Less than 3 minutes, and there were 60 attempts blocked by the firewall. This goes on 24/7. Here’s the edited report and explanation.

One of my clients wanted me to block IP addresses from all but five countries. Originally there were only three countries allowed, but over the course of time business needs warranted allowing traffic from two more countries.

The firewall is passive. In other words, it logs the event, but it returns no response to the IP address in the other country. A response would trigger additional activity.

There are many ways for cybercriminals to circumvent this. It’s not perfect.
1) Blocking IP addresses by the country of registration does nothing to stop similar probes from a proxy in one of the allowed countries.
2) This doesn’t stop malicious links or attachments in emails from servers in allowed countries.
3) This doesn’t stop employees from visiting infected websites in allowed countries.

But it does significantly reduce contact with malicious or infected servers. For example, suppose an employee receives an email that contains a malicious link pointing to one of the blocked countries. If the employee is tricked into clicking on the link, the link doesn’t work, and the employee gets a notice on their screen that it’s forbidden. At the same time, a firewall log entry is generated. This event can be used for one-on-one training with the employee, so they better understand how to identify suspicious links.

SPECIAL CASE: INTERNATIONAL CORPORATIONS
“But Bob, my company is international. We have traffic from almost every country.”

You might want to think that through a little more carefully. Ask yourself, “Do the Customer Care agents handling North America really need traffic from IP addresses in Western Europe?” You might find that the firewall rules for the Detroit office, the London office, and the Tokyo office can all be made more secure with custom geographic IP address block lists.

Of course, that means you’ll need enough cybersecurity staff to stop using cookie-cutter firewall rules in all 700 offices. You’ll need to analyze the traffic in each office, see where the legitimate traffic endpoints are, and only block the others.

#callmeifyouneedme #fifonetworks

#cybersecurity #firewall #soc #securityanalyst

Note to large companies: after you do the credit check, there's almost never a reason to keep the customer's Social Security number.

Delete them. Delete them all. Do it now.

#callmeifyouneedme #fifonetworks

#cybersecurity #policy #fintech #socialsecurity

Don't buy cheap USB cables or chargers. Physical damage may result.

To achieve the high data rates that the newest USB standards are capable of, the connector body (shell) and contacts are built to very close tolerances. Cheap cables are often manufactured without rigid attention to the specifications. These low-quality cables can permanently damage the contacts in the USB-C connector on your $600 smartphone.

I've seen a USB-C connector that was physically too large for the receptacle. The result was that after the client used the cable on their laptop for a few weeks, the receptacle was permanently loose no matter what connector was plugged into it. A few months ago I saw the same thing with an iPad and a cheap charger with an oversized Lightning connector.

Only buy quality, name-brand cables and chargers.

#callmeifyouneedme #fifonetworks

#helpdesk #remotesupport

DARWIN AWARDS: CEOs who still don’t prioritize cybersecurity.
You’ll frequently see posts on LinkedIn with ideas for communicating risk to the CEO and/or the Board. It’s even a topic at conferences.

We are long past that. If the CEO hasn’t yet figured out that cybersecurity is right up there with the most important measures of business success, then they’re really not qualified to lead. A competent CEO values data protection as much as worker safety and product quality. The CEO is expected to understand the principles that are fundamentally important to business success, and make those principles actionable at every level of the organization.

It’s not the CISO’s job to help the CEO understand that cybersecurity is important. It’s the CEO’s job to enable and empower the CISO.

A CEO that doesn’t do that needs to be removed and replaced.

#callmeifyouneedme #fifonetworks

#cybersecurity #leadership

If your organization is hit with ransomware and the CISO, or CIO, or some IT or Cybersecurity Director, recommends you pay the ransom, put them at the top of your suspect list.

Assume you will be breached and design accordingly.

Design your system with current, offline, unpowered backups. Develop an efficient "wipe and restore" plan.

Minimize your:
Data collection,
Data storage, and
Data retention.

Segment your network.
Segment your storage.

If these things can't be done with your current business processes, change your business processes.

Never pay a ransom.

#callmeifyouneedme #fifonetworks

#cybersecurity #ransomware

Stalker Alert: Check your calendar settings. If you shared a calendar, such as Google Calendar, with a significant other, and then the relationship ended - did you remember to disable calendar sharing? Your calendar events can provide significant details about your activities, friends, and location. If your ex-partner is prone to stalker behavior, this information can be used against you in many ways.

Also, if your ex had access to your phone, tablet, or computer, they may have set up calendar sharing without your knowledge.

And while your checking your calendar for sharing, take a quick look at your email settings. Has anyone with access to your device configured email forwarding without your knowledge or permission?

Pictured: a screenshot of my Google Calendar settings. I share my calendar with my wife.

#CallMeIfYouNeedMe #fifonetworks

Here’s an interesting data recovery job… The client’s elderly mother died several years ago. He has an external USB drive with a copy of everything from her computer. All of the letters she wrote for several years are on that drive. But here’s the problem – she was using Lotus Word Pro! It’s not compatible with Microsoft Word, which my client uses.

My job is to convert all of the .lwp files to .docx files. I drove to my warehouse and brought an old Windows 7 computer back to the office. It has a working copy of Lotus Word Pro on it.

Uh-oh… then I made a second trip to the warehouse to get an old monitor that still has VGA input, since the computer only has a VGA video output.

NOTE 1
There are online services that will convert lwp to docx. I choose not to use these services, and I don’t recommend them to my clients, because I don’t see uploading personal files to a third party resource of unknown reputation as a wise decision.

NOTE 2
I’m not a coder. I’m sure a software engineer could write a few lines of code that would automate the process and whiz through those files. If there were enough files to make it cost effective, I’d hire someone to write that little utility for me. In this situation it’s not that big a job, so I’m doing it manually, one file at a time.

And now, here’s the point of all this: THE LESSON
Data recovery isn’t just about corrupted disks or encrypted files; it’s also about deprecated file formats. If you’re archiving data for the long term – for example, legal archives, or family records you want to pass down for generations – you need to pay attention to file formats and keep the information in a current format.

#CallMeIfYouNeedMe #fifonetworks

#datarecovery #helpdesk #remotesupport

I shouldn't have to say this, but as soon as you discover you're in the middle of a ransomware attack, shut down all inbound and outbound email, and start using the fallback communications systems specified in your Incident Response Plan.

#callmeifyouneedme #fifonetworks #ransomware #incidentresponse

I'm doing data recovery from a failed external USB drive for a client. Because of the damage the files don't show up in File Explorer, but this recovery program is finding a lot. Anyone recognize what program I'm using?
#datarecovery #helpdesk #callmeifyouneedme #fifonetworks

I didn't do this. I was called in to work on it, though.

It’s a national client who rents office space in bulk, and then re-rents it at a profit to small businesses. For example, they rent the whole floor in this building, and then sub-lease individual offices. I got a call from their Service Desk in another state. A problem had developed, and I was dispatched as the local tech to fix it. I had never done work for this company before – I didn’t create the mess!

I sent the Service Desk contact this picture. He told me not to clean it up. All they were paying me for was to fix the one problem they called me about. Okay, that’s fine. I provide IT services by the hour for companies (and individuals) that can’t have a full-time IT staff.

I predict more work from this client in the future.

#callmeifyouneedme #fifonetworks

#informationtechnology #cybersecurity #facilitiesmaintenance

"Today I had to troubleshoot my own computer problem!"

THE LESSON
Everything that looks like a virus isn’t a virus. Knowledge of hardware, and hardware troubleshooting, is important.

#CallMeIfYouNeedMe #FIFONetworks #helpdesktales

(Hyperlink to my LinkedIn post)

https://www.linkedin.com/posts/fifonetworks_callmeifyouneedme-fifonetworks-helpdesk-activity-7014671505238233088-UAhk?utm_source=share&utm_medium=member_desktop

Your password, no matter how complex, is never safe from a brute force attack.

EXAMPLE 1
Assume a password chart that says a password with your complexity criteria will take 30 days to crack. That means half of all passwords with your complexity criteria will be cracked in the first 15 days.
10% of those passwords will be cracked in the first 3 days.
3.33% will be cracked on Day One.
And some passwords with your complexity criteria will be cracked in under 10 seconds.

EXAMPLE 2
With most brute force cracking tools, Abcdefgh123! will be cracked sooner than Zyxwvuts123!, but there are no guarantees. Versatile tools will let the criminal control the attack sequence.

SOLUTION
Use 2FA as well as a complex password.

#CyberSecurity #LastPass
#CallMeIfYouNeedMe

Following up on yesterday's post about unlocking the computer of a deceased person: that's only one thing I do; it's a part of IT support services.
BUT -
It occurs to me that someone could build an entire IT specialty niche business doing nothing but recovering data and computer and account access for surviving relatives after a loved one dies leaving no obvious record of their passwords.

Form relationships with a few attorneys that specialize in wills and estates, and you've got a referral network to help get appointments.

#CallMeIfYouNeedMe
#fifonetworks
#cybersecurity
#AccountAccess
#DataRecovery

Last week I traveled to the home of a deceased person and unlocked their computer in the presence of the executor of the estate. Among other things, I exported the email contacts so the list could be used to notify friends of the death, and details of the memorial service.

The deceased was a man who lived alone and died alone. One thing in particular brought home the fragility of life. He was using his computer at 3:19 pm. Sometime shortly after that he went into medical distress, and never touched his computer again.

Let people know you love them.
Allow yourself to be loved.
Stay connected.

#cybersecurity #forensics #email
#callmeifyouneedme

So far this week I’ve worked with two potential new clients who lost data. For one of them, it was evidence in a court case, and it’s irretrievable. For the other one, it was a "bricked” personal laptop. They may be able to recover the data by using one of the big professional data recovery companies, but it’ll cost a couple thousand dollars.

Of course, neither of them had backups of any kind.

Storage is cheap. Do your backups. If you don’t know where to start, contact me.

#callmeifyouneedme #fifonetworks

#backups #datarecovery #helpdesk #techsupport #soho

“Which is less expensive: cloud-based infrastructure-as-a-service, or maintaining our own servers on-prem?” This is the wrong question.

Don’t decide on cost.

When choosing cloud versus on prem, choose based on the business use case, functionality, and security. Then pay for the best design, either way.

Does your business have unpredictable swings in size? Do you need to be able to add more servers rapidly and then shed those servers after the rush is over? Then cloud services make sense.

Is your data in a high-risk and well-known category, frequently/constantly under attack? Then maintaining your own servers with access exclusively through dedicated data circuits makes sense.

There are other design options, including hybrid architectures.

Information processing, storage, and access should be designed based on core needs, not cost.

#callmeifyouneedme #fifonetworks

#informationtechnology #cybersecurity #functionaldesign

The primary email on your LinkedIn account should be your personal email, not your company email. This is always true, but especially important when there are lots of layoffs. If you lose your job, you don’t want the extra headache of trying to regain control of your LinkedIn account.

Bonus tip: the email security at most companies doesn’t restrict the export function. You can usually export your emails and/or your contact list. (Disclaimer: I’m not a lawyer, and this is not legal advice. You may have signed a legal document that restricts you from exporting any company data).

#callmeifyouneedme #fifonetworks

#layoffs #career #jobs #privacy #employment

With all the layoffs currently happening, this is a good time for some reminders to the ones who are still employed (for now).

1) Don’t use your work email for anything you want access to after your employment ends. Your job could end suddenly, and that email is gone.
2) If at all possible, don’t use your work computer for anything personal. Use your phone or tablet.
3) Use your cellular Internet connection with phone or tablet for personal communications/activities, rather than the company’s Internet.
4) Keep your personal documents on a USB drive, not the company’s computer.
5) If you work from a home office, set up a separate network for work. Keep their laptop isolated from your home network.

#callmeifyouneedme #fifonetworks

#layoffs #career #jobs #privacy #employment