Skip to content

Critical Infrastructure’s Silent Threat: Part 1 – The Invisible Enemy

Part 1: The Invisible Enemy

Programmable Logic Controllers (PLCs) are an essential part of industrial manufacturing plants. They are widely used in industrial control systems (ICS)  to automate processes in critical infrastructure sectors such as energy, water, and transportation. In addition to their day-to-day operational activity, these connected devices generate and exchange vast amounts of security-critical information. For this reason, they have become key targets for a growing number of cyber security attacks.
Continue reading

runZero 3.6: Introducing organizational hierarchies

What’s new with runZero 3.6?

Organizational hierarchies

Organizational hierarchies help streamline user and permission management. When creating and editing organizations, you can define an organizational hierarchy that allows for inherited user permissions.

The users assigned to the selected parent organization will maintain the highest assigned permission in the child organization unless specified in their user permissions. For instance, if a user is a viewer in the parent organization, but an administrator in the child organization, they will maintain their admin status in the child organization when the parent-child relationship is created.

Organization hierarchies can be three levels deep, and user permissions in a child organization can be upgraded, not downgraded, from the currently set permissions in the parent organization.

CrowdStrike integration improvements

The CrowdStrike integration now populates asset software information from Falcon Discover. Additionally, IP addresses imported by CrowdStrike are now considered primary addresses and will be used for correlation, and the CrowdStrike credential verification is now seperated by service.

Operating system CPE assignment

The operating system Common Platform Enumeration (CPE) field is a string describing detected operating system software aligned to the CPE naming scheme. This field is queried using the syntax os.cpe23:<text>. In cases where runZero was able to fingerprint the operating system but the NIST database does not contain an official matching entry, an unofficial CPE will be generated and include r0_unofficial in the other field of the CPE.

New protocols and fingerprints

The runZero scanner now reports legacy RDP authentication, decodes additional ISAKMP/IKEv2 fields, and improves the fingerprinting of AirPlay devices.

Additional fingerprints were added for products by 2N, Aastra, Alien Technology, AMI, Arista, Asterisk, Avaya, Canon, Cisco, D-Link, Dell, Eaton, Echelon, Fortnet, FreePBX, GAI-Tronics, Grandstream, Hillrom, Honeywell, HP, HPE, Intel, Jenkins, Lantronix, Lenovo, LG, Logic Controls, Logitech, Meinberg, Mitel, Moxa, Netgear, NetApp, Quantum, Palo Alto Networks, Panasonic, Poly, QNAP, Samsung, Sierra Wireless, SoundCom, Spectralink, STARFACE, Tektronix, Thomson, Ubiquiti, VTech, Wahsega, Yealink, ZTE, Zultys, and Zyxel.

New Rapid Response queries

A new query was added to quickly identify OpenSSH 9.1 Servers affected by a memory double-free vulnerability.

See runZero 3.6 in action

Watch the video to see a preview of some of the newest features in runZero, including organizational hierarchies, research updates, software inventory from CrowdStrike, and OS CPE information.

Release notes

The runZero 3.6 release includes a rollup of all the 3.5.x updates, which includes all of the following features, improvements, and updates.

New features

  • Organizational hierarchies are available allowing for permissions to be inherited by child organizations based on an established parent.
  • runZero now identifies the CPE associated with fingerprinted assets and assigns an unofficial CPE where an official match is not found in the NIST database.

Product improvements

  • A new query was added for OpenSSH 9.1 servers affected by a memory double-free vulnerability.
  • Improved SNMP fingerprint coverage capabilities and added new attributes for SNMP protocol version (at the asset level) and authentication details (at the service level).
  • Improved handling of invalid multi-valued subjectAlternativeNames on x.509 certificates.
  • The scanner now supports identifying RDP authentication methods, including legacy and NLA, supported by target hosts.
  • The scanner now supports the ability to decode ISAKMP/IKEv2 replies
  • A new canned query for OpenSSH 9.1 servers which contain a memory double-free vulnerability has been added.
  • Performance of the Active Directory (LDAP), Azure AD, and Google Workspace integrations has been improved.
  • SNMP protocol versions are now tracked at the asset level.
  • SNMP services will now keep track of how they authenticated and using what protocols.
  • Hostname extraction from malformed subjectAlternativeNames on TLS certificates has been improved.
  • Site scopes with subnets ending in /32 (for IPv4) and /128 (for IPv6) are no longer parsed to single IPs and will appear as CIDR entries in the subnets list.
  • Improved error validation UX around email addresses when setting up an email alert channel.
  • Services, Screenshots, and Software inventory pages now include associated site subnet tags.
  • runZero now identifies the CPE associated with fingerprinted assets and assigns an unofficial CPE where an official match is not found in the NIST database

Integration improvements

  • Improved fingerprinting of operating systems imported via the LDAP and VMware integrations.
  • Stability and performance of VMware asset correlation has been improved.
  • VMware assets are now merged across sites.
  • The Intune integration has been improved to better handle Intune API rate limiting.
  • IP addresses reported by CrowdStrike are now considered primary addresses, and will be used for asset correlation.
  • CrowdStrike credentials verification is now separated by service

Bug fixes

  • A bug that could prevent automatic metric calculations from completing has been resolved.
  • A bug that could prevent stale assets from being automatically removed on subsequent task runs has been resolved.
  • Several minor bug fixes and UX improvements have been made to the redesigned task page.
  • A bug that prevented OS fingerprinting and information extraction over RDP has been resolved.
  • A bug preventing users from copying or editing connector and analysis tasks has been resolved.
  • A bug causing new recurring tasks to display an incorrect first run date has been resolved.
  • A bug causing the dashboard asset trends graph tooltips to appear away from the graph has been resolved.
  • A bug causing task page inspection cards to automatically collapse has been resolved.
  • A bug that could result in build-up of frequently recurring tasks has been resolved.
  • A bug that could cause extremely large tasks to remain queued for processing indefinitely has been resolved.
  • A bug that could prevent export of service attribute reports has been resolved.
  • A bug preventing license requirement indicators from being visible on some pages has been resolved.
  • A bug preventing saving of credentials due to bad org-access settings has been resolved.
  • A bug preventing recalculation of the next scheduled run time for a scan has been resolved.
  • A bug that could cause inaccurate asset counts in the Organization Overview report has been resolved.
  • A bug that could cause site import to fail when missing optional fields has been resolved.
  • A bug that could prevent the VMWare connector task page from loading has been resolved.
  • A bug that could cause duplicate MSDefender attributes on an asset has been resolved.
  • A bug where firewalls (and similar devices) responding to many non-asset IP addresses during scanning would lead to unexpected assets in inventory has been resolved.
  • A bug preventing the active scans dashboard widget from navigating to the associated task on click has been resolved.
  • A bug preventing site subnet tags from appearing in the dashboard Asset tags widget has been resolved.
  • A bug that could cause CrowdStrike tasks to fail when missing software permissions has been resolved.
  • A bug that could prevent bogus services from certain firewalls from being completely filtered has been resolved
  • A bug that could lead to a browser crash in the latest release of Chromium based browsers on MacOS has been circumvented.
 

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

How to streamline user permissions with organizational hierarchies

A common challenge for many businesses is efficiently managing user permissions as new solutions are deployed and adopted. How do you ensure that the right people have the right permissions to access the data they need for their jobs? Missteps on provisioning permissions can lead to unauthorized access to data, creating major headaches for IT and security teams. One way around this challenge is to start with solid user and permission management practices that help you assign access to your users, such as role-based access control (RBAC). RBAC is a security approach that authorizes and restricts users’ access based on their roles within an organization. While RBAC is an effective way to manage user access control at scale, you can add extra layers of protection to ensure that the right roles are being assigned. A good example of this would be using hierarchies to propagate the inheritance of permissions. Let’s take a look at how you can use runZero organizations for data segmentation and hierarchies to streamline user permission management.

The role of organizations

Organizations are a powerful feature that allow you to create separate entities for your assets and control what users can do with the organizational data. In runZero, you can use organizations to group and manage asset data, Explorers, tasks, sites, and scan configurations. The flexibility of organizations allows you to segment your data by company, department, customers, or however you like. For example, you might want to set up different organizations for each environment you have – such as development and production – because you want to segment the data. Or if you’re a service provider, you may have an organization for each one of your customers. In some cases, your business may want to set up multiple organizations to manage asset data as well as streamline permissions management. Imagine having to review and assign organizational access for each user. That’s time-consuming and prone to user error. So how can you ensure consistent provisioning of user permissions throughout your organizations?

Introducing organizational hierarchies

runZero 3.6 introduces organizational hierarchies, which enables you to create parent-child relationships between organizations. This approach is based on a top-down permissions distribution model, where the child organizations inherit the permissions configured within the parent organization. The parent organization sets the minimum permission level a user has to that organization and any children. Child organizations with lower permissions than the parent organization will inherit the effective higher permission. For example, if the parent organization has a user’s permissions set to annotator, then the child organizations can be upgraded to user or administrator, but downgraded permissions won’t have any effect. Imagine you have a parent organization called Mom Org that has a child organization called Baby Org. Within Mom Org, a user named Chris has been assigned an administrator role. As a result, Chris can access the Baby Org organization as an administrator. Let’s take a look at how you can set up organizational hierarchies in runZero.

How to set up organizational hierarchies in runZero

To set up an organizational hierarchy, you can either create a new organization or modify an existing one. You can always edit your organizations and assign a new parent (or no parent at all). Here’s how you can assign a parent organization:
  1. Create a new organization or edit an existing organization.
  2. Make sure to provide a name and description for the organization. This information captures context about the organization and the type of data it contains.
  3. Make sure to set any expiration dates for stale assets, offline assets, and scan data. This determines how long these data types are stored by runZero.
  4. Under parent settings:
    • If you want to add the organization under a parent organization, choose an organization to assign as the parent. You can choose a child organization to be a parent as well – runZero supports up to three levels of nesting.
    • If you don’t want to assign a parent to the organization, choose None. You can add child organizations later, if needed.
  5. Save your organization.
After you save your changes, the new hierarchical permissions will take effect. From the Organizations page, you can see how many children each organization has. Additionally, you can view the details page for a specific organization to see the parent hierarchy.

How to view user permissions

To see what a user’s permissions look like, you can view a user’s details to see their role for each organization.
  1. Go to your Users page and click the name of the user whose permissions you want to view.
  2. The user details page shows a table that contains all of the organizations that the user has access to and the role that they are assigned.
If the role is listed in the Assigned role column, then it was explicitly configured for the user. If the role is listed in the Inherited role column, then the permissions were set by the default role or parent organization. The higher level of the two columns will be the effective access that the user has to that organization.

Simplify the complexities of user access management with organizational hierarchies

As your business continues to grow and scale, so does the need for control over complexity. To protect and secure your data, you need to have the right systems and measures in place for effective user access management. Once you have solid RBAC practices in place, you can add extra layers of protection, such as organizational hierarchies, to ensure that the right roles are being propagated to users. Ready to get a stronger handle on user and permission management in runZero? Try out organizational hierarchies today.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About runZero
runZero, a network discovery and asset inventory solution, was founded in 2018 by HD Moore, the creator of Metasploit. HD envisioned a modern active discovery solution that could find and identify everything on a network–without credentials. As a security researcher and penetration tester, he often employed benign ways to get information leaks and piece them together to build device profiles. Eventually, this work led him to leverage applied research and the discovery techniques developed for security and penetration testing to create runZero.

NIST Releases New AI Risk Framework to Combat Emerging Threats from Malicious AI

For most of history, our species has found creative ways to use technology for both bad and good. For example, we can harness nuclear energy to produce vast amounts of clean energy, helping to reduce our reliance on fossil fuels. But we can also use nuclear power to create devastating weapons of mass destruction.

The same is true for many other technologies. Is the internet a way to unite people and revolutionize how we access information? Or is it a tool for cyberbullying, identity theft, and spreading misinformation? Well, it’s both.  

Now it’s AI’s turn to fall to the dark side. AI has the potential to transform industries, revolutionize the way we work, and improve our daily lives. And that’s precisely why it’s generated so much buzz in recent years. However, it’s also caught the attention of cybercriminals intent on using it to create AI malware, AI ransomware, and for a range of other deleterious purposes.

But how exactly are cybercriminals leveraging advanced AI tools like ChatGPT? And what are reputable industry bodies like NIST doing to stop them? Let’s get into it.  

ChatGPT & The State of Malicious AI Today 

Open AI’s ChatGPT has garnered much attention recently, with the tool reaching over one million users in just five days of its launch. But while most people are using the impressive AI for fun or to improve their workflow, cybercriminals are using it for more nefarious purposes, including:  

Phishing and spamming: Bad actors could use ChatGPT to generate convincing phishing emails or messages to lure victims into clicking on malicious links, downloading malware, or providing personal information. It can even help create convincing-sounding emails impersonating high-ranking individuals, like a CEO.  

Malware development: Cybercriminals could use ChatGPT to create more sophisticated malware that can evade detection by traditional security measures. In January 2023, Checkpoint outlined how fledgling and seasoned cybercriminals were using the chatbot to create infostealers and encryption tools.  

Scamming: ChatGPT could create convincing scams, such as investment or romance scams, that could trick victims into sending money or providing sensitive information. 

Automated attacks: Cybercriminals could use ChatGPT to automate brute-force attacks or password cracking, making it easier and faster to breach security systems. 

It’s important to note that OpenAI takes measures to prevent its technology from being used for malicious activities by working with law enforcement and security organizations and implementing ethical guidelines. So, for example, if you explicitly ask, it won’t write malicious code. Still, cybercriminals are finding ways around this. For example, some developers experimenting with ChatGPT found that if you detail the steps of writing the malware instead of giving a direct prompt, the AI will construct the malware for you.  

Perhaps the most dangerous thing about ChatGPT from a cybersecurity perspective is that it allows anyone to be a hacker. Before AI, there were several barriers to entry for becoming a hacker. For example, you would need technical skills like knowledge of computer programming and networking and access to specialized tools and resources, usually obtained on the dark web. But AI is helping bridge these gaps even for people with minimal hacking experience.  

The Rise of AI Malware, AI Ransomware, & Sophisticated Attacks 

While security-conscious companies and security researchers are busy finding new and increasingly advanced ways of safeguarding systems, cybercriminals are busy finding ways to bypass these advancements. It’s a constant game of cat and mouse. And the result? Increasingly sophisticated cyberattacks.  

Cybersecurity researchers have already found evidence of well-known cybercriminal gangs hiring pen testers to help break into company networks. The notorious ransomware gang Conti (who racked up a terrifying $182 million in ransomware payments in 2021) is one such group thought to be reinvesting its earnings into hiring experienced tech professionals.  

A natural next step for cybercriminals will be to hire ML and AL experts to create advanced malware campaigns. Cybercriminals may use AI to automate large portions of the ransomware creation process, allowing for accelerated and more frequent attacks. And then we have true AI malware and AI ransomware. This is where hackers create situationally aware malware that analyzes the target system’s defense mechanisms and quickly learns and mimics everyday system communications to evade detection. 

NIST’s New AI Risk Management Framework 

On January 26, 2023, The National Institute of Standards & Technology (NIST) issued Version 1.0 of its Artificial Intelligence Risk Framework to enable organizations to design and manage trustworthy and responsible AI. But what is this framework all about? 

The AI RMF divides into two parts. The first part frames the risks related to AI and outlines trustworthy AI system characteristics, while the second part describes four specific functions — govern, map, measure, and manage. These four functions are further divided into categories and subcategories and help organizations address AI system risks in practice. In addition, organizations can apply these functions in context-specific use cases and at any stage of the AI life cycle, making them versatile tools.  

Crucially, NIST’s AI Risk Management Framework focuses on changing how we think about AI. It outlines seven characteristics of trustworthy AI, including “Safe” and “Accountable & Transparent,” which are particularly relevant to AI’s use in cybercrime. The “Safe” section emphasizes the importance of designing AI systems that do not cause harm to humans, property, or the environment. Meanwhile, the “Accountable & Transparent” section requires that information and outputs from AI systems be available to all users. This helps prevent cybercriminals from manipulating the AI into providing responses that other users could not elicit. 

Final Thoughts 

The growing use of AI by cybercriminals has led to the emergence of new threats, such as AI ransomware and AI malware. These pose a significant risk to organizations and individuals alike. However, the new NIST AI Risk Management Framework provides a comprehensive approach to addressing these risks. By following its guidelines, organizations can mitigate the threats posed by malicious AI and ensure the development of trustworthy AI systems. As AI technology continues to evolve, organizations must take steps to protect themselves and stay up-to-date with the latest risk management strategies. 

 

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Portnox
Portnox provides simple-to-deploy, operate and maintain network access control, security and visibility solutions. Portnox software can be deployed on-premises, as a cloud-delivered service, or in hybrid mode. It is agentless and vendor-agnostic, allowing organizations to maximize their existing network and cybersecurity investments. Hundreds of enterprises around the world rely on Portnox for network visibility, cybersecurity policy enforcement and regulatory compliance. The company has been recognized for its innovations by Info Security Products Guide, Cyber Security Excellence Awards, IoT Innovator Awards, Computing Security Awards, Best of Interop ITX and Cyber Defense Magazine. Portnox has offices in the U.S., Europe and Asia. For information visit http://www.portnox.com, and follow us on Twitter and LinkedIn.。

New Desktop Experience: Faster, Smoother, Better

Over the past few months, we’ve been working behind the scenes to create a new and exciting browser extension experience that will allow you to enjoy everything that NordPass has to offer without needing to launch the desktop app.

Yes, you read that right. Sounds awesome? Well, take a look at what the new NordPass browser extension experience brings to the table.

Why this release?

For quite some time, you — our users — have been letting us know that you’d really love a standalone NordPass browser extension — a way to manage your passwords, passkeys, payment card information, and personal information straight from the browser, allowing for an even smoother online experience.

A whole lot of Chromebook users were at the forefront of voicing their needs. And we’ve heard you loud and clear — today is the day that you can finally start using the standalone NordPass browser extension on your Chromebook and enjoy everything that NordPass has to offer.

A smoother, simpler experience

Here’s a what the standalone NordPass extension offers:

  • Frictionless online experience with NordPass

    Now you can book trips, shop online, and log in to your social accounts without having to install the NordPass app. Let the standalone extension do the heavy lifting — manage your passwords, passkeys, payment card information, and personal information straight from the browser.

  • Seamless password access on any computer

    The standalone extension provides full access to your passwords, passkeys, credit cards, personal information, and secure notes on any offbeat desktop device, whether it’s your workstation or… Chromebooks (wink, wink, Chromebook users, we knew you would love it).

 

The new NordPass browser extension experience includes all the features that are available on the app. In other words, the standalone extension has it all, without needing to download or install the app on your desktop or laptop.

– Karolis Vanagas

Product owner at NordPass

However, it’s important to note that the NordPass desktop application is not going anywhere. The app remains a part of the NordPass product suite. Check FAQs here.

I already use NordPass, is there anything that I need to do?

So, you might be wondering if there’s anything you’ll need to do once the update rolls out.

Chrome, Edge, Brave, Opera

Well, if you already have NordPass installed on your device and use any of the Chromium-based browsers, simply kick back and relax — there’s nothing that you need to do. The new browser extension will be updated automatically upon its release — and you probably won’t notice a thing.

Support for Firefox and Safari browsers is coming in Q2 of this year!

New to NordPass?

You don’t need to be a rocket scientist to start using NordPass on a desktop device. Just add the standalone extension and you’re all set — no need to download or install the app!

Check out our detailed support guide for getting started with NordPass quickly and easily.

Once you have the new NordPass extension running on your Chrome-based browser, you can start using NordPass to its fullest extent.

If you have any further questions regarding the standalone NordPass extension or NordPass in general, do not hesitate to contact our wonderful support team at support@nordpass.com — they’re ready to take care of any issues you might have. Also, if you have any suggestions or feedback regarding the NordPass browser extension, drop us a message — we’re all ears, at all times.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About NordPass
NordPass is developed by Nord Security, a company leading the global market of cybersecurity products.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Salesforce security best practices for business

Salesforce is the world’s leading Customer Relationship Management solution. With around 150,000 users and a 24 percent market share, Salesforce powers huge sections of the digital economy.

Customers use Salesforce to store customer information, manage leads, and build marketing campaigns. Every day, users of the platform store and handle vast amounts of sensitive data. That’s great for productivity, but it brings one key problem. Customer information is a gold mine for cyber-attackers.

Attackers can steal client data and sell it on the Dark Web. Or they could spy on your internal operations to gain a competitive advantage. Because of this, Salesforce clients should always prioritize data security. But how should you build an effective Salesforce security strategy?

This article explores your Salesforce data security options. Follow our list of Salesforce security best practices, to lock down your customer data and keep it out of malicious hands.

How reliable is Salesforce security?

Salesforce is relatively secure, with plenty of built-in features to protect client data. However, before we look at Salesforce security best practices, it’s important to note that security breaches have happened in the past.

No cloud platform is perfect. As the Hanna Andersson data breach showed, Salesforce is no exception.

Californian clothes retailer Hanna Andersson created a Salesforce instance to store data and handle global sales. Unfortunately, cyber-attackers breached the Salesforce platform, implanting malware on the brand’s apps. For three months in late 2020, data flowed out of the platform for sale on the Dark Web.

This was alarming news, but Salesforce acted to rectify the problems behind the breach. Measures like mandatory Multi-Factor Authentication and SSL encryption plugged existing Salesforce vulnerabilities. Security features now allow users to block malicious actors and counteract phishing attacks.

If you apply the right controls and follow Salesforce best practices, achieving data security should be easy. Let’s explore how to do so in more detail.

Salesforce security basics

The first thing to note regarding Salesforce security is the shared responsibility model.

This model divides responsibility for data security. The Salesforce platform protects hardware, application code, and other infrastructure. But users must protect data in transit, regulate access, and manage audit procedures.

Salesforce offers plenty of basic and enhanced features to achieve these goals. Leverage them all to make data as safe as possible.

Basic salesforce platform features

Here’s the list of in-built basic salesforce security features.

1. Multi-factor authentication

MFA requires more than one identification factor when users log onto Salesforce. This is the gold standard for safe access management. Since February 2022, MFA has been compulsory for all Salesforce accounts.

2. Health Check

Salesforce Health Check is an invaluable tool to understand your security posture. Health Check assesses how your implementation counters major Salesforce vulnerabilities. It assigns a percentage score to users, showing areas of improvement.

The service is free, so use Health Check to mark completed tasks and isolate priority areas for the future.

3. IP range assignment

IP range assignment uses IP ranges to block unauthorized access. Allowed IP addresses could include on-premises workstations, remote devices, and addresses used by your company VPN. Everything else is blocked.

4. Classic encryption

The standard setting on Salesforce applies 128-bit AES encryption. At this level, encrypted data protects against most intrusions but won’t deliver rock-solid data protection. Nevertheless, it’s a good starting point.

Salesforce Shield

Salesforce offers an extra suite of tools called Salesforce Shield. Salesforce Shield is a paid service that gives users the most comprehensive set of controls. IT teams can apply these controls in a way that suits their needs.

Core features of Salesforce Shield include:

1. Enhanced encryption

Shield platform encryption includes flexible data security measures. Admins can apply 256-bit AES encryption to specific apps or even down to the field level. Options also include self-managed encryption keys to customize how you protect critical information.

2. Logging

Event monitoring tools provide total awareness of your Salesforce implementation. Fire up real-time logs to check security processes and track different event types to detect security concerns. Logs provide valuable evidence to show compliance. Combine them with Transaction Security Policies to block sensitive data from leaving the Salesforce platform.

3. Field audit trail

The Field Audit Trail strengthens awareness and data security. Create forensic trails to map the history of data. Track custom objects through the platform, and retain different data sets for analysis.

Salesforce security best practices for businesses

How should users apply these security features? A quick list of Salesforce security best practices should supply the answers.

1. Manage secure access with Multi-Factor Authentication

Salesforce requires MFA for all users, but there are various possible authentication methods. It is important to find a multi-factor authentication system that suits your workforce.

A poor MFA choice will cause friction and dent productivity, and it could also make authentication procedures less secure. Here are the main options to choose from:

  • The Salesforce Authenticator app sends push notifications to mobile devices. This includes a one-time code that users enter alongside standard passwords and Account IDs.

  • Third-party authentication apps include OATH-based apps like Google Authenticator, Microsoft Authenticator, and Authy.

  • Hardware keys or security token devices use certified authentication standards to deliver one-time codes for every login. Salesforce supports industry leaders like YubiKey and Google Titan.

  • Authenticators built-into smartphones. This could include Apple’s Touch ID or Face ID. These options are easy to use, but may not be as secure as specialist authentication tools.

Companies with large mobile workforces will benefit from app-based authentication. But hardware keys are preferable for protecting admin-level accounts. The important thing is to find a multi-factor authentication method that blends user experience and flexible security.

2. Apply smart user privilege management

Assigning user privileges is a core challenge for Salesforce end users. Setting restrictive permissions limits the harm caused by security concerns like credential theft attacks.

IT teams control basic privileges via Salesforce user profiles. As a rule, set tight permissions that cover the resources employees need and nothing more. And minimize the number of users with admin privileges. Phishing attacks on over-privileged accounts are a common cause of data loss.

Privileges management on Salesforce goes further than account privileges. Flexible permission sets allow you to create temporary permissions for users. Security teams can create logical groups of users for short-term projects. This could include marketing campaigns where users need extended access to lead data, but only for a brief window of time.

The data security model is a good way to plan privileges management. This divides the Salesforce environment into three levels: organization, object, and field. Map privileges to the right level and assign the right access level for every role.

  • Organization level – The broadest security level. Admins can control organization-level access by authorized IP ranges or use Shield controls to block unauthenticated users.

  • Object level – Refers to application or domain access. At this level, admins create detailed profiles to apply privileges. Assign app access or block resources if required. Try to assign the access users need, but no more.

  • Field level – Admins can provide access to specific database fields. Assign read and write permissions, allow deletion and record creation, and determine export policies to keep confidential data in place.

3. Make Health Check part of your Salesforce routine

One of the most important security best practices is knowing how to use the platform’s native features to your advantage. This makes Salesforce Health Check your best friend when securing customer data.

Health Check provides a baseline to inform your security strategy and detect security vulnerabilities. The assessment tool provides a security score along with recommended tasks to improve your rating. You can also customize Health Check to suit your unique Salesforce implementation and business needs.

Use Health Check whenever you add new objects or apps to your Salesforce environment. The audit tool immediately highlights areas of concern, allowing you to refine your security posture accordingly.

4. Schedule regular Salesforce backups

It’s always a security best practice to plan for the worst. Every Salesforce implementation should have a disaster recovery plan. This includes scheduling backups to restore critical data and restart operations.

Backups should include raw customer data stored on your platform. But to ensure smooth resumption, companies also have to export metadata safely.

Salesforce provides both raw data and metadata storage, but on a limited scale. Consider third-party backup specialists to guarantee accurate and timely data restoration.

5. Have a plan to contain DevOps threats

Salesforce apps have several critical vulnerabilities that attackers can exploit. For instance, DevOps teams need to be aware of:

  • Cross-Site Scripting (XSS) – XSS exploits affect dynamic web interfaces such as customer payment portals.

  • Cross-Site Request Forgery (CSRF) – CSRF exploits create compromised web pages that persuade users to carry out risky actions. As with XSS, attackers can use this method to compromise Salesforce databases and steal confidential data.

  • SOQL Injection – Attackers inject malicious queries into database fields. This can allow free access to customer data if portals are poorly secured.

There are mitigation strategies for all of these attacks. A security best practice is to use Salesforce’s sandboxing tools.

Sandboxes let you quarantine suspicious code. Mirrored versions of development environments allow security teams to test code and remove vulnerabilities. That way, you can counter exploits before they take down your CRM system.

Salesforce secure access with NordLayer

There are plenty of ways to protect data with Salesforce security best practices. MFA protects against unauthorized entry. Encryption makes data unreadable to outsiders. Privileges management keeps confidential data off-limits to most users. And sandboxing lets you handle threats safely.

Following the best practices listed above is a good start. But you can harden your security setup by combining Salesforce’s native tools with NordLayer’s third-party security solutions.

For instance, our access management tools make it easier to screen potential threats and admit authenticated users. Single Sign On brings your cloud assets together and makes password management simpler.

IP address whitelisting lets you approve NordLayer users while blocking everything else. There will be no way for malicious attackers to spoof authorized users. Your Salesforce implementation will also benefit from Nordlayer’s enterprise-wide security controls.

Applying security best practices with NordLayer’s help is the best route to a robust Salesforce security posture. To find out more, contact our team today.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Small business cybersecurity: the importance of proactive safety measures

Small businesses are on the front line of cybersecurity. At any moment, cyberattacks could extract confidential data, damage network infrastructure, or even cause total business failure.

The risks are real. According to Verizon, 60% of small businesses that suffer cyber attacks go out of business within 6 months. Healthcare company Wood Ranch Medical is a great example. The small operator was bankrupted by a 2019 ransomware attack that prevented access to sensitive patient records.

Despite cases like Wood Ranch Medical, most small businesses fail to allocate enough time and resources to counter cyber-threats.

Don’t fall into that trap. Instead, follow this guide to implement robust cybersecurity measures. With our help, you can counter the most dangerous cyber threats faced by SMBs. Let’s find out more.

Understanding the threat landscape for SMBs

The first thing to understand is that small businesses face a diverse range of cyber threats. Any one of them could ruin your reputation and lead to regulatory fines.

Attackers can lurk for months and monitor traffic. They can steal sensitive client data or lock it away until victims pay a ransom. Or they could cause technical damage, ruining network infrastructure.

SMBs can’t afford these consequences. But how do you handle critical cybersecurity threats?

 

Prevention starts from awareness of the most common threats and how they fit into cybersecurity for small businesses.

Types of cyber attacks

Here’s a list of the most common types of online threats.

All of them threaten small businesses.

1. Phishing

Phishers use social engineering techniques to fool small business employees. With a few pieces of information, attackers can easily convince time-poor workers to make dangerous decisions. This might involve emails pretending to come from colleagues or trusted third parties. The links in these emails lead to malicious sites or initiate malware downloads.

2. Ransomware

Ransomware locks down high-value data and demands a ransom from targets. If attackers control these targets, they can demand a high price to restore access. And small businesses are not always able to pay.

3. Spyware

Spyware tracks data flowing through network assets and sends this information to controllers outside the targeted organization. Some spyware is legitimate. For instance, advertisers sometimes use it to deliver targeted ads. But the majority of spyware is malicious and linked to data extraction.

4. Viruses

Viruses spread between devices and their effects range from relatively light disruption to complete system failure. Some viruses remain dormant for long periods. Others set to work immediately. In all cases, small businesses need updated and effective antivirus software to defend their perimeter.

5. Malware

Malware extends beyond ransomware and spyware. For example, businesses might encounter trojans or worms that stay below the radar until activated. Bots are also common. These agents latch onto devices and create “swarms” to launch wide-scale attacks.

6. Man-in-the-middle attacks

Man-in-the-middle attacks target insecure wifi connections. Attackers can intervene between remote access workers and the corporate network. If the connection is unencrypted, hackers can harvest information from corporate network traffic and steal confidential data.

7. SQL injection

SQL injection uses SQL code to request access to valuable databases. This generally occurs via web forms connected to SQL databases. For small businesses, this could include employee gateways or payment forms. Securing web assets is absolutely essential.

8. DDoS attacks

Distributed denial-of-service attacks involve botnets featuring hundreds or thousands of agents. Botnets direct massive amounts of traffic at their target with the aim of overwhelming networks. Larger organizations may have the resources to absorb DDoS floods. But with attacks averaging 5.17 Gbps, small business websites can easily fold under the pressure.

9. Zero-day exploits

Zero-day exploits target recently documented software vulnerabilities. In these situations, vendors probably haven’t developed patches, exposing users to opportunist attackers. Small businesses rely on anti-virus, communications, and data management tools in everyday work. But any of these tools can become vulnerable overnight.

10. DNS tunneling

DNS tunneling injects malicious code into networks via DNS queries. This allows hackers to seize control of local DNS servers. When that happens, a small business can lose control of its website and network assets. DNS tunneling exploits insecure firewalls, but SMBs often retain legacy firewall products. That’s a bad idea when successful attacks can ruin reputations in seconds.

11. XSS attacks

XSS (or Cross Site Scripting) injects malicious code via web applications and browser-side scripts. XSS attacks allow attackers to change website designs, adding undesirable content. They can launch malicious software, infecting business networks and customer devices. It allows hackers to spoof legitimate identities by hijacking cookies. All of that is bad news for SMBs.

Cybersecurity best practices for small businesses

Small businesses need cybersecurity strategies that deal with critical threats. But how can you implement an effective strategy with a small business budget?

SMBs lack the resources of corporations. But cybersecurity for small businesses must still protect sensitive data and network resources. Here are some best practices to follow that balance cost and efficiency.

1. Implement a strong password policy

Employees should only use strong passwords to log into your company network. Weak passwords are easy to guess or brute force. This makes mounting attacks much simpler.

Require employees to use 10-15 character passwords. Demand a mixture of upper and lower case letters, numbers, and symbols. Enterprise-wide password management tools can help. They make storing and changing passwords easier, eliminating much of the risk of human error.

Combining password hygiene with anti-virus software and firewall protection is also good practice. That way, you can filter potential threats and authenticate users effectively.

2. Schedule regular backups

Cyber-attacks can lead to the deletion of data or system failures that compromise important workflows. This makes it vital to back up high-priority data regularly. Use secure cloud services or external locations away from your core network.

3. Train employees in cybersecurity basics

Digital cybersecurity controls rely upon human knowledge and behavior. The way employees act when encountering cyber threats is a crucial part of a small business security setup. That’s why it’s vital to focus on what is known as the human firewall.

Strengthen the human firewall by training employees to spot phishing emails and malicious links. They must know the company password and access management policies. Remote workers should also understand how to connect securely, as well as the risks of using an insecure public wi-fi network.

4. Use threat prevention measures to reduce cyber attack risks

Minimize cyber security risks by adding antivirus software and malware scanning tools to your network traffic. Use VPNs to encrypt data and anonymize user IP addresses. Create allowlists to screen user identities, admitting only authorized addresses.

Take action to secure your local network as well. You may need to upgrade your wifi network from WEP to WPA2. Check that your router SSID is anonymized and consider upgrading your firewall to add features like Deep Packet Inspection.

5. Implement protection for sensitive information

Encrypt high-value data like personnel records and customer financial information. If you rely on SaaS or PaaS tools, use any cloud data protection tools provided by your Cloud Service Provider.

Use privileges management to limit freedom within network boundaries. Confidential data should only be available to users who need it in their working tasks. That way, when a data breach occurs, attackers will struggle to access and extract data.

Minimize the number of users with administrative privileges. Avoid giving single users the power to make fundamental network changes.

Consider using Data Loss Prevention tools as well. These tools track the location and state of important data. They block data transfers to unauthorized devices and log potentially dangerous access requests. If you handle high-risk, high-value data, DLP could be a sound investment.

6. Create an Incident Response Plan

Small businesses must prepare for cybersecurity incidents. Aim to restore normal working conditions as soon as possible while protecting data and neutralizing active threats.

Carry out a risk assessment for the threats detailed above. Include an assessment of where critical data resides. Assign an individual with the responsibility to protect important data. And connect every resource with risk-reduction strategies.

Create a recovery plan for all critical assets. This should include security scans to identify any malware or virus infections. Document access requests during the security alerts and determine whether data loss has occurred.

SMBs need to be ready to act as soon as possible when cybersecurity issues arise. Be proactive and make sure everyone is aware of incident response procedures.

7. Focus on secure remote access

Many small businesses allow employees to work from home. Sales representatives may also travel widely but require access to central resources. In both cases, remote access creates cybersecurity risks.

Require strong passwords and MFA for remote connections. Consider requiring employees to use an approved VPN service when working from home. Staff may store confidential information on smartphones, creating additional risk. Enforce strict data protection policies for mobile devices.

Make sure your cyber security tools cover both on-premises and cloud resources. Remote workers can bypass central network routers if they connect to SaaS apps. This can create security gaps and compromise visibility.

8. Manage third parties securely

Small businesses rely on third-party vendors, but partners can act as vectors for cyber attackers. For example, CRM providers may not encrypt data securely, putting client data at risk. Virus checkers or low-quality VPNs may transmit spyware.

Check all third parties and ensure they have rock-solid security policies. Trust nobody, and always ask for security assurances if you aren’t sure.

9. Enable 2FA or MFA

Small companies need to secure the network edge with robust authentication procedures. 2-factor authentication or multi-factor authentication are the best options here. These tools request multiple identification factors whenever users connect to network assets. This makes it far harder to obtain access illegitimately.

If MFA is too burdensome for employees, consider using it only for administrator accounts. Or try user-friendly 2FA procedures such as fingerprint scanning. Balance user experience and security. But always go beyond simple password protection.

Ensure your company’s sensitive information is protected

Data protection is the most important cybersecurity goal for small businesses. Data losses lead to huge reputational damage and regulatory penalties. It’s critically important to secure data and show evidence that confidential information is protected. Basic data protection measures include:

  • Encrypting important databases

  • Filtering access with privileges management

  • Strengthening malware and firewall protection.

  • Using Data Loss Prevention tools

  • Educating employees about data security policies.

Beyond those actions, it’s also a good idea to check your data security posture. The Cybersecurity & Infrastructure Security Agency (CISA) provides a free “cyber hygiene” check. This is a good starting point. It should help you find vulnerabilities and identify areas of improvement.

Penetration testing also mimics the activities of hackers, providing a good measure of your data security setup. Robust testing will dramatically reduce the risk of data breaches in the future.

Cybersecurity checklist for small businesses

Small businesses should have a comprehensive cybersecurity plan that guides their efforts.

Follow this checklist to make sure you include the right security measures:

  1. Data protection – Apply encryption, DLP, and privileges management. Prioritize high-value data.

  2. Threat reduction – Put in place virus and malware scanning, and firewall protection.

  3. Incident response – Ensure rapid restoration of critical assets with full security checks.

  4. Backups – Regularly back up important data. Use secure cloud or external storage solutions.

  5. 2FA or Multi-Factor Authentication – Apply robust authentication to ensure legitimate access.

  6. Education – Provide full security training for all employees with a focus on phishing risks.

  7. Remote access – Ensure safe, user-friendly remote access. Enforce strong mobile device security.

  8. Strong passwords – Use strong, regularly changed passwords. Install password management tools to automate procedures.

How can NordLayer help?

Nordlayer is the ideal partner to help small businesses secure their data. We offer a variety of solutions to strengthen network defenses and manage employee identities.

Device Posture Checks make working from home safer. Nordlayer’s systems assess every device connection. If devices fail to meet security rules, posture checks deny access. Users will instantly know about access requests from unknown or compromised devices.

IP allowlisting lets you exclude unauthorized addresses at the network edge. IAM solutions use multifactor authentication and Single Sign On to admit verified identities. Virtual Private Gateways anonymize and encrypt data, adding more remote access protection. And our Cloud VPN services lock down hard-to-secure cloud assets that small businesses rely on.

Nordlayer makes achieving compliance goals easier and provides a safer customer experience. To find out more, get in touch with our sales team today.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Nord Security
The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

About NordLayer
NordLayer is an adaptive network access security solution for modern businesses – from the world’s most trusted cybersecurity brand, Nord Security.

The web has become a chaotic space where safety and trust have been compromised by cybercrime and data protection issues. Therefore, our team has a global mission to shape a more trusted and peaceful online future for people everywhere.

Podcast: How important is a backup?

In this podcast Keepit’s Paul Robichaux and podcast host Thomas Stensitzki talk about the principle of “shared responsibility” between SaaS vendors like Microsoft, Google and Salesforce, and their customers. The two discuss how to protect cloud data and ensure business continuity. And they also touch on the differences in data regulations for businesses operating in the EU and USA.

And don’t worry: Although the brief introduction is in German, the rest of the podcast is in English.

Podcast featuring Keepit’s own Paul Robichaux

Paul Robichaux is Senior Director of Product Management at Keepit and a Microsoft MVP (Most Valuable Professional) – a title he has been awarded every year since 2003. Paul has worked in IT since 1978 and held a number of CTO and senior product development positions in the software industry. Paul is a prolific contributor to the Microsoft community: He is the author of an impressive amount of books and articles about Microsoft technologies, including the best-selling Office 365 for IT Pros, a contributing editor for Practical 365, and produces a continuous stream of videos, podcasts, and webinars.  He is based in Alabama, USA. Find Paul on LinkedIn and Twitter.

To hear the full podcast on Thomas’ Tech & Community Talk click here

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Keepit
At Keepit, we believe in a digital future where all software is delivered as a service. Keepit’s mission is to protect data in the cloud Keepit is a software company specializing in Cloud-to-Cloud data backup and recovery. Deriving from +20 year experience in building best-in-class data protection and hosting services, Keepit is pioneering the way to secure and protect cloud data at scale.