What exactly is preventive cyber-security?

There has been a movement among technology providers to promise “proactive” cyber security consulting. Small- and medium-sized businesses love the idea of preventing cyber-attacks and data breaches before they happen, and service providers would much rather brainstorm safeguards than troubleshoot time-sensitive downtime events. But it’s not always clear what proactive cyber-security means, so let’s take a minute to go over it.

Understand the threats you’re facing

Before any small- or medium-sized business can work toward preventing cyber-attacks, everyone involved needs to know exactly what they’re fighting against. Whether you’re working with in-house IT staff or an outsourced provider, you should review what types of attack vectors are most common in your industry. Ideally, your team would do this a few times a year.

Reevaluate what it is you’re protecting

Now that you have a list of the biggest threats to your organization, you need to take stock of how each one threatens the various cogs of your network. Map out every device that connects to the internet, what services are currently protecting those devices, and what type of data they have access to (regulated, mission-critical, low-importance, etc.).

Read More


Is WebRTC a worthwhile addition for you?

The VoIP industry is becoming increasingly hard to define. More and more are voice communications being made over internet connections, and sometimes you may not even realize you’re doing it. WebRTC is a newcomer to the internet-based telephony field. Read on to decide whether it's for you.

What is WebRTC?

At its most basic, WebRTC is a way to make phone calls, video calls, instant messaging, and file transfers with nothing but a web browser.

And in addition to being immensely convenient for end users, WebRTC is relatively easy to configure for administrators and developers. You can create a link on your homepage that will allow customers to initiate a video call without the need to dial a number from their phone, or even open up Skype on their desktop.

The benefits to your customers

This creates a much more connected customer service experience. With WebRTC calls, you’ll never have to ask “Ok, are you looking at our site?” They had to navigate to your site to even make the call, so a certain amount of knowledge can be assumed the moment you pick up the line. This allows customer service representatives to assist customers calling through this medium in a more specific, nuanced way than calls they receive from cellphones and landlines.

Read More


Is fileless malware a threat to you?

There have been some truly horrifying cyber-security headlines popping up over the last month. If you’ve been reading about “fileless” malware attacking banks and other big-name institutions around the world, we’re here to set the record straight: Your business isn’t in direct danger. But even if you’re not, staying abreast of all the details is still worthwhile.

What is this new threat?

To oversimplify the matter, fileless malware is stored somewhere other than a hard drive. For example, with some incredibly talented programming, a piece of malware could be stored in your Random Access Memory (RAM).

RAM is a type of temporary memory used only by applications that are running, which means antivirus software never scans it on account of its temporary nature. This makes fileless malware incredibly hard to detect.

This isn’t the first time it’s been detected

Industry-leading cyber security firm Kaspersky Lab first discovered a type of fileless malware on its very own network almost two years ago. The final verdict was that it originated from the Stuxnet strain of state-sponsored cyber warfare. The high level of sophistication and government funding meant fileless malware was virtually nonexistent until the beginning of 2017.

Read More



Vulnerabilities on WordPress websites

“Easy-to-use,” “SEO-friendly,” “open-source,” and “customizable.” These are some of the words that best describe WordPress, currently the most popular Content Management Solutions (CMS) platform. With thousands of websites affected in a recently launched series of attacks, “easy to target,” “hackers’ favorite,” and “prone to attacks” could soon be used to define the experience of running a WordPress website.

WordPress attacks by the numbers

In 4 separate attacks, an estimated 40,000 websites were compromised, defacing 67,000 web pages, which has quickly gone up to 1.5 million. A security release update, WordPress 4.7.2, was immediately launched to mitigate the flaw, but not everyone was able to deploy it on time, thus inflating the number of corrupted web pages.

Although WordPress took measures to ensure that the vulnerability would go unnoticed, hackers found a way to get around the initial fixes and exploited the sites that remained unpatched. Those who haven’t applied WordPress’s latest security release were the ones most harmed by the defacement campaigns, and it soon became highly publicized.

Steps taken

Fixes have been deployed and stronger patches are in the works, but hackers do not just sit around and wait to be taken down. In fact, more attacks are being launched concurrently with security developers’ attempts to strengthen blocking rules.

Read More



What you need to know about Cloudbleed

Internet security company Cloudflare revealed a major flaw in their system. The so-called ‘Cloudbleed’ vulnerability leaked customer information from thousands of websites, according to Cloudflare researchers. Fortunately, there have been no signs of exploitation, but that doesn’t mean you should be complacent. Here’s everything you need to know about Cloudbleed.

What is Cloudbleed?

Although it’s technically similar to Heartbleed, a bug that compromised millions of websites and accounts, Cloudbleed is less severe. Google security researcher Tavis Ormandy discovered that several Cloudflare-hosted websites, including Fitbit, Uber, and OkCupid, were inadvertently leaking customer information and saving them within the source code.

For example, when a person visits a bugged Uber page, the website code could contain data and login credentials from another user who recently visited the page. The data may be hidden between several lines of code, but a skilled hacker can easily find it.

Exploiting it, however, is more difficult. The Cloudbleed bug collects random bits of data, which may or may not contain any sensitive information, making it a less attractive point of attack for cybercriminals. Over time, a cybercriminal may be able to compile enough information to exploit, but it doesn’t seem to be a viable option for targeted attacks.

Read More


Three Steps to Help Prevent Workplace Crime

Protecting your business from crime – both internal and external – takes effort. But with criminals looking to take advantage of you on every front, it's an effort you need to make. But where do you start? To non-security professionals, knowing what to do can be difficult. To make your challenge a little easier, we've boiled down business security to three basic, more manageable steps.

CLICK HERE FOR FULL VERSION



Heritage specializes in the convergence of the four key pillars of technology - the integration of IT, security, communications and print solutions - giving our clients one complete source and a trusted business partner for all their needs.

Heritage – the latest technology solutions with a tradition of quality craftsmanship and values