Tag Archives: cybersecurity

Keep Your Network Secure Against Cyber Attack

Late last year, as well as more recently, two major cyber attacks occurred–one at SolarWinds via their software platform in December of 2020, and one at Colonial Pipeline just this month. These attacks are even more serious than one performed by a lone attacker, and signal how vulnerable networks can be. Not only do businesses need to use tools to protect their own computer networks, but to share information with other companies. Read on to learn how your company can protect itself against cyber attacks.

 

Recent Cyber Attacks a Wake-up Call 

 

Last December, IT management company SolarWinds was attacked by hackers who inserted malicious code in what seemed a normal software update. What’s ironic is that the very platform used to monitor threats, was the one targeted. The bad code allowed the perpetrators to hack numerous government agencies and private companies, possibly stealing untold amounts of data. The company’s platform  was used in this sophisticated attack, and the software update was downloaded by some 300,000 users. Through the download, the perpetrator was able to penetrate deep into companies’ and agencies’ networks. More recently, Colonial Pipeline was targeted in a potential attack on electrical supply to the East Coast via the gas pipeline. While investigations are still underway in each incident, foreign state actors are thought to be responsible. Both these attacks show how vulnerable companies can be. Could there have been a way to prevent the attacks, to see them coming? In spite of all the precautions companies take to shield their networks, cyberattacks seem almost inevitable. 

 

Ways to Protect Your Company Against Ransomware

 

Of course, companies should continue doing things like remote network monitoring, maintaining current anti-virus and anti-malware definitions and training their staff to recognize possible attacks. Commonly hackers try to get into a system by phishing–trying to trick the recipient of an email into clicking a link, providing the attacker a way in. Employees need to be trained to recognize a phishing email by telltale signs (spelling errors in the email) and to inform a supervisor about the email. Yet there’s another step to take. This involves people–sharing information with other companies about attacks and threats of attacks. Commonly and unfortunately, there is a stigma to experiencing a cyber attack; a company doesn’t want to be considered weak. But think how much stronger companies could be when they depend on each other to be aware of new threats, and can band together against cyber crime. Along with this practice, a company can continue educating their staff to recognize phishing attacks and to be careful with passwords (making them difficult to guess, and changing them frequently). Every device connected to the network needs to be monitored, and ones suspected of being attacked, quarantined (disconnected) to keep the network secure.

 

Tools and technology like malware protection and network monitoring should always be a part of your cybersecurity plan. People can also play a role, by reporting possible attacks and sharing information. To learn more about refining your strategy for network security, contact us today.

Role of Your Employees in Cybersecurity

It’s sometimes thought that employees can be a “weak link” in your cybersecurity plan. This need not be so. Rather, your employees–when well-trained in cybersecurity policies and practices–can be your greatest asset. Reason to learn about training your employees in keeping your network safe.

 

Assess Cybersecurity Knowledge

 

Employees can be the most important line of defense against cyber attacks, when aware and well trained. Do your workers know your company’s cybersecurity policies? Do they know and implement best practices with passwords, like having unique credentials that are changed regularly. Also, you can make sure they are up on the most current cyber threats like malware and phishing attempts, and know what to do when faced with a possible attack. For example, do they know what to do when they get an email designed to look like it’s from their supervisor? Training sessions could be done routinely via video-conferencing on an ongoing basis for remote workers.

 

Security Considerations for Remote Work

 

For nearly a year, remote work has become the rule. According to an article from CompTIA, remote workers may not be prepared for increased responsibility for the safety of their devices. Are the devices connected to your company’s network checked and sanitized to ensure malware can’t get in? Do they have the most current antivirus and anti-malware definitions? Another issue to consider is physical security. Do your workers know to do simple things like log off when leaving the computer? Will they have a workspace where phone and video-conferencing communications can’t be overheard? These are just some of the topics to discuss with your staff to keep your network safe. The more devices connected to the network, the more chances there are for cyber attack. Having workers know what to do to prevent or mitigate an attack is essential.

 

Instead of employees being cybersecurity liabilities, they can be your greatest assets. For assistance in training your staff to be your best line of defense against attack, contact us today.

Technology Planning and Budgeting for 2021

There’s no doubt, 2020 has been a period of massive change. The pandemic has forced businesses to change the way they do business–for example, more staff are working remotely than ever before. Read on to learn more about what to consider when planning your technology budget for the new year.

 

Consider Business Objectives First

In 2021, according to a CompTIA report, business technology spending is expected to grow by 4.2% in 2021 reaching over 5 trillion for the first time. Cloud is expected to be significant, showing up again as a trend after being out of the spotlight in 2020. Companies are expected to use the cloud as well as emerging technologies in the coming year to drive digital transformation, support work-from-anywhere requirements and improve communications and collaboration between employees, customers and the supply chain. Technologies like the Internet of Things (IoT) and artificial intelligence (AI) are expected to be embedded in business applications–for example, improving inventory control or for data processing operations.

 

When considering your tech spending, consider how technology can help reach business goals. Are you expecting remote work to continue, or even to hire more remote workers? Perhaps consider allocating more of your budget to cybersecurity and skills training. One thing to consider is the strength of your network, and whether you need more bandwidth or to focus on network security. 

 

Cybersecurity Still a Constant

With remote work now common, the security perimeter has changed. Instead of being in the office, it is now wherever anyone is accessing the network. A new paradigm has emerged wherein access to networks needs to be more specific, and where threats are possible within the perimeter. More resources may need to go to keeping data secure, including training employees to do so. What’s more, regulation of the tech industry will be in the spotlight, with enforcement of regulations for handling user data. Whatever your business prioritizes, flexibility and resilience–the ability to build an adaptable architecture and to withstand disruptions from many directions–will be necessary in digital transformation.

 

While 2020 has brought about many changes, it has also brought opportunities to move forward in using technology for business advantage. For help in charting your company’s technology course, contact us today.

Trends in Cybersecurity in 2020

This extraordinary year, with its rapid shift toward remote work force, has brought about changes in the cybersecurity landscape. With the security perimeter widened by use of devices outside the office, businesses are using the cloud more than before. According to a recent CompTIA research report on the state of cybersecurity, 60% of respondents were taking a more formal approach to risk management and threat intelligence; however, there’s always room for growth. Read on to learn how 2020 events have changed approaches toward cybersecurity. 

 

Acceleration of Cloud Computing

 

One trend in the report is the acceleration of the use of cloud computing. With so many employees working remotely, companies have, at the very least, sent their employees home to work and hurrying to secure day-to-day operations. With this increased use of cloud computing, keeping an eye on the threat landscape is still vital. Cyber attacks have increased, including “phishing,” and are now considered inevitable. The question is how companies will respond. 

 

Cybersecurity the Responsibility of the Entire Organization

Cybersecurity is no longer merely the responsibility of the IT department. From the newest employee to the board of directors, everyone has a responsibility to help protect data and systems. The executives and board can map out the plan for cybersecurity, beginning with assessing current risks to data and systems. Every employee can be trained in how to handle cyber attacks, and how to prevent them from occurring. Upper management can set the tone, creating a culture of cybersecurity.

 

Formalization of Cybersecurity Practices

 

Along with the increased momentum of cybersecurity adoption, the approach is becoming formalized. According to the CompTIA survey, the majority of companies have taken a more formal approach toward cybersecurity, adopting metrics to measure how well they’re doing. The process starts with risk assessment and management by directors and executives. What security pitfalls might come with remote work? How secure are a company’s data and systems? Formalization of practices also includes measuring and monitoring security efforts that are tied to business objectives. Such metrics might include how many systems have current operating systems, or what percent of employees have been trained in avoiding phishing schemes. 

 

While some aspects of cybersecurity (like an ever-evolving threat landscape) are the same, many businesses are changing their approach to cybersecurity. For help in evaluating your company’s approach, contact us today.

Cybersecurity in Challenging Times

In these unprecedented times, we spend more time than ever on various devices, using them both for work and recreation. As in other difficult times, heroes rise to the occasion. However, so do bad actors, seeking to take advantage of the situation. Read on to learn more about protecting yourself from cyber attacks.

Hazards to Watch For

Cyberattacks are on the rise these days, with bad actors looking to take advantage of the situation, playing both on people’s fears, and their desire to help others. As ever, though, we can protect ourselves using tools along with caution and common sense. Social engineering schemes, including phishing attacks, are used to gain confidential information from unwitting victims or to install malware on their devices. For instance, a person might receive emails that look like ones from credible organizations, and these emails capitalize on fears of COVID-19. Cybercriminals might use “spoofing” as a tactic, making an email seem like it’s from someone you know. It might contain an urgent appeal to buy items for a relative because the “sender” is in quarantine. Other possibilities are ads for items like masks or stories about vaccines and cures for COVID-19. 

Keep Your Network and Your Employees Secure

Many businesses now have employees working remotely, accessing the business’ computer network. The first tool that can help keep the network secure is a virtual private network (VPN) that workers can use to safely access files and applications. Other tools that should be part of the arsenal are current antivirus and anti-malware definitions. Remind workers of common-sense precautions like not clicking on links or attachments. If they receive a strange email that appears to be from a supervisor or coworker, they can call to find out if the email is genuine. If it isn’t, they need to report and delete the email. They can point the mouse arrow over the URL to see if that looks suspicious, and refrain from responding to the email. Just being aware that cyber attacks are on the rise can help workers keep their guard up. An option to test workers’ knowledge of phishing attacks is staging a mock attack to learn which people respond, and in what way.

A great writer said that people need to be reminded rather than instructed, and this can apply to cybersecurity. To learn more about how to keep your network and your employees safe, contact your trusted technology advisor today. 

Getting Your Business Ready for 2020 Information Technology Trends

Last year at this time, it was predicted that technologies like 5G and Internet of Things would be developing trends. This is still true.  According to a survey by CompTIA, the global tech industry is set to grow at a rate of 3.7%, reaching $5.2 trillion. The United States technology market accounts for nearly a third of that, with an expenditure of $1.7 trillion expected in 2020. Read on to learn more about business’ approach to the adoption of these new technologies.

New Technologies Making Inroads in 2020

While technologies of infrastructure and software development (Internet of Things and Artificial Intelligence, respectively) will continue to gain ground, for many businesses they are secondary to the infrastructure and software development that already exist. Some other emerging technologies mentioned by CompTIA include software development (Software as a Service, for instance) and big data analytics. These technologies that are coming to the fore may drive revenue growth, once they are integrated with already-present technology to create innovative solutions.

The Four Pillars of Information Technology

According to an IDC survey, companies plan to orient their technology spending to four “pillars” of information technology: software development, cybersecurity, data, and infrastructure. Of the companies surveyed, 57% plan to focus on software development. With the infrastructure already in place, along with the users and connectivity being available, U.S. companies can focus on developing the software and services supported by this foundation. Cybersecurity follows close behind, with 51% of surveyed companies focusing on expanding their defenses against cyberattack and establishing internal processes and policies to keep their operations secure. A portion of companies (47%) will choose to focus on data, especially predictive analytics and database administration, springboards from which they can analyze the data already available. Lastly, in terms of infrastructure, cloud computing will play an important role, not as an emerging technology but one that can contribute to a company’s IT architecture (including networks and storage) and connected to infrastructure that already exists.

Cybersecurity is Still A Key Consideration

With all these new developments, cybersecurity is still an issue to be addressed. With numerous devices connected to the Internet, in the case of IoT, and more and more data from these connections, cybersecurity will still be crucial.  According to the survey, the most prominent area in the cybersecurity pillar will be the gathering and analysis of cybersecurity analytics, helping to give a business a picture of how secure its network is and possibly how ready a company is to adopt emerging technologies.

For an evaluation of your company’s readiness for 2020 technology trends, contact your trusted technology advisor today. 

October is Cybersecurity Awareness Month: Be Aware and Prepared

October is National Cybersecurity Awareness month, a “collaborative effort between government and industry to raise awareness about the importance of cybersecurity, and to ensure all businesses have the resources to be safer and more secure online.” This year, according to the US Department of Homeland Security, the emphasis is on a proactive approach. Read on to learn more about various aspects of cybersecurity.

Develop Awareness of Current Security Threats

The more technology advances and expands, the more places an attack can occur. Cybercriminals are growing more clever and resourceful, and know how to insert malware, or a bot that can mimic human activity. There are also phishing schemes, wherein an attacker can send an email persuading an unwitting employee to share confidential data. Weak spots in a network are subject to exploitation as well. Many companies, according to CompTIA, think that security is “good enough,” and haven’t yet dedicated much of their budget to maintaining cybersecurity. However, your business doesn’t have to be one of them. There are steps you can take, starting with an assessment of your network’s security.

Take an Inventory of Current Protections

What is your current level of security? Take stock of your business’s protection, starting with the computer network. Are there any weak spots or vulnerabilities needing to be patched? Make sure that you have the most current operating system patches. Also ensure that your antivirus and anti-malware definitions are current, to block attackers from infiltrating your system. Map all devices connected to your network, including ones operated by staff working remotely to make sure that those points are safe. Do your employees know the best practices for keeping safe while working online?

Make Employees Your Most Important Asset

Not only should devices be secured from unauthorized access, your employees should know—and practice—skills that will keep them and you safe from cyberattack. Phishing schemes are designed to persuade unwitting individuals to provide confidential data to attackers. Train them to know what a phishing attack looks like; clues include misspellings in the heading as well as an urgent “call to action.” Other solid practices include establishing strong passwords as well as changing them regularly. Multi-factor authorization (where the user enters information that only they know) can provide an additional layer of protection. Emphasize to your staff that protecting themselves also protects your business.

As technology evolves, cybercriminals will keep pace in exploiting it. To learn more about how to keep your network safe and healthy, contact your trusted technology advisor today.

Protect Your Business Through Cybersecurity Awareness

October is Cybersecurity Awareness month and knowing this can serve as a wake-up call to protect your company’s data, networks and systems from internal and external hazards. Read on to learn more about protecting your business.

Cybersecurity—An Overview 

The overall goal of cybersecurity is protecting a business’ computer systems from attacks and intrusions, and your data safe from loss or compromise, preserving your business’ revenue and reputation. While natural disasters are always a factor–and preparing for them is a piece of the IT security puzzle—manmade hazards like viruses and malware are just as important to guard against Cyberattack. Not only that, phishing attempts—emails designed to get an unwitting recipient to supply private information—are a common threat. Fortunately, plenty of protections are available to help safeguard your business’ technological assets.

Tools Can Help Keep Your Business Secure

Many resources are there to help you protect your business and its network. Antivirus and anti-malware definitions, kept up to date, can guard your system against the newest threats. Operating system patches can protect weak spots in your system and should also be as current as possible. Network monitoring helps keep track of possible intrusions as well as bottlenecks that slow down data transmission. Last, but not least, your staff can be a key part of your strategy, if they are trained to recognize potential hazards.

Enlist Your Employees in Fighting Cyber Attacks

Your human resources have the potential to be a resource in maintaining the information security of your business. If well trained, in what to recognize and how to report it, your employees can protect you from an attack. Impress upon them the benefits of having a secure network; that it keeps their work running smoothly instead of experiencing downtime.

Many tools are available to keep your business’ network safe from cyberattack, and your staff also plays a key role in your cybersecurity strategy. To learn more and to develop or refine your plan, contact your trusted technology advisor today. 

Cybersecurity is Everybody’s Business

Cyber SecurityIt is no surprise, technology flattens the world for many businesses. What’s more, nearly every business sector finds it necessary to collect, maintain, analyze, and monetize user data. Many think Cybersecurity risks only apply to highly regulated industries, such as legal, healthcare and financial services.

Cybersecurity Risks Go Beyond Borders

Factors outside industry, including geographic considerations and sensitive consumer data, can create cybersecurity risks that need to be managed. These factors run the gamut of domestic and international laws, regulatory bodies, and private-party business agreements. Cybersecurity compliance can touch every business to some degree.

Internet of Things (IoT) and Cybersecurity

Adding to the list of concerns are non-traditional technologies entering your businesses network. IP-enabled technology called Internet of Things (IoT) is rapidly being adopted in the workplace.  The Cybersecurity threat is moving beyond desktops, laptops and services. A new generation of mobile devices–Point of Sale (POS), IP video surveillance, embedded sensors, VoIP, and others–is just the first wave of emerging technologies that need to be secured.

How to Minimize Cybersecurity Risks

There are many things a business can do to reduce Cybersecurity threats. According to the Computing Technology Industry Association (CompTIA), the following elements are the building blocks for a cybersecurity program:

  • Documented policies, procedures & standards

  • Asset management

  • Identity & access controls

  • Risk management

  • Vendor management

  • Physical & environmental security

  • Compliance

  • Privacy

  • Remote access

  • Data backups

  • Data destruction

Cybersecurity threats are a reality of today’s world. The risks of data compromise and/or loss can cost more than dollars; such risks can cost your reputation. Your business is only as secure as your Network. If you have questions about your business needs, ask your technology advisor about how to manage Cybersecurity threats to your business.

Findings Link Network Security to Human Error

Network SecurityHow secure is your network? A recent study by CompTIA links human error as the primary cause of security breaches. In fact, human error is at fault 58 percent of the time, as compared to technology error occurring 42 percent of the time. This survey of over 1500 business and technology executives points to the need to teach staff the importance of Network Security.

Continue reading Findings Link Network Security to Human Error