With widespread news of security concerns, reassurance that your company's solutions are secure is imperative. Awareness of these security issues is one way to protect your business and keep it from happening to you. On Friday, July 2, There was a cyber attack involving Kaseya which is a software tool used to manage servers and computers.
The same group that hacked the JBS meat processing plants in early June exploited a vulnerability in Kaseya’s software in an attempt to hold computers and server’s ransom. This is the second incident of this kind of software being taken advantage of with the SolarWinds event in December 2020 being the first.
Attacks on RMMs
Remote Monitoring and Management (RMM) tools like Kaseya and SolarWinds are one of the most secure ways to manage patches and devices, but they are becoming a target for bad actors wishing to exploit others for financial gain.
At Thriveon, we do not use Kaseya or SolarWinds, so there has been no risk to our clients from these events.
That said, we are mindful that we are not completely immune to these types of illegal attempts which is why ardent planning and monitoring is a core function of our business to serve our client base. We work to get ahead of any issues in case there comes a day a software tool that we use might become a target.
Preventing Security Attacks
To help avoid becoming a victim of these attacks, it’s vital to put multiple layers of security in place and invest in next-level protection with things like multi-factor authentication. Pushing a code to a second device helps to authenticate and protect your account information. Securing your devices and accounts at the jump helps to provide an early adoption of next-level protection. At Thriveon, we internally follow the security measures we recommend to our clients to ensure your security.
Identify and Quarantine
As mentioned, a core business function of ours is to proactively monitor and identify potential risks and mitigate them before they become an issue. We invest in the highest level of protection to proactively pinpoint malicious behaviors and quarantine software and files at the onset of any suspicious activity. We’re constantly working day in and day out to take all risks off the table. During this compromise of Kaseya, our protection systems immediately identified and blocked this attack, prior to it being publicly released that it was occurring.
Security Best Practices
We know that the security landscape will continue to evolve, and we are dedicated to staying up to date on the latest in cybersecurity. Following security best practices is a pertinent element to any Managed IT Service provider, so make sure your provider is clearly aligned with following them.
Is your business at risk of an attack?
Ask your IT Group the following two questions:
- What are you doing to protect our business?
- What cybersecurity frameworks are you practicing and being audited on?
A solid IT firm is implementing new security initiatives every quarter so you can take comfort in knowing that their cybersecurity house is in order. We, at Thriveon, consistently audit and communicate best practices quarterly to our clients, so you’ll always be on top of the changes and updates needed to your technology solutions.
Helpful Security Hints
- Have Cyber Insurance: This will help you to financially recover from an attack
- Provide ongoing security and phishing training
- Make updates to anti-malware, computer operating system and firewalls
- Be overly cautious with odd emails and links and attachments in emails: Check the spelling of email addresses and links by hovering your mouse over it
- Implement Click Protection so if you or your team happens to click on a bad link, it is less likely to hijack your system
- Have unique complex passwords for every login. Easily track this by using a Password Manager
- Call to verify ACH payment requests the first time or if there is a change
- Do not click on any suspicious attachments in emails
- Do not click on web page advertisements: These can download malware
- Do not add your contact information, potential password recovery answers or bank account details to your social media or other public sites
- Do not save or store passwords on your web browser or computer
- Do not keep a company list of passwords
- Do not use public Wi-Fi
- Do not use public computers
In 2016, Thriveon secured the Security Trustmark through CompTIA which follows the Federal cybersecurity framework for meeting regulations for the Department of Defense, Financial and Healthcare. We also have regular 3rd party auditing performed to keep our systems in check. Read about the Thriveon difference through our Thrive On IT pathway.
Thriveon is offering a complimentary Technology Audit to discuss and explore common issues that might be making your business less secure and less productive. Thriveon will comb through your technology solutions, both hardware and software to pinpoint potential areas of improvement and aid fill the gaps.
Protect your bottom line and your data. Watch our webinar: The Business Leader's Role in Cybersecurity for the Modern Workplace on-demand now