When it comes to cybersecurity, there are no guarantees, and the same holds true for browsing the internet. Though there are steps you can take to increase privacy and make yourself more anonymous, achieving total and complete privacy and anonymity is unlikely.
There are many reasons organizations and individuals seek to browse the internet anonymously or privately. For businesses, keeping employee internet traffic private is a matter of security: shielding employee internet traffic makes it more difficult for cybercriminals to gather the information they need for social engineering attacks or blackmail. As such, taking organizational-wide steps to improve employee privacy as well as educating employees about the importance of privacy and what steps they can take is critical for any security posture.
To help you best safeguard your organization, we have created this handy guide outlining some tools and policies you may want to consider adopting.
Private is Not the Same as Anonymous
It takes a surprising amount of work to remain anonymous on the internet. Though many articles and organizations within the cybersecurity space use the terms “anonymity” and “privacy” interchangeably, they are not actually interchangeable.
An encrypted message is private because only you and the recipient can read its contents, but because of metadata, you aren’t actually anonymous. Metadata is snippets of information that provide context about the message, such as who you are talking to, how long you have been exchanging messages, how many messages you have sent, the presence and size of attachments, and what medium you are using (text, email, etc.), and unlike the contents of your message, isn’t encrypted.
Because you can’t encrypt this metadata (which can be accessed by cybercriminals and other unauthorized individuals with the right tools, technical knowledge, and motivation), you can’t actually browse the internet or send messages anonymously.
Tips & Tools to Increase Your Privacy Online
Using Tor & Signal
Adopting Tor and Signal for your internet browsing and message sending needs is a good place to start.
Tor is the largest, most comprehensive, and highly effective meta-data resistant piece of software designed to promote privacy and anonymity. Though Tor doesn’t guarantee it will keep your browsing habits private, it is the best option currently available. Tor has developed a bit of a bad reputation because it is favored by criminals looking to keep their illegal activities secret, but it has also been a critical tool for journalists looking to research stories anonymously and has even partnered with Reporters Without Borders. However, using Tor comes with some complications: browsing the internet over Tor is slower than using other search engines, and some large web services block Tor users.
Signal is a popular and highly effective messaging app that allows users to send and receive encrypted text messages, voice memos, audio calls, and video calls. Its user interface is similar to other popular messaging apps, making it easy to use even for less tech-savvy individuals.
However, just because your messages are private doesn’t mean you are anonymous. Any network-level adversary can tell you are using Signal, and government agencies such as the CIA can still digitally peek over your shoulder using malware. Also, the metadata associated with Signal users is still available, so organizations such as the US government and Five Eyes are able to access Signal traffic to learn who is communicating with whom when they are communicating and how long they have been in communication. Though the developers of Signal are aware of these shortcomings, metadata-resistant communication remains an unsolved technical problem.
In short, Signal is the best encrypted messaging app available, offering a more private communication experience, but it isn’t perfect and cannot be relied on for total or even strong anonymity.
VPNs Are Useful, But Don’t Actually Offer Anonymity (Only Privacy)
Since the VPN just shifts your traffic to their server, they can still see all of your traffic; as such, if someone you wish to hide your browsing from accesses the VPN’s servers (either through a cyber attack or via legitimate means such as a court order) they will also be able to see all your traffic.
Using Zero-Knowledge Services
Many of the tools you likely use every day, including Gmail, Office365, and DropBox, know everything you do on their respective platforms; Google reads your emails, Office365 can access everything you write, and DropBox has the ability to open and examine all files you upload. These three organizations, along with many more, are also Prism providers, which means they cooperate with mass surveillance programs and, as such, are willing to share anything you do on their platforms with the US government.
While you can protect your privacy on these platforms by encrypting everything you do, you can also choose more privacy-conscious alternatives such as SpiderOak (an alternative to DropBox) or Protonmail (as opposed to Gmail). You should carefully vet these companies for yourself before using their products, but these zero-knowledge options are certainly worth exploring further.
Check Your App Permissions
Though Apple recently released an update designed to improve user privacy and security (including limiting photo and location access, discouraging Wi-Fi tracking, and at a future date, limiting app tracking), both Apple and Android users should still take the time to check their app permissions. Many apps request greater permissions than they need (including camera and microphone access, location data, and other information), raising security and privacy concerns.
Be sure to periodically check your app permission settings and revoke unnecessary permissions.
Consider Installing an Ad Blocker on Your Browser
Ads used to be targeted at wide demographics, using a one-to-many broadcasting model. However, targeted advertising now means that what ads you see while browsing the internet are specifically tailored to you to maximize your chances of clicking a link or buying a product or service. This personalization is possible because of online tracking.
Installing an ad blocker won’t completely hide your browsing activities from curious advertisers, but products such as Brave Browser, AdBlock, and the Electronic Frontier Foundation’s Privacy Badger offer better protection than nothing at all.
Consider an Ad Blocking DNS Service
To block ads at the network level, you may want to consider a DNS adblocker such as Pi-hole. DNS ad blockers are basically DNS (domain name system) servers that act as DNS sinkholes, blocking ad traffic by checking requests from your browser (in this case, coming from advertisers who want to serve you ads) against your client hosted DNS server, which contains a list of domains that usually serve ads. If a requester is on that list, their request is denied, blocking the ads before they even reach your computer. This approach is usually done via hardware (for example, Pi-hole requires a Raspberry Pi).
Google Home, Amazon Echo, and Apple’s Siri offer convenience, but they are a privacy nightmare. In order to know when to update your grocery list, play a requested song, or call your parents, these devices need to be constantly listening for instructions. Private conversations aren’t private if you have a digital spy in the room, but even if you refuse to get an Amazon Ring for your front door, it doesn’t really matter if they are ubiquitous in your neighborhood.
However, if you are concerned about privacy, you should still consider banning these devices from the office (and the home office) and turn off Siri voice activation.
Use Common Sense
At its core, privacy is about autonomy: choosing which information you share and with whom. A good general rule is that you are doing something you don’t want the world to know about, it’s probably best to keep it off the internet. If your team needs to discuss a top-secret project, have them meet in person (when it’s safe to do so) or limit communication to secure devices and products only.
Depending on the nature of your business, you may want to create clear social media and internet use guidelines for employees, contractors, volunteers, and any other individuals involved in your organization.
It’s almost impossible to be truly anonymous on the internet, but that doesn’t mean there aren’t steps you can take to improve privacy (and, by extension, security) at the individual and organizational level. For more information about steps, your organization can take, please contact the Virtual Armour team today.
From a financial standpoint, it makes sense to try and hold out on upgrading your hardware until something breaks, even if the hardware in question is no longer supported by the manufacturer. After all, if it still works, why replace it?
However, using unsupported hardware brings with it a wealth of cybersecurity risks, can hinder productivity, and can hurt your bottom line.
9 Reasons You Need to Say Goodbye to Unsupported Hardware
You’re Incurring Unnecessary Expenses
Once hardware reaches its end-of-life (EOL), you’ll likely have to pay a hefty premium to keep your aging technology up and running. If extended support is available at all, it isn’t likely that many companies will offer it, leaving you less choice and hampering your ability to shop around for the best price.
Without the ability to install security patches to address known vulnerabilities or support up-to-date (and more-secure) versions of the software your organization relies on, you may no longer be able to comply with relevant regulations, leaving your organization vulnerable from a legal and compliance standpoint.
Outdated Hardware is Unreliable
Aside from the expected wear and tear on old components (which will become increasingly difficult to find or repair), outdated hardware doesn’t support new versions of the software your organization requires to function. As such, you will likely be forced to rely on outdated software, curtailing system performance and cutting you off from new features.
Outdated hardware is also more likely to crash, increasing system down-time and causing headaches and frustration for employees and customers alike.
Productivity Takes a Hit
Unsupported hardware affects employee productivity in a multitude of ways:
Employees have to invest more time and energy in keeping outdated hardware up and running, pulling them away from tasks that grow your business.
Outdated hardware isn’t able to support the newer, faster, more reliable versions of the software your organization depends on, which means employee tasks end up taking longer than they should because workers are left waiting for software to load.
Employees who are continually frustrated with the tools they need to do their jobs are less likely to be satisfied with their jobs overall, leading to higher turnover. Not only does this lead to increased costs (during the training period, trainees don’t make the company money, they cost money), but it also decreases productivity as new members learn the skills they need to do their jobs. Workers are also more likely to view employers with high turnover rates with suspicion, which may make it harder to attract the skilled workers you need to succeed.
Your Network is Left Vulnerable
Older hardware is unable to support the newest software, which means you won’t be able to take advantage of security patches or other steps software manufacturers take to address vulnerabilities in their products. Cybercriminals are well known for targeting older software with known vulnerabilities since not all users will have the latest security patches installed.
Increased Environmental Impact
Everyone knows old cars are more likely to be gas guzzlers than their sleek modern counterparts, but the same holds true for outdated hardware. Increased energy consumption leads to higher electricity bills, increasing your carbon footprint while further eroding your bottom line.
You May Experience Data Recovery Problems
Should disaster strike, outdated hardware means you may have trouble recovering lost data. Depending on your industry and the nature of your business, the impact of this lost data could range from frustrating to catastrophic.
You’ll Likely Encounter a Skills Shortage
As we mentioned in the section about unnecessary costs, finding a repair or maintenance company with the skills needed to repair and maintain your outdated equipment may be difficult. Even if you are able to find a business that can help, there aren’t likely to be many of them around, which means you will likely be left with the choice of either paying exorbitant amounts for repairs and maintenance or upgrading your hardware anyway.
Also, because older hardware is only able to support older software, you may find it’s difficult to find workers who are familiar with the programs you use. For example, many financial institutions rely on software written in COBOL; a vintage programming language developed nearly 60 years ago that isn’t regularly taught in universities anymore. Unfortunately, many major financial corporations (and sections of the federal government) rely on systems that use COBOL, and as older programmers retire, they are having a hard time hiring qualified replacements.
By holding onto unsupported hardware, you may be compromising your organizations’ future as it becomes increasingly difficult to find workers and repair people who have the skills needed to maintain your outdated and aging equipment.
Frustrated Customers Are Likely to Become Former Customers
In the age of instant results, a slow website or frequently inaccessible client portal is incredibly frustrating. Customers expect to be able to access products and services quickly 24/7/365. That means organizations that experience frequent outages, slow software, and other outdated hardware-related issues are likely to see their customers abandon them for competitors who offer a better user experience.
Looking to Break Up with Your Outdated Hardware? Virtual Armour Can Help!
A system migration may seem daunting, and not every organization has the people power or the inclination to maintain and troubleshoot their IT infrastructure or keep it up to date. That’s why Virtual Armour offers managed infrastructure services.
Recent cyberattacks, including the SolarWinds attack and the Microsoft Exchange attack, have renewed focus on how critical a good cybersecurity posture is. Managed IT services and cybersecurity promise to help organizations manage their IT and keep their data safe and compliant, but not everyone is clear on what exactly a managed IT provider does, what cybersecurity is, and what the various technical terms used in the industry mean.
To help you understand what managed IT and cybersecurity are, and why they are important, we’ve created a handy little guide that explains common terms you may encounter and demonstrates how they pertain to the larger cybersecurity or managed IT picture.
What is Cybersecurity?
In the broadest sense, cybersecurity refers to techniques used by either companies or their cybersecurity services provider to protect an organization’s digital assets. Digital assets include both your digital infrastructure (networks, systems, and applications) as well as your data (such as financial records, client lists, and other records). By taking steps to protect these digital assets, organizations can better safeguard themselves against cyberattacks, where threat actors or attackers (also called hackers) attempt to gain unauthorized access to infrastructure or data for nefarious purposes.
Types of Cybersecurity Solutions
Many of these solutions overlap, creating a “swiss cheese” model approach to cybersecurity: not every program is going to be able to catch everything, but layering multiple programs and strategies together reduces the chances that someone or something malicious is able to slip through all your defenses.
Antivirus is a type of security software used by IT professionals to scan for, detect, block, and eliminate malware (malicious software). AV programs typically run in the background and rely on known malware signatures and behavior patterns. Though AV is useful, it is just one piece in the cybersecurity puzzle and isn’t enough to protect your digital assets on its own.
Endpoint Detection & Response (EDR)
Endpoint detection and response refers to a set of tools and solutions that are used to detect, investigate, and mitigate suspicious activities on endpoints (devices that can access the network, including computers and smartphones) and on hosts (such as networks). EDR is valuable because it can detect advanced threats that don’t have a known behavioral pattern or malware signature (like AV requires). EDR can also trigger an adaptive response (like your immune system springing into action) depending on the nature of the threat it has detected.
Managed Detection & Response (MDR)
Managed detection and response is a piece of the SOCaaS (Security Operations Center as a Service) model that offers a comprehensive solution for continuous threat monitoring, threat detection, and incident response and is provided by a third-party vendor. Holistic, turnkey solutions like this can help provide peace of mind, giving IT professionals the information they need to prioritize incidents and improve the overall security posture of the organization.
Network Operations Center (NOC)
A network operations center refers to a central hub that allows network administrators to manage and control their network or networks and their primary server across several geographically distributed sites (such as a head office managing and observing multiple branch locations). Because network administrators need to deal with threats and headaches such as DDoS attacks (discussed later in this article), power outages, network failures, routing black holes, and other issues, it is critical that they are able to oversee the entire network and react to threats quickly and easily.
A NOC is not a security solution, but it can help larger organizations effectively monitor their networks, endpoints, and other critical infrastructure and devices for signs of trouble and is frequently used in Managed IT.
Security Operations Center (SOC)
A security operations center is crewed by cybersecurity personnel and handles threat detection and incident response processes, all while supporting the various security technologies your security operations rely on. While larger enterprises often build and manage their SOC in-house, small and medium-sized organizations don’t typically have the personnel or bandwidth to do so. As such, SMBs (small and medium-sized businesses) frequently choose to outsource their SOC to trusted partners.
Security Information & Event Management (SIEM)
SIEM is a vital tool used to collect and aggregate security events and alerts across multiple security products. Once this information has been gathered, the SIEM software analyzes and correlates those events to look for patterns that might identify potential threats within the organization.
Vulnerability management solutions are programs that are used to identify, track, and prioritize internal and external cybersecurity vulnerabilities. This information is used to optimize cyberattack prevention activities (such as patching known vulnerabilities, upgrading software, and fixing configuration errors).
Patches refer to small programs released by software development companies to fix vulnerabilities they have discovered in their products. Keeping your software up to date allows your organization to take advantage of any security patches released, allowing you to better safeguard your digital assets. Unpatched software leaves your organization vulnerable since cybercriminals often target recently patched software in the hopes that not all organizations will have the patch installed.
Vulnerability Assessment (VA)
Vulnerability assessments are used to identify, classify, and prioritize vulnerabilities and can be used to assess internal, external, or host-based, third-party systems.
Common Types of Cyberattacks
Cyberattacks are becoming increasingly common and can be devastating. A single attack can compromise your systems and your data, ruin your reputation, and even lead to legal trouble and compliance issues if it isn’t addressed and remediated swiftly.
Brute force attacks are crude but frequently effective. During a brute-force attack, a cybercriminal attempts to gain unauthorized access to a system by trying all possible passwords until they guess the correct one. Though this could take centuries by hand, many criminals have software that allows them to try passwords quickly, making this a viable hacking option.
Phishing & Social Engineering
Phishing attacks involve a cybercriminal attempting to trick potential victims into revealing confidential information (such as your banking details, your credit card number, your SIN, or your password) or install malware by clicking a link or opening an infected file. Phishing attempts usually involve text-based communications such as email, text messages, or other messaging apps. Cybercriminals usually pretend to be someone you are already primed to trust, such as your boss or an employee from your bank.
Phishing scams are a type of attack that uses social engineering. Social engineering is when attackers use psychological manipulation to infiltrate an organization or private network by exploiting human weaknesses and tricking unsuspecting users into granting access or handing over sensitive information. This manipulation relies on the human desire to help and trust easily and may also use the fear of getting in trouble or causing an inconvenience.
Credential stuffing involves using existing databases of compromised usernames and password combinations (typically collected during a previous breach and frequently purchased on the dark web) to attempt to login to a targeted account.
The dark web refers to a part of the internet that isn’t indexed by search engines such as Google, so it can’t be accessed by simply typing in a URL (such as www.virtualarmour.com) into your browser. This secrecy has made the dark web a popular place for criminals, allowing them to buy and sell illegal items (such as credit card numbers, illegal weapons, and malware) away from the gaze of law-abiding internet users.
Cryptojacking is an attack that involves the unauthorized user of someone else’s computer to mine cryptocurrencies. Though this type of attack isn’t likely to damage data or systems, it is still concerning because it means someone has access to your digital assets without your knowledge or consent. It can also affect the performance of your system and cost you money since the attack siphons off computing power and uses electricity that your company is paying for.
A data breach, also called a hack, refers to any event where unauthorized users are able to gain access to your systems or steal sensitive information such as PII (personally identifiable information) from an organization or individual. The goal of a data breach is usually to either use this information to gain unauthorized access to other systems (such as using your Netflix username and password to try and log into your bank account) or to sell this information to other cybercriminals.
Distributed Denial of Service (DDoS)
DDoS attacks attempt to crash a web server or other online service by flooding it with more traffic than the network can handle. This can be done either by a large group of cybercriminals working together or a single cybercriminal with a large botnet (connected computers performing repetitive tasks). By overloading the server, cybercriminals can prevent legitimate users from accessing a company’s products or services.
DNS hijacking (also called DNS redirection or DNS poisoning) redirects queries from the intended Domain Name System (DNS) to a different website, often populated with malware, advertising, or other unwanted content. The DNS acts like a phone book for the internet, so DNS hijacking involves forcing the browser to dial the wrong number (or go to the wrong website).
A drive-by attack is a form of malware attack. However, unlike phishing or other forms of malware attacks, users don’t need to be tricked into downloading infected files or opening suspicious links. Instead, user devices are infected automatically when the user visits a trusted or legitimate website that has been compromised.
An exploit is a malicious script (a list of commands executed by a program) or application that exploits known vulnerabilities in endpoints or other hardware, networks, or applications. The goal of exploit attacks is usually to take control of a system or device, increase access privileges, or steal data. Exploit attacks are often used as part of a larger, multi-layered attack.
Malware refers to any form of malicious software and is often spread via email attachments or suspicious website links. The goal of malware is to infect endpoints to gain access to sensitive systems or data or collect private information such as passwords or banking details and send this information back to the attacker.
Ransomware is a type of malware that prevents end-users from accessing an organization’s data or system or an individual’s data or system. Once the files or system is encrypted, and the user is locked out, the attacker promises to restore access in exchange for money, usually in the form of cryptocurrencies.
Supply Chain Attack
Supply chain attacks occur when threat actors are able to access a target’s systems by compromising a third-party resource, which is what happened with the SolarWinds attack. The reason that attack was so devastatingly effective is that the attackers were able to gain access to a SolarWinds program called Orion, which is widely used by companies and US government departments to manage IT resources. When SolarWinds sent out a routine Orion update, they didn’t realize it contained malicious code, which allowed the attackers to access client systems.
As was the case with the SolarWinds attack, the compromised vendor is typically not the final target but instead is used as a means to an end so the attacker can gain access to their intended victim’s systems. However, the damage is not limited to the intended victim but affects any other organization that inadvertently downloaded the compromised software.
Common Cybersecurity Compliance Regulations
Compliance is a large part of cybersecurity for many verticals and industries, including healthcare, finance, energy, and retail. Which regulations you need to comply with depends on a variety of factors, such as your industry or vertical, what sort of PII or sensitive information you handle, who you do business with (such as the US Department of Defense), where your users or clients are located, and whether or not you process credit card payments. To find out which regulations apply to you, please speak to a qualified compliance professional.
Healthcare providers and related organizations need to comply with Health Insurance Portability & Accountability Act (HIPAA) regulations. HIPAA is responsible for establishing cybersecurity standards for healthcare providers, insurers, and all third-party service providers that medical organizations do business with.
General Data Protection Regulation (GDPR) is a European Union law that dictates how personal data on individuals residing in the EU and the greater European Economic Area is collected and processed and specifies the rights users have to access and control their data on the internet. Even if your organization is not based in Europe, if you have users in Europe, you must be compliant.
Organizations that Process Payment Cards or Store Payment Card Data
The retail sector isn’t federally regulated, but any organization that processes payment cards or holds payment card data is required to follow regulations laid out by the Payment Card Industry Security Council’s Data Security Standard (PCI DSS). For more information, please visit the PCI Security Standards Council’s website.
Organizations that Do Business with the US Department of Defense
Organizations that provide electricity, including electric utility companies and operators, are governed by the Federal Energy Regulatory Commission (FERC). FERC has the authority to establish cybersecurity regulations for this sector, though the standards themselves are created by the nonprofit authority called the North American Electric Reliability Corporation (NERC). The standards are referred to as the Critical Infrastructure Protection (CIP) Standards.
More information about FERC can be found here. More information about NERC can be found here, and information about the CIP Standards is located here.
Organizations with Users in California
The California Consumer Privacy Act (CCPA) of 2018 is similar to GDPR in the sense that it is designed to give consumers more control over the personal data businesses collect about them, including:
The right to know what personal information is collected as well as how it is used and shared
The right to delete personal information collected about them (with a few exceptions)
The right to refuse to allow the sale of their personal information
The right to non-discrimination for exercising their rights under CCPA
Even the best cybersecurity policy is useless if your workers and other users don’t understand it or have the necessary training to adhere to it.
Create a Plan
To begin, make sure you have a robust yet flexible cybersecurity incident response program in place. Cyberattacks typically unfold very quickly, so an ad hoc plan created in the heat of the moment isn’t going to cut it. By making all crucial decisions ahead of time (such as how evidence is gathered and handled, how resources are to be allocated in a crisis, and who needs to be alerted if an incident occurs) and determining who is responsible for what you can help ensure there are no gaps or deficiencies in your response.
You should also take this time to establish cybersecurity rules, such as password standards, so you can best safeguard your digital assets.
Cybersecurity is everyone’s responsibility, from the President of the company down to the summer intern. Cybersecurity training ensures your employees know what to do should they encounter a potential threat and explains why these actions, as well as all preventative steps, are important. It’s easier to get worker buy-in when they understand the “why” behind the “what”.
Test Your Plan
Once you have a plan and the necessary cybersecurity programs and tools in place, you need to test your response before an incident occurs.
What is Pen Testing?
Pen (Penetration) testing is a tool used to stress-test your cybersecurity defenses. This involves hiring an ethical (or “white hat”) hacker to try and break through your security defenses and simulate a cyber attack. The ethical hacker records any and all deficiencies or gaps they were able to exploit and then summarizes and shares their findings with your team.
Tabletop scenarios are like fire drills for security. Once your team has undergone cybersecurity training, a tabletop exercise lets them put their newfound skills and knowledge to the test while they test-drive your cybersecurity incident response plan.
Tabletop scenarios present your team with a hypothetical cybersecurity incident that they need to respond to, allowing them to practice what they have learned in a zero-stakes environment.
What is Managed IT?
In simplest terms, managed IT solutions, also called managed IT services allow organizations to hand off their IT operations to a trusted service provider, who then handles all IT-related work. This single point of service can free up internal IT team members for other projects, or in the case of an “IT Light” organization, allow you to access the professionals you need without having to hire internally.
Managed IT offers a variety of benefits, including:
Access to an entire team of professionals, 24/7/365.
Cost savings, since additional team members won’t need to be hired
Peace of mind, since you never need to worry about your IT or security person calling in sick or departing to pursue other opportunities and leaving you vulnerable.
Predictable and scalable spending
Common Types of Managed IT Solutions
There are many types of managed IT services. While some organizations only offer a handful of managed services, others take a holistic approach that handles everything. How much, or how little, you want to hand off when it comes to your IT is up to you, but make sure you carefully vet any MSSP you are considering to ensure they offer the services you need and have a reputation you can trust.
Opting for a managed IT solution can help with business continuity (BC) as well as backup and disaster recovery (BDR). BC refers to the necessary planning and preparation needed to ensure your critical business operations can continue to function should a pandemic, natural disaster, power outage, cyberattack, or other crisis affect your business. A key component of BC is BDR, which refers to a combination of data backup and disaster recovery solutions that are designed to get your systems restored and fully operational again as quickly as possible should disaster strike. Having dependable backups is critical for effective disaster recovery.
Two other good terms to be familiar with are RTO (Recovery Time Objective) and RPO (Recovery Point Objective). RTO refers to how quickly data needs to be recovered to ensure business continuity after unplanned downtime or a disaster strikes. The faster your RTO, the faster your organization can get back to work. Though exactly how long your RTO needs to be will depend on a variety of factors, you should aim to have an RTO of 4 hours or less.
RPO refers to what data needs to be recovered for normal business operations to resume after disaster strikes. This metric is usually based on file age (for example, all data backed up before this morning needs to be recovered). In conjunction with RTO, RPO can help your organization determine how often you should be backing up your data. For example, if your RPO is 2 hours, then you should be backing up your data at least once every 2 hours.
Strategic Business Review (SBR)
An SPR is a structured process with two goals: unearth new business opportunities and identify how your organization’s performance can be improved using technology or other means. This living document serves as a roadmap to guide future technological investments so you can ensure your managed IT services and IT infrastructure continues to meet your needs as your company grows and evolves.
Network Monitoring & Remediation
Remote monitoring management (RMM) is critical for network monitoring and remediation and refers to a platform that managed services providers like VirtualArmour use to remotely and proactively monitor your endpoints, network, applications, and systems for suspicious activity. This data is used to identify potential cybersecurity incidents or other potential problems so that they can be addressed as quickly as possible.
Most network monitoring and remediation is done out of the NOC (Network Operations Center).
What does -aaS Mean?
The term “-aaS” is a suffix that means “as a Service” and refers to any services (IT or cybersecurity) that are delivered remotely to your organization via the cloud. Examples include HaaS (hardware as a service), SaaS (software as a service), and IaaS (infrastructure as a service).
Not everyone is an IT or cybersecurity expert, and that is okay. The experts at Virtual Armour are here to help. We offer a wide selection of cybersecurity and managed IT services that can be tailored to meet your needs, as well as 24/7/365 network monitoring upon request.
For more information, or to get started with your cybersecurity or managed IT services, please contact our team today.
Supplemental Reading List
If you would like to learn more about managed IT and cybersecurity, please consider reading the articles listed below.
Identity management, as a concept, has been around for a while, although many of us are just hearing about it now. It sounds impressive, but what does it really mean, and are there steps your organization should be taking to ensure you have good identity management practices in place?
What is Identity Management?
Identity management (also called identity and access management or IAM) is just a fancy name with a high price tag that essentially covers all of the cybersecurity best practices you likely already have in place. The goal of any IAM strategy is to define and manage the roles and access privileges of all users on your network, and specify the circumstances under which users should be granted or denied privileges.
IAM Takes Cybersecurity Beyond the Workplace
While most organizations have robust cybersecurity practices already in place, the most significant shift IAM brings to the table is bringing cybersecurity out of the workplace and into the personal sphere.
As hacking and other forms of cybercrime become increasingly common, many individuals have begun to pay cybersecurity companies to protect their personal identity by monitoring their personal data for suspicious activities. Though this approach to cybersecurity builds on basic best practices already in place, this is the first time these practices have been applied to individuals in a non-workplace setting as the concept that individuals need to take cybersecurity steps to protect their personal digital assets continues to gain traction.
Identity & Access Cybersecurity Best Practices: A Brief Refresher
We have discussed cybersecurity best practices in the past. However, you should review your current cybersecurity posture frequently so you can ensure your current protocols continue to safeguard your digital assets and meet your needs.
Knowledge is Power
A lack of data can cripple even the best cybersecurity solution. Make sure your network is being monitored 24/7/365 for suspicious activity, and all activity on the network should be logged.
From an identity and access standpoint, suspicious activity may include users logging on at strange hours or from strange locations (a sign that their credentials may have been stolen by cybercriminals) or signs of credential stuffing, where cybercriminals try multiple username and password combinations in rapid succession in the hopes that one pairing will grant access.
Not Everyone Needs to Access Everything
Some areas of your network are bound to contain more sensitive systems and data than others. As such, these areas, such as financial records, should be afforded extra protection. While your network likely already has a firewall around its perimeter, you should consider installing internal firewalls around critical or sensitive systems as a second line of defense if your perimeter is breached.
The Importance of Strong Password Guidelines
Choosing a strong, hard to guess password is a simple step all users can take to improve your cybersecurity posture. To help ensure all users are choosing good passwords, you should be enforcing password best practices. NIST (the National Institute of Standards and Technology) offers comprehensive guidelines on choosing secure passwords in section 220.127.116.11 (Memorized Secret Authenticators) of their Digital Identity Guidelines document.
The Benefits of Password Managers
The best passwords are long and truly random, unlikely to be guessed by anyone in a reasonable amount of time. However, long random passwords are also a pain to memorize, encouraging users to write them down or otherwise store them insecurely, defeating their purpose.
To help ensure users are choosing strong passwords, you may want to consider using a password manager. A password manager works like a book of passwords where only the user has the master key. Passwords within the manager can be randomly generated, and many password managers will flag reused passwords so that users know the password they are using isn’t unique and needs to be updated.
The Power of MFA
Physical devices such as computers and smartphones can be stolen or lost, and passwords can be compromised, which is why many organizations and individuals are turning to MFA. MFA (multi-factor authentication, also called two-factor authentication) pairs a strong password with a second form of identification, such as a hardware element or text message confirmation.
When a user enters their username and password, the system sends them a push notification, often to their smartphone. The push is generated by the MFA app, and the user must acknowledge the push (either by clicking on a link in the message or entering a randomly generated temporary code on the login page) before they are granted access to the network.
Make Sure You Have Offboarding Procedures in Place
While many organizations invest a lot in their onboarding processes to ensure new hires are set up for success, not all organizations invest in offboarding processes. Making sure you have policies and procedures in place for revoking credentials from former employees is vital for good cybersecurity.
Former employees and cybercriminals alike may act unscrupulously and use their old credentials to gain access to the system. If cybercriminals are successful, their unauthorized access may go unnoticed for a while since the former employee is no longer monitoring their old account.
Offboarding is also a good policy to have regarding your personal data. Make sure you are completely aware of any other parties that have access to any personal accounts, including bank accounts or even your Netflix account, and know how to have their access removed should the need arise.
Consider a Zero Trust Approach
Zero Trust Security is exactly what it sounds like: Don’t trust any user until they are verified. Like current best practices, traditional cybersecurity approaches included strong perimeter security, such as firewalls. However, one of this model’s main failings was that if an unauthorized user was able to breach the perimeter, there was little to no internal security to prevent them from accessing sensitive areas of the network.
Zero Trust Security rests on the belief that trust should never be automatically granted either outside or inside a network’s perimeter. All users must verify their identity every time they try and move around the network. This way, even if the perimeter is breached, unauthorized users can be more easily contained to the network’s less sensitive areas.
Cybersecurity is everyone’s business, from the intern in the mailroom all the way up to the CEO, and this idea has spread beyond the workplace and into the home. To help ensure your cybersecurity posture as a business is as strong as possible, you should be:
reviewing your policies regularly
including cybersecurity in your onboarding process for new employees
offering frequent refresher training for all employees
On a personal and workplace front, you should make sure that you, your family members, and your co-workers all understand the importance of good cybersecurity and why each policy and procedure is in place.
If you could use a refresher, we have included a list of articles for your review below. If you have any questions about cybersecurity or could use some expert advice, please contact our experienced team.
We do so many things on our smartphones: We stay in touch with friends and colleagues, we do our banking, we look for work, and so much more. Unfortunately, while phones have made it easier than ever to go about our everyday lives, they also offer another way hackers can reach us by gaining access to our money and private files. While hacking may look different than it did when home computers first became commonplace, some old school tactics are still in use alongside the new and insidious approaches hackers use to gain unauthorized access to our devices. Even if you are pretty tech-savvy, you may be inadvertently exposing yourself to risk.
Ransomware attacks aren’t limited to desktops and laptops. A ransomware attack could paralyze your phone, keep you from accessing critical files, and allow unauthorized users to access sensitive personal data. The basic anatomy of a ransomware attack involves hackers tricking users into downloading malicious software (malware), which they use to take control of the device and lock users out. The hacker then threatens to delete critical files or release private information unless the user agrees to pay the ransom. While some users may be tempted, paying the ransom doesn’t guarantee you will regain control of your device or your data.
While phone calls may seem old fashioned to some people, the truth is we talk about a lot on the phone. Even if you don’t use your phone to stay in touch with loved ones or discuss sensitive business information with colleagues or clients, you may have to call your bank or the government to access services. During calls with your bank, you will likely discuss your banking details, and calls to the government will inevitably require answering verification questions and confirming your social security number.
Blackmail is nothing new, but the tiny computers we carry around in our pockets contain more personal information than our desktops and laptops do, making them tempting targets for hackers.
A typical blackmailing hack may go something like this: The hacker obtains some personal information on the victim that is already available on the black market, likely as a result of a previous, unrelated breach. They use this information to trick the victim’s phone company into believing they are the user and convince the company to transfer the victim’s number to a new phone owned by the hacker. When phone companies transfer numbers, they often transfer all the information on the old phone as well, which hackers can then use to blackmail their victims. In order to regain access to their personal files, victims may feel pressured to give in to the hacker’s demands or pay a ransom.
To Mine Cryptocurrency
Any computing device, including smartphones, can be hijacked by hackers and used to mine cryptocurrencies such as Bitcoin. This attack is referred to as cryptojacking. For more information on cryptojacking, and what steps you can take to safeguard yourself, please read our blog post Cryptojacking: Because Every Currency Needs to Be Protected.
To Gain Access to Your Company
Even if hackers target your phone, you may not be their primary target. A large percentage of office workers are currently working from home, which means many of us may be using our personal smartphones for business purposes. While working in a BYOD (bring your own device) exposes companies to risk providing work laptops and work smartphones for every employee may be cost-prohibitive. Fortunately, there are steps companies and workers can take to safeguard their devices and the company network. For more information, please read our blog post, Keeping Your Network Secure in a Bring Your Own Device World.
Cybersecurity Steps You Can Take to Protect Yourself
Stay Away From Third-Party App Stores
One of the easiest things you can do to protect yourself is to avoid third-party app stores; only download apps from trusted sources such as the Apple app store or the Android app store. However, hackers and other malicious actors have been able to penetrate these platforms as well, and some rogue apps have slipped through, so while this rule will reduce your odds of downloading a malicious app, it doesn’t completely eliminate risk.
Keep an Eye on Your Settings
Checking your phone’s settings can help you spot suspicious behavior. If your phone seems to be chewing through its battery more quickly than usual or appears to be running more apps than you currently have open, it may indicate a hacker has downloaded and is running a malicious app on your device without your knowledge.
Wait Before You Download
While you may be tempted to download that shiny new app as soon as it launches, waiting can help you ensure that new apps are free of serious security flaws. Waiting also gives developers a chance to issue patches to address any issues that do come to light.
When in Doubt, Don’t Click
Whether you are using your smartphone, desktop, or laptop, if you:
COVID-19 has had a profound effect on our society, affecting our health, our work, and our overall well-being. Proximity tracing aims to help track the spread of this virus and use this information to limit future infections.
What is Contact Tracing?
Contact tracing, also called proximity tracing, is, at its core, detective work. Trained medical professionals interview individuals who have contracted a contagious disease to determine who they have recently been in contact with.
This information is used to inform individuals who may have been exposed so they can take steps to prevent the disease from spreading further. In some cases, such as COVID-19, this involves going into isolation. Contact tracing also provides medical professionals with information on how different diseases are spread, which they can use to help the general population flatten the curve using measures such as social distancing.
Contract tracing has been successfully used before to help curb infection rates during the 2003 SARS outbreak and the Ebola outbreak of 2014. It has also been used to track other diseases such as tuberculosis.
Why Contact Tracing Apps Are So Important
Though medical professionals have been using contact tracing for years, COVID-19 has put a spotlight on this important medical investigative tool. To help flatten the curve, Apple and Google are working together to create a cross-compatible contact tracing app.
An app would allow contact tracing to happen automatically, which means that medical professionals would no longer need to conduct lengthy interviews and contact each potentially infected individual.
This app, and other apps like it, trace contact automatically by recording when two people are close enough to one another for a long enough period of time that there is a significant risk a contagion (such as COVID-19) could pass from one person to the other.
This information is securely stored for a set period and used to alert individuals if they were in close contact with someone who has now tested positive so they can take appropriate steps.
Mitigating Potential Privacy Concerns
Tracking people, even if it is for the benefit of public health, raises privacy concerns. To protect user identities, these apps don’t rely on GPS data or other personal information and don’t reveal any identifying details. Instead, the app simply tells the user that they have had contact recently with someone who has now tested positive and should take precautions such as getting tested and self-isolating.
How Contact Tracing Apps Work
The apps work like this: once you download the app (and ensure your Bluetooth is turned on), the phone sends out a message with pseudorandom gibberish every few minutes. This information is picked up by other phones nearby that also have the same app or a compatible app installed. The pseudorandom nature of these messages means they don’t use GPS and don’t contain any personal information that could be used to identify the user specifically.
So, how can the app trace contact if it doesn’t have access to any identifying details or GPS information? The phone both sends out messages and listens for messages from nearby phones. If 2 phones with the same app, or compatible apps, stay close to each other long enough for possible transmission to occur they exchange their respective strings of gibberish.
Each phone then remembers all of the messages it sent and received within a set period (such as 2 weeks). Then, if one user gets sick and tests positive for COVID-19, they can tell their phone to check it’s send and received messages against a hospital or other health authority database.
The database then uploads and stores all of the gibberish messages from the infected person’s phone. Other users’ phones check their own received messages periodically against this database. If the same gibberish message is found in both the database and a user’s list of received messages, then the app knows the user may have been exposed to the virus. The app then alerts the user, who can then self-quarantine to prevent further spread.
What if Not Everyone Has the App?
The more people who use compatible tracing apps, the better since that means more potentially infected but asymptomatic people can be warned and self isolate before infecting others.
Infectious disease epidemiologist Cristophe Fraser and his colleagues at the University of Oxford have predicted how using an app could help stem the spread of the virus. Their model found that if about 56% of the population (or about 80% of all smartphone users) used either the same app or compatible apps the rate of infection would go from a reproduction number (R0) of 3 (roughly where it was at the beginning of the epidemic) to less than 1 (which is well below the necessary threshold for containing the outbreak).
The Oxford team’s model is based on several assumptions that need to be taken into account:
It ignores the use of widespread social distancing rules, which have had a large hand in reducing infections even without contact tracing.
It assumes that individuals over 70 continue to self-isolate, severely limiting their chances of getting infected or spreading the disease.
It assumes that traditional contact tracing measures are not being used in tandem with the app.
However, if even a few users download compatible tracing apps, infection rates go down. And as usage rates increase, infection rates will decrease.
What Should I Expect When I Return to Work?
Post COVID-19 workplaces will likely look very different from what we are used to, and will likely adopt many of the safety measures essential businesses have already put in place.
Contact tracing will likely become standard practice, with organizations either insisting their employees either use approved contact tracing apps or other methods of electronic contact tracing and share the collected data with their employer.
Good contact tracing methods will be valuable both to track the potential spread of infection between employees as well as the spread of infection from employees to visitors or customers or vice versa.
Working from Home Becomes the Norm
Many organizations will rethink the need for employees to come to the office every day. They may begin by asking employees to self-isolate at home for 14 days if they have had contact with an infected person within the last 2 weeks or have recently traveled outside the country.
Companies may also encourage employees to work from home whenever possible. This will reduce the number of people in an individual workplace on any given day and will likely reduce the demand for office space.
Increased Safety Measures
Temperature checks at the beginning of shifts will likely become the norm, and individuals with fevers will likely be sent home or otherwise denied entry to the building. Organizations that work with the public, such as retail stores, may also prohibit customers from entering if they have a fever.
Employees may also be required to wear PPE (such as facemasks) either at all times or when social distancing isn’t possible (such as when riding the elevator). Employers will have to either provide workers with PPE or set guidelines to ensure that the PPE employees bring from home offers adequate protection.
Facilitating Social Distancing
Social distancing is likely here to stay. Workplaces may adopt electronic social distancing practices, like the social distancing necklaces used by one Italian museum. Necklaces, bracelets, lanyards, or other wearable social distancing devices will buzz, flash, or emit a noise when 2 wearers get too close to one another.
How we move about our workplaces will also likely change as employers may also choose to designate set entrances and exits and make hallways one way to better facilitate social distancing.
Rethinking the 9 to 5 Workday
In workplaces where working from home isn’t an option, or isn’t an option for everyone, employers will likely choose to stagger shifts to limit the number of individuals in the workplace at one time.
Changing Workplace Layouts
What the workplace looks like will also change. Employers may rearrange workstations to ensure their workers can safely practice social distancing. This will likely include ensuring workers remain 6 feet apart, moving away from open-plan offices, and potentially limiting the number of employees in the building at one time.
Common areas, such as lunchrooms, will likely be reimagined or closed entirely. Spacing tables farther apart, staggering breaks, and increased cleaning between breaks will all likely be required to ensure these common areas can be appropriately sanitized, and employees can sufficiently social distance.
Workplaces in the post-COVID-19 era will likely look very different than they did just a few short months ago. Even once a vaccine is developed and made widely available, how we trace and fight disease will be forever changed as apps make it easier than ever to trace contact between infected individuals and potentially infected people.