What to Do After a Cyberattack

Written By Tibby Fielding

If your organization experiences a cyberattack, it is vital to react quickly and immediately enable your incident response plan. Your response plan should include the following tasks which help ensure the incident is suppressed to reduce a loss in data. You will need to access and contain the attack, remove the threat, restore data and services, report the incident, and revise your incident response plan. Read the following to learn about the steps that should be taken after a cyberattack.

    1. Assess the attack: Your security team needs to determine the extent of the attack and identify which systems, users, and data have been affected. 
    2. Determine the type of attack: Phishing attacks, ransomware, Denial of Service attacks, and malware are common cyberattacks. If malware is downloaded, identify the type to glean a better understanding of the scope of the attack. 
    3. Identify the source of the attack: Understanding the source of the attack will allow your organization to improve its response and security. Threat actors may have breached other areas of your network that have yet to be discovered. 
    4. Assess the damage: determine which systems and data have been compromised. What is the impact of this attack? Evaluating this information will aid in future prevention. 
    5. Contain the attack: Isolate any systems or devices that have been compromised from the network to prevent spreading.
    6. Disconnect from the network: turn off your wifi/disconnect from the network from affected devices, and shut down affected devices and services (email, web servers).
    7. Remove the threat: remove malware and any other malicious software. 
    8. Patch exploited vulnerabilities: This may require downtime from business operations, but it is essential to prevent further damage from future attackers. You may need to update software, reconfigure network settings or replace outdated software and systems. 
    9. Reset passwords and turn on Multifactor Authentication (MFA): If any user accounts have been compromised, reset passwords and ensure the use of MFA. 
    10. Restore data and service: after the attack has been alleviated, damaged/lost data needs to be restored from clean backups and systems need to be manually rebuilt or restored using recovery software. 
    11. Report the incident: Create an incident report that outlines the damages and how the attack was handled and alleviated. Follow state laws or regulations that are legally mandated to report cyberattacks and data breaches. If you manage, store or transmit personal information, you are required by HIPAA and PCI-DSS to notify all accepted individuals. 
    12. Update your Response plan: learn from the attack and create an updated response plan that improved company security. Identify any mistakes or lessons learned front the attack.

The growing risk of cyber attacks from threat actors is affecting businesses of all sizes and in all industries. Ensuring you have a plan in place to respond to cyber threats that fit your business’s needs is vital. While cyber risk cannot be eliminated completely, enterprises can manage risk effectively with the right people, processes, and technology.

Do you need help advancing your existing incident response plan into one that is more secure and advanced? Contact ADVYON today for a lasting partnership and see how we can help identify your organization’s risks and resolve them quickly and efficiently. ADVYON is more than just an IT company, we are great at assessing, identifying, and aligning business and technology solutions to complement our client’s strategic objectives, growth, project goals, culture, people, and processes.

 

Why It’s Important To Be HIPAA Compliant

Written By Tibby Fielding

One way to help build trust between patients and healthcare professionals is through HIPAA compliance. Patients can feel more confident in their doctors which leads to better healthcare. The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that was created to protect the privacy of individuals’ health information. It also sets standards for the security of electronic health information. As technology has advanced, so have threats to the security of protected health information (PHI). Cybersecurity is a critical component of HIPAA compliance and is essential for protecting the privacy of individuals’ health information. HIPAA compliance focuses on the privacy of patient data but does not address the security of the data. Cybersecurity measures and IT professionals are necessary for protecting healthcare data from unauthorized access, malicious attacks, and data breaches. These security specialists can implement measures such as encryption, firewalls, and access controls to protect patient data. They also monitor the network for suspicious activity.

The penalties for HIPAA violations can be severe, especially when combined with a network security breach. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcing HIPAA and can impose penalties for violations ranging from $100 to $1.5 million per year. These penalties can be detrimental to healthcare providers. Combined with a security breach, millions of dollars in damages, and leaked sensitive data, healthcare providers face a growing threat to their security.

Rethinking Your Approach To Cyber Risk Management

Healthcare has changed to serve both on-site and remote patients. To safeguard data and practice system management for protected health information (PHI), a holistic and comprehensive approach to cybersecurity that meets HIPAA compliance and HIPAA Security Rule Standards is necessary. Consider the following practices when planning for cyber risk management.

Administrative Safeguards:

  • Implement access control measures such as multi-factor authentication, two-step verification, and monitoring user activity.
  • Regularly update passwords and secure user account privileges with appropriate clearances.
  • Secure networks and computers by installing a comprehensive security solution that includes firewalls, malware protection, antivirus software, and continual monitoring.
  • Conduct employee security training sessions to teach employees about the importance of healthcare data privacy and security best practices.
  • Perform regularly scheduled backups of your data, and have emergency plans in place.

Physical Safeguards:

  • Secure premises by installing locked doors, motion detectors, and security cameras.
  • Restrict access to workstations, utilize physical barriers around protected information, and operate with ID keycard access.
  • Technical Safeguards:

Access Control:

  • This involves verifying and authorizing user access to PHI. It can be accomplished with passwords, personal identification numbers, and biometric identification.
  • Automatic Logoff: Establish procedures that terminate an electronic session after a predetermined time of inactivity.
  • Audit Controls: Implement hardware, software, and procedural mechanisms to record and examine access and other activity.
  • Integrity Controls: Implement measures to ensure that PHI is authenticated and is not improperly altered or destroyed.
  • Transmission security: Regulate the controls for encryption, and provide safeguards against unauthorized access of PHI during transmission.

Do you need help advancing your existing risk management program into one that is more holistic and includes a whole-systems approach? Contact ADVYON today for a lasting partnership and see how we can help identify your organization’s risks and resolve them quickly and efficiently. ADVYON is more than just an IT company, we are great at assessing, identifying, and aligning business and technology solutions to complement our client’s strategic objectives, growth, project goals, culture, people, and processes.

How to fix errors when installing and uninstalling programs on Windows (sometimes including code 2502 or 2503):

Written by Ian Britten and Tibby Fielding

Are you having issues when installing and uninstalling programs on your Windows computer?

Sometimes, but not always, you may receive error messages that contain the code 2502 or 2503. A Windows computer has a built-in Windows account called Trusted Installer which assists in installing, modifying and removing updates and other Windows components. Over time your computer can become corrupted which causes the Trusted Installer to lose some of its access to the Temp Folder which holds temporary files used during installation. This can cause programs to stop installing or uninstalling all together.

To fix these issues, follow the steps below:

Step 1:

In the search bar type ‘cmd.’

Next, from the menu, right click ‘Command Prompt App’ and select ‘Run as administrator.’ 

Click ‘yes’ to the pop up.

Step 2:

Copy and paste the following commands in the command prompt box and press the ‘Enter’ key:

TAKEOWN /F C:\Windows\Temp /R

Icacls C:\Windows\Temp /Q /T /C /RESET

Step 3:

Open ‘File Explorer.’

Navigate to C:\Windows\Temp.

Right click the ‘Temp folder.’  and select ‘Properties.’

Step 4:

From the ‘Properties’ menu, select the ‘Security’ tab.

At the bottom of the Security Tab, select “Advanced.’

Step 5: 

At the top of the window, next to ‘Owner:’, select Change.

Step 6:

In the Advanced Security Settings Window, press the button named ‘Locations…’.

Step 7:

In the Locations window, select your device name under ‘Location:’.

Select’ OK’

Step 8:

In the textbox, ‘Enter the object name to select’ type: NT Service\TrustedInstaller

Next, select ‘Check Names’.

Step 9:

Once TrustedInstaller displays (with underline), select ‘OK’.

Step 10:

At the bottom of the Advanced Security window, click ‘Apply’ to set TrustedInstaller as owner.

 When you are finished giving Trusted Installer the access it needs, you should not have further issues installing or removing programs.

Are you getting pop ups when composing or replying to emails in Gmail?

Written By Ian Britten and Tibby Fielding

Are you receiving this pop up when composing or replying via Gmail?

This pop up is occurring because your Gmail signature contains images that have been copied and pasted into the signature. To fix this issue, you can insert image files into your signature. If you do not have the image files, there is an easy way to download them.

(Skip to Step 3 if you already have the image files saved on your device.) 

To download image files:

Step 1: Compose a new email and click the X on the loading box that pops up (exit out of the pop up).

Step 2: Right click on the images in your signature and click “Save as” to save them to your device.

Step 3: Delete the image(s) from your signature.

Insert the image(s) back into your Gmail signature: 

Step 4: Click on the Settings Gear > and choose the “See all settings” button.

Step 5: Select:  General Settings > Select Signature > Select the pencil button to edit the signature. Within the Signature textbox, >Select the “Insert image” button.

Step 6: Find the images that you saved on your device from your signature and select these files.

How to solve issues connecting to SharePoint on the Microsoft Edge browser

Written By: Ian Britten and  Tibby Fielding 

There is an issue with Microsoft Edge and Java if you are using a later version of both.  This problem can cause SharePoint to show an error that says “Undefined global this,” which means it cannot reach the website. If the browser does not have the right versions of Microsoft Edge and Java to reach a website, it will not connect and it will produce an error message. 

To fix this issue:

Download the latest version of Microsoft Edge. You do not need to uninstall anything; Microsoft Edge will reinstall over the older version

  1. Click this link to update Microsoft Edge: https://www.microsoft.com/en-us/edge
  2. Choose your OS from the drop-down menu
  3. Next, download the latest version of Java. You do not need to uninstall anything; Java will update to the latest version. 
  4. Click this link to install the latest version of Java: https://www.java.com/en/download/
  5. Choose the green “Download Java” button

This fix should cure any roadblocks accessing SharePoint through Microsoft Edge.  

 

 

How To Increase The Scope Of Your DHCP Server In A Windows Environment

If you have a working DHCP server on a Windows Environment which has run out of IP addresses, you may want to increase the subnet to give more addresses. This article addresses how to increase the scope of your DHCP server without having to redo all of the existing settings in your DHCP server.

Follow these 10 Steps to increasing IP addresses in your Windows Server DHCP without changing excluded ranges or other configurations.

1. Backup Your existing scope. Open your command prompt with elevated privileges and type the following. It will backup your DHCP scope to your Administrator Documents Folder

netsh dhcp server export C:\Users\Administrator\Documents\dhcp_fullbackup.exp all

2. Export your existing DHCP scope to a text document we can edit later. This will be imported after the scope has been removed.

netsh dhcp server dump> C:\Users\Administrator\Documents\dhcp-readable-export.txt

3. Turn off your DHCP Server Service so we can rename the DHCP database files. Go into your services and stop the DHCP server service.

4. Rename the existing DHCP Database Files. Navigate to C:\Windows\System32\DHCP and rename both the dhcp.pat and the dhcp.mdb files to .old

5. Remove the existing scope from the DHCP Server by right clicking the scope and selecting delete. (Breathe, remember you have a backup)

6. Edit your DHCP scope in the dhcp-readable-export.txt in the following areas to your preferences (Change the places in red with your wanted range):
# =====================================
# Add Scope
# =====================================

Dhcp Server \\*yourserverhere* add scope 10.5.240.0 255.255.254.0 “*ScopeName” “*ScopeName*”
Dhcp Server \\*yourserverhere* Scope 10.5.240.0 set state 1
Dhcp Server \\*yourserverhere* Scope 10.5.240.0 set delayoffer 0

# ==================================================================
# Start Add Ipranges to the Scope 10.5.240.0, Server *yourserverhere*
# ==================================================================

Dhcp Server \\*yourserverhere* Scope 10.5.240.0 Add iprange 10.5.240.1 10.5.241.254
Dhcp Server \\*yourserverhere* scope 10.5.240.0 set napstate Off

7. Save your changes to the dhcp-readable-export.txt you created earlier.

8. Import the dhcp-readable-export.txt file into your DHCP server. Open a command prompt and type the following.

netsh exec C:\Users\Administrator\Documents\dhcp-readable-export.txt

9. Start the DHCP Server Service

10. Go to your DHCP server and refresh, check your scope.

Pro Tip: Check all of your DHCP devices to see if it has received the new subnet. Restart their DHCP client or renew the network configurations of the computers which have not received the new subnet/address

Pro Tip 2: Change any devices which may have a static IP address to have the new subnet, ie servers, printers, etc.

How To Identify Email Scams

It’s always a good idea to know what to look for in an email that could be malicious. Whether these emails come from someone you don’t know or from a familiar email address, scam emails can occur in three different ways. The emails you should keep an eye out for are spam, phishing, and scams. Here are a few ways to identify each of them and some examples.

Spam:

Spam is the most familiar of the types of common email scams you might experience. Spam emails are unsolicited emails sent en masse. It’s what we refer to as “junk mail.” Unlike phishing and scam emails, spam is usually sent without the malicious intent of getting you to download destructive software. Instead, they may aim to get personal information from you later on. These “old fashioned” scam emails include chain emails, bogus business opportunities, health scams, discount software offers, and advance fee fraud.

Spam emails often include enticing headlines like “More Money Now” or “This New Diet Will Change Your Life.” Common scams will focus on monetary factors, such as building a better credit score, a work-from-home offer, “free” goods, how to earn easy money, and even investment opportunities. In the body of the email, grammar errors will likely give away the fact that the email isn’t sent from a legitimate organization.

Email services like Gmail  have developed ways to identify scam emails based on factors like administrator set policies, empty message content, and unknown sender addresses. But if your spam filters don’t catch the emails, keep an eye out for any email addresses that don’t seem familiar or offers that seem too good to be true. If the scam is common, you may be able to search the web to see if other people have reported it.

Example of Spam Email:

Gmail has already identified this email as spam because it came from an unknown sender and is similar to emails that other users have reported as spam. The “too good to be true” headline and the sense of urgency immediately gives this away as spam. You can also see that the email contains grammatical errors and random capitalization.

Phishing:

Phishing emails are designed to look as if they’ve been sent from a legitimate organization. Their goal is to entice the recipient to click on a link, download an attachment, or provide personal information. Some common phishing scams include fake communications from a bank or IT provider asking for money, or an email asking you to click on an attachment or go to a different site to view a joke, special offer, etc.

Phishing scams likely look like they come from a company you might trust and can even use logos from large companies. Given how sophisticated some of these emails may look, it’s even more important to be able to identify some of the common factors of phishing emails. A generic greeting such as “Hello, Customer” can be one common sign that this email is not from the company it claims to be. Another common identifier for phishing scams is misspellings. For example, the phrase “Eliminate Debt” may be shifted to say “Ĕliᵐińate Ɖebţ” to evade filters but still remain legible. Most scam companies are aware of filters built into email systems, and will purposefully insert spelling errors into their subjects to get past these filters.

The best way to confirm that an email is a phishing scam is to verify with the company from which you’ve received the email. Log in to the official site with your secure information and see if you have received any notifications that match the email or contact a support representative. Don’t follow the links in any email that feels “off” as these links could have malicious software.

Example of Phishing:

This email is an example of a new phishing scheme that appears to be from Amazon. If you received this email and knew that you had not made a purchase, you would likely be tempted to click on the link to cancel the order. When you respond to an email like this, someone will collect your real Amazon login to access your account. Key giveaways for this particular email as a phishing scam are the generic greeting and the phone number which has been programmed with html to hide other characters so that it looks like a legitimate number.

Scams:

Scam emails are most likely to be received from a person who looks real. These emails often come from an email “hack.” If you received a suspicious email from a real email address, it falls under a hack. These emails will likely be asking for money outright. If you haven’t heard from someone in awhile and they reach out asking for money, that should raise alarms. Scammers could have breached a colleague’s email address and sent you the email. A good rule of thumb is to personally ask your contact or colleague if the email is truly from them using a different form of contact. Do not reply directly to the suspicious email if it can be avoided.

Example of Scams:

This person hacked an email account and looked for any emails that referenced payments to try to get more money from people. To avoid any scams, the recipient texted the sender to make sure that it was legitimate before responding, and when he replied that it wasn’t, changed the password to secure the account.

What to do if you encounter a scam email:

If you receive a scam email (particularly spam), you can take a few actions to help protect yourself and other users.

First, update your spam filters in your email to reflect the spam you’ve seen. You can restrict the users who are able to send email by updating your filters. You can customize your level of security from just filtering our junk mail to filtering out anyone who isn’t on your safe list. Second, report the email as spam. This will let the email provider know to filter out the emails on their entire system. Third, install an antivirus software and firewall on your device to help protect against installing any harmful software received via email.

If you would like to receive more training on email safety or if you have any concerns about an email you’ve received, please call our team at (843) 324-5824.

How to Identify Common Domain Scams

Recently, some of ADVYON’s clients have called us to ask about letters or emails they’ve received from fraudulent companies like Domain Listings stating that the customer must renew their business listing or domain. These letters are a scam designed to take advantage of a service that you are already paying for and convince you that their party needs additional payment for this service. The letters often appear very urgent, so we wanted to share some resources to help our clients and the public quickly identify this common scam.

How Can I Identify This Scam?

The best way to identify the scam is to figure out who actually hosts your domain. Use ICANN (Internet Corporation for Assigned Names and Numbers) to identify your domain ownership. Some popular sites which may be your domain provider include GoDaddy, Domain.com, Bluehost, and HostGator. You should never pay anyone who is not your domain provider for services related to your domain.

What Companies Are Using This Scam?

Here are a list of a few companies who have recently used this scam:

  • Domain Renewal Group
  • Domain Registry of America
  • Domain Listings
  • IDNS

What Will The Scam Letter Look Like?

Below are some examples of letters and emails received by our customers. Below are some examples of what a fraudulent domain renewal notice will look like. If there is any doubt, contact your IT provider!

(How-To) Find Your Computer Name for Windows or Mac

Sometimes your IT Support technician will ask you for your computer name.  Here is a simple how-to for finding your computer name in Windows or Mac.


Fastest Way to find your computer name for Windows:

Press and hold the Windows key, then press the Pause/Break key.

Your computer name can be found under the “Computer name, domain, and workgroup settings” section of the window that appears. This window will look almost identical regardless of which operating system you’re running.


Fastest Way to find your computer name for Mac:

MAC OS X

  1. Click on the Apple logo in the top left corner.
  2. Click on System Preferences.
  3. Click on Sharing.
  4. The computer name will appear at the top of the window that opens in the Computer Name field.

Other methods to find your computer name:

On Windows Computers with Command Prompt

How to find the computer name on Windows computers
  1. Open start menu.
  2. Type into the search bar cmd /k hostname.
  3. Your computer name will be displayed in the first line of a command prompt window.

WINDOWS 7

  1. Click on the Start button.
  2. Right-click on Computer.
  3. Select Properties.
  4. Under Computer name, domain, and workgroup settings you will find the computer name listed.

WINDOWS 8/8.1

  1. Click on the Start button.
  2. When the launch screen appears, type Computer.
  3. Right-click on Computer within the search results and select Properties.
  4. Under Computer name, domain, and workgroup settings you will find the computer name listed.

WINDOWS 10

  1. Click on the Start button.
  2. In the search box, type Computer.
  3. Right click on This PC within the search results and select Properties.
  4. Under Computer name, domain, and workgroup settings you will find the computer name listed.

MAC OS X

  1. Click on the Apple logo in the top left corner.
  2. Click on System Preferences.
  3. Click on Sharing.
  4. The computer name will appear at the top of the window that opens in the Computer Name field.