Category Archives: Security Threats

Are you leaving your small business Web-use security door open?

There is so much to be concerned with when running a small business. Economic uncertainty, the cost of health insurance benefits, regulatory burdens, keeping mission-critical operations running–all add up to a stressful experience. Now security concerns include more than just locking the doors; it means everything digital too. And the risks? With ransomware, phishing, insider threats, unsanctioned cloud apps, BYOD . . . lets just say, the Internet usage risks are probably even higher than the front door being left open . . . wide open.

Many small and midsized businesses (SMBs) are without full-time IT departments or even full-time IT personnel, making them a prime target for breaches. But SMBs tend to think they don’t have the resources to handle this type of security, whether it be the financial consideration, personnel needed, or when hardware is preferred, limited space constraints. Since hackers know this, SMBs have to be proactive when it comes to Web-use security–nowadays, even more so than corporations.

The connection between the human and the Internet is a weak link, making it one of the leading access points into a system for a hacker. Whether it’s from the employee clicking a Web link in an e-mail, clicking a malicious ad, or sharing company information with a cloud service, make sure to protect the business by managing that employee-Internet connection. Find a solution that allows you to easily and proactively monitor and secure your employees’ Web activity. Your business is unique–finding a way to solve these issues and concerns will take a unique solution.

A few tips for your Web-use security solution search:

Find a vendor who will spend the time with you. The cyber world has its own language. It’s important to have a human being on the other end of the phone during the sales process, in customer service, and when you need technical support . . . yup, they still have human beings in technical support . . . go figure! Get with a company who wants to talk to you!
Of course, it doesn’t help if that vendor doesn’t have what you need so make sure you list the top security priorities for your business. Do you want to filter access to certain Web sites or categories such as social media, or do you want to limit time that an employee may spend on one site? Are you are more concerned with your guest Wi-Fi and BYOD or throttling bandwidth use? Don’t get sold on something that doesn’t meet at least your primary concerns. One solution does not always fit all . . . in today’s cybersecurity world you need to focus on your specific business concerns. Just because an expensive, large scale, all-in-one network security solution or firewall has a Web-use add-on tool does not mean it will give you the pertinent, granular detail and control that you need to protect your mission-critical operations.
Ask questions. The vendor should understand that you excel at what you do, not what they do. Don’t be intimidated by the security subject. Even those of us in this business spend a lot of time keeping up with the fast pace of cybersecurity. No question is unnecessary. If you think about it, then it is important to you and should be to the vendor too. Refer to Tip #1!
Last tip for today . . . solutions come in many shapes and sizes. Don’t settle for something that doesn’t fit your business. Your business is special and unique. Your solution should fit and work in your environment without you constantly having to justify it and make it fit in.

Wavecrest can, and wants to, help you!

Wavecrest provides Filtering and User Behavior Reporting solutions that fit your business! Find out more about our Cyfin and CyBlock deployments today. As a customer-centric company, Wavecrest focuses on the needs of each customer. Let us help secure your business with a solution that fits every business size, type, and configuration.

About Wavecrest

Trusted for over 25 years, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and User Behavior Analytic products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing and reporting on cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has commercial and government clients worldwide. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Really? Is it really time to think about holiday shopping? Already?!

Yes–now is the time. The holidays are right around the corner and definitely require attention now so your business can prepare for the increase in Web usage and the associated risks. There are many reasons for your business to pay close attention to Internet activity at this time of year (and all year). But there is one primary focus that could easily help with all the cyber risks to your business–managing the natural human vulnerability that cyber thieves take advantage of.

Did you know that most breaches are initially caused by employee error? “Ninety-two percent of all incidents are, and 84 percent of all data breaches were, unintentional or inadvertent in nature,” states an article from iapp.org. No matter what kind of data loss or breach it is, human error likely played a very important role.

Shopping season can bring out even more human vulnerabilities than usual. Malicious Web sites can look real and carry what looks like legitimate product offerings, advertising can be more enticing with hard-to-resist discounts, and e-mails can come from legitimate e-mail addresses hacked by these talented criminals. Humans’ emotional nature can make it hard to resist when we are all looking for that special or hard-to-get gift. It is important to make sure your business–and your employees–are protected by an easy-to-setup solution that is comprehensive and proactive.

This is easier than you think. Access to a comprehensive Web management solution will allow you to manage usage in a way that suits your unique business philosophy. This includes whether you want to allow or restrict access to certain Web sites at a particular time of day, monitor usage with reporting features by analyzing trends and tracking usage, or just meet compliance and regulation requirements.

This time of year, it is important to spend some extra time paying attention to your organization’s Web use. But Web-use management should be part of your business process and security all year round. Find a solution that is flexible enough to grow or change with you throughout the year, and for this time of year … let them shop … and know you are still being proactive and secure.

Cyfin® provides advanced User Behavior Analytics and Reporting for a wide variety of gateway devices and log file formats. Comprehensive yet easy to use, its customized reporting capabilities supply audience-specific information with reliable metrics, easy-to-read reporting dashboards, manager-ready detailed audit reports, and Smart Engine analytics. Cyfin is available in various deployment options: Cyfin Virtual Appliance and Cyfin Forensic.

CyBlock® Employee Web Filtering and Monitoring Solutions provide advanced Web filtering, threat protection, comprehensive employee reporting, Smart Engine analytics, easy-to-use admin and manager portals, and more. Customers can easily configure CyBlock to monitor and manage compliance with their usage policies. CyBlock is available in various deployment options: CyBlock Virtual Appliance, CyBlock Cloud, and CyBlock Hybrid.

Wavecrest has over 25 years of proven history of providing reliable, accurate Web-use management and Advanced Log File Analyzer products across various industries. IT specialists, business managers, HR professionals, Managed Service Providers, and Forensics Investigators trust Wavecrest’s Cyfin and CyBlock products to easily decipher and manage, and report on, real employee Web activity, manage cloud services, reduce liability risks, improve productivity, save bandwidth, and control costs. Trusted by small, medium, and large government and commercial organizations worldwide. For more information on the company, products, and partners, visit Wavecrest.

Is your business’ human operating system secure?

Everyone is worried about operating systems, whether it is network operations, business operations, or a desktop operating system. The functionality of these intricate parts of your business are critical. But have you thought about your employees and how they operate? Today, your human operating system needs to be more than just making sure your employees are doing their job. Human vulnerabilities are a primary target for cyber criminals. Your human operating system, or the human factor, needs to be manageable and efficient, with tools in place that proactively support an open, yet secure, digital work environment.

Insider threats can be found at the top of headlines almost every day. Listen carefully to what each event tells you. It can happen to you, no matter how big or how small your business is. You don’t have to be a government organization to be susceptible to an insider threat. Insider threats can be a malicious employee who may be upset at the company, a good employee who just makes a mistake, or a targeted employee who unknowingly allows a malicious user into the network or access to proprietary data. Whatever the cause, there has to be tools in place to combat these human factor Web-use risks.

The human factor in business Web use is complicated in many ways. Hackers target natural human vulnerabilities and mistakes happen, employees can be sensitive to being singled out or afraid to admit the mistake, and fully blocking all access in today’s digital work world will likely just limit productivity and upset employees. The key? Visibility into the human factor. See how and when your employees use their Internet access. With that visibility into Web-use detail, you can then manage the usage to fit your unique business needs and gain a comprehensive, proactive way to secure and protect your business.

Securing and managing your enterprise’s human operating system in a proactive and efficient manner will help reduce cyber risks, such as phishing, malware intrusions, ransomware, data loss, employee misuse, legal liabilities, bandwidth hogs, shadow IT, and more. Find a solution that fits your business and your budget. Make sure it is flexible, easy to use, and easy to manage, allowing you to secure and shape employee Web-use–on your terms.

About Wavecrest

Wavecrest has over 20 years of proven history of providing reliable, accurate Web-use management and Advanced Log File Analyzer products across various industries. Managed Service Providers, IT specialists, HR professionals, Forensics Investigators, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage the human factor in business Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Trusted by large government and commercial organizations such as US-CERT Homeland Security, U.S. Department of Justice, USPS Office of Inspector General, National Grid, Johns Hopkins, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Employees are like Hacker Candy

Employees are still the central part of all our businesses. Even with all the technology, we still have people to run the operations. The human component of our business is the goal for most hackers. It is easier to find the human weakness than it is to find a network flaw. This human point of infiltration still needs attention, even when you feel your business is secure.

Hackers are smart and agile. It’s a full-time job for them. They don’t get called into meetings, get distracted by co-workers, or have to worry about receiving their W-2 in time for their tax advisors. Their focus is to get into your network using those distractions against your employees. Your employees are busy and focused on what they have to get done, many juggling multiple responsibilities. Hackers like these employees; it’s like candy to them.

Is there any one solution that will remove all risks? No. But there are ways you can help your employees protect themselves and your network. Ransomware, insider threats, phishing–there are so many threats that can halt operations that are critical to your business success. Be aware, prepare.

A combination of defenses helps you reduce the risks we all face in business today. Don’t assume one will solve everything. Develop multiple layers of proactive security. This can include anything from making sure your Acceptable Use Policy (AUP) is current or having consistent employee training, to firewall and virus protection, to Web-use comprehensive monitoring and filtering solutions.

It is also important to have a recorded and tested recovery plan in place. Make the assumption that a breach will happen. This way you are prepared. Most importantly, maintain current backups. Make sure that the backups are not accessible through your network!

The “one” solution to protect your business just doesn’t exist. Maintain a combination of defenses and solutions to cover as many risks as possible. Being proactive will pay off in the long run.

Trusted for over 20 years, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Don’t let size fool you.

Don’t be fooled by the name–CyBlock Mini Appliance is powerful, comprehensive, and worth every inch of its compactness.

Maintaining visibility throughout your workforce is key to running a secure business today. Don’t settle on just any solution that really doesn’t meet your needs. If you need coverage for a remote office, have limited space either in your server room or in your office, or are struggling with how to keep your business secure with a limited IT budget, Wavecrest has more choices than ever. No matter what business size or industry type, CyBlock Mini Appliance is likely to be just what you have been looking for.

The powerful Mini Appliance provides the comprehensive Web-use security capabilities of CyBlock, including HTTP and HTTPS URL filtering, comprehensive detailed reporting, secure guest Wi-Fi services with captive portal, advanced threat protection, bandwidth management, cloud services management, as well as coverage for non-HTTP activity, e.g., P2P, torrents, IM, and e-mail. Get all of this in one compact and economical package. The general size of a Wi-Fi hub, the Mini allows you to put it in the corner, on your desk, or in that tiny space you have left in your packed server room!

As a cost-effective choice for any business type or size, the robust, yet compact Mini Appliance provides the leading-edge, comprehensive Web-use security capabilities of CyBlock. Designed to fit every business environment, the Mini Appliance can be paired with CyBlock Appliance or deployed on its own, depending on the required Web-use security solution needs.

For more information on CyBlock Mini Appliance or any of our other products, please contact us today!

About Wavecrest Computing

Celebrating 20 years in business, Wavecrest Computing, headquartered in historic downtown Melbourne, FL, has provided commercial business and government clients with reliable, accurate Web-use management and Cloud Access Security Broker products since 1996. Managed Service Providers, IT specialists, HR professionals, and business managers trust Wavecrest’s Cyfin and CyBlock products to manage employee Internet usage — managing cloud services, reducing liability risks, improving productivity, saving bandwidth, and controlling costs. Wavecrest has clients worldwide, including General Electric, Lockheed Martin, Florida Department of Health, Siemens, Department of Homeland Security, and a growing list of global enterprises and government agencies. We are a proud long-term GSA contract holder. For more information on the company, products, and partners, visit https://www.wavecrest.net.

Things That Lie In Wait

There are many shows on cable today that portray instant recognition of a breach. To repeat what all others in the actual cyber industry say . . . not realistic.

Think of the scenario where an employee opens a file or accesses a malicious Web site. Step one is done. Nothing happens; the employee shrugs his or her shoulders and moves on. Nothing happened, so we are all good, right? Wrong. In reality, malware can happen behind the scenes with no visual effect at all at the time of being infected. The malware is just lying in wait. It either waits for an external signal–a preprogrammed time or until a specific action on the host computer is done. A hacker then would have access to look around, doing nothing noticeable, just checking things out . . . until the time that he finds what he wants.

Six months pass. All of a sudden, systems are breached, potentially causing loss of controls, data, or financial information. And no one knows where or how it happened until a thorough investigation finally points back to the past point in time.

It sounds unavoidable, right? No, it’s not unavoidable but the chances increase all the time that it will happen to your business. But if you take steps to protect and prepare as much as possible, the damage can be potentially avoided or at least somewhat overcome.

How? Here are 5 steps to try to avoid or quickly recover from a breach:

BACK UP!!! Enough said. Think cloud, separate, secure, and frequent. Ransomware, a type of malware, takes over your files and holds them hostage. With a secure and separate backup, your business can go on operating.
Train. Train your employees for anything that could happen. Teach them about current cyber threats; keep them informed. They can be considered an additional “firewall.”
Use patch management. The days of worrying about how frustrating the changes will be from new updates are over. Patch consistently . . . because many of the patches today are security related and crucial to staying protected.
Apply multiple layers of security. Your firewall will not protect you from a threat that originates internally. And yes, many happen using some form of an internal breach such as phishing and e-mails with malware links, or by way of privileged credentials whether internally or from a breach at a third-party contractor. Get a comprehensive employee Web-use security solution that will block access to malicious sites and links.
Monitor. Watch it all. You will see trends, user behavior, and anomalies. Monitor network activity and the activity that accesses the Internet. Guest Wi-Fi networks, BYOD, and employee Web use should be included. Make sure you have visibility into what is going on with a solution that not only provides real-time monitoring, but also forensic-level detail reporting easily accessible by both IT and managers.

Overall, taking steps to ensure your business is protected is crucial, but know that you can still keep critical business operations functioning following any type of breach. Providing proactive solutions to protect, secure, and manage your business’s Web use in a cost-effective, agile, and customer-centric way is what we do. Let us help.

About Wavecrest Computing

Think defense.

Ransomware has the annoying characteristic of sneaking up on you. If you aren’t prepared, you may as well pay the ransom. Why? Because being prepared for loss of data is not at all difficult. First off–think old school . . . BACK UP, BACK UP, and BACK UP! This first very important step is that simple.

Think about what you do on your devices today, professionally or personally. We now live our lives in this digital environment. It is likely your use of technology has increased, even in the past year. This puts all of us at risk. Not just on our desktops either. Wired.com reports “these days ransomware doesn’t just affect desktop machines or laptops; it also targets mobile phones. Last week news broke of a piece of ransomware in the wild masquerading as a porn app. The so-called Porn Droid app targets Android users and allows attackers to lock the phone and change its PIN number while demanding a $500 ransom from victims to regain access.” Not many people could function today without access to their phones. Businesses are becoming more and more friendly to mobile devices as well. All this data floating around just makes it more appealing to hackers.

Where do we go from here? Back . . . back to backing up. Get that portable hard drive back out, dust it off, and use it. Yup . . . I did say that. Back it all up. Of course, for businesses it is more complex (and critical). But that is what cloud storage services are for. My only recommendation when it comes to off-site backups? Use more than one service. This way if anything does happen to your access to one backup, you will still have access to another. Inserting stern warning here: Do not store your passwords on your devices or in your backups unencrypted. If a hacker can access and lock up your systems, then he can find your passwords and have a go at them as well, including access to your backups.

Protect your business. Train your employees about new threats and monitor what is happening. Information is a gold mine–get visibility to see where your employees are going and then make some decisions that can protect your business. Ransomware can hit you through just a link in an e-mail. Make sure you have a solution in place that will help stop access to malicious Web sites.

We need to rethink the way we operate. It is just a shift, and if you just do it now, then you won’t be alarmed when you do get hit. Sadly, chances of a business being victimized by cybercrime are becoming more and more likely. Be prepared. And please, don’t let them win. The Internet has opened up so many opportunities for us and generations to come. Singapore is a perfect example of letting hackers win. They are moving to shut down Internet access for government computers, “from May next year and affect about 100,000 computers in use in the public service in the city-state, local media said.” (Reuters)

Do you think giving up Internet access will solve cybercrime?

We can help you find a better way.

About Wavecrest Computing

Can you see your enterprise shadow IT?

Can you? It’s there…hidden on your employees’ devices and on your network. We all know people try to use the path of least resistance in getting something done. Today, cloud computing allows us all to do almost anything from anywhere with relatively no resistance at all. Within corporations though, this can become a problem commonly known as shadow IT. “There are an astonishing 10,000 cloud services available on the market today, which creates a growing problem for IT around Shadow IT as only 9.3 percent of those apps meet enterprise data, security and legal requirements, cloud security company Skyhigh Networks found in its Q1 2015 Cloud Adoption and Risk Report.” Corporations need to control their proprietary information, network, and Web security. While employees may be thinking they can get their job done faster, the corporation is thinking about threats. “The result is technologies that empower individuals and teams limit the organisation as a whole.”

There are several views for this, all valuable. From the employees’ view, they believe they are finding ways to be more productive and efficient by using technology that is easily accessible and likely, not costing the corporation anything additional. It is quick and easy and can get the job done before the IT department would even have a chance to look at a request form. So, why would the corporation be upset? Here’s why–unauthorized applications, or shadow IT, can cause serious risks, such as Malware, data loss, and other severe network security concerns. As the responsible party, IT needs to know what is happening, especially when it comes to the random unauthorized applications users are bringing into the network.

What can be done? Which view holds more importance? That depends on your organization but gathering the information to make that decision can be quick and easy. You need total visibility into Web use so you can find and analyze any potential shadow IT. Proactive, comprehensive reporting of all Web-use activity allows a full view of users’ activities. IT and management need to see detailed drill-down activity per user, per group, or per category, and determine if the “shadow” application is to be quarantined, or discover the application is actually useful to the organization as a whole and add to the acceptable applications list.

It is important to take into consideration the employees’ need to have access to useful and contemporary tools. No post, article, or news story can tell you what to do within your organization. Only you know what will best suit your environment. Try collaboration though, between users, management, and IT. The key is to find the most useful applications and move toward applications that work, with the best interest of the overall corporation at heart.

Wavecrest Computing has been the recognized leader in Web Security for over 19 years with CyBlock and Cyfin Solutions. These scalable filtering and forensic reporting analysis products are designed to enable organizations to successfully address Internet abuse, legal liability, shadow IT, workforce productivity, and Web security threats.

Into the Madness of March…brackets, bandwidth, malware, and all.

March Madness begins on March 17th this year. We all know that employees check out highlights or even stream a whole game. According to Turner Sports’ Will Funk’s interview with AdWeek,Turner did 70 million live streams on broadband and mobile during March Madness 2014. That is a lot of streaming. With all the streaming and new apps that are out since last year, 2015 will likely set another record.

This year, have the choice to allow your employees some freedom to watch and enjoy! CyBlock Web Security Solutions will help protect your business, blocking sites known for malware and proactively controlling bandwidth consumption, while allowing responsible viewing.

With Wavecrest’s Bandwidth Management in CyBlock, there are numerous ways to be able to control access when you need to. With Real-Time Data Usage Monitoring, you will be able to easily view current data usage for the entire enterprise, detect unexpected spikes that could indicate excessive data use, or just observe the last 5, 10, or 15 minutes of real-time updates.

You can also make sure the critical business operations remain functioning efficiently, even during the games, by using the Bandwidth Throttling features. Be more restrictive as the noncritical usage gets higher by setting one of the automatically triggered, higher-usage policy thresholds to throttle more or even block. E-mail alerts will keep you informed wherever you are. Once a policy is activated, policy-specific traffic is throttled or blocked, allowing business-critical applications (VoIP, CRM, etc.) to continue operating as needed.

Don’t forget about protecting your company from malware. March Madness search results have had a history of being known for malware in past years, and this year will likely be no different. As your employees search for brackets or results, CyBlock blocks traffic to the constantly growing number of sites that generate and/or promote malware. Keep out viruses, Trojan horses, phishing attacks, and more.

March Madness has become a way of life. Decide how your company will handle the traffic and proactively prepare for it by letting CyBlock help protect and secure your business and your employees. Find out more about all the Web Security product lines at Wavecrest Computing.

Cyber Monday is Quickly Approaching is Your Network Ready?

cyber-monday-2013

Cyber Monday crushed it, again.

Online shopping on Cyber Monday hit $2.29 billion in sales in 2013

Adobe reported that Cyber Monday eCommerce sales grew 16% year-over-year to $2.29 billion.
Adobe also said that 18.3% of sales came from mobile devices, an increase of 80% year-over-year.
ComScore reported that Cyber Monday reached $1.73 billion in desktop online spending, up 18% from 2012.
IBM said Cyber Monday was the biggest online shopping day in history, with a 20.6% increase in online sales.

The chart above shows Cyber Monday sales dramatically increasing around 9 am on Monday and holding steady throughout the entire work day.

With more and more of your employees doing their shopping online, it has become a cyber security issue for businesses making sure their networks are secure, managing bandwidth and protecting their employee from identity theft . CyBlock Web Security products will help you manage all of this from an easy to use single console.

CyBlock is a complete Web management and security product:

Advanced Web Filtering
Threat Protection
Bandwidth Management
SSL Inspection
Comprehensive Reporting

More information about CyBlock Web Security Products.

Wavecrest Blog

The Latest news, tips and resources straight from the Wavecrest team.