7 Cybersecurity Threats Every K-12 School Faces

7 Cybersecurity Threats Every K-12 School Faces

Ransomware. DDoS. Phishing. Identify theft.

Sadly, schools across the United States are becoming very familiar with these terms. In fact, recent research indicates that K-12 institutions will have the highest rate of ransomware attacks of any industry in the coming years.

For example, the release of sensitive student and teacher information can lead to identity theft. A hacker’s encryption of students’ grades and teachers’ lesson plans can lead to loss of productivity (especially if they are not backed up) and thousands of taxpayer dollars being spent to replicate data that is gone.

As you to turn to the 2018-19 school year, this is your opportunity to make cybersecurity a budget priority. Here are seven reasons why it’s important:

  1. Clickbait.
    The email may look legitimate but unfortunately, it is not. Embedded in the text is a hyperlink that sends you to a malicious site. This link has now taken down your school’s system.Solution: Ensure every employee has the highest email filter settings for spam, phishing and executable files. Employees should also be trained on what suspicious emails look like and always report suspected emails to the IT department.
  2. Outdated Technology.
    Your school may feel they need to hold onto computers and tablets until they break. The problem with this plan is they may not support the current operating system, which opens you up to a cybersecurity breach.Solution: Do a complete inventory of all your computer equipment. Make certain it runs iOS 11.3.1 for iPhones/iPads, macOS 10.13.4 for Mac computers and Windows 10 for PCs. For all devices that do not support these versions, disengage them from your network today. Purchase new devices to replace them before or during the next fiscal year.
  3. Not Paying Attention to Patches.
    All operating systems require patches from time to time.Solution: When your computer tells you updates are needed, complete them within a few hours. It will require a restart however, many patches have security updates within them.
  4. User Error.
    When users are allowed access to sensitive and/or confidential data, there is always a risk for exposure.Solution: Partition student, administration and public networks. Practice whitelisting which allows only a handful of individuals into the classified information, blocking nonessential personnel from that data.
  5. Allowing Weak Passwords and not having a Change Policy.
    Passwords less than 14 characters are problematic and/or not enforcing changes of the passwords can lead hackers right to your data’s door.Solution: Make strong passwords a norm, along with two-factor authentication. Provide an automated system that requires password change every 60- to 90-days.
  6. No tools.
    Its time to think of your school network, more like a bank. These financial institutions have a vault, security guards and cameras – different methods to keep your money safe. The same goes for cybersecurity. You need the right tools to keep all the data out of the hands of hackers.Solution: From Mobile Device Management to cybersecurity audit and monitoring, speak to a cybersecurity expert for a full understanding of the best tools for your school system.
  7. Vulnerability testing is nonexistent.
    Without continuous checking, hackers will continue to try and access your data. 

Solution: Initially, you need a cybersecurity organization to analyze the vulnerabilities in your network and recommend fixes. Once those solutions are in place, its vital to have 24/7 monitoring of your network to ensure your data is safe.

Start a Conversation with Axiom Cyber Solutions

We can protect your school from cyberthreats at a very reasonable cost! Give us a call at (800) 519-5070 today to learn more about our offerings!

FBI Recommends Home & Small Business Owners to Reboot Their Routers

FBI Recommends Home & Small Business Owners to Reboot Their Routers

As news has broken about the FBI’s warning to consumers and small business owners about rebooting their routers, many have reached out to Axiom to ask what do they need to do. Our advice to them is what the FBI has recommened: if you have one a cable modem or router at home, do a quick unplug/replug of the router (D-Link, NetGear, etc). The good news is the FBI has taken control of the domain that was harvesting the information so even if you were infected, the FBI is just collecting information to find how widespread the infection was (500,000 devices are suspected to be infected).

What is VPNFilter?

VPNFilter is a malware, that contains a killswitch for routers (meaning it can permanently shutdown your device) and it also could steal usernames and passwords. The infection appears to be hitting Ukraine hard but has been found in 54 countries.

Good News?

There is some good news for some users. If you have kept on top of firmware updates and changed the default credentials on your devices, you may be protected. But as we know, most of us never log in and update our cable modem’s firmware.

Axiom’s customers are protected from VPNFilter through a combination of rules that restrict access to our devices as well as addition of the known bad addresses to our blocklists.

5 Cybersecurity Obstacles Small Businesses Face

5 Cybersecurity Obstacles Small Businesses Face

I have spoken to hundreds of small business owners and general managers over the last few months about cybersecurity. Many present one or more of the following five reasons as to why they don’t have data protection in place.

Ultimately, they don’t think their data is worth stealing.

Ironically, this is exactly the attitude most bad actors hope for. With systems that are minimally secure, cybercriminals can have a heyday with your company bank accounts, confidential employee information and customer files. Roughly 50% of all small businesses who suffer a cyberattack go out of business within six months. We don’t want you to be one of them.

Let’s look at these hinderances and discover ways to overcome them.

 

Five Most Common Stumbling Blocks to Cybersecurity

 

“We have no money.”

Small or large, this is the number one hindrance I see moving forward. Most decision makers think cybersecurity solutions cost hundreds of thousands of dollars per year. They already set in mental motion either severe budget cuts in other areas or an unbudgeted approval by management needs to occur. Neither position is attractive, so nothing happens.

Cybersecurity doesn’t have to be expensive. Our SecureAmerica solution starts at $299 per month – giving your business the protection it needs 24/7!

 

“We backup our data regularly, so there’s no risk.”

Really? How regularly – every transaction, once a day or a few times per month? Regular backups will allow your business to limp along after you install new operating systems, applications and put new passcodes on everything. This can take days, if not weeks to complete.

But the fact is, your data has been stolen and encrypted. Depending on the number of records and sensitivity of that information, you may have to pay ransomware to get the records back, which will also impact your budget.

Our solution monitors your network for any vulnerabilities, phishing or scraping attempts, and stops ransomware attempts before they happen.

 

“We have malware protection on each device, so we’re covered.”

While this is certainly important, it isn’t enough. Bad actors are smart and constantly trying to find ways to enter your system. In addition, many of them roam around your servers for days or months before they retrieve anything, which makes your systems all that more vulnerable. Malware protection is a piece, but it isn’t the entire solution.

We offer complete protection of your entire network, down to the device level.

 

“We’re too small to be hacked.”

87% of small businesses don’t think they will ever be hacked, yet 50% of them are. No one is too small. If you have a business that interacts with clients, vendors and employees, you can be a victim.

Bottom line: Every business needs cybersecurity.

 

“Our IT guy is handling our cyber protection.”

Is he really? How much has he been trained on cybersecurity? How will he be able to detect a breach? How soon can he detect it? These are the hard questions you should be asking. IT “guys” are good at installing and managing your systems, but without the proper tools, they can be in the dark about a data breach as much as you are.

 

Axiom Cyber Solutions Has You Covered

Our SecureAmerica Threat Defense Platform takes in multiple open and closed source threat feeds daily. It is built on Artificial Intelligence and Machine Learning to not only parse the latest threats but predict future ones as well.

With a low monthly subscription cost, you can have a complete cybersecurity package. Give us a call at (800) 519-5070 or send an email to info@axiomcyber.com for more information.

 

Shannon Wilkinson, President of Axiom Cyber Solutions, selected as the 2018 Las Vegas Women in Technology – Cybersecurity Award Winner

Shannon Wilkinson, President of Axiom Cyber Solutions, selected as the 2018 Las Vegas Women in Technology – Cybersecurity Award Winner


On Saturday, April 28th, President of Axiom Cyber Solutions, Shannon Wilkinson (far left), was selected as the 2018 Las Vegas Women in Technology – Cybersecurity award winner.

“I am incredibly honored to receive the inaugural Las Vegas Women in Technology for Cybersecurity award. Three years ago, I started Axiom Cyber Solutions with the best business partner I could ask for, my husband, Troy. I also want to thank my parents for always supporting me and not batting an eye when I told them that I wanted to run off to join a United Nations peacekeeping mission after I graduated from UNLV. Lastly, I’d like to dedicate the award to the future of technology – our three young daughters who have already started showing an extreme interest in technology and thank the community for their support of education for girls in technology,” said Shannon Wilkinson.

The Las Vegas Women in Technology Awards recognizes the women working in and changing the face of the technology community in Las Vegas

 

As President of the Las Vegas Women in Technology award program from the Las Vegas Community Tech fund I want to personally congratulate you on your award!  The technology community of Southern Nevada “has spoken” and they choose you for all your hard work, progress and great achievements in technology.

Lori Nguyen, Las Vegas Women in Technology Awards

The Las Vegas Women in Technology Awards accepts nominations from the community for for the following categories:

  • Technology Woman of the Year
  • Technology Woman Entrepreneur
  • Technology Woman for Community Service
  • Technology Woman Mentor
  • Technology Woman Rising Star
  • Technology Woman for Gaming & Hospitality (New 2018)
  • Technology Woman for Cybersecurity (New 2018)

In addition to honoring professional women, the awards also recognizes outstanding local students in coordination with the National Center for Women & Information Technology (NCWIT) for Aspirations in Computing, Collegiate, and Educator awards.

Shannon Wilkinson, President of Axiom Cyber Solutions, Selected as Top 100 Women of Influence by MYVegas Magazine

Shannon Wilkinson, President of Axiom Cyber Solutions, Selected as Top 100 Women of Influence by MYVegas Magazine

For the second year in a row, President of Axiom Cyber Solutions, Shannon Wilkinson, has been named to the Top 100 Women of Las Vegas by MyVegas Magazine. MYVegas Magazine polls over 100,000 of its readers to find the Top 100 Women in Las Vegas each year.

These women come highly recommended by our readers and our community! There’s no shortage of fabulous females in the Las Vegas Valley, so ranking among the Top 100 Women of the Year is an extraordinary honor and sought-after accolade. – MYVegas Magazine

Shannon Wilkinson stated “I am very honored to have been nominated and selected as one of the Top 100 Women of Las Vegas. To see the outstanding line-up of other women being honored, I am humbled to be included in the list for 2018.”

MYVegas Magazine is available for free around the community or a free copy can be requested from their website www.myvegasmag.com

MYVegas Top 100 Women 2018

Why Threat Intelligence is Not Always Intelligent

Why Threat Intelligence is Not Always Intelligent

The primary purpose of threat intelligence is to help organizations understand what kind of threats they may face, zero-day attacks or exploits. The problem that exists for many organizations about threat intelligence is that there can be so much information coming at them, so much information to act upon, but no time or resources to shift through it, much less apply it to the company’s cybersecurity defense and/or strategy.

Threat intelligence that doesn’t do anything is not that intelligent.

Brent Watkins, FBI Special Agent (Retired), Axiom Cyber Solutions Head of Business Development

There is a real issue with cybersecurity alert fatigue. It is such a problem that TechRepublic ran an article titled “Why notification overload is killing enterprise cybersecurity teams“. Cybersecurity fatigue affects 72% of organizations and part of the problem is the cybersecurity skills gap that only seems to be widening, rather than closing. Basically, the conclusion of a Bitdefender report called CISO’s Hardest Burden is that unless companies have enough personnel to deal with the incoming threat reports, they cannot improve their security.

And if cybersecurity teams, or the lone IT professional tasked with anything & everything within the organization (including cybersecurity, which is not a hobby), are overwhelmed, what does that mean for the cybersecurity defense of the organisation? Troy Wilkinson, CEO of Axiom Cyber Solutions, has frequently discussed that a company’s risk factor exponentially increases from the time that a vulnerability is disclosed to the time that a patch is applied yet still so many organizations are struggling to stay on top of their cybersecurity defense.

The result of the mismatch between the magnitude of threat data and the qualified resources needed to analyze and respond to new threats is increasingly costly and damaging data breaches across all industries from healthcare to financial services to retail and food service.

The problem with threat intelligence data is that it does require that someone in the organization to analyze and apply changes. Changes that may need to go through a strenuous and timely change management approval process which further slows down apply patches to maintain a secure cyber defense. And by the time that a change to the defense may be approved, there are thousands of other possible changes that have come through. So where does it end?

Axiom’s Polymorphic Threat Defense System

Recognizing the need to marry threat intelligence with action, Axiom Cyber Solutions developed its Polymorphic Threat Defense Systems used by both our Axiom SecureAmerica and Axiom Shield products. Axiom has curated over 100 open and closed sources of threat data to bring into our platform which allows us to currently push out over 350,000 threat data points a day to our clients. And to steal a line from “As Seen on TV”…but wait there’s more… one of the beautiful things about connecting with Axiom’s platform is that it requires no action on the part of the customer. All updates from our platform are fully automated and applied without intervention.

Threat actors are constantly evolving their tactics, methods, and connection points. It is important that we also evolve our defenses just as fast, if not faster, to ensure that we are doing our best to protect our businesses.

If you are interested in more information about Axiom’s Polymorphic Threat Defense System, please contact us or call 800-519-5070.

Cybersecurity and the Medical Field: Six Solutions You Should Implement Today

Cybersecurity and the Medical Field: Six Solutions You Should Implement Today

United States healthcare organizations, from small two-person offices to massive hospitals, need to draw their attention to cybersecurity. While many medical personnel don’t understand or think they need it, a recent report by the U.S. Department of Health & Human Services on cybersecurity disagrees.

The industry must come together to address this growing concern and this blog will give you six solid ways to do so.

 

Why Healthcare Organizations are Targeted

According to the Identity Theft Resource Center, social security numbers have the possibility of being more exposed in healthcare than any other industry.

In addition, because doctors’ offices, hospitals and suppliers are often interconnected with Electronic Health Records, once a cybercriminal breaches one system, it’s much easier to crack into others.

Unlike credit card numbers that are generally used within a few minutes to a few days of being stolen, health records are valuable to a bad actor up to ten years after they capture the data. If the patient information is sensitive in nature, it can be used a blackmail against them.

One other important note, health records are ten to sixty times more valuable on the dark web than credit card information.

 

How Bad Actors Get In

Nurses, doctors and administrators typically don’t understand data breach risks; therefore, cybercriminals access patient records in one or more of the following ways:

  1. While smart devices help diagnose and treat patients, they often have the lowest level of encryption which make them great entry points
  2. Legacy hardware that doesn’t support current operating systems and applications and software that hasn’t been upgraded and updated is another method
  3. Electronic Health Records (EHRs), that are purposefully or accidently given to the wrong individuals
  4. Patient portals that do not have end-to-end encryption

Unfortunately, even today, only 25% of all U.S. hospitals have a designated cybersecurity specialist, according to Healthcare IT News. This makes reporting and monitoring difficult.

Ignoring Cybersecurity is Risky Business

If patient data is stolen or compromised, your organization will be held accountable under HIPPA guidelines and will incur heavy regulatory fines. In addition, if enough records are exposed, your brand reputation will suffer leaving patients to possibly seek other medical options. Last, if your records are held for ransomware, you may have to pay millions of dollars for return of those records.

 

Six Effective Cybersecurity Solutions

  1. Put one individual in charge of cybersecurity.
    Whether you run a small office or a sprawling medical complex, one person needs to oversee cybersecurity. This person will set policy. They will be the conduit to others to report problems and suspected breaches.
  2. Complete a benefit/risk analysis of all connected devices.
    What is the value of each device? Is there an alternative product that offers a better cybersecurity choice? What is your BYOD policy? A complete analysis should be completed before moving to the next step.
  3. Set in place cybersecurity standards and practices.
    Once a thorough analysis of your hardware, software and network solutions is concluded, which should include virtual workers and suppliers that can tie into your network, you are armed with enough information to move forward on an effective policy. Work with outside consultants who can analyze your vulnerabilities effectively.
  4. Subscribe to updates from the Health Care Industry Cybersecurity Task Force.
    This 21-member task force is responsible for researching and making recommendations on healthcare cybersecurity initiatives. They offer best practices, on an ongoing basis, to prepare your organization against an attack.
  1. Implement a strong continuous monitoring solution.
    Effective cybersecurity starts by protecting the data that resides on the network. Failure to have 24/7 monitoring can result in data loss, ransomware and impact your brand integrity.
  2. Outsource cybersecurity.
    The funding required to hire, train and keep cybersecurity talent may simply not be available for small-to-medium medical facilities. Tack on assessment software and monitoring solutions, which can be enough to push your small IT budget over the edge, not allowing you to move forward on other needed equipment upgrades. Outsourcing handles all of the above concerns and more.

Axiom Cyber Solutions Can Protect Your Medical Establishment

We offer the world’s first polymorphic cyber defense platform that can identify the newest threats, vulnerabilities, and automatically dispatch updates in real-time. This included ransomware and DDoS mitigation, as well as, dynamic dark web protection. Contact us today to learn more about how we can protect your data today!

Healthcare Cybersecurity Woes

Healthcare Cybersecurity Woes

2018 has not gotten off to a good start in the healthcare industry cybersecurity. Still the top targeted industry, we have seen hospital groups and one of the electronic medical record companies fall to very preventable SamSam ransomware attacks.

SamSam infections are troubling

The recent attacks with SamSam ransomware is particularly concerning because it requires the attacker to be inside the victim’s computer network to manually activate the ransomware. This means that the attacker(s) who held Hancock Health, AllScripts, the Colorado Department of Transportation, and most recently at the time of writing, the City of Atlanta, Georgia ransom had remote access to the computer systems of all those organizations.

Research shows cyberattacks have lethal results

Dr. Sung Choi, a researcher at Vanderbilt University’s Owen Graduate School of Management, has found that 2,100 deaths can be linked to hospital data breaches and lack of cybersecurity protections. The reason is that breaches “trigger remediation activities, regulatory inquires and litigation in the years following a breach…” and these activities affect the performance of the facility, leading to quality issues.

Thinking to the large-scale ransomware attack on Hollywood Presbyterian Medical Center in Los Angeles in February 2016 that brought their computer systems down for weeks, when the attack was at its worst, the hospital had to divert ambulances and even transfer patients to nearby medical facilities for treatment. When WannaCry ransomware hit 16 hospitals in May 2017, at least one facility had to cancel 10 scheduled operations due to computer system outages.

So what do healthcare organizations need to do?

The first step is identifying what is on your network. It is surprising how many organizations have no idea how many computers or internet-connected devices are on their networks, much less their protection status. How can you protect your systems and data if you don’t even know where they reside?

The questions “Do you have a firewall” and “when was it last updated” seems to catch many organizations off-guard and the all too common answer is that “I think my IT guy put one in and I’m sure he’s keeping it up to date”. But that’s not good enough. As an office manager or administrator, you need to know that you have all the protections in place not only to maintain HIPAA compliance but really because you care about your patient’s data and safety.

Contact Axiom today for a short and complimentary cybersecurity risk assessment to go over your cybersecurity strategy. Contact us or call 800-519-5070 to speak with one of our qualified cybersecurity experts.

How Data Breaches Affect Children

How Data Breaches Affect Children

Believe it or not, data breaches do affect children, even as young as infants. The worrisome aspect of recent massive data breaches is that many adults have grown immune to data breach notifications; so much so that nearly half of Americans haven’t even checked their credit following the Equifax breach. If they are not checking their own credit, you can pretty much bet that they haven’t looked into their children’s credit either.

One family of five decided to plug in their entire family’s information into the Equifax data breach checker and were surprised to see that their 7-year-old son’s information was potential stolen.

The theft of a child’s identity is lucrative to a cyber-criminal because it can remain undetected for years, if not decades. Without regular monitoring, a child’s identity that has been stolen may not be discovered until they are preparing to go to college and start applying for student loans or get their first credit card. By then, the damage is done and the now young adult will need to go through the pain of proving that their identity was indeed stolen.

It may be surprising to many but a 2011 report found that children are 51% more likely to be the victim of identity theft than an adult. It was found that one of the victims was only five months old and another teenager had over $700,000 in debt in their name.

And this tax season, cybercriminals on the DarkWeb have been caught selling the social security numbers of infants for just $300 per social to be used on fraudulent tax returns. While data on children has been on sale for many years, this is the first believed case where hackers are specifically targeting newborns and “fresh” social security numbers.

So, what can parents do to protect their children and their credit?

The first step would be to treat your children’s social security numbers just as carefully as you would treat your own. Do not provide it to anyone unless absolutely necessary (doctor, school, accountant). And if you have a teenager, teach them how to be responsible with their social security number as well.

Secondly, if you have reason to believe that your child’s information may have been stolen, you as a parent are allowed to request to see if your child has a credit report and secondly, if they do, by request you can also put a credit freeze on their report.

Image Credit – Freepik

Beware Tax Season Scams

Beware Tax Season Scams

Tax season is upon us again and the hackers have been busy with a slew of old and new tricks to try to steal tax refunds. Here are some of the new and old tricks that hackers are employing this tax season and some tips on how you can avoid being taken advantage of by cyber-criminals.

A New Twist to an Old Game

Who wouldn’t be happy to get a bunch of money deposited in their bank account by surprise from the IRS?! Unfortunately for us, the IRS is not just giving us all money and it is a new elaborate scam by hackers to try to swindle you and the IRS out of money. Hackers are using your personal information to file a fraudulent tax return on your behalf but also having it deposited in your bank account. Then they fall back to their old scam of calling or emailing you, claiming to be the IRS and demanding that you send the money back.

Thanks, Equifax…

Due to the massive Equifax data breach, the IRS is expecting a huge uptick in the number of fraudulent filings. To try to help combat some of the fall-out, each employer has been assigned a special Employer Code that is found on the W-2 form to try to make sure that fake W-2s are not used to file claims.

The IRS also has encouraged everyone to try to file their claims as quickly as possible as to not allow hackers a chance to put in a fake claim before you do. If two (or more) claims are filed with your social security number, the IRS will notify you by snail mail (The IRS does not email or call).

If you try to eFile and a claim has already been filed, your claim may be rejected and you will need to contact the IRS (also because of the Equifax data breach, contact the FTC).

Even Children are Affected…

A worrisome discovery this tax season has been the sale of infant and child personal information on the Dark Web. Hackers even are eliciting sale of the information by advertising that it is tax season and buyers should get the information before it is used. The troublesome aspect of having children’s personal information for sale on the Dark Web is that very few parents actually monitor the credit of their youngsters and they may not discover a fake identity for years or even 16-17 years down the road when the child is grown and starts applying for college or credit.

The ol’ W-2 Phishing Scam

Despite IRS warnings and tons of news the past couple of years, hackers are still tricking businesses into sending their employee records. A few years ago, the IRS warned companies of falling for the W-2 scams but despite the continued warnings, businesses (and even government offices like the City of Keokuk,Iowa and Batavia, Illinois) are still falling for phishing scams posing as the company CEO or executives asking for employee summaries and W-2’s.

Employees may be your business’ greatest weakness but they also can be your greatest defender if you take the time to educate them. Inform your employees who have access to sensitive employee data about these types of scams. Don’t just assume that they know.

Teach your employees how to identify phishing scams and when it comes to sharing sensitive data, you can encourage them to seek verbal approval from the requestor. Even though scammers state there is extreme urgency in receiving the response, getting a verbal confirmation from the sender is the best way to protect sensitive information (the same goes for urgent requests for wire transfers to the Finance Department!)

Lastly, sensitive employee data should never be transmitted unencrypted (even if it’s thought to be internal).