(888) 208-0020 [email protected]

AT&T cyber security for CPA’s

This  is  a follow up letter from our channel  partner AT&T to one of our CPA clients in N.J.

AT&T is one  of our seventy-five partners providing Cyber security,  Cloud, IT, VoIP, bandwidth and more to CPA’s, professionals  and businesses in  the USA.

This is just one example of   what we provide, with  our 35 years of consulting services, as channel partners and  agents with our  vendors. There is  never a  fee to you the  end user.

Hi Joe,

Great speaking with you. We have an exceptionally large portfolio of cybersecurity services. Attached are a few product briefs. I think  we have an opportunity to start with some quick value with  our consulting services, then grow as we continue to partner with some of our other solutions.

The below services are the ones we discussed at length, they will skyrocket your visibility and ongoing security maturity and at a great price point.

Please let me know if you have any questions and how you would like to carry this conversation forward.

AT&T Managed service powered by Qualys (MVP-Qualys): 500 assets $10,000 annual.

Unlimited Vulnerability / CIS Compliance Scanning, Continuous Monitoring, Threat Protection, Unlimited Passive / Active Scan Engines, Unlimited Host Agents, Unlimited PCI-ASV Scans

Qualys (MVP-Qualys) Patch Management Add-On: 300 assets $4,800 annual.

Patch Management – This is an optional add-on to the vulnerability scanning component above and leverages the host agents to provide patching on Windows assets

External Penetration Testing: <32 IPs $4,500 NRC, optional retest $2,000

Penetration testing seeks to exploit the vulnerabilities identified to gain access to critical systems, sensitive information, or a specified trophy. This assessment will be conducted from an external perspective.

Internal Penetration Testing: <32 IPs $5,500 NRC, optional retest $2,000

Penetration testing seeks to exploit the vulnerabilities identified to gain access to critical systems, sensitive information, or a specified trophy. This assessment will be conducted from an internal persp

 

Keeping The Information You Give Vendors Safe

Will your information be safe with our vendors?

Several of our 100+ vendors/carriers offer cloud-based services such as VoIP telecom and TEAMS from Microsoft and Cisco. Several of these top-level vendors announced that they also earned the System and Organization Controls (SOC) 2 Type II certification that covers all their facilities, business processes, and cloud services. The SOC 2 Type II audit and certification, conducted by  The Moore Group, LLC, an independent CPA firm, confirms that this vendor and others, meet the strict information security and privacy standards for the handling of highly sensitive customer data established by the American Institute of Certified Public Accountants (AICPA).

Two of our vendors Evolveip and Ancero just announced they are once again certified. Call us for more information 888.208.0020 or email [email-subscribers-form id=”2″]

Ancero is proud to announce the renewal of the System and Organization Controls (SOC) 2 Type II certification, which applies to all Ancero facilities, business processes, and cloud services. SOC 2 Type II certification validates Ancero’s compliance with strict data security and privacy standards established by the American Institute of Certified Public Accountants (AICPA). SOC […]

The post Why Ancero’s SOC 2 Type II Certification Has Never Been More Important appeared first on Ancero.

Cyber Security Solutions for The Healthcare Sector

Cyber Security Solutions for The Healthcare Sector

Cyber Security is critical in the healthcare sector. Almost half of all data breaches in hospitals and the wider healthcare sector are due to ransomware attacks, according to new research. Ransomware gangs are increasingly adding an extra layer of extortion to attacks by not only encrypting networks and demanding hundreds of thousands or even millions of dollars in Bitcoin to restore them but also stealing sensitive information and threatening to publish it if the ransom isn’t paid.

Double Extortion in Cyber Security

This double extortion technique is intended as extra leverage to force victims of ransomware attacks to give in and pay the ransom rather than taking the time to restore the network themselves. For healthcare, the prospect of data being leaked on the internet is particularly disturbing as it can involve sensitive private medical data alongside other forms of identifiable personal information of patients.
SEE Cybersecurity: Let’s get tactical (ZDNet/TechRepublic special feature) | Download the free PDF version (TechRepublic)

Some organizations will, therefore, opt to pay the ransom to prevent this from happening while others will not give in to extortion demands. As a result, ransomware is now responsible for 46% of healthcare data breaches, according to an analysis by cybersecurity researchers at Tenable. More than 35% of all breaches are linked to ransomware attacks, resulting in an often-tremendous financial cost.
One of the key methods for ransomware gangs gaining access to hospital networks is via a pair of VPN vulnerabilities found in the Citrix ADC controller, affecting Gateway hosts (CVE-2019-19781) and Pulse Connect Secure (CVE-2019-11510).

Both vulnerabilities had received security patches to stop hackers from exploiting them by the beginning of 2020, but despite this, large numbers of organizations have yet to apply the update.
That is allowed ransomware groups – and even nation-state-linked hacking operations – to exploit unpatched vulnerabilities to gain a foothold on networks and they will continue to do so if networks have not received the required security patches.

“As the attack surface expands, vulnerability management has a central role to play in modern cybersecurity strategies. Unpatched vulnerabilities leave sensitive data and critical business systems exposed, and represent lucrative opportunities for ransomware actors,” said Renaud Deraison, co-founder and chief technology officer at Tenable.

SEE: Cybersecurity: This ‘costly and destructive’ malware is the biggest threat to your network
The key way to protect networks falling victim to ransomware and other cyberattacks is to apply patches when they’re released, particularly those designed to fix critical vulnerabilities. And if there’s applications that your organization uses that no longer receives security updates, researchers recommend replacing this software with an alternative that is still supported.
“If the software solutions used by your organization are no longer receiving security updates, upgrading to one with an active support contract is vital,” the report says.
“It is imperative that organizations identify assets within their environments that are vulnerable to months- and years-old flaws and apply relevant patches immediately,” it said.

MORE ON CYBERSECURITY
• These software bugs are years old. But businesses still are not patching them
• How ransomware attackers are doubling their extortion tactics TechRepublic
• Ransomware vs WFH: How remote working is making cyberattacks easier to pull off
• Ransomware attacks on hospitals could soon surge, FBI warns CNET.
• Ransomware: Attacks could be about to get even more dangerous and disruptive

MORE ON PRIVACY

• Microsoft to apply California’s privacy law for all US users
• Mind-reading technology: The security and privacy threats ahead
• How to replace each Google service with a more privacy-friendly alternative
• Cybersecurity 101: Protect your privacy from hackers, spies, and the government

ZDNet <[email protected]>
This is excerpted from ZDNet [email protected] and WWW.acginfo.biz

With over 30 years of telecom and IT experience we have several vendors that can help with solutions to cybersecurity call Applied Consulting group @ 888.208.0020

[email-subscribers-form id=”1″]

 

Photo by freestocks on Unsplash

Are You Protected with E911 on VoIP Telecom

Are You Protected with E911 on VoIP Telecom

Do you understand VOiP 911’s inherent risks?

911 is the U.S. emergency services number; it’s the equivalent of the European Union’s 112. Enhanced 911, or E911, is a potentially lifesaving GPS-enabled smartphone feature that automatically shares a caller’s location with emergency personnel. But if you’re using VoIP technology, calling for emergency help isn’t as cut and dried. Here’s what you need to know about VoIP and 911.

If you’re traveling, be sure to check the emergency services number for the country you’re visiting. 911 call on a cellphone Interconnected VoIP vs. Non-Interconnected VoIP
Whether or not you have access to 911 depends on if your VoIP service is interconnected or non-interconnected.

NON-INTERCONNECTED VOIP

Non-interconnected VoIP, also known as “peer-to-peer” VoIP, lets people call others using the same VoIP app. When you talk to a friend via Xbox Live or another gaming system, for example, you’re using non-interconnected VoIP. You wouldn’t be able to call the friend’s smartphone or landline phone.

INTERCONNECTED VIoP

Interconnected VOiP services use the Public Switched Telephone Network (PSTN) to make and receive calls to and from smartphones and landlines. Among other features, interconnected VoIP services provide 911 functionality.

How Does Interconnected VoIP Handle 911?
The FCC requires interconnected VoIP services to offer 911 as a standard feature and not let users opt-out. These services have to comply with E911 standards, which means they must obtain and transmit their customers’ physical locations and callback numbers whenever possible to the emergency services teams at the nearest 911 call center.

Because users can make VoIP calls wherever they can find an internet connection, the 911 call center can’t know exactly where they are unless they’ve registered their VoIP device to a specific physical location. This means it’s up to the user to register their physical address with their VoIP service provider and notify and update their address with the provider if they move.

Service providers are supposed to make this an intuitive process, but it’s still the user’s responsibility to keep the system updated.

Inherent VoIP 911 Limitations
Even with the FCC’s directives and VoIP services’ cooperation and best intentions, there can be problems accessing 911 via VoIP:

911 calls via VoIP may not work if there’s a power outage, or the call may drop if there’s an internet outage.
If a user doesn’t update their physical location with their VoIP provider, 911 emergency teams won’t be able to find them.
There may be a problem automatically transmitting a caller’s physical location to the emergency responders, even if the caller is able to reach the 911 call center.

A VoIP 911 call may go to an unstaffed call center administrative line, or be routed to a call center in the wrong location.
The FCC requires VoIP service providers to explain these potential VoIP 911 limitations and problems to their customers, so they’re aware of possible risks. Users must acknowledge that they understand and accept these risks.

How Do Top VoIP Providers Handle 911?
Each VoIP service provider does its best to properly handle 911 services for its customers. Here’s a look at what some top providers say about 911 calls.

VONAGE
Vonage stresses the importance of customers maintaining an accurate physical address so that 911 services can reach them. You’ll need to activate a physical 911 address, and the company makes it easy to update this address via your Vonage account. Dial 933 from your Vonage phone to check your 911 activation status at any time.

The scope of Vonage’s 911 services differ depending on your location and whether you’re using Vonage on a mobile phone or landline. Some customers will receive E911 functionality, while others will be able to access only basic 911 and must be prepared to share their address and contact information with the call center.

RINGCENTRAL

Like Vonage, RingCentral offers basic or E911 services, depending on your location and device. You’ll need to register your physical location with RingCentral and notify the company if you move. If you use the RingCentral app to place a 911 call, your wireless provider will handle the call if service is available.

LINE2
Line2 requires users to add their physical address to their Line2 account via a web browser or its iOS or Android apps.

INTERMEDIA
Intermedia also offers basic and enhanced 911 services, but stresses that it’s the user’s responsibility to keep the company apprised of an accurate and updated physical location. Intermedia warns users that factors outside of its control, such as network congestion or hardware and software problems, may limit the call’s effectiveness.

The Bottom Line
While VoIP 911 functionality has greatly improved since the early 2000s, users should understand that the process has inherent limitations. If you’re primarily using a VoIP service for most of your calls but are concerned about the potential risks of VoIP 911, consider keeping a landline or mobile phone handy.

For more direct help during an emergency, keep the phone numbers for your local public safety dispatcher or police station prominently handy.

To learn more about VOIP options, email us here:

[email-subscribers-form id="1"]

 

Photo by Joshua Sukoff on Unsplash

CYBER THIEVES ARE STALKING YOU… WHAT YOU CAN DO TO PROTECT YOURSELF


An article in the Wall Street Journal – in the height of tax season – announced that TurboTax was temporarily suspending transmission of state e-filed tax returns in response to a surge in complaints from consumers who logged into their TurboTax accounts only to find thieves had already claimed a refund in their name. That news comes as the most recent of a long trend of cyber threats including cyberattacks against Home Depot, JP Morgan Chase and Anthem, Inc. Fraudulent return filings stealing millions of dollars of taxpayer refunds are on the rise. The IRS estimated that it paid $5.2 billion in fraudulent ID- theft-related refunds in 2013 and they’re expecting that number to significantly increase in 2014.
 
The TurboTax problem, due to cyber thieves, brings to light a key security issue – end users (individual people) are getting hacked from their home computers. We speculate that thieves did not break into TurboTax and steal identities, there was no breach of their security that they could detect.  Instead, thieves are stealing your logon information directly from your home and office computers. How? Often through malware/spyware that loads onto your machine through virus-infected e-mails in your inbox or by visiting infected/compromised websites. Rootkits (a type of virus) is a collection of tools (programs) that may consist of spyware and other programs that secretly monitor your network traffic and record keystrokes as you use your computer and send the information back to the hacker who gathers this information and sometimes uses or sells it on the dark web to criminals. Another way cyber criminals gain access to your information is through their ability to hack into your e-mail account. Most people have easy to remember passwords that are also easy to crack which hackers use a tactic called social engineering. A cyber thief cracks your e-mail password, logs in as you, can easily search through your e- mail and gather all sorts of financial information about you (how many of us get our monthly bank and quarterly investment information e-mailed to us instead of paper-mailed?). They then access those financial sites and use the “reset logon” or “reset password” features most sites permit, wait for the “reset” e-mail to hit your e-mail account and change the logon information. Some of the more secure sites have implemented security questions as an extra level of security which can prevent hacking.
 
There’s definitely a trend for thieves to get into your computer and gather enough information about you to file a fake tax return. At Wiss we’ve had a handful of clients experience this. Our firm has very sophisticated, multi-level security in place to protect our clients’ data, but thieves had stolen enough information from clients’ home computer to fill out a fake return and get some sort of refund delivered to an account that was then closed. We became aware of it when we went to file the actual return and the taxing authority rejected it because one had already been filed for that taxpayer’s social security information. Working with the taxing authority to register the theft, file the correct return and secure the refund for the client is an arduous task that can take many months and requires a ton of paperwork and proof of identity by the taxing authority.
 
So what can you do to protect yourself?  Here are some basic things you can do:
 
1.       Install and maintain a quality anti-virus software which will check for viruses on your home and/or office computer on a regular basis which also checks for viruses on incoming email. Just as important as installing anti-virus software is to update it regularly. As new versions are released upgrades should be installed. Cyber thieves and hackers are fast and adaptable. New

 

viruses are discovered hourly so it’s very important to make sure your anti-virus software updates on an automatic schedule which should be set to an hourly basis.
 
2.       Firewalls either on your network and/or computer must be enabled, configured properly, and updated. Firewalls can keep the bad guys out and your data safe.
 
3.       Never open unknown or suspicious e-mail. Know your senders and know what you subscribe to. Social engineering and phishing tactics are used to infiltrate your computer, meaning they enter your computer when you open the e-mail containing the virus. For example, an email from a frequent contact may appear to be from them but the email address behind the person’s name is from a cyber-thief. Viruses can do things like track keystrokes and send the information back to the cyber thief who can then access any accounts you’ve visited on your computer.
 
4.       Obtain your software from reputable sources – downloading programs you’ve purchased from shady sources or freeware sites are most likely infected. Be sure to keep your system and programs up to date as security patches are released periodically. Internet browsers have security features in them such as popup blockers, smart screen filters, ActiveX filtering and security features that should be enabled and configured properly.
 
5.       Hackers often leave infected USB drives unattended for you to pick up in the hopes that you plug it into your computer so they can gain access. Most virus scan software will scan media as it is introduced to your computer. As a best practice you should always scan all media before introducing to your computer and network.
 
6.       Don’t keep sensitive financial passwords, logons and other information in your online mail or transmit this information electronically. I can’t tell you how many clients we see who store their social security number, logons with passwords for financial institutions and other data as a “contact or email from themselves” in their mailbox or keep scans of social security cards stored in their online photo album or on their computer desktop or “C” drive. This is prime fodder for cyber thieves who have applications to scan and pick up this information quickly and easily.
 
7.       Thieves are also highly-adept at figuring out passwords and utilize complex password cracking programs so you need to keep a step ahead of them by making your password impenetrable:
a.       The longer the password, the tougher it is to crack so try to use 10 or 12 character passwords that mix letters and numbers. Best way to do a password: pick a sentence or phrase you can easily remember and then use the first letters/numbers of each word, alternating capitals and lowercase and adding a special character somewhere. For example, take the phrase: “Jack and Jill went up a hill” which can be typed as, J@cknJiL!w3nt^Ahi!! . That’s a tough password to crack.
b.      Be unpredictable – don’t use birthdays, your name, common words, SSN, etc. in any partof the password.
c.       Do not use the same password for multiple accounts.
d.      Do not text message, email passwords or store passwords electronically.
e.      Change your password regularly (make it a practice to change them quarterly)
f.        Do not use sticky notes on your monitor or desk with logon information. This is extremely dangerous.
g.       Never give your passwords to anyone.
 
In addition to taking these basic steps to protect yourself online, it’s also a very wise idea to get your tax preparer your tax information as quickly as possible in the start of the year. The faster we can prepare your return and file it, the less chance a thief has to file a fake one and steal your return. Plan on getting your information to us as soon as you possibly can.
 
Questions on security?  Send me a note at [email protected]