At their cores, both a proxy server and a VPN connects you to a remote server, hides your IP address, and allows you to surf the web anonymously. So, are they the same thing? Definitely not. At the end of this article you’ll gain a simple understanding of just how different a proxy and a VPN are.
As the name suggests, a proxy server acts as a middle man between you and the Internet retrieving information from content servers or websites on your behalf. In doing so, proxy servers mask your actual IP address allowing you to maintain some sort of anonymity while you browse the web.
Proxy servers allow you to access geolocked content only available in certain regions on streaming services such as Netflix and Hulu.
How is a Proxy Server different from a VPN?
There are a couple main differences that set a proxy server apart from a VPN that we’ll discuss today.
Encryption. While proxy servers do hide your IP address they do not encrypt your connection through a secure tunnel like a VPN does. This means that any data you send back and forth on the internet while connected to a proxy is completely exposed and open to anyone with access to your connection, i.e. your ISP, the government, or even the guy sitting in the corner at the Starbucks you’re at.
Price is another big differentiator between a proxy server and a VPN. While VPN prices have come down quite a lot in recent years they’re still relatively more expensive than proxy servers which can even found for free. Although as with anything free, you should exercise extreme caution when pursuing these options.
We hope this short article helped you gain somewhat of an understanding of what a proxy server is and how it compares and contrasts to a VPN. Thanks for reading!
If you want to know what a VPN is you’re in the right place. We’ll help guide you to the understanding you’re looking for.
Chances are, if you’ve watched any videos on YouTube in the last few years you’ve probably seen an advertisement for a VPN service. VPN stands for Virtual Private Network. In broad terms, a VPN is an easy and affordable way to secure your privacy online.
To further understand what that means, we need to know what an IP address is. Think of an IP address like the return address on a package. No matter where that package is shipped throughout the world anyone can look at the return address and know where it came from. A VPN masks your IP address which essentially erases that return address, so that your browsing data can’t be traced back to you.
How Does a VPN Work?
To connect to a VPN your device needs to connect to a VPN client, the VPN client then connects to a VPN server through a secure tunnel, and finally to the Internet. The secure tunnel encrypts all of your data and hides your IP address, keeping you safe from prying eyes.
As illustrated below, without a VPN your connection to the Internet through your Internet Service Provider (ISP) is open and unsecure. However, through the use of a VPN your IP Address and browsing data are encrypted and secured.
Why Do I Need to Keep My Browsing Data Private?
There are many entities on the web that create unique profiles specific to your IP address to track everywhere you go online. Some companies then sell this information to other companies that serve you very specific targeted ads. Remember that ad you got on Instagram for those shoes you looked at that one time? That’s just exactly what we’re talking about. There are also malicious actors that use that same data for nefarious purposes, such as identity theft and cyber attacks.
What is a VPN?
In conclusion, VPN stands for Virtual Private Network. A VPN works by creating a secure tunnel from your device to their VPN server which encrypts your browsing data and masks your IP address keeping your online privacy secure.
It’s worth mentioning that everything we’ve talked about is also true for mobile devices, like smart phones and tablets. VPN services are widely available on these devices making Internet security easier than ever.
Does your small business provide resources to the Federal Government or the Department of Defense (DoD)? If so, you have had to jump through many hoops. You have had to legally qualify as a small business and officially register as a government contractor. And in order to register, you have had to comply with all the laws and regulations in the Federal Acquisition Regulations (FAR).
And some of those regulations that you most likely know about are the NIST 800-171 standards, the cybersecurity guidelines for government contractors. Not only are the NIST standards helpful to businesses working with the government, but they are also a valuable resource for small businesses in general.
Adherence to the NIST 800-171 standards is vital to your organization’s wellbeing
While these standards may seem like just another hoop to jump through, on closer inspection adherence is vital to your organization’s wellbeing as well as the government’s. This is true because of the fact that we are fighting a new type of war against cybercriminal gangs. These gangs are engaging in cyber-terrorism through ransomware attacks on our businesses, our government, and our nation. And it only seems to be getting worse.
permission inheritances that are not functioning properly
Vulnerabilities in business networks are common and threat actors know it. Because of that, businesses cannot afford to be negligent in cybersecurity. And we need to work together to protect sensitive information and proprietary data. In today’s Internet-connected business world we are all connected. Bad actors who hack into one business’s network, can then access other networks that they are connected to. To strengthen our defenses, it is critical to increase our cyber awareness and establish effective security controls.
Advantages to implementing the NIST SP 800-171 standards
It is also important to know that implementation of the NIST cybersecurity standards results in an advantage over competing contractors. This is true because government entities are required to do business with contractors that are diligently working to implement these standards. The more secure your network, the more you have to offer them.
The good news – you are not alone!
The good news is that you don’t have to figure it out by yourself. As an IT Company that specializes in helping businesses improve their cybersecurity, Integrinet IT can reduce the time, money, and stress it would take you to do it alone. We understand the technical lingo and guidelines in the NIST standards. So if you work with the Federal Government, we can assess your current cybersecurity compliance level against these standards and then help prepare you for the Cybersecurity Maturity Model Certification (CMMC).
Is your SMB working on assessing your company’s cybersecurity model for NIST 800-171 compliance? Are you preparing for the upcoming Cybersecurity Maturity Model Certification (CMMC)?
All contractors that provide resources to the Federal Government or the Department of Defense (DoD) will need this certification. And the NIST 800-171 regulations were designed to help you know what you have to do.
NIST stands for the National Institute of Standards and Technology. It is an agency that issues recommendations under the US Department of Commerce. Its primary role is to develop standards that apply to various industries. One set of these standards is Cybersecurity.
NIST 800-171 is a practical program that gives businesses a plan of action to improve their cybersecurity. And when these are implemented, the result is increased business, economic, and government defenses.
NIST’s goal for NIST 800-171 compliance
NIST’s goal for NIST SP* 800-171 r2** is to “protect Controlled Unclassified Information (CUI) in nonfederal information systems and organizations.” These organizations provide services, goods, and R&D for the government, but are not actual government entities. They have their own servers, computers, and ways of managing their data and CUI.
*SP stands for Special Publication **r2 stands for the updated NIST SP 800-172 version
More specifically, NIST 800-171 was designed to help organizations figure out if their security controls are sufficient to defend their CUI against attackers. The process is about developing a plan to improve your infrastructure security over time. Ideally, your business should do this as quickly as possible to protect yourself, your clients, your partners, and the government. However, it takes time and money that many businesses can’t immediately pull from their budget.
This is why it won’t be a requirement until the beginning of 2026. Thankfully, there is time to establish a budget-friendly plan of action.
What is the current state of your NIST 800-171 compliance?
The following questions are examples of what network assessments you will need to make:
Has your IT company designed your infrastructure according to RMF* standards?
Are your company policies and procedures in place that address security issues?
Have your teams received cybersecurity awareness training including CUI?
Do your teams know what an insider threat is and what to do about it?
Does your company have a forum where you and your staff can discuss issues like phishing attempts?
Do you need to upgrade your networking equipment and software?
Are your security controls decreasing the risk to your resources and sensitive data?
Do you know who has access to your files and documents that contain CUI?
What kind of measures are you taking to audit access to CUI?
Have you taken steps to physically limit access to the computers or servers that store CUI?
*RMF stands for Risk Management Framework. It is a set of criteria that dictate how the U.S. government’s IT systems must be architected, secured, and monitored.
Don’t despair – we can help!
We know that it is important to every SMB to keep their proprietary and CUI data safe. And business owners are stressing about what to do in a world of increasing cyberattacks. The bottom line is that compliance to these security standards is not an easy accomplishment for small businesses. You are busy trying to run your business. It is difficult to put that on hold while you determine what you need to do.
But you are not alone. Integrinet IT can assist you in preparing for the CMMC. We know the NIST 800-171 standards and how to apply them to your unique business. We are here to take the load off your shoulders and save you time at a budget-friendly cost.
If you are a government contractor, strengthening your cybersecurity defenses is now a top priority. We can help you implement the necessary security controls that will tighten those defenses against threat actors who are working 24/7 to break into our computer networks.
As an IT company for Utah and Idaho small businesses, we specialize in providing IT Services for 3PL organizations (Supply Chain Logistics & Fulfillment Center). For the past four years, we have managed Elite OPS‘s network and have identified 5 critical IT services that every successful 3PL company should have.
API integration to offer 100% customization
Experienced personalized network management
Clear WiFi coverage throughout warehouse
Strategic network configuration for times of growth
Business to business cybersecurity
1: API integration – 100% customizable
Firstly, API Integration is one of the most critical services 3PLs should have. Elite OPS seeks to be 100% customizable to their customers. Every one of their clients has customized branding, software, and business operations. In order for their customers to manage business finances, operations, and customer relations, they use a variety of software and services. For example – their CRM software: some use Amazon Prime Seller Fulfilled, others use Magento, and still others use Oracle NetSuite to name a few. Elite OPS manages these integrations with a state-of-the-art warehouse management system. It translates the orders coming from each of these CRMs so that Elite OPS can efficiently process them.
That is to say, it takes a lot of strategy behind the scenes to allow the different network configurations and software packages to play nicely together. Incompatibilities between unique businesses with unique computer networks are inevitable. API, or Application Programming Interface, is a tool that connects two or more applications and allows them to exchange data. In other words, it enables Elite OPS and other fulfillment centers to organize the multitude of incoming orders and outgoing shipments. And that increases their productivity. If you haven’t yet taken advantage of these technology tools and want to learn more about them, here are 2 videos and one article:
In order for Elite OPS to get the most out of their infrastructure and warehouse management system, they need all of these components to work together seamlessly. They need them to be consistently up and running. For this reason, Integrinet IT’s service engineers work behind the scenes to manage their network. They know downtime is revenue lost and work hard to prevent it from happening.
Our engineers monitor their systems 24/7, provide onsite and remote helpdesk services, ensure their WiFi coverage is clear and consistent, back up their data regularly, and tighten their security. When we first started taking care of Elite OPS, our engineers spent months getting to know the ins and outs of their infrastructure. They created network maps to document their extensive configurations. So, when something happens (and it always will), they can more efficiently troubleshoot it.
We Provide Elite OPS with:
Onsite & Remote Services
Hardware Care & Procurement
Email Health & Maintenance
Data Backup & Business Continuity
Personalized & Professional Pro-Action Team
If you don’t have an IT company with expert service engineers that get to know your computer network personally, you most likely are experiencing a lot of unnecessary pain.
3: IT services for 3PL organizations must include clear WiFi coverage throughout their entire warehouse
Thirdly, most supply chain organizations have huge warehouses to manage their customers’ inventory. Elite OPS has a 450,000 sq ft warehouse with 60 ft Ceilings. They also have huge 30 ft shelves to safely store their customers’ goods. But these shelves end up blocking WiFi signals generated from low-level access points. And while large spaces and shelving units are perfect for their fulfillment services, they always present a challenge for WiFi coverage.
When we first began services for Elite OPS a few years ago, they didn’t have WiFi coverage at all. So one of our first major projects with them was designing and building a powerful wireless network. It provides them with Internet access at every square foot of their space. Mounting several access points from the 60 ft. ceilings has enabled their teams to stay in continuous communication with their customers, their management system, and each other. We implemented tools to remotely monitor the hardware on the ceiling to keep it fine-tuned, ensuring it works with all devices. Rarely do our technical engineers need to physically get up there to service them.
If you don’t already have a powerful wireless network that reaches every square foot of your fulfillment center warehouse, you need to find a good IT company to design and build it for you.
Read more about Integrinet IT’s WiFi/Internet Solutions:
4: Strategic network configuration for times of growth
Fourthly, with the E-commerce, logistics, and distribution boom over the last year, 3PLs have experienced an intense spike in growth. While this has been an exciting journey for Elite OPS, it has given them a lot to manage. Our service engineers worked long hours to assist them with their rapid expansion of services. They recommended and installed new hardware, software, cabling, security, and WiFi system in their new Georgia warehouse.
So, if your 3PL business is expanding exponentially, you need an experienced managed IT service provider that has already set up the infrastructure for other businesses like yours. Choosing an IT company that is familiar with your specific industry’s needs and has actual experience taking care of 3PL organizations will reduce the time it takes to set up your network and thus your costs.
5: IT services for 3PL organizations & business-to-business cybersecurity
And last but definitely not least is cybersecurity. As a large 3PL company, Elite OPS interacts with countless businesses. They have the responsibility to keep their confidential and proprietary data safe. With ransomware attacks on the rise, it is more important than ever to fortify your network to safeguard your business as well as your clients’ and partners’ businesses. Integrinet IT’s service engineers and remote tools are working 24/7 to secure Elite OPS’s network. We monitor their servers 24/7, ensure they have a strong backup and disaster recovery plan in place, and administer employee security training.
Additionally, we perform security patches, operating system updates, hardware drive/firmware updates, and server monitoring. Server monitoring includes weekly checks of event logs. We ensure their hard drives have plenty of disc space to store data and data backups. Our service engineers watch for alerts that signal it’s time for equipment replacement. They make recommendations to purchase new equipment before the old fails or warranties expire. This minimizes downtime and cost. In the event of a crash or hard drive failure, they are covered by their warranties and backups.
Because you do business with other businesses, you need to keep your network cyber secure. Cyber gangs are working 24/7 to hack into large and small businesses. Don’t make it easy for them. Did you know that if you are hacked, they can potentially hack into your customers’ networks through your portal as well?
If you don’t have a strong defensive cybersecurity strategy that consists of multiple layers of protection, make the move now to reach out to an experienced IT company to help you get started.
With our Backup Solutions, we can help you decrease the severity of a cyberattack and minimize the impact on your business operations and proprietary data. Consistent off-site data backups will reduce the monetary impact of system and data recovery if a cyberattack is successful.
If you have been watching the news, you know about the recent onslaught of ransomware attacks on businesses. Due to cybergangs’ advanced strategies and widespread incidents, we highly recommend that you have an offsite backup solution. It is no longer just larger companies and billion-dollar enterprises that these gangs are targeting. They are now going after smaller companies like ours and yours.
While cybersecurity solutions significantly increase our defenses, bad actors are out there searching 24/7 for any vulnerability they can use to penetrate our networks. Some of the most security-diligent companies have recently been attacked. There are even several local small businesses that these gangs have infiltrated.
How Cybergangs Work
When cybergangs find a vulnerability in your business’s network, they hack in, encrypt your data, and lock you out. In every file they have encrypted, instead of finding your data, you will find a .txt note that might begin like this: “Your files – photos, documents, and confidential data have been encrypted.”
The only way to recover your data is to enter a unique key that the cybercriminal gang will provide once you pay them an enormous fee – we’re talking $40K and up. If you pay, sometimes they will restore your data. Other times they won’t. And sometimes they will publish confidential files online or sell them to third parties who will use them for their own nefarious purposes.
REvil (also known as Sodin or Sodinokibi) is a ransomware gang that hacks into businesses’ networks and encrypts their valuable confidential data and then holds it for millions of dollars ransom. If the company doesn’t pay, the gang either permanently destroys their confidential data or publishes it online.
DarkSide is a cybercriminal gang that encrypts sensitive data including backups through Recovery as a service (RaaS).
Conti ransomware uses a double-extortion technique to encrypt data on an infected machine. Attackers from this group usually send a phishing email from an address that the unsuspecting employee trusts.
Backup Solutions: Tighter Security & Cloud Backup
After a breach, the outcome is never good, but we can help you decrease the severity of it by implementing tighter security and cloud backup solutions. If you have offsite cloud backup, you can at least recover your data without having to pay their ransom demands.
Because your current environments, quantity of data, and budget vary, the backup solutions we recommend are different. We strongly encourage you to talk to your service engineer today to identify the solution that will increase your defenses against these ruthless attacks.
Malicious emails are up 600% since the onset of COVID-19 and organizations are actively searching for solutions on how best to implement security awareness training for their teams. Business Managers are struggling with the following questions as they consider implementing a plan to train their teams:
How do we train our teams?
What is their current awareness level?
How can we motivate them to take the training seriously?
The Root Cause of Security Breaches
The root cause of security breaches is a lack of awareness. Cybercrime groups are always looking to penetrate a network through our natural weaknesses and vulnerabilities. The frequency, cost, sophistication, and size of cyberattacks have been dramatically increasing over the past few years. Human error is the number one cybersecurity threat to businesses in 2021. It was a major contributing cause in 95% of all breaches.
Phishing Email Statistics
As mentioned before, malicious phishing emails have gone up 600% in the last year. Cybercriminals choose to use this technique because they know that most companies are not yet up to speed with security awareness.
About one in every 6,000 emails contains suspicious URLs. Phishing campaigns are among the most common tactics used by threat actors for ransomware attacks.
The bad news is that the statistics aren’t looking any better for 2021. The trend continues with breaches such as the Colonial Pipeline, Marriot, and Nintendo.
So, cybersecurity is a serious issue for organizations in today’s world. Unfortunately, even one small click on a link in a phishing email can lead to crippling consequences. The costs are too high to ignore. Security awareness training should be one of an organization’s highest priorities.
Call us to learn more about Security Awareness Training.
Updating technology is a major concern for today’s businesses. Technology has rapidly developed over the last 40 years. And these days, it seems like tech companies are coming out with a new hardware or software version before we’ve even learned how to use the previous one. It sometimes feels like we are being manipulated into buying the newest fandangled devices and software features even though we don’t really need them. While it’s true that some of the new features solve real workflow issues, there are others that don’t seem to make any significant improvements.
On top of that, software updates usually outpace the need for hardware updates. There always seems to be a tradeoff when it comes to updating: If I update now, will my desktop computer, laptop, mobile phone, or tablet be able to handle it, or will I have to buy a new one?
And even with all the tech companies now offering monthly plans with “free” software updates, replacing hardware can get pretty expensive. This is why most of us resist updating our technology.
We don’t want to spend money on something before we actually need it.
We want to put to good use, for a good long time, the investment we have already made in our current technology.
We remember all too well how much we shelled out for it.
Plus, we like to stick with processes we know. And it’s usually not just us that have to learn the new system. Our entire staff needs to learn it too. Learning a new way of doing things initially slows down our productivity even if it later improves it. So, long story short, there are many opportunity costs to taking the time to retrain everyone.
The real reason for updating technology
The truth of the matter is, there is a balance between hanging on to the old and buying the new. That balance amounts to 3-5 years. Holding onto devices longer than five years means significantly increased issues, repairs and patches, and security vulnerabilities. This basically adds up to increased costs and slower, clunkier workflows
Here is why this is the case: Software applications are meant to interact with other software applications and hardware. And computers are designed to interact with other computers and devices. When there are incompatibilities between them, things get messed up. The result: Network Vulnerabilities. And cybercriminals are always searching for these vulnerabilities. That’s how and where they hack into our network to steal our valuable data.
Computers keep us connected
Computers connect us with the rest of the world – our clients, customers, partners, wholesalers, resources, and every other person we interact with and do business with. Because this is true, we have to keep our computer network compatible with the computer networks that belong to those people.
It is also the hard truth that if our competitors are updating technology, and it increases their speed and decreases their delivery time, our potential customers get used to being treated that well. They will come to expect that of businesses in our industry. And they usually come to expect it of businesses in every industry. This may not be a pretty picture, but it is the way it is. We all know it because we also play the consumer role in many of our relationships.
So, the bottom line is that we all are reliant on each other for personal and business relationships. We do a lot of interacting and communicating through technology. This is especially true in business. We conduct most business transactions over computers, phones, email, and the Internet. Speed and quality of communication and delivery are highly dependent on our level of technology. To achieve a high level of efficiency, it’s important that our hardware and software remain compatible with each other’s. Incompatibilities slow and break down the lines of communication. They also create vulnerabilities in networks.
Many of us (myself included – proud owner of an iPhone 7) avoid updating because we like to keep it simple and we don’t like to make purchasing decisions based on the latest craze. But now that we know that updating isn’t about that, we can make smarter decisions. (After writing this, I think I’m going to update to the iPhone 12 or maybe wait for the 13 coming out in September.)
There are actually signs we can watch for that indicate it is time to update technology. Three to five years is still a sizeable window. And four to five years is usually pushing it. Within this window of time, it would be good to know when our hardware is getting to what they call “End-of-Life” or EOL. When hardware or software reaches EOL, it means that the companies that design them stop making the parts and security patches for them. And again, most software companies now offer monthly plans which provide automated updates. So, our real concern is when to replace our desktop computers, laptops, tablets, smartphones, and other network devices.
The signs to watch for
The device is regularly running out of storage.
Updates cause your computer to have increasingly more issues (e.g., white, black, blue, green screens of death, colored stripes in places they shouldn’t be).
There are strange lovely noises coming from your computer.
You can’t even install the updates for your critical software.
Because we’re all on this ride together, we need to keep our technology current. So, hang on to your technology for the full three years before replacing it if everything is working fine. In years four through five, be extra vigilant in watching for the signs. Incorporate the necessary technology updates into your budget. One idea is to replace a percentage of your devices each year so you don’t have to replace everything at once.
If you need help with monitoring your software and hardware, choosing good machines, and keeping them fully functional within their life spans, give us a call: Idaho (208) 510-0967 or Utah (385) 316-7202.
Your IT staff can lock down your network like Fort Knox, but it only takes one accidental click in a phishing email to give a hacker the keys to walk right through the front door.
What is a phishing email?
Have you ever received an email that prompts you to do something like change a password or provide credentials, phone numbers, or email addresses? These are clues that the email may be a phishing email.
A phishing email is a scam email. It is “the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, credit card numbers, or other sensitive details by impersonating oneself as a trustworthy entity in a digital communication” (Wikipedia).
Typically, phishing emails appear to be from a trusted source like Microsoft or your IT department. They might claim an account has been compromised or that it needs to be verified. If you click on a link in the email, it takes you online to the attacker’s spoofed site, which then prompts you to enter your credentials. If you fall for this, you put your own credentials right into the hands of cybercriminals.
Phishing emails pose a growing threat to enterprises as well as small businesses worldwide. The increasingly sophisticated strategies of threat actors make it difficult to recognize them. These types of attacks are some of the most virulent security threats out there. Clicking on one little link in an email or downloading an attachment may not seem like a big deal, but it could potentially cause considerable damage to your data, your business, and its reputation.
Differentiating a phishing email from an authentic email
It is especially important to be able to identify these fraudulent emails. Threat actors strategically design them so that it is difficult to tell them apart from authentic emails. If you are not sure something is real, get a second opinion from your manager or IT service engineer. It is better to be safe than sorry.
Below is an example of a phishing email that can be very believable.
Can you identify if this email is real or fake? It looks like a real Microsoft notification. However, you will notice the sender address is:
This email is not from Microsoft and should be deleted and ignored. Here is another example:
The above image is a screenshot of a real phishing email that was received a few months ago. Although this email was easy for the recipient to identify as a scam, it is a good example of what you can look for. The red comments point to each of the clues that identify it as a scam.
Is it real or fake? Check out these clues
The sender appears to be within your organization, but you have never heard of him/her
You or your team do not use the services they are claiming you do
You trust the source, but the message is unexpected
The sender’s message does not make sense or uses poor grammar
The name of the sender is someone you know within your organization, but the email address is strange
The email looks official, but it is coming from outlook.com or gmail.com
The sender is asking for sensitive information
The email claims to be from someone within your organization, but the style and manner do not match routine communication protocols
A Phish Story
Recently, a business was hit hard by a phishing email opened by a single user. The scammer that sent the message logged into an employee’s email and sent an email to not only his coworkers but also his clients. The hacker said he was in a bind and needed someone’s help who had an Amazon account. He configured the email account to forward all emails to a spoofed email that was similar to the victim’s account using the same name and contact information.
Unaware of the situation, many of the recipients responded that they did have Amazon accounts. The scammer sent out another email to these individuals asking them to buy a $500 gift card for him and he would pay them back. Fortunately, someone figured out what was going on and the employee’s email account was recovered before anyone sent a gift card. But still, there was damage done.
Part of this business’s services included collecting and safely storing their clients’ financial data. When the clients realized that this company had been hacked, they feared their financial data and email addresses were not safe with them.
This was a hard lesson for the business owners to learn. Anyone can get hacked. But you and your team can reduce the chances by becoming more educated about phishing emails.
You have a part to play in fighting against email phishing
Your IT company secures your company using firewalls, data backups, antivirus, and a host of other tools. But these cannot protect your business against breaches caused by end-user vulnerabilities.
You and your team have a part to play in proactively protecting your organization and its data. As a team member, you are given privileges that, in the wrong hands, could cause a lot of potentially irreparable damage to your business and day-to-day workflow.
Crucial action steps to protect your company
Create and follow guidelines for communication within your company
Identify what should be communicated through email, phone, in person, or in text messages
Never give anyone else your password outside of the strictest circumstances
Emails from Integrinet IT will always be from integrinetit.com or integrinet.net
Emails from your team members and other departments within your company should only come from known email addresses at your domain name (i.e., yourdomainname.com, yourdomainname.org, etc.)
Watch closely for the clues mentioned in this article that alert you to phishing emails
Report suspicious email to your management and team
Participate in end-user security training
If you are unsure if what you are facing is a threat, avoid responding, clicking on suspicious links, or opening attachments and contact your management or service engineer.
If you feel your organization is not doing enough or needs help in securing your network from potential threats like phishing emails, contact your service engineer and start a conversation about it. We are always here to help and want to work with you to ensure your digital work environment is safe.
Starting in early January 2021, another pandemic in the form of a zero-day exploit has been taking advantage of on-premise installations of Microsoft Exchange Server. Threat actors have been attacking business networks around the world as quickly as COVID-19 attacked our global health.
What is a zero-day exploit?
A zero-day exploit is when attackers find an unknown vulnerability in software or hardware and then leverage it before security teams detect it and create a defensive patch. It goes unnoticed until attackers send their ransom note.
In this recent zero-day exploit, attackers searched for and found vulnerabilities in Microsoft Exchange Servers that many businesses use on-premise. The attackers exploited these vulnerabilities to access emails and obtain long-term access to business networks. Once inside a network, they withdrew valuable data and stored it in their own cloud servers.
The four flaws in Microsoft Exchange Server
CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065
Stealing Passwords & Searching for Vulnerabilities
Cyber attackers usually get into networks by stealing passwords. But they sometimes get in by searching for vulnerabilities as in the case of this zero-day exploit. Firewalls and antivirus software don’t detect the infiltrators because they basically steal the digital identity of someone who should have access. They can then create remote access to control the server and steal data from the company’s network.
Their end goal is to steal information. They scramble the organization’s valuable data so they can no longer access it. Then they use it for ransom. They may even destroy the network and data permanently.
National cybersecurity groups suspect a Chinese nation-state group, Hafnium, to be the source of these attacks. Microsoft engineers worked 24/7 to create the needed patches. They used out-of-band emergency patches. Out-of-band patches are fixes created and sent out immediately instead of waiting for the next scheduled update to issue them to the public. This means that Microsoft considered this threat to be very dangerous. All businesses should apply the update ASAP.
Hafnium’s Attack on Microsoft Exchange Server
Hafnium rents servers in the US even though the individuals themselves are based in China. They usually target organizations in the United States such as medical research organizations, law firms, universities, DoD contractors, and non-government organizations.
Even though this group is responsible for the initial exploits, there are many other bad actors that are moving in like vultures to take advantage of the situation.
Security Patches – Shields Up!
IT companies around the globe have been moving as quickly as possible to apply the updates and protect their clients.
The government department in charge of homeland cybersecurity reported worldwide exploitations. They have ordered all businesses and other organizations to apply Microsoft’s patches or disconnect email servers that are at risk. The direction has been to treat all organizations as if they have been compromised. If IT companies can’t find signs of the infiltration, they should disconnect the Exchange Server and rebuild it. Additionally, organizations should install and run security updates as an administrator as opposed to running them in normal mode. If you have made the mistake of doing this in normal mode, Outlook (for those who access it through their browser) and the Exchange Control Panel may stop functioning properly.
It has been a busy few months for our cybersecurity teams as well as others around the world.
One of the most important ways you can protect your technology is to keep it updated with patches and newer versions. This applies to all your computers, devices, machines, software, and servers. If you don’t keep them updated your vulnerability to cyberattacks increases.
Usually, Microsoft doesn’t provide patches for older versions of Exchange because businesses are responsible for keeping their technology patched and updated. But because of these global attacks, Microsoft has worked tirelessly to create more patches to protect those that still had older versions.
Is my business network vulnerable? That’s a question that keeps many business owners awake at night. Penetration tests for business networks often show that a network is most vulnerable from the inside. For example, it is not unusual when people write down their passwords and put them on their desks. I see it all the time.
Awareness of Local Exploitation
It’s important to be aware of the fact that there are vulnerabilities that can be exploited locally by individuals with the intent to steal data or cripple a business. Some might pose as a repairman or janitor. Some might be dumpster diving searching for information like account numbers, contact names, and numbers. And they want to breach your business to access your data.
The Value of Your Data
Your company’s data is the meat on the bones. It’s the most vital part of your business. Everything but the data can be replaced. So, if hackers can access your network and take your data, that can be devastating to your business. Too many businesses don’t realize how crucial it is to have their servers and networking equipment physically secure with a locked door or cabinet.
My Experience with Business Network Vulnerability
In my previous experience, I performed work for a large business that worked with sensitive, protected data. I brought it to the attention of management that the building’s network had a physically exposed element that could have been exploited by a hacker posing as a repairman or janitor.
This is why I continue to encourage the clients I work with to secure their network.
The following article (and video) is a great resource to understand how businesses can increase their network security. In non-techy language, it explains the most common network vulnerabilities. It even includes things like shoulder surfing, tailgating, and dumpster diving.
The above article says businesses should have biometric authentication (fingerprint or face recognition) and access cards to protect servers. While I agree with this one-hundred percent, it is better than nothing to at least have a lock on the door and managers holding the keys.
Every business needs #cybersecurity regardless of how small it is. This case study reported by the National Cybersecurity Alliance increases our awareness of this fact: The owner of a small family-owned construction company was notified that an unknown source initiated a $10K ACH transfer. They contacted the bank and learned that cybercriminals had made six transfers in one week from the company bank accounts, totaling $550K. How? Read the full story here. We are here to make sure you are protected from these kinds of attacks. Give us a call if you are in need of a free security assessment.