MANAGED SERVICES

Better network performance. Increased productivity. Reduced risk.

Error 404 - Not Found

  1. Wire Fraud: Breaking Down The Breach
    Wire Fraud

    This series delves into real-life cybersecurity incidents encountered by small businesses that never imagined they’d be targeted. We uncover the specific methods by which breaches occurred, what resulting consequences the business faced, and most importantly, what small to medium-sized organizations can do to better safeguard against substantial losses. Our first story is about Wire Fraud.

    IN THIS ARTICLE
    What Happened
    Why It Happened
    How It Could Have Been Prevented
    Key Insights

    What happened

    A malicious attacker gained access to the CEO’s email account. The attacker then sent an email to the finance department requesting a wire transfer of over $20,000. The employee who made the fraudulent transfer tried to verify the authenticity of the request to some extent, but still transferred the funds to the attacker, resulting in the business losing a significant amount of money.

    Why it happened

    Process

    It’s impossible to verify the authenticity of a request solely over email because the account can become compromised.  Credentials can be compromised in several ways, including 3rd party service breaches, password reuse, password sharing, phishing, and social engineering. That’s why this organization had a phone verification process in place for high-risk requests like wire transfers. Unfortunately, while the finance department was initially suspicious of the request, the threat actor still convinced the employee that the CEO was unavailable to take a call, largely because they closely mimicked their style and tone.

    Even if you have a documented, secure verification process, your organization can still be susceptible to a breach if that process is not ALWAYS followed. This is especially true for those in finance, leadership, or C-level roles.

    Technology

    Why was this breach not detected before the funds were wired? Unfortunately, since the email account was compromised, base security features were not sufficient to detect the breach. Microsoft Defender would not have mitigated the threat since the attacker used legitimate login credentials and multi-factor authentication was not enabled.

    How It Could Have Been Prevented

    Communication Protocols

    Establishing foolproof communication protocols is not just a suggestion, but a necessity. Educating staff about the importance of verifying critical requests through secure channels, such as phone calls, adds an essential layer of protection. In this example, the finance team member tried to verify the wire transfer request, but they attempted to verify the request using the compromised email address itself, where the CEO’s identity could not be verified.

    Security Awareness Training

    The most effective protection for attacks like these isn’t technology – it’s educating your staff on what an attack looks like and how to keep the company safe when they see something suspicious.  Your users are the first line of defense and, naturally, the easiest targets.  Security awareness training platforms like KnowBe4 can help by offering both guided user training and frequent testing through simulated email phishing attacks.

    Advanced Detection Software

    Traditional security tools may have limitations, but advanced solutions like WingSwept’s Managed Threat Detection for Microsoft 365 can identify unusual activity, such as logins from unfamiliar IP addresses. This information triggers a reliable verification process, heading off potential threats. 

    In the event of a business email compromise, Managed Threat Detection for Microsoft 365 also provides the protective layer of a 24/7 Security Operations Center, which reviews any detections and takes quick action to mitigate the compromise.  It also gives insight into crucial details, including how access was gained and whether the threat actors’ access was successfully severed from your email.

    Key Insights

    Most people with a fence around their house still lock their doors, the fence is just an added layer of protection. The same is true with networks – perimeter defense is important but no single piece of software or equipment can stop every attack. Well-designed networks include several layers of security such as stringent password policies, firewalls, and multi-factor authentication, in combination with user-centric training and protocols. 

    This article marks the beginning of our unwavering commitment to unraveling cybersecurity incidents. We are dedicated to equipping businesses with essential knowledge and effective strategies to confidently navigate the digital landscape. Join us on this enlightening journey as we delve into diverse incidents, unravel their intricacies, and empower you with the tools to fortify your defenses against the ever-evolving threat landscape.

  2. What Is a Ghost User? 

    Ghost users, commonly referred to as “ghost accounts,” are active accounts tied to former employees on a corporate network. Despite their departure from the company, these accounts remain accessible, presenting security and operational challenges that organizations must address.

    Ghost users introduce a dual threat to corporate networks. Criminals exploit these accounts to obtain credentials for cyberattacks, taking advantage of their inconspicuous behavior to avoid detection. Consequently, it is crucial to comprehend both the security and operational risks posed by these lingering accounts.

    Challenges related to ghost users stem from communication breakdowns and intentional retention. Process failures lead to accounts of departed employees not being disabled promptly. Additionally, high-level employees’ accounts are sometimes deliberately kept active due to their credentials’ importance in accessing critical systems.

    Another contributing factor is the presence of legacy systems and insufficient documentation. Departing employees might be the sole holders of access credentials for certain systems, making their removal complex. The lack of comprehensive knowledge about these assets further complicates efforts to eliminate ghost users.

    Mitigation Strategies and Future Preparedness

    To combat the ghost user issue, organizations should adopt proactive measures. IT teams with a strong security focus should prioritize swift account disablement upon an employee’s departure. Implementing streamlined communication channels and efficient processes is essential to ensure a timely response.

    Maintaining a secure corporate network requires recognizing the threat of ghost users and taking strategic actions. By appreciating the risks, comprehending the challenges, and implementing effective strategies, organizations can bolster their cybersecurity defenses, safeguard sensitive data, and mitigate potential breaches.

    Here’s How Ghosts Take Down Networks

    As mentioned earlier, ghost users pose the most significant risk due to a higher frequency of compromised accounts compared to active users. Here are five reasons they’re especially prone to attack:

    1. Ghost accounts are often unmonitored accounts.

    If an account is not used very often, it is less likely to be noticed if it is hacked. This means that a hacker could have access to the network for weeks or months before anyone realizes it.

    2. Ghost accounts are likely to have high-level network access.

    Ghost users are often created for employees who have access to sensitive data or systems. This means that a hacker who gains access to a ghost account could have a lot of control over the network. If the account was intentionally left active, it was probably because it had access to tools that most other accounts didn’t.

    3. Ghost accounts were last actively managed years ago.

    Ghost accounts are often created years ago and may not have the latest security features enabled. Because of this, they are less likely to have newer security features like multi-factor authentication enabled.

    4. Ghost accounts that are still in use are often being shared.

    Ghost accounts are sometimes shared by multiple employees. This is a security risk because it means that multiple people have access to the same credentials. Sharing account credentials is a bad idea. Shared accounts grant greater access than is necessary for some users, are less likely to have multi-factor authentication enabled, and make it more difficult to determine the source of a breach (even if the employees sharing the account are innocent of any wrongdoing and the credentials were stolen by an external party).

    5. Ghost accounts perpetuate bad habits.

    Ghost accounts can lead to bad habits, such as password sharing and weak passwords. These bad habits can make the network more vulnerable to attack. One-user, one-account policies help to ensure that access permissions are understood, well-documented, and limited only to those that need it. The opposite is true when multiple users each juggle several accounts to access various company hardware and software.  Over time, these users are left with a messy web of widely shared passwords and account lockouts, creating a drag on productivity and a security risk.

    Worth the Effort

    Cleaning up access to a network with many ghost users can be a significant undertaking.  It’s also time-consuming to shift access to multiple systems to new users when a high-level employee leaves.  It’s easier to maintain appropriate user permissions on an already well-maintained network, although it does require focus and prioritization.

    But the most costly scenario of all is dealing with a network breach – and unfortunately, each ghost user on your network increases the odds of that becoming a reality. It is well worth the time to have your IT support team investigate to see what ghost accounts may exist in your organization, create a plan to eliminate them, and then also build a process to prevent future ghost users. This will greatly increase your protection from having ghost users come back to haunt you later on.

    Not sure how to get started addressing ghost users? Our cybersecurity experts are just a call away.
    Get The Conversation Started

  3. Microsoft Bulk Email

    One of the more common non-technical questions we get from clients relates to methods and best practices for sending bulk emailsMost solutions require you to send emails using your organizations email domain which adds credibility but also comes with spam considerations

    There are countless bulk email platforms you can utilize that make this task simple such as Mailchimp, Constant Contact, Brevo, etc. An email platform is preferable when advanced analytics, automated workflows, compliance adherence, and robust scalability are crucial. These platforms offer comprehensive analytics tools, intricate automation capabilities, compliance features, and optimized deliverability, making them ideal for large-scale, data-sensitive, and complex campaigns.

    On the other hand, Microsoft 365’s Mail Merge is a straightforward, cost-effective solution suitable for users familiar with the Microsoft ecosystem. It’s integrated into applications like Word and Outlook, making it convenient for those already using these tools. Mail Merge is well-suited for smaller campaigns where advanced features aren’t necessary, providing an economical and efficient solution for basic bulk email needs.

    In This Article

    Bulk Emailing Steps With Microsoft
    2024 Email Best Practice Updates

    Step 1: Draft your email in Microsoft Word

    Open Word and write out the body of the email message. You can include images, links, and other formatting elements as needed.

    Microsoft Bulk Email

    Step 2: Start Mail Merge

    Once your email draft is ready, you can start the Mail Merge process. To do this, go to the Mailings” tab and click the Start Mail Merge” button. In the drop-down menu, select E-mail Messages”.

    Microsoft Bulk Email

    Step 3: Select your email recipients

    Next, you need to select your email recipients. You can do this by using an existing contact list in Outlook or by creating a new list. To select an existing contact list, click Select Recipients” and then choose the list you want to use. To create a new list, click Type a New List” and then enter the contact information for each recipient.

    Microsoft Bulk Email

    Type in what ever information you need into each field. Only the Email Column is necessary for bulk sending emails, but if you wish to add custom greetings with each contacts name, you will need to input the name fields on each entry.

    If you prefer to mass import contacts from a spreadsheet, click “Use an Existing List”, located just below “Type a New List.” You can import directly from Excel, Access or various other databases, but we’ve found the simplest method is to export your contact sheet as an Excel file (.xlsx) or a Comma Separated Values file (.csv). For the best results, ensure the top row of your spreadsheet includes all the headers (e.g. first name, email address, etc.).

    Step 4: Personalize your message

    Once you have selected your recipients, you can personalize your message by adding merge fields. Merge fields are placeholders that will be replaced with the contact information for each recipient when the email is sent. To add a merge field, click the Insert Merge Field button and then select the field you want to add.

    For example, to add the recipient’s name to the email greeting, you would select the First Name field. You can also use merge fields to insert other contact information, such as the recipient’s company name, email address, or mailing address.Microsoft Bulk Email Personalized

    Step 5: Finish & Merge

    Once you have personalized your message, you are ready to send the email. To do this, click the Finish & Merge button and then select Send E-mail Messages.

    Microsoft Bulk Email Merge

    Under the “To:” dropdown menu, select the header of the spreadsheet column with the email addresses in it. Next type your subject line and select the mail format. You can send in Plain text, HTML if you have embedded images, or even as an attached word document.

    You may be prompted with warnings that a program (Microsoft Word) is trying to access your email address information. Simply click “Allow” and Outlook will then send a personalized email to each recipient in your list.

     
     

    2024 Bulk Email Best Practices

    1. Authentication:

      All senders must implement email authentication measures, including SPF & DKIM to verify the sender’s identity. Bulk Senders must also set up DMARC authentication to enhance security.

    2. Unsubscribe Links:

      Ensure that recipients have a convenient, one-click option to unsubscribe from commercial emails. Bulk senders must process unsubscription requests within two days.

    3. Spam Rate Threshold:

      For all senders, spam report rates must stay below 0.3%.

    4. DNS records:

      Have a valid forward and reverse DNS record for your sending IP in the PTR record

    5. Transport Layer Security (TLS):

      Use a secure connection (TLS) when sending emails. It’s like ensuring your message is delivered in a sealed envelope.

    If you find it overwhelming and time-consuming to stay ahead of ever-evolving technology, don’t worry! WingSwept is here to help lighten the load. Let us assist you in determining if WingSwept is the perfect match for your business’s future endeavors with a quick phone call. 

  4. Cybersecurity Trends 2023

    Over the past 2 months, we hosted client forums about the latest cybersecurity threats and how to stay ahead of the curve when it comes to safeguarding your business. The cybersecurity trends for 2023 are optimizations of past threats. Join us as we navigate this dynamic world of cybersecurity, providing insights and strategies for a safer digital environment.

    In This Article:
    The Modern Ransomware Landscape & Threat Actor Strategies
    Beyond Ransomware: Business Email Compromise

    Cybersecurity in 2023: Assumptions vs. Reality
    Do I Need Additional Security?

    Cybersecurity Trends 2023

    The Modern Ransomware Landscape
    & Threat Actor Strategies

    Much like business owners, threat actors engage in strategic planning. They meticulously weigh the costs of acquiring the tools to infiltrate a network against the anticipated return on investment. Recognizing that some of their tried-and-true tactics are losing their efficacy, they continuously develop and refine new methods. These cyber adversaries engage in a cycle of innovation, driven by staggering statistics. In the world of business, startups often seek the path of least resistance—the easy money. Why tackle complex challenges when simple, low-effort endeavors promise quick returns, without the need for extensive training or specialized expertise? Threat actors share a similar philosophy. They begin by exploiting the easiest means to make money, but when those methods inevitably lose their effectiveness, they venture into slightly more intricate territory. When the low-hanging fruit has all but vanished, and the well-worn tactics yield diminishing returns, these threat actors must elevate their game.

    The Future of Ransomware

    In essence, the world of cybersecurity is ever evolving, marked by a perpetual arms race between attackers and defenders. As the complexity of attacks escalates, it’s imperative to remember that while threat actors may incorporate new tactics, the old ones remain in their arsenal, albeit transformed. Adaptation and vigilance are the keys to navigating this ever-shifting landscape.

    With that said, the current landscape reveals a disconcerting reality: the average ransom demanded in today’s cyberattacks routinely reaches the hundreds of thousands, if not millions of dollars. Hackers have honed their skills in conducting meticulous reconnaissance on targeted organizations, a stark departure from their more haphazard approaches of the past.

    Their newfound proficiency leads to a strategic approach, often driven by a keen understanding of the victim’s insurance coverage. If these cybercriminals can ascertain that an organization possesses a cyber liability policy worth, for example, two million dollars, they leverage this information to set the ransom, frequently just below the policy’s limit, typically around 1.5 million dollars. The rationale is clear and unrelenting: to ensure a successful data recovery, the ransom must be paid.

    Consequently, the burden falls squarely on the victimized organization, which must grapple with the financial implications of these exorbitant demands, especially when critical data access hangs in the balance. These trends underscore the broader context of evolving cybersecurity threats.

    Beyond Ransomware: Business Email Compromise

    In addition to ransomware, we frequently encounter another significant threat—business email compromise. Typically, this threat manifests through various means, with phishing being the most common method. Users receive deceptive emails, cunningly urging them to provide credentials or authorize access to their Microsoft accounts. It’s noteworthy that Multi-Factor Authentication (MFA) is a crucial security measure for business email accounts. Surprisingly, around a third of the email compromises we observe still occur despite having MFA enabled.

    Trend: Man-In-The-Middle

    Now, imagine a scenario where an attacker infiltrates your email account. They can manipulate your email communication, impersonate you, and redirect sensitive transactions. For instance, a hacker might intercept a message about an authorized wire transfer. They create a fraudulent website, cleverly mirroring your bank’s site, tricking you into entering login credentials. Subsequently, they interact with your bank on your behalf, initiating transactions. This man-in-the-middle attack, which we didn’t witness as frequently five years ago, has gained prevalence due to the increased use of MFA.

    The primary objective of these attackers is financial gain, often achieved by intercepting payments. They target key individuals, including executives, procurement personnel, or finance staff. An example involves intercepting payment instructions and rerouting funds to their accounts. Occasionally, even legitimate employees unwittingly cooperate by updating payment information when presented with fraudulent instructions. Therefore, it is imperative for companies to establish robust processes for handling payment updates and ensure their employees remain vigilant.

    Trend: Impersonation

    Another concerning trend involves attackers impersonating colleagues or superiors via text or email, soliciting unusual requests such as purchasing gift cards and sharing card details through photos. New employees, in particular, may fall victim to this ploy. Effective training and education for users are critical to prevent such incidents. Employees should exercise caution when receiving requests via email or text and verify the authenticity of such requests through channels outside the communication medium.

    Cybersecurity in 2023: Assumptions vs. Reality

    Okay, let’s talk about what we can see and what we can’t see. Most people assume that as a technology provider, we basically have eyes on everything happening on your network, and that we can see and know about whatever could happen, like in a Hollywood movie set. Not true. There are certain things that we can see. Typical managed service providers can see big things, for example when a server goes offline, we receive an alert for that. However, will we know if someone legitimately logged in with certain credentials from a strange location? No, we don’t actually have the capability at the basic level of services to detect that.

    Realistically, if you look back five or ten years, the technology that could do that was generally only used in enterprise settings because only enterprises could afford the resources required to do those things. So very large companies and government entities could afford that technology. However, the market for those tools has expanded to the point where almost everyone needs some type of capability to detect what’s happening.

    The Evolution of Detection Technology

    For most of our history as a managed service provider, we focused on protection. We wanted to prevent bad things from happening, but very little emphasis was placed on detecting when they did happen. Now that there’s a larger market and more people are willing to pay for it, these tools are becoming more affordable. Not necessarily cheap, but they are becoming more accessible and can make more sense than the alternative, which is experiencing a breach that you’re unaware of, which can cause significant disruptions.

    Better tools are now available. Tools that allow us to monitor network traffic flowing in and out of a network and analyze that traffic for known threat patterns. We can also collect event logs from various systems, including antivirus and firewall logs, two-factor authentication logs, and Office 365 logs, and analyze them to identify anomalous patterns.

    Do I Need Additional Security?

    The main question is whether you need them, and that’s a decision each organization must make. When deciding on additional tools, consider factors such as the size of your business and the type of data you handle. Sometimes, the answer is no. Think of it this way:

    If you had a lemonade stand, what would you do to protect your assets e.g., the cup of money? To keep it from blowing away because the biggest threat to your assets is the wind. A strong gust of wind could blow all your money into your neighbor’s yard. You can solve that problem with a big enough rock.

    But what if you have a lemonade truck? Now you have more threats, right? A mobile truck requires different security measures. And if you have a massive lemonade franchise with thousands of locations? You’ll invest significantly more in protection. So, it all comes down to a client’s decision. Typically, it’s about assessing the value of your assets and your business. If losing your data would be catastrophic, then investing in comprehensive security is essential. But each business has unique needs, and it’s not always necessary to spend a fortune to protect against every possible threat. These calculations are something we work through with our customers, but you can do it yourself too.

  5. What is SIEM?

    SIEM
    What Is SIEM?

    Security Information and Event Management (SIEM) is a security solution that helps organizations detect, investigate, and respond to security threats. A SIEM system is a security solution that continuously monitors your network for threats. It collects logs and analyzes threat alerts from all of your systems and devices, so you can quickly identify and respond to critical alerts before they cause damage. Think of it as a security guard that never sleeps. It’s always watching over your network, looking for any signs of trouble. When it sees something suspicious, it sends you an alert so you can take action.

    Why Is SIEM Important?

    SIEM is important for three key reasons:

    Compliance: Compliance regulations require organizations to document and report on their security posture. A SIEM solution provides centralized, built-in, easy-to-use, and real-time log collection, alerting, and reporting features to help organizations comply with these regulations.

    Visibility: A SIEM solution provides real-time visibility into all activity across an organization’s network, 24/7/365. This visibility allows security teams to quickly identify suspicious activity and potential threats.

    Remediation: SIEM systems can help organizations to quickly identify, isolate, and remediate real threats before they can cause serious harm or costly business disruptions.

    What is Siem?

    How Does SIEM Work?

    SIEM works by collecting and analyzing security events from across an organization’s network using the following 4 steps:

    Events: SIEM collects security events from a variety of sources, such as security devices, servers, and applications. These events can include things like login attempts, file access, and network traffic.

    Rules: SIEM uses rules to determine which events are actionable threats. These rules can be based on a variety of factors, such as the type of event, the source of the event, and the severity of the event.

    Incidents: When SIEM identifies an actionable threat, it creates an incident. Incidents are typically prioritized based on their severity and potential impact.

    Notifications: SIEM notifies the response team of critical incidents so that they can begin remediation. Remediation may involve things like isolating the threat, blocking the attacker, or restoring data from backups.

    Who Needs SIEM?

    Any organization that wants to improve its security posture can benefit from using a SIEM system. However, SIEM systems are particularly important for organizations that:

    Have a high volume of security data: SIEM systems can help organizations to collect, store, and analyze large volumes of security data from a variety of sources.

    Are subject to compliance regulations: SIEM systems can help organizations to comply with security regulations by providing visibility into security data and generating reports on security events.

    Have sensitive data: SIEM systems can help organizations to protect sensitive data by detecting and responding to threats more quickly.

    Are at high risk of cyber attacks: SIEM systems can help organizations to reduce their risk of cyber attacks by providing improved security visibility and faster threat detection and response.

    Establish a Tried & True System Today!

    Not sure whether or not your organization needs a SIEM system?
    We’d love to help! CONTACT TODAY!
    And in the meantime, here are some tips for improving your security posture without a SIEM system:

    – Implement a strong security policy and educate your employees about security best practices.
    – Use strong passwords and multi-factor authentication for all accounts.
    – Keep your software up to date with the latest security patches.
    – Monitor your network for suspicious activity.
    – Have a plan in place to respond to security incidents.

  6. How To Stop Spam Emails: 5 Effective Strategies

    Are you tired of getting spam emails? If so, you’re not alone. Millions of people receive spam emails every day. These intrusions can be more than bothersome; they can pose genuine threats. Here is how to stop spam emails.

    How to stop Spam Email

    5 Spam Countermeasures

    1. Empower Your Existing Email Filter

    Most email providers have built-in spam filters to preemptively filter out unwanted emails. Whether you use Microsoft Outlook, Gmail, or any other option, you want to educate this filter to better recognize the types of spam emails that come your way. Do this by simply marking unwanted emails as spam. This acts as a preemptive shield against future messages from these sources, effectively barring them from accessing your inbox. While blocking an email can bring similar results, blocking doesn’t train your email provider to recognize new spam emails from unique email addresses.

    2. Harness Third-Party Tools

    Depending on your existing email provider, you may find the current spam filter to be less than ideal. For additional spam detection success, you could employ third-party spam filters to your advantage. A variety of such filters are available, designed to identify and block spam by scrutinizing email content. While there are many considerations when choosing a third-party filter, such as email provider or number of users, a great options is Microsoft Defender.

    3. Divide and Conquer with Secondary Addresses

    An email alias is an additional email address that forwards messages to your main inbox, enabling you to categorize and manage emails effectively. It can enhance privacy by using different addresses for different purposes, shield your primary email from spam, and simplify identification of sources. If one of your alias email addresses begins receiving too much spam, simply create a new one to replace it.

    4. Take Charge of Image Auto-Loading

    To counter graphic-based tracking, disable automatic image downloading in HTML emails. Frequently, spammers use linked graphics to monitor who engages with their emails. By refraining from enabling HTML mail and opting for plain text viewing, you effectively sidestep this surveillance mechanism.

    5. Guard Your Address

    Exercise prudence when divulging your email address. Only share it when you’re confident it’s safe. While signing up for online services, carefully peruse the privacy policy to comprehend how your email address will be utilized. Additionally, employ disposable email addresses for specific websites or services, enhancing your control over your digital identity.

    Spam Email FAQs

    How do spammers get my email address?

    Spammers employ various tactics such as data breaches, website scraping, and phishing to obtain email addresses. They can also buy or share lists, generate random addresses, and search public records.

    Is it better to block spam emails or just delete them?

    It is generally better to block spam emails than to simply delete them to prevent future emails from the same sender. However, to prevent spam emails from new senders, it is helpful to report them rather than simply block them. Email providers use our feedback to improve their spam filters, so by reporting spam, we can help to prevent more spam from reaching our inboxes in the future.

    Why am I suddenly getting so many spam emails?

    Email lists: Your email address may have been added to a spammer’s list, either through a data breach, a malicious website, or by someone selling or sharing email addresses.

    Data breaches: If a service you use suffers a data breach, your email address and possibly other personal information could be exposed to spammers.

    Phishing: If you’ve recently fallen victim to a phishing scam, the attacker could be using your email address to distribute spam to others.

    Public exposure: If your email address is posted publicly on forums, social media, or websites, spammers could pick it up and start sending you unsolicited emails.

    Subscriptions: When you subscribe to certain websites, newsletters, or online services, they may sell your email address to third parties.

    Temporary fluctuations: Sometimes, you may experience a temporary spike in spam due to a random distribution or a sudden increase in spam campaigns.

    How do I stop spam emails permanently?

    Unfortunately stopping spam emails permanently is a challenging task, as spammers continually adapt their tactics. Prevention is always key to reducing spam emails.

    Not Sure About Your Current CybersecurityWe Can Help!

  7. Minimizing The Cost Of Downtime

    In today’s fast-paced business landscape, the role of your IT team in minimizing downtime has never been more crucial. The cost of a single workstation’s inactivity can escalate rapidly, often exceeding a thousand dollars per day. Despite technological advancements, even industry giants with redundant networks can’t entirely shield themselves from the repercussions of downtime.

    Understanding Downtime: Causes and Consequences

    Downtime encompasses the period when a system is incapable of functioning as intended, rendering it unavailable. This interruption can stem from a diverse range of factors, including hardware malfunctions, software glitches, network breakdowns, and even human mistakes.

    Primarily, there are two distinct categories of downtime: outages and brownouts. An outage signifies a complete failure of a system. During an outage, the system becomes entirely inaccessible to its users. Brownouts denote phases of reduced performance or availability. While the system stays partially accessible, it experiences a reduced capacity to handle traffic or execute tasks compared to its usual efficiency.

    Irrespective of the scale, downtime is a routine challenge encountered by businesses across the spectrum. Uptime Institute’s 2023 Annual Outage Analysis highlights the prevalence of outages in recent years. Among the 730 surveyed businesses, a majority experienced instances of disruption within the preceding three years. These episodes consistently yielded adverse impacts on both productivity and revenue.

    While severe instances of downtime have seen a decline over the past years, the average cost per incident has shown increased every year since 2019. Notably, the rise in digital service reliance has perpetuated this trend. The data indicates that when outages do occur, they tend to be persistently more costly, with 70% of incidents surpassing the $100,000 mark.

    cost of downtime

    Maximizing Uptime: A Comprehensive Approach

    Strategic Planning

    If your IT Team is serving you well, major outages aren’t something you have to deal with very often.  Just remember that even minor outages happen eventually. An operationally mature IT services provider shouldn’t be fumbling aimlessly when these problems happen.  Your provider should be following a pre-defined process to identify the problem.  If there is a software problem, their engineers should work diligently to resolve it.  When hardware malfunctions or another service provider’s fault, they should get in touch with them quickly to confirm a plan of resolution. If the problem will take days rather than hours to be resolved, they should have a stop-gap solution ready to improve the situation until a long-term resolution is available.

    Vigilant Monitoring

    When a major server goes down during the workday, or your internet connection lapses, you shouldn’t need to call your IT Service Provider to let them know.  Their network monitoring systems should detect the outage and alert them, and they should be working to resolve the issue within a few minutes of it arising.  If the issue can’t be resolved remotely, someone should be dispatched quickly to put eyes on the malfunctioning device. This proactive approach facilitates the identification of impending issues before they evolve into full-blown outages. Instances like a critical server faltering during business hours or an internet connection disruption should trigger automated alerts from your Managed IT Service Provider’s network monitoring systems.

    Resilience & Rapid Response

    Your IT team needs to prioritize constructing resilient systems strengthened by redundancy. This involves maintaining backups of vital systems and data, alongside deploying multiple systems capable of seamlessly managing traffic should one system falter. In a particularly bad scenario, businesses may temporarily lose access to critical business data.  Mission-critical data, however, should not be in serious jeopardy of being lost.  That’s because your provider should have recommended and implemented a disaster recovery plan that includes immutable backups.

    A failed drive may take some time to restore. A social engineering attack such as ransomware may take longer to overcome. By adhering to your provider’s disaster recovery counsel, your data backups should shield you from losing more than a day or two’s worth of data. If your provider has not engaged you in this critical conversation, particularly in the backdrop of the heightened cybersecurity landscape, it’s imperative to seek discourse with a more proactive partner.

    To learn how WingSwept can help your company prepare for technology failures, Contact Us Today!

  8. Ransomware: The New Normal for Businesses

    As the digital landscape evolves, so do the threats that businesses face in the form of cybercrime. The days of relying solely on preventive measures to safeguard your network and data are long gone. With the surge in ransomware attacks, business email compromise, and password exfiltration, cybercriminals have become more adept at breaching even the most robust defenses. As a result, the way we approach technology and cybersecurity must also evolve. Ransomware Preparedness will be key!

    Plan For The Attack

    It’s comfortable for technology teams to discuss network security in terms of loss prevention.  Antivirus software prevents network infections.  Firewalls prevent unauthorized access.  User access policies prevent data leakage, and backups prevent data loss.

    That might have made sense five to ten years ago, when most businesses did successfully prevent each outsider attack.  In those days, ransomware attacks were uncommon, and most cybercriminals simply encrypted files and hoped the target didn’t have data backups.

    Ransomware Preparedness

    Today, businesses are subject to constant ransomware, business email compromise and password exfiltration attacks. The attackers use phishing emails, stolen employee credentials, and sophisticated attacks that compromise hundreds or thousands of business networks simultaneously.

    If your business is big enough to celebrate an employee’s birthday most months of the year, it’s big enough to face hundreds of these attacks each month of the year.  And eventually, despite heroic efforts to prevent them, one of these attacks will make it through your perimeter defenses.
    Any organization that wants to prepare for a security breach needs a well-defined incident response plan. Outline the steps to take in the event of a breach through an incident response plan. This can help to minimize the damage and disruption caused by the incident.

    Key elements for your incident response plan:

    Roles and responsibilities

    The plan should clearly define the roles and responsibilities of the various individuals and teams involved in the incident response process. This includes identifying who will be responsible for notification, containment, eradication, recovery, and post-incident analysis.

    Communication plan

    The plan should include a communication plan that outlines how the organization will communicate with employees, customers, and other stakeholders during and after a breach. The plan should ensure that everyone who needs to know about the breach is informed in a timely and accurate manner.

    Incident response procedures

    The plan should include detailed procedures for responding to different types of incidents. These procedures should be specific and actionable, and they should be based on the organization’s specific security requirements.

    Testing and maintenance

    You should regularly test and maintain the plan to ensure that it is up-to-date and effective. This includes testing the plan’s procedures and communication channels, as well as reviewing the plan’s overall effectiveness.

    By having a well-defined incident response plan in place, organizations can minimize the damage caused by a breach and help to protect their reputation and bottom line.

    Reliability Matters 

    When it comes to technology partners, reliability is paramount. We’ve all experienced the frustration of trying to reach giant companies like Facebook, where phone support seems non-existent despite their immense size and resources. That’s why opting for a local business with dedicated customer service becomes a wise choice.

    In times of crisis, such as a potential network breach, having IT support that promptly picks up the phone is essential. But it goes beyond that; you need a team that can swiftly identify and neutralize threat actors on your network, lock down the system, and proactively monitor for any other vulnerabilities. Additionally, the ability to investigate the attack source becomes critical, especially when dealing with insurance claims that involve complex technical inquiries.

    In such situations, you can’t rely solely on your internal staff or small IT managed services providers. You need an IT service provider that aligns with the famous business slogan “Big enough to serve you, and small enough to care.”

    A dependable managed IT service provider (MSP) should be able to quickly provide knowledgeable engineers whenever you need them most, be it for major projects, office relocations, company growth, or even unfortunate cyberattacks. Many MSPs boast expertise in these areas and claim to have well-established processes for handling worst-case scenarios.

    But words aren’t enough. When evaluating potential partners, it’s crucial to ask for concrete examples of how they’ve effectively addressed problems similar to those your business might encounter. Seek insights into their office relocation checklists and project management processes to gauge their preparedness.

    Above all, their incident response systems and past performance matter most. An operationally mature MSP won’t be “winging it”; they’ll have robust processes in place and will be eager to discuss their track record with you.

    Proactive Backup Protection

    Threat actors do typically look around on a network before encrypting files.  And if they only have time to find one thing, they’re going to find your backups. Without a backup, businesses are far more likely to pay a ransom.

    They know that company leaders are much less likely to pay a ransom if they can quickly restore all their critical data from a backup.  And while hackers might threaten to leak embarrassing emails, company financial data or customer credit card numbers, they might simply come up empty handed on those things.  If an attacker can find a way to corrupt, delete, or encrypt your backups, they’re going to do it.

    backup

    That’s why the details of a backup solution are so critical. You must determine the storage location of backups, the credentials needed to disable backups or alerts, and whether the backup files allow modifications or remain immutable after creation. The protection of backup files against ransomware attacks has become a game of whack-a-mole, with backup solution vendors constructing safeguards to defend the files and hackers devising new methods to evade these protections.

    Despite the considerations mentioned, backups remain highly effective and valuable. They serve as the last line of defense against a successful ransomware attack on your network. However, it is crucial to equip your IT team or Managed Service Provider (MSP) with more comprehensive information than what is provided in a vendor’s marketing materials before relying on data backups on autopilot.

    Be Ready to Respond

    The frequency and sophistication of cyberattacks are increasing, making it more important than ever for businesses to be prepared. A comprehensive ransomware preparedness plan should include the following elements:

    A strong incident response plan

    This plan should outline the steps that will be taken to minimize the damage caused by a breach, including who will be notified, how communications will be managed, and how data will be restored.

    A reliable technology partner

    This partner should have the expertise and resources necessary to respond to a successful cyberattack, including the ability to identify and neutralize threat actors, lock down the system, and proactively monitor for vulnerabilities.

    A robust backup solution

    This solution should be designed to protect data from ransomware attacks, including features such as immutable backups and encryption.

    By taking these steps, businesses can significantly reduce the risk of a ransomware attack and minimize the damage caused if one does occur.

    And always remember to educate your employees to ensure they are not a cybersecurity liability.

    To learn how WingSwept can help protect your company from emerging cyberthreats, contact us!

  9. Strengthening Password Security

    In today’s high-frequency cyber-attack landscape, protecting your passwords is paramount for strong cyber security. Recent concerns and data breaches have brought password managers into the spotlight. LastPass, a popular password manager, faced scrutiny due to a breach that raised questions about their security. While it is a valid concern, abandoning password managers entirely is not the solution. Instead, consider switching to a different password manager solution with a proven track record. Completely forgoing password managers leads to the limitations of human nature, such as password reuse and weak passwords. Storing passwords in personal spreadsheets is also insecure. In this article, we will explore the significance of password managers, address concerns raised by recent incidents, and provide strategies for selecting and utilizing password managers effectively. Understanding the role of password managers and implementing appropriate measures will help mitigate the risks associated with password security and strengthen your overall perimeter defense.

    Strengthening Password Security 1

    Strengthening Security and Mitigating Password Vulnerabilities

    A password manager is a software designed to securely store your credentials for various accounts, providing an efficient solution for setting unique and complex passwords. Humans typically struggle to remember multiple complex passwords across different systems, leading to the tendency of password reuse. Unfortunately, cybercriminals are aware of this behavior and exploit it through attacks known as “credential stuffing.”

    In such attacks, they utilize a compromised password, like your Facebook password, not only to target the primary account but also attempt access to other accounts you may have, such as banking or email accounts. This means that if you reuse passwords, multiple accounts become compromised instead of just the original one. Password managers effectively mitigate this risk by enabling the generation of complex passwords for each account and providing easy access to them when needed, eliminating the need to memorize them all. By utilizing a password manager, you enhance your cyber security risk management and mitigate the vulnerabilities.

    Strengthening Password Security 2

    Minimizing Risks and Implementing Protective Measures

    Ensuring the security of a password manager service is not a guarantee, but you can minimize risks by conducting due diligence and thorough research before making your selection. Take LastPass as an example, where a history of inadequate security incident response and disclosure practices should serve as a warning sign to consider switching to a different service. While no system is entirely 100% secure, it is crucial to examine a company’s incident response history, disclosure practices, and certifications that demonstrate operational maturity. Remember, this is an ongoing process as companies can experience changes in their security posture over time. Regularly reviewing their performance is essential. One approach is to request a SOC2® Type 2 audit report from the company, which is a thorough examination conducted by independent auditors to evaluate how well a company safeguards important information and systems.

    To enhance the security of your password manager account, a reputable service provider should offer methods for future-proofing. While Multi-Factor Authentication (MFA) can be bypassed through clever techniques, it is still essential to implement it on your password manager account. Additionally, consider the ability to whitelist access to your password manager service based on IP addresses, the capability to audit activity within the service (including who accessed which password and when), and the implementation of Role-Based Access Control (RBAC) to restrict access to passwords based on user requirements. These measures contribute to strengthening the overall security of your password manager account.

    Strengthening Password Security 3

    Conclusion: Strengthening Password Security in an Evolving Cyber Landscape

    In the face of growing cyber threats, safeguarding your passwords is of utmost importance. Instead of completely abandoning password managers, choose a reputable solution that addresses recent concerns. Password managers provide the convenience of managing complex passwords and significantly reduce the risks associated with password reuse and weak passwords. However, it is crucial to conduct thorough research to select a reliable password manager with a strong track record in cyber security risk management. Additionally, enhance your password security by implementing additional measures such MFA and access controls. By following these steps, you can effectively improve password security and fortify your overall perimeter defense.

    Not Sure About Your Current Cybersecurity? We Can Help!

  10. The Importance of Network Documentation

    Imagine this scenario: a valuable member of your IT team leaves the company, taking their knowledge of the network with them. Without proper documentation, you have a black box, unsure of how to manage and maintain the network effectively. This can lead to chaos, downtime, and costly mistakes.

    Documentation is the key to ensuring continuity and efficiency within your IT organization. It provides a roadmap for troubleshooting problems, onboarding new employees, and making changes to the network. It also serves as a valuable repository of knowledge, preserving the expertise of your IT team even after they have moved on.

    In This Article:

    Benefits Of Documentation
    Essential Documentation
    Documentation Process

    Benefits Of Documenting

    Improved problem-solving

    When problems occur, documentation can help you quickly identify the root cause and implement a solution. This saves time and resources, and it reduces the likelihood of recurring issues.

    Consistent operations

    Documentation ensures that everyone on the team follows the same processes and procedures. This helps to maintain consistency across the network and reduces the risk of human error.

    Reduced risk

    When IT team members leave the company, their knowledge is not lost. Documentation provides a valuable reference for new employees and helps to ensure that critical tasks are not overlooked.

    Improved knowledge sharing

    Documentation can be used to share knowledge across the organization. This can help to improve collaboration and innovation.

    Compliance

    Many industries have regulations that require businesses to document their IT infrastructure. Documentation can help you to comply with these requirements and avoid costly fines.

    Essential Documentation

    The specific types that you need will vary depending on the size and complexity of your network. However, in most cases, these are things your IT team should have documented and available for reference.

    Network Topology

    This is a physical map of your network, so it can easily be determined where a piece of hardware sits within the network and what might be impacted by any problems or changes.

    Hardware Directory

    While the network topology is designed mainly to understand how hardware is connected, this directory contains more information, including descriptions of the hardware and serial numbers.  This makes it easy to locate and service any hardware troubles at your company.

    Software Directory

    This directory should include the names of applications, the computers on which those applications are installed, and a proof of license for those applications.  In the event of a software audit, failure to have this will result in panic, long hours, and likely hefty fines.

    A Recovery Plan

    Different companies need to plan for different levels of risk mitigation.  Business recovery plans should at least include information on how to restore lost data or failing hardware, but the most rigorous ones can include how to recover from an entire building lost to fire or water damage, or a loss of multiple key employees at once.

    A Continuous Documentation Process

    Up-to-date documentation is extremely valuable, but out-of-date documentation can be worse than having no documentation at all. When someone at your company or your Managed Service Provider relies on documentation to help them make an informed decision, it needs to be accurate. Make sure that documentation is being revisited and kept current!

    Establish A Process

    It is important to establish a process for creating, maintaining, and updating your documentation. This will ensure that your documentation is always accurate and up-to-date. Here are some tips for effective documentation:

    Use clear and concise language

    Avoid jargon and technical terms that may be unfamiliar to some readers.

    Use visuals

    Visuals such as diagrams, screenshots, and flowcharts can help to make your documentation easier to understand.

    Organize your documentation logically

    Use a table of contents, headings, and subheadings to make it easy to find the information you need.

    Keep your documentation up-to-date

    Make sure to update your documentation whenever there is a change to the network.

    Store your documentation in a central location

    This will make it easy for everyone in the organization to access the information they need.
     

    Documenting your IT network may seem like a daunting task, but it is an essential investment in the future of your organization. By taking the time to document your network, you can save time, money, and frustration in the long run.

    To discuss how WingSwept approaches network documentation for our Managed Services customers, call us at 919.779.0954 or email us at Team_WingSwept@WingSwept.com.