Cyber Security Solutions

Networks   Internet   Endpoint   Cloud   Application

Cyber security is not a one-and-done solution; it’s a layered framework that evolves & adapts to situations, & includes oversight, prevention, & maintenance.

 

Our cybersecurity hardware & software solutions secures your data & systems from internal & external threats.  It includes a Cloud backup solution that is isolated from your network, protecting against ransomware attacks.  We also help clients navigate & achieve government complex regulatory & compliance standards.

Our goal is to make your company safe & secure with a customized implementation of a multi-layered, end-to-end security solution to minimize internal & external risks.  inSync's security strategy prevents unauthorized access to your organizational assets such as servers, computers, networks, & data.  We help maintain & protect the integrity & confidentiality of sensitive information, blocking access from sophisticated hackers.

 

Defending Against Ransomware

 

It's All About the Basics

​Authentication, Backups, Updates, & Least Privilege

​The concept behind ransomware is simple.  An attacker plants malware on your system that encrypts all the files, making your system useless, then offers to sell you the key you need to decrypt the files.  Payment is usually in bitcoin (BTC), and the decryption key is deleted if you don’t pay within a certain period.  

​Recently, ransomware attacks have been coupled with extortion: the malware sends valuable data (for example, a database of credit card numbers or vendors information) back to the attacker, who then threatens to publish the data online if you don’t comply with the request.

​inSync's security basics include a next generation antivirus, strong passwords, two-factor authentication, defense in depth, staying on top of software updates, Cloud backups that are isolated from your network, & the ability to successfully restore from your Cloud backups go a long way.

 

Not only do these  practice protect your from becoming a ransomware victim, but those basics can also help protect you from data theft, cryptojacking, and most other forms of cybercrime.

​Our job is to prioritize good security hygiene for your business, so your business is protected from attacks.  There has been a marked increase in ransomware attacks fueled by the rise of the “triple extortion” ransomware technique - whereby attackers:

  • Steal your sensitive data & threaten to release it publicly unless a payment is made;

  • Target your customers, vendors or business partners in the same way.

 

​​The best defense is to be prepared.  And that's our job.

Phishing Defense

Training Your Users

Phishing is a type of attack carried out to steal usernames, passwords, credit card information, Social Security numbers, and/or other sensitive data.  Phishing is most often seen in the form of malicious emails pretending to be from credible sources like people, departments, or organizations related to your business.

 

​Attackers can use this information to:

  • Steal money from victims (modify direct deposit information, drain bank accounts)

  • Perform identity theft (run up charges on credit cards, open new accounts)

  • Send spam from compromised email accounts 

 

Attackers can also use your public information and relationship with the spoofed "sender" to get you to:

  • Purchase gift cards

  • Connect to an insecure site (http://) 

  • Get you to click on a malicious link and install malware on your device

Two examples of extremely sophisticated phishing that resulted in hundreds of thousands of dollars in losses for both businesses.  And both of these customers were in Office 365.

​1)  The first example:  the hacker broke into their Office 365 & researched the owner's wording within his emails.  They also were familiar with the corporate structure of their accounting department.  The "owner" emailed one of the check signers in the office & directed him to send a $200,000 payment to a new vendor & gave the bank information. 

 

The check signer questioned the transaction via but the "owner" again approved it to be sent.  The "owner's" email address was one letter off & the check signer didn't catch it.  The money was sent.  ​In these type of cases, I always advocate the old fashioned phone call or sneaker mail.

​2)  Another example was a notice from a significant vendor of the business.  There were many invoices outstanding & the "vendor" said there was a bank change & emailed the new bank information.  The a/p clerk asked that the change be sent on letterhead which they promptly provided.  $300,000 of invoices were paid to the new bank.  Again, a phone call would have caught this phishing scheme. 

For vendors that get paid via ACH:
 

  • There should be a chain of command approval process to set up new vendors - including a telephone call to verify banking information;

  • To change the banking information of an existing vendor, there should be the same procedures as above.

Our Cyber Security Endpoint Protection Includes:

  • 24/7/365 SOC Operations

  • 24/7/365 Threat Monitoring, Detection & Response

  • AI-Powered Monitoring

  • Complete Response & Auto-Remediation

  • Remote Monitoring & Management

  • Digital Forensics & Incident Response

  • Compliance Services

  • Vulnerability Management & Penetration Testing