Should I Lease Multiple Domains for Cybersecurity?

Recently we hosted a webinar on Phishing & Whaling—How to Protect Yourself and Your Team. Melinda, one of our Solutions Executives, and Stormy, from our vCISO team, shared real-life examples and valuable insights to help educate business owners on the threats they face on a daily basis.

As Stormy explained examples of whaling attacks, one of our audience members posed an intriguing question: if cybercriminals are purchasing lookalike domains in order to phish you, would leasing multiple domains help prevent that?

Stormy’s answer? Both yes and no. Let’s get a little more context.

 

THE THREAT

One common scheme used in phishing attacks is domain spoofing, where a criminal leases a domain that is very similar to yours. For example, if your website is www.LawFirmABC.com, the attacker might lease www.LawFlrmABC.com, swapping the I for an L. Then he sets up an email address at that domain and sends an email to one of your team members posing as an employee. The swapped letter is easy to miss during a quick scan of an email that otherwise looks legitimate.

 

THE PROPOSED SOLUTION

Given that this scheme relies on the domains being fairly similar, the concept is that if you’re leasing multiple lookalike domains, you’ll keep them out of criminal hands and protect your organization against this type of attack.

In theory, yes, this could help. In fact, large companies like Google do this for this exact reason. When our own team uses domain spoofing during a social engineering campaign for a client, we turn any lookalike domains we leased over to the client’s control after the campaign ends. However, leasing multiple domains is not enough.

 

THE BETTER SOLUTION

In practice, this defense isn’t really practical; there are too many possible combinations to feasibly lease them all. Plus, it could lull your team into a false sense of security. The money you might spend leasing those domains would be better invested in cybersecurity awareness training for your employees. Staying alert and on guard at all times is vital to maintaining your organization’s security.

 

FIT Cybersecurity provides cybersecurity education and social engineering campaigns to organizations across all industries. If you’d like to test your company’s defenses or your team’s awareness of common cybercrime tactics, give us a call today at 888-683-6573 or contact us here.

How to Quickly — and Securely — Enable Work-From-Home

In response to current events, your business may be faced with the challenge of quickly putting a work-from-home program in place for your employees. Here’s the hard part: those employees will be largely on their own, with varying degrees of technical knowledge, connecting from their own home networks and accessing corporate data and resources. You need not only to get them connected, but equip them to work productively, with ample security in place so you don’t put your organization at unnecessary risk.

Considering the Alternatives

The best-practices approach — under normal circumstances — is to distribute preconfigured corporate-owned laptops. Aside from the expense, time might be the bigger issue in our current situation as businesses everywhere are rushing to equip remote workforces. Currently, the time from order to delivery of new laptops is around 15-30 days, for some suppliers.

A tempting short-term fix is to allow employees to connect to corporate resources directly using their own personal home computers, laptops, or tablets. However, this exposes corporate assets to a wide variety of risks that are outside of your control. These risks include outdated or insufficient endpoint protection, access of confidential data by others in employee households, and rogue devices on a poorly secured home network — among other threats.

The Right Technology, Right Now: Virtual Desktop Infrastructure

Virtual Desktop Infrastructure (VDI) is a widely used remote access approach with many advantages. With VDI, employees use their personal devices to access a virtual desktop — a computer that they control remotely. They view the screen, and control it via mouse or keyboard. The approach is much less expensive than provisioning and distributing laptops, and far more secure than a direct connection. With VDI, business owners can:

  • Provision remote access for tens or hundreds of users cost-effectively with a cloud-hosted solution
  • Allow secure access by a wide range of employees’ personal devices, from home PCs to laptops and tablets to smartphones
  • Tightly control access by combining standard login credentials with multi-factor authentication (MFA) to guard against weak or compromised passwords
  • Keep corporate data off of personal or public networks — the corporate data only appears superficially onscreen, and never actually enters or is stored on the user’s personal device
  • Provide a familiar environment and business access —the virtual desktop can be configured to look and behave exactly like an office-based system, with access to all corporate applications and data stores, productivity, email and collaboration software

At FIT Solutions, we can quickly set up a VDI for your employee remote access. It is housed in our data center in a private cloud, with all essential security measures provided. We connect the virtual desktops to any applications or data you need, whether those are in another public or private cloud, or in your own data center with access protected through a secure point-to-point VPN.

Have questions? We have the answers. For more information or to get started right away, give us a call at 888-339-5694. We’re also offering a free Remote Workforce Readiness assessment, which you can find here.

Team Onboarding—Best Security Practices for Senior Care Facilities

It’s a common adage in cybersecurity: humans are the weakest link in your defenses. Hackers still do manage to infiltrate networks directly, but more commonly, their preferred route of access is through your people. No matter how fortified your firewall or effective your antivirus, anyone could click on a link and fall for a phishing scheme or be fooled into sharing a password. The risks compound if you regularly take on new employees. Every system they can access also represents a potential entry point for a criminal. You not only need to be able to give employees access when they join, but more importantly, shut down all their access when they leave.

Here are a few suggestions to help you close down those security holes.

Automated Onboarding — and Offboarding

An account left open is an open opportunity. Terminated employees have used their unterminated access to steal information or otherwise take revenge. Successful crimes have also been committed when criminals exploit a still-open account after an employee has moved on. Once a criminal has a foothold, they can either use access to one system as a beachhead for escalating privileges or move laterally across systems to gain access to higher-value information. So each and every account with access to EHR, human resources, nutrition, directory services, accounting and other key systems leaves the others vulnerable. When an employee leaves, there’s no reason to leave those accounts active, but it’s easy to overlook one or two—and it happens all too often.

Solutions are available that automate the steps of onboarding. These make the process essentially self-service for the new hire and easier for everyone involved, including human resources and IT staff. Once configured correctly, with a single login the user can either automatically be given access to all the systems the role requires, or receive instructions on setting up new accounts or passwords. On the back end, any manual steps that system administrators need to take are flagged for action as part of a standard workflow. Most importantly, the chain of access and granting various system privileges is completely reversible. That is, when the employee leaves, the system cycles through a series of actions that remove the privileges of all accounts for that individual – and the security holes they represent.

These automation solutions take multiple forms. Sometimes they’re part of a Human Resources Information System (HRIS). This type of software automates the process for HR (payroll, benefits and similar functions) as well as IT. Software that handles only the IT onboarding piece is more commonly referred to as Identity Access Management (IAM) or Single Sign-On, among other terms. There’s considerable feature overlap among these categories of software. Make sure that any you are considering can automate onboarding to the specific systems you use.

User Education Services

Weak passwords, passwords shared across multiple accounts, a tendency to fall for social engineering ruses and ignorance of basic information security are all human-based vulnerabilities. Employee-education services have become an essential part of security. Enroll each new hire in these programs as an integral part of the onboarding process.

  • Cybersecurity Awareness Training. This type of training instructs employees on how to spot phishing scams as well as good password hygiene and other precautions and security measures. Training can be self-paced online, via webinar or in-person seminars. Which option you choose depends on the third-party provider’s offering and what’s practical for your organization.
  • Phishing Testing. This service sends simulated phishing emails on a regular basis, using the same social engineering tricks used by criminals. If an employee takes the bait, the service provider follows up and requires the employee to take further training. The IT or security department receives regular reports on how well the employees are doing overall, as well as an audit trail on which employees have completed the training.

One other service to consider is dark web monitoring, which crawls illegal online marketplaces looking for stolen login credentials for sale. If they find any credentials of your employees, you’ll receive an alert so you can delete the account or change the password to something stronger and more secure.

At FIT Solutions, we have partner relationships with many service providers who are the best in the business at what they do. We can assist you with selection, setup and ongoing best practices to support all of your new hires and also to close down access for former employees. If you would like to know more, give us a call at 888-339-5694.

Ransomware Wakeup Call: 4 Tips to Protect Yourself

It’s a sad fact that criminals often prey on the most vulnerable. This was proven true in the ransomware attacks that impacted LTPAC facilities during November. Not only were the facility operators victimized, but sudden lack of access to medical records profoundly impacted their ability to care for patients and residents.

This incident was first reported by journalist and investigative reporter Brian Krebs. More than 100 facilities were impacted, and the ransomware cut off access to critical systems, including access to patient records, client billing, phone systems, internet service and email. The scope of the attack was audacious. The threat to peoples’ lives was deplorable. But most galling to us, as IT service providers, is that the incident was so preventable. More on that below.

Why Healthcare is Such a Tempting Target

In this case, the perpetrators were identified as a Russian gang, an adversary well-known among security experts. What’s clear here is that criminals don’t care that their actions could actually endanger peoples’ lives. They go after healthcare because lives are at stake, and they know that many healthcare organizations don’t have extra dollars around to invest in security.

Smaller and mid-size organizations are often the targets of choice. Health systems serving smaller communities, community hospitals, group medical practices, specialty centers, rehabilitation providers and dental practices have all been ransomware targets. Some have even had to close their doors after an attack.

A Few Ounces of Prevention Can Go a Long Way

Here are some of the ransomware prevention measures that we recommend and put in place for our clients. These are standard security practices, and aren’t necessarily more expensive than what you’re doing right now.

  1. Enact an anti-ransomware group policy on computers. Use a Windows Group Policy Object that prevents unknown executable files from running in temporary folders or in the AppData folder. Almost every single ransomware variant we have seen runs from one of these locations.
  2. Segregate cloud resources. Use a provider that can deliver a private hybrid cloud — not a public cloud where your data and applications are pooled with those of other companies. That protects your company in case another becomes infected with ransomware. You don’t want their problem becoming your problem—and everybody else’s.
  3. Separate backups from network shares. The ultimate protection against ransomware is maintaining regular and up-to-date backups so you can restore from them if an attack encrypts your data and makes it unreadable. But don’t store your backups on your network, accessible through a mapped drive, or the attack could compromise your backups, too.
  4. Bolster your endpoint protection. We’re presuming you already have antivirus in place. Because ransomware is a targeted attack, the criminals take care to alter their executable files, so signature-based antivirus isn’t very effective. Consider switching to an endpoint protection product that employs a “defense in depth” strategy rather than just relying on signatures.

At FIT Solutions, we supply IT services to many senior care organizations including assisted living and LTPAC facilities. We urge you to implement the tips above; you can do them yourself. Of course, if you’d like help, you can always call us at (888) 339-5694. We’d be happy to partner with you to protect your organization from ransomware.

Get in touch.

Fill out the form and our team will get
back to you as soon as we can!