Website Attacks: How You Can Protect Your Organization

Computer and programming codes secured against website attacks

Malicious files and links regularly bypass security products, leaving many organizations vulnerable to web-based attacks including Ransomware, Phishing and data breaches like Emotet, Dridex, Maze, Lokibot, Wannacry etc. Organizations can enhance security against website attacks by following cyber security best practices like the implementation of a multi-layered security concept known as Defense-in-Depth.

Following the recommendations of the Cybersecurity and Information Security Agency (CISA) encouraging website administrators to review it’s updated “Tip on Website Security”, we are using this article as a public service educational piece with the hope that it will help those who manage websites for small organizations to take the necessary steps to protect against website attacks.

What is website security?

Website security refers to the protection of personal and organizational public-facing websites from cyber attacks.

Why should I care about website security?

Cyber attacks against public-facing websites—regardless of size—are common and may result in:

  • Website defacement,
  • Loss of website availability or denial-of-service (DoS) condition,
  • Compromise of sensitive customer or organizational data,
  • An attacker taking control of the affected website, or
  • Use of website as a staging point for watering hole attacks.

These threats affect all aspects of information security—confidentiality, integrity, and availability—and can gravely damage the reputation of the website and its owner. (more…)

Share

Comments Off on Website Attacks: How You Can Protect Your Organization

Compliance And Security: How Small Businesses Can Reduce Cost

Different facets of compliance management

Are you responsible for the ongoing effectiveness of your security strategy and compliance audits in your small business or organization?

Some of the main threats facing small businesses and organizations today include:

  • Data breaches,
  • The lack of  dedicated security expert on staff,
  • Being an easy target for hackers,
  • The tendency to mishandle device configuration settings  and
  • Staying in  compliance with state and federal laws and regulation.

A primary concern for any business owner is the guardianship of customer and business data from increasing external threats to security, and tougher compliance requirements in regulated industries.

As a matter of fact, today, organizations and businesses must manage, govern and ensure compliance for the overwhelming amount of data they produce, especially in the face of global legislation like CCPA and GDPR, rather than national regulations.” (more…)

Share

Comments Off on Compliance And Security: How Small Businesses Can Reduce Cost

Why Small Organizations Need Vulnerability Management

Computer with hard to read code, stressing the need for vulnerability management.

The US Cyber Security Agency (CISA) recently released an Emergency Directive and Activity Alert addressing critical vulnerabilities affecting Microsoft Windows and Windows Remote Desktop Protocol (RDP). Vulnerability management can help organizations get a handle on such vulnerabilities.

Consequently, Microsoft released fixes for 50 security vulnerabilities in the Windows operating system, creating yet another scramble by IT professionals to patch their computer systems.

Part of what Microsoft fixed in the updates released was what is regarded as a major crypto-spoofing bug that affected Windows 10 users.

A key point is to realize that this particular vulnerability could allow a cyber criminal or hacker to spoof a code-signing certificate, vital to validating executable programs in Windows, and make it appear as if an application was from a trusted source.

Keep in mind that in technology terms, spoofing is defined as a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver.

To put it another way, when this vulnerability is exploited and code-signing certificates are spoofed, the operating system will find it difficult to tell the difference between malware and Microsoft software. (more…)

Share

Comments Off on Why Small Organizations Need Vulnerability Management

Protect Your Business From Dangerous Cryptomining Activities

Why Small Organizations Should Be Worried About Illicit Cryptomining Activities

cryptomining activity

There is a scourge currently targeting small businesses and organizations and many are not even aware of it because it does not do anything sensational meant to cause harm. It does not install a virus, send phishing emails, or attempt to kidnap business data for ransom. That scourge is cryptocurrency mining, or simply cryptomining.

What is cryptocurrency?

Cryptocurrency is a form of digital currency that can be used in exchange for goods, services, and even real money, similar to other currencies. However, unlike other currencies, cryptocurrency operates independently of a central bank and uses encryption techniques and blockchain technology to secure and verify transactions.

To quote Malwarebytes, “Two words—“cryptography” and “currency”—combine to form “cryptocurrency,” which is electronic money, based on the principles of complex mathematical encryption. All cryptocurrencies exist as encrypted decentralized monetary units, freely transferable between network participants.” Or put more simply, cryptocurrency is electricity converted into lines of code, which have a real monetary value.  (See a detailed article by Malwarebytes on this topic here).

While Cryptocurrency may be in its infancy, its popularity continues to increase, some would say, exponentially. You may have heard of terms like Bitcoin, Litecoin, Monero, Ethereum, Ripple etc. These are just a few types of the cryptocurrencies currently available. (more…)

Share

Comments Off on Protect Your Business From Dangerous Cryptomining Activities

Data Encryption Tools For The Mobile Business Executive

Infographic depicting various devices using data encryption.

Data encryption is not one of the security options most companies think of providing for their senior executives who use, and travel, with laptops, netbooks and tablets so they can stay productive even when on the road. This is even more true of corporate executives who sometimes demand anytime, anywhere access to data residing on corporate servers.

While the big corporations can afford to spend millions of dollars on data protection hardware and software., the same cannot be said of executives in small and medium-sized organizations, especially when it comes to loss of personal information, including credit card data, patient records or other financial information, stored by the company.

Data breaches happen and information is lost every day due to small mistakes that could have been avoided by using data encryption technologies. For small businesses, these data loss events can be devastating. (more…)

Share

Comments Off on Data Encryption Tools For The Mobile Business Executive

Why We Should Thank, Not Demonize LulzSec, Anon

So the 50-day cruise is over and the guys at LulzSec are going back underground. That should worry some of us because if they did not want us to know what they were doing, I don’t think any sane person would argue that they could not have done so.

While the media has been abuzz about the exploits of Anonymous and LulzSec, the bigger question we should be asking is, are any of their exploits new or did they just give us a wake up call that there is no security, at least in the way we normally define it. What they have demonstrated is that security is a term we use to make ourselves feel good. (more…)

Share

Comments Off on Why We Should Thank, Not Demonize LulzSec, Anon