Spending more doesn’t mean higher protection

Unfortunately, just because these facilities are spending more, doesn’t mean they’re more protected. Finding a security solution that is preventative in detecting malware is what is most important.  Many security solutions focus on remediation — fixing the problem after an attack occurs.  

This is no longer a logical approach.  Dealing with a breach or ransomware attack after the fact is not feasible.  Once these cyber attacks occur, it is too late.  Systems are down, files are locked, and/or patient information has already been acquired by the cyber criminals.

Why target the healthcare industry?

Why is the healthcare industry a target of cyber criminals?  There are multiple reasons.  First, patient files are going for roughly $100 or more per file on the dark web.  Therefore, it is far more lucrative for hackers to spend their time stealing medical files, compared to a social security number or credit card information which sells for about a buck.

Also, they’re an easier target.  Often times, hospitals and clinics are running outdated programs and/or operating systems.  Because they are out of date, they have unpatched security vulnerabilities.  Essentially, a back door is left open for hackers to gain access to install malicious software or breach the facility’s systems.

Lastly, after they are hit with malware, such as ransomware, they are far more likely to pay to get their files back and their systems restored.  Taking complete control of a hospital’s servers would mean the facility would likely go offline. Restoring server files is much harder than simply protecting the IT assets with server security solutions. 

This means no electronic records, no electronic imaging, no emails — operations would go back to doing everything with a pen and paper.  Now it isn’t unrealistic to assume a facility could function in such a way, since it was done once upon a time.  

However, in today’s world, medical professionals are accustomed to the luxury of electronic systems and technology to help diagnose medical ailments.  Taking that away doesn’t sit well with them.  This isn’t to say every facility hit with ransomware will pay to regain access to their systems.  

Recently, Erie County Medical Center was hit with malware and they have spent the last two weeks trying to slowly regain access to their systems.  However, some aren’t that patient.

What to do next…

It is time to be proactive.  By using a security solution with a whitelist approach, any files or programs that are not safe will not have permission to run.  Therefore, significantly mitigating the risk of exposure to malicious cyber attacks. PC Matic Pro is a security solution that includes an automated, global whitelist. Explore hospital ransomware protection solutions from PC Matic.

It would also be best practice to back-up the facility’s data at least once a day.  Store these backups on an external or cloud device. When using secure backups with application whitelisting ransomware protection increases exponentially.

Facilities should also have a disaster recovery plan.  This plan should explain, in detail, the steps the facility will take if a cyber attack were to occur.  This should include how the facility will restore their systems, where to store backup files, and who will lead the restoration process, etc.

Read more about healthcare cybersecurity.

Application Whitelisting Cybersecurity. Never in our history has cyber security been a bigger threat than it is now.  Whether it is our computers, smart phones, tablets, televisions, smart watches, etc., they’re all at risk.  Malware and ransomware threats are becoming an increasing menace.

How can we possibly secure our data against these threats?  The FBI and The Department of Homeland Security have encouraged device users to implement application whitelisting as an advanced measure to help mitigate the risk of a malware infection.  The NSA has also added application whitelisting to their best practices.

What is Application Whitelisting?

In order for you to understand whitelisting, you first must understand blacklisting — the traditional method used for device protection.

Blacklisting is the methodology of keeping track of every known threat.  These threats are present on a “blacklist”.  When a file or program attempts to execute on your device, it is compared to the blacklist.  If the file/program is found on the blacklist, it will not run because it is a known malicious threat.  This method of security is no longer acceptable, because malware changes every single second.  This makes it impossible for the blacklist to remain adequately updated, to prevent malware infections. Furthermore, some malware infections are fileless such as zero-day infections and those are certainly not on any antivirus blacklist until they infect an unsuspecting target. More alarming, are malicious files masquerading as legitimate software programs that gain access to your system through a software vulnerability not yet on any malware blacklist.

Application whitelisting is the exact opposite of the blacklist approach.  Instead of keeping a list of “bad” files, application whitelisting is a list of all known trusted applications.  Therefore, when you attempt to run a file or program on your computer, it is compared to the whitelist.  If it is found on the whitelist, it is allowed to run because it has been tested and deemed secure.  If the file is not on the whitelist, it is blocked until testing can be done to determine its security. Read more about whitelisting best practices.

What About False Positives?

False positives are the primary inconvenience when using application whitelisting.  False positives occur when a whitelisting solution will not allow a safe program to run.  This is when testing takes place to determine the security of the program or file. App Whitelisting differs from App Control in the sense that application control programs will allow new or unknown files or file updates to run as long as they are updating to a known publisher’s software directory. This is less secure as it allows malicious files and scripts to piggyback onto legitimate programs and run undetected on a device or network. Whitelisting technology scan every file, script and process regardless of the software publisher’s reputation and so naturall may incur more false positives.

Even with the mild inconvenience of a few false positives, most PC users would rather have a higher level of protection against modern cyber security threats and cope with the minor inconvenience of a false positive, than provide malicious files the opportunity to execute by using a sub-par security solution that excludes whitelisting. Read more about what is Application Whitelisting.

How to Start Implementing Application Whitelisting

As stated above, some of our nation’s largest security offices are encouraging whitelisting as a way to address the risk of malware and ransomware attacks, but how do you implement it?  There are a few ways to begin the process, some more time consuming and backend work than others.

1. Start your own “whitelist”.  You can accomplish this through the IT department, your own personal computer, etc.  This however, is incredibly time consuming, and creates a significant amount of backend work for the IT department.  Creating a whitelist from scratch is an option, but not a very good one.
2. Use a security solution that already includes application whitelisting.  This is probably by far, the best option.  Do your research on cybersecurity firms and solutions.  Many claim to use whitelisting, but actually do not use it as their primary method of detection.
3. Use Application Whitelisting for Endpoint Security. Part of protecting endpoint devices is only allowing safe, legitimate programs to run while at the same time only granting access to legitimate users to the network. To accomplish both of these cyber security goals, whitelisting uses a zero-trust approach to cybersecurity. Zero Trust Access and Architecture along with a whitelisting layer, is a security solution that is becoming one of the most effective for combating cyber threats and bad actors looking to penetrate network security.

PC Matic and PC Matic Pro

PC Matic and PC Matic Pro have been working on their whitelist for years.  It is the only global whitelisting agent that is automatic, creating minimal backend work for the PC users and IT departments.  Our application whitelisting is far more effective than competitors in preventative malware detection, scoring a 99.9% proactive detection rating in the most recent Virus Bulletin Reactive and Proactive (RAP) Test. The whitelist is easy to implement and update from a cloud console. Systems administrators can also update operating system security patches and drivers automatically. In addition, security features include ransomware protection, and RDP port control access authentication and control.

To keep your business data, servers and network secure, use Application Whitelisting for Business as part of a comprehensive cybersecurity business systems plan. Our business security software protects servers, networks, cloud and hybrid environments from cyber attack. Compare system security solutions.

Read more about ransomware and AWL as a security solution to fight and guard against ransom attack and growing cyber threats. Try PC Matic Cybersecurity solutions and antimalware products proudly made entirely in the USA.

We say this all the time — is your Windows operating system updated? Yet, many PC users either don’t know why it’s important or how to check for updates. Let’s start with the first. Windows updates are issued for two reasons 1) to patch known security issues, and 2) to deliver performance and feature enhancements. Many times there is a misconception the updates are only for the second purpose, which deters users from installing the latest version.

Users should be keeping their systems updated with the latest Windows version for security purposes. If you’re running an outdated or legacy version (a version of Windows that is no longer supported by Windows), you’re leaving known security holes open on your device.

Confirming You’re Updated – Instructions for Windows 10

To confirm the Windows operating system is updated on your PC, you will want to access your settings.  You can do so by clicking the Start menu and clicking on the gear icon, or you can type “Settings” into the search bar by the Start menu.  Once you access your settings, you should see the screen below.  From here, you will want to click on “Updates and Security”.

From there you will want to click on “Check for Updates” near the top of the screen, as seen here:

Once you click on “Check for updates”, the system will search for all applicable updates.  If any are needed, they will update automatically.  It would also be best practice to restart your computer after this process has completed.

Other Windows Operating Systems

Although screenshots are not available, here are step by step instructions to check for updates available for Windows 8 operating systems.  

Windows 8

1. Access Settings
2. Click Change PC Settings
3. Click on Update and Recovery
4. From there, click Windows Update
5. Click the Check Now option
6. Upon completion, if any updates are found you can click View Details
7. Click on the updates you would like to install

**PC Matic suggests users install updates to patch all vulnerabilities.

Windows Vista, XP and 7 are all legacy operating systems, meaning they are no longer supported by Microsoft.  Therefore, system updates are no longer available for these systems; however, users do have the option to upgrade to Windows 10. To learn more about upgrading to Windows 10, click here.

Many cyber security vendors are misguided when it comes to cyber security protection. One of the biggest “buzz phrases” in the security world is detect and respond. Therefore, cyber security vendors are deploying an endpoint detect and respond (EDR) component to their existing products. To be clear, this isn’t all bad. Having the ability to find and remediate malicious attacks is important. Unfortunately, it’s a moot point when dealing with today’s primary cyber threat, ransomware.

Ransomware is a form of malicious software, or malware, that encrypts a user’s files. Therefore they become locked and inaccessible. The only way to restore them is through backup files. If the organization does not have current backups, or if the ransomware encrypted them as well, the entity is out of luck. Detection and respose is not an option. The entity may be able to remove the ransomware through an EDR tool, but the files will remain encrypted.

Ransomware is not a detect and respond issue. Emphasis is in the wrong area. But why?

There are a few reasons…

The traditional approach has always been to detect and respond. This goes all the way back to the very first antivirus solutions, and the technology many still use today — a blacklist. This method allows unknown files to run and only blocks what is known to be bad. The blacklist is no longer adequate due to the fast-paced evolvement of cyber threats.

Additionally for major analyst firms, such as Gartner, to recognize a solution as an endpoint protection platform, it’s required that an EDR component exists. Again, this is important. However, it’s being represented as a silver bullet. It is far from it.

Beyond EDR

As mentioned above, when ransomware infiltrates a system, EDR isn’t going to help to restore the integrity of the company’s files. Detection and response is not an option when facing this threat. As an alternative, entities should be taking a proactive approach to their cyber security. By deploying a whitelist add-on feature to their existing cyber security solution, or by replacing their cyber security protection with one that includes a whitelist as its primary method of malware detection.

To be fair, whitelisting has traditionally had a bad reputation for creating a plethora of work for IT professionals, may be hard to deploy, and is time-consuming. And for some options, that is still the case. Although, there are programs available that utilize a whitelist that will not bog down hardware or IT resources. IT professionals can encourage their teams to do their due diligence. When it comes to choosing either a whitelist replacement or an add-on program, as not all security programs built the same.

Prevention is key

Prevention is critical when facing ransomware. Unfortunately, many businesses, schools, and government entities do not believe they will fall victim or believe their existing cyber security solution is sufficient, that is until it is too late. At least that is what we can speculate Havre Public Schools, Union Grove High School, and Rockdale County officials are all thinking after falling victim to ransomware over the last week.

For more information on ransomware attacks, and which security solution is failing American entities, click here. Discover business application whitelisting solutions. School systems are vulnerable and need enhanced IT security protection. For enhanced cybersecurity in the education sector read education application whitelisting security software case studies.

We live in an era where we feel a need to personalize everything.  Our shirts, gym bags, device cases, cars, and our computers — just to name a few.  However, personalizing our items isn’t always a bad thing.  For instance, if you aren’t personalizing your devices to meet your needs, you could be missing out.  Adjusting our devices to meet our needs could not only simplify things but also make them more efficient.  For instance, if your device has 15 programs on it that you don’t use — get rid of them!  It’s wasting storage and could be slowing it down.  Beyond personalizing the software, you can also personalize settings, backgrounds, sounds, etc.

Today, we are going to discuss how to personalize your Windows 10 Start menu.

Personalizing Windows 10 Start Menu

First, you will want to open your Start menu.  Once you do, you will see something similar to this:

When I was first playing around with this, I combined several tiles into one box.  I thought less to look at would be good.  You can do the same by dragging whatever tile you would like, on top of another.  This then puts them into their own single box, or folder, together.

I wasn’t crazy about this.  It still looked unclean and too clustered for me.  So, I decided to “unpin” whatever tiles I wasn’t using from the Start menu.  You can do so by right-clicking on a tile and selecting “Unpin from Start”, as seen here.

In addition, you can also resize tiles, rate, and review, or uninstall certain programs right from this function.

Also, you may create new tiles for some of your most-used software.  Handy feature? I say so. If you want a specific tile, find the program within the Start menu and right-click.  Once you do so, you can select “Pin to Start”, seen below:

After clicking “Pin to Start”, a tile will populate within the Start menu for the software/program you requested.  Once you have all of the pins you like and have unpinned those you don’t, you can drag and drop the tiles where ever you’d like that creates the most efficient use of the menu for you.

The last and final fun trick is personalizing your Start menu accent color, which determines the color of the tiles. You can customize this by opening Windows 10 Settings, navigating to Personalization, then clicking the “Color” option in the left margin. Scroll down and select your favorite color. You can also set it to automatically change the color based on your wallpaper colors.

If you have any fun tips and tricks for Windows 10 that you’d like to share, drop them in the comments section below!

Explore the best antivirus protection for Windows 10.

Cyber criminals have found an effective way to distribute malicious software, and users are none the wiser. By copying the popular VPN (virtual private network) website for NordVPN, users believe they are using something that is meant to boost their security. Instead, they are downloading a bank trojan.

Now, one may think they cannot be dupped by a fictitious website but these hackers are good. Not only did they replicate the site entirely, but they also added a valid SSL certificate, which helps the fake website appear more legitimate while also allowing it to bypass browser security checks.

Tricky? Yes, yes indeed.

What is a VPN?

As mentioned earlier, a VPN is a virtual private network. However, that still doesn’t exactly state what it does. Take a firewall, for example, that helps to protect your data on your computer. A VPN does the same but does so online. By utilizing a VPN, users are able to securely access a private network and share data on public networks.

Don’t Fall Victim

The best way to avoid these scams is two-fold. First, when you visit a website, type the URL into the address bar instead of searching for the URL on a search engine. Often times, even if they are malicious, websites will show up in the search results. For instance, if you wanted to go to espn.com, type in www.espn.com in the browser’s address bar. Do not go to google.com and search ESPN. Granted you’ll likely go to the correct place, but you also may end up on a spoofed site. So, searcher beware.

Also, deploy a security solution that uses an application whitelist. By running a whitelist, only known trusted programs are permitted to execute. Therefore, if you find yourself somewhere you shouldn’t be — the malware still cannot run, because it has not been tested and proven secure.

This time the crooks are offering up fraudulent refunds from companies experiencing “server issues”. They are not targeting one company in particular, as they know that would limit their victim pool. Instead, they keep it pretty vague, hoping the victim will throw them a bone.

Just this week, one of our customers notified the support team the scammers were portraying PC Matic. During the call, the scammer claimed PC Matic experienced server issues, which is why they were issuing $50 refunds. They initially claimed the issues took place in the last month. Then they stated it was last year — red flag? Just one of many. Next, in order to process the refund, the customer was asked to provide their banking information. DO NOT DO THIS.

Red Flags Galore

First and foremost, if a company was going to issue refunds for any reason, they would not call every single customer. That would take a ridiculous amount of time. Secondly, if a refund was going to be processed, they would not need the banking information. Businesses keep their customer payment information on file. They may request that you verify the last four digits, but will never ask for the full routing or account numbers.

What to do next…

If you receive one of these calls, follow these steps:

• Gather as much data as you can. This includes the phone number they are calling from, and you can even ask for a call back number. Get their name and the company they are claiming to be from and their alledged location (this will all be fake, but get it anyway).
• Once you’ve collected the data, tell the caller you know its a scam and will be calling the authorities. This will deter them from calling again.
• Contact your local authorities and share with them all of the data you collected.
• Always keep in mind you should never share your banking information or personally identifiable information with anyone who is calling you.

The concept of cyber security has become convoluted.  Users aren’t sure what software to buy, or if one program is even enough.  Often times they’ll try to use multiple products that all do the same thing, which in turn interferes with each one’s functionality.

In an attempt to make your life easier, PC Matic wants to go back to the basics for a moment.  First, let’s talk about the two types of intrusions. 

• Malicious software is running on your device
• An unauthorized person is on your device or within your network without your permission.

That’s it.  Two types of intrusions, people or software.

Next, let’s simplify how to block these two intruders.  It’s quite simple but has become a convoluted concept. To block these intruders you must secure your devices. How do you do that? Only permit known trusted programs to execute. This method, known as application whitelisting blocks any file or software that tries to run on the device that has not been proven secure.

In theory, this is the same method of security you likely use for your home.  You keep your doors locked, only allowing those you trust inside.  From an IT perspective, you keep your device locked, only allowing known, trusted programs or files to run. 

Moving Forward…

Over the last few years, attack vectors have continued to evolve.  The two intrusions remain the same — people and software, but how they get into your system has advanced.

Therefore, hackers are going outside of file-based attacks and worming their way into your devices through other methods such as fileless infections and remote desktop attacks.  Finding a security solution that effectively thwarts all forms of attack vectors is imperative.  This proves the security solution is evolving with security threats.

If your security solution isn’t thwarting all attack vectors, then it’s time for a change.

To prevent the loss of files users can backup their files in these three ways:

3 Backup Methods to Keep Your Data Secure

1. Within your computer you have the ability to back up your files.  This method will save your files within your PC, and is not highly recommended.  The reason being, if your computer becomes infected with malware, or crashes, it is likely you will lose these your backup files as well.  However, if you would like to use this method, you need to:
   1. Access your Control Panel
   2. Go to System and Security
   3. Backup and Restore
   4. Set up backup
   5. Upon doing these things, you will likely get the following message: 
   6. You can save your files to your computer, but it is recommended you use an external device.
2. Saving your data to an external device.  External devices include USB drives, Solid State Drives (SSDs), Compact Disks, etc.  This method is highly recommended because if your PC becomes infected with malware, or crashes, you will have an external device to regain access to all of your files.  This external device can be used to upload all of your data to another PC, or to your existing PC once it is fixed.  When purchasing an external device, please keep in mind how much storage you will need.  You are able to purchase external storage devices at any electronics or office supply store, such as Best Buy or Staples.
3. You can also back up your files using cloud storage.  This includes Box.com, Google Drive, and Drop Box to name a few.  These services are often free of charge.  The risk you run with using this form of storage is if hackers were able to breach any of these services.  Unlike external drives, when you upload your data to these services, you’re trusting a third-party to keep them safe.  By choosing an external device, you keep your data in your possession.

Beyond the Backup

Ultimately the backup method users choose is theirs.  Regardless of which option picked, backing up your data is critical.  With the growing cyber threats, it no longer seems to be a question of if, but when. Users never know when a malware infection may hit, or when your trusty hard drive is going to crash.  Once this happens, the data could be gone forever.  The only real hope of restoring it is having backup files available.

Once you start backing up your files, it is important you maintain them.  This means keeping them updated and ensuring they are free from malware.

A new vulnerability was discovered within remote desktop protocol (RDP) ports, although the technical details of the gap are being kept under wraps.

We do know, the vulnerability found impacts Windows Server 2008 and Window 7, as well as out-of-support versions Windows 2003 and XP. Microsoft has released a patch, which may be found here. The software giant has deemed this vulnerability critical for three reasons. First, the gap requires no interaction from users, as it is considered “wormable”. Second, hackers may use RDP access to easily exploit the entire network, not just a single device. Third, there are millions of users with impacted systems and enabled RDP ports.

Saying this update is critical, may be an understatement.

Therefore, anyone who is currently using any of the impacted versions of Windows should install the patch provided by Microsoft immediately.

Beyond the vulnerability threat, hackers have been seen using RDP ports as a means to infect networks around the globe. Therefore, beyond patch management, users and IT professionals should survey the devices that have RDP enabled. If the function is not being utilized, users should disable the port entirely. By closing the port, the risk of hackers malicious exploiting it will be eliminated.