502-241-2600      shopping cart    Get SUPPORT

MCM Kramer Technology Solutions Blog

Bill Gates gives out a warning

In an interview and annual letter both Bill Gates spoke in a warning tone to tech companies. Gates warns tech companies that a government crackdown may be in the future. You can read more in this GeekWire article. 

Continue reading

Team Building Tuesday

Have you found podcasts to maximize your commute? Whether you enjoy a good listen on the train, in the car or even at the gym later tonight, Entrepreneur has some fantastic episodes on team building. Here are one of the good ones, 

Episode 7: Team Building Techniques, NewFronts, and Entrepreneur Network Click here to listen. 

 

Continue reading

2017 Best Places to Work in Greater Louisville

best places to work

We are thrilled and honored to celebrate our 2nd year in a row as Best Places to Work in Greater Louisville. Business First shared the honoree list June 5th, you can see the entire list here. 

Continue reading

Will there be a Digital Geneva Convention?

Microsoft and others are questioning if intelligence agencies are disclosing security vulnerabilities or not. After 10 countries were affected by the massive hack many are looking to see how to get ahead in the future. You can read more here

Continue reading

Social Engineering: What is it?

         By now, most people have likely heard the term, “Social Engineering” in various contexts. The term can have multiple meanings, but in the context of IT security is defined as the use of deception or manipulation techniques to induce someone to divulge confidential information. This may be as simple as calling a company pretending to be an employee and asking for credentials. Social engineering can range from simple attempts that are easily recognized as illegitimate, such as the well-known “Nigerian Prince” email scams, to extremely complex, targeted attacks that often go undiscovered.

            Social engineering attacks can take place using any form of communication, and are thus not limited to network-based protocols. Some examples of real-world social engineering attacks include: an attacker dropping malicious USB drives in a company’s parking lot, an attacker disguising himself as an IT employee or consultant and asking for access to the server room, and an attacker calling a help desk asking for a password reset on an account he does not actually own. In all of these cases, the attack is based on exploiting trust. People have an innate trust for authority, and a strong desire to want to help whenever possible. Unfortunately, these and other human qualities can be leveraged by skilled attackers to gain access.

            So how can one prevent or dissuade social engineering attacks? Unfortunately, there is no singular technical solution to prevent social engineering. As is the case with the majority of cybersecurity threats, a “Defense-in-Depth” strategy is the best way to protect against social engineering. Defense-in-depth strategies utilize a combination of technical safeguards, policies and procedures, and employee awareness programs to dramatically decrease the likelihood of a successful attack.

            That completes our basic introduction to social engineering. Join us in the next installment of the social engineering series, where we will cover this topic in greater depth. If you would like to talk to our skilled consultants about protecting your business from social engineering, please give us a call.

Continue reading

Love your Mac, but need Windows for work?

If you love your Mac, but need Windows for work there is a solution through virtual machine. This Gizmodo article breaks down how virtual machines work, a few pros/cons and solutions to get you started. Let us know how we can help you improve your work efficiency by giving us a call 502-241-2600.

Continue reading

Passphrase vs. Password?

      Passwords: the bane of our modern existence. No matter how many new technologies emerge to help assuage our password woes, it seems we will always remain tethered to what seems to be the only remaining vestige of the early days of computing. Passwords are nearly universally reviled – end users dislike the constant cycle of password changes, complexity rules, password history restrictions ad nauseum; administrators hate having to coach the end users through the password creation process, the constant cries of “I forgot my password!”, and the frustration of knowing that at the end of the day, even the most top-tier network security architecture can come crumbling down at the hands of a password carelessly written on a post-it note and tossed in the trash.

      So how did we get to this point? Does it really matter if we have a minimum of 42 characters, with two ampersands and a carat, thirteen numbers – distributed randomly, of course – and substitutions throughout? To quote Randall Munroe of the web comic xkcd, “through twenty years of effort, we’ve successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess.” We propose, along with a growing number of computer security experts, that it is time to reassess the commonly accepted wisdom when it comes to passwords; that we must eschew the idea that it is essential for all passwords to be reset every thirty, sixty, or ninety days, that it is necessary to have an upper and lower case letter, a number, and a special character in every password. In theory, these are good practices to put in place for a variety of reasons; but in practice, these policies only encourage insecure passwords that get upcycled by adding a single digit and an exclamation point to the end – or worse, written on a sticky note and tucked away underneath a keyboard.

      So what does the alternative look like? How do we keep systems secure, while minimizing the frustration experienced by everyone involved? NIST recommends we eliminate composition requirements, expiration without reason, password hints, and knowledge-based authentication. What this would mean for the end-user is the end of length, complexity, and history requirements, no more password resets after a defined time, no more “rhymes with bassword” hints, and no more “what was your maternal grandmother’s dog’s father’s name?” secret question/secret answer systems. Additionally, NIST recommends we encourage the use of passphrases rather than passwords, because password length matters substantially more than password complexity.

      With these new password guidelines, we will see a drastic reduction in the pain involved in creating and maintaining secure passwords, and hopefully as a result, a reduction in the number of cybersecurity incidents. 

Continue reading

Ransomware: Incident Response

                Welcome back to our series on ransomware! In the last article we discussed ransomware prevention techniques, but what happens if our defenses fail to stop an infection? That’s where having a solid incident response plan comes into play. An incident response plan is an easy-to-follow document detailing the necessary steps to contain and remediate an infection or breach.

                The incident response process for ransomware is very much like any other incident response process, with the notable exception being the decision of whether it makes financial sense to pay the ransom. We generally do not recommend paying the ransom, for a multitude of reasons; but from a purely financial standpoint, it is often cheaper to pay to regain access to your data than to attempt recovery via other means. Paying the ransom can be troublesome, as the organization may open itself to prosecution for providing financial support for a known criminal enterprise, and may be marked by the criminal enterprise as a prime target willing to pay ransom. If you make the decision to pay the ransom, be aware that there are no guarantees that you will even get the decryption keys. For this reason, it is imperative you put the requisite controls in place to stop infections before they start, have a good backup procedure in place, and develop an incident response plan before being infected.

                Incident response is broken down into six phases that dictate steps taken prior to, during, and after an infection or breach. These six phases are as follows – this information is from the SANS Institute Incident Handlers Handbook:

  1. Preparation.
    1. Make all members of your team aware of the organization’s security policies.
    2. Make all members of your team aware of whom to contact in the event of an incident.
    3. Do all members of your incident response team have access to any tools necessary to perform incident response?
    4. Regularly perform incident response drills to practice and improve the incident response process.
  2. Identification.
    1. Where did the incident occur?
    2. Who reported or discovered the incident?
    3. How was the incident discovered?
    4. Are there any other areas that have been compromised by the incident?
    5. What is the scope of the impact?
    6. What is the business impact?
    7. Have the source(s) of the incident been located? If so, where, when, and what are they?
  3. Containment.
    1. Short-term containment
      1. Can the problem be isolated?
        1. If so, proceed to isolate the affected systems. (Remove infected machines from the network, ensure there are no avenues for the infection to spread).
        2. If not, work with the system owners and/or managers to determine what actions are necessary to contain the system.
        3. Are all affected systems isolated from non-affected systems?
          1. If so, continue to the next step.
          2. If not, continue to isolate affected systems until short-term containment has been accomplished to prevent the incident from escalating.
  4. System-backup.
    1. Have forensic copies of affected systems been created for further analysis?
    2. Have all commands and other documentation since the incident has occurred been kept up to date so far?
  5. Long-term containment.
    1. If the system can be taken offline, proceed to the Eradication phase.
    2. If the system must remain in production, proceed with long-term containment by removing all malware and other artifacts from affected systems, and harden the affected systems from further attacks until you can reimage the systems.
  6. Eradication.
    1. Can the system be reimaged and then hardened with patches and/or other countermeasures to prevent or reduce the risk of attacks?
      1. If not, why?
  7. Have all malware and other artifacts left behind been removed and the systems hardened against further attacks?
    1. If not, explain why?
  8. Recovery.
    1. Has the affected system(s) been patched and hardened against the recent attack, as well as possible future attacks?
    2. What day and time would be feasible to restore the affected systems back into production?
    3. What tools are you going to use to test, monitor, and verify that the systems being restored to production are not compromised by the same methods that caused the original incident?
    4. How long are you planning on monitoring the restored systems and what are you going to look for?
    5. Are there any prior benchmarks that can be used as a baseline to compare monitoring results of the restored systems against those of the baseline?
  9. Lessons Learned.
    1. Has all necessary documentation from the incident been written?
      1. If so, generate the incident response report for the lessons learned meeting.
      2. If not, have the documentation written as soon as possible before anything is forgotten and left out of the report.
  10. Does the incident response report document and answer the following questions of each phase of the incident response process: (Who? What? Where? When? Why? And How?)?
  11. Can a lessons learned meeting be scheduled within two weeks after the incident has been resolved?
  12. Lessons Learned Meeting.
    1. Review the incident response process of the incident that occurred with all incident response team members.
    2. Did the meeting discuss any mistake or areas where the response process could have been handled better?

In addition to the steps listed above, in the case of a ransomware infection, it is a good idea to keep an offline backup copy of any encrypted files in the event that the encryption scheme is ever broken or the decryption keys released.

That concludes this week’s installment of our series on ransomware! Join us next week, where we’ll be discussing mitigating factors – namely secure backup systems.

Continue reading

Small Company of the Year

small company of the year

Business First recently produced this video from the Small Company of the Year Finalists and Winner. We are honored to share the vision of KCI and to see the faces of those who put servant leadership into practice for our clients each and every day. Enjoy the fun watch! 

https://vimeo.com/195300694

Continue reading

Ransomware: Prevention

Welcome back to our series on ransomware. In the last post, we discussed what ransomware is and how it spreads. With this baseline knowledge of how ransomware works, we can work toward preventing ransomware attacks. So, how do you prevent ransomware – and malware in general – from gaining a foothold in your corporate network? The first step to any effective defense is a solid antivirus/antimalware solution. There are many antivirus solutions on the market today, and as with any product, each solution has strengths and weaknesses, but it’s difficult to go wrong when you stick to well-known trusted providers such as Symantec, Kaspersky Labs, Webroot, ESET, AVG, Avast, etc. These products are well tested, constantly updated to deal with the latest threats, and have proven effective at preventing many variants of malware. While it is absolutely necessary to have all computers covered by a good antivirus solution, no antivirus can prevent all attacks all the time. The next step to malware prevention is user awareness. The vast majority of ransomware infections begin with a file opened or application run by a user who has been duped into believing the file or application is benign. Because of this, it pays dividends to ensure your company’s staff is fully aware of the potential threat of malware infection and social engineering. It is important to conduct regular user training sessions, occasionally test social engineering attacks against your company, and have a technology use policy in place to keep information security in the collective mindset of your users. The next steps in prevention are iterative, building upon and enhancing the defenses of antivirus and user awareness. Some examples are spam & virus filtering devices or services that help prevent malicious emails from getting to users’ inboxes, web content filters that block non-business-related or potentially risky websites, next-generation or “deep packet inspection” firewalls that inspect all network traffic for malware signatures, intrusion detection and prevention systems that can actually shut down an attack in progress, and ransomware canaries to limit damage from a successful attack. These solutions can be highly effective, but may come at a fairly high cost of implementation and/or maintenance. Though the cost of implementing some of these additional defenses may be high, a good defense can pay for itself in many cases by preventing a single successful attack. Last but not least, it pays to have a backup plan. Ensuring all business critical data is backed up on a regular (daily at the very least, more frequently if possible) basis, both on- and off-site, will save you the pain of having to pay a criminal enterprise for access to the data you already own. A good backup appliance with cloud replication that cannot be encrypted by ransomware is indispensable if your defenses fail to prevent an infection. Implementing these defenses can save your company thousands of dollars in potential data loss, ransom costs, and lost productivity. Stay tuned for the next installment of this weekly series, where we will discuss what to do if you are hit by a ransom.

Continue reading

Ransomware: Introduction

           If you haven’t heard the term “ransomware” yet, consider yourself lucky. In this multi-part series, we will be discussing the relatively recent strain of malware known as ransomware. As the name suggests, the goal of this particular malicious software is to hold your corporate or personal data hostage, and demand a cash payment using the digital currency Bitcoin or other untraceable digital payment remittance service. In order to defend yourself from ransomware, it is helpful to first understand how it breaks in to your network in the first place.

                Most commonly, ransomware is distributed by emails known as “phishing” scams. Phishing emails can be targeted specifically to an industry, company, or individual; or simply generalized and sent out in massive batches to any email addresses the attackers can harvest. Phishing emails are designed to make the recipient take some action, such as opening a malicious attachment, or clicking a hyperlink where malware is hosted, by using social engineering. For example, the email will masquerade as something the victim expects to receive, such as an invoice to the Accounting department, and will provide an incentive for the user to open an attachment with malicious code, like purporting to be a demand for past-due payment. Once the computer has been infected, the ransomware goes to work encrypting files. When file encryption is complete, the ransomware will make its presence known with a ransom note, telling the victim how to make arrangements to obtain the decryption key and regain access to the encrypted data.

                In many cases, the ransom note will specify a time at which the decryption keys will become unavailable, or the ransom will increase - generally doubling every 48 hours after infection. These ransom notes can vary in complexity, often they are simple text files telling the victim to email a particular email address, all the way up to full web pages with links to various resources and information to assist the victim in purchasing and sending Bitcoin to the attacker. In some cases, ransomware distributors will even provide their victims with real-time chat support.

                With this foundational information about how ransomware spreads, we can begin to build an effective defense. Please stay tuned for future installments of this series, where we will discuss next steps, including prevention, mitigation, and incident response.

Continue reading

Protect yourself with No More Ransom

Ransomware attacks are happening more often and something that we frequently help clients work through. Perhpas your business has had the malicious headache or you've heard friends talking about Bitcoin and the painful recovery. No More Ransom is a site composed by the collaboration of two great leaders in IT: Intel Security and Kaspersky Labs. The site exists to help clients before or after your computer has been compromised. You can read more here. As always, your KCI team is close by to offer preventative solutions in advance or to help you in times of crisis. 

Continue reading

2016 Business of the Year Finalists

We couldn't say enough good things about our clients and the readers of Business First who nomiated KCI as Business of the Year 2016. It is truly an honor folks! 

You can check out the full list of finalists here as we share the space with some pretty fine company. 

Continue reading

KCI Receives Fast 50 Award from Business First

fast 50 logo for web 750xx232 309 37 0

It has been an incredible year at KCI and we continue to serve you humbly. KCI was recently named one of the Fast 50---fastest-growing private companies in Louisville! We are honored to receive the award at the Fast 50 Luncheon on October 27th at the Louisville Galt House. 

For more details check out the Business First article here

Continue reading

Mobile? Grab this Article!

QR-Code dieser Seite