In early January this year, our team got a call from a client who has offices in Singapore and Malaysia. They needed help securing their workstations and networks against today’s cyberattacks which are getting more sophisticated. For example, they mentioned that a competitor had hacked into their email and gained access to important company information. And worse, they suspected that their own employees were involved as well. They were scared that their company could be put in jeopardy if this information were to be leaked.
To make matters worse, they were running older versions of Windows (e.g., Windows XP, Vista, 7) without any modern security software or hardware (e.g., antivirus, antiphishing, etc.). Being a small business, they could not afford new machines or applications for this purpose. And since their existing machines were designed for basic desktop tasks like word processing and spreadsheets, they considered them to be low risk since they believe that such software cannot be that sophisticated or powerful to do all that damage.
By the time we arrived, they had already locked the doors and shut down the computers. However, they were still unsure of whether or not their data had been leaked. This is when it would have been really helpful if they had some sort of data-loss prevention (DLP) solution in place, as it would have helped them quickly identify which devices were at risk and lock them down or wipe them clean.
We started by performing a server and workstation hardening which meant taking down the weak links in their chain and strengthening the remaining parts. This involved:
• Installing a Malware Remover & Anti-Spyware Suite
• Updating the OS and applications
• Configuring their DNS
• Setting up a Firewall (to prevent attacks from entering the network)
• Adding additional Authentication steps (e.g., 2-Step Verification)
• Installing a VPN (Virtual Private Network) for secure remote connection to resources.
Next, we installed a virtual machine (VM) on their system to act as a Digital Hub or Central Processing Unit (CPU) to consolidate all of their network traffic. This is so they can maintain a thorough track of all incoming and outgoing data. It also provides isolation between different networks and servers which are connected to it. The benefit of this is that if one server falls victim to a cyberattack, the other connected servers will not be affected.
To further secure their resources, we deployed a hardware security module (HSM) which is a tamper-proof digital token that can be plugged directly into a PCI slot of a motherboard. This allows for two-factor authentication to be implemented by requiring an additional step (like a PIN code or a password) alongside the existing password to log in to a system or application.
Then, we set up a monitoring process to collect data regarding suspicious behavior that could indicate an attempted breach or data theft. This also involved installing several different types of surveillance cameras (known as “intrusion alerts”) around the perimeter of the building as well as inside key areas like the reception area, workstations, and server room. Finally, we added a couple of hidden cameras inside the server and workstations to capture the activity of the people working there as well as anyone who might try and access their data (without them noticing).
All in all, it took us about four to five hours to get everything set up and running. And throughout the whole process, the client was extremely receptive to our advice and input.
If you are reading this, I assume that you are either a) a network security professional who is keen to keep up with the fast-paced world of cyber security, or b) a company that needs to secure their resources against the threats posed by hackers and cybercriminals. If this is the case, then you have come to the right place since we are going to tell you about a real-life example of a network security strategy that was put into practice by our team at BizEaze that helped its customer to secure their workstations, servers, and networks against cyberattacks.
Before we begin, let us define some key terms:
• Workstations: PCs, Macs, and other devices that employees use to do their jobs
• Servers: Computer systems that store critical business data and serve it to other devices connected to the network
• Networks: The collections of workstations and servers that form a company’s internet connection
• Cyberattacks: Malicious activity that occurs online; most often, this involves hackers trying to access sensitive data or attack critical systems to cause damage
• DLP: Data Loss Prevention, which is a strategy employed to protect organizations from the damaging effects of data breaches. This can be as simple as regular backups or as advanced as endpoint encryption and monitoring of employee activity (social media etc.)
• 2FA: Two-Factor Authentication, where users must enter a second factor (like a PIN code or password) along with their existing credentials to log in to a system or app
• VRM: Virtual Router Management, where a hardware security module (HSM) can be used to create a virtual private network (VPN) that resides on a single router (instead of deploying a separate VPN for each individual computer or mobile device)
• Honeypot: A type of lure used by cybercriminals to gain access to a network or system. This is where most of the workstations and servers we mentioned above would have been at risk of being successfully hacked. We used honeypots to monitor the activity of known hackers and gain advanced knowledge about their methods so we can stop them before they cause too much damage.
Our client, a real estate company in the Middle East, needed to secure the resources of their headquarters in Bahrain against cyberattacks. Since they were already using BizEaze’s managed services, we started by deploying a virtual private server (VPS) for them.
What is a VPS? Think of a VPS as being the public face of your private server. In other words, anyone who visits your website will see the contents of a VPS, but in order to see the private servers, you need to be connected to it via SSH (Secure Shell) or similar tools. This is akin to having a public website that contains important information like contact details, social media links, and other such data known as “business information”. You would never post this information to a public website, as it would be a security risk. So, in the same way, you should not make public the contents of a VPS.
As mentioned above, one of the key concerns for our client was the security of their email. Since most of their customer’s interactions are now conducted digitally (e.g., online forms, online shopping, email, social media), they considered this medium to be the most important avenue for attacks. In fact, they mentioned that their email had been compromised twice in the last year. This was why they were reluctant to use it for important email communications (e.g., alerts about orders, important announcements, and invoices).
The first instance occurred last year when a hacker broke into their network and used an automated program to search for email addresses in order to send spam emails.
The second occurred earlier this year when a hacker used a phishing email to trick their employees into thinking that they were receiving a sensitive document that required them to click on a link in order to view it. When they did this, their web browser was automatically redirected to a fake version of the website (designed to look exactly like their real website but with one important difference: all of the sensitive information has been hidden or replaced with fake details). The goal of this fraudulent website was to get the employee to enter their credentials (like their password and email address). Once their credentials were verified, the employee’s web browser would be loaded with a malware-ridden version of the site.
If this sounds like your organization, you are in luck since we have the perfect solution for you.
Let us take a look at how we helped this real estate company to secure their email and other resources against cyberattacks.
Malware Remover & Anti-Spyware Suite
Since our client was already using BizEaze’s managed services, we started by deploying a virtual machine (VM) for them. While they were still at the stage of identifying the potential threats and mitigating them, we also set up a Malware Remover & Anti-Spyware Suite for them.