Close

cyber security

The Risks of Rushing Remote Desktop Solutions: A COVID-19 Case Study

by
the-risks-of-rushing-remote-desktop-solutions

The Scenario in Brief:

Our client performs medical billing services for their clients across the country and had recently acquired a new customer in New York. Each time they intake a new customer our team is engaged to set up secure remote access to that customer’s site.

Given the sensitivity of the data being accessed it was necessary to provide an extremely secure solution, compliant with HIPAA regulations. In this case we deployed remote access utilizing the SolarWinds Remote Monitoring & Management (RMM) platform, with the included Take Control software. This solution provides an encrypted connection protected by multiple factors of authentication to gain access.

As soon as this monitoring software was installed it began reporting attacks from a host of different public IP addresses from multiple countries. We know from experience that when this activity is seen, typically someone has forwarded Microsoft’s Remote Desktop Protocol (RDP)  port through the firewall, for simple (albeit insecure) remote access. One of the greatest dangers of utilizing this antiquated remote access methodology, is that it has become a go-to method for bad actors to infiltrate and launch ransomware attacks against the target.

This particular chiropractic customer had recently employed an acquaintance to implement this solution. Given that the state of New York was recently shutdown, they had little time to act or properly plan for this sudden change. Unfortunately, the party was either not thinking through the cybersecurity ramifications or perhaps was unaware that ransomware is often spread through open RDP ports.

The Solution:

Our team quickly consulted with the parties involved, and offered options, including alternative remote solutions that were flexible enough to fit their workflow of iPad’s and Windows devices. We also suggested engaging with a local IT company if that was their preference. The client was relieved to know that this attack was caught in time (even if it was outside of the scope of our initial intent) and the opportunity was given to avoid business disaster. This would have conceivably shut down their business in the short-term in the middle of an already difficult situation.

We are thankful we can help this business stay in business through an already difficult time.

The Lesson:

We know that everybody is scrambling to setup remote access but you could make a bad situation worse if it is not accomplished in a secure method. Contact your trusted IT provider, or find a firm that can help you. If you have questions, don’t hesitate to reach out.

Learn About Cyber Security With Bryon Palitto of Palitto Consulting Services

by
Cyber Security

Technology helps businesses become more efficient and connected, but it comes with downsides as well. Flaws in security can allow criminals to access important data, putting both companies and clients at risk. Cyber security is getting the attention of many businesses, but few know what to do.

Recognizing this issue, Bryon Palitto, CEO and founder of Palitto Consulting Services, has spoken on the topic at several venues over the course of 2019. Even if you can’t hear his presentation in person, you can learn about the most important points: why you’re a target, recent attacks and how to avoid becoming a victim.

Reasons Cyber Criminals Target Businesses

Bryon Palitto News Story PhotoCommercial enterprises have a wealth of data, even if they don’t know it. According to a recent survey, 54% – 68% of small businesses have personal customer information on file, including the following:

  • Billing addresses
  • Email addresses
  • Phone numbers

Online crooks can use this information to access accounts and potentially gain more critical data such as credit card numbers.

Businesses are also at risk for ransomware. These programs lock down systems so hackers can hold them hostage and demand ransom. In the end, cyber criminals are looking for power to force others to give them what they want.

Attacks You Should Know About

According to 2018 surveys, 67% of businesses were affected by attacks, making cyber security more important than ever. You may have heard of some of the biggest cases:

  • DDoS attack on Telegram Messenger
  • Stuffing attack on Dunkin’ Donuts
  • Hackers breach Citrix servers
  • Toyota data breach

Ways To Protect Yourself

Despite the dangers, there are ways to prevent breaches. First of all, you should hire professionals to do a risk assessment. This identifies weak areas in security protocol and systems, which you can then bolster.

You should also make sure all employees understand basic email security, password protocol and other relevant cyber security measures. Everyone is responsible for protecting a company, from the CEO to part-time workers.

Want to improve your security? Interested in Bryon speaking at your event? Palitto Consulting Services has been helping businesses protect their technology for over 20 years. For more information, give us a call at 330-335-7271 or contact us online.

PCS Engineering Team Members Obtain Sophos Central Architect Certification

by

Security threats of all sorts are a real concern to businesses these days. Sophos UTM (Unified Threat Management) is one of the leading next-generation cybersecurity systems specializing in keeping data safe in the rapidly developing cloud computing environment. To better serve our clients, two members of the PCS engineering team recently completed their Sophos Central Architect Certification. PCS congratulates Dan Allen and Ryan Ward for completing this advanced level of training.

Arrayed To Advance Our Service Level

Staying abreast of the latest technologies that enable businesses to protect themselves from security threats and breaches is a significant component of our philosophy of continual learning at PCS. By completing the required courses, attaining the Sophos Central Architect Certification and advancing their knowledge of network security to the next level, these engineers have positioned themselves to serve the needs of our customers better. They are now ready to assist our clients with advanced design and implementation of systems to increase security for wireless networks and web servers.

Committed To Remain on the Cutting Edge

As online attacks and business computing requirements become more complex, PCS remains committed to the challenge of equipping our team members with the tools necessary to provide simple, straightforward solutions for our clients. By mastering the intricacies of deploying and maintaining advanced tools such as Sophos, we can take much of the burden of IT management off of our clients’ shoulders. We focus on the details of cloud-based computing, helping you to make intelligent use of technology so that you can focus on expanding your business and reaching your goals.

We are ready to help you take the next step by leveraging technology to your full advantage. Contact PCS today and find out how our commitment to learning can help you improve your operation and move your organization toward more profitability and growth.