Cyber Security Awareness Month
Written by Leonard Navarro

National Cyber Security Awareness Month, Our Shared Responsibility

This year’s National Cyber Security Awareness Month highlights practical themes and procedures for businesses and consumers across the globe. According to the FTC, in 2016 13% of the complaints they received were identity theft-related, surpassed only by debt collection and imposter scams.

The 14th annual information sharing initiative has grown to include over a thousand “Champions” which pledge to promote a safer, more secure and more trusted internet. As a NCSAM Champion, Oxford Solutions honors our pledge by bringing to light this week’s simple, but practical tips for consumers to avoid becoming another statistic:

  • Lock Down Your Login: From our vantage point, we have seen time and time again usernames and passwords fail to protect key accounts like email, banking, and social media. Compromised accounts cause reputational harm and embarrassment and put others at risk through the spread of malware and viruses. Strengthen online accounts and use strong authentication tools – like biometrics, security keys or a unique, one-time code through an app on your mobile device – whenever offered. If you are using cloud-based email services such as Office 365, you should enable multifactor authentication for access from the web.
  • Back it Up: Protect your valuable work, music, photos and other digital information by making an electronic copy and storing it safely. If you have a copy of your data and your device falls victim to ransomware or other cyber threats, you will be able to restore the data from a backup. A small investment in a portable hard drive will save you headache and grief down the road.  It is a worthwhile investment.
  • Personal Information is like Money. Value it. Protect it: In an age where we are all accustomed to obtaining merchandise at the click of a button, information about you, such as purchase history or location, has value – just like money. Be thoughtful about who gets that information and how it is collected by apps, websites and all connected devices. Always review what level of access websites and applications are requesting to your email accounts and data. If they request full access, you may want to rethink using that website or application.
  • Keep a clean machine: Keep all software on internet-connected devices, including personal computers, smartphone and tablets current with the latest software updates and patches to reduce the risk of infection from ransomware and malware. Many companies fell victim to the global ransomware infections (WannaCry, Petya, NotPetya, etc) because they didn’t update their Microsoft Operating System for months.
  • Own your online presence: Take ten minutes every so often to review your privacy and security settings on websites and social media platforms to make sure that you are comfortable with your level of information sharing. It is perfectly acceptable to limit how and with whom you and your family share information. Many sites update their terms of service and change their security settings.  When this happens, it is important to review and make changes to your security settings.
  • When in doubt, throw it out: Links in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If a digital asset looks suspicious, even if you think you know the source, it’s best to delete or, if appropriate, mark it as junk.

Lastly, be you a Consumer, Executive or a Security Expert like professionals on the Oxford team, remember to always consider the potential effect of the data and information you are keeping and storing online. In 2017 and onward, this is our shared responsibility.

0
Written by Troy Wachter

CEO Letter, Recent Equifax Cybersecurity Incident

Friends and colleagues,

As you are undoubtedly aware by now, a major credit reporting agency disclosed yesterday that cyber criminals gained unauthorized access to the personal information of over 140 million US consumers. You may be asking yourself, “What should I do to protect my family and I in the wake of this breach?” I’ve laid out a few of my thoughts on this as well as how you can ensure your business takes steps to prevent a similar incident from happening.

Determine if your information was part of the disclosure. Equifax has stood up an official website where you can check if your information was accessed by these cyber criminals: https://www.equifaxsecurity2017.com/. I encourage everyone to check to see if you are on the list. If you are on the list, you should consider temporarily freezing your lines of credit. To quote my friend Dan Guido, “Consumers should deal with this inconvenience and freeze their credit; It’s significantly safer than credit monitoring.”  Here is an article that discusses credit freezing and thawing: http://clark.com/personal-finance-credit/credit-freeze-and-thaw-guide/

Be wary of fake or scams following this announcement. There will undoubtedly be attempts by thieves to use this opportunity to trick you into providing them with your information. Use only the tools provided by the official Equifax website.

Take advantage of the Equifax offerings. If you are not on the list, don’t assume your information is safe. Equifax is offering a number of free services to every US consumer, including identity theft protection and credit monitoring. I encourage you and your families to review the Equifax public announcement and consider this offer via their official website: https://www.equifaxsecurity2017.com/.  On top of the screen, click “Potential Impact.”  Be sure to read the fine print as you may be giving up your rights to participate in arbitration or future class action lawsuits.

Take an aggressive stance on data security to prevent your business from a similar incident. It is critical that we remain proactive together to harden our companies against this growing threat from cyber-attack. Oxford Solutions recommends aligning your business to an internationally recognized security framework such as the NIST Cybersecurity Framework, ISO 27001, or others in order to become a harder target for cyber criminals.

As always, please do not hesitate to contact me if you would like to discuss how we can partner together to help enhance your business’s security posture.

Thank you,

Aidan Kehoe
Co Founder & CEO
Oxford Solutions
www.oxfordsolutions.com

0
Written by Troy Wachter

National Cyber Security Awareness Month – Protecting Your Mobile Device

October is National Cyber Security Awareness Month and Oxford Solutions is excited to provide some basic cybersecurity tips that are designed to increase awareness in cybersecurity and help people protect themselves from becoming a victim of cybercrime.  This tip is focused on protecting your mobile devices from rogue WiFi access points.

Did you know that connecting your mobile device to public WiFi hotspots that don’t prompt for a password can leave your device open to attack?  Hackers are aware and can easily trick your phone or tablet into connecting to a network which they control.  They exploit an ease-of-access design vulnerability.  Mobile device manufacturers (Apple, Android, Samsung, etc) design their products in a way that they automatically connect to WiFi networks which they have joined to in the past.  While this is very convenient for you, it is dangerous if not properly managed.

Let’s look at an example:  Starbucks encourages their customers to stay longer in their restaurant by providing places to sit and get free access to the Internet.  Almost all Starbucks locations use the same WiFi network name: attwifi.  There is no password to access the network.  After you leave Starbucks, your mobile device will continually look for the “attwifi” network.  If there is another “attwifi” network within range of device, it will automatically join to that network if it is not already joined to another WiFi network.  Hackers know this and are known to setup rogue WiFi hotspots with commonly used WiFi network names, such as “attwifi.”  If your mobile device comes within range of their rogue WiFi access point, your device will join to their network and they may begin to scan and possible break into your device!  This can be a common practice in densely populated areas.

The best way to prevent this is to go into your mobile device settings and force it to “Forget” the WiFi network when you are finished using it.  This will prevent your device from unwittingly becoming the target of opportunity for a hacker looking to make a quick payday from your information. You can do this by going into your WiFi settings while still connected to the WiFi network and then selecting more options, then clicking “Forget Network.”

 

Scott Croskey

0
Written by Troy Wachter

How to Handle Ransomware

THREAT OVERVIEW:

The Zepto family of ransomware is a relatively new variant similar to the Locky malware family. It attacks a company or individual by encrypting files and then offering the key to decrypt those files after a ransom is paid to the attacker. Because Zepto is relatively new (first being reported on in late June 2015), there are not many signatures available to detect this threat as of late July 2016.  The initial threat vector is typically via email.  An unsuspecting user will receive the malware and are tricked into opening the infected file.  Once the victim is infected, the malware has two primary objectives:  1) Further replication through email, and 2) Scan and encrypt any file that is accessible to the victim machine.  It is important that IT staff quickly contain a ransomware infection as it has the capability to spread quickly throughout the network and cause significant issues with business productivity.

 

GENERAL RECOMMENDATIONS:

Oxford recommends that you phase your incident response approach into three main areas of effort to combat the ransomware infection:

1) Containment. In order to contain the infection, IT staff must concentrate on stopping the malware from spreading.  This involves placing rules on a mail server to ensure any indicators of compromise from the initial infection are locked down (E.G. Do not allow emails to be sent from the mail server with a Subject line matching or similar to the subject of the initial infection. Do not allow emails to be sent from the mail server that contain file attachments of the same type seen in the initial infection).  If the mail server is found to be infected, it may require being taken offline to ensure the malware no longer propagates itself through the network to other victims.   Containing the infection also involves the quick removal of any infected host found on the network.  Most ransomware attacks uses the victim’s computer to initiate scans of the network for available files and then conduct encryption techniques on any vulnerable files that are found.

2) Eradication. Once the infection is contained and no longer found to be spreading, IT staff should look to eradicate the malware from the network.  Re-imaging of infected machines is typically the quickest way to restore the system to a known good configuration.  Servers found to have been infected may require additional care since a full restoral can be costly and time consuming.  It is recommended that IT staffs research the variant of ransomware they were infected with and look for recommendations to restore servers without completely wiping them.  Finally, IT staff should look to remove any encrypted files from network shares.

3) Restoral. Once all infected systems are removed and all traces of the malware and/or encrypted files are removed, IT staff may bring the systems back online and restore files from the latest backup.

Written by Scott Croskey

0
Written by Aidan Kehoe

Q&A HOW DO YOU KNOW IF/WHEN YOU ARE HACKED?

Most companies don’t know!

As the world becomes more desensitized to hear- ing about cyber attacks happening, and breaches become as common as yellow cabs in New York City, corporations large and small are going to face into some major challenges that will seem almost insurmountable if your a CISO or a board member tasked with corporate governance today.

0
Written by Dr. Richard White

Q&A THE U.S. OFFICE OF PERSONNEL MANAGEMENT BREACH

We definitely have concerns regarding the nearly 22 million individuals compromised by the OPM hack. One of our chief concerns are the Oxford employees that currently hold high-level security clearances; of which all begin with the SF-86 form now archived within OPM.

0

ARE YOU PREPARED? ARE YOU PROTECTED?

Let Oxford Solutions help you stay informed, protected and ahead of the threats.