508-909-5961 [email protected]

New Spectre-style attack discovered

Security experts are constantly discovering new potential threats, and quite recently, they’ve found a new type of Spectre-style attack more dangerous than the original. Here’s a quick rundown of the new Spectre variant.

Spectre 101
For those who don’t know, Spectre is a vulnerability in modern computer chips like Intel and AMD that allows hackers to steal confidential information stored in an application’s memory, including passwords, instant messages, and emails.

The post New Spectre-style attack discovered appeared first on Complete Technology Resources, Inc..

New Spectre-style attack discovered

Security experts are constantly discovering new potential threats, and quite recently, they’ve found a new type of Spectre-style attack more dangerous than the original. Here’s a quick rundown of the new Spectre variant.

Spectre 101
For those who don’t know, Spectre is a vulnerability in modern computer chips like Intel and AMD that allows hackers to steal confidential information stored in an application’s memory, including passwords, instant messages, and emails. Malicious code running on a computer or web browser could be used to exploit this vulnerability, but ever since Spectre was discovered, Microsoft, AMD, Intel, and other tech companies released a series of updates to fix it.

What is NetSpectre?
To perform Spectre attacks, malware would have to run on a targeted machine to extract sensitive data. But in late July, Austrian security researchers found a way to launch Spectre-style attacks remotely without locally installed malware. The new attack is called NetSpectre and it can be conducted over a local area network or via the cloud.

So far, it’s impractical for average hackers to use this method to steal data. In tests, researchers were able to steal data at a rate of between 15 to 60 bits per hour, which means it would take days to gather corporate secrets and passwords. As such, NetSpectre will probably be used by hackers who want to target specific individuals but don’t want to resort to obvious methods like phishing scams or spyware.

Experts also warn that while NetSpectre may be impractical now, hackers may develop faster and more powerful variants in the future.

How should you protect your business?
NetSpectre attacks exploit the same vulnerabilities as the original Spectre so it’s important to install the latest firmware and security updates. You should also secure your networks with advanced firewalls and intrusion prevention systems to detect potential NetSpectre attacks.

Last but not least, working with a reputable managed services provider that offers proactive network monitoring and security consulting services can go a long way in protecting your business from a slew of cyberthreats.

If you’re looking for a leading managed security services provider, why not talk to us? We provide cutting-edge security software and comprehensive, 24/7 support. Call us today for more information.

Published with permission from TechAdvisory.org. Source.

The post New Spectre-style attack discovered appeared first on Complete Technology Resources, Inc..

Read More

Office 365 security considerations

It’s easy to see why Office 365 is an attractive solution for small and medium-sized businesses already familiar with the Office interface. More and more companies are making the move to the cloud, but there are security issues to consider.

Identify your company’s sensitive data…
Most files housed within your servers contain sensitive commercial and personal data that must be properly identified and protected.

The post Office 365 security considerations appeared first on Complete Technology Resources, Inc..

Office 365 security considerations

It’s easy to see why Office 365 is an attractive solution for small and medium-sized businesses already familiar with the Office interface. More and more companies are making the move to the cloud, but there are security issues to consider.

Identify your company’s sensitive data…
Most files housed within your servers contain sensitive commercial and personal data that must be properly identified and protected. Do this by conducting a security audit before you undertake your migration.

Your audit should identify the types of data stored in the various parts of your company network, including which specific information needs extra safeguarding. Be sure to consider everything from trade secrets and contract details to the personal information of your clients.

…and then restrict access to it
Once you’ve worked out where your most precious data lies, you can check who currently has access to it and whether their access is appropriate. After all, it’s not necessary for everyone to be able to get at all the data your company owns.

Ensure that each of your employees has access only to the data that’s necessary for them to perform their duties. The great thing about Office 365 is it lets you conveniently set different levels of permissions based on user roles.

Watch out for insider threats
It’s wise to consider everyone in your organization when it comes to auditing data access permissions – and that includes system administrators who may have master access to every element of your network infrastructure.

A rogue administrator is the stuff of nightmares, since their elevated position gives them much greater leeway to siphon off valuable data without being noticed – or even to allow others to conduct questionable business and bypass the usual built-in security precautions. You can mitigate this risk by monitoring your administrators’ data usage and activities.

Use machine learning to foresee security breaches
Every action performed by your staff within Office 365 is automatically logged, and with relative ease you can create detailed activity reports. But the sheer number of events taking place within Office 365 in the course of your business’s normal operations means that even attempting to identify questionable behavior will be akin to finding a needle in a haystack.

That’s not to say it’s unwise to be on the lookout for anomalies in normal usage – the export of unexplainably large volumes of data, for instance, could suggest that a member of your team is leaking intelligence to a competitor, or that they’re about to jump ship and take your trade secrets with them.

To make things easier, machine learning technologies can identify potential breaches before they happen by analyzing large swathes of data in seconds. Graph API is incorporated into Office 365, and allows for the integration of machine learning tools into your security environment to achieve just that. The same tools can also help you avoid being caught unawares by hackers, by identifying system login attempts from locations that are out of the ordinary.

By following these tips, you’ll be able to enjoy the powerful collaborative features of Office 365 while ensuring the robust security your business demands. To find out more about how we can help your Office 365 migration run smoothly, just give us a call.

Published with permission from TechAdvisory.org. Source.

The post Office 365 security considerations appeared first on Complete Technology Resources, Inc..

Read More

IT security policies your company needs

When it comes to Internet security, most small businesses don’t have security policies in place. And considering that employee error is one of the most common causes of a security breach, it makes sense to implement rules your staff needs to follow.

The post IT security policies your company needs appeared first on Complete Technology Resources, Inc..

IT security policies your company needs

When it comes to Internet security, most small businesses don’t have security policies in place. And considering that employee error is one of the most common causes of a security breach, it makes sense to implement rules your staff needs to follow. Here are four things your IT policies should cover.

Internet

In today’s business world, employees spend a lot of time on the internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. This must limit internet use for business purposes only, prohibit unauthorized downloads, and restrict access to personal emails on company devices. You can also include recommended browsing practices and policies for using business devices on public wifi.

Email

Just like the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links, or perform any type of business-related activities outside their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, thus preventing spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own devices, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work-related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. This means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies shed some light on the industry’s best security practices. If you’d like more tips or are interested in a security audit of your business, give us a call.

Published with permission from TechAdvisory.org. Source.

The post IT security policies your company needs appeared first on Complete Technology Resources, Inc..

Read More

Cloud: 4 common myths debunked

Overhyped reports of cloud hacks and server failures can lead some small business owners to be wary of a service that has so much to offer. So what are these common misconceptions about cloud computing? Here are a few myths people believe about the cloud.

The post Cloud: 4 common myths debunked appeared first on Complete Technology Resources, Inc..

Cloud: 4 common myths debunked

Overhyped reports of cloud hacks and server failures can lead some small business owners to be wary of a service that has so much to offer. So what are these common misconceptions about cloud computing? Here are a few myths people believe about the cloud.

#1. Cloud infrastructures are unsecure

Information security is a necessity for every business. And the most prevalent misconception about the cloud is the idea that cloud services lack appropriate security measures to keep data safe from intruders. Most users also think that the data stored in the cloud can be easily accessed by anyone, from anywhere, and at any time.

But the truth is it’s actually more secure for small businesses to use cloud services. Small companies usually can’t afford to hire an IT department let alone train them to deal with online security threats. Cloud providers, on the other hand, offer services such as multi-layered security systems and antivirus protection that not only specialize in keeping infrastructures safe from hackers but are available at a price that is much lower than you would pay for in-house IT staff.

Additionally, large cloud-based services such as G Suite and Office 365 are supported by an infrastructure that constantly installs updates and patches, which helps manage security breaches. This frees you from the burden of installing the updates yourself and managing the overall security of your system.

Users should understand that no company is completely safe from security threats regardless of their IT infrastructure. But data is likely to be more secure in the hands of cloud providers as they are the most prepared and qualified to protect your digital property.

#2. The cloud lacks proper encryption

Most people misunderstand how encryption is implemented to keep your data safe. For example, encryption is generally used for data in transition, where data is protected from anyone seeing it as it travels from one internet address to another. But encryption can also be applied to data at rest, where data is encrypted on a storage drive.

With this in mind, you should understand what types of encryption your business and its data require. When it comes to choosing the right cloud service, it is best to inform yourself about the security measures that a cloud infrastructure implements and look at how it can protect your company’s digital property.

#3. With the cloud you are no longer responsible for data security

While cloud security is important, protecting data ultimately rests on the users who have access to it. Misplacing unlocked mobile devices can leave your data vulnerable and compromise your entire cloud infrastructure. This is why we recommend strong verification mechanisms in place for devices that are used to access the cloud.

#4. The cloud is never faulty

Like many IT services, cloud-based services are not immune to technical difficulties. For example, some cloud businesses have suffered outages and server failures which corrupted files and may have lost data in the process.

Hacking is another reason why some cloud services fail. Using a less than optimal cloud service that is vulnerable to attacks can lead to stolen or deleted data, which would be near impossible to recover if you did not have any offline backups.

Before signing up for any type of cloud service, clarify with its provider what is guaranteed. Most cloud providers make promises about a service’s uptime or its safety from provider-related breaches.

Security is truly one of the biggest barriers to the adoption of cloud computing in a small business. But as cloud services expand and encryption technologies advance, cloud adoption is increasingly becoming the most cost-effective solution to meet the small business owner’s IT demands. Contact us today to learn how your business can take advantage of all the cloud has to offer.

Published with permission from TechAdvisory.org. Source.

The post Cloud: 4 common myths debunked appeared first on Complete Technology Resources, Inc..

Read More