Watch Quisitive Director of Security and Compliance Solutions and Security Office Leader Ed Higgins, along with the CTO of Critical Start Randy Watkins, as they discuss 5 priorities for security teams to reduce risk.
In this on-demand webinar, we'll cover:
- Framework Alignment: Achieving seamless alignment with industry-standard security frameworks is essential to fortify your organization's security posture. Yet, it can be an intricate puzzle that demands your attention.
- Simplifying Security Architecture: Complexity can be your worst enemy in the quest for an efficient, adaptive, and effective security infrastructure. Simplification is the key to unlocking its true potential.
- Endpoint Security: With the rapid rise of remote work and a sprawling network of endpoints, securing each device is paramount. Endpoint security is now your front line of defense.
- Vulnerability Management: In a landscape where threats continuously evolve, identifying, prioritizing, and mitigating vulnerabilities is a perpetual endeavor. The success of your strategy hinges on how adeptly you manage this process.
- 24x7 Monitoring Capabilities: The realm of cyber threats knows no downtime. Establishing vigilant 24x7 monitoring capabilities is no longer a luxury but an imperative for early threat detection and rapid response.
In today’s digital landscape, where cyber threats loom larger than ever before, cyberattack prevention is more important than ever. Safeguarding your business from potential data breaches, cyberattacks, and security incidents is paramount. As the guardians of your company’s technological infrastructure, you hold the responsibility of protecting sensitive information, ensuring operational continuity, and maintaining customer trust. That’s where Managed Detection and Response (MDR) services step in as your ultimate game-changer.
In this blog post, we’ll explore the undeniable benefits that MDR services bring to your organization, empowering you to make informed decisions that can transform your cybersecurity posture, aid in cyberattack prevention, and ultimately enhance your business outcomes.
1. Proactive Threat Detection and Rapid Response:
Cybersecurity is constantly evolving. MDR utilizes a mixture of automation and analysts to implement an around-the-clock proactive approach to cyberattack prevention. This is accomplished through monitoring your network, endpoints, and cloud infrastructure for any signs of suspicious activity or potential threats.
An example of this proactive approach to security is an immediate notification for when a document is shared with sensitive information, even if that file is stale. Once the automated system detects this bad behavior, it sends the alert to an analyst to resolve the matter before any harm has occurred. By employing these advanced technologies and leveraging threat intelligence, MDR teams can quickly identify and mitigate emerging threats, ensuring that any security incidents are swiftly contained and neutralized before they cause extensive damage.
2. Around-the-Clock Security Operations:
When clients would ask if we could monitor them around the clock, the answer was always “No”, until now. We can now offer security operation centers that are fully staffed 24/7 every day, even holidays, in the US.
This approach allows us to always have an expert analyst in the chair promptly responding to alerts and threats around the clock. Your information assets are continually monitored for any sign of bad behavior. This means you can rest easy, knowing that there’s always a team of experts diligently watching over your systems and responding promptly to any security events.
3. Access to Cutting-Edge Technologies and Expertise:
Managing cybersecurity internally can be a daunting task, requiring significant investments in infrastructure, tools, and talent. This is what makes our partnership with Critical Start so powerful. Critical Start is a known leader in the area of advanced security operations since 2015, and an integral Microsoft partner, allowing these security protocols to work seamlessly with your existing software infrastructure.
MDR implements, optimizes, and helps customers get more out of Microsoft investments like: Microsoft 365 E5, Azure Purview, Azure Sentinel, Microsoft Security Center. Essentially, adding a module of capability to the existing programs. This synergy of leading software companies and cutting-edge platforms allows advanced threat detection capabilities, threat hunting techniques, incident response best practices, and cyberattack prevention, all without the burden of building and maintaining an in-house security operation.
4. Improved Incident Response and Remediation:
When a security incident occurs, time is of the essence. That’s why we have a service-level agreement of 1 hour time-to-detection and within 1-hour resolutions. This means that regardless of the time it is received, every alert will get an expert’s attention within 1 hour, and, your digital assets will always receive rapid response to incidents.
On top of this, our clients have full visibility of every alert and activity. Providing a comprehensive view of your company’s security threats. You will always stay in the loop about your company’s security, and we will always respond to any cyber threats without delay. These protocols minimize the impact on your business operations and reduce downtime.
5. Enhanced Compliance and Regulatory Adherence:
In an era of increasingly stringent data protection regulations, compliance is no longer a choice—it’s a necessity for cyberattack prevention–MDR services can play a pivotal role in helping your organization achieve and maintain compliance with industry-specific regulations such as GDPR, HIPAA, PCI DSS, and more. By aligning their processes with regulatory requirements and offering valuable insights and documentation, MDR providers can assist you in demonstrating your commitment to data security and regulatory adherence.
6. Risk Reduction and Business Continuity:
A successful cyberattack can lead to severe financial losses, reputational damage, and operational disruptions. MDR services offer a proactive defense strategy that significantly reduces your risk profile and aids in cyberattack prevention. By quickly identifying vulnerabilities, implementing preventive measures, and fortifying your security defenses, MDR providers enable you to safeguard your business continuity, protect your critical assets, and ensure uninterrupted service delivery to your customers.
Protect Your Business with Spyglass MDR
With Spyglass MDR we implement, fix, improve, and offer 24/7 monitoring. This is a total solution. Additionally, we can have a client receiving full 24x7x365 monitoring in 7-14 days. Embracing MDR services empowers your business to stay one step ahead of malicious actors, ensuring that your digital infrastructure remains secure, your operations run smoothly, and your customers trust you with their sensitive information. So, make the strategic decision today and unlock the power of MDR services to elevate your cybersecurity posture and achieve greater business success.
Remember, cybersecurity and cyberattack prevention is not just an IT concern; it’s a fundamental business imperative.
Stay secure and vigilant by contacting our security experts today about Spyglass-MDR.
Happy October and Happy Halloween! Since October is Cybersecurity Awareness Month, I made a personal commitment at the beginning of the month to post at least one tweet per day on the topic of security tips, awareness, and/or guidance. I had some fun with this, waking up every morning and thinking, “What helpful thing could I offer today?”
I hope that these little bits of security awareness tips and guidance can help colleagues, friends, customers, and casual passers-by. As you’ll soon see these tips span across the main tenets of information security including Identity, Data, Device, Application, and Access.
Let’s jump into our cybersecurity awareness tips!
#1: Use Passphrases instead of passwords
A passphrase is the same as a password, but harder to crack, while easy to remember!
“Apitsaap,bhtc,wetr”! <— Here’s one made from the sentence above!
#2: Multi-Factor Authentication
Does your company use multi-factor authentication (MFA) to protect user accounts? You should!
Microsoft says 99.9% of account-compromise incidents they have dealt with could have been blocked by using an MFA. It works!
#3: Don’t reuse passwords
Do you reuse the same password for all of your accounts? Don’t do that!
#4: Consider password-less authentication
Did you know that “password-less authentication” greatly improves user-experience, security, and eliminates password threats. Password theft isn’t possible with password-less authentication because they would no longer be part of the equation.
#5: Don’t forget to look at where your email is coming from.
When reading/responding to email, slow down! Check sender’s email address, any links in the body, (hover over them to see reality) before opening any attachments. Even then, if an email looks strange (especially from a coworker or boss) then call them!
#6: Use PIM and MFA to protect privileged user accounts
Protect privileged user accounts by implementing PIM (privileged identity management) & MFA (multi-factor authentication) for all admin accounts. It takes the rug out from under lateral movement attacks & it’s good practice. Ask us how!
#7: Avoid public USB charging stations
Be careful when charging your phone and devices on public USB charging stations because your data can easily be exploited. It’s called juice jacking. Get a USB data blocker to isolate your data from the charging station.
#8: Use RFID Blocking Sleeves on your cards
Always keep your credit cards stored in RFID Blocking Sleeves or a wallet with protection built in. Bad guys can steal your identity and money just by walking beside you. It’s called RFID skimming. Sleeves and RFID wallets prevent this.
#9: Keep your devices up to date
Keep your devices updated to the latest patch levels. You can set auto updates for your personal devices. Your work may have a different process. The more vulnerabilities you have, the bigger the target you become.
#11: Zero Trust
Did you know that password-less authentication, device management, removal of legacy protocols, and risk-based conditional access rules all interact seamlessly to improve user experience, strengthen security posture, and apply Zero Trust principals?
#12: Be weary of unprompted calls from the bank
Picture this: The bank calls and asks you to confirm the 6-digit code in the text message your phone just received. But you didn’t do anything that would have triggered the bank to send the code.
When you receive a call like this, hang up and reset your password immediately. That caller? A bad actor, NOT the bank. Your account was compromised, and the bank’s MFA saved you! #Security
#13: The cloud is more secure than a traditional data center
Your users, data, apps, and IT infra are more secure in a properly configured cloud, like Microsoft 365, Azure, or Dynamics 365, rather than your data center. We can help you envision it, see it, biz-justify it, and execute!
#14: Read closely and stay alert!
Sometimes, lessons are learned from our failures. I clicked! I was caught by a simulated phishing test my company ran. Even us pros fail! The message: link to an internal SharePoint site – something I see routinely. Be sure to read messages and sender addresses closely for signs of malintent.
Learn to spot phishing emails: Subtle things like a misspelled domain in the sender’s address or link, poor grammar in the body, and aggressive wording to get you to click. The better you spot phishing, the less you’ll fall for it.
#15: You don’t have to answer to anyone you don’t know
Be aware both in and out of work regarding conversations by email, phone, or in-person where you’re asked for detail outside of your area of responsibility. Remember, you DON’T HAVE to answer to anyone you don’t know.
#16: Make sure you’re properly managing your client’s sensitive data
Did you know an email or file with credit card details, spreadsheets with clients’ credit cards, or equivalent information sitting unprotected on your systems violates PCI-DSS? You can be banned from taking credit cards as a form of payment to your business.
#17: Be careful with the information you share online.
If you’re a C-level exec who’s traveling, going on vacation, or attending a special VIP event, try not to tweet about it so much! Bad guys use this intel to conduct fraud, fake wire transfers, and impersonation attacks against your company.
#18: We’re all part of the solution! Learn how you can help protect yourself and your company.
I suggest you view this very insightful short video entitled, “Can you recognize the 7 stages of a cyberattack?”
We are all part of the cybersecurity solution! Watch here: http://ow.ly/pYrq50LbOz1
#19: Do your research when choosing a VPN
Using VPN is good, except when it’s hosted by the bad guys!!! It can reveal everything you’ve got.
Be careful when choosing a personal VPN (free could be costly). Best to use only VPN services offered or approved by your company.
#20: Leave stray USB sticks where you find them!
Find a USB thumb drive on the ground in your workplace parking lot? Don’t plug it into your PC!
Sure, you’re curious to see what’s on it. Exactly what the bad guys want. Plug it in, and presto! The bad guy is in! Like a teleporter for malware.
#21: There are ethical hackers out there that can test your corporate environment
Around 40% of ethical hackers (good guys), says SANS Institute, can break into most environments they test, if not all. Nearly 60% said they need less than 5 hours to break into any corporate environment once they find a weakness.
#22: Know where to find news on data breaches in healthcare
If you’re in healthcare, listen up… Did you know that a breach of unsecured protected health information (PHI) of 500 or more individuals, requires you to report to US HHS and get on the “wall of shame”?
Check it out here: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
Also, with curiosity to see the patterns, I quickly created a PowerBI report to visualize the entire historical record of HHS reported breaches of all types from 2009 through 2022. Yikes!
#23: Microsoft Sentinel
Great seeing the results of Microsoft’s dedication, rigor, investment, veracity, and excellence in cybersecurity payoff. Look where Microsoft Sentinel landed on Gartner’s SIEM magic quadrant.
#24: Don’t give out your password or pin – even if it looks like your bank is asking!
Neither your bank nor your IT department should ever ask for your password or PIN. These are “something you know”, meaning only you. Be concerned, and don’t give in, if anyone ever asks for your password or PIN.
#25: Microsoft Purview Information Protection
Did you know that with Microsoft Purview Information Protection, you can automatically tag (classify) and protect (e.g. restrict exfil, encrypt at rest, restrict display, etc.) any sensitive data in your enterprise?
#26: Be aware of non-technical security
Incident Response is more than just technology solutions. That’s one part.
Other parts include non-technical things: who’s your team, who does PR, when to bring in your legal team, do you practice, etc? Ask us!
#27: Use an Incident Response Framework
Here’s a good overview of the two most common Incident Response frameworks, NIST and SANS Institute. We help clients choose a framework that fits best, then implement, test, and learn. Check it out here: 2021 Incident Response Steps for NIST and SANS Framework | AT&T Cybersecurity (att.com)
#28: Check to see if you’ve been subjected to a data breach
Data breaches happen, sadly, much too often. Ever wonder if your email address (commonly User ID) or phone were among the breached data? Well, check this tool out: HaveIBeenPwned.com
This great website helps us all stay alert!
#29: Encrypt your WiFi
Work at home? You may think encrypting your home Wi-Fi is unnecessary. You’ve got nothing to hide, right? Think again! Your home Wi-Fi can be a “bad-guy pipeline” to your work via your home PC. Encrypt your Wi-Fi with WPA-2.
#30: Cybersecurity awareness training
Does your company do cybersecurity awareness training? Does it periodically phish test to see who reports or who clicks? It should! We do at Quisitive. We learn and develop muscle memory to spot these better and faster. Ask us!
#31: Make sure you trust the apps you’re downloading to your phone
Be leery about installing any apps on your smartphone that come from random websites, email, or Facebook ads. Bad actors often bury data-stealing malware inside benign-looking utility apps. Be careful!
Bonus: Keep personal information safe
If you must store sensitive personal information (PII, PHI, PCI), then properly protect it: classify, encrypt, limit access, and properly dispose of it when it’s no longer needed.
Bonus: Learn to spot phishing attempts
Worth repeating since 90% of all data breaches have a phishing component. Learn to spot phishing: misspelled domain in sender’s address or link, poor grammar, aggressive wording. Get good at it!
Cybersecurity awareness is incredibly important.
If you need assistance with your business’ security strategy, Quisitive can help. Explore our Security and Compliance services.
Until next time,
As COVID dramatically shifted how people work over the last long year, many businesses have accelerated their adoption of cloud services to support collaboration and productivity from virtually anywhere, but namely from home.
Over the past year, our Spyglass Security & Compliance team has witnessed explosive increases in the adoption of applications such as Microsoft Teams, Zoom, Hangouts, and many other apps. Of key interest for this post, is the “other apps” mention. How our workforce personnel access company resources warrants even more focus for businesses, and here’s why. While legitimate application use (e.g., Teams, Zoom, Hangouts) has accelerated and enabled employees to be productive remotely and remain connected to co-workers despite work from home mandates, attackers have focused on application-based attacks to gain unauthorized access to your data. This is where the “other apps” need to be scrutinized carefully, as some could be malicious.
While much of our workforce personnel are familiar with attacks focused on users, such as email phishing or credential compromise, application-based attacks such as consent phishing is another threat vector to be aware of. Today we wanted to share one of the ways application-based attacks can target the valuable data your organization cares about, and what you can do today to stay safe. Our Spyglass services team works with our clients to help continually improve security posture while enabling more collaboration (securely). Functionally, we provide assistance to identify threats such as consent-phishing among many and implement protections for them, in order to reduce the risks of such attacks.
However, when we meet many new clients through our award-winning M365 Security Assessment, we consistently identify malicious apps interacting with client Office 365 environments due to poorly configured (or unconfigured) security protections and also due to successful attacks involving consent-phishing attacks carried out on victim users. Below is an illustration of one such (and common) consent-phishing attack. Notice that an application named Email from a publisher name Test, was consented by a user and is actively interacting via OAuth with Office 365 targeting contacts, data, and other potentially sensitive information.
Consent phishing: An application-based threat to keep an eye on
Developers create apps that integrate user and organizational data from cloud platforms to enhance and personalize their experiences. Cloud platforms are rich in data but in turn have attracted malicious actors seeking to gain unwarranted access to this data. One such attack is consent phishing, where attackers trick users into granting a malicious app access to sensitive data or other resources. Instead of trying to steal the user’s password, an attacker is seeking permission for an attacker-controlled app to access valuable data.
- An attacker registers an app with an OAuth 2.0 provider, such as Azure Active Directory.
- The app is configured in a way that makes it seem trustworthy, like using the name of a popular product used in the same ecosystem.
- The attacker gets a link in front of users, which may be done through conventional email-based phishing, by compromising a non-malicious website, or other techniques.
- The user clicks the link and is shown an authentic consent prompt asking them to grant the malicious app permissions to data.
- If a user clicks accept, they will grant the app permissions to access sensitive data.
- The app gets an authorization code which it redeems for an access token, and potentially a refresh token.
- The access token is used to make API calls on behalf of the user.
If the user consents (or accepted the app’s requested access, then the attacker can gain access to their mail, forwarding rules, files, contacts, notes, profile and other sensitive data and resources.
Guidance to protect your organization
With Microsoft’s integrated security stack, we are able to identify and take measures to remediate malicious apps by disabling them and preventing users from accessing them. In some instances. Microsoft has also taken legal action to further protect its customers. While attackers will always persist, there are steps you can take to further protect your organization. Some best practices include the following:
Educate those in your organization on consent phishing tactics:
- Check for poor spelling and grammar. If an email message or the application’s consent screen has spelling and grammatical errors, it’s likely to be a suspicious application.
- Keep a watchful eye on app names and domain URLs. Attackers like to spoof app names that make it appear to come from legitimate applications or companies but drive you to consent to a malicious app. Make sure you recognize the app name and domain URL before consenting to an application.
- Check out Attack Simulator and Training or ask Quisitive to show you how it works or implement it for you
Promote and allow access to apps you trust:
- Promote the use of applications that have been publisher verified. Publisher verification helps admins and end-users understand the authenticity of application developers. Over 660 applications by 390 publishers have been verified thus far.
- Configure application consent policies by allowing users to only consent to specific applications you trust, such as application developed by your organization or from verified publishers.
Educate your organization on how our permissions and consent framework works:
- Understand the data and permissions an application is asking for and understand how permissions and consent works within Office 365.
- Ensure administrators know how to manage and evaluate consent requests.
- Audit apps and consented permissions regularly in your organization to ensure applications being used are accessing only the data they need and adhering to the principles of least privilege.
The increased use of cloud applications has demonstrated the need to improve application security. For additional best practices and safeguards review Microsoft’s Detect and Remediate Illicit Consent Grants in Office 365 and Five steps to securing your identity infrastructure which provide additional good guidance based on best-practices.
Hope this helps. Stay Safe.
Until next time,
The COVID-19 outbreak and the resulting lockdowns have an enormous impact on online security.
People are working from home en masse, but many companies are not well prepared to help employees work securely from their home office. In addition, a lot of people are not aware of how to avoid security risks on their own.
And it’s not just professional activities that we should be concerned about. In many countries, most stores outside of pharmacies and groceries are closed, which means that more people than ever are shopping online. This includes many people who have never shopped online before and who may be more vulnerable to security threats.
This sudden change in how we have to live and the big shift to digital activities causes enormous chaos — and chaos is something that cybercriminals love and will happily exploit.
In this blog, I list some of the online security risks that you should be wary of.
Security Risks Related to Remote Work
Working from home means that employees:
- Need to be able to access systems that are intended for internal use only
- Will heavily use video conferencing platforms
While some companies are experienced in securing the infrastructure and tools that are used to work from home, a lot aren’t. And if quick decisions have to be made, security is often forgotten.
Risk 1: Poorly Configured or Non-Updated Servers
In March 2020, we found there was:
- A 41.5% increase in devices exposing RDP via port 3389 to the Internet.
- A similar increase of 36.8% in devices exposing RDP to the Internet via port 3388.
- An increase of VPN servers from approximately 2.5 million to almost 10 million.
- A 16.4% growth in ICS protocols that don’t have any authentication or security measures.
The fact that servers are exposed via RDP and that more VPN servers are online doesn’t mean that they are all vulnerable. However, we know from the past that a lot of them will be poorly configured and not regularly updated, which gives criminals an easy entry point into organizations’ internal networks. It’s fair to conclude that the potential for attackers is now a lot higher than it was a month ago.
It’s not only limited to web and VPN servers. Security researcher Inti De Ceukelaire, found hundreds of internal service desks that were made publicly accessible due to COVID-19. Because they were misconfigured, an attacker would be able to easily gain access to internal company information.
Risk 2: Insecure Video Conferencing Tools
Another real risk is video conferencing tools that are heavily used at the moment. When video conferencing software has vulnerabilities or when meetings are not properly set up, unauthorized users have the opportunity to disturb the meetings — ZoomBombing for instance — or worse get ahold of users’ confidential data or company sensitive data.
Zoom, the popular video conferencing tool of the moment, has been covered extensively in the news lately due to security and privacy issues. If you’re still allowed to use Zoom and have not already made the switch to a platform like Microsoft Teams, make sure to follow these security and privacy tips from Kate O’Flaherty and EFF.
Risk 3: Photo or Video Sharing
A risk that companies often overlook is their employees sharing pictures or videos that might leak sensitive data that can lead to security incidents or even data breaches for the company. This risk certainly increases now, when people are heavily sharing pictures of their home workplaces.
Risk 4: COVID-19 Related Phishing and Malware
As the COVID-19 virus rapidly spreads, so do malicious campaigns. Analysis by Trend Micro shows that almost two-thirds of all threats are malicious email. Malware accounts for almost 27% and malicious URLs and domains for 7.5%.
All these different forms of malice have one thing in common: They use COVID-19 as a means to lure people into installing malware or giving away personal or financial data (phishing) or transferring money to a criminal posing as a colleague (BEC scams).
Another kind of COVID-19 related malice is extortion emails. Criminals threaten to infect the family of potential victims with the coronavirus. They try to convince a potential victim that they have access to their computer and know everything about them. By showing one of the user’s passwords, they hope to make their claims more credible.
One example of these kinds of malicious activities is the recent cyber attacks on medical organizations. While several ransomware operators stated they would not attack medical organizations, the Maze ransomware group attacked a medical facility a few days later.
And a few weeks earlier a Czech COVID-19 testing center was hit by a cyber-attack.
In early April, Interpol published their findings of ransomware attacks against critical healthcare institutions. Their Cyber Threat Response team has detected a “significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.”
There are plenty of recent examples like this, and it’s certainly not only medical companies that have an increased risk of cyber-attacks. All companies have to deal with a very exceptional situation at the moment, which implies additional risk and chaos as they move to create a secure remote working experience for employees.
It’s terrible that in these difficult times online crime is impacting us more than ever before. That’s why it’s very important to apply a few security best practices so that you or someone in your organization doesn’t fall victim to these security threats. Stay safe!
In this post I want to show different types of tools to improve your privacy and security while browsing the internet. This is just a selection of tools that I think are good. There are many more tools and probably better ones, but the most important thing is that you get an idea of areas in which you can improve your security and privacy.
Which Browser Should You Use?
A recent study tested the following browsers on their security: Firefox 68, Chrome 76, Internet Explorer 11 and Microsoft Edge 44. Firefox came out as most secure. In another comparative study, Firefox was considered the best choice concerning security and privacy (albeit with a lot of privacy related modifications).
There are other browsers, like Brave, that offer more privacy out of the box. And other studies will probably give other results. There’s always a subjective factor to this kind of research. In the end, which browser you use is a personal choice, certainly because there are other important requirements like usability and acceptable performance.
What I want to make clear in this article is that whatever browser you use, if you use some particular extensions and tools you can considerably improve your online security and privacy.
Use A Privacy Friendly Search Engine
Almost 93% of people use Google to do online searches. But Google is probably the most privacy intrusive search engine that exists. I think people should take their privacy a bit more seriously.
Look for alternatives like DuckDuckGo and Startpage.com. I recommend you set one of them as your default search engine. You will not miss the targeted ads Google showed you.
Most websites serve a lot of ads. Sometimes these ads can even serve malware. It’s important to use a good ad blocker. Personally, I use Adblock Plus and uBlock Origin, but there are many other good ad blockers out there.
Other Content Blocking Plugins
uMatrix is a browser plugin available for Chrome and Firefox that gives you fine-grained control over which content is loaded on a particular website. The fact that you have so much control also means that you need to learn to work with this plugin.
A lot of websites use trackers on their web pages to collect information about your online habits and preferences. Privacy badger is a tool that can help you to stop invisible trackers. It starts blocking once it sees the same tracker on three different websites.
Another good tool for blocking trackers is DuckDuckGo Privacy essentials which is available as an add-on for Firefox or as a Chrome extension.
Enforce HTTPS On Websites
HTTPS Everywhere is an extension for Chrome, Firefox and Opera that ensures websites load over HTTPS. Here’s what EFF (Electronic Frontier Foundation) themselves say about it.
“Many sites on the web offer some limited support for encryption over HTTPS, but make it difficult to use. For instance, they may default to unencrypted HTTP, or fill encrypted pages with links that go back to the unencrypted site. The HTTPS Everywhere extension fixes these problems by using clever technology to rewrite requests to these sites to HTTPS.“
There are a lot of different tools available to enhance your password security.
- Have I Been Pwned
- Hack Notice
- Identity leak checker
- PassProtect, a browser plugin for Chrome
- Firefox Monitor
- Google Password Checkup. Recently also integrated in Google Password Manager
- Okta PassProtect
In the first place VPNs are tools to protect your privacy. They also help to enhance security. Which VPN provider you choose is a very personal choice.
I’m happy with ProtonVPN, but there are several good ones. Do some research, but always keep in mind that some studies might not be 100% objective.
2FA Notifier is a tool with plugins for Chrome and Firefox. After you have installed the plugin you get notified when a website provides two-factor authentication.
ToSDR stands for Terms of Service Didn’t Read. It’s a very handy service that summarizes the terms of service for many websites.
It also gives the websites a rating from very good Class A to very bad Class E.
DuckDuckGo combines several security and privacy enhancing features in its “Privacy essentials” plugin. We’ve already seen that it blocks trackers. But it also uses a feature very similar to HTTPS Everywhere.
It also uses the ToSDR service. And as you can see, Google doesn’t score very well.
Which tools you use is a highly personal choice. I hope this post gives you some guidance on how you can improve your online privacy and security. Experiment with these tools and look for others if you don’t like them. If you know other good security or privacy enhancing tools, let us know via comments.
That’s all for today. Tomorrow more security stuff, in the meantime stay safe online!
Cloud-based internet security is an outsourced solution for storing data. Instead of saving data onto local hard drives, users store data on Internet-connected servers. Data Centers manage these servers to keep the data safe and secure to access.
Enterprises turn to cloud storage solutions to solve a variety of problems. Small businesses use the cloud to cut costs. IT specialists turn to the cloud as the best way to store sensitive data.
Any time you access files stored remotely, you are accessing a cloud.
Email is a prime example. Most users don’t bother saving emails to their devices because those devices are connected to the Internet.
Cloud storage enables companies to store their data in third-party data centers through a cloud provider. Organizations are rapidly adopting the cloud, but there’s concern: is data safe in the cloud?
The issues regarding cloud security are somewhat complex, but they fall into two broad categories:
- Security issues faced by cloud providers (organizations providing software-, platform-, or infrastructure-as-a-service via the cloud)
- Security issues faced by their customers (companies or organizations who host applications or store data on the cloud)
There are concerns that cloud computing is inherently less secure than traditional approaches. The paranoia is due largely to the fact that the approach itself feels insecure, with your data stored on servers and systems you don’t own or control. However, cloud computing security offers a range of security options to make sure your data is encrypted and safely stored.
Cloud storage providers and enterprises share responsibility for cloud storage security. Cloud storage providers implement baseline protections for their platforms and the data they process, such authentication, access control, and encryption. From there, most enterprises supplement these protections with added security measures of their own to bolster cloud data protection and tighten access to sensitive information in the cloud.
Cloud storage risks:
Cloud security is tight, but it’s not infallible. Cybercriminals can get into those files, whether by guessing security questions or bypassing passwords.
But the bigger risk with cloud storage is privacy. Even if data isn’t stolen or published, it can still be viewed. Governments can legally request information stored in the cloud, and it’s up to the cloud services provider to deny access. Tens of thousands of requests for user data are sent to Google, Microsoft, and other businesses each year by government agencies. A large percentage of the time, these companies hand over at least some kind of data, even if it’s not the content in full.
Cloud security controls:
These controls are put in place to safeguard any weaknesses in the system and reduce the effect of an attack. While there are many types of controls behind a cloud security architecture, they can usually be found in one of the following categories.
These controls are intended to reduce attacks on a cloud system. Much like a warning sign on a fence or a property, deterrent controls typically reduce the threat level by informing potential attackers that there will be adverse consequences for them if they proceed. (Some consider them a subset of preventive controls.)
Preventive controls strengthen the system against incidents, generally by reducing if not actually eliminating vulnerabilities. Strong authentication of cloud users, for instance, makes it less likely that unauthorized users can access cloud systems, and more likely that cloud users are positively identified.
Detective controls are intended to detect and react appropriately to any incidents that occur. In the event of an attack, a detective control will signal the preventative or corrective controls to address the issue. System and network security monitoring, including intrusion detection and prevention arrangements, are typically employed to detect attacks on cloud systems and the supporting communications infrastructure.
Corrective controls reduce the consequences of an incident, normally by limiting the damage. They come into effect during or after an incident. Restoring system backups in order to rebuild a compromised system is an example of a corrective control.
There are several approaches enterprises take to ensure their data is secure in the cloud. Let’s take a look at them.
Cloud data encryption:
To keep data secure, the front line of defense for any cloud system is encryption. Encryption methods utilize complex algorithms to conceal cloud-protected information. To decipher encrypted files, would-be hackers would need the encryption key. Although encrypted information is not 100% uncrackable, decryption requires a huge amount of computer processing power, forensic software, and a lot of time.
Data encryption in the cloud is the process of transforming or encoding data before it’s moved to cloud storage. Typically cloud service providers offer encryption services — ranging from an encrypted connection to limited encryption of sensitive data — and provide encryption keys to decrypt the data as needed.
Encryption is, so far, the best way you can protect your data. Encryption works as follows: You have a file you want to move to a cloud, you use certain software with which you create a password for that file, you move that password-protected file to the cloud and no one is ever able to see the content of the file not knowing the password.
Data encryption is regarded as one of the most effective approaches to data security, scrambling the content of any system, database, or file in such a way that it’s impossible to decipher without a decryption key. By applying encryption and practicing secure encryption key management, companies can ensure that only authorized users have access to sensitive data. Even if lost, stolen, or accessed without authorization, encrypted data is unreadable and essentially meaningless without its key.
Some cloud services provide local encryption and decryption of your files in addition to storage and backup. This means that the service takes care of both encrypting your files on your own computer and storing them safely on the cloud.
Organization-wide security policies:
Organizations using the cloud should adopt security policies related to data security (actually, all organizations should adopt them, but with the cloud it’s even more important to do so).
This is mostly related to passwords and general security practices. The best cloud protection in the world won’t help you if you use simple-to-guess passwords, or if someone from your organizations reveals passwords and other sensitive data to bad actors.
It’s important to have clearly defined security policies to prevent such scenarios.
Always backup your data:
Cloud storage is, by its nature, secure from various cyber-attacks and even natural disasters. It also offers a way to backup and restore data. Still, it’s smart to backup vital company’s information on in-house servers, just to be completely sure that crucial information is not lost in case of problems with the cloud provider.
Trust, but verify
You have to validate the faith you put in your cloud provider. Trust is essential because everyone must have access to your infrastructure if you are going to move and build quickly. But it’s essential that you also monitor and audit continuously so you can verify business-critical activity and manage risk effectively.
No system is 100% safe, but cloud infrastructure comes close. Data is safe in the cloud, but some precautions have to be in place to ensure everything works smoothly. This mostly pertains to company policies about passwords and encryption.
If you have any questions about how to effectively adopt the cloud for your business, or how to optimize your cloud performance and reduce costs, contact Quisitive today to help with your performance and security needs.
Over the years I’ve had the great privilege of working with some brilliant folks inside of Microsoft. One of their engineers, who became a mentor to me when I first started working within Microsoft Azure, gave me some advice that I took to heart and have followed ever since. What he told me was this: When it comes to the security of your Azure Data Platform, you need to adhere to the 90-9-1 rule.
Here’s how the 90-9-1 rule breaks down.
Let’s start with 90%.
As a data engineer, my mentor informed me that I am personally responsible for 90% of the security, design, and implementation of that Azure data platform. It’s up to me to ensure that the system is appropriately hardened.
Now, 90% sounds like a lot. It is a lot. But what he meant by that is that I’m responsible for making sure that the checkboxes are all checked. If I’m not an expert in one area, I need to ensure that I find an expert and that what needs to be done is done. I then go through a security threat model exercise to ensure that there are no gaps.
It also means that I need to be able to account for security, compliance, and privacy being baked into everything I’m designing and building. This includes data in flight, as well as encrypted data at rest. I have to make sure that the right people are provided appropriate access to data, and that others are restricted. It also accounts for building certain capabilities into the platform, such as enabling time-activated access for occasional users, such as consultants.
Next, we move to the 9%.
This 9% represents the security capabilities that Microsoft provides within the Azure platform. This includes all of the investments that Microsoft has made in terms of security and compliance in Azure, including AI and machine learning.
Here’s an example of what’s covered in this 9%. Let’s say a CEO logs into his company’s system at 2:00 pm. By leveraging the Advanced Threat Protection capability within Azure his connection is identified through the ISP that the login occurred within the Toronto area. At 2:03 pm, that same individual logs in from Taipei. Immediately understanding that there is physically no way to get from Toronto to Taipei in such a short span of time, the threat detection within Microsoft Azure flags the anomaly and drops the connection.
Microsoft’s security suite allows users to set up conditions, including anomalies like these that maybe haven’t been pre-planned for, reducing the risk of data exposure.
Now, for the 1%.
The 1% in this equation represents the data security professionals that work within an organization. These are the professionals who understand and manage critical data that has high business impact,
such as personally identifiable information, healthcare information, financial information, and regulations.
While 1% might seem minuscule in the equation, these professionals take on 99% of the work going on within an organization from a security perspective. Their role is vital to making sure an organization is protected and secure.
In fact, in my opinion it is critical for organizations to understand that these security professionals are brought in early and often in discussions on moving to the cloud. These individuals are often afterthoughts in the planning process, but their importance shouldn’t be underestimated. The data platform that I build and deploy has a dependency on these security and infrastructure teams, and the earlier they’re involved in what I’m doing, the better that migration will happen.
Understanding the 90-9-1 rule for your own Azure Data Platform is important before you begin migration. Who’s responsible for what pieces, where might there be gaps, and how can you best avoid a breach?
In today’s ever-evolving environment with increasingly savvy methods to illegally access data, breaches are happening with more frequency. Make sure that when it comes to security your company is covered the full 100%.
Want to learn more about how to make sure your data is secure in the cloud? Click here.
As companies set about migrating workloads to the cloud, an important factor often gets lost, sometimes overlooked or misunderstood in the process: security and compliance.
It might come as a surprise to some, given the proclamation of cloud service providers on all the baked-in security and compliance in the platforms. Given increased cyber threats, how can companies run workloads in the cloud in an unsecure manner? The truth is, the reasons for not establishing secure and compliant workloads in the cloud are not nefarious or even irresponsible – in most cases, they are merely making innocent but incorrect assumptions
Companies know that the highly respected and trustworthy underlying cloud providers, such as Microsoft Azure, have advance and security capabilities, and therefore assume that their data is fully and automatically protected.
This is true, but only up to a point.
Think of it this way: if a building is equipped with state-of-the-art alarm systems and security cameras, but someone leaves the door wide open, the building is still penetrable to intruders. The same goes for the cloud.
Cloud providers have security and compliance capabilities, but to take full advantage of the platform security, you need to understand those capabilities and configure your environment on their platform accordingly and aligned with best practices.
Whether a company must adhere to HIPAA, Sarbanes-Oxley, FISMA, the Dodd-Frank Act, or ISO, it’s essential to find a cloud migration partner that has the experience to ensure that compliance is met and security is air-tight. Here are three ways to ensure that security is addressed correctly before, during, and after a cloud migration.
1. Bake it in, don’t bolt it on
We believe that security works best when baked into the blueprints of a cloud migration, not bolted on afterward, so we take all security and compliance requirements into consideration from the onset of an engagement.
2. Don’t set it and forget it
Once you’re operating in the cloud, you still need to keep security top of mind. Stay on top of any changes to policies, patches, and industry insights with the Azure Security Center. Rich with content, information, tools and processes, the Azure Security Center will provide a unified view of your cloud workloads while giving you the support you need. Don’t have time to keep up with changes yourself? Consider finding a partner that provides managed services to provide the support you need, and who understands the monitoring capabilities and needs in the cloud platform.
3. Police your policies
Having policies in place is one thing, but it’s also critical to ensure that they’re enforced to maintain the integrity of the secure and compliant environment you’ve set up. Make sure that each person accessing or contributing to data in the cloud is compliant and operating according to best practices. This includes following an established approval process and an audit trail to demonstrate that compliance is met.
With data breaches on the rise – one report suggests that year over year, the total number of breaches was up 33.3%, and the total number of records exposed was up 112% between 2018 and 2019. Keeping security top of mind for your cloud migration shouldn’t be an afterthought; it must be a priority.
Azure RMS and Azure Information Protection offer excellent tools to protect information in your organization. Using them it is easy for end users to encrypt sensitive information so that no matter where that information may go, it will still be secure.
The Digital Rights Management (DRM) is embedded in the document itself and before someone can open it, they have to authenticate with your Azure AD.
So, what happens when an employee leaves the organization and they have a bunch of encrypted files left behind, or an Admin needs to remove the encryption from files?
This is where Azure RMS Super Users come into play. You can download the PDF that describes them
This is all done via PowerShell and if automatically configured for users when they are working in the Security and Compliance Center if you assign the Decrypt RMS role to the user. The cmdlet you use is:
|1||Enable-aadrmSuperuserFeature Add-aadrmSuperUser -EmailAddress “[email protected]”|
To remove Azure RMS super users encryption you can then use the Unprotect-RMSFile cmdlet and if you need to encrypt files you can use the Protect-RMSFile
These can be used on a single file, or on a folder for bulk updates.
Hope this helps Admins that are looking to programmatically remove Azure RMS encryption via PowerShell.