Showing how VPNs and firewalls don’t perform the same function
How having both would help develop a secure remote environment
Help you understand what a VPN and a Firewall is.
What is a Firewall?
Your firewall is your first line of defense for keeping your information safe and is a type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data which could harm your business. Firewalls are deployed via hardware, software, or a combination of the two. Many businesses also employ data encryption for an extra layer of security.
A firewall inspects and filters incoming and outgoing data in the following ways:
With Packet Filtering filters incoming and outgoing data and accepts or rejects it depending on your predefined rules.
By using a Circuit-Level Gateway when a connection such as a Transmission Control Protocol is made, and small pieces called packets are transported.
With Proxy Servers: Proxy servers mask your true network address and capture every message that enters or leaves your network.
Using Stateful Inspection or Dynamic Packet Filtering to compare a packet’s critical data parts. These are compared to a trusted information database to decide if the information is authorized.
What is a Virtual Private Network?
A VPN creates a secure tunnel for your data to transit the Internet, using a network of private servers. When you use a VPN, your data is encrypted, or hidden, as it moves from your device to the VPN and continues onto the Internet through an exit node. A VPN creates the appearance that your data is coming from the VPN server, not from your device.
Therefore, it’s harder for an attacker to identify you as the source of the data. Even if attackers can intercept your data, encryption means the attackers can’t understand your data or use it to their advantage. When you put your data out to the VPN server, it exits back out to the public internet.
Which Should You Use and why?
If you want to be as secure as possible, you should use both technologies. A VPN will keep your activity private without affecting your speeds, and a firewall will keep malicious intruders out of your network (and any devices connected to it).
If you still have questions or would like to secure your company reach out to N-Tech Consulting at 855-711-6601.
Outdated Technology Is Dangerous & Expensive
Why Your Outdated Technology Is Dangerous & Expensive
Trying to hang on to old hardware may save you money now, but it exposes you to many other risks and potential expenses. Do you know when it’s time to upgrade your IT?
Frugality is a valuable priority in the business world.
Avoiding overspending and being resourceful with your assets can help boost your profits and keep your business within its budget. However, there’s a difference between being frugal and cheap—do you know who you are?
There’s an easy way to tell. Ask yourself, “when was the last time I updated my technology?”
At a certain point, old technology will hit a critical point of risk and functionality: end of life.
What Is End Of Life?
End of life means no more bug fixes or security updates for the hardware or software—it’s the end of support delivered by the manufacturer.
Over time, there will be a loss of usability and increased vulnerability. While it may work fine right now, it won’t be long before it becomes a problem.
That said, It's not uncommon to procrastinate on technology upgrades. The process can be expensive and complicated, but the fact is that there comes a point in the technology life cycle when failing to upgrade can present several serious concerns.
As important as cost control is, it is equally important for owners and managers to ensure they’re maintaining their competitive edge, using secure technology, and working as efficiently and effectively as possible.
Without support, security updates, and bug patches, users open themselves up to several risks:
Expired online banking protections
Exposed private data
The device is used as an entry point into your other systems
The fact is that many of us will continue to use outdated technology long after it should have been replaced. Whether it's that old smartphone that won't run newer operating systems or the computers you use at work, sticking with out-of-date technology will save you a bit of money because you don’t have to replace it.
But did you know how it will cost you in other ways?
Old Technology Is Expensive To Keep
If your old tech is working so poorly that it stops you and your staff from working, it’s time to replace it. The downtime caused by old hardware isn’t worth the money you save by hanging on to it.
Whether you agree or not, it's a fact—Ponemon Institute estimates that every hour of downtime can cost well over $300,000.
The main cost of downtime is not the fix itself. It’s the halt in your business’ productivity. If an IT-related or natural disaster occurs and takes critical systems offline, employees will be unable to complete their tasks, yet your normal business expenses will carry on.
The downtime economy is unforgiving—it grinds your business to a halt, raises expenses, and keeps you from getting anything done. Additional costs include…
Expense vs. Revenue
During downtime, you incur all the expenses of running a business without the revenue you usually generate.
Loss of Focus
Even if downtime does not grind everything to a halt, some of your staff will have to divert themselves from their normal work to mitigate the problem—again reducing productivity.
Affected Service Delivery
Furthermore, while your systems are down, you can’t deliver services or sell products to current and potential new clients.
Cost Of Repair
However you approach fixing the problem, it’ll cost time and money.
4 Reasons To Update Your Business’ Technology Sooner Rather Than Later
Your Technology Is Slowing You Down
As explored above, speed is the most direct result of age in the technology life cycle.
The older your hardware or software is, the slower it will run. Every minute you and your staff spend waiting on technology to respond is time wasted in the working day.
Your Technology Is Putting You At Risk
Did you know that the most common way cybercriminals get into a network is through loopholes in popular software, applications, and programs? Despite how advanced modern software is, it is still designed by humans, and the fact is that humans make mistakes.
Due to this, much of the software you rely on to get work done daily could have flaws—or "exploits"—that leave you vulnerable to security breaches.
Many of the most common malware and viruses used by cybercriminals today are based on exploiting those programming flaws; to address this, developers regularly release software patches and updates to fix and protect the users.
This is why you must keep your applications and systems up to date. However, once technology hits the end of life, it no longer receives these critical updates, which makes it perpetually vulnerable.
Your Technology Is Holding You Back
You may notice that your competitors have far surpassed your capabilities and can provide clients with features and products that you cannot offer.
If you find it hard to keep up with your competitors, it might be time to consider how new technology can enhance your work.
Repairs Don’t Last Very Long
The older your hardware gets, the more often you’ll need to call someone to fix it.
The more you need someone to fix it, the less effective those fixes become. That means paying more and more for support to come in and get it running again, the returns on which will quickly diminish.
It’s Time To Take Stock Of Your Hardware
Does Your Hardware Function Properly?
Can you turn it on?
How long does it take to start up?
How long does it take to execute tasks like opening applications?
You need to know whether your hardware is holding you back, making you wait, and slowing your firm down.
Is The Software Up To Date?
Now that you’ve determined how functional the hardware is, the next step is the software. Even if this technology hasn’t been turned on in a week, there will likely be some updates that have to take place.
Updates are important because they correct existing errors and mistakes in software and patch potential flaws that could leave it vulnerable to security threats.
One by one, open up each program you plan to use regularly. If updates need to be installed, a pop-up window will likely open on start-up. However, if the previous owner turned off that automatic function, you’ll need to manually check for updates, which can be done in the program preferences.
What Is The Status Of Licenses And Warranties?
After double-checking that everything is up to date, the next step will be to confirm the status of any existing licenses and warranties.
Depending on the firm type, specific software may be needed for daily operations. The bottom line is that if you need it to get work done, you should know whether you can use it.
Is It Time To Upgrade?
There are various reasons you may decide to hold off on making a major upgrade to your technology, such as the cost and hassle.
However, avoiding the issue for too long will do more harm than good, and will affect your productivity, security, and ability to get work done.
Make sure your IT company is helping you manage hardware lifecycles—if they can’t, then consider working with N-Tech Consulting.
Our team can help you evaluate your IT environment to ensure everything is up to date and ready to meet your team’s expectations.
Book a meeting with our team to get started.
How to Know You Are the Victim of Email Phishing.
Have you ever received an email that looks just a little bit different than all the others? Or maybe you have recently received an email from a sender that looks out of the ordinary or that you are not familiar with. If this has happened to you, we at N-Tech Consulting suggest that you DO NOT proceed with clicking any links, replying, or any other action the email asks you to do. Our suggestion is to immediately contact us or your technology provider and follow their guidelines to ensure you and your technology ecosystem are protected.
We at N-Tech want to make sure you are never lured into the trap of Email Phishing. In this post you will find early insight on how to detect if you are at risk to becoming the victim of an Email Phishing attack, and how to prevent these attacks from happening.
Below are questions to ask yourself if you feel you are the victim of an email phishing attempt.
Does the sender look suspicious, or is an address you don't recognize?
Many times a phishing attempt will replicate someone you have previously been in contact with via email, that is why is is very important that you check the actual domain of the sender, to further understand who is actually sending you that email.
Does the subject line require an action or perceive as a threat to you?
It is important to pay close attention to what the subject line reads. If the subject line reads anything that may seem persuasive, demanding, or aggressive think twice about opening the email and taking action. This is especially true if the subject line reads something that you have no previous knowledge of. More times than none if your boss or supervisor wants to inform you of important information there will be some kind of precursor or they will tell you in person.
Is the greeting generic and and not particular to you?
Typically someone who is attempting a phishing attack will send a multitude of emails out at one particular time. This strategy results in efficiency of time on the end of the phisher, but increases the likelihood of a victim from preforming action on the attack. There are also phishers who will personalize the greeting. If this is the case, refer to the other guidelines to determine a phishing attempt.
Are there grammatical or spelling errors within the email?
With texting being a consistent form of communication comes the use of abbreviated grammar and acronyms. If you see within the copy of the email the usage of 'u', instead of 'you', or the word 'send', where the word 'sent' should be, then this should raise question as a potential phishing attempt. Other inconsistencies include extra spaces in between words, and the use of symbols to attempt a clickable action by you, the user.
Are there links within the email?
Before clicking any link within an email use this helpful tactic to justify the legitimacy of the link. Place your mouse cursor on top of the potential threatening link, (it is important to note NOT TO CLICK the link upon doing so). After holding the cursor on-top of the link for a few seconds, the actual destination of the URL will appear. If the destination of the URL is different than what is shown in the email, there is a great likelihood this is an attempt at phishing.
Is there an attachment that requires a download?
Does the suspicious email you just received have an attachment included, and you are eager to open it to see what it could potentially be? As tempting as it may be to open that attachment we at N-Tech urge you to hold off, as that attachment may house the vulnerable link within the attachment instead of the email body itself.
Should I be worried about an email that looks branded by a reputable company as being a phishing attempt?
The answer is YES, you should absolutely be wary of branded emails, especially if it is a service that you may have never heard of before or are not a user of. If you are on the fence on if that branded email is legitimate or not, please refer to the above areas of emphasis to determine if you should proceed or not with that email. As always if you are unsure reach out to N-Tech or your technology provider.
Not sure if that email from your boss is legitimate or not? Well, press that shiny new button installed in your Outlook application to report it for review. Security awareness platforms like Ironscales (which happens to be the one we use) also provide IT staff the ability to launch their own fake phishing campaigns. These are designed to present end users with real-world examples, without the risk, of course, and can act as a method to direct them to train if needed.
What is Ransomware?
Millions of people use a computer every day. What users don’t know is that they could be at risk of being a victim of ransomware. Ransomware is a type of software that prevents or limits users from accessing their system, either by locking the system’s screen or by locking the users’ files unless a sum of money is paid. Ransomware is considered “scareware” because it forces people to pay a fee by scaring or intimidating them. Recently, ransomware was responsible for the biggest cyberattack the world has ever seen. The threat can be encountered by users through a variety of means.
Ransomware can reach your computer many ways. It can reach users when they unknowingly visit malicious or compromised websites. Imagine surfing the web and going onto a site that is infected with ransomware. It would be awful. Ransomware can also reach you by being dropped or downloaded by other malware. Some are known to be in attachments from spam email, dropped onto vulnerable systems, or through advertisements that are used to spread malware. Once ransomware is in your system it can either lock the computer screen or it can encrypt predetermined files. In the first scenario, an image or notification will pop up preventing victims from using their systems. In the second scenario, the ransomware prevents access to critical or valuable files.
To get your files back you will have to pay whoever encrypted it. Sometimes there may be ransomware help desks, where they will give victims a few files back for free, so they know they are not being completely conned. The price of ransomware vary varies; it depends on the ransomware variant and the price or exchange rates of digital currencies. The average cost is $300, and the hackers usually prefer the payment in bitcoins. Three hundred dollars doesn’t seem like a large amount, but having an affordable price means the hackers are more likely to get paid. Recently, alternative payment options such as iTunes and Amazon gift card have been listed. It is important to remember that even though you may pay the ransom, that does not guarantee users will be able to regain access to their system or files.
Ransomware attacks are not a recent threat. The first attack happened in 1989 and the payment demanded was $189, according to Symantec. It turned out to be unsuccessful because very few people had personal computers and the internet was mainly used by science and technology experts. Looking at how things are today, a large amount of data is stored on computers, people are on the internet via various devices, and sending money internationally is common. The use of computers and the internet is what makes a ransomware attack so painful. Everyone would panic if they got locked out of their computers, companies would lose productivity, and hospitals would be locked out of patient files.
N-Tech can help prevent this issue by recommending security options to clients based on their needs. No one wants to pay for files that they took hours working on or photos that they cherish. To protect yourself from a ransomware attack, you want to make sure that you are always staying alert. Make sure you do not click on links that you are unfamiliar with. You also need to avoid downloading files from people you do not know. In addition, start getting into the routine of backing up files and to regularly saving the copies. This is to be safe in case your device does get infected, then you won’t have to worry about losing the files. It’s better to be overprotective of your files than it is to lose them all because of a compromised website or spam emails.
What is email phishing and how do I prevent it?
What is Phishing?
Phishing, not to be confused with actual fishing, is a common form of internet scam designed to gather information from its recipients. Cybercriminals use social engineering, often in the form of fake emails or pop-ups, to bait and lure people into giving up sensitive information such as passwords and credit card information.
While many of these phishing campaigns come in the form of low effort emails telling you that an account you don’t even have has been compromised, a growing number of phishing campaigns come in forms that are almost indistinguishable from companies legitimate communication. Phishing is on the rise. The FBI estimated that in 2019 US citizens lost a whopping $57 million to phishing attacks, so it’s easy to see the importance of being able to identify these attacks.
What does a phishing campaign typically look like?
While they can come in many forms, some of the most commons forms are:
Claims of an account problem (ex. Netflix needs to verify your payment information)
Suspicious Activity Claims (ex. A suspicious login was detected, update your password now!)
Offers that are too good to be true (ex. You’ve won a free TV! Act now to claim your prize.)
Government communication (ex. The IRS has discovered an issue with your tax refund.)
Often these attacks come littered with grammatical errors, generic greetings, and questionable links, but as mentioned earlier, sometimes a phishing attack isn’t always apparent.
Here are a few ways that you can identify a phishing attempt before getting lured in:
Is the email address recognizable? Before taking any action, take a quick look at where the message is coming from. Make sure the domain matches the sender, a legitimate email from Netflix would most likely be from something like firstname.lastname@example.org, not email@example.com.
The email includes a link, but does it match a site associated with the sender? For example, an email that is supposed to be from the government is leading to an unrelated site. Pro tip: hover your mouse over the link before clicking on it; this will expose the entirety of the linked address.
Does the message look legitimate? Take a quick look at the message you have received and be skeptical. Does this look like communication you have received from the sender before? Have you ever received communication from them?
If a link has been clicked and is asking you to login, does the login page match the site? An Amazon link almost certainly won’t bring you to an Office 365 login page.
While it is important to know a few quick ways to identify phishing attacks, the most crucial aspect of prevention will always be training. Training presented by your IT provider is a great way to get users in your business aware of the dangers and common patterns in phishing campaigns. Often these training platforms come with useful tools to help end-users identify and report phishing attacks before they become a real problem.
Not sure if that email from the CEO is legitimate or not? Well, press that shiny new button installed in your Outlook application to report it for review. Security awareness platforms like Ironscales (which happens to be the one we use) also provide IT staff the ability to launch their own fake phishing campaigns. These are designed to present end users with real-world examples, without the risk, of course, and can act as a method to direct them to train if needed.
What is Multi-Factor Authentication and why should you care?
What is Multi-Factor Authentication, or MFA?
Well, it certainly doesn't have to be complicated, and it will help secure your systems.
MFA is an authentication method in which a user is granted access only after successfully presenting two or more pieces of information to authenticate. Passwords are not enough security in today’s digital age. Email Phishing, Spear Phishing, Data Breaches, Malware, and Trojans are all trying to steal your passwords and gain access to accounts, ultimately trying to compromise your Dental Security.
What does it do?
MFA, when properly implemented, allows almost to eliminate those risks. In the first half of 2019 alone, 4.1 billion records were exposed. With those kinds of numbers, your information will likely be exposed at some point.
It is no longer a question of if, but when you will be affected.
If you have been lucky enough not to be affected by one of these breaches yet, do not think you are out of the woods. Do you use a different password for each system you access? Or are you one of the almost 52% of people that re-use passwords across services? MFA solutions, like DUO, let you sleep at night knowing your accounts are protected.
Oh, and do not settle for SMS based MFA if you do not have to. Security experts have been warning SMS based MFA has serious security implications for years now. It is not as hard as you would hope to intercept an SMS message, and your MFA has been effectively bypassed. With DUO’s Push technology, you can be assured the request is only going to the device you want it to. It even works with your Apple Watch, if that is your thing. I am still waiting for my Garmin to catch up!
Why SentinelOne is the best antivirus for your practice
Technology advances more rapidly with each year, and traditional signature based anti-virus programs just don’t cut it anymore. In the day of big data breaches, cloud connectivity, and network vulnerabilities a better solution is called for.
Traditional anti-virus programs were basically reactive. They would sit watching your computer for a known action or file to be found and THEN try to stop it. This is fine, if you already know about all the attacks taking place.
If even just one percent of those new threats aren’t in your anti-virus signature, infection isn’t a matter of if, but when. Utilizing a next generation anti-virus like SentinelOne you can be proactive, not reactive. By evaluating activity in both kernel and user space, machine learning, and things like out of band monitoring you get ahead of the bad guys.
Virus and Malware protection is one game where rapid strike capability is huge. Pundits will discuss things like “dwell time” or the number of days a threat stays active until detection and resolution. With SentinelOne real-time monitoring and forensic analytics those threats are “zapped” as soon as they occur.
Business detections of malware rose significantly in 2018, by 79% over prior years, primarily due to backdoors, cryptominers and spyware.
Detection alone isn’t enough anymore, you need automatic remediation too. SentinelOne allows for automatic rollback of any threats. That’s one of the major reasons we selected it actually. Well that, and their first ever industry Cyber Threat Protection Warranty.
SentinelOne’s cyber threat protection warranty provides customers with up to $1 Million per company if they’re unable to block or remediate the effects of a ransomware attack.
Let us help you protect your business from these ever increasing attacks!
WDA Cyber Security 2020
Just because we, as business owners, are following government guidelines doesn’t mean the Cybercriminals are following them too. While we are working to protect our businesses, employees, friends and family from COVID-19, Cybercriminals are utilizing the global crisis to target businesses. From posing as resources for COVID-19 news and information, to calling/emailing business owners and pretending to be government officials offering assistance, we all need to be ready to protect ourselves.
Are you and your team watching for malicious emails?
Is your remote access solution secure? The two easiest ways for Cybercriminals to get access to your servers/systems is by stealing your passwords from unsuspecting staff via phishing or by attacking an improperly configured / unsecured remote access solution.
Ask yourself, have you done these things to protect your office? Has your technology provider?
Is ALL of your critical data being backed up? Servers, Cloud Storage, Email?
Does your backup solution automatically backup off-site? If not, are you taking a copy offsite regularly? Have you checked the off-site copies?
Does your remote access solution require Multi-factor Authentication (MFA)? Eg. You have to provide a code from an authenticator app when you login. Not just a username and password.
Are the computers you’re using to remotely access the office patched and running anti-virus?
Is your business using Remote Desktop aka RDP for remote access? Make sure your technology provider clearly understands how to secure remote desktop and that access is behind a secure gateway or VPN.
Are you using strong passwords or multi-word passphrases AND MFA on as many applications/systems as you can?
Avoid open wi-fi hotspots and only utilize wi-fi networks with WPA2 or WPA3 security.
Don’t let your children or other family members use your work computer or the computer you use for connecting to the office.
When you walk away from your computer, make sure you log out or lock the screen. Hitting Ctrl-Alt-Delete and Selecting Lock Screen or Hitting the Windows Key + L will lock it quickly.
Phishing Attacks or other Social Manipulation
As always, Cybercriminals are leveraging current events to manipulate and swindle business owners. If you receive emails about COVID-19, business relief loans, tax returns or other related items, be very cautious and do your best to verify the authenticity of the emails. These types of phishing attacks are crafted to manipulate you into clicking links or opening attachments that look safe but are in fact malicious.
A COVID-19 or related Phishing Email may include:
Fake links that appear to go to government sites.
Links to maps showing infection rates or other statistics.
Links to government or state agencies with a legitimate name, but a fake hyperlink.
A warning to download a document related to COVID-19.
Links to a hospital or other healthcare institutions.
Place your cursor over the link and a pop-up should show the URL the link actually goes to. Make sure it matches up with where the link says it is going.
Carefully check the FROM email address to verify the name on the email and the address is from a known sender.
Once you click a link, make sure it takes you to the site you expected by checking the URL bar at the top of your browser.
If you click on a link and it asks you to login, think twice before entering your credentials. Is this an Office365 login on a random site? Does the information the site is asking for make sense? Don’t just blindly login.