Posts

Shields Up in 2024 – Recommended Cybersecurity Guidance for DC Region Organizations

/0 Comments/in /by

As the nation’s cyber defense agency, CISA helps organizations prepare for, respond to, and mitigate the impact of cyberattacks.

CISA’s Shields Up campaign is a heads-up to every organization—large and small— to adopt a heightened posture when it comes to cybersecurity and protect your most critical assets against disruptive cyber incidents. Important recommended actions to protect your organization include:

Reduce the likelihood of a damaging cyber intrusion

  • Validate that all remote access to your organization’s network and privileged or administrative access requires multi-factor authentication.
  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA. Details: https://www.cisa.gov/known-exploited-vulnerabilities-catalog/
  • Confirm that your IT personnel have disabled all ports and protocols that are not essential for business purposes.
  • If you’re using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
  • Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
  • Leverage CISA resources at https://www.cisa.gov/resources-tools

Take steps to quickly detect a potential intrusion

  • Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging to better investigate issues or events.
  • Confirm your entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
  • If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.

Ensure you’re prepared to respond if an intrusion occurs

  • Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within your organization, including technology, communications, legal and business continuity.
  • Assure availability of key personnel; identify means to provide surge support for responding to an incident.
  • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

Maximize your organization’s resilience to a destructive cyber incident

  • Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
  • If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

By implementing this guidance, you can make near-term progress toward improving cybersecurity and resilience.

We also recommend a visit to www.StopRansomware.gov – a centralized CISA webpage providing ransomware resources and alerts.

If you’re not confident about how secure or compliant your Voice communications are, TCI can help. Call us today at (703) 321-3030 or GetHelp@tcicomm.com.
 

Stay Vigilant… 5 Techniques Bad Guys are Using to Breach Your IT

/0 Comments/in /by

While we all know security is important, sometimes day-to-day operations overwhelm our good intentions to keep up with fast-moving technology threats. Staying safe means being continually aware and taking precautions against the more common techniques bad guys are using to breach businesses every day:

1. Spoofing – Email spoofing is when the sender address is forged to make it appear that their email comes from a trusted source, such as your bank. The email can send you to a bogus website where your account details can be stolen. Or it appears to come from inside your own organization, asking you to change your password or confirm your details.

2. Phishing – Often posing as a request for data from a trusted source, this attack is launched via email and asks users to click on a link. Over time, phishing has evolved to include Spear Phishing (targeted attempts highly personalized for a specific individual) and Whaling (phishing scams that target high-profile users and decision makers).

3. Hijacking – This attack changes a computer’s settings to either ignore DNS or use a DNS server that is controlled by malicious hackers. The attackers then redirect communication to fraudulent sites. Website hijacking is commonly used to redirect users to fake login pages for banks and other online services in order to steal their login credentials. It can also be used to redirect security sites to non-existent servers to prevent affected users from updating their security software.

4. Malware Insertion – This refers to a variety of cyber threats including Trojans, viruses and worms which typically steal data or destroy key computer functions; usually introduced through email attachments, website visits, software downloads, or operating system vulnerabilities.

5. Ransomware – This is a specific type of malware that requires some sort of ransom payment to either remove it or to retrieve files that had been encrypted. Ransomware has been around for a long time, but it made news in recent years when payments started to be demanded in Bitcoin, making this activity virtually risk-free for cyber criminals.

IT security is a big challenge. TCI security experts can help keep your business safe. Contact us today at (703) 321-3030 or info@tcicomm.com.

 

Ransomware Attacks Scale Up As Hackers Go After Remote Workers

/0 Comments/in /by

While the switch to home working has allowed many organizations and employees to remain productive, it has also brought additional risk as IT and security teams try to deal with overlapping personal and corporate networks.

Ransomware attacks soared during the first half of 2020, as cyber criminals looked to spread their file-encrypting malware as millions of people shifted to work from home.

According to an analysis of collected malicious activity published in Skybox Security’s 2020 Vulnerability and Threat Trends Report, ransomware has proliferated, with a 72% increase in new file-encrypting malware.

Security vulnerabilities in remote-desktop protocols – combined with the use of weak passwords by staff – have provided cyber attackers with easy access into many IT networks.

Home workers who have not been provided with clear cybersecurity training are even more vulnerable, and smart hackers know that IT teams are already bogged down trying to support remote working.

To protect against ransomware attacks during the pandemic – and beyond – it’s vital to close any vulnerabilities that could be exploited by hackers. This includes having a full view of all connected corporate IT assets so gaps can be identified and remediated.

Need help safeguarding your mobile workforce technology? Contact TCI today at (703) 321-3030 or info@tcicomm.com.