Atlantic Business Technologies, Inc.

Category: Cloud Security

  • What Could Have Prevented Equifax’s Security Failure

    On September 7, 2017, credit agency Equifax made a stunning announcement. They had suffered a massive data breach aimed to affect 143 million consumers.

    Equifax is one of the three largest credit agencies in the United States. Their databases contained full names, Social Security numbers, driver’s license numbers, mailing addresses, birth dates, and credit card numbers. All manner of personal information was now available to the hackers. And then, things became worse.

    The Fallout

    The loss of their consumer’s sensitive information was bad enough for Equifax’s reputation. But, the details showed a situation that was far more infuriating. Equifax had learned of the breach on July 29th. It took the company more than five weeks to disclose the data loss to the public. In those five weeks, three Equifax managers sold close to $1.8 million worth of stock in the company. Sure, Equifax was working with the FBI and Mandiant to identify the attackers. But it wasn’t enough. Their poor security and misleading secrecy had done severe damage. The only ones Equifax could blame was themselves.

    Bonus: on September 13th, Equifax faced accusations of more poor security practices. Their Argentina branch suffered exposure due to a terrible password

    Equifax launched a WordPress-powered website to help those consumers affected by the breach. This site asked their visitors to share six digits of their social security numbers. This was not the best idea on a stock installation WordPress site. It’s not news that WordPress has also fallen victim to many serious security exploits. This new site did not offer the kind of enterprise-level security needed. Equifax also failed to get proper consent for gathering and sharing sensitive information. This act was not compliant with GDPR regulations in the EU. Had no one learned their lesson?

    How the Attack Happened

    Equifax continued to hide critical details from the public. The number of those affected would only continue to grow as time went on. New information came out, stating that even more personal customer data had been loss. This was unbelievable. Why have this information in the first place? And how could anyone fail to protect it?

    With regards to how the breach happened, it’s hard to know the truth. The company’s conduct reveals them as untrustworthy. Yet, they are our primary source of information. It’s unclear whether their site was up to date on the latest security patches. What is clear is that the company’s web applications offered very broad access to data. ‘Very’ is an understatement. Excessive access to personal identification would be more accurate.

    This narrative is not a new one. Major corporations suffering large data breaches pop up in the news daily. It’s unfortunate that this continues to happen. Especially to companies that store sensitive data. Why does security continue to be lax? Unfortunately, many organizations focus on growth and business goals first. Information security is often an afterthought. While growing one’s business is vital to survival, so too is the trust of the consumer.

    How It Could Have Been Prevented

    September 2017 feels like a lifetime ago. Yet, almost a year later, consequences are still being born out for Equifax. There are many lessons to learn here. Ensuring application and cyber security are essential to our hyper-connected world. A thorough penetration test or code review could have found the security risk early on. Introducing powerful automation into the company’s security testing would have also helped. They would have been able to identify the risk long before it became a serious problem.

    Every one of these measures is part of a sophisticated SecDevOps approach. More companies need to integrate security thinking and best practices into web development. Cyber security requires time and investment. It is worth it to provide customers with the safety they expect. Develop a brand that can earn trust. A stronghold that can protect everyone in and outside the company will reap countless benefits. Organizations must value cyber security. Until then, significant data breaches will continue to occur.

    If you are one of those companies who does want to protect your site from hackers, we’ve got your back. Our cyber security team is ready and able. Contact Atlantic BT for a free consultation. We’ll keep you safe and allow your customers to feel secure.  

  • Why it’s Safe to Invest in Outsourced Cyber Security

    Cyber security, in the business world, is a lot like life insurance. Everyone acknowledges that they need it, but most people hate to think about it.
     
    The topic brings up a lot of uncomfortable feelings. It forces business owners or executives to think about painful ‘what-if’ scenarios. No one enjoys spending time dwelling on the worst thing that could happen to their company. These thoughts might also involve digging into (or hearing about) technical details. Complicated, hard to understand technical details. Add in the fact that it takes time and money to close up cyber security issues and ta da! You have all the makings of a situation where it’s easier to procrastinate than it is to take action.
     
    But, cyber security isn’t a topic to ignore. It needs to be a primary focus for your website maintenance. For the why and the how, let’s start at the top.

    The Importance of Strong Cyber Security

    The need for good cyber security has never been more necessary. Hardly a week goes by when we don’t hear about major hacks, data breaches, and leaks. Many Fortune 500 companies have fallen victim to hackers. So have an untold number of small and medium-sized businesses. No one is safe.
     
    It isn’t only the prevalence of cyber crimes that are the problem. The costs associated with recovering from them can add up and faster than you think. The clean up after a hack can be expensive. You have to buy new hardware and software. There are emergency IT hours and extensive patching that will all affect your budget. On top of that, your brand will take a hit. Data breaches breed mistrust. Your business was unable to defend itself and protect user information. This hurts your credibility in the market. Your company could suffer long term problems in every area of your brand.
     
    If you don’t have good cyber security procedures in place, you’re playing with fire.

    Why You Should Look to an Outsourced Vendor

    So, you accept that cyber security is a good investment. This is smart. What next? Where should you invest your resources? Many business owners will seek to hire an in-house IT professional. But, outsourcing could be a much better option.
     
    An established web development or IT company offers many benefits. One being a team of seasoned professionals with various specialties. It might be burdensome to bring on a full-time employee whose sole job it is to keep your data safe. Instead, you could get a whole team of better qualified people looking after your systems, 24/7. Even better, their services will be at a much more affordable rate.
     
    Outsourcing cyber security is particularly beneficial to businesses in very regulated industries. Government offices and companies that work in healthcare finance are good examples. An outsourced team will have direct expertise in these areas. Research, experience, and knowledge will help the team provide the best safeguard. All while complying with the many regulations at play. You can feel safe from hackers and legal battles. Finding an employee with that specific base of know how will most likely be a struggle. But you can gain everything you’re looking for and then some, in one outsourced team.

    Let’s Make Your Website Safer Together

    Want to ensure your data stays safe from hackers and thieves? Of course you do. Struggling with complicated industry requirements for compliance and confidentiality? Wait, there’s more? You’re also struggling with addressing these two needs via cyber security tactics?
     
    Good news. We’ve got your back.
     
    Contact the Raleigh-based web development team at Atlantic BT today. We will be happy to give you the answers you need!

  • How to Grant Transparency on Amazon Web Services

    When you start working with an Amazon Web Services partner, transparency is important. On the one hand, these cloud experts need to have a good deal of information to do their best work on your AWS environment. On the other hand, you need to know you can trust these AWS engineers with your sensitive information and processes. This kind of trust and transparency is tough while you and your potential partner are negotiating the business relationship. And before a contract has been signed. That’s why it’s important to know how to grant read-only access on AWS.

    Why Read-Only AWS Access Is Important

    Read-only access in an AWS environment is useful for when someone needs to look into your cloud environment WITHOUT being able to change anything. This way an AWS vendor can view a potential client’s setup and existing AWS applications before signing a contract and committing to helping them with AWS environments.

    In addition, often the business users who negotiate a new AWS partner relationship aren’t as well-versed in the specific needs of their own system (unlike their IT team). By granting read-only access for a potential new vendor, business users can get a better sense of what their AWS needs are and what kind of environment will work best for their business. If you want to handle technical debt (things that your system is doing/running that you aren’t aware of), providing this kind of visibility is helpful for your vendor relationship to begin with the right kind of understanding and transparency.  

    While AWS has extensive documentation about sharing views of an AWS environment, these descriptions can be intimidating to less technical users. What follows is a step-by-step guide for  how to grant read-only access to your AWS account.

    GUIDE: How to Create Read-Only Access on AWS

     From the main console screen, type in IAM. And select the suggested link.

    AWS services screenshot

    From the IAM dashboard select the Users section and then Add user button.

    Enter the new username for your read-only user (ABT_ReadOnly in this example), select the Programmatic access and AWS Management Console Access. Then select Next: Permissions.

    AWS Set User Details screenshot

    Select the Attach existing policies directly button, then use the search bar to search for ReadOnlyAccess policy. Select the check box beside that policy. Then select Next: Review.
    *NOTE: it’s imperative that you select Read Only Access Policy and set the right permissions. Otherwise you’ll grant too much control to your potential new party.

    AWS Set Permissions ScreenshotSelect Create user.

    Final create user screen on AWSOn this screen, you will need to share the following credentials with your new user: the access key id, the secret access key (select the show option), and the password (select the show option)

    You can also download the keys with the download .csv button and provide that csv with the password to your AWS vendor. Your AWS vendor will also need the link shown in the green window where it says “Users with AWS Management Console access can sign-in at:___________ “. This link will allow your new user to sign in.

    If any of these steps have you stuck, or if you’d like to ask questions about AWS user privileges, my team will be glad to help. Please reach out to us on the ABT contact form, or take a closer look at our AWS services page.

  • How to Tell if Your Website Has Been Hacked

    Like most businesses, you depend heavily on your website. It handles everything from marketing to eCommerce transactions and all the stuff in between. Without it, your business would face quite a setback. And yet, everyday, many businesses leave their website vulnerable to attack. And this puts their business at risk.

    But hey, your website is OK. You have a firewall around the web server and that should take care of your site, right? Actually, it’s not enough. Not even close.

    [general_cta subtitle=”Suspect your website was hacked?” title=”Atlantic BT can help you handle the issue and prevent future breaches.” button_text=”Request Help” url=”/contact/” type=”button button–primary”]

    How You Can Tell if Your Website Has Been Hacked

    Every website, regardless of where it is hosted, is vulnerable to being hacked. While no system can be 100% safe, there are steps you can take to secure your site. And it begins with knowing what signs to look for that let you know you may have already been hacked.

    • Strange Content. You and your team have put a lot of effort into creating great content on your site. It closely follows your content strategy and everything looks great. Except on some pages, there is some strange content that you didn’t write. Upon closer inspection, you see links to other websites that sell Viagra, knock-off designer purses, watches and more. This is a tell-tale sign that your site has been hacked and it has been co-opted into the hacker’s network.
    • Website Performance. Do you keep a close eye on the technical performance of your website and servers? By regularly monitoring the performance, you will quickly pick up on unusually slow or broken processes. For example, we recently noticed that a checkout page on a client’s website was taking about 30 seconds to load. The normal load time is less than four seconds. This is unusual and was an indicator that we needed to dig further into the situation.
    • Broken Code. Are you noticing an increase in the number of errors related to form submissions? Do pages load but are missing most of their content? When hackers get inside a website, they can intentionally or unintentionally break the code, which leads to errors on the page. If you notice an increase in errors, your site may have been hacked.
    • Unexplained User Accounts. It is good business practice to know who has access to your database, content management system (CMS) or eCommerce application. You should periodically check the file of authorized users to see if there are any users you cannot account for. If you see unknown user accounts, chances are your site has been hacked.
    • Unknown Plugins. Many of today’s websites use a CMS that relies on plugins to handle specific functions. Hackers know this and will often use a tactic where they inject files into your website that can disguise themselves as plugins. If you notice unusual plugins on your website, it is likely that a hacker has gained access. You need to investigate where these plugins came from and what they are doing.
    • Your Site Has Been Blacklisted. If your web server has been compromised by hackers and is being used to send out spam or has been enlisted as part of an attack on another website, there is a pretty good chance that your site has been blacklisted in search engines and added to email blacklists. This means your visitors may get a warning notification when accessing your site or they may not be able to get the site to load at all. Additionally, they may not be able to reset passwords because you are unable to send the reset email out to them.
    • Suspicious Activity in Your Website and Server Logs. Website and server logs are an advanced way to detect a hacked website.  Often you may see one IP address hitting a particular page over and over, possibly for days or weeks.  You may see a page you don’t recognize in the logs being accessed by many different IP addresses. Reviewing your server logs regularly and looking for indicators such as these can provide an early warning about attempts by hackers to gain access to your site.
    • Unexplained Server Processes. As I mentioned above, I strongly recommend that you monitor your website and infrastructure on a regular basis. Sometimes you may see suspicious process behavior within that environment that you can’t explain. For example, you may notice that your email server process is consistently hovering around 30% usage, even though you don’t have any active visitors on your site right now. This is a pretty good sign that your site has been hacked and is used to send email. Additionally, if you see perl (a web scripting language) running on your server, but you are certain you don’t use perl, it could be a sign that someone is running an unauthorized process on your server. Regular monitoring of your server will help you detect these situations.

    What to Do if You Suspect Your Site Has Been Hacked

    Unfortunately, this isn’t an exhaustive list of signs that indicate your site has been hacked. But these are some of the most common signs. But what do you do if you spot any of these indicators? Below are a few steps we recommend:

    1. Investigate. Just because you spot some strange code or a page is taking a long time to load, it doesn’t necessarily mean that your site has been hacked. Investigate the situation. Perhaps a team member installed a new plugin without telling you. Or, your site may require more memory or processing capability than you currently have allocated to it. This can cause the site to perform slowly. Gather as much information as you can about the situation before reaching any conclusions.
    2. Shut off access. If your investigation shows that someone has hacked the site, consider closing off access to the site for all users. You need to stop the bleeding and this is the fastest way to make that happen.
    3. Clean up the site. Once you have eliminated the opportunity for anyone to gain further access into your site, you need to clean up the damage. This could involve cleaning the code or removing unauthorized plugins. In some instances, it could take a significant amount of time to undo the damage. But you must take this step to get things back to normal.
    4. Prevent future hacks. As I mentioned earlier in this post, you cannot make your site 100% safe from hackers. But this is a good opportunity to review your current defenses and see what you need to do to further shore up your website from future attacks.  You’ll also want to make sure you’ve updated your CMS and plugins to the latest versions.

    How Atlantic BT Can Help if Your Website Has Been Hacked

    At Atlantic BT, we’ve helped many businesses develop a cybersecurity strategy to protect their website from hackers. We also offer on-going monitoring of your website and IT infrastructure to keep an eye on what’s happening. And we do it 24/7/365. If you are interested in learning about our website security offerings, contact us to talk with one of our solutions specialists. We’ll gladly discuss your situation and help you develop a custom security strategy for your website, giving you peace of mind over this critical area of your business.   

    [general_cta subtitle=”Need help?” title=”Get in Touch for a Free Consultation” button_text=”Contact Us” url=”/contact/” type=”button button–primary”]

  • Is Your Website Protected From Disasters and User Errors?

    Did you know that your website can vanish or suffer irreparable damage in just a few seconds? Many business owners and executives don’t. This can lead to nasty surprises. Especially if the site’s layouts, data, and content have no protection. Terrifying, no? Website protection is a vital part of your business’s internet success.  

    Your stored files and information can disappear at a moment’s notice. Every single one. It’s true. There are many events that can cause this to happen. Power surges and outages, hardware failures and simple employee mistakes. Even attacks made by Artificial Intelligence! These things can make retrieving different parts of your website impossible. Of course, it goes without saying that hackers love breaking into websites. They aren’t particularly concerned about what they leave behind.
     
    For these reasons and more, website protection makes good sense. It prepares your pages to stand strong against the unknown. Building an effective website presence takes an investment of time and money. That can be hard to recoup after the fact. Here are some quick tips you can use to safeguard against a variety of circumstances that lead to data loss.

    The best thing an organization can keep in mind is how long can they afford to be down after a disaster. Atlantic BT leverages Amazon for precisely this consideration. It allows us to plan for potential disasters and keep our client’s sites and applications up and running, while recovering as fast as they need to based on their objectives. Being prepared for the unknown can feel impossible, but with the right strategy, it’s far from it.  –Eric Lloyd, Security Solutions Consultant 

    Update Your Website and CMS

    Content Management Systems (CMS), such as WordPress, thrive on frequent updates. New, available features keep the systems on par with evolving technology. But consistent updates are also important for security and stability.
     
    If you let yours get out of date for too long, it could become a prime target for hackers. It’s also possible that an outdated CMS will stop working with certain plug-ins. Also frustrating, it could fail to connect with servers as designed. Any of these could lead to parts of your website suddenly disappearing.

    Make Sure You Have Regular Backups of Your Website and Data

    It’s impossible to say your website will never have problems, despite taking proper precautions. Effective website protection won’t always be fool-proof. That’s why it’s a good idea to have your files backed up on a regular basis. Be sure to store extra copies of your website with any new changes.
     
    This rule applies to content and to data that you exchange with customers. Databases, newsletter subscription lists, this type of information needs protection as well.

    Check Your Web Analytics

    Often, you can’t see the first signs of a problem with your website. But,there are other clues. You’ll see a lack of incoming traffic, or new redirects to other websites. Content is not accessed as it used to be. Someone must keep a close eye on your web analytics. Otherwise, these problem indicators will go unnoticed. Website protection is more than just having guardians at the gate. Your watchmen are also important. 
     

    This is something a reputable web design and development team will do on your behalf. They’ll track statistics from your pages. They’ll also schedule frequent website audits and performance reviews. This will allow them to know what’s going on behind the scenes. But choose your team wisely. A bargain-basement development company might not have the kind of monitoring you need.

    Worried About Your Website?

    Are you worried that your website isn’t as protected as it could be? Then now is the time to get the expert advice and monitoring you need. Contact the team at Atlantic BT today. There are three things they’re ready to combine.
    • Creative Thinking
    • Smart business strategies
    • Technical know-how
    See what the results are for your business.

  • 3 Threats and 3 Benefits of the Internet of Things

    The Internet of Things (IoT) is a new interconnection of technology. It is being heralded as the next industrial revolution. What does this imply? Only radical change, disruption, and a brand new paradigm for the planet. Nothing too intense, right? The Internet of Things is an extension of existing connections. These connections are between people and computers to include digitally-connected “things”.

    These things measure and report data. This data can be simple numbers from a stationary or mobile sensor (such as a temperature sensor). It could also be more complex findings from devices that measure and report many data streams at a time. These advanced devices can even actuate or effect data they’re measuring. A good example of this would be a connected thermostat.

    [general_cta subtitle=”Application Development & Security Solutions” title=”Learn more about our client success stories.” button_text=”View Our Work” url=”/our-work/ ” type=”button button–primary”]

    The IoT is advancing exponentially. Some even say we’re in the “knee of the curve”. This describes the point where advancement happens very fast. Such speed means that its potential uses are beyond the reach of speculation. Even so, many organizations hesitate to experiment and invest in IoT technology. Here are the three parts of the IoT we’ll discuss.

    • IoT threats
    • IoT benefits
    • The path to realizing the potential IoT brings

    Internet of Things Threats

    Threat 1: Security and Privacy

    If you’ve paid attention to major technology news stories, you’ve heard a lot of scary things.

    • The hacking of companies
    • Stolen Identities
    • The hijacking of app-connected cars

    These events are all enough to cause some serious anxiety. You can understand how digitally-connected things have definite security risks. Often, default device settings equate to “wide open”. Many organizations don’t have strong security protocols in place. This is even when access controls are present. This is the IoT equivalent of having a username/password combo of “admin” and “password”.

    Even if you’re savvy enough to configure the connected device the right way, other gaps exist. Connected device manufacturers are often slow to update firmware or release patches. These companies may not provide support at all. Instead, they prefer to resolve security issues with the next version of the “thing”. So, security and privacy on your network of things has to be your responsibility. This may seem unfair as you are the user implementing the tech.

    Threat 2: Data and Complexity

    The IoT generates countless bytes of data. But that isn’t how businesses measure its value. They look at the analysis of trends and patterns. For example, say you have a single sensor reporting one of ten possible values every week. In one year, you’d collect 52 points of data. But, the number of possible combinations of those 52 points is 1 x 1052. Want some perspective? The estimation of the number of atoms on the entire planet is 1 x 1050, which is 100 times fewer.

    Now, imagine the data complexity when thousands of sensors collecting data. The sensors do this each hour across a single organization. You need a plan to process and analyze these huge quantities of data. Then you can translate these findings into better business practices.

    Threat 3: Business and IT Buy-in

    Persuading stakeholders to buy into the IoT can be difficult. Concerns about security and complexity can be intense. There are other factors holding back progress as well. The perceived costs and risks to laying a foundation are considerations. Even running a single experiment can get in the way of stakeholder buy-in. There are plenty of consumer-focused, cloud-managed IoT products out there. But they do little to comfort those looking to introduce an IoT strategy to their enterprise.

    Internet of Things Benefits

    In short, the scale of change that IoT technology offers can be scary. At the same time, the benefits of a well-executed IoT strategy can be a “Holy Grail” for an organization:

    Benefit 1: Safety, Comfort, Efficiency

    Imagine measuring and managing hazardous environments while juggling many factors. You must do this without putting people at risk. And don’t forget to optimize all physical environments for comfort and productivity. Also, you better control those energy costs. Now imagine monotonous tasks automated and done by machines. For example, smart assembly lines could report errors in real time. This produces higher yields and less downtime.

    The result is more time for productive and rewarding work. This would drive higher employee satisfaction and retention, while dramatically improving profit margins.

    Benefit 2: Better Decision Making

    If you can analyze larger trends from empirical data, you can make smarter decisions. This takes assumptions out of the equation. Instead, it’s giving you data-backed visibility into every aspect of your business. Consider testing cycles. They would radically shorten, lowering the costs to optimize a process. Also, the visibility into system behaviors can yield new insights and ideas. This can guide your business like never before.

    Benefit 3: Revenue Generation

    At first, the above benefits will impact your bottom line by reducing expenses. The IoT will also help to improve efficiency. But, it’s only a matter of time before IoT data analysis helps you realize new business functions. Also, this will lead to new revenue opportunities. The IoT may be that special “X factor”. It’s uniqueness gives many organizations a strategic advantage over the competitors. This advantage will be valuable to companies now and into the next decade.

    2 Keys to Begin Using the Internet of Things

    Knowing the risks and benefits of the IoT is important for any company wanting to enter that arena. Now that you have this knowledge, what can you do with it? How can you help your organization take advantage of the Internet of Things? And how can you avoid excessive risk?

    Start small

    A small project is most likely to gain buy-in and succeed. Save the unexplored potential of long-term interconnected devices for later. A natural starting place is to take steps toward making your workplace a “Smart Office”. What does this include?

    • Automated conference room reservations and management
    • Digital asset tracking of equipment or parts
    • Monitoring energy or water consumption and then optimizing usage

    Assemble the right team

    The right time will need the right skills and attitudes. You will need some technological expertise. You will also need some forward-thinkers. These guys will have tons of excitement about bringing innovation into your organization.  You’ll need to make it through three primary phases:

    1. Build a business case and kick off a project
    2. Select, analyze, and rank IoT Tech for the project
    3. Plan, execute, and support

    Atlantic BT would love to help you along the way.  We have a large, dedicated CyberSecurity team ready and able to prepare you for the future.

    [general_cta subtitle=”Ready to get started?” title=”Get in Touch for a Free Consultation” button_text=”Contact Us” url=”/contact/” type=”button button–primary”]