We live in a practically wireless world today. In fact, there is a very high chance you are reading this article over a wireless connection right now. Our dependency on wireless technology is certain, but how can we enhance the way we access data, secure our connections and ensure that we are getting the best that wireless has to offer?

Wireless Security 101

Most people access data and internet services over wireless connections without really thinking about it. It’s convenient, fast and connects you to all the services you’ve grown to rely on. However, this convenience can cause complacency and that is when you can be at your most vulnerable.

For example, if you are using an open wireless network with no password security you could be leaving your personal data wide open to being intercepted and stolen. That includes your banking details, your email credentials and your social media passwords. In the wrong hands this data could end up costing you dearly. Identity fraud is on the rise and costs U.S. consumers millions of dollars every year.

Today’s wireless networks typically offer 5 major levels of security:

Type Security Length of Password
Open None – Never Recommended N/A
WEP Basic – Not Recommended 10 to 26 characters
WPA Good – Works well for older devices 8 to 63 characters
WPA2 Better – High level of security 8 to 63 characters
WPA/WPA2 Mixed-Mode Dynamic – Only as good as weakest link 8 to 63 characters

Steer Clear of Open and WEP

You’ll often find open networks freely available in internet cafes and fast food restaurants. However, because open wireless networks use no password security, it makes sense to avoid these networks at all costs. Exchanging secure or personal data over these networks can result in your passwords being cracked and stolen, and your data compromised. While WEP networks offer very basic security, it only takes hackers mere moments to "guess" your password using password cracking software.

Protect Your Connection With WPA and WPA2

Whether you are setting up a wireless router at work or home, or accessing a network on the move, it is always recommended that you configure or choose a network that is using WPA or WPA2 security. However, while these technologies offer more robust security there are still a couple of vulnerabilities you should be aware of.

Both WPA and WPA2 networks require password authentication before access is granted. However, the security on these networks is only ever as robust as the password used to control entry. While a strong password that contains 20 characters and is made up of letters, numbers and symbols would be practically impossible to crack, it is human nature to choose a password that is easier to remember. Unfortunately, passwords that are easily remembered are also easy to crack, especially if they use words you can find in the dictionary.

How to Further Secure Your Network

There are still a number of ways you can secure your wireless network. A hidden SSID and MAC address filter will mean users must not only know the name of the network they are connecting to, but they must also be accessing the network using a device whose MAC address has been included in the filter. Add to this a robust password and you have a very secure wireless network. You could also create a separate guest network that segregates guest traffic from the rest of the network and any classified or sensitive data that could be vulnerable.

On Friday and over the weekend, a major piece of malware infected hundreds of thousands of computers, taking down everything from businesses to the U.K.’s National Health Service. The malware was called WannaCry 2.0.

Ransomware is malicious software that burrows into your computer and encrypts the files on your machine, keeping you from being able to access them. The malware’s creator then asks that you to pay a fee to unlock your data. WannaCry 2.0 uses a vulnerability in Microsoft’s (MSFT) Windows operating system to attack users’ computers.

The first wave of the WannaCry 2.0 attacks seems to have passed. But chances some hacker will repurpose the malware and send it back into the wild again. There has been some talk that the next wave could specifically target businesses, both large and small, in the United States.

Ransomware doesn’t just appear on your computer. It has to be downloaded. And while you could swear up and down that you’d never be tricked into downloading malware, cybercriminals get plenty of people to do just that. This typically happens by opening and clicking on links or attachments in an infected email.

That email you opened to get ransomware on your computer in the first place was specifically written to get you to believe it was real. That’s because criminals use social engineering to craft their messages. For example, hackers can determine your location and send emails that look like they’re from companies based in your country.

It’s not just email, though. An attack known as a drive-by can affect you if you simply visit certain websites. That’s because criminals have the ability to inject their malware into ads or links on poorly secured sites. When you go to such a site, you’ll download the ransomware.

How to protect yourself:


Software and OS Updates

The very best way to protect yourself from these types of attacks is to constantly update your operating system’s software and apps like Microsoft Office and Adobe Flash Player. For businesses, there are patch management systems that can monitor all of your business computers for outdated versions, automatically download the updates needed and then push them out from a central repository. No business owner has the time to constantly stay on top of the amount of updates needed to truly be protected. A software system designed to do this heavy lifting for you is the way to go.

Data backups

Always maintain and test a reliable system to back up your files. You can either do that by backing them up to an offsite data backup service or by backing up to a near line storage or external drive. Some ransomware can infect your backups however so you will want to choose a business option rather relying on a Google Drive or other “retail” level system. If you’re backing up to an external hard drive, you’ll want to disconnect it from your PC when you’re finished.

Anti-virus software and Internet content filtering

An up-to-date and properly licensed anti-virus software will help prevent malware from becoming present on your machines. Internet content filtering will help block websites that are potential problems in the first place thereby lowering your chances of accidentally visiting one of these sites to begin with.

Find out just where you are with your technology

Technology should never be considered a “set it and forget it” part of your business. It takes constant tweaking, monitoring and maintenance to make your system reliable. You should strongly consider having a formal IT Security Assessment performed on your system no matter how large for small your business is as these formal scans can give you an excellent chance to find out just where you have vulnerabilities.

We can assist you with any of the above protection measures mentioned above. It is far less costly to be proactive than it is to be reactive. NOW is the time to find out, not later or…….after!

USCyberSecurity-MagazineKenneally Technology Services was recently requested to provide their expertise to a national cybersecurity organization and their online publication.  Here is an excerpt with a link to the full article if you wish to continue reading:

The “little guy mentality” can no longer be relied upon to protect and safeguard your systems in today’s environment.

Much attention has been paid to major data breaches that have affected large corporations, United States government agencies, not-for-profits and political organizations. This attention has resulted in the allocation of significant resources, both monetary and intellectual, to shore up business and government defenses against different types of cyber threats. In fact, an entire educational industry has emerged as high schools and universities now offer courses and majors for a new generation of cyber-warriors.

That is all well, good and necessary given cyber’s national security and financial implications, but it fails to address the core of the American economy. Tens of thousands of small-to-medium-sized businesses (SMBs) do not have an existing or adequate cybersecurity budget. Perhaps worse, these organizations often feel that due to the small size of their business they will not be the targets of a cyber-attack?

This perception is simply not correct. Last summer, the FBI reported that as of late 2013 (the latest data available), more than 7,000 U.S. companies, of all sizes, were victims of phishing scams, with losses exceeding $740 million. Symantec Corporation has observed a steady increase in attacks targeting businesses with less than 250 employees, with 43 percent of all attacks targeted at small businesses in 2015, proving that companies of all sizes are targeted…

Continue Reading on USCyberSecurity.net

Recycle-IT-Equipment

There are many important reasons to go to the trouble of recycling your retired IT equipment rather than just tossing it into the dumpster when no longer needed.

Environmental

According to ComputerWeekly.com, an average PC contains plastic (23%), ferrous metals (32%), non-ferrous metals (18%), electronic boards (12%), and glass (15%). A single computer can contain up to 2kg of lead, and the complex mixture of materials make PCs very difficult to recycle for the owner of the equipment themselves.

It is possible to recycle many parts of an IT system, particularly monitors, PCs and servers. Computer peripherals, such as printers and scanners, can also be recycled, as well as landline and mobile phones. Recycling one million laptops saves the energy equivalent of electricity used by more than 3,500 US homes in a year. For every million cell phones we recycle, 35,000 pounds of copper, 772 pounds of silver, 75 pounds of gold and 33 pounds of palladium can be recovered.

Convenience

If you are like most business owners, you have accumulated a large amount of old technology equipment. Most local recycling sites located within the State of Maryland do not allow bulk disposal of retired IT equipment, but instead limit the drop-off to a single item per vehicle. If yours is a large organization, this could mean several trips just to dispose of a small portion of your old equipment.

Having a professional recycling firm handle these duties for you is much more affordable than you may think. The convenience of their personnel coming to your site and picking up the equipment for you is well worth the cost. A professional IT recycling firm should provide you with a detailed list of all equipment disposed of, including make, model and serial numbers. They should also provide you with certificates as proof that all hard drives and magnetic media storage devices have been properly destroyed.

Security

The single most important reason you should retain a professional recycling firm to handle your retired technology is security. Mechanical hard drives commonly found in servers and desktops computers, solid state drives found in laptops, and flash drive technology used in phones and memory sticks can house long-forgotten yet sensitive data in documents, emails, and even videos and pictures.

When you use the file deletion utility of your computer or mobile device’s operating system, it does not actually delete the data. Instead, it marks that location on your system’s storage device as being available to overwrite the space with new data. A lot of readily available data rescue software can very easily retrieve “deleted” data from storage devices that may even be damaged.

If you are in an industry that has regulations for securing patient health information, credit card information and any personal data (and that covers nearly every type of business), you should have not only a strategy in place, but also an IT policy that states how data storage devices and IT equipment are destroyed. A few dollars now can save you thousands later.

For more information, please feel free to reach Dave Thomas, Director of Technology Services, at dthomas@jlktech.com or 443.829.9897.

mdmgaMaryland MGMA (Maryland Medical Group Management Association) is the local resource for medical practice management education and information.

Kenneally Technology Services was a sponsor of the Maryland MGMA State Conference on Friday, September 30th.  We have worked with lots of medical practices on IT Security Assessment projects as well as providing managed network services for many medical groups.

Kenneally Technology sponsored the TapSnap photo booth at this event which benefitted the Casey Cares Foundation and it provided a bit of  fun relief from the informative conference sessions and meetings.

Check out the fun from the photo booth with Kenneally Tech or the Maryland MGMA Event Facebook page.

 

next posts >>