Cybersecurity – Page 4 – Axiom Cyber Solutions

National Cyber Security Awareness Month: Our Shared Responsibility

From data breaches affecting multi-million dollar corporations to ransomware targeted at the health-care industry to the real-life repercussions of insulin pump hacking, cybersecurity threats are everywhere. Emphasized by both the current President and both major political party nominees as well as the director of the FBI, it is apparent that cybersecurity is a serious concern for the nation.

Because of these impending threats, it is important for awareness of cybersecurity to be a nationwide occurrence. This October marks the thirteenth year of celebrating National Cyber Security Awareness Month (NCSAM). Created by the National Cyber Security Alliance (NCSA) in collaboration with the Department of Homeland Security’s National Cyber Security Division (NCSD), the observance of this month has grown both in popularity and in importance.

In addition to being the thirteenth year of the month’s observance, it is also the sixth year of the STOP. THINK. CONNECT. campaign. This campaign is a movement to promote simple cyber-awareness for all individuals which they can use every single time they access the Internet. The steps are quite clear:

STOP: make sure security measures are in place. THINK: about the consequences of your actions and behaviors online. CONNECT: and enjoy the Internet.

The STOP. THINK. CONNECT. campaign is the focus for the first week of National Cyber Security Awareness Month, with the subsequent weeks’ topics including harboring a cybersecurity culture in the workplace, recognizing and combating threats, examining the future of tech and IT security, as well as emphasizing the importance of critical infrastructure. While it is important for individuals to be cyber-aware, it is equally if not more important for businesses to know their risks as well.

All Businesses Need Cybersecurity

Different things come to people’s minds when they think about cybersecurity in relation to business. For some, they think of the statistics surrounding small-to-medium-sized businesses such as how 71% of cyber attacks target SMBs. For others, the data breaches of major corporations such as Target and Sony come to mind. In reality, all of these entities have a dire need for cybersecurity. There is no silver bullet when it comes to securing cyber defenses, however, so it is important for companies of all sizes to put in place multiple layers of protection against threats. Some key precautions that need to be implemented regardless of size or industry of a business include:

Anti-virus Protection—Utilizing an anti-virus software is one of the most basic ways to protect a company’s computers and system. A strong anti-virus software is necessary in order to detect and remove viruses before they harm your system.
Firewall Implementation—Use of a firewall helps secure your network from cyber attacks by preventing them from accessing your system in the first place. Though there are both software and hardware options when it comes to firewalls, for businesses, it is recommended that hardware firewalls, especially Next-Generation Firewalls, be used since these protect whole systems compared to their software cousins that only protect the individual computer on which they are installed.
Network Monitoring—Network monitoring, be it performed internally or provided externally through a cybersecurity partner, is a crucial aspect of cybersecurity defense. This service notifies the network administrator of any oddities such as intrusion detection and overloaded servers, which can help them to fix these issues quickly. Simply setting up cybersecurity will not be enough, these defenses need to be monitored often so that a company knows where its weaknesses lie.
Employee Education—While employees are often a company’s greatest asset, they can also be its greatest cybersecurity threat. Malicious actors do make up a large portion of the threat, however, a major, fixable component is a lack of employee knowledge. The easiest way to fix this is to have company-wide training on various cyber-threats including phishing, able to trick nearly a third of employees, as well as ransomware threats. These two cybercrimes are the most egregious according to the FBI and are increasingly becoming their focus in the fight against cybercriminals, so it is especially important to educate employees in these areas. By educating employees, a company can both strengthen their cybersecurity defenses, as well as empower their employees to be more accountable for their behavior online.

Our Shared Responsibility

The major theme with National Cyber Security Awareness Month is the idea of a collective accountability when it comes to cybersecurity defenses. We are all connected through the Internet, and because of this, the NCSA emphasizes that it is our shared responsibility to protect this shared resource. This sentiment cannot be better summarized than by the following quote,

No individual, business or government entity is solely responsible for securing the Internet. Everyone has a role in securing their part of cyberspace, including the devices and networks they use. Individual actions have a collective impact and when we use the Internet safely, we make it more secure for everyone. If each of us does our part—implementing stronger security practices, raising community awareness, educating young people or training employees—together we will be a digital society safer and more resistant from attacks and more resilient if an attack occurs.

If you would like to find out more about National Cyber Security Awareness Month, please visit https://staysafeonline.org/ncsam/ to learn more about how you can get involved. If you would like to enhance your own cybersecurity defenses, regardless of the size of your company, please contact Axiom Cyber Solutions to see how our managed cyber solutions can help you get and stay secure.

Hailey R. Carlson | Axiom Cyber Solutions | 10/07/2016

Image Source

Cybersecurity Skills Gap: Will it improve or widen further?

There is a fast approaching shortage of workers in the workforce across a multitude of industries—and while many think of the healthcare industry as being the most threatened by this shortage as there has been a recent lack of future qualified nurses, there is an alarm being sounded by the cybersecurity industry for fear of the same thing happening within it as well. As the number of cyber threats facing internet users globally increases daily, so does the demand for qualified individuals to combat these risks. While demand for cybersecurity jobs is expected to grow by 53% over the next two years, there are not enough adequately qualified people expected to be available to fill all of these positions. This is what is known as the cybersecurity skills gap.

As of March of 2015, there were more than 209,000 cybersecurity jobs in the US that went unfilled and the number has grown drastically since then. Most experts believe this to be caused by a lack of interest by future workers, meaning that not only is there a lack of attention towards this industry among college-aged students who are not picking cyber-related majors such as Computer Information Systems and Computer Science, but K-12 children as well. In an attempt to increase interest, there are programs such as STEM (science, technology, engineering, and math) that are designed to peak a young tech guru’s curiosity about the possibility of pursuing a career in the IT industry. While some may be interested in a career in cybersecurity, not everyone who tries is adequately qualified for the position which they are applying; for this reason, experts in the field are divided on whether or not the cybersecurity skills gap will improve or be widened further.

Will the gap improve or widen further?

Experts are torn on their opinions as to whether or not the cybersecurity skills gap will be improved or widened in the coming years.

Those who believe that there is no hope for the industry’s workforce to improve argue that while many people may be applying for IT jobs, they are not properly qualified for these positions. Sixty-seven percent of IT professionals do not have any certification that would make them qualified for their jobs—they must simply learn while they are on the job. These naysayers also argue that most of the executives that prioritize cybersecurity are only CIOs and senior IT leaders, prioritizing the threat about 73% compared with CEOs and CTOs who reportedly only consider security approximately 55% of the time on average between the two positions. The experts on this side of the issue believe that if these high ranking executives don’t take the threats that face their companies seriously, how can the gap be improved properly?

Those who believe that the gap will be decreased have two main approaches to improving the industry’s lacking workforce. First, is a people-centric approach that focuses on training our next generation of workers in cybersecurity skills. This requires teamwork between industry professionals and higher education establishments who must not only share the responsibility, but are required to have a cohesive action plan. In May of 2016, IBM security professionals volunteered their time to teach at the University of Warwick to discuss things like security solution design processes as well as endpoint security among others. By educating those interested in a career in IT, the gap will surely be lessened over time.

The second approach that supporters of the skills gap being closed might utilize, primarily as a backup plan (for now), is the use of cybersecurity robot workers. This approach is a little bit less conventional because though it fulfills the needs of companies to have qualified workers, it negatively impacts unemployment rates, so many experts favor the people-centered approach over this one.

Important Cybersecurity Skills Needed

There are many traits that a qualified cybersecurity professional should have, but among the most important of these are (1) intrusion detection, (2) secure software development, and (3) attack mitigation. These are the three essential skills that will aid the cybersecurity industry in lessening the gap in qualified workers. “These skills were in greater demand than softer skills, such as the ability to collaborate, manage a team, or communicate effectively,” reports a researcher with the Center for Strategic and International Studies. While this may contradict what some people have previously thought, knowledge of these three main skills will ensure properly educated workers are placed in positions for which they are appropriately capable of fulfilling.

Because of its unpredictability, it is hard to say just exactly who will be right about the cybersecurity skills gap; however, peaking young people’s interest early and utilizing team work to bring together higher educators as well as industry giants might help for this gap to be lessened in the near future. If you are interested in a career in IT, visit us at https://axiomcyber.com/ to learn more about a small-business-centered cybersecurity career.

Hailey R. Carlson | Axiom Cyber Solutions | 9/23/2016

Image Source

S.T.E.M Careers: Growing Towards the Future

S.T.E.M. Education

Many people have heard of the STEM program but not everyone knows exactly what it entails. STEM is a curriculum based on the idea of educating students in four specific and critical areas — science, technology, engineering, and math — however, STEM does not separate these subjects to be taught individually, rather they are integrated into a cohesive program that teaches the subjects together as compliments to one another. One key point that the program is praised for is its use of real-world applications to train these students for their future careers — making it one of the most successful programs resulting in some of the best-prepared students facing the workforce upon graduation.

More often than not, people think of high school or even college as the starting point for such technical and complex education to begin, but many schools have incorporated STEM into classes to some degree from kindergarten on up through high school! Of course, it is much more basic at the lower grades, but by including it in the curriculum in students’ education from the beginning and adding to it incrementally as they grow, students will be much more interested in the subjects included in STEM. In addition to this, they will be able to notice the correlation between these subjects, which will possibly result in higher numbers of these individuals choosing STEM-related careers. As you can see to the left, 58% of people currently working in STEM decided on this career path prior to graduating high school, meaning that early teaching is critical in creating future workers interested in STEM.

S.T.E.M. Careers

STEM is the second fastest-growing industry, second only to healthcare, with an expected 8.6 million jobs available in the field by 2018. Not only are graduates of STEM-related majors some of the highest paid young professionals right out of college, but they also get those high-paying jobs rather quickly following graduation. While these facts may be enticing, it is important for individuals to know about some of the potential successful careers they could have in their main area of interest when it comes to STEM.

Science & Engineering

Science and engineering careers are the most related when it comes to the workforce and make up 6 of the top 10 careers in STEM including civil engineering, environmental engineering technology, nuclear engineering technology, computer engineering (also related to technology), petroleum technology, and marine sciences. Among the requirements for these careers are strong problem solving skills, chemistry, basic math skills, and deductive and mathematical reasoning.

Mathematics

Mathematics itself, while an integral element in each of these careers, is not well represented in this top 10 list, making up only one of the listed STEM jobs. Despite this face, Mathematics encompasses a multitude of industries such as statistics, actuarial sciences, economics, and more that differentiate it from its fellow STEM categories. Required skills for mathematically related jobs include deductive and mathematical reasoning, problem solving skills, and facility with numbers. If you love numbers and are interested in STEM, this might be the career path for you.

While science, engineering, and mathematics combine to make up the majority of the top jobs in STEM, technology is one of the fastest growing of these already rapidly rising industries and it affects its STEM counterparts significantly.

Technology

Advancements in existing technology, like smart-phones and computers, as well as the development of new technologies, such as IoT devices and connected car security, make it very apparent that a career in technology has a bright outlook for the future. Jobs are becoming much more technical now and require a better understanding of technology, so STEM programs have been more heavily emphasizing this segment of STEM in recent years.

Of Monster’s top 10 most valuable STEM careers, there are four related to technology: computer and information services, computer engineering (also related to engineering), computer programming, and the #1 most valuable STEM career: information technology. For these careers, there are multiple job titles including Information Security Analyst, Computer Systems Analyst, and Web Developer, among others. These jobs not only require knowledge of the latest technology, high analytical and developmental skills, and logical thinking, but a person seeking one of these jobs must be goal-oriented, passionate, and dedicated to advancing technology and growing the industry as he or she rises throughout a career in tech.

A common misconception about STEM is that it is all about the technical and analytical side of these complex careers, but STEM workers are also creators, innovators, and ground-breakers for the futures of each of their industries. Another fallacy surrounding STEM is that a student must receive traditional training and education in order to gain a successful career in STEM; however, there are alternative ways into a career in these fields.

Alternative Routes to a career in STEM

Many people may look at the training and schooling necessary to attain a STEM-related degree and think that it is not affordable for them or the resources necessary to achieve such certifications required for their future careers are out of reach; however, there are companies out there that try and alleviate these fears by offering alternative routes for those individuals who are interested in a career in technology, but choose to go a different route to get there.

Axiom had the privilege earlier this year to work with IT Works, a Tech Impact program that offers free, immersive IT training to young adults– motivated high school graduates, age 18-26 years old, who have not yet completed a Bachelor’s degree. As part of the 16-week training program, an IT Works student named William Lewis, completed a 5-week internship with Axiom and you can read about his experience interning for Axiom through IT Works here. A career in STEM is not necessarily about going to the highest ranked technology school, but being motivated enough to find your own way to where you want to be in your career, with them help of some companies out there who can get you where you’re headed.

Why S.T.E.M.?

In case you’re still on the fence as to whether or not STEM education and careers are important, the National Science Foundation has this to say on the subject:

“In the 21st century, scientific and technological innovations have become increasingly important as we face the benefits and challenges of both globalization and a knowledge-based economy. To succeed in this new information-based and highly technological society, students need to develop their capabilities in STEM to levels much beyond what was considered acceptable in the past.”

With such a revolution in science, technology, engineering, and mathematics, the modern world is in great need of such advanced, pioneering minds as those interested in having an impact on these crucial subjects.

If you’re interested in learning more about STEM careers, please contact Axiom at https://axiomcyber.com/ to speak to one of our IT professionals about a career in tech. If you are in need of a different route of gaining technological experience and qualifications, please visit http://techimpact.org/ to learn more about their available programs for innovative and motivated individuals.

Hailey R. Carlson | Axiom Cyber Solutions | 9/16/2016

Image Source

Protect Your Kids When They Go Online

Children today are amazingly advanced when it comes to technology. They are able to navigate tablets with ease—from flipping through photos to watching surprise egg videos on YouTube, kids have adapted to know exactly how to use your smartphone, tablet, or other electronic devices. In Figure 1, it is apparent that children’s competency levels in regards to tablet functions alone are extremely high—some of which they can do completely unassisted. With their high capability levels as well as the threats the internet poses to them, it is important to ensure they are using these devices safely.

Figure 1: Dubit/University of Sheffield Tablet Use Competence February 2015

As a parent, there are many conversations you’ll have with your child at some point in his or her life. And while some may be more uncomfortable than others, most all of these conversations are necessary and important to your child’s safety and overall well-being. One of the most important of these conversations, and one of the discussions that parents in general do not have much experience in delivering because of its newness, is on cybersecurity.

There are multiple topics of discussion surrounding cybersecurity safety because unfortunately, there are so many threats to people of all ages today. However, there are some key points to keep in mind when battling cybersecurity risks including device safety, web filtering and monitoring, as well as knowing about specific threats like online predators.

Device Safety

As mentioned above, toddlers and other children can navigate electronic devices with surprising ease. While this is incredible, kids do not necessarily know the threats that using these devices can pose and it is important that parents educate them and take action against these threats.

One way to combat this is by turning your devices into safe mode when children are using them. Most tablets and phones have a safe mode including Android and Apple, where you can restrict the apps, internet usage, and even length of time the device can be used in an attempt to help protect your child. By restricting what they have access to in the settings of a device, your children will be protected without you having to sit there and monitor their device usage in person. Parents have too much to juggle, and cannot always be right there with their child while he or she is using this type of device.

In addition to these measures, it is important for you to talk to your child about why they cannot access certain features on their devices. Explaining the reasons why something is not safe rather than just stating that it is in fact dangerous will help your child better understand the preventative actions you’ve taken as well as remind them to keep safety in mind when using electronic devices.

Web Filtering & Monitoring

Whether they are using tablets, phones, or some other devices, if your kids have access to the internet they are exposed to an unimaginable amount of threats. Malware and phishing are especially rampant cyber-threats for people of all ages and children often have a hard time deciphering between legitimate and fake links while online.

The internet in general is pretty scary and malicious for people of any age, let alone children. Merely misspelling a word can send you to a completely wrong address that you never intended on visiting. One way to help protect your children’s online usage is to set up parental controls through web filtering applications such as OpenDNS which gives you the ability to decide which sites your child can and cannot access. By taking this simple measure, you can stop your child from accessing websites that may have inappropriate or malicious information on them.

In addition to setting up filtering defenses, monitoring your child’s internet usage is important as well. For some children who are a little bit older, there are things like homework and social media that they use daily on the internet. But how do you know if they are doing what they are supposed to be doing while online?

One simple way is to check their internet history. While this is an effective way to see where your child has been looking online, there are some tech savvy teens and tweens that may be able to figure out how to clear their histories. In this case, you can also use a monitoring software such as SafetyWeb or SocialShield which will give you a detailed list of where your kids have gone while surfing the net.

Again, communication is key here. Talking your child about the dangers of going to unfamiliar sites as well as possibly letting them know you are monitoring their online activity will keep your child aware of their actions online and remind them of the safety threats that you are trying to protect them from.

Cyber experts tell their kids, in regards to social media security, that once they’ve posted something online, it can never truly be deleted. This helps to remind children to be careful about what they are saying. In the same vein, with regards to cyber-bullying and ‘trolling,’ they tell their children not to say anything online that they would not say face-to-face. Oftentimes, the somewhat anonymity of the internet can bring out the cruelest words from even the nicest people, so reminding your children that their words still have meaning even if they are posted online is a very important conversation to have.

Online Predators

Unfortunately, even with all of these defenses set in place, there are malicious online predators who are actively trying to get to children of all ages. Twenty-five percent of children online have been exposed to unwanted pornographic material and only 25% of children who are exposed to this type of material notify an adult about the situation.

While this is the scariest cyber-threat of them all that your children might face, this crime really only has one defense. Education. This is where the talking really needs to be serious because if predators can somehow get passed your defenses, your child needs to know how to deal with this. Let your child know that it is okay to talk to an adult about any online situation that makes them uncomfortable. In addition, make sure they know not to put out any of their important information online. This information, otherwise known as personally identifiable information, can lead these bad people directly to your child’s computer—or worse, straight to your home.

While there is no surefire way to make sure your child is safe from the bad guys on the internet, talking to them, setting up what defenses you can, and making sure that you all are keeping up to date on current threats can help to strengthen the open dialogue needed to keep families safe from the threats that the internet poses.

Hailey R. Carlson | Axiom Cyber Solutions | 9/1/2016

Image Source

Back-to-School Cybersecurity: What College Students Need to Know

“It’s that time of year again.”

Everyone is so original with their ad campaigns around this time of year. Nevertheless, August means that millions of students across the country will be going back to school. Among them, an astonishing 20.5 million university and college students will or already have started back in full force for the Fall 2016 semester in the U.S. alone. From seniors itching to graduate to wide-eyed freshmen trying to take it all in, universities are about to be jam packed with bodies eager to learn and have fun.

Amid the countless things packed in the bags of these students, a laptop, tablet, or some other sort of computer is essential for almost every single class, be it in-class or online. While the online components of college classes allow for more open communication between students, peers, and professors, there are some drawbacks to having all of these people online. Even though college-age students are generally more tech savvy than most other demographics, hackers and cybercriminals are targeting both the students and institutions alike more and more aggressively and there is a myriad of cyber threats that are trying to hurt or steal these students’ personal information.

Unsecured Public Wi-Fi Connections

While it is an incredibly convenient thing for students to be able to be connected on campus via free Wi-Fi, it could also potentially be extremely dangerous. The use of any public Wi-Fi connection, be it at the library, coffee shop, or anywhere else on or around campus, can be very risky because these networks are very rarely secured properly and consequently are a big target for cyberattack. Due of the openness of the connection, almost anyone who knows how could view what you are doing online while you’re connected.

The best way to avoid this threat is to not use unsecured public Wi-Fi. While this is a nice thought, it is not necessarily a realistic solution for all students, especially those that live on-campus. If you must use an insecure public Wi-Fi connection, make sure to not unveil any personal or financial information and only use secure, encrypted sites. Most universities do offer separate secure networks with a unique login for each student that is usually made up of either the individual’s student ID number, email address, or some other personal identifier. If your university offers such a connection, this is the best route to take.

Phishing Scams

Phishing attacks target different groups of people for different reasons. Email phishing scams that target college students are usually designed to try and steal personal information such as account names, passwords, and banking information.

The threat of phishing has been a big issue for North Carolina State University for several years now. N.C. State has seen rather targeted attacks where cybercriminals have performed reconnaissance to make their messages seem more realistic to students. Scammers have created virtually perfect copies of multiple N.C. State login pages with reference to the university and other specifics related to specific students’ involvement. With hackers working diligently to make their schemes appear legitimate, it is extremely important that students take defensive action against phishing scams into their own hands.

The first defense against phishing attacks is knowing how to identify them. If the message has an urgent request or is poorly worded, it is likely to be a phishing email. One thing that is fairly consistent in all emails of this nature is that they include a malicious link that appears to be legitimate. Students can verify the authenticity of a link by hovering his/her mouse over it. Scammers want to appear as true-to-the-original as possible, and will often use logos they find online. Examine these images to see if they are of the professional quality that your university would actually use, and this could be helpful in indicating a false sender.

The best plan of attack for combatting phishing emails is to not open any email from a strange, unrecognized source and report the incident to your university immediately so that your peers do not fall victim to this same scam.

Sextortion and Webcam Hacking

While it is pretty scary to lose your important personal and financial data, it is even more terrifying to have a cybercriminal harassing you by threatening to expose sexually explicit photos of you all over the internet unless you pay up or give them more photos. This cybercrime is called sextortion and some of its primarily targets are young people, specifically young women.

In May of this year, two students at George Mason University in Virginia reported to police that they were the victims of sextortion. Both victims claimed that their respective “sextortionists” demanded a $5,000 payment in lieu of him exposing the compromising photos online. This is a threat that the FBI says is increasingly growing and is in desperate need of being stopped.

There are a few ways to help combat this cybercrime:

Don’t send explicit photos of yourself to anyone.
Do not talk to people you don’t know personally online.
Turn off or cover your webcam when not in use—many cases of sextortion happen even if the victim has never sent out explicit photos. Hackers get into a person’s webcam and snap pictures without the target ever suspecting it. Just a piece of tape over the camera can be the difference between being safe or becoming a victim of sextortion.

Universities themselves are fighting cybercrimes like data breaches and ransomware that are targeting the student body as a whole—putting your and your classmates’ information in danger. Because of this, it is important for you to take your cybersecurity protection into your own hands. By taking a few simple steps, you can protect yourself against lurking hackers in a café, scammers trying to steal your information via phishing emails, and sextortionists who only want the worst out of you. When you protect your personal cybersecurity, you can truly enjoy the best years of your life without worrying about your personal data.

Hailey R. Carlson | Axiom Cyber Solutions | 8/25/2016

Image Source

Why is cloud security not a good thing?

With everyone moving to the cloud, internet service providers will try to sell you on a cloud based firewall. There are hundreds of companies that will scrub your traffic “in the cloud” before it comes into your business.

The benefits are obvious. No need for expensive on premise firewalls. No need for an IT professional on staff to manage, monitor and update security equipment. Your internet traffic will magically be cleansed of threats by the cloud security police and you will only receive the cleanest, purest internet traffic.

There is only one problem with this. Hackers don’t play by the rules!

Just like a traffic cop, your internet service provider directs traffic through their cloud scrubbing center and then on to you. Your internet traffic has to follow very specific routes designated by your internet provider. Hackers don’t follow red lights, yield signs or wrong way signs.

In 100% of businesses there is a router placed there by the internet service provider. This device is the internet handoff from the ISP to the business. Hackers target these devices via unique identifiers, MAC address or IP address. Even if these devices are hidden by the ISP, hackers have tools to identify them. They then attempt multiple attack schemes to gain access to this device.

If they are successful, they own 100% of the business network. Remember that you have moved your firewall into the cloud. There is no longer a firewall at your edge to protect you. Just like the gate to your castle, you can’t remove it and assume the traffic cop down the street will keep the bad guys out.

This is where Axiom excels. With our SecureAmerica® program, we provide you with a fully configured firewall for your edge. It is the first stop into the business and the last stop out. We monitor threats coming in and going out to protect your business from Ransomware, malware, intrusion attempts, cross site scripting, SQL injections, distributed denial of service attacks and many others.

The secret is in the automation we have built into the threat intelligence gathering and deployment. Axiom’s customers get updates to their firewalls every ten minutes based on real world threats that are identified by global agencies such as the FBI, Homeland Security and the IANA. Other companies wait 3 months or longer to patch holes in their firewalls, leaving them vulnerable to attack. Our proprietary update automation collects this data from trusted sources in real time and creates a firewall update via an ETL process (Extract, transform, and load). That update is checked for integrity and quality assurance and then pushed to our entire client base every ten minutes meaning our customers are on the cutting edge of protection. If a threat is detected by one of our client’s Axiom firewalls and it meets the threshold of a verified attack, the entire ETL process begins again, building a custom update that is pushed out to all of our client base within ten minutes. As our clients grow, our artificial intelligence engine will become smarter, creating a community of well protected and happy clients.

Our team of cybersecurity experts monitor clients 24 hours a day to ensure protection is up to date and none of our clients are under attack. All updates, monitoring, configuration, support, reporting and the equipment is included in our monthly subscription prices. Protection starts at $199 per month. At that price, who could afford not to have Axiom SecureAmerica®?

Scammers Go for Gold: Rio 2016 Olympics Cybersecurity

As the Olympics draw to a close this coming Sunday, we can reflect on these two weeks full of the sport, glory, and friendly competition that the Games are meant to bring to the world stage. However, this year’s Olympics in Rio De Janeiro have also been riddled with security threats. Be it participants & journalists being robbed at gun point when venturing outside of the Village at night, terrorist threats, or multiple limbs washing ashore on Rio beaches—these Olympics have been full of terrifying surprises. But one of the greatest dangers facing the Games that does not get as much attention is cybersecurity. Any event that is presented on such a grand scale attracts not only millions of spectators, but hackers as well—and none are quite as famous as the Olympics.

“Cyber intelligence companies and western government officials warn that the two-week sporting festival, which began last Friday, could lead to some of the highest levels of cybercriminal activity in years.” — Financial Times

Phishing

Brazil is known for having one of the weakest cybersecurity defenses year round, so having the public eye completely focused on them means a challenge for cyber experts in the country and across the globe. The biggest cyber threat facing people in Brazil and around the world is phishing. In fact, Kaspersky Lab has seen an 83% jump in phishing attempts surrounding the months leading up to and weeks during the Olympics. Scammers are doing this by buying low-cost SSL certificates to make their fake websites appear authentic and trustworthy by using domains that include “Rio” or “Rio2016” and many are using these malicious URLs as a delivery method for ransomware.

Many of these phishing scams include fake ad banners that have similar logos to the Official Rio 2016 sign. Some make bogus promises like the recipient of the email has won an all-expenses paid trip down to Rio for the Games in a lottery-style announcement, while still others claim to be selling magic pills that would allow the user to become an “Olympic-level Athlete.” While these situations are ridiculous and even laughable, far too often, people click on the links only to find those hopes have been squashed.

How to avoid: The best way to avoid being caught in a phishing/ransomware scam is to not click on any email or links sent to you by people you do now personally know. If you do decide to click on a link, make sure that it has the secure “https” in front of the web address in order to ensure its validity. If an email from a random person seems too good to be true, it likely is.

Fake Rio 2016 Apps

In addition to the email phishing scams surrounding the Olympics, the Rio 2016 app—meant to keep fans and spectators up-to-date on things like breaking news and medal count per country—has 4,500 copycat versions across Android and iOS platforms that are malicious and could potentially put your smart phone at risk. Many attempt to take over the infected phone or the victim’s social media accounts and some steal data right off of the smartphone itself. If a victim had sensitive information on her phone such as banking information, this would have been an even greater loss all because of a malicious app download.

How to avoid: The best way to avoid this is only downloading apps from trusted sources and not third-party app download providers. Of course you want to stay updated on just how many medals Simone Biles or Michael Phelps have won, but by using the legitimate Rio 2016 app, you can feel more assured that your phone is not compromised in the process.

Tourist Cyber Threats

Now, for those who decided to make the once-in-a-lifetime trip down to Brazil to witness the Games in person, there are many different, targeted threats that you may be facing. Bank fraud, insecure Wi-Fi, and stolen electronics are among the biggest threats to tourists at the Summer Games this year. Here are some tips for avoiding these in-person cyber threats:

How to avoid:

Don’t use insecure Wi-Fi—Especially for sensitive professional or personal information, using unsecured Wi-Fi connections could result in your data being compromised and possibly stolen. Use this time for vacation and not work so as to protect your employer and the company you work for.
Keep your electronic devices with you at all times while traveling—Our mobile devices have so much personal information on them now, so by keeping them on our person or somewhere else where we know they will be safe, we can lessen our chances of data being stolen in that way.
Do not give out your information to anyone who does not need it—Banking, personal, and other information could be dangerous if they fell into the wrong hands. Make sure you do not give any of this out to people who are not required to have access to it. Giving out your bank information specifically, is a surefire way to get your accounts wiped out or other information linked to them stolen or compromised.
Monitor your bank accounts while abroad—Though you should always monitor this information, when travelling it is especially important to be aware of when your money is going. If something looks fishy, notify your bank immediately. When in doubt, exchange your money for the local currency so as to further protect your bank accounts.
Keep your passport close and other IDs close—Though this has less to do with cybersecurity and more personal security, in addition to bank fraud, your passport in the hands of a criminal makes it that much easier for your identity to be stolen. By keeping your passport safe, you’re protecting yourself in the long run as well.

The Olympics are meant to promote unity across nations through friendly competition, but hackers will always view global events such as this as huge targets for attack. By being informed and informing others of potential risks, we can help protect against these threats and enjoy the Games as they were meant to be enjoyed.

Hailey Carlson | Axiom Cyber Solutions | 8/18/2016

Image Source

Why is HIPAA Data so Valuable to Hackers?

15 August 2016
by: Hailey Carlson
in: Cybersecurity,Data Breach
Tags: cybersecurity, data breach, Healthcare
note: no comments

One of the few things that we all have in common is that we need to take some degree of care when it comes to our health. Healthcare providers—like doctors, dentists, nurses, and more—are there for us to take advantage of their extremely vital services in order to keep up with all aspects of our health. In order to properly know our healthcare needs, these providers need to have some pretty sensitive information about every one of us. But what if that very sensitive information was stolen by cybercriminals with plans to distribute it across the dark web? That’s exactly what could happen when healthcare providers fall victim to a data breach.

Figure 1: Total HIPAA Compliance’s List of 2015 Healthcare Data Breaches

In 2015, the healthcare industry saw more data breaches than any other industry—you can see some of the biggest breaches in Figure 1 above—and data breaches have cost the healthcare industry upwards of $6.2 billion over the last two years. Hackers and cybercriminals target healthcare providers because of the valuable information they have on their patients, often referred to as protected health information (PHI), personally identifiable information (PII), or HIPAA data. The Health Insurance Portability and Accountability Act (HIPAA) was enacted in 1996 with the goal of protecting this PHI data and is a regulatory standard across the healthcare industry to this date.

Data protected by HIPAA includes health status, provision of health care, or payment for health care that can be linked to a specific individual. This data is valuable to healthcare providers because it is individually identifiable health information related to the patient’s past, present, and future medical conditions—this means it helps the doctor or dentist to make informed decisions about what their patient’s needs are and what means of medical attention are necessary to address these requirements. This is the good side of HIPAA data. However, hackers want this information just as much as healthcare providers, but for a few different reasons.

HIPAA data is attractive to hackers and other cybercriminals because it is one of the biggest gateways into stealing a person’s identity. Even more than credit card information, medical data is the easiest way to steal a person’s identity because of the sheer amount of information that is readily available. Medical records include sensitive information like patients’ full names, social security numbers, credit card numbers, signatures, and more—everything a malicious person would need to steal a person’s identity, or in the case of a data breach, multiple people’s identities. Unlike credit card-induced identity theft, ID theft via stolen medical records does not show up as quickly as credit card fraud. In addition to this fact, healthcare information sells online for ten times that of credit card data.

In addition to stealing identities, hackers can utilize HIPAA data that is stolen in health insurance and Medicare fraud. Dark web users who buy full medical files could use patient numbers with false provider numbers to file fraudulent claims with payers. When they do this, the victim does not know about the fraud because bills are being sent to his medical provider without his knowledge and the insurance provider does not know that he is not the one filing.

With all of this information needed by healthcare providers, it is their duty to their patients to protect this data. Here are a few ways healthcare providers can protect their PHI from data breaches and attack:

Educate staff members—Education is key in all aspects of life, but protecting data is one of the biggest areas where education is required. When staff members know what is and is not HIPAA data, they can take the necessary amount of care in keeping that data safe. Phishing is one of the main ways hackers get into hospitals’ networks, so informing employees of things to look for that could potentially be malicious is vital when it comes to securing your information.
Consider Encryption—Be sure to encrypt both your hard drive and any electronic communication that you can. When hackers have to work harder to get your data, they are likely to skip you and move onto the next, more vulnerable victim.
Protect your network—Having multiple stages of protection is key to keeping your PHI and HIPAA data secure. This includes wired networks, wireless networks, and connected medical devices via IoT. One of the best ways to do this is by installing a next-generation firewall. Axiom Cyber Solutions offers its SecureAmerica® Firewall as well as HIPAA compliance help as a partner to those healthcare providers that need to be HIPAA Compliant.

It is important to secure your networks in any industry, but it is even more crucial in those industries where real customers and clients could be compromised in the event of a breach of security. Healthcare has faced many hurdles in cybersecurity recently, but hopefully by creating multiple barriers for hackers to overcome, the industry will see a turn for a safer, more secure environment.

Hailey Carlson | Axiom Cyber Solutions | 8/15/2016

Image Source

My Internship with Axiom Cyber Solutions

Axiom Cyber Solutions is a Las Vegas-based managed cybersecurity company that aims to provide simple solutions to major problems for small to medium sized businesses and beyond to help them fight back against cyber-criminals. At least, this is what they’ll tell you when you first meet Troy, Shannon, or anyone else on the Axiom team—but this is only part of their story. Yes, Axiom is a company that provides high quality cybersecurity to those who need it most—small businesses—but I’ve learned over the duration of my internship that they are so much more than that. The best way for me to explain is to tell you about all of the people who impact and are impacted by Axiom:

The Employees

The saying goes “A company is only as good as its people”—if this is true, then Axiom is golden. Though there are only a few of them, the Axiom staff is comprised of some of the hardest working, dedicated people you’d ever hope to meet. Working for a start-up has its challenges, but you’d never know that looking at the faces of these employees. From talking to Jade upon your arrival at our offices, to discussing the intricacies of the technology with Adam, Axiom team members are friendly people who only want to help you.

A lot of young professionals seek a company with a distinct, welcoming culture to start their careers, and you’ll find exactly that at Axiom Cyber Solutions. Though we all have our own space in our own offices, everyone’s door is always open for questions or advice. Something I’ve really enjoyed is being able to collaborate with so many different minds on various projects, and the team atmosphere is extremely strong within Axiom.

The Customers

A company may only be as good as its people, but companies would be obsolete without their customers. From a local indoor playground run by an awesome couple (just like Troy and Shannon) to exciting casinos in downtown Las Vegas, Axiom has a wide range of customers whom they work diligently to keep happy and protect. These customers are people who recognize the growing threats of cyber-crimes like ransomware and DDoS and know that they want high quality, cutting edge protection from them—for a price that fits their budgets.

The Community

In my ten weeks in Las Vegas working as an intern for Axiom, I probably encountered most of the local, small business owners and professionals from the numerous networking events I experienced. Something that I really admire about Axiom is their commitment to being involved in the local Las-Vegas community as well as communities across the country. Not only have they helped several companies do things like pay their ransom for ransomware attacks, replaced hacked PBX systems with secure ones, and mitigate DDoS attacks on a company’s opening day, but you can tell that they genuinely care about the people they help protect by the ways they interact with their clients. Axiom cares about people’s data and protecting the community that surrounds them is their superpower.

The Families

Axiom is not only a family of employees and customers, but we are a part of each other’s families as well. Troy and Shannon Wilkinson are the CEO and President of Axiom Cyber Solutions, but they are also the proud parents of three sweet girls—Mackenzie (5), Kayleigh (3), and Abigail (2). Both Troy and Shannon’s mothers come into the office regularly to talk with the employees and even sit in on a meeting or two while the girls will come and draw pictures on office windows to brighten everyone’s day. It is clear that the Wilkinsons eat, sleep, and breathe Axiom.

But Axiom is not just about the Wilkinson family—they care about other employees’ families as well. Be it going to birthdays, barbecues, or baptisms, you can see that Axiom is a family of families.

I have learned so much from the two months I’ve been an intern here. From having to google what the heck ransomware was on my first day to being able to explain different variants of it to friends and family, I’ve come a long way in my knowledge of cybersecurity. But I’ve learned more than just what different cyber-threats are or how to program a firewall—I’ve learned things like how to network, what it means to be a part of a team, what it feels like to be proud of your finished product, and how you’ll never know something unless you ask. Of course, there is so much more for me to learn, but I am happy that I started my professional career with Axiom Cyber Solutions. This is a place that, to me, will always feel like home.

Hailey Carlson, Axiom Cyber Solutions 7/22/2016

Phone System Security: What to do When Hackers Come Calling

Most everyone is aware that hackers are trying relentlessly every day to get into your company’s private network so they can steal your and your customers’ important data that would be harmful to your company if it were to fall into the wrong hands. But something most people are not aware of is the fact that phone systems are incredibly vulnerable to attack—and they can be a hacker’s fastest link into your private network.

PBXs, or private branch exchanges, are phone systems that allow for communication out of and across a large number of phones in a single organization. Companies have made a turn toward digital IP PBXs over traditional Analog systems because it is easier for them to have everything—computers and telephones—connected in one network. Analog PBXs only provide telephone services, requiring the company to find their own provider to deliver a separate connection to the internet; however, with IP PBXs both internet and phone are connected and come into the company from the same provider via one wire—making things more connected and easier to use for the company.

Unified Messaging

Along with the increased connectivity between telephone and private networks, there are some additional advantages to choosing an IP PBX including lower costs both upfront and for traditionally expensive calls, as well as increased ease-of-use and accessibility for employees via unified messaging. Unified messaging, or unified communication, simplifies and connects all forms of communication—text, voicemail, email, video conference, fax, etc.—and allows them to be handled in a single mailbox that the user can access from anywhere. This can be via an app that allows you to check your voicemail remotely, or via an email attachment with a soundbite of the voicemail. This allows users to be connected to their office telephones from anywhere.

However, with all of this network connectivity, there are some potential drawbacks as PBXs are among some of the most vulnerable office equipment out there.

Threats to your PBX

Many people are unware of the vulnerabilities that their phone systems pose to their company and consequently, these people leave their phones unprotected—and hackers are well aware of this knowledge deficit. Criminals can ring up a huge phone bill by making unapproved domestic and international calls, costing your business big bucks if gone undetected—and that’s just the minor threat PBX hacking can pose!

With the vulnerabilities of unprotected IP PBX phone systems, it raises the question—if my private network and my phone network are connected, wouldn’t it be easy for hackers to get into a private network via the connected, weakly-protected phone system? The short and simple answer is yes.

The greatest and most dangerous threat to your company is when hackers use your vulnerable phone system to hack into your private network—where you store your customer, employee, and financial data, among other vital things. This is the information computer hackers long to take from every company that they can, and weakly protected phone systems are the best direct channels to getting that information from your business.

Protecting your PBX

Though the revelation of yet another point of entry for hackers into your business might be pretty disconcerting, there are some simple defenses you can put in place in order to better protect your company’s PBX system and consequently all of your sensitive data.

Use strong authorization codes or passwords. Each phone and/or user should have their own individualized login and password in order to strengthen the security of the PBX. Many providers of PBX systems leave user passwords at their default settings or simply make them something easy to guess like the user’s birth date or extension number, thus leaving the door wide open for hackers to easily guess and check in order to infiltrate the system. Use of complex, hard to guess authentication codes/passwords is a simple step that allows for less risk to threaten your phone system security.
Delete or deactivate unused accounts. Say an employee leaves your company for whatever reason, her phone’s inactive voicemail box is now an unmonitored entry point for hackers to sneak into your company through your phone system. Deleting extra passageways for hackers takes little time to accomplish and can be a major benefit to your company’s cybersecurity.
Frequently check your outgoing voicemail to ensure that it is in fact your voicemail message. One way hackers ring up your phone bill is by changing your outgoing voicemail message to something like “Yes, I will accept the charges,” then the hacker collect calls this compromised number, charging it on the company’s dime. By not only checking, but changing your voicemail regularly, you can prevent this type of threat to your company. Though this is more of a minor threat, you could save your business thousands of dollars in phone bills by checking something as simple as your outgoing message.
Restrict or monitor certain types of phone calls made to/by your phones. Consider restricting international or long distance calling destinations if your company does not require contact with them regularly. You can set this up either directly into your phone system, or by having your provider notify you of attempts of this kind.
Use Firewalls to protect your data. By having your phone system shielded by a strong firewall, you are providing your company’s phone system with the best possible defense. Intrusion detection will notify you of any attempts or breaches to your phone system and is a key feature this firewall should have; a next-generation firewall will be the toughest one for a hacker to attack.
- Axiom provides a PBX system that has a built-in firewall and we encourage our users to put an additional Axiom SecureAmerica® Next-Generation Firewall in front of that in order to protect your phone system two-fold. Learn more about Axiom’s PBX from our CEO, Troy Wilkinson, here.

Though an unexpected route for hackers to take, securing your phone system is not only key to keeping calls and other means of communication safe from attack, but your private networks and all of the dignified information they store as well.

If you’d like to find out more about securing your phone system or private network, give us a call at (800) 519-5070 or visit our website at https://axiomcyber.com/ to speak with one of our IT experts.

Hailey R. Carlson, Marketing Inter, Axiom Cyber Solutions 7/21/2016

Image Source

Page 4 of 7 < Previous 1 2 345 6 7 Next >

Category Archives: Cybersecurity

Category Archives:
Cybersecurity