Security First IT: The Right Cybersecurity Strengthens Your Business
Since 2015, nearly a third of US-based companies believed they have been attacked by an Advanced Persistent Threat (APT). This number continues to grow yearly.
With evolving technologies, offices within all industries have begun to become paperless – storing all relevant data remotely in the “cloud.” While there are many positives to this, business data becomes an attractive target. It is no longer only large corporations and national governments that are at risk of theft – medium and small-sized businesses can find themselves at the end of an attack as well. Reasons for these attacks vary, including the sale of private information, corporate espionage, and even malicious reasons such as bringing down entire healthcare systems.
What Advanced Cyber Theft Looks Like
- Attacks are often designed to exploit weak points with a system, including carelessly built network openings, unsecured user accounts, out-of-date software drivers, and more.
- They avoid detection and collect information within a network for weeks, months, or even years.
- APTs establish multiple points of entry through the home server in case one of them is discovered.
- They can fight code with known characteristics including antivirus software, spam filters, and other common security tools.
- Think of APTs as evolving lifeforms – many common antivirus software, spam filter, and security platforms will not recognize them, making it easy for the infection to slide by undetected.
First Warning Signs of APT Malware
APT attacks do not follow any general procedure; however, they generally operate in the order of:
- User account activity is irregular
- Backdoor Trojans are evident
- Database activity increases involving large amounts of data
- Files of bundled information are being prepared for exit
APT attacks frequently involve files and entire systems being corrupted to the point of destruction after all relevant files have been extracted, to cover the attacker’s tracks.
Securing Network Architecture from Inside Your Business
Security First IT’s first order of business with new clients is to configure and enable:
- Virtual Private Network (VPN)
- Virtual Local Area Networks (VLANs)
- Managed Service Provider (MSP) connections
First, they are grouped according to system function or user workgroup. After this, firewalls are placed at network boundaries to capture in and outgoing traffic. Host server firewalls are then equipped and configured to restrict communication between workspace computers, preventing malware and viruses from moving freely.
Connections between networks and servers are logged, centrally managed, and routinely reviewed. Any hacked VPNs or VLANs are isolated within the Security Operations Center to avoid any further damage. Security First IT documents and reports all hacking activity in a client’s environment.
Want to join in the conversation? Talk with us on social media!
Hashtags: #smallbusiness #smallbusinesssecurity #businessmistake #workfromhome #workingfromhome #internetsecurity
Backup, Restoration, and Reporting
Security First IT utilizes a Security Information and Event Management (SIEM) application. This application develops a map of network analytics to identify patterns of “normal” behavior within a system. Any changes in network traffic will be flagged as unusual activity.
Part of this map includes:
- Limiting script activity and scanning scripts for malicious activity including credential theft and spearfishing.
- Cataloging of all executed commands – allowing for combing through and finding security anomalies.
- Maintaining connections with third-party applications to ensure that inbound and outbound traffic is properly regulated.
On top of this, all network systems and devices are checked to ensure logging features have been enabled. These logs are stored both locally and in the “cloud” in case of a network failure.
Many businesses find it worrisome to hand a company detailed records of computer traffic – however, real-time detection tools are specifically designed to recognize the first warning signs of malware, unlike antivirus software, which is designed to locate scripts and files. With detailed reporting, techs can quickly identify and attacker, remove or isolate the threat, secure the entry and exit points, and lock down the network.
Authentication and Authorization for User Accounts
Account credentials continue to be the number one-way hackers can enter a network environment. It is important business owners use best practices to manage passwords and permissions. This limits a cybercriminal’s ability to access and move across a network.
User Account Best Practices Include
- Setting expiration dates when accounts are created or renewed.
- Maintaining separation between high-level accounts and lower levels of networks.
- Ensuring user accounts are unreachable by local networks and workstations.
Should a breach occur, an immediate breach notification process begins, followed by the use of a detailed incident response plan. The breach notification process alerts the chain of command specified beforehand, enabling a response to launch quickly – executed by employees trained to react to security threats.
Security First IT, based in Charlotte, NC, services clients in both North and South Carolina locally, but also provides national service on a case-by-case basis. We specialize in high-risk industries such as medical providers requiring HIPAA compliant IT and signed business associate agreements (BAA). We provide server security and IT support for the financial and legal sectors as well. With both Linux and Windows server engineers, we maintain your business’ continuity by providing the latest in cybersecurity.
[i] PRWeb, 2016. Galois Awarded $6 Million DARPA Contract To Address Advanced Persistent Threats (APTs) in Systems and Networks, https://www.benzinga.com/pressreleases/16/07/p8226930/galois-awarded-6-million-darpa-contract-to-address-advanced-persistent-
[ii] Advanced Persistent Threats: A Symantec Perspective, Whitepaper, 2009. https://www.symantec.com/content/en/us/enterprise/white_papers/b-advanced_persistent_threats_WP_21215957.en-us.pdf