Viewing entries tagged
Network Security

Does a SMB need a Network Firewall?

Comment

Does a SMB need a Network Firewall?

Many times when working with new SMB's and reviewing their network infrastructure, we will ask "Do you have a firewall" and sometimes the answer is "I don’t think so” “Do I need one”. After investigating, we see the router, and then the discussion begins, ISP Router firewall, software firewall and hardware firewall capabilities..

It's important to use at least one type of a firewall , whether hardware, software or a combination of both. Firewalls are important components that help protect the organization from unauthorized access to its systems. There are other security measures, like anti-virus software, encryption and intrusion detection/prevention systems, that help combat a variety of threats.

However, a firewall is the “first line of defense” because it can be used to secure access to the network and to stop malicious attacks. A firewall that is designed and operated with security in mind will help prevent attacks from occurring by restricting certain types of traffic that could result in unauthorized access.

Simply, a firewall (selective) allows traffic based on selected criteria such as source or destination IP addresses, for instance. A firewall (non-selective) denies all traffic not in the log of approved applications.

So to answer the question: Yes, as a best practice for network security and data protection a firewall is recommend for all SMBs.

With cyberattacks and data breaches increasing at an alarming rate, without firewall security, it will leave your business vulnerable to a cyberattack.

Comment

Social Engineering Inboxes and VoiceMail

Comment

Social Engineering Inboxes and VoiceMail

Email Threats

Social engineering is non-technical, malicious activity that exploits human interactions to obtain information about internal processes, configuration and technical security policies in order to gain access to secure devices and networks. Such attacks are typically carried out when cybercriminals pose as credible, trusted authorities to convince their targets to grant access to sensitive data and high-security locations or networks.

An example of social engineering is a phone call or email where an employee receives a message that their computer is sending bad traffic to the Internet. To fix this issue, end users are asked to call or email a tech support hotline and prompted to give information that could very likely give the cybercriminal access to the company’s network.

 Phishing Email Compromises

One of the most common forms of social engineering is email phishing—an attempt to acquire sensitive information such as usernames, passwords and credit card data by masquerading as a trustworthy entity. Phishing is likely the #1 primary email threat employees need to focus on.

 Such emails often spoof the company CEO, a customer or a business partner and do so in a sophisticated, subtle way so that the victim thinks they are responding to a legitimate request. The FBI says CEO (or C-level) fraud has increased 270 percent in the past two years with over 12,000 reported incidents totalling over $2 billion dollars in corporate losses.

 Among the reasons these scams succeed are the appearance of authority—staffers are used to carrying out CEO instructions quickly. That’s why phishing can be so easy to fall victim to.

RSA Conference, “How a Security CEO Fell Prey to Scammers (Almost),” 3/3/2016: http://www.rsaconference.com/blogs/security-ceo-scammers#sthash.egMiB2xW.dpuf

 

Comment