on the victim’s device.
For unsuspecting victims, receiving such an email could be terrifying. That’s why so many people succumb to such demands and pay up.
What Can Users Do?
While it’s easy to be scared into sending payment, the reality is that these emails can be ignored and deleted. It’s a good idea after doing so to run an anti-virus scan on all your devices to be sure that there is no malware installed.
Many of these scams occur because a domain has been hacked. However, these vulnerabilities can be eliminated by using some basic protections. Using domain name system (DNS) records designed for email validation and authentication are an essential first step. Here are three of the most common:
Your users and domains are vulnerable to hackers looking to exploit technology to shame people into paying. With the right technology assessments, security protocols and safeguards in place, your systems will be protected and dissuade hackers from attacking your sites in the future.
Regardless of the money businesses invest in cybersecurity, technology is only part of the cybersecurity puzzle. Regardless of new hardware, updated software and the best IT support team, cybersecurity is an ongoing commitment. Cybersecurity must be on the minds of every employee every hour of every day.
A Chain Is Only As Strong As Its Weakest Link.
This idiom is attributed to Thomas Reid who wrote “Essays on the Intellectual Powers of Man” in 1786. It first appeared in print in 1868 in the Cornhill Magazine. Simply put, it means that a group of people can only be as strong or successful as the weakest or least successful member.
Email is a favored method of cybercriminals – email is used to transmit ransomware, viruses and other harmful software.
Each email that each employee opens represents a cybersecurity threat. Only with a continuous and ongoing employee awareness program can you have an effective cybersecurity solution. It only takes one employee opening one email to expose your business to a cyber-attack.
Employees come and go – make sure that critical passwords are changed when an employee leaves. Be sure that new hires understand your cybersecurity policies and know to whom they should report potential risks.
What Can Businesses Do to Ensure Employees Don’t Pose a Security Risk?
First, ensure that you have a firewall, up-to-date anti-virus software and a spam filter. Always make sure that every new computer, laptop or tablet is up-to-date on these items before it is given to an employee.
Email 101. Teach email safety. These simple questions will help employees evaluate emails that originate from unknown senders.
Continuing Education for your Employees. People are people, and they forget. Employees need ongoing training about email safety. Keep the training short and exciting to keep their attention.
The Power of Human Error
In spite of educating your employees, human error accounts for almost 50 percent of data breaches. The accidental loss of a device or a misplaced document may be the cause of a severe security breach. Shred-It vice president Monu Kalsi observes that the smallest bad habits may result in substantial security risks. Examples include:
Draft a written policy to provide each employee who works remotely from home or when traveling.
Another potential source of human error may come from sub-contractors or vendors who have access to your facilities and/or employees. The Shred-It study showed that 20-25 percent of security breaches were caused by vendors. Ensure that when a vendor relationship ends that all ties are severed – change codes for keyed entrances when there is a vendor change.
Attention to small details may save your company lots of money.
The Bottom Line …
Employees are human. They make mistakes or commit errors in judgment. They also forget. Invest in updates for firewalls, security software and well-trained IT personnel. Regular cybersecurity training for your employees protects your business from damaging cyber-attacks.
Hackers Know How to Steal Money Anonymously
In West Barnstable, Massachusetts, Cape Cod Community College recently fell victim to a phishing scam that resulted in the school losing more than $800,000. The money was taken out of the school’s bank accounts. While this kind of scam is common these days, there are measures a business can take to prevent it. In the case of Cape Cod Community College, experts believe endpoint security solutions using next-generation technology would have prevented the monetary loss for the school.
The hackers of today are quite sophisticated, and if a business falls victim to one of their scams, there is often very little they can do about it. Hackers know how to remain anonymous, and leave few if any, digital footprints to follow. This means the likelihood of recovering one’s money is little to none. That is why it is so vital to prevent these things before they happen by using proper technology.
The president of Cape Cod Community College, John Cox, revealed the financial loss via a digital theft to the staff and faculty of the school in an email on December 7. By working with the bank at which the school’s accounts were held, the school has been able to recover about $300,000 of what was stolen, which is more than most smaller businesses would be able to do. It is unlikely they will be able to recover the entire $800,000, but they might be able to get some more of the money back by working closely with the bank, as they are doing.
Details of the Digital Theft
Cox gave an interview with a local newspaper after informing the workers at the college of the theft. In the interview, he revealed many interesting details about the theft, including:
Other Schools Have Had This Issue, As Well
Cape Cod Community College is not the only school to have this kind of issue in recent times. In June of 2018, hackers stole around $1.4 million from 21 account holders in the Connecticut Higher Education Trust.
Hackers are not just after money, either. They are out to cripple the schools they target. Sometimes, they don’t steal any money at all, but instead, generate outages of the computers at a particular school. This happened to a college in Wisconsin in June of 2018, and it resulted in classes having to be canceled for three days because the computer infrastructure to support the classes, students, and employees wasn’t there.
It hasn’t just been colleges being targeted, either. K-12 schools are also targets. A public K-12 school in New Jersey lost $200,000 in September of 2018 in a phishing incident similar to the one experienced at Cape Cod Community College.
Technology Companies are Stepping Up to Help Prevent
This Technology companies are stepping up in light of such incidents, creating phishing simulators to help schools teach their employees to avoid allowing their workplaces to become the next phishing victims. They are also reaching out to schools to increase awareness of the need for next-generation endpoint protection software, and to help schools install and use it.
No matter the line of business you’re in, outsourcing your IT services to a managed service provider (MSP) provides a world of benefits. Both your internal systems and your online presence will be optimized and streamlined, tech problems will be taken care of right away, and you’ll have more time to focus on what matters.
Aside from providing excellent customer care and competency in their field, great MSPs employ the best IT experts, are there for you when you need them, stay up-to-date on new technology, and … they do one other important thing.
They conduct Quarterly Technology Reviews.
What are Quarterly Technology Reviews?
Quarterly Technology Reviews or QTRs are meetings your IT services company regularly conducts with you to assess the effectiveness of your current tech investments and them, your managed service provider.
A QTR occurs quarterly or four times per year, and it’s up to your MSP to book the appointment; you shouldn’t have to. When you see that your MSP is taking the initiative with QTRs, it’s a great sign that you’re working with a leading company. At a QTR meeting, you’ll be able to provide feedback to your MSP about the service they’ve been providing and the technology you’ve been investing in.
What are the specific benefits of a Quarterly Technology Review?
For you, the client, the benefits of QTRs are numerous. You’ll have an open platform to discuss any bugs or issues you’ve been having with your technology or possible problems with computer systems, email, the website, etc. Just remember that for immediate problems, you shouldn’t wait for the QTR and should merely contact your MSP right away — that’s what they’re there for.
In the end, if your MSP conducts QTRs with you, your business will see the following benefits:
For your MSP, the most significant benefit of Quarterly Technology Reviews is showing you that they care and are monitoring your success. This goes a long way in maintaining their clientele.
QTRs also allow a tech firm or MSP to highlight your company’s return on investment or ROI (your investment being them, for the most part). As a client, they want you to be alerted to the fact that their company cares about you and that their services are worth it. Whether there are problems to fix at a QTR meeting or not, your MSP wants to reiterate that you need them.
This isn’t necessarily a bad thing for you, the client. After all, you hired them and are paying them for their services. Allow them to show off for you, and don’t be hesitant about voicing any issues you have so that they can be fixed quickly. A tech firm who conducts QTRs with you wants to keep you as a client.
When will your first QTR meeting be as a new client?
Naturally, as a new client, you won’t have a quarterly technology review right away.
Even after a few months post-contract signing, there just won’t be enough time to verify that your new systems, technologies, and other implementations are working correctly and providing you with the necessary benefits.
Therefore, your MSP will likely schedule your first QTR for at least 90 days after you go live.
But keep in mind that your MSP shouldn’t wait too long to conduct your first QTR. After all, the first review meeting is the most important because most problems will have become evident at this time.
While you can certainly contact your MSP right away whenever you need them throughout the first 90 days, as a client, it’s likely you’ll feel better bringing up issues in a formal meeting — especially when the problems are rather large or pervade several types of technology.
You want to know that your MSP is on the ball and ready to ameliorate any issues right away.
Where are most QTRs held?
In a perfect world, you’d meet one-on-one, face-to-face with your MSP for your quarterly technology review. However, this won’t necessarily be possible, and that’s probably okay.
After all, if your MSP has numerous clients and is conducting QTRs with everyone, they would always be at QTR meetings. And on your end, too, you’ve got work to do and may not have time to schedule formal sit-down meetings four times a year — just to check-in on technology that’s already been established and working.
Instead, it’s likely your first QTR will be face-to-face, if possible. If you’re a large client, your MSP should definitely make this effort. After that, however, most QTRs are held via video or phone conference.
In the end, Quarterly Technology Reviews remain one of the absolute best ways to stay in touch with your MSP about the efficacy and benefits of your current technological investments. As you search for a high-quality managed service provider in your area, be sure to ask about QTRs. Those companies who provide them are likely to take a better interest in their clients’ success — and that means good things for you.
The Department of Homeland Security and the Federal Bureau of Investigation issued a critical alert Dec. 3, warning users about SamSam ransomware and providing details on what system vulnerabilities permit the pernicious product to be deployed.
According to the alert, which came from the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) along with the FBI, the SamSam actors targeted multiple industries—some within critical infrastructure—with the ransomware, which also is known as MSIL/Samas. The attacks mostly affected victims within the United States, but there was also an international impact.
As pointed out in the alert, organizations are more at risk to be attacked by network-wide infections than individuals because they are typically in a position where they have no option but making ransom payments.
“Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms,” the alert states.
That does not mean individual systems cannot or are not attacked, but they are targeted significantly less by this particular type of malware.
How do SamSam actors operate?
Through FBI analysis of victims’ access logs and victim-reporting over the past couple of years, the agencies have discovered that the SamSam actors exploit Windows servers and vulnerable JBoss applications. Hackers use Remote Desktop Protocol (RDP) to gain access to their victims’ networks through an approved access point and infect reachable hosts. From there, the cyber actors “escalate privileges for administrator rights, drop malware onto the server, and run an executable file, all without victims’ action or authorization,” the report states.
RDP ransomware campaigns are typically accomplished through stolen login credentials—sometimes purchased from darknet marketplaces—or brute force attacks. Since they do not rely on victims completing a specific action, detecting RDP intrusions is challenging, according to the alert.
Ransom notes instructing victims to establish contact through a Tor hidden service are left on encrypted computers by the SamSam attackers. Victims are assured that once they pay the ransom in Bitcoin, they will receive links to download cryptographic keys and tools for decrypting their network.
Where did SamSam originate?
The Department of Justice recently indicted two Iranian men who allegedly were behind the creation of SamSam and deployed the ransomware, causing approximately $30 million of damage and collecting about $6 million in ransom payments from victims. The crippling ransomware affected about 200 municipalities, hospital, universities and other targets during the past three years, according to an article from Wired.
Keith Jarvis, a senior security researcher at SecureWorks, reiterated the sophistication of the SamSam ransomware and how it gains access to systems through weak authentication or vulnerabilities in web applications, methods that don’t require the victim to engage in a particular action. Hackers also go out of their way to target specific victims whose critical operations rely on getting systems up and running as quickly as possible, making them more likely to simply pay up.
What technical details about SamSam are important?
In the joint DHS and FBI report, the federal agencies provided a list, though not exhaustive, of SamSam Malware Analysis Reports that outline four variants of the ransomware. Organizations or their IT services administrators can review the following reports:
What mitigation and prevents practices are best?
In general, organizations are encouraged to not pay ransoms, since there is no guarantee they will receive decryption keys from the criminals. However, relying on a contingency plan or waiting out an attack, as advised by the FBI, is difficult when an entire operation has been compromised.
The best course of action is for organizations to strengthen their security posture in a way that prevents or at least mitigates the worst impacts of ransomware attacks. The FBI and DHS provided several best practices for system owners, users and administrators to consider to protect their systems.
For instance, network administrators are encouraged to review their systems to detect those that use RDP remote communication and place any system with an open RDP port behind a firewall. Users can be required to use a virtual private network (VPN) to access the system. Other best practices, according to the report, include:
This just scratches the surface of actions that administrators and users can take to protect their networks against SamSam or other cyber-attacks. The National Institute of Standards and Technology (NIST) provides more thorough recommendations in its Guide to Malware Incident Prevention and Handling for Desktops and Laptops, or Special Publication 800-83.
Information technology specialists can also provide insight and advice for how organizations can detect gaps or vulnerabilities in their cyber-security that leave them susceptible to SamSam or other malware infections.
In late 2018, the Federal Trade Commission (FTC) issued a stark warning about a massive data breach at a Marriott chain that exposed the records of 500 million people.
The latest major corporate breach reinforces the need for companies to invest in multilayered security protocols that protect networks, devices and users.
What Happened at Marriott?
Marriott International reported that a breach of its Starwood guest reservation system exposed personal information on millions of people, Hackers gained access to highly sensitive data, including names, physical addresses, email addresses, phone numbers, gender, and loyalty program data. Among the most potentially damaging information taken were passport numbers, dates of birth and payment card numbers and expiration dates. While the payment card data was encrypted, the company did not know if the hackers had also stolen the technology needed to decrypt that information.
The breach began in 2014 and could affect anyone who made a reservation on or before September 10, 2018, at any of the Starwood brands, which comprise Le Meridien Hotels and Resorts, Sheraton Hotels and Resorts, St. Regis, W Hotels and Westin Hotels and Resorts.
How Did Marriott and the FTC Respond?
Marriott sent an email to warn those who may have been affected by the breach. However, the company ran into some criticism in its response, too.
The emails came from a third party and not the chain itself. The domain, email-marriott.com, doesn’t load or have an HTTPS identifying the certificate. That could lead other hackers to spoof the email and pretend they’re Marriott, duping consumers out of more personal information.
The company has offered a year’s worth of free internet site monitoring that generates an alert if evidence of a consumer’s personal information is found. However, the service is not available in all countries. U.S. consumers also can obtain free fraud consulting and reimbursement coverage.
The FTC encouraged consumers to check their credit reports and credit card statements for accounts or activity that’s not recognized. The agency also suggested placing a fraud alert or freeze on their credit reports.
What Can Companies Do To Prevent These Issues?
To ensure that your systems and networks are protected adequately from such intrusions, it’s wise to invest in a comprehensive assessment of your existing security defenses. An experienced IT services provider can assist with this assessment and recommend improvements to shore up areas that are lacking.
Today’s companies need a blanket of protections on several levels, including:
This broad approach to security helps minimize the likelihood of a Marriott-level incident damaging your company’s business and reputation.