We have been doing the I.T. thing for a long time. A really long time. So long in fact that I think we have printers older than some of our employees. (Those HP Laserjets just keep going when you maintain them!)
One of the reasons we remain relevant in this cloud obsessed big-data driven world are the partnerships we have created since 1994. We are a really loyal company. We believe in the power of consistency. Because when you combine loyalty and best in class vendor performance, the result is a powerful IT platform that will outperform the competition year after year.
These partnerships take work. We meet, we strategize, we continually learn to ensure that we are offering you, our customer, the very best that I.T. has to offer. We believe that this gives you an edge. An edge over your competition and an edge that provides for razor-sharp performance and incredible customer service.
We have had some vendor relationships for over 24 years. For example, HP Inc and HPE have been providing desktops, servers and storage on the most stable platform we have experienced since we started our little company in 1994. Their products rarely fail but if they do we have found that their support is the best in the world. With local depots for stock and a commitment to parts (sometimes beyond a product’s usable life) we are able to support you because they support us.
The role of I.T. has always been one of enablement from vendor to distributor to solution provider (that’s us!) and finally to you our customer. We want our I.T. served hot with power, performance and longevity – just like that bullet proof Laserjet printer. Thanks HP!
At CITON our IT solutions are dependent on our vendor partnerships. We focus on aligning with great companies that offer great solutions. But that’s not enough. Our vendor partners have to provide us with the best possible support as well. HPE supports us so we can support you.
Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment.
Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its damage from spreading outside the closed area.
Since antivirus and anti-malware tools run with the highest level of privileges to scan all parts of a computer for malicious code, it has become a desired target for attackers.
The need for sandboxing an antivirus tool has become necessary after multiple critical vulnerabilities were discovered in such powerful applications, including Windows Defender, in past years that could have allowed attackers to gain full control of a targeted system.
That’s why Microsoft announced to add a sandbox mode to its Windows Defender. So, even if an attacker or a malicious app exploiting a flaw in Defender compromises the antivirus engine, the damage can’t reach out to other parts of the system.
“Security researchers both inside and outside of Microsoft have previously identified ways that an attacker can take advantage of vulnerabilities in Windows Defender Antivirus’ content parsers that could enable arbitrary code execution,” Microsoft said in a blog post.
Google Project Zero’s researcher Tavis Ormandy, who found and disclosed several of these types of flaws in the past year, lauded the Microsoft’s effort on Twitter, saying it was “game-changing.”
“Running Windows Defender Antivirus in a sandbox ensures that in the unlikely event of a compromise, malicious actions are limited to the isolated environment, protecting the rest of the system from harm,” Microsoft said.
According to Microsoft, implementing sandboxing in Windows Defender was a challenge for its engineers because the process had the potential to cause performance degradation and required a number of fundamental changes.
However, the research community has taken it as a welcoming step by Microsoft that has raised the bar on security for commercial antivirus and anti-malware solutions out there.
How to Turn On Sandbox Feature in Windows Defender Antivirus
For now, Windows Defender running on Windows 10, version 1703 (also known as the Creators Update) or later, support the sandbox feature, which is not enabled by default, but you can turn the feature on by running following command on your system:
- Open Start and Search for “CMD” or “Command Prompt”
- Right Click on it and select “Run as administrator.”
- Type: “setx /M MP_FORCE_USE_SANDBOX 1” and then press ENTER
- Then restart your computer, that’s it
Microsoft is gradually rolling out a Windows Insider preview supporting the sandboxing feature in Defender Antivirus, and the feature will soon become widely available, though it is not sure when this will happen.
Thank you to thehackernews.com for this article!
Antivirus and anti-malware tools are just what you need to fend off attackers. Is your current software up to date? Call CITON to see how we can help defend your system.
What is your plan to backup, monitor, and recover?
Ransomware attacks are becoming more rampant now that criminals have learned they are an effective way to make money in a short amount of time. Attackers do not even need any programming skills to launch an attack because they can obtain code that is shared among the many hacker communities. There are even services that will collect the ransom via Bitcoin on behalf of the attackers and just require them to pay a commission. This all makes it more difficult for the authorities to identify an attacker.
6-step plan to prevent ransomware attacks
1. Employee training: Your ransomware prevention plan should include training employees on what ransomware is and the method attackers primarily use to initiate attacks — phishing. This training should be conducted regularly.
2. Patch servers, devices and apps: Organizations must have a process for patching servers, network devices and applications. Many organizations do not stay up to date on patching their applications. Attackers know this, and they primarily target them. Patching progress, procedures and policies should be reviewed for effectiveness monthly or quarterly.
3. Antivirus tools on end points: You should also have a plan to use antivirus on your end points. Focus on using tools that can track suspicious behavior because many ransomware attacks are specifically designed to avoid being detected by signature-based antivirus programs.
4. Back up your data: Many organizations that have paid a ransom did so because they did not properly back up their data. Your backup process must be documented. Include your recovery point objective (RPO) and recovery time objective (RTO) in your disaster recovery plan, and test it each year to verify the objectives can be met.
5. Test your backups: You should test your backups regularly to verify all critical data is backed up. Also, it is important to make sure your backup data is protected from ransomware attacks. With the popularity of network-based backups, many organizations run their backup devices on the same network or VLAN as their standard production network. This should be avoided to prevent your backup data from being a victim of a ransomware attack.
6. Conduct vulnerability assessments: Vulnerability assessments that holistically review the security posture of an organization are beneficial in preventing a ransomware attack. These assessments should verify that the appropriate procedures to prevent ransomware attacks are being followed consistently.
These 6 tips on prevention are from Network World.
CITON has just the defense software you need to protect your business from ransomware. The attacks can cause serious damage and loss of data if a proper recovery plan is not in place.
What do you know about cyber security, and a sophisticated phishing attack
As part of Cyber Security Awareness Month, RBC Bank surveyed 2,000 Canadianson their understanding of how to be secure. Many of you would fail if the survey is accurate. While 77 per cent of those questioned believe they are knowledgeable about cyber security, only 16 per cent could identify the majority of six cyber terms correctly. Nearly two-thirds could not identify the term “phishing”, which is an email designed to trick a person into clicking a link or opening an attachment in order to steal information or install malicious software. Similarly, two-thirds couldn’t identify the term “pharming,” the fraudulent practice of directing you to a bogus website that looks like a real one.
OK, knowing the slang name of a con may not be important, but knowing the signs of fraud is. Here are tips from the bank:
- Know your contacts: Remember that the government, your bank, or other businesses will never ask you for your password or PIN. And your uncle, co-worker or best friend likely isn’t asking for confidential details from you either.
- Look closely: Are there spelling and formatting errors in the email? When you hover your mouse over the link that’s included in the email, does it look valid? Are they addressing you by name, or simply “Dear Customer?” These are some tell-tale signs an email is fake.
- When in doubt, phone: If you’re not sure if an email, text or phone call is legit, call the company directly – using a number you trust — and ask if they’ve been trying to reach you.
Speaking of phishing, Trend Micro issued a warning this week about a sophisticated two-step campaign it’s seen in Canada: After hijacking an email account, the attacker looks for a conversation between the victim and another person. Then the attacker sends an email looking like it came from the second person with a malicious link as part of that message stream. In other words, the email with the malicious link doesn’t come out of the blue. Rather, it looks like it’s coming from the person in the message thread. That way the victim may be more likely to click on the link. This is why it’s so important to do everything slowly when you’re online, including reading every email, text message and social media post you get carefully.
Watch for little things like spelling mistakes, differences in the signatures, differences in email addresses. Why should one email from your friend or cousin come from “oxnard.com” and another a few minutes later from “ladyfinger.org?” In the Canadian attack, one message mixed French and English. Attackers are also getting smarter. It used to be a suspicious attachment file name was a garbled mix of letters or nonsense name like “ladyfinger.doc”. That’s a giveaway. But in this campaign the attachment file name may include your company’s name, to look authentic. Don’t be fooled.
Finally, this week Microsoft issued its monthly patches for Windows. Make sure you’ve got the latest updates. And, if you use What’sApp on a smartphone, make sure it’s the latest version. A vulnerability in older versions of the app could be used by an attacker to hijack the app by getting the user to answer a video call. This bug has been fixed in the latest Android and iOS versions.
Thank you, itworldcanada.com for the cyber security safety measures.
Cyber Security Awareness is the first step in defending your business and its data. Make sure you have the tools as well as the knowledge to successfully fend off the cyber threats. Call CITON to help you create a defense plan.
A backup is a copy of your data; a disaster recovery plan is insurance that guarantees its recovery.
HOW DOES THIS IMPACT YOUR BUSINESS?
1.) Data retention requirements
Backups are typically performed on a daily basis to ensure necessary data retention at a single location, for the single purpose of copying data.
Disaster recovery requires the determination of the RTO (recovery time objective) in order to designate the maximum amount of time the business can be without IT systems post-disaster. Traditionally, the ability to meet a given RTO requires at least one duplicate of the IT infrastructure in a secondary location to allow for replication between the production and DR site.
2.) Recovery ability
Disaster recovery is the process of failing over your primary environment to an alternate environment that is capable of sustaining your business continuity.
Backups are useful for immediate access in the event of the need to restore a document, but does not facilitate the failover of your total environment should your infrastructure become compromised. They also do not include the physical resources required to bring them online.
3.) Additional resource needs
A backup is simply a copy of data intended to be restored to the original source.
DR requires a separate production environment where the data can live. All aspects of the current environment should be considered, including physical resources, software, connectivity and security.
4.) Planning process
Planning a backup routine is relatively simple, since typically the only goals are to meet the RPO (recovery point objective) and data retention requirements.
A complete disaster recovery strategy requires additional planning, including determining which systems are considered mission critical, creating a recovery order and communication process, and most importantly, a way to perform a valid test.
The overall benefits and importance of a DR plan are to mitigate risk and downtime, maintain compliance and avoid outages. Backups serve a simpler purpose. Make sure you know which solution makes sense for your business needs. (Expedient.com)
Your business’ information is valuable. Make sure it is backed up and have a disaster recovery plan to protect it. Call CITON to formulate precautionary measures for your business.