Name: MPG online
Price range: $$

10 Cybersecurity Tips for Small Businesses

July 14, 2022David MarchCyber SecurityAtlanta Computer Consultants, Atlanta IT outsourcing, Atlanta IT Services. Atlanta IT Support, Atlanta Managed IT services, Atlanta Managed services, Atlanta VOIP, Backup and Disaster Recovery Atlanta, Cloud Computing Atlanta, Cloud Services Atlanta, Facebook, Google, Help Desk Support Atlanta, IT consultant Atlanta, IT Outsourcing Atlanta, it services, IT Services Alpharetta, it services atlanta, IT Services Canton, IT Services Cartersville, IT Services Dalton, IT Services Marietta, IT Support Alpharetta, IT Support Atlanta, IT Support Canton, IT Support Cartersville, IT Support Dalton, IT Support Marietta, Managed IT Security Atlanta, Managed IT Services Atlanta, Managed Security Atlanta, Managed Services Atlanta, microsoft, Microsoft Office 365, Network Services Atlanta, Network Support Atlanta

Cybersecurity Tips for Small Business

The Internet allows small businesses new customers and work more efficiently by using computer/web tools. Whether a small business is going to use cloud computing, email or maintaining a website, cybersecurity should be a part of the plan.

Broadband and IT hardware are important factors in small businesses to increase productivity and efficiency. However, businesses need a cybersecurity strategy to protect their own business, their customers, and their data from growing cybersecurity threats.

Train employees on basic security principles: Establish basic security practices and policies for employees, such as requiring strong passwords, and establish appropriate Internet use guidelines. Establish rules of behavior describing how to handle and protect customer information and other vital data.
Passwords and authentication: Businesses should require employees to use unique passwords and change passwords every three months. Also consider implementing multi-factor authentication that requires additional information beyond a password to gain entry. Check with your vendors/banks/cloud accounts to see if they offer multi-factor authentication for your account.
Protect information, computers, and networks from cyber attacks: Have the latest security/antivirus software, web browser, and operating system are the best defenses against viruses, malware, ransomware, and other online threats. Set antivirus software to run daily scans.
Limit employee access to data and information, limit authority to install software: Employees should not have access to all data on the systems. Employees should only be given access to the specific data systems that they need for their jobs and should not be able to install any software without permission.
Create a mobile device action plan: Mobile devices can create significant security problems for small businesses, especially if they hold confidential information on them. Require users to password-protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
Employ best practices on credit cards: Work with banks or processors to ensure the most trusted and validated tools and anti-fraud services are being used. Isolate payment systems from other, less secure programs and don’t use the same computer to process payments and surf the Internet.
Make backup copies of important business data and information: Make regular backups the data on all computers. Critical data includes word documents, spreadsheets, databases, financial files, human resources files, and accounting data. Backup data automatically if possible, or at least weekly and store the copies either offsite or in the cloud.
Secure your Wi-Fi networks: If you have a Wi-Fi network at your small business, make sure it is secure, encrypted, and hidden. To hide your Wi-Fi network, set up your wireless access point or router, so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router. If you allow access to customer create a “Guest Wi-Fi” not on your internal network for these users.
Provide firewall security for your Internet connection: A firewall prevents hackers from accessing data on a private network. Make sure the operating system’s firewall is enabled or install a hardware firewall at the demac. If employees work from home, ensure that their home system(s) are protected by a firewall.
Control physical access to your computers and create user accounts for each employee: Prevent access by unauthorized individuals to your small business computers and hardware. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.

If you are looking for IT support for your company, please give MPG online a call at 678-824-5990 today and let us help you or click here to learn more IT Support.

What is a Managed Service Provider (MSP)?

David MarchJuly 7, 2022Managed IT Services

What is a Managed Service Provider Managed Service Providers are increasingly being turned to...

Website Browsing is it Really Private?

David MarchJuly 7, 2022Quick Tips

Private web browsing in a nutshell! Other users of your device won’t see your history. ...

North Korean State Sponsored Hackers Target US Health Providers With ‘Maui’ Ransomware

adminJuly 7, 2022Cyber Security

(CISA), The (FBI) and the Department of the Treasury (Treasury) have released a joint Cybersecurity...

North Korean State Sponsored Hackers Target US Health Providers With ‘Maui’ Ransomware

July 7, 2022adminCyber SecurityAtlanta Computer Consultants, Atlanta IT outsourcing, Atlanta IT Services. Atlanta IT Support, Atlanta Managed IT services, Atlanta Managed services, Atlanta VOIP, Backup and Disaster Recovery Atlanta, Cloud Computing Atlanta, Cloud Services Atlanta, Facebook, Google, Help Desk Support Atlanta, IT consultant Atlanta, IT Outsourcing Atlanta, it services, IT Services Alpharetta, it services atlanta, IT Services Canton, IT Services Cartersville, IT Services Dalton, IT Services Marietta, IT Support Alpharetta, IT Support Atlanta, IT Support Canton, IT Support Cartersville, IT Support Dalton, IT Support Marietta, Managed IT Security Atlanta, Managed IT Services Atlanta, Managed Security Atlanta, Managed Services Atlanta, microsoft, Microsoft Office 365, Network Services Atlanta, Network Support Atlanta

Maui Ransomware

(CISA), The (FBI) and the Department of the Treasury (Treasury) have released a joint Cybersecurity Advisory (CSA), showing North Korean state-sponsored cyber actors are using the Maui ransomware to target Healthcare and Public Health (HPH) Sector organizations in the US.

The North Korean state-sponsored hackers used Maui ransomware to encrypt servers responsible for healthcare services. The servers contain electronic health records services, diagnostics services, imaging services & intranet services. Please see the following alert(AA22-187A) summary and technical details Advisory.

Technical Details

Maui ransomware (maui.exe) is an encryption binary. According to industry analysis of a sample of Maui (SHA256: 5b7ecf7e9d0715f1122baf4ce745c5fcd769dee48150616753fec4d6da16e99e) provided in Stairwell Threat Report: Maui Ransomware—the ransomware appears to be designed for manual execution [TA0002] by a remote actor. The remote actor uses command-line interface [T1059.008] to interact with the malware and to identify files to encrypt.

Maui uses a combination of Advanced Encryption Standard (AES), RSA, and XOR encryption to encrypt [T1486] target files:

Maui encrypts target files with AES 128-bit encryption. Each encrypted file has a unique AES key, and each file contains a custom header with the file’s original path, allowing Maui to identify previously encrypted files. The header also contains encrypted copies of the AES key.
Maui encrypts each AES key with RSA encryption.
- Maui loads the RSA public (maui.key) and private (maui.evd) keys in the same directory as itself.
Maui encodes the RSA public key (maui.key) using XOR encryption. The XOR key is generated from hard drive information (\\.\PhysicalDrive0).

During encryption, Maui creates a temporary file for each file it encrypts using GetTempFileNameW(). Maui uses the temporary to stage output from encryption. After encrypting files, Maui creates maui.log, which contains output from Maui execution. Actors likely exfiltrate [TA0010] maui.log and decrypt the file using associated decryption tools.

See Stairwell Threat Report: Maui Ransomware for additional information on Maui ransomware, including YARA rules and a key extractor.

At the time of this post CISA does not know the identity of the actors and are requesting reporting of any incidents to your local FBI field office. In the mean time CISA recommends the following actions to “mitigate” ransomware attacks.

Limit access to data by deploying public key infrastructure and digital certificates.
Use standard user accounts on internal systems instead of administrative accounts.
Turn off network device management interfaces such as Telnet, SSH, Winbox, and HTTP for wide area networks (WANs).
Secure personal identifiable information (PII)/patient health information (PHI) at collection points.
Protect stored data by masking the permanent account number (PAN).
Secure the collection, storage, and processing practices.
Create and regularly review internal policies that regulate the collection, storage, access, and monitoring of PII/PHI.

If you are looking for Malware/Ransomware help for your company, please give MPG online a call at 678-824-5990 today and let us help you or click here to learn more about our Malware Protection.

Acknowledgements

CISA, Stairwell

2 Columns

Technical Details

Acknowledgements

2 Columns