ZTNA: Your Security Escort Service

So, here’s the problem that starts at your firewall: Your security setup grants permission to a credentialed user to access your system. The credentials have been authenticated by several methods, and the user is free to move about your apps and files. It’s an everyday occurrence with our mobile, hybrid work systems. But what happens when someone either fools your authentication system or decides to go rogue? ZTNA gives you the ability to follow every user everywhere in your system.

ZTNA stands for Zero Trust Network Access, and it’s based on the premise that you can’t trust any user with unfettered access to your entire system. The rationale for a business to use ZTNA goes back to a security breach at Target more than 12 years ago, when the personal and credit card information for some 40 million customers was compromised. It’s become a classic case study for cybersecurity.

In short, hackers exploited a vulnerability in the system of a third-party contractor, a mechanical engineering firm. Using stolen credentials, the attackers gained access to Target’s systems, where they deployed malware on the company’s point-of-sale (POS) devices. This allowed them to capture sensitive customer information without being detected for several weeks.

Granted, firewall security systems have become much stronger over time, but for most of them, you can access any part of a system once you get past the firewall. ZTNA technology never stops tracking any user as long as they’re inside the network.

  • It grants access only to specific applications and files based on system admin’s determination of each user’s need to know.
  • It assumes every access attempt is risky (zero trust).
  • It continuously monitors a user’s activity and verifies it.

In operation, ZTNA sets up one-to-one connections between users and the resources they need. It’s similar to two people who need to contact each other by exchanging phone numbers. But unlike two people exchanging numbers, ZTNA connections need to be re-verified and recreated periodically.

The technology is also device-based, which is critical in our hybrid work world of BYOD (Bring Your Own Device). ZTNA can incorporate the risk and security posture of devices as factors in access decisions. It does this by running software on the device itself (sort of like a license plate reader) or by analyzing network traffic to and from the device.

While there are variations of ZTNA technology, the bottom line is that the protection of your data – and your clients’ and customers’ data – is priceless. This is where we can help. Call us – 973-433-6676 – or email us to talk about your security needs, your workforce’s access needs and your administrative needs.

Old Windows, Old Files

Believe it or not, we have some clients who need to keep computers capable of running really old versions of Windows to access equally old files. They need to keep these legacy systems going, and we have ways to help them.

One client still has a system running on Windows XP. Windows XP is 24 years old, yet some people consider it to be one of the best pieces of software ever made by Microsoft, and the best all-round version of Windows. It had a reputation for being a reliable workhorse.

One of the apps it can run is Lotus 1-2-3, a discontinued spreadsheet program from Lotus Software. It was the first killer application for the IBM PC and was hugely popular in the 1980s. Running on DOS, the operating system that preceded Windows, it significantly contributed to the success of IBM PC-compatibles in the business market.

Our client still has Lotus 1-2-3 files, which contain vitally needed information, and a computer with Windows XP. Because the Windows system hasn’t been updated for many years, it needs to be kept offline with a separate firewall so that files can be accessed and printed without jeopardizing the company’s security.

While this is an extreme situation, this client is not alone. We support a number of clients who need to use legacy systems, and our major concerns are preserving their access to files and keeping their systems secure.

Because backward compatibility depends on what files can be read, we do whatever we can to make sure files are backed up. We also set up parallel systems to protect online security for the rest of their technology. The older the legacy system is, the more intricate our solution becomes. For most clients, this involves Excel spreadsheets.

If you have a Windows operating system that’s older than Windows 11, we should be looking at systems to backup files and maximize your access. Technology changes quickly, and the sooner we can get to something, the better the plan we can design and implement to protect your valuable data and access to it.

Call us – 973-433-6676 – or email us to start the conversation. It’s much easier to get everything in order as soon as possible, and that will also help you control your costs.

WiFi Jammers

A recent TV news report on criminals in Morris County using Wi-Fi jammers to disable security cameras and communications grabbed our attention. It should grab yours, too.

The news report focused on a crime ring that’s using Wi-Fi jammers to break into homes. In some cases, they’ll install their own surveillance cameras in a property’s landscaping to know when residents leave their homes. In this case, the homeowner was in his basement when he heard a loud noise coming from the ground floor of his residence. He used his home surveillance cameras to see someone attempting to enter his home. He soon lost his camera and phone service, indicating to police that a Wi-Fi jamming device was in use. The resident was still unable to utilize his cellular phone to call for assistance due to the jamming device.

Let’s look at that last sentence first. The reason the resident couldn’t use his cellphone is because it was likely set to make calls on the Wi-Fi network if the network is available. Our guess is that he could have made the call if he had turned off Wi-Fi on his phone. Heed that point when you face an emergency.

That can be especially true when it comes to security devices. Hard-wired devices perform better and more reliably. Yes, it sounds old-fashioned, but it works. If you have a security system installed by an alarm company, it’s likely hard-wired and connected to a monitoring station via a cellular network – and it has a battery backup in case the power goes out.

Wi-Fi networks are low-hanging fruit for criminals, and we make that fruit more accessible through our own ignorance or laziness. You can’t make your Wi-Fi totally jam-proof, but you can make your network more secure.

The following steps are nothing new to long-time clients and readers of this newsletter, but let’s run through them anyway:

  • Whenever you install a new device – especially a security device – that’s tied to your Wi-Fi network, IMMEDIATELY change the default username (it’s usually “admin”) and the password (it’s usually 1234).
  • Make sure your firewall software is up to date and running to keep out unwanted intruders. It’s one thing to be jammed. It’s another thing to be invaded.
  • Make sure you keep all software for operating systems, hardware and apps up to date and running. Updates contain security patches and bug fixes as well as performance enhancements. A single weak link anywhere in your technology chain can expose your entire system.

In our opinion, a security camera system that’s hardwired to a central location in your home but is accessible through the internet – independently of Wi-Fi – is best. We can help you with the internet connection and show you how to access your security system from anywhere in the world.

We can also help you prevent intrusions by outsiders by providing a thorough security audit of your technology system and making recommendations to improve security. That can include the installation of new systems and user training.

We all have a lot at stake in our homes and businesses. With the rise in hacking and the use of technology to break down our defenses, it makes sense to take every step you can to harden those defenses. Call us – 973433-6676 – or email us to talk about your needs. And make sure you turn off Wi-Fi on your cell phone in an emergency.

Phishing in Your Own Waters

If you own a small business or professional services firm, you depend on your employees to have enough tech savvy and common sense to avoid links in email messages or on websites that open your system to bad actors. No matter how much you trust them, you need to verify they’re doing the right thing. You can test your human security defenses by using your own phishing expedition to see how they’re doing.

We’ve become acquainted with independent cybersecurity firms by attending conferences over the years. We learn a lot from our peers and presenters – such as it takes an average of 244 days to detect a system breach and that using the cloud will be a necessity by 2028. We’ve also emphasized the need to have a thorough security audit, but as an IT firm, there’s only so much we can do. We also think that an IT firm is not the best organization to really get into the granular details of your security because we all have a vested interest in finding problems to fix.

An independent security expert can find the smallest breach openings in your system and tell you what needs to be done. One of the most fascinating tools they use is a phishing campaign aimed at everyone who works in your organization. They can plant fake links and QR codes and any other tool that a hacker can use to get someone to open a window into your system. They also have tools to mimic the follow-up methods that hackers use once somebody makes the initial click – or the first phone call to a bogus number.

The educational value of using your own phishing expedition is enormous. Not only will it help you patch up holes in your organization, but it also becomes a great teaching tool about why everyone needs to be vigilant. As we use more and more data to conduct business – and in our personal lives – it becomes more and more important to protect that data. You should remember that your organization is part of a data custody chain – a chain that can branch off in many directions. Intruders are highly sophisticated and well-funded – as well as very patient. They will do whatever it takes to get into your system and build tunnels to other systems. You put your reputation and integrity on the line every time you take in data and send it out.

AI will be able to generate untold amounts of data, but there is little it can do to eliminate misinformation automatically.

Eliminating misinformation requires real human intelligence and deliberate, active steps to prevent that first breach – the one that could take 244 days to find. At the risk of sounding like a broken record, in every location and on every device used to conduct your business:

  • Use a firewall and make sure it’s up to date.
  • Use anti-virus and malware software and make sure it’s up to date.
  • Install updates to operating systems and application software on every device you have. Those updates contain security patches and bug fixes to prevent intrusions.

We can help you arrange for a comprehensive security audit that includes a phishing expedition and a deep dive into your equipment and practices. Call us – 973-433-6676 – or email us to discuss your needs and develop a security action plan.