All Posts By

Doug

What is a Malware and Virus?

By | Uncategorized

Regardless of what you call it, most people know you don’t want a malware or a virus hanging around. Then why is it important to understand the difference between the two? One simple reason is you can protect your computer from a virus, but not be protected from a malware. Why? Because all viruses are malwares, but not all malwares are viruses. Allow me to explain.

What is a Malware

Malware, short for malicious software, is written by cyber criminals with the intention of gaining access or causing damage to a computer or network, often without you even knowing you’ve been compromise. This malicious software is written differently depending on the goal(s) of the perpetrator. For example, a malware appropriately named ransomware is written in a way that once your computer or network is infected you are locked out and unable to access your data until you pay a ransom. Another example is those annoying pop ups’ you get almost forcing you to click on that advertisement link, is a malware called adware. There are many other variations of malware including trojan horse, spyware, wiper, worm, botnet, keyloggers, rootkits, and fraudtools, written with different objectives.

What is a Virus

One of the most recognized names of all malwares is the virus made popular in the 80’s and 90’s. This malware is written with the intention of altering the way your computer operates and spreads itself across a network without the user’s involvement. Over the past few decades the virus has become less frequent compared to other malwares, but its name continues to be used synonymously with malwares. “My computer has a virus” often means your computer has a malware.

How to protect yourself

There are best practices such as security awareness training to avoid phishing, a “is this software safe?” search before downloading a program or app, keeping your software up to date, using strong passwords, backing up your computer, and using a firewall. One of the most reliable ways to protect your data is through the use of anti-malware and anti-virus software. Anti-virus software is about preventing viruses from being downloaded or opened on your computer or network. If a virus becomes active it’s difficult for the anti-virus software to detect its presence. Anti-malware on the other hand is designed to take malware, including a virus, out of an infected computer. Think of it as anti-virus is about prevention while anti-malware is about correction. That said, it is advised to use both for the best protection. If you are interested in learning more about the software available, check out PC Magazine’s “The Best Malware Removal and Protection Software for 2019” at https://www.pcmag.com/roundup/354226/the-best-malware-removal-and-protection-tools

While speaking with a friend Jason about malware vs. virus, he made a comparison to spiders. This helped me make the “all viruses are malwares, but not all malwares are viruses” statement easier to understand. Think of this, all Daddy Long Legs are spiders, but not all spiders are Daddy Long Legs.

Next up: What is a firewall?

Click here for our previous post, “What is XaaS?”

What is XaaS?

What is XaaS?

By | Uncategorized

Every industry has its terms and acronyms, information technology (IT) and telecommunications being no expectation. There is even a popular industry book “Newton’s Telecom Dictionary” now on its 31st edition with over 30,000 terms defined. The as-a-service (“aaS”) model, in the context of cloud computing, is a term that refers to a service(s) being made available over the Internet via the cloud. The “X” is a placeholder representing virtually anything and everything.

You can replace the X with just about any letter of the alphabet and you will likely find it is a service. I randomly picked the letter T which, as it turns out, is “testing”, who knew? The X can also represent services with more than one letter, such as: disaster recovery (DRaaS), business continuity (BCaaS), information technology (ITaaS), database (DBaaS), etc.

Perhaps the most popular “aaS” is SaaS, pronounced “sas” not S-A-A-S. Although the S can represent many services including search, security, and storage, it is more commonly recognized as Software-as-a-Service.This particular service has been made popular thanks to recognizable household services like Dropbox, LinkedIn, and Twitter and although debated Facebook. In business you hear names like: DocuSign, LinkedIn, Salesforce, Office 365, Zendesk, GoToMeeting, Workday, HubSpot & Intuit (QuickBooks, TurboTax, etc.) Beyond SaaS, some of the other common “aaS” include backup (BaaS), desktop (DaaS), infrastructure (IaaS), platform (PaaS), and unified communications (UCaaS).

The benefits of “aaS” are many including lower cost, speed of deployment, seamless upgrades, no infrastructure required and its accessibility from multiple devices (tablets, laptops, smartphones, etc.).

Next up: What is a malware and virus?

Click here for our previous post, “What is Mobile Device Management?”

What is Mobile Device Management?

By | Uncategorized

Mobile Device Management, or MDM for short, is a software product or service designed to simplify and enhance the management of mobile devices. In this post we’ll dig deeper into the devices, the management capabilities, and benefits of MDM and things you should consider when evaluating options.

Then we hear the term “mobile” it’s natural we think of our iPhone or Samsung. However, in the context of MDM, a mobile device is a general term for any type of handheld computer. In addition to smartphones, this designation includes: laptops, tablets, 2-in-1s, wearables, and notebook computers. These devices are collectively referred to as endpoints with names like MacBook, iPad, iPhone, Samsung Galaxy, Galaxy Tab, ThinkPad, Chromebook, Surface, Miix, iWatch, Galaxy Watch, and others. Some MDM solutions are designed for industry specific devices such as point of sale (POS), printers, and barcode scanners. Under MDM, these devices are managed by software installed on the device itself which is referred to as the client component. This software receives and executes commands which are sent by the server component acting as a centralized dashboard or portal.

MDM solutions allow company IT Administrator’s the ability to configure, control, secure and enforce policies on mobile devices without hassle and complexity. Considering security is a hot topic these days, let’s focus on a few of the security benefits of MDM. Do you or anyone you know read company emails from a mobile device? How about viewing company files from a mobile device? If you answered yes to either question, how do you know your company data is secure? What could happen if the device fell into the wrong hands? What if the device didn’t require a pin? Some of the security aspects of MDM include password enforcement, remote lock and remote wipe. Password enforcement gives you piece of mind to know the device has some security measures in place and if lost the device can be locked and even wiped clean remotely. These are just a few of the many features and benefits of MDM, others include: device setup, compliance, policy acceptance, tracking, application catalogue, mitigate roaming, policy enforcement, corporate wipe, and inventory.

There are many MDM solutions available and surprise, they don’t all include the same features. Here are a few important things to consider when evaluating MDM solutions: That it supports your devices both the operating systems and versions. The features most important to you and your business are part of the solution. Pricing; is it per device or per user and is there additional cost for support, maintenance and updates? Do they offer a trial period.

Next up: What is XaaS?

Click here for our previous post, “What is a pen test?”

What is a pen test?

By | Blog

A pen test, short for penetration testing, is a simulated cyber-attack on a company’s network performed to identify any potential vulnerabilities and exploit them. It is performed manually by a highly skilled security professional using various tools, techniques and processes to simulate the extent of what could happen under a real attack.

To explain it differently, think about checking if your house front door is locked. If it isn’t, you enter and rummage around seeing what you can take and the extent of damage you can cause. In finding the front door unlocked you have identified a vulnerability and by entering to find personal assets and sensitive information you have exploited it. This is in essence what a pen test performs except obviously the front door is the access to your company’s network and at risk is your data and customer information.

Why have a pen test performed?

Most company networks are designed, built, and maintained by employees that have little to no professional experience in security. Having a pen test performed provides you with a report highlighting points of weakness, the extent of damage that could be caused and a roadmap for security remediation. This resulting report can give you the opportunity to address any issues before they have been exploited by a criminal and peace of mind knowing your “front door” is secure.

Beyond peace of mind, if your business is required to comply with standards, for example HIPAA for healthcare or PCI-DSS for credit card processing, you may have a requirement for a risk analysis to be conducted periodically. A great way to perform this risk analysis is through a combination of a vulnerability scan and pen testing.

Things to consider

  • Pen testing is best conducted by a third-party vendor rather than your internal staff to provide an objective review of the network environment and avoid any conflicts of interest.
  • Pen testing is costly compared to a vulnerability scan for a few reasons. One main factor is a vulnerability scan is automated while a pen test is performed manually by an experienced security professional.
  • To keep cost down, don’t spending a lot of money on low-risk assets that may take several days to exploit.
  • Unlike a vulnerability scan, it is recommended that a pen test be performed once or twice a year.

Next up: What is Mobile Device Management (MDM)

Click here for our previous post, “What is a vulnerability scan”

Here are some items you should discuss when talking about performing a pen test. No need to read further unless you are seriously considering taking

  • What computer assets are in scope for the test?
  • Does it include all computers, just a certain application or service, certain OS platforms, or mobile devices and cloud services?
  • Does the scope include just a certain type of computer asset, such as web servers, SQL servers, all computers at a host OS level, and are network devices included?
  • Can the pen testing include automated vulnerability scanning?
  • Is social engineering allowed, and if so, what methods?
  • What dates will pen testing be allowed on?
  • Are there any days or hours when penetration testing should not be tried (to avoid any unintentional outages or service interruptions)?
  • Should testers try their best to avoid causing service interruptions or is causing any sort of problem a real attacker can do, including service interruptions, a crucial part of the test?
  • Will the penetration testing be blackbox (meaning the pen tester has little to no internal details of the involved systems or applications) or whitebox (meaning they have internal knowledge of the attacked systems, possibly up and involving relevant source code)?
  • Will computer security defenders be told about the pen test or will part of the test be to see if the defenders notice?
  • Should the professional attackers try to break-in without being detected by the defenders or should they use normal methods that real intruders might use to see if it sets off existing detection and prevention defenses?

DOES YOUR COMPANY HAVE A BACKUP PLAN?

By | News
Does your company have a backup plan to keep operations from falling apart in an emergency?
A business emergency is one of those things you never want to think about – until you have to. Weather emergencies. Natural disasters. The loss of a revenue stream.
A healthy fear is a strong motivator for many business owners to take action and protect both their businesses and their team.https://elbo.in/NEze