Tag: content filtering

Protecting Your Network from Ransomware

Protecting Your Network from Ransomware

What is Ransomware?

Ransomware is malware that holds the victim’s data ransom by preventing access to the computer by locking the desktop or by encrypting the user’s files where they cannot be read. The malware then displays a ransom note, possibly pretending to be from federal or local law enforcement of some sort.

The ransom note may even claim that the computer was used to look at illegal websites, videos, or images and will try to frighten the victim into paying up by threatening to bring them to court.

As we quickly approach 2016, researchers at Fox IT have successfully identified the “Big 3” Ransomware families, whose members have generated huge income in 2015:

  • CryptoWall
  • CTB-Locker
  • TorrentLocker

What are the Basic traits of Ransomware?

Although each ransomware variant is unique, they still work in similar ways. There are generic traits seen with these behaviors.

File-system behavior

Most ransomware will place payment instruction files in the directory of the files that it’s going to encrypt. These files are usually in the form of a text, image and/or URL. It may even include a popup window notifying the user that his files are being held ransom and require a ransom.

Network behavior

Ransomware will encrypt files on drives that are network mapped on the computer as a side effect. This can affect an entire business that relies on network shares for their data, potentially spreading from one computer, to the server, to all other computers that access that server. Having a proper backup solution in place may be the only solution to protecting your data.
As we find encrypted files on a network share, we can use that to determine which user was initially infected with the ransomware by checking the creator of the instruction files on the share. This tells us which computer to disconnect from the network. The goal is to disconnect the infected user as quickly as possible from the network to prevent any further damage.

So where did the Ransomware come from?

One method for installing ransomware is through certain websites. These may be malicious websites, set up by criminals for the sole purpose of infecting website visitors, or they may be legitimate websites that have been compromised by infected advertisements or links by the criminals and used to spread malware.
Another way ransomware can install on your computer is through the opening of email attachments in SPAM or infected emails. These malicious emails may have what looks like regular files attached, but once you open them, your computer is at risk of becoming infected with malware. You may not even see it happening.

Ransomware on Mobil Devices

Ransomware for mobile devices is becoming more common and now have the ability to lock your smartphone or tablet or even encrypt the files stored on these devices. Criminals have learned that we are more dependent upon our phones and tablets than ever before. In some instances, they are more frequently used than our computers, explaining the increase in “mobile malware”.

Follow these tips to stay protected from ransomware.

  • Make sure you have a quality, antivirus program installed on your network, and that it continues to be updated on a regular basis. This also includes installing a reputable security app on your phone and tablets.
  • Keep the operating system and all software on your computers & servers up-to-date by installing the latest security patches and updates.
  • Consider adding a mail-filtering service that not only protects your email from SPAM, but also adds manageability and virus protection. Some services, such as MailWatch from CMS, will continue to spool your email when your connectivity is down, protecting you from lost emails.
  • Avoid downloading software or mobile apps not necessary to your work and only download from trusted sources.
  • Most importantly, Backup! For your network, have a data backup solution in place that protects your critical data on your network so that if anything does happen, you have an untainted backup source to retrieve from and restore to your network. And don’t forget to back up your mobile device to a reliable cloud source that you can retrieve from and restore.
Who’s Looking Out for Your Network?

Who’s Looking Out for Your Network?

Today I want to talk about the importance of using a consistent IT services provider.  Every business out there relies on some type of technology to make their business run, whether it is your phone system or your computer network.

At CMS, we work with a variety of customers both large and small.  Some customers employ their own IT personnel and simply rely on us as a provider of equipment and backup support, while others depend on us fully for managed services, using us as their “offsite IT department“.  Regardless of your size and budget, having a local IT company that you consistently work with is important, and here is why.

Knowledge of your Network!

Working each time with the same company, they will learn your network.  They will be better educated on the layout and design of your network, the applications that your employees use and the security policies in place.  If you’re not using the same business to resolve your issues, each problem will cost you in additional time to pay for a learning curve.

 Elimination of Network Problems Before They Occur

Because there is a familiarity with your business and your network, your IT provider can help you eliminate problems before they occur.  They are more capable of seeing a device with declining performance if they are always the ones to work with it.  And as we know, fixing a problem is much quicker at the beginning than it is in the end, which can reduce your down time.

The Trust Relationship

Finally, it all comes down to trust.  Your IT provider should understand the nature of your business and only have your best interest at heart.  Your goal is to run your business as efficiently and effectively as possible, and your IT company should be up to the challenge to make that happen.

Sometimes, it may seem like it is salespeople just trying to make a sell, and we understand that getting your network up to standard can be expensive at first. However, we can say that customers who trust us and make the investment are more productive and suffer less downtime.

We encourage you to find a local IT provider in your area that you trust, check out their reputation with other customers, and build a relationship that will strengthen your business.  If you are in the Southeast Texas area and are looking for someone, visit with us and ask us questions.  We are always happy to meet new faces.

Why Employing Strong Firewall Policies is Critical

So, you think your network is safe? I think a large store chain felt the same way until their network was compromised along with thousands of their customer’s credit card information. The truth is you can never be too safe when it comes to protecting one of the most valuable assets your company owns – its data!

Has your server or PC ever been compromised? If you answered no, how do you know? Has your home PC ever had a virus? Yea….how long do you think that virus was on there before you actually realized it?  Maybe someone snuck in, decided there was nothing important in there and then snuck out without you even knowing. Or perhaps they managed to get their hands on your Quicken file and you don’t even know it yet – but you will at some point.

There are many other examples of network and data compromise but you get the point. It’s critical to do all you can to keep the bad stuff away from your network. We had a situation once that our server was painfully slow and we simply did not see any bread crumbs to nail down the problem. We would reboot it and it would stabilize for a day or so then go right back to super slow mode. We finally found the culprit. Someone overseas (from what we could tell) compromised our server and loaded it up with foreign movie trailers and they were streaming them from our server.

Protection with Border Control

We use the term Border Control to characterize the role of a firewall. It’s important to follow best practices with configuration and even down to the type of appliance that you purchase. Sorry, but a $65 Netgear will not do the trick. You need a robust device that offers more than NAT routing and port forwarding. Protecting your network is a multilevel approach and Border Control is just part of it, so keep that in mind. But today we are focusing on the border…your firewall.

Below are some best practices to consider for controlling your border.A quality device from a reputable manufacturer is the best place to start. A business class router from Cisco, Meraki or SonicWall is what we recommend. They offer various models that will fit just about any small business budget as well as large corporations with huge budgets. Throughput, speed, number of users etc. all come into play and need to be considered when determining the proper firewall for your network. A quality sales rep from a reputable company should be your trusted advisor and can help you make that determination.

Options such as security services are very important features of quality firewalls. These security services include Antivirus, Content filtering, intrusion detection / prevention and more.  Remember my note about border control being part of a multilevel solution? Antivirus at the firewall is the first line of defense for viruses entering the work place. This does not replace AV on the desktop! AV at the border will help to mitigate virus and malware issues.

Content filtering is a very important component to protect your network from improper web habits of your employees. It also adds that peace of mind that you’re going to a safe site even though it looks like a legitimate business class website. This at times can be an unpopular policy among employees but unfortunately it is something that needs strong consideration.

We recommend putting a statement in your handbook that outlines company policies and expectations of use for company technology. Ask your employees if they would mind paying the hourly rate of the tech that has to clean their PC or the network from viruses at $100 plus per hour. That may open their eyes.

Finally, intrusion detection and prevention is something that should be considered. The preferred method is to use a service that does 24 hour monitoring for the absolute best protection. However that can be pricey. If that is not an option, the ID/PS on the firewall is an important component. It blocks and filters opportunistic bots and hackers and keeps them from entering your network. It’s important to monitor this and the reports to know who’s trying to get in.

So there you have it. This should give you some things to consider when protecting your network. Nothing can guarantee that you will not be compromised but we certainly don’t want to make it easy. The easy ones are the ones that the bad people are looking for!