Archives For Encryption

encryptionAre You Protecting Your Clients From Ransomware?

This is likely one of their biggest threats – but if all you do is basic firewall management and backups, this attack won’t be stopped. Ultimately your client should be asking you – how did YOU let this happen.

Not that your client’s will all pay for more intelligent security, but it’s your responsibility to tell them – let them make the financial choice, knowing the risk they are taking.

Zepto is new – it’s dangerous.  It’s a varient of the Locky Ransomware, reportedly responsible for encrypting files at three major US hospitals;  Kentucky Methodist, Chino Valley, and Desert Valley.

This month, researches estimate that this one attack was carried to over 140,000 systems in just a few days. As social engineering evolves, people are tricked more often. Getting an email from your boss or higher level executive demands a response. And when there’s an attachment, it’s hard to call upstairs every time just to make sure it’s real.

This type of attack is gaining momentum – it’s highly profitable. And to date, the only consistent recommendation is to maintain good backups. But restoring dozens or even hundreds of systems could put a business on hold for days or even weeks.

In the case of Locky, one report estimates a group of hackers earning somewhere in the neighborhood of $12 Million in  single month! Software developers building these attacks may be earning up to $100,000/month!  This is big business and it’s not going away.

So What Should You Be Doing?

First, understand that basic firewalls and anti-virus software are not stopping these attacks. So you can continue to say things like, “My clients are too small to pay for more security,” or you can get real with them and let them know they can afford to take the risk. Like buying life insurance or equipping their homes with updated alarms, they may choose not to. As long as you’re making the right recommendations, you’ve done your part.

Second, start looking into “Detection” technologies – security technology that detects. FireEye was early to the market with sandbox technology, but today, there are similar solutions built and priced for almost any size business.

Finally – backups are still your fall back plan. I’m always amazed to see how many small businesses continue to limp along with outdated back up technology…they claim it’s just too expensive to upgrade. If you’ve read, The House & The Cloud – you know why. Without the Impact vs. Likelihood graph sitting in front of them, they don’t understand their risk. Without that, how can they make a decision to spend more? They can’t.

© 2016, David Stelzl

 

 

 

 

 

 

 

Advertisements

applephoneThe FBI has Broken Into the iPhone

You’ve probably heard, but keep reading. There’s an important lesson to be learned here. Amidst all of the bantering back and forth on what’s right, what the law says, and what Apple should or should not do – don’t miss the important point.

Encryption and Passwords don’t actually work.

This is the point of the talks I do at executive lunch & learns. This is the reason we have high conversion rates on signing up security assessments.  Good security requires more than good encryption.  It requires someone watching.

Did you notice how long it took for someone to break in?  Just a few weeks – boom, game over.

Protection, Detection, and Response are all necessary if you plan to secure something. A device left out for others to access (which would be anything connected to the Internet), is vulnerable.

Want to know more about this?…Next week I will be doing a third session – LiveCast on how technology resellers can capitalize on this one truth – moving new prospects to action.   (Sponsored by Check Point Software).

Yes! I Want to Attend… <<< You Can Sign Up Here!

Copyright 2016, David Stelzl

appleApple Does Not Have to Decrypt the Phone After All – This is a Historical Moment.

But Once Again, No Technology Is Really Secure…The FBI Has Managed to Break Through Apples iPhone Security.

Did you doubt they could? Did you think the iPhone could really stand up to this?  If you did, you need to know more about security. Good security means fast detection and real-time response.  The front door can always be broken into.

Security is a funny thing. If Apple had given in, case law would have been established. Any future crime could have forced the developer to change the code, create a backdoor, or make things less secure. I know there are many people saying this isn’t true, but most of them can’t claim any security expertise.  As a CISSP, I’m stating my opinion.  I haven’t met one serious security expert who disagrees with me – although I’m sure there are some.

On the other hand, security can always be broken into…that’s why there’s a huge opportunity for every technology company right now.  If you take on security there’s new business out there. We have a problem. If the FBI gained access (or some of their third party contractors), the bad guys can do it too.

There’s still time to join me for this week’s free online WebCast.  

This week I’ll be showing you how to create an annuity business that will far outlast the tradition commodity MSP business everyone is already doing.  You won’t have to abandon anything you already do. But you will be adding some things, and approaching the deal differently…and in a far more effective way.

YES! I want to Attend…  <<<  CLICK here to read more and grab your seat!

This training is so important, I wanted to find a way to get it to you without it costing you a fortune…so I’ve partnered with two technology companies that want the same thing!  Join me this week – Check Point and Tech Data have teamed up to bring this program to your laptop or phone.

Plus, they’re giving away additional training and products!  Click the link above now and find out more!…see you on Thursday.

© 2016, David Stelzl

The ITRC – Identity Theft Resource Center is a nonprofit organization that exists to “Educate consumers, corporations, government agencies and other organizations on best practices for fraud and identity theft detection, reduction and mitigation.”  They put out a report each year summarizing who was breached and how many records were exposed (if known).  2008’s statistics came out last week…The first link points to the 200+ page report, however it is organized by company or organization so you don’t actually have to read it.  Instead, look for companies that are either clients or prospects.  The second is a summarized listing of records taken, sorted by company.  A couple of things worth noting:

  • When the “exposed record” count is zero, the comment under “Was data stolen” is almost always “unknown”, so don’t take zero literally.
  • The ITRC report also indicates that 95+ percent of these companies did not have some of the critical security measures in place such as proper encryption and access control. Might be a sales opportunity.
  • If you call on government, you’ll notice that government breaches are declining – this may be a result of NIST requirements including two-factor authentication, encryption, and regulations against using social security numbers.

 

http://www.idtheftcenter.org/BreachPDF/ITRC_Breach_Report_2008_final.pdf

 

http://www.idtheftcenter.org/BreachPDF/ITRC_Breach_Stats_Report_2008_final.pdf