Longleaf System & Network Specialists

Managed IT Service Provider

By

How Hackers Steal Your Data (Part 2 Of 2)

In Part 1 of our data hacking article, we explored two of the most common methods cybercriminals are using to attempt to access your data. In Part 2, we’ll look at three slightly more sophisticated attacks that you should be aware of to properly steel yourself against data breach attempts.

Social Engineering

A catch-all term that can include phishing (discussed in Part 1 of this article), social engineering uses your real-world instincts against you to get you to divulge information you usually would be hesitant to reveal. Typically speaking, hackers use technological vulnerabilities to exploit holes in your cybersecurity, but in social engineering attacks, hackers lean on your personal weaknesses.

Some examples of this might be:

  • A hacker calling and posing as a client who’s locked out of their account and needs you to give them access.
  • A hacker calling or emailing pretending to be a local charity asking for financial information to make a donation.
  • A hacker texting you posing as a friend, boss, or coworker who needs urgent help.

Relying on psychological manipulation, these examples illustrate the importance of slowing down, staying skeptical, and carefully reviewing any “urgent” issues before taking action. Be wary of links or downloads even if they seem to be from a trusted source, set your email spam filters to the highest setting, and always be wary of anyone asking for credentials in a text, email, or phone call if you want to avoid being misled by this form of emotional manipulation.

Man-In-The-Middle Attacks

In a man-in-the-middle (MITM) attack, an adept hacker will use IP, ARP, or DNS spoofing to position themselves in the middle of a conversation between you and an application to intercept user traffic. After they’ve intercepted this traffic, the attacker will decrypt it using HTTP spoofing or SSL hijacking to avoid detection. This allows them to then monitor and control the session and steal account details, log-in credentials, banking info, etc. A MITM attack is hard to detect, but can be prevented with due diligence. Avoiding the use of free Wi-Fi hotspots, closing out secure connections when they are not in use, and steering clear of unsecured websites are key preventative measures you should be taking to avoid this scenario. If you’re also a web administrator, you’ll want to be proactive with these types of attacks by making sure you’re using SSL/TLS to secure each page of your website and not just log-in pages.

IoT Attacks

The wave of the future, The Internet of Things (IoT) is a term used to describe the increasing array of interconnected devices that interact with each other across your network. The more devices become “smart” and connect and share information, however, the more entry points hackers have to gain access to your systems. It might seem far-fetched, but hackers can actually install viruses or hack into your wireless routers, printers, and any new device you introduce that may connect to your network regularly. If you are investing in IoT devices to stay current, only buy them from reputable vendors with track records for reliable security. Many businesses are also guilty of sticking with the factory preset passwords that come out-of-the-box with new devices. These factory passwords are often not strong enough, are easily found in product manuals, or have been made public on databases stored in the dark web. So, make sure you create a unique set of new credentials for each IoT device as soon as you introduce them to your network.

Although using the preventative measures detailed for these five types of attacks can dramatically decrease your chances of data theft, there are endless ways that cybercriminals can target you. Therefore, the true key to making sure you avoid a data breach is to have a plan. This is where an MSP like Longleaf can help. By helping you formulate a comprehensive, structured approach to cybersecurity, we can streamline the time-consuming tasks of learning about new threats, keeping your systems up-to-date, and educating your team. Contact Longleaf today to put your cybersecurity plan in motion.

By

How Hackers Steal Your Data (Part 1 Of 2)

It’s no secret that your data is a hot commodity. Each day sophisticated cybercriminals attempt to make money by stealing your private information to pose as you, blackmail you, or simply sell your information to someone else who will. If you want to stay in business, you’ll need to be able to thwart these attempts. But to do so, you must understand the increasingly advanced methods hackers use. In this two-part article, we’ll examine the techniques hackers are currently utilizing to try and gain access to your sensitive data.

Cracking Passwords

The fact that hackers might simply guess your passwords probably seems painfully obvious, but the hard truth is that many companies still lack proper password management. If your password is a series of common words, a dictionary attack can use algorithms to cycle through a word database and quickly discover your chosen phrase.

Simply adding some numbers won’t be enough either, as hackers can up the ante with a brute force attack which allows them, with some additional computing power, to cycle through alpha-numeric combinations until they strike gold.

Even when passwords are hashed, or turned into a different string of text to guard against hackers cracking all the passwords in a database, they can still be broken. The most determined and well-equipped hackers can use a form of attack that rebuilds the password, called a rainbow table attack, which can cause hashed passwords to become defenseless. In this type of attack, pre-computed tables are used to recover hashed passwords and reverse them to reduce guessing time and discover complex passwords.

To prevent these, you’ll need to create unique passwords that are more than ten characters long and have a mix of numbers, lowercase and uppercase letters, and symbols for each account. One popular trick for this is to think of a phrase and codify it. For example, “Cousin Greg lives in Seattle” becomes “C0u$iNGr3gLiV3SinS3ATtLE”.

Additionally, you should use multi-factor authentication (MFA) whenever possible. Many services such as Office 365, Facebook, and Google, offer MFA options in their settings. Simply navigating to the settings and opting for the MFA feature is the best way to make sure your password isn’t the only thing standing between an attacker and access to your accounts.

Phishing Schemes

One of the most common methods of data hacking, phishing scams are so effective, they’ve produced many high-profile data breaches including the hacking of Clinton campaign chairman John Podesta, who unknowingly gave up his Gmail password, and Snapchat, where an employee gave up payroll information that led to widespread identity theft.

In a phishing scheme, disguised e-mails are used to lure the recipient into a trap. Posing as a trusted source, such as someone you do business with, your bank, or your email provider, hackers trick you into providing them information directly, clicking a link that leads you to a fake site, or downloading an attachment that then allows them access to your system. One of the oldest tricks in the book, phishing is an evergreen technique that is continuously being re-invented in order to become harder to spot.

The best way to not get hooked in by a phishing scam is to study the way they are being used and stay vigilant. Make sure to check the spelling of URLs in email links and watch out for URL redirects , or being forwarded to a different URL than the one you clicked. Keep your browsers up-to-date to ensure you have the most recent security patches and install anti-phishing toolbars on your browser that can run checks on sites you visit and compare them to a database of known phishing sites. And, of course, never give out personal information over email.

These are two of the most popular ways attackers attempt to gain access to your system, and stay tuned for Part 2 of this article as we dive into three more sophisticated methods cyber attackers are currently using. Concerned you’re not as safe as you thought? Contact Longleaf immediately. Our cybersecurity professionals have the expertise to make sure you’re one step ahead of the latest tricks, scams, and hacks that could threaten your business.

By

Step Up Your Spring Cleaning with A Network Assessment (Part 2)

In part one of our Network Assessment piece, we showed you how to focus your spring-cleaning efforts on creating a network inventory and examining your IT infrastructure. In section two, we’ll look to audit three more critical aspects of your network: performance, security, and management.

Analyze Performance

Having audited your inventory and infrastructure, you should now have a clearer picture of your network. Now you’ll want to test its performance by analyzing key metrics to help define the overall quality of your service.

To compile this data, you’ll need a network performance measurement tool. Your IT partner should be able to provide this, or you can DIY with tools such as Wireshark or iPerf, which can provide powerful data packet capture analytics with diagnostic capabilities.

Broadly speaking, these tools are split into two categories: Passive and Active. Passive tools limit disruptions by avoiding introducing additional network traffic. Active tools inject data into your network to monitor its path to a target destination. It’s important to know the difference because choosing an active tool will require clever scheduling so as not to interrupt existing network traffic.

When testing, you’ll be looking to measure these key metrics:

  • Latency – the amount of time it takes for data to travel from a defined location to its chosen destination.
  • Bandwidth – the amount of data that can be transmitted over a specific period of time (usually measured in bits per second).
  • Packet Loss – the number of data packets that fail to transmit from one destination to another.
  • Jitter – related to latency, jitter quantifies the variations in time delay when packets are sent over the network.
  • Throughput – also related to latency, throughput is the number of data packets that can be delivered in a predetermined time frame.

With these measurements in hand, you will have a set of hard data to test all your variables against to help improve your network performance going forward.

Solidify Your Security

Internal networks are notoriously open and contain many vulnerabilities, most commonly due to a lack of encryption or authentication controls. In your assessment, you’ll want to do a thorough inspection for weaknesses by monitoring network traffic for any exposed services and testing device and control configurations.

It’s also time to scan every port in your network. Unprotected ports in your network are like unlocked doors in your home, and can be secured by implementing firewalls, SSH public key authentications, and keeping the services you use constantly up-to-date.

Don’t forget to take physical security risks into account as well. Fires, floods, or stolen equipment can be just as damaging as compromised passwords or malicious viruses.

Evaluate Management

The final detail you’ll need to examine is how your network is being managed. One look at the inventory list you made when you started, and it’s easy to see why this can be a daunting task. Developing and communicating coherent company policies surrounding network access and usage are paramount to keeping your systems clean and under control. Monitor network usage heavily during your assessment to figure out who’s using what and when.

If you haven’t already, consider implementing a Network Management System (NMS) like OpenNMS. An NMS is a set of applications that assist your network administrators by letting them manage software and hardware components individually from a central workstation. Using one can be of great assistance in streamlining the very complex task of day-to-day network management.

Assess Whether You Need Assistance

If you’re looking to make your network assessment as thorough as possible, a Managed Service Provider (MSP) like Longleaf can also help. We’ll analyze your data to properly identify holes in your security systems, expertly optimize your infrastructure, and even help manage your network for you. Contact Longleaf to make your network the cleanest aspect of your office.

By

Step Up Your Spring Cleaning with A Network Assessment (Part 1)

Spring has sprung, and you’re already busy clearing out all the clutter that accumulated during the winter months. But shiny floors and polished tennis trophies won’t keep you in business. A reliable and robust network will. When your network is a mess, employees waste time troubleshooting, customers disengage, and revenue is lost. To avoid this, in addition to busting out the broomsticks, it’s imperative that you set aside some time this spring to complete a full network assessment.

A network assessment is a thorough evaluation of your IT systems that gives you a comprehensive overview of every weakness and opportunity for improvement. In this two-part “spring cleaning” article, we’ll detail some of the simple steps you can take to get a better sense of where your network stands today.

Define and Prepare

Step one to assessing your network is preparing properly, so you save time and know what your goals are. Because if you don’t know what you’re looking for, how can you find it? Begin by defining the scope of your evaluation and decide how long it will take, who will take part, and what aspects you want to analyze. Next, make sure key members have the usernames and passwords needed to edit access rules accordingly so authorization issues won’t slow down the process. Once you’ve defined the scope of your inquiry and provided access to your chosen team, you’ll be ready to begin. For this article we’ll define our primary objectives as surveying these five key aspects of the network: inventory, infrastructure, performance, security, and management.

Assess Your Inventory

Like an old attic, your network is probably home to more than a few items you forgot existed. This is why it’s important to start digging through the clutter and make a detailed inventory of all of the devices, network appliances, software, and hardware that are currently in use (or not in use) across your network. The most effective way to do this is to create a simple spreadsheet with details such as:

  • Name
  • Type of Device
  • IP Address
  • Manufacturer
  • Make
  • Model/Model Number
  • Serial Number
  • Operating System
  • Physical Location

As tedious as it may seem, this is no time to slouch. You’ll want to get up on your feet, walk around, and take a look at everything in the office. Note every laptop, printer, server, router, etc. It’s time to get a clear picture of what you’re using and how it’s being utilized. This is also a good time to take some photos to file away so that if you ever need to file an insurance claim, you’ll have good documentation.

However, as a business owner, you may find that taking inventory of your all your office devices falls to the bottom of your priority list. In that case, partnering with an MSP might be a more practical option for your business. As an MSP, we provide Inventory Management, so you will never have to worry about every device your employees are using, or if they are updating their programs as often as they should. Instead of the tedious “spreadsheet” approach, our Inventory Management is automated through our Remote Monitoring and Management (RMM) tools, which automatically generates your inventory for you.

Test Your Infrastructure

Now that you’ve figured out what you own, it’s time to ask yourself: Do these devices work well together? Streamlining infrastructure is the crucial next step to achieving network efficiency. Similar to our inventory process we’ll want a dedicated document containing all our findings. A network map is the most useful tool for examining the overall design of network systems. If you’re particularly talented, a hand-drawn diagram can suffice, but a network mapping software solution like Visio might be more practical. MSPs often use Visio themselves to create clean network maps, but may also have monitoring software that automates this process for their clients. Longleaf, for example, routinely auto-discovers devices and creates live diagrams in real-time to make sure our clients get the most thorough sense of how their systems are working together to identify flaws and make improvements, as well as quickly identify and remove unauthorized devices that shouldn’t be on your network.

You’re halfway there! Stay tuned for part two where we’ll cover the best ways to assess network performance, strengthen your cybersecurity, and stay on top of these various aspects post-assessment. Already overwhelmed by the intricacies involved in a full network assessment? Consider contacting Longleaf. A top-of-the-line Managed Service Provider, Longleaf can expertly survey your entire system in a hurry to get your network in top shape.

By

Safe Computing Solutions for The Real World

In the digital age, it’s easy to get lost. As soon as you open your laptop, you’re sucked into a swirling vortex of time-sensitive emails, data-filled spreadsheets, and online banking transactions. With so much of our focus aimed at making sure cyber-attackers don’t invade our virtual lives, it’s easy to forget that in the physical world, real-life disasters are just as real a threat to our computing capabilities. Hurricanes, tsunamis, earthquakes; These aren’t the first things you think of when you’re worrying about how to protect your data but – well, that’s the point. If you feel like you’ve left the back door open by being underprepared for real-world dangers, here are some steps you should take to be fully prepped no matter which way the wind blows.

Formulate A Disaster Recovery Plan

In every disaster film, there’s an unassuming character who appears suddenly at a critical moment and yells to the group, “Follow me!” It’s time for you to step into that role. No business owner will be truly ready for real-world threats unless they think ahead and create what is known as a disaster recovery plan. A good DR plan creates a robust set of protocols to follow that will keep your critical operations up and running while you address the impact of the disaster at hand. It gives your employees the blueprint for what to do when faced with a seemingly impossible situation and developing one is paramount to being fully prepared.

Evaluate Risks and Impact

The first piece to the puzzle is assessing every aspect of your business that might be at risk and how you’ll manage to adjust, if and when they are affected. Performing a risk assessment and/or business impact analysis can help you identify the technology, personnel, and physical facilities that are crucial to your business’s day-to-day operations. Make sure to take all factors into account including elements like surrounding geography, local infrastructure, available power sources, and possible effects on communication networks when measuring the potential impact of a disastrous turn of events.

Create Objectives

Now that you’ve figured out what critical business activities you need to protect or replace, you’ll want to define a Recovery Time Objective for every function. Since time is of the essence in any emergency, RTO’s are helpful to identify the amount of time an application or operation can be offline without drastically impacting your business. With RTO’s in place, you can also define Recovery Point Objectives, a target time within which each function should be fully recovered. When assessing these two timeframes, it’s helpful to remember what you’ve promised your customers, users, and/or stakeholders and develop what would be acceptable response times from their perspective.

Finalize Your Plan

Using the above, you should be able to start the process of taking action and finding workable solutions that can ensure your business stays up and running when it all hits the fan. However, to make sure everyone is on the right page, you’ll want to put this plan down on paper, summarize the key steps, and distribute it to every employee in your operation. Make sure to include key personnel contact info, define the roles of each team member clearly and plainly state everyone’s responsibilities. Don’t skimp on the details because the more specific and well thought out your plan is, the more likely it is to succeed.

If all this seems daunting, it’s because it should be. Dealing with disaster recovery is never an easy process no matter how well you plan. If you need help finding realistic solutions, contact Longleaf. Our Backup and Disaster Recovery (BDR) Services Team can expertly assess risks, develop clear-cut strategies and help you implement full disaster recovery plans so even though your data is in the cloud, you stay grounded in reality.

Contact

336-870-9295

Follow Us

Locations

245 E Friendly Ave. Top Floor
Greensboro, NC 27401