Category

Security

data protection - IT security services

TECH TALK: 3 Steps to Developing an Effective Cybersecurity Strategy

By | Data Protection, Security

Has the task of developing an effective cybersecurity strategy landed on your To-Do list? As the average worldwide cost of a data breach is estimated as $3.92 million (from The Cost of a Data Breach Report for by Ponemon Institute), it’s an important responsibility for all organizations that manage digital data. A cybersecurity strategy can be defined as a set of policies that outline your organization’s plan for mitigating the cyber risks to its assets. The key then to creating an effective strategy is aligning the plan to the specific needs of your organization. You can scour the Internet for a model to use for your organization’s strategy, but know that for it to be effective, you’re going to have to make it very personal to your organization. How do you do that?

Here are three basic steps:

1: Define Your Threats

2: Inventory Your Assets

3: Outline Your Protection Measures

 

1: Define Your Threats

The first step of developing a successful cybersecurity strategy is to identify the threats to your organization. If you’re not sure what the threats are, consider the general threats to all businesses, threats common to your industry, and the threats that are currently gaining momentum.

  • General Cyber Threats to Your Business

The technology company Cisco acknowledges the following six types of cyberattacks:

Malware

Malware, formally known as malicious software, refers to a group of computer software that cybercriminals design to gain access to a system and cause havoc, usually in the form of damaging or disabling the system. The most common types of malware are adware, ransomware, viruses, worms, and spyware.

Phishing

Cybercriminals use phishing attacks to obtain sensitive data such as social security numbers, credit card numbers, and passwords. This type of attack occurs via email or any other means of digital communication.

Man-in-the-Middle (MitM)

Just as it sounds, a MitM attack occurs when a cybercriminal gets in the middle of an exchange of data between two parties, such as a computer and a server, for the purpose of performing malicious acts.

Denial-of-service

One of the most dangerous types of threats to businesses is a distributed denial-of-service attack. A cybercriminal commits this threat by gaining access to a system, often by exploiting a vulnerability, with the goal is to overload it to the point of blocking people (your employees and/or customers) from accessing the system.

SQL injection

A SQL injection attack refers to malicious SQL code that is created to access and cause havoc to a vulnerable SQL database.

Zero-day exploit

A zero-day exploit is a cyber threat that is designed to exploit a vulnerability that has not yet been discovered and patched by the designer.

DNS tunneling

The domain name system (DNS) protocol is a legitimate method of exchanging data across the Internet. Cybercriminals can manipulate the DNS protocol to create a path or “tunnel” for infiltrating a network and exposing sensitive data.

 

  • Threats to Your Industry

You should also consider cyber threats that are specific to your organization’s industry. The following are common industries and the threats that they often face.

Financial

Organizations that handle financial transactions are big targets for cyber criminals. Insight, a cyber intelligence company, reported findings of  that malware attacks in 2019 were targeted more often in a specific area—financial institutions (25.7 percent). Malware isn’t the only threat to these organizations. According to a report by technology consulting firm Mindsight, the top three cyber threats to the financial industry are web application attacks, DDoS attacks, and backdoors and supply-chain attacks.

Healthcare

Healthcare companies are a common target for cyber criminals because of the large amounts of personal data they manage. The Fact Sheet of the Cybersecurity Act of 2015 lists the following as common threats to healthcare organizations: Ransonware, email phishing attacks, loss or theft of equipment or data, internal, accidental or intentional data loss, and attacks against connected medical devices that may affect patient safety are common threats to these industries.

Government

The IT systems of governmental organizations, federal agencies in particular, are responsible for managing critical infrastructures and are often targeted by cyber criminals. According to the U.S. Government Accountability Office, the Department of Homeland Security received more than 35,000 security incidents reports from federal executive branch civilian agencies in 2017. Of those incidents, the largest number (31%) were from an unidentified source. The remaining incidents were from improper usage (22%), email/phishing (21%), loss or theft of equipment (12%), web-based attack (11%), multiple attack vectors (2%), and attrition, external/removable media, and physical cause made up 1%.

Manufacturing

The infrastructures that are critical to keeping countries moving smoothly require manufacturing operations. Cyber criminals know this and have been increasing their threats on this industry. According to a study by Deloitte and the Manufacturers Alliance for Productivity and Innovation (MAPI) nearly 40% of the surveyed manufacturing companies were affected by cyber incidents in the prior 12 months, and 38% of those impacted indicated cyber breaches resulted in damages of $1 million or less.

The National Institute of Standards and Technology (NIST) identifies the following threats to manufacturing: Identity theft, phishing, spear phishing, spam, and compromised webpages

 

  • Trending Threats

As the world changes, we see old cyber threats improve and new ones emerge. Sometimes, we see threats increase on the radar of cyber intelligence trackers because of specific events. In 2020, for example, the COVID-19 global pandemic was associated with the following three significant cyber attacks, as reported by MonsterCloud:

Corporate ransomware attacks

Large corporations are often the target of ransomware attacks. During the COVID-19 pandemic, cyber criminals have been threatening doxware (extortionware), which is a type of ransomware that involves a cyber criminal threatening to sell or publish sensitive data.

Research and vaccines

As companies are in the midst of developing a vaccine for COVID-19, cybercriminals are increasing their attacks to obtain information to sell to other companies and governments wanting it.

Social engineering (Twitter)

In the summer of 2020, a teenage hacker managed to scam high-profile Twitter users out of more than $100,000. He was arrested, but not before obtaining $100,000 from his victims.

An additional threat that many companies neglect to acknowledge is within their organization. In the article “The Biggest Cybersecurity Threats Are Inside Your Company” , insider threats account for 60% of all threats to an organization.

2: Inventory Your Assets

Once you understand the threats to your organization, you should then understand your assets that could be threatened. The plan you develop will be effective only if you understand the assets you need to protect. The best way to learn this information is to perform an inventory. The National Initiative For Cybersecurity Career and Studies (NICCS) defines an asset as “A person, structure, facility, information, and records, information technology systems and resources, material, process, relationships, or reputation that has value.”

Here are a few examples of common assets within an organization:

  • Data that flows through your organization. This includes personal data (sensitive data about employees, vendors, and third-party companies and the work data the organization obtains or produces.
  • Physical assets or endpoints that employees use connect to your organization’s network.
  • Network that employees connect to.
  • Infrastructure resources such as databases and servers that store your data.
  • Software that employees use in the company (note the identifying information as well as dates).

A simple spreadsheet is a good way to manage the assets, but it shouldn’t be a laundry list of your assets. You should include details that help you determine the critical value of the asset. This includes adding information about its intended use, how it is accessed, by whom is it accessed, and an assessment of its value. You should devise a system for noting those assets that are critical to the business.

3: Outline Your Protection Measures

Once you understand the threats to your organization and the most critical assets you need to protect from those threats, you are ready to specify how your organization plans to protect its assets from cyber threats.

The following are examples of types of cybersecurity protection methods referenced in an effective cybersecurity strategy:

  • Training to develop cybersecurity awareness among all employees.
  • Security policies for every type of asset (examples listed below):
    • Perimeter security such as network security includes firewall and anti-virus protection, and encryption
    • Endpoint security that protects the systems that connect to your network
    • Application security methods such as sandboxing and encryption
    • Password security that requires employees to use strong passwords
    • Email security measures such as multi-factor authentication and email security gateway protection
    • Remote access security measures such as virtual private networks (VPNs) and end-to-end encryption
  • Insurance that protects your organization from liability should you suffer a cyber attack

Next Steps

The information presented above will help you develop your cybersecurity strategy. Keep in mind that your cybersecurity strategy is not a document that you develop and forget about. It should be a dynamic document that you revisit often to ensure it is up to date.

Seeking the assistance of a cybersecurity expert is a good plan of action to ensure that your cybersecurity strategy addresses all the needs of your organization. BACS is an IT services company that partners with organizations to help them solidify effective security strategies that are based on in-depth analysis.

data protection - IT security services

Reaping the Benefits of Proactive Data Protection

By | Data Protection, IT Support, Security

The rapid proliferation of digital technologies offers businesses vast potential for expansion and innovation, but it also creates a host of new security risks. As the growth in the number of connected devices continues to accelerate, one major challenge is determining the optimum level of security for certain types of data. Some assets require minimal protection while others may need more robust security measures.

Data breaches represent the most immediate need for effective enterprise data protection. Better protection means better compliance and reduced monetary losses and less risk of reputational damage. Improved security processes are also critical for emerging business priorities, including digital transformation, regulatory compliance, and privacy and reporting requirements.

While building an effective data protection strategy can be challenging, the effort can deliver immense business value on multiple levels. A robust data protection and privacy plan can help build and maintain stronger customer relationships, enhance brand value, and reduce the potential for non-compliance and its associated penalties. Whether through a targeted attack or an internal security lapse, businesses are at risk for potentially crippling loss of revenue through a single data breach.

Building a strong security foundation requires advanced tools and technology and an organizational culture that not only protects data and minimizes risk, but helps improve business agility, responsiveness, and transparency. It starts with a detailed assessment of your IT infrastructure and overall security requirements.

 

  • Assessment: First, it’s essential that you build a solid understanding of your data, including how it is stored, how it is accessed, how critical it is to your business, and the potential risks if were lost or stolen. What types of data are most vital to your business? What is the level of confidentiality of the data you manage? What are your current methods of storage and will this change in the future? What are the protocols for data access? This insight will provide the framework for defining your security requirements and shaping a solution that strikes an optimum balance between data control, protection and access flexibility.
  • Controls: The next step is to implement higher-level controls. These are enterprise data protection and security tools that will help protect data when it’s being accessed or used. Strong access control and user authentication methods help ensure only approved users can obtain access to your networks and data. Encryption is also critical to safeguard data and provide additional reinforcement barriers to network-based attacks.
  • Monitoring: At the center of a proactive strategy is the ability to record events and execute actions based on those activities. This is where ongoing monitoring can help, providing important insights that can help safeguards against gaps in application and perimeter defenses by notifying you of issues before any serious damage occurs. Automated monitoring tools track data access and usage details and provide important insight into areas of risk and vulnerability, helping to improve the likelihood that a potential intrusion will be quickly identified.

 

Implementing the right technology is critical, but it’s not the whole solution. The users who interface with IT systems must also be educated and instructed in how to perform their tasks. And, the policies and procedures that define the actions must be properly designed and consistently enforced.

While there is no silver bullet to protect against all threats, new techniques and innovative approaches to blocking malware and securing endpoints can help safeguard your digital assets without hampering productivity or mobility.  Following some proven best practice measures can help protect against a barrage of new and emerging threats.

 

  • Strengthen access controls: Once an access point is compromised, attackers will often reuse the password to gain access to other systems. Authentication will help obstruct these attempts no matter how the hacker gains access to the password.
  • Utilize encryption: Encryption helps safeguards information in transit and on the endpoint devices, preventing attackers from copying or transferring that data. For even greater protection, consider full-disk encryption, which it encrypts the complete hard drive, safeguarding the data as well as the applications and operating system.
  • Tighten controls: Application controls can help prevent prohibited users from launching or downloading applications on endpoint devices. They also help shield the network from possible security threats with their ability to block departing employees from access to critical business systems and applications.
  • Use proactive scanning. Vulnerability scans provide reports on detected gaps in security and recommendations for security patches or vendor solutions. These reports describe the types of risks found and a potential cause for each area of vulnerability.
  • Ensure business continuity. In the event of a disaster or security breach, you need to be able to recover quickly. Work with a qualified security expert to assess your current environment and develop a disaster recovery plan that safeguards infrastructure and data and protects against ongoing threats
  • Monitor lifecycles. Network monitoring tools can help confirm the health of software and firmware throughout system startup, operation and during sensitive upgrade periods. Software updates and security patches should be delivered automatically by default.
  • Implement advanced threat detection. Advanced detection techniques, including machine learning and analytical tools, can help identify irregularities and weaknesses in ways that aren’t possible with traditional network security These tools analyze that data in real time to correlate events and spot individual anomalies or patterns of behavior that may indicate a security breach.
  • Define policies and procedures. Usage policies define what behaviors are and aren’t acceptable. Work with your internal team to define and implement policies and practices based on your usage preferences and requirements or mandates specific to your particular market.

As cybersecurity becomes more complex, many organizations lack the resources or knowledge they need to mount an effective defense. That’s where working with an experienced security expert can play a vital role, helping you define your business requirements, identify data priorities, and implement a security framework that aligns with your business goals.

The good news is that with the right mix of defensive measures, smart policies and sound technology planning, achieving a secure IT environment is possible. Establishing a secure and well-protected IT environment in today’s world requires a proactive approach—assessing vulnerabilities, updating technology and security defenses, and monitoring for vulnerabilities.

This is where additional proactive measures can prove critical, providing reinforcing layers of defense as part of a comprehensive security strategy.

 

  • Create a culture in which people talk about security, and make security a clear priority. Teach users about secure online practices such as how to recognize potential threats and phishing attempt. Check their security awareness with in-house hacking attempts and interactive security activities.
  • Simplify and streamline security with solutions that consolidate authentication, encryption and advanced threat protection into a single security suite. Compared with point tools, these integrated systems require a fraction of the IT resources required to maintain effective threat protection.
  • Deploy updated anti-malware to help prevent malicious software such as ransomware and viruses from sneaking into your network, and make sure your anti-malware software is consistently updated with the latest definitions.
  • Keeping patches current―make sure your practices include automated patching to help enforce policies and keep systems up to date and enforced with the latest software patching.

 

  • Make backups of all your data and software on a storage device that is not attached to your network or computer. Confirm that all your backups are operating properly and test them on a regular basis to make sure they will perform when you need them.

Cybercriminals are constantly looking for new ways to break through your defenses, which reinforces the need to create a strong culture of security knowledge, awareness and responsiveness.

Every IT environment is different, and hackers are constantly refining their techniques. Therefore, it’s imperative that you stay up to date on the latest techniques and remain diligent in your effort to shield your business and safeguard your infrastructure from today’s relentless barrage of cyberattacks.

A comprehensive data protection and regulatory compliance strategy is no longer a flexible option, but rather a must-have plan for businesses of all sizes. Although building an effective IT security framework is a long-term process, businesses cannot afford to wait. Plans are being developed today, and proactive organizations are already taking action now to help ensure their IT environment is ready to safely and securely support the rapid proliferation of connected infrastructure and devices.

Organization’s Cybersecurity Strategy.

Undeniable Proof That You Need to Improve Your Organization’s Cybersecurity Strategy

By | Security

Are you a new chief information security officer (CISO) or other senior cybersecurity officers in the process of evaluating your organization to determine if effective cybersecurity strategies exist? You undoubtedly are aware that a comprehensive cybersecurity plan will provide your organization with the best protection. However, the decision to improve cybersecurity measures requires resources that likely require the approval of the decisionmakers in the organization. While these individuals understand the importance of cybersecurity, they are careful about funding it without having sufficient proof.

The following are five security issues that can make your organization vulnerable to cybersecurity problems. These issues are considered serious and should make a good case for improving your organization’s cybersecurity situation.

  1. There are no threat detection or response systems in place.
  2. Employees use public networks to access company information.
  3. There is no data governance.
  4. High-priority assets aren’t protected.
  5. Employees aren’t provided security guidelines.

1. There are no threat detection or response systems in place.

The best cybersecurity defense for an organization is to see threats coming in and prevent them from unleashing a malicious attack. If your organization doesn’t have systems in place to monitor your network traffic for suspicious activity and react accordingly, you are in a vulnerable position. The really bad news about cyber threats is not that they can infiltrate your network, but that they can infiltrate your network and hang around to continuously wreak havoc on your network. This is important. Just one cyber attack can change a business forever. The good news is there are a variety of measures you can take to detect unauthorized intruders and deal with them appropriately.

There are several methods of detecting and preventing threats that range in cost and complexity. Organizations typically use a combination of the following:

  • Anti-virus/malware software – These basic solutions are easily deployed on all devices in an organization and can detect known viruses/malware. You can also specify settings for your needs. You usually have access to logs that you can use to investigate an issue further or determine if there is a developing trend.
  • Firewall – If employees in your organization connect to the Internet, a firewall is one of the best methods of protection. This system works like anti-virus/malware software but is specifically designed to monitor your network traffic and prevent suspicious and malicious activity. You should install a firewall on work devices that employees use to work remotely.
  • Intrusion detection system (IDS) – This system provides an advanced form of network monitoring. It is highly configurable to allow you to specify the level of monitoring, detection, and response your organization requires. This type of system usually offers a lot visibility into the activity on your network so that you can dynamically make changes, if necessary.
  • Endpoint detection and response (EDR) – This system works like an IDS, except it is designed for endpoints.

2. Employees use public networks to access company information.

Public Wi-Fi is a convenient tool when an employee must work outside your organization and the (hopefully) protected network. However, these public networks are often unsecure. While the manager of a public Wi-Fi can add security features, there is no guarantee. A case in point is the WeWork security breach. This breach involved the commercial real estate company’s Wi-Fi that was reported by a tech savvy customer in 2015 as being unsecure and exposing personal information, including financial documents from an insurance company, belonging to users. Four years after that initial report, it was determined that the Wi-Fi remained unchanged. Scans of the Wi-Fi traffic were analyzed, and it was determined that nearly 700 computer systems had accessed the public network and a large amount of data was exposed.

If employees in your organization must use a public network, share with them the following security tips from GlobalSign, a trusted identity and security solution provider:

  • Double check you’re accessing the correct network
  • Install antivirus software on your system
  • Enable firewall protection on your system
  • Disable file sharing on your system
  • Use a virtual private network (VPN) or limit your visits to websites that are encrypted (use HTTPS)

3. There is no data governance.

Wikipedia defines data governance as a “data management concept concerning the capability that enables an organization to ensure that high data quality exists throughout the complete lifecycle of the data, and data controls are implemented that support business objectives.” In terms of cybersecurity, this refers to performing an assessment of your organization’s data to obtain a thorough understanding of security risks to develop appropriate security solutions. Data governance is an important exercise for you because only when you have a thorough understanding of your data are you able to develop effective cybersecurity strategies.

An real-life example that shows the importance of data governance is the Equifax 2017 data breach, which is considered one of the worst data breaches of all time. This cyberattack involved a cybercriminal gaining access to Equifax servers and extracting the personal information for more than 145 million consumers. They were able to exploit a vulnerability that Equifax had overlooked, set up an encrypt channel, and run 9000 queries to obtain the personal information they desired.

Developing security policies can be an exhausting task, especially when you are starting from a weak cybersecurity position. The process consists of assessing your current situation and devising a security plan that covers all the assets in your organization. A popular model that organizations follow is referred to as CIA Triad. This model is based on three principles:

  • Confidentiality
  • Integrity
  • Availability

According to the CIA Triad, all data is susceptible to cyber threats based on or more of the above principles. When you evaluate your data assets using these three principles, you can better map out effective cybersecurity strategies.

4. High-priority assets aren’t protected.

A significant part of establishing data governance is prioritizing your organization’s assets. Although all the assets in your organization are important, some have greater value than others. All the assets in your organization should be assigned a priority. This includes software, hardware, and accounts. Understand that you’re not just creating a list. As mentioned in the discussion about data governance, you need to understand the risks that are associated with your critical data and determine the best strategy to mitigate those risks. Depending on the core industry in which your organization belongs, there may be compliance regulations that you must adhere to protect your critical assets, as well as employee and customer personal information.

In addition to limiting the users who have access, protecting your most critical assets should involve the following:

  • Implementing two-factor password authentication
  • Using complex, unique passwords and change them often
  • Using encryption to protect the data as it travels in and out of your network
  • Applying security patches immediately
  • Setting up automatic backups and save in a location that is separate from other assets
  • When not in use, storing critical hardware in a secure location
  • Installing monitoring, detection, and recovery software on the systems that access critical data

5. Employees aren’t provided security guidelines.

The prevalence of cyberattacks headlining news articles might lead you to think that the employees in your organization are knowledgeable about basic security measures they should employ when handling the organization’s data.  Symantec’s 2019 Internet Security Threat Report indicates this is unfortunately not the case. According to their report, spear-phishing emails (malicious emails that appear from trustworthy contacts) were the most common method of attack. Cybercriminals are likely targeting an area where they are most successful.

There are also numerous cyberattacks that demonstrate the importance of training employees about cybersecurity and the role they play to keep your organization’s critical data safe. An example is the 2018-2019 data breach of the bodybuilding.com website. The staff members of the online fitness shop received a phishing email, but it only took the action of one who clicked a link in the email to create an opening for a malicious attack that consisted of the cybercriminal accessing personal customer information. It reportedly took eight months for the company to learn about the attack.

Training programs are a great method for teaching employees the following security best practices:

  • Use strong passwords
  • Change passwords often
  • Avoid phishing and other scams
  • Never leave company assets unattended
  • Shun using public networks to access company data

Final Thoughts

If you’ve learned that one or more of the serious security problems listed above apply to your organization, your next step should be to share your findings with the decisionmakers in your organization and obtain their buy-in to implement policies to improve the security outlook of the organization. It’s a daunting task that you shouldn’t handle on your own. BACS is an IT company that specializes in developing effective cybersecurity solutions for companies of all sizes and across a wide variety of industries. Their expertise covers the spectrum of cybersecurity, which allows them to satisfy the specific needs of their clients.

Contact Us for a FREE Security Assessment

Managed IT services - IT security services

Managed Security Service Providers – Choosing The Right IT Security Vendor

By | IT Support, Security

As more and more employees are working from home in today’s environment, creating a secure network for a multitude of vulnerable devices is more vital than ever. Many businesses are turning to managed security service providers in order to handle all of their cybersecurity operations. There are thousands of managed security service providers on the market who promise the world. 

 

How can you know who is for real and who is fake?

Business owners may believe that every managed security provider more or less provides the same service. That statement could not be further from the truth. IT security vendors offer different packages, products, and services. Those without a background in IT will have difficulty discerning one managed security provider from another. They will not be able to properly vet their offerings and may end up choosing a vendor who is not the right fit. 

Thankfully, we are here to show you exactly what you should be looking for when choosing the right IT security vendor. These are some of the most basic criteria and questions to ask when reaching out to managed service security providers. 

 

Experience in Your Industry

There are vastly different cybersecurity regulations and considerations depending on the industry. For example, the healthcare industry has to deal with complex HIPPA laws. Your company does not want an MSSP that specializes in the banking industry if you have to deal with confidential patient information. Finding an MSSP with vast experience in your industry will give you confidence that they can meet your needs. But, some IT security vendors may be tempted to lie about their experience to get your business. 

 

Get references from other companies in your industry.

The vendor that you should be considering should be able to provide plenty of references to other companies that they have worked with. Testimonials are great, but speaking directly to another company will give you peace of mind. If they are doing a great job with another company in your industry, you will have the confidence to choose them as your MSSP. 

Additionally, your company needs a managed security provider that will be able to cater to your individual needs. 

 

A Customized Solution for Your Needs

A one-size-fits-all solution is not going to cut it in today’s world. Hackers are becoming more sophisticated by the day and are working to break down today’s cybersecurity solutions. Your security needs are different from nearly every other company’s. A big red flag would be a pitch about a generic solution. Their team likely does not understand your needs and are attempting to put a bandaid on a bullet wound. 

 

What are they going to do for your company? 

Good, honest communication will go a long way in creating a relationship that works for both you and your vendor. The right IT security vendor will be honest with you and your company. They should be able to showcase how they are going to add value to your company and outline the steps they are going to take. This will be a customized solution that will cater to your specific needs. 

What is their Plan When Something Goes Wrong?

We all want to believe that a managed security service provider will be able to defend against 100% of all cybersecurity attacks. But in reality, there will likely be a time when your company has been compromised by hackers. When that happens, your managed security service provider should have a customized plan of attack for your company. 

Here are a few questions you should ask when reaching out to potential vendors:

  • What is their plan and how detailed is it?
  • Are they transparent? 
  • Do they have a team dedicated to dealing with breaches? 
  • How do we prevent the issue from happening again going forward?

Mistakes are bound to happen. Learning from them and taking actionable steps to prevent them from happening again separates good MSSPs from great MSSPs. 

 

A Long-Term Relationship

Your company needs a long-term relationship with a managed service security provider. The worst thing that could happen is you choose an IT security vendor and they end up going out of business within a few months. This would lead to a massive headache for your company. You will have to start the vendor vetting process all over again and it will make the transition to the next MSSP even more difficult. Do not be afraid to ask for assurances that your vendor will be around for years to come. 

 

This is a partnership

You are partnering with an IT security vendor, this is more than just purchasing a tool from a company. Your MSSP is responsible for protecting your data, network, customers, and your staff. This needs to be clear to all parties involved. You and your MSSP need to work together in order to achieve the goals of your business. Your MSSP will be right by your side as your business continues to grow and your needs change. 

 

BACS is the Right IT Security Vendor

We create a tailored solution for your organization that will meet all of your specific needs.  We will gladly provide references to our happy customers who we have worked with for years. Our team will handle any cybersecurity crisis in a timely manner, so you can get back to running your business. If we are not the best fit for your company, we will happily recommend another MSSP who will be able to better service your business. 

 

Reach out to BACS today to learn more about how we can keep you and your business safe. Our team is dedicated to adhering to the highest cybersecurity standards and providing your team with the tools to keep your data safe and secure. 

Contact Us for a FREE Security Assessment

signs your computer may have malware or a virus

Surefire Signs You’re Infected With Spyware, Malware, and Viruses

By | Business Continuity, IT Support, Security, Technology

On average, there is a hacker attack every 39 seconds. Unfortunately, hackers hide malicious programs, and there are no visible signs that your device is infected. Once your device is compromised, you need to take action right away to prevent additional harm.

Signs Your Computer Is Infected

Does it seem like your computer has slowed down? Does it crash frequently? If your computer has been acting differently, there may be a reason why. After malware infects a device, you may notice pop-up ads or speed issues.

The most common signs of infection are:

  • You get pop-up ads all of the time for no apparent reason.
  • Your home page has switched on its own, and you are unable to change its settings.
  • You may also have new toolbars that you never created.
  • Unexplained files appeared on your computer.
  • You noticed that your email account sent emails, but you did not send them.
  • Your desktop files have been deleted or moved.
  • The icons on your toolbars or desktop have disappeared.
  • A second or third browser opened up behind your primary browser window, but you did not open them.
  • You get runtime errors when you use Outlook Express or MS Outlook.
  • Your computer crashes frequently or is unstable. It may be sluggish if it is infected.

The previous signs are indications that there is a problem with your computer. You will need a professional technician to help you remove it and to be aware of the common misconceptions about hackers and malicious programs.

The Four Most Common Misconceptions

1. You Can Easily Remove Malicious Programs

Unfortunately, spyware and viruses can be difficult to remove. On very few occasions, you might be able to remove malicious programs using a free download. Still, in many cases, malicious programs cannot be detected or eliminated using these software programs since hackers embed them deeply in the operating system. When this happens, you need the help of an experienced professional to detect and remove the program.

In extreme instances, the only solution is to wipe the hard disk completely. To do this, the technician must delete every file before installing the operating system all over again. Eliminating all of your data is never the first option, but it may be your only choice. Some malicious programs are so crafty and complex that the only way to get rid of them is by deleting everything.

2. My Computer Is the Problem

When someone suffers from viruses, they often blame their computer. They think that the computer would not have a problem if it were more expensive or better made. In reality, most malicious programs happen because of human error, getting onto a device because of the user.

You or one of your employees could have unknowingly clicked on the wrong link or downloaded a malicious file. Do not blame yourself too much, though. Cybercriminals are talented at making malicious programs look like innocent files. They make their malicious programs seem like ordinary activities you do all the time, which is why you feel comfortable clicking on them.

Some downloads may look innocent, but they could have spyware. For instance, your employee may download a software program that ages their pictures or gives them new emoticons. While these programs seem innocent, they could include malicious code. As soon as your employee downloads one of these programs, the malicious program can infect your entire network.

Avoid downloading any free program you find online. Avoid screen savers and enhanced browsers, and carefully read through the terms and conditions before you download an application. Often, the terms and conditions will specifically include clauses that allow the software vendor to install malicious programs on your device. It would help if you also stop your employees from downloading any online applications.

Unfortunately, your computer can be infected through other techniques as well. For example, you should regularly update your current programs. Each program has security patches that prevent hackers from accessing your computer. If you do not get these patches, then hackers may be able to access your device when you accidentally click on a banner ad or email attachment.

Security patches are incredibly important because hackers are always creating new ways to access devices. For example, some hackers discovered how to install malicious programs using Internet Explorer without requiring any clicks or downloads. The malicious program would install on your computer, even if you didn’t click on anything. Making sure your computer has all of Microsoft’s latest updates and patches to prevent this kind of attack.

If you want to protect your personal information and device, you should avoid peer-to-peer file sharing. Hackers and cybercriminals love these sites, so they are full of malicious programs. In many cases, the source of a company’s malicious attack is a peer-to-peer site.

3. Maintenance Is Unnecessary—My Computer Works Fine.

Even if your computer seems to be working fine right now, it still needs to be appropriately maintained. Think of a computer like a car. You have to change the oil and replace the brakes regularly if you want to avoid spending more money and time on repair costs later.

With a computer, there are maintenance checks you need to do daily, weekly, monthly, and quarterly. For example, spam filtering and virus updates should occur daily. A spyware sweep and system backups should take place every week. Meanwhile, defragmenting your disk and updating your security patches should be done every month or quarter.

A good technician will tell you about the regular maintenance you need to do to your computer. Your technician should offer to do things like configuring automatic system backups, spam filtering, and virus definition updates. To be protected, these system backups must be stored away from your company so that your backups are safe from natural disasters.

If the technician you’re working with does not offer to do regular maintenance, find someone else. Routine maintenance prevents significant repair costs later on, and the lack of it is one of the top reasons why people have high repair bills and lose important files.

There are only two reasons why a technician will not perform routine maintenance. In some cases, the technician is inexperienced and does not know what they are doing. Some technicians do not want to do maintenance work because they know that they will make more money from repairing problems. Both of these reasons are signs that you should find a different vendor.

4. Microsoft’s Operating System Offers All of the Protection I Need

It seems intuitive that a computer would sell with everything you need to use it. Sadly, this is not the case. Microsoft does not equip its devices with all of the security features they need. If you do not protect your computer, you will be vulnerable to viruses, data loss, and cybercriminals.

Protecting your device requires a multi-faceted approach. No one vendor is capable of providing every single security feature you need. It is crucial to find an experienced technician you trust to get the protection you need.

Essential Security Measures Every Business - Mobile Computing

Essential Security Measures Every Business Must Put In Place With Mobile Computing

By | Security

Prevention is always better than cure. This statement might sound like a cliché, but preventing a disaster is much better than dealing with the repercussions. Mobile Computing is no different. It is essential to put stringent security measures to avoid a disaster of your computer systems.

Mobile Computing, also known as wireless computing, is an impressive technology that permits computer transmission of data wirelessly or via the internet. It has revolutionized how we do business today. It has also improved access and efficiency, reduced costs, and made business operations very convenient. All these benefits can turn sour if you do not have a robust security system against data breach, data loss, or hacking.

Modern technology is advancing at a rocket pace. Similarly, thieves, cyber-terrorist, and hackers are also improving their game to grab any chance they get. If you are sloppy with mobile devices, you might encounter the wrath of these cybercriminals.

If you have a large team of employees using wireless computing, it becomes even riskier to your entire system. The chances are that employees might misplace their mobile gadgets or download the hacking Trojans that will invade your system.

I am sure you have heard instances where individuals have lost huge chunks of wealth through hacking. In numerous cases, news of the data breach has made the headlines in our newspapers and mass media. To avoid such incidents in your firm, you need to adopt the following essential security measures.

 

Instigate A Mobile Device Policy

One of the first steps you should undertake if you are considering the use of wireless computing in your business is implementing a mobile gadget policy. This preventative measure is essential if you and your employees are accessing emails, company information, and financial records using personal mobile gadgets. Family members, friends, or acquaintances of your employees can easily access their devices. You should, therefore, develop a policy that offers guidelines on how the employees can use their mobile gadgets when they are working remotely.

In case employees leave, the company should have measures that ensure that the company’s information will be secured. They should also ensure that information can easily be erased and cleaned up from devices for protection or theft. The client or critical data like credit details should always be secured, and out of reach since the consequences or misuse are significant and expensive. There should be a policy that restricts the employees from using the company’s devices for personal usage, rooting, or tampering.

 

Encrypt your Mobile Gadgets

It would significantly help if you encrypted the mobile gadgets with a password for data security. Encryption ensures that unauthorized persons cannot access data without a unique encryption key. Even when you lose a mobile device, you would not worry about a data breach.

Always Update Your Security Software

The rocket pace of technology comes with the accelerated emergence of threats. Thousands of new threats can emerge almost daily. If your software is outdated, it might not be able to fight against the surge of these new threats. Your mobile gadgets security setting should be updated as frequently as possible. Having an automatic update protocol for your employees will assist in ensuring devices remains up to date throughout.

Prohibit Your Staff from Downloading Unauthorized Files and Software

Cybercriminals are known to invade systems by introducing Trojan files and software. Barring employees from downloading software and data from unknown sources will prevent employees from unknowingly being duped into downloading malicious applications or files that can invade your systems.

 

Have A Backup System For Mobile Devices

I am sure you have, in one instance, lost an important contact or a file and lost it for good. Having backup systems saves you the pain of losing valuable information. Mobile gadgets can be lost or damaged when they have critical business information. Backup systems will come in handy to restore all that information. Cloud backup is becoming popular, and most businesses are backing up their data in the online cloud. It would help if you also considered sourcing for professional cloud systems for your business.

Implement A Remote Wiping Protocol

Remote wiping is an excellent way of protecting your company from data breaches in case of lost or stolen mobile devices. The remote wiping protocol prevents the retrieval of essential information regarding your business from the lost or stolen device. This security measure ensures that sensitive data cannot be accessed.

 

Implement Strong Password and Passcodes Protocol

Strong passwords are necessary for protecting unauthorized access to information. Employees should have passwords that cannot be easily memorized or guessed. An excellent password should contain numbers, capital letters, lowercase letters, and special characters. The length of the password should at least be eight characters as longer passwords provide more security to your device.

Educate your Employees on Cloud Computing Security

The saying ‘an informed person is a powerful person’ shows the need to be informed. If your employees are informed about cloud computing and the risks and threats involved, they will surely exercise caution when using mobile gadgets. You should conduct regular training and sensitization that keeps your staff informed and up to date with computing threats.

Are you using the above essential measures to secure your business? If you have not implemented these measures yet and you are using wireless computing, know you might be holding a ticking bomb that can explode at any time.

You don’t need to worry if you don’t know how to implement all of these measures. Our process involves documenting all mobile devices accessing your company, detailing your cloud software system, and formulating a backup protocol that protects data stored in third-party software. This thorough process will help you avert cloud-computing threats by securing the mobile devices of your employees.

Should you Invest in Cybersecurity

10 Signs You Should Invest in Cybersecurity

By | Security

With the increasing number of data breaches in the news, you or the decisionmakers in your organization may be weighing the benefits of investing in cybersecurity. As a security leader in your organization, you know the importance of protecting your organization’s digital assets but also know that the costs can be substantial. If you’re like most security leaders, you have the dilemma of trying to implement an effective security model with a limited budget. Instead of applying inadequate security solutions with gaps of protection, consider persuading the decisionmakers to increase your budget as appropriate. You may be apprehensive to do so but neglecting to provide sufficient security protection for your organization can be more costly than increasing your budget. According to the IBM 2019 Cost of a Data Breach Report, the average data breach costs an organization $3.2 million. If you’re motivated to approach your decisionmakers, before you approach them, conduct a risk assessment to determine the needs of your organization and the estimated budget necessary to invest in an applicable security model.

During your risk assessment, here are 10 signs that you need to invest in cybersecurity:

  1. You don’t have security policies.
  2. The structure of your organization has significantly changed.
  3. Your industry is heavily targeted.
  4. Your industry has new cybersecurity regulations.
  5. Your network downtime is costly.
  6. You don’t have an employee training program.
  7. Employees receive a lot of spam emails.
  8. Your security team is overworked.
  9. You are using outdated security solutions.
  10. Your organization has experienced a security incident.

1. You don’t have security policies.

You should develop a formal security policy that outlines the key assets and technologies that your organization uses and defines the protocols for securing each one. The basic elements to address in the policy are application security management, network security management, and remote security management. A best practice is to align the protocols with the five elements of the National Institute of Standards and Technology (NIST) cybersecurity framework: identify, protect, detect, respond, recover.

2. The structure of your organization has changed.

As your business grows, so should your security solutions. Moving data to the Cloud, employing remote workers, or implementing a new BYOD policy are changes that can increase the entry points to your data. These changes require additional solutions to address the increase in network access and methods of access. Moving data to the Cloud is especially significant because your data has moved to a location with less visibility. There may also be multiple third parties involved in managing your data.

3. Your industry is heavily targeted.

All organizations should implement security protections. However, there are organizations that should seriously consider investing in cybersecurity because of their industry. Cybercriminals tend to seek targets with the greatest impact. According to security certification and training firm Infosec, the following industries are targeted most often:

  • Healthcare
  • Manufacturing
  • Financial services
  • Government agencies
  • Education

4. Your industry has new cybersecurity regulations.

The continual increase in security breaches has resulted in regulations becoming more prevalent. If your organization has regulations, it’s a foregone conclusion that you should invest in cybersecurity. In most cases, regulations are designed to ensure that organizations with a greater security threat are implementing adequate security protocols to protect their clients. Security regulations are also executed to ensure that organizations employ a security policy that includes response and recovery components that expeditiously communicate information about a data breach to all affected parties. The New York State legislature passed the SHIELD Act in 2019. Other states have passed similar laws. Governments in other countries have also passed security laws. TCDI, a company that develops security software, provides a list of relevant cybersecurity regulations.

5. Your network downtime is costly.

Network downtime affects an organization’s bottom line. If the costs to restore your organization’s network are increasing, that is a red flag that you need to rethink your security model. Common reasons that a network goes down include outdated software, applying a patch or update that breaks existing software, and human error such as network misconfigurations. These tasks may seem mundane, but negligence in carrying them out is a common source of cyberattacks. According to a report by Ponemon Institute, 60% of the respondents to their survey stated that their security breaches were caused by neglecting to apply an available patch. We’ve already discussed the average cost of a security breach.

6. You don’t have an employee training program.

Employees are considered the first line of defense for cybersecurity because their behavior is linked to key entry points to the network.

The following are examples of improper employee behavior that can lead to an organization experiencing a security incident:

  • Responding to a phishing email
  • Losing a company laptop
  • Using weak passwords to access company applications
  • Downloading unapproved software onto a mobile device used for work

Developing a comprehensive training program that teaches employees proper security behavior and stresses the importance of practicing that behavior (and repeating that information often) will help to mitigate your organization’s security risk.

Here are some tips published in Government Technology magazine to help you create an effective cybersecurity awareness program:

  • Choose interactive versus static material
  • Focus on changing behavior and establishing a culture of cybersecurity
  • Make the training a requirement for everyone
  • Make the training fun
  • Solicit feedback from the trainees
  • Use a variety of methods, such as emails, newsletters, and posters to keep the message in front of employees

7. Employees receive a lot of spam emails.

Malware is becoming a common nuisance in the workplace. A highlight of the Cisco’s 2020 CISO Benchmark Report is that malware (and other types of malicious spam) occupies the first seat on the list of cited causes of security breaches. Ransomware is a type of malware that locks an individual or company from an asset and then requires payment to regain access to that asset. This type of threat is becoming more common due to the popularity of digital currency. Ransomware is particularly dangerous to organizations because it is responsible for causing the “most destructive amount of downtime (more than 17 hours)” according to the CISO report.

8. Your security team is overworked.

Cybercriminals are constantly looking for ways to infiltrate systems. A non-existent or stagnate cybersecurity budget can lead to problems. One of the side effects of implementing a cybersecurity model that is insufficient for your organization’s needs is that your security team must do more work. The tale-tell signs of an overworked team include constant network problems, significant amounts of overtime, and low morale.

9. You are using outdated security solutions.

Are your security policies full of manual processes that your IT team performs on a regular basis? Depending on manual processes for your security solutions creates a reliance on human input, which is a  common cause of security issues. This is more of an issue when the manual processes are performed for high-priority assets in your organization. A better plan is to use other solutions, such as automation, for your most critical assets and save manual processes, if you must keep them, for less critical assets. You should also determine if there are any compliance regulations that require you to use a specific level of security.

10. Your organization has experienced a security incident.

Security incidents, regardless of impact, are serious matters. They compromise the privacy of your organization’s employees and client’s, taint your reputation, and cost money (usually a lot) to resolve. Some organizations can’t return to business as usual after a security issue because their reputation in the industry has become questionable or they can’t absorb the resolution costs. Of course, it’s possible for an organization to recover from a security issue, but there are important steps you need to take. Digital Guardian, a data loss prevention software firm, interviewed data breach experts about their recommended next steps after a data breach.

The following are a few of the tips from the data breach experts:

  • Contain the incident
  • Communicate effectively with affected parties
  • Investigate the incident to understand the cause
  • Protect your business from future attacks

Takeaway

IBM’s statistic mentioned at the start of this post regarding the average cost of a security breach is a daunting figure that should motivate you to make cybersecurity a priority. By simply assessing your current situation, you can determine if your organization should invest in cybersecurity. The items listed above are great starting points for your assessment. To obtain a complete picture of your organization and learn the solutions that are best, an in-depth assessment will work best.

BACS provides a full spectrum of cybersecurity solution services that starts with understanding your goals, assessing the specific needs of your organization, and then developing an appropriate plan and strategy for your architecture. Our distinction in the industry is that we are a team of cybersecurity experts that are lead organizations on a path of successful IT infrastructure protection.

 

Cybersecurity Strategy

Does Your Cybersecurity Strategy Pass the Test? 5 Improvements You Can Make Today

By | IT Support, Security

Is your cybersecurity strategy capable of protecting your organization’s assets from cyber threats? If you haven’t performed any tests to confirm or deny that inquiry, consider a staggering statistic in a report about cybersecurity published by the ESI ThoughtLab economic consultant firm. From their 2018 survey of several hundred individuals of organizations in 17 countries, the average loss for the surveyed organizations was close to $5 million. As the technical expert on the cybersecurity team, your manager and the decisionmakers in the organization will look to you to ensure that the organization doesn’t contribute to that statistic.

You can easily determine the effectiveness of your organization’s cybersecurity strategy by performing real-life scenarios of your security solutions, response and recovery, and employee awareness. If you determine that improvements are needed, strengthening your cybersecurity plan should be as comprehensive as your financial resources and schedule allow. If you need to make improvements quickly, such as to meet compliance or decisionmaker requirements, make sure you focus on the areas of that are the most vulnerable to a cyberattack.

The following are five ways you can make improvements to your cybersecurity strategy and address key concerns:

1: Apply Basic Cybersecurity Hygiene

2: Fortify Endpoint Protection

3: Implement Remote Access Management Policy and Procedures

4: Enhance Your Skills and Knowledge

5: Increase Employee Awareness

1: Apply Basic Cybersecurity Hygiene

One of the best actions you can make immediately is to confirm that your organization’s cybersecurity plan addresses the basics of protection:

  • Backing up your organization’s data may seem like common knowledge, but it’s a task that companies often overlook. Having a backup is one of the best defenses against a ransomware attack. That is, if you have wisely stored your backup on a different system.
  • Incorporating automation for updates and other common tasks is in line with backups. This task will minimize human intervention that has the potential for error. Consider the 2017 WannaCry ransomware attack that infiltrated computer systems running Microsoft Windows operating system. Once executed, the network worm encrypted the data on the computer and presented a message demanding a ransom. Since Microsoft was aware of the issue and had provided an update to address the attack, it could have been avoided if the update had been applied on the affected systems.
  • Implementing an authentication method that is secondary to passwords will lessen security issues related to employee errors. These will serve as a protective armor for your computer systems. According to a report by Ponemon Institute, weak employee passwords were the source of an attack for 40% of their respondents with an average cost of close to half a billion dollars.
  • Using tools to monitor for and detect cyber threats will enable you to quickly review and, if necessary, respond to any suspicious issues. There are plenty of these tools available on the market. It’s a good idea to evaluate your organization’s needs before making an investment in a tool.

2: Fortify Endpoint Protection

An extension of applying basic cybersecurity hygiene is endpoint protection. According to the 2018-2019 State of Data Security and Privacy published by Forrester Researcher, endpoints account for 70% of data breaches. Endpoint protection refers to methods by which you manage security on the systems that are connected to your organization’s network. Anti-virus software and firewalls (network-based and hosted) are basic methods of protection that are ideal in traditional office settings with only desktop systems. If employees can use personal devices such as laptops and mobile cell phones to connect to the network (inside or outside the organization), you should consider implementing additional protection measures.

The following are three types of advanced endpoint protection tools for you to consider:

  • Next-Generation Antivirus (NGAV) solutions that are event-driven instead of based on files that are stored on an endpoint (traditional virus signature definitions).
  • Endpoint Detection and Response (EDR) tools that are designed to monitor endpoints for suspicious activity and when necessary, automate an action to secure the system.
  • Cyber threat intelligence, which is the result of a multi-step process of collecting, processing, and analyzing raw security data.

3: Implement Remote Access Management Policy and Procedures

Before endpoints in your organization move to locations outside the corporate office, make sure you add policy and procedures. This information, typically provided in document form, is basically a detailed training and informational guide about your expectations of employees when they work in remote locations. The document should also provide the consequences of not following the documented instructions.

Even with remote access management policy and procedures in place, mistakes are still possible (and likely). The following are two important additional steps you can take to enhance remote security:

  1. Implement a multifactor authentication (MFA) to add an additional method of authenticating a user for VPN access. According to a blog post by Lastpass, a provider of login management systems, passwords account for a large percentage of data breaches.
  2. Build and implement a whitelist that includes all the approved applications and contact email addresses that employees can access. Update the list as you deem necessary.

4: Enhance Your Skills and Knowledge

Once you have all the technical aspects of your cybersecurity in place, consider opportunities of advancing your knowledge and skills. As an IT cybersecurity professional, you probably know that your technical skills must continue to evolve to combat the latest cyberattacks. What are those technical skills? According to Infosec, a provider of training for IT professional, the following eight skills are considered the basics for cybersecurity professionals:

  • Intrusion detection
  • Software reverse engineering
  • Analytical skills
  • Risk mitigation
  • Cloud security
  • Incident response
  • Encryption technologies
  • Penetration tasks

Cybersecurity is an important topic to all organizations, so there are numerous courses available online and in person. Many of these courses are fee-based. However, the SANS Institute offers free online cybersecurity courses.  You can also gain knowledge by staying informed. Joining and participating in online security-related communities and signing up for online news is also a good idea.

5: Increase Employee Awareness

Security training is not just for you and the other individuals in the IT department. All employees in the organization should know their responsibility regarding security and understand the potential consequences if they are careless. Unfortunately, there are many examples of how an employee’s negligence resulted in a costly security breach. Most recently, is the cyberattack on Grays Harbor Community Hospital. In that incident, an employee clicked a malicious link to ransomware that spread to computer systems throughout several of the organization’s medical facilities. In addition to the costs associated with the IT department tackling the damage, the organization’s systems were down for an extended period of time, which meant they lost money.

As an IT professional, your manager may task you with creating and implementing an employee cybersecurity training program.

Here are steps to help you create a training program:

  1. Determine who needs the training. At a minimum, security training should include everyone who uses a computer system or device to connect to the corporate network.
  2. Define the scope of the program. Phishing emails, password policies, and personal device protection are the basic topics to cover with employees. You should also consider the types of security attacks that are common for your organization’s industry.
  3. Outline the structure of the training. Developing a program that includes both instructional information and practical experience is a good idea. Cloud-based email management company Mimecast creates entertaining and focused training for their employees.
  4. Establish a timeline for the training. In the beginning, you’ll start with existing employees. You should then work with the Human Resources department to add training to the onboarding process for new employees.
  5. Update the training. The tactics of cybercriminals continue to advance, and so should your training program. Keep an eye out for any security news items that you can alert employees to immediately via email and later add to the training. Also, as you learn more about issues that are specific to your employees, you should add these to the training program.

Getting Started with Your Plan

The tips mentioned above are a good start to making sure that you address the basics of cybersecurity. Note that improving the cybersecurity strategy for your organization will be an ongoing task. Cyber threats will continue to advance, so you must make sure your strategy also advances. It’s likely that you won’t be able to prevent every potential attack that pops up, but at the very minimum, you will be prepared to respond to them and divert any significant damage.

At BACS, our goal is to partner with our customers to develop a cybersecurity infrastructure that is built from a solid foundation according to the organization’s specific needs.  Our team of cybersecurity experts help organizations make the “right” decisions to build an IT security framework that encompasses the full spectrum of an effective cybersecurity strategy: planning, developing, implementing, reviewing, and revising.

 

A Beginner's Guide to Cybersecurity

A Beginner’s Guide to Cybersecurity

By | Security

A cybersecurity guide for IT professionals interested in learning the basics. BACS provides security solutions that help organizations of all sizes implement the best security foundation that fits their needs.

In organizations of all sizes, IT professionals play an important role in implementing and managing cybersecurity. If this is a new role for you, attempting to learn everything at once may seem like a good plan. A better and less daunting approach is to focus on understanding the basics that will prepare you to assist your IT department in the protection of your organization’s assets.

A good place to start your training is to understand the key components of cybersecurity. The National Institute of Standards and Technology (NIST), created by the U.S. Department of Commerce, provides a Cybersecurity Framework for organizations to implement that is based on five functions: Identify, Protect, Detect, Respond, and Recover. The framework is in-depth and comprehensive. Presented below is an abbreviated guide that encapsulates the five functions identified by the NIST.

Understanding cybersecurity consists of grasping the following four basic topics:

1. Cybersecurity Defined

You may hear people refer to cybersecurity in different ways. According to Wikipedia, “cybersecurity is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.” The underlying message of this definition to new IT cybersecurity professionals is simple: learn how to protect your organization’s assets from unknown threats. What are these potential threats? Let’s discuss them next.

2. Types of Security Threats

Cybercriminals use a variety of methods to attack organizations. Learning the tactics that cybercriminals use will help you understand how to implement the best defenses against them.

There are four basic types of threats that you should know:

  • Distributed-Denial-of-Service (DDoS) – Considered the first cyberattack, the Morris worm started as an innocent program designed to determine how many computers were connected to the Internet. The huge number of responses from the computers ended up overloading the target server, the classic sign of a distributed denial-of-service (DDoS) attack. These attacks can be costly (time and money) to recover. In the case of the Morris worm, 72 hours and more than $100,000 was spent to undue its damage.
  • Malware – The term malware is a combination of the words malicious and software to describe an attack using software for malicious purposes. Malware has a long history and continues to advance. According to anti-virus software producer Malwarebytes, the term is used to refer to a variety of attacks. Ransomware, viruses, adware, spyware, trojans, rootkits, and keyloggers are just a few examples. The common thread of these attacks is that they require an action before they can do their misdeed. This action may be an employee clicking a link in an email or downloading software from the Internet onto an organization’s computer. The malicious software can be programmed to do several tasks. For example, it may, unknowing to you, secure a comfy spot on your computer and steal credentials, prevent you from accessing a computer without first remitting a payment, or simply overload your display with annoying ads.
  • Social Engineering – According to Verizon’s 2019 Data Breach Investigation Report, phishing was the number one cause of data breaches. This type of attack can be referred to as a scam to trick someone into providing personal information. It is most often carried out via email but can also come in the form of a text message, instant message, or over the telephone. In an organization, a phishing attack can have a cascading effect and lead to a security breach. If your organization is hit with a phishing attack, it is a good idea to report the incident to the Federal Trade Commission (FTC). Types of social engineering attacks include phishing, vishing, and smishing.
  • Data Theft – Theft can occur from someone outside of the organization that gains access to data by stealing an asset, such as a laptop, or from the inside by someone who has access to personal data. Data theft can ruin a company’s reputation, interrupt normal business operations, or cause a company to shut down immediately.

3. Types of Security Protection

How your organization attempts to prevent the attacks listed above will depend on the systems you employ and your chosen method of security protection. The following are the most common types of security protection and the challenges that are related to them.

  1. Identity Management – This area is associated with how users are identified on the network and how you manage that information. This also addresses how users access the network.
  2. Network Security – This type of protection involves securing a network, including its associated data, email, and wireless connectivity. Among the most common types of network security are firewalls, anti-virus software, behavioral analytics, intrusion prevention systems (IPS) and network segmentation.
  3. Application Security – Protecting the software that your organization uses is critical. At a minimum, this involves making sure that you keep all the applications that your employees use up to date. The main challenge in this area is that applications are constantly being updated, and sometimes updates can cause problems with existing software.
  4. Endpoint Security – This type of security protection involves protecting assets that are remotely connected to your organization’s network. Implementing a Virtual Private Network (VPN) is a good idea, but how you choose to set it up requires some research to understand is best for your organization.
  5. Mobile Security – Mobile devices such as tablets and cell phones are easily portable and allow employees more flexibility with performing their work tasks. The challenge with protecting these systems is that it is impossible to develop a one-size-fits-all security plan when so many different types exist.
  6. Cloud Security – If your organization chooses to offload data to the cloud via a product managed by the organization or a third party, you should still be involved in the security of that virtual data. Data that is stored in the cloud is challenging to protect because you can’t see it and it is usually managed by a third party.
  7. Recovery Management – Your organization should have protection in place that defines the actions that are taken when there is a security incident. The challenge with this type of security protection is being prepared for the unknown.
  8. User Education – Users provide a measure of protection because they are often the first line of entry. Educating users is an important step in your organization’s security protection

4. Best Practices for IT Professionals

An effective security plan will be specific to your organization’s needs. The organization looks for the IT department to make sure that everything is protected. This can seem a bit daunting, but there are some basic best practices that you can do now that will help to create a good defense.

  1. Inventory your organization’s assets.

This should be the first step in your security plan. This consists of tracking all the hardware and software in your organization and noting the employee responsible for each, as well as any specifics such as license expirations. At a very minimum, you could track the assets in a spreadsheet and make updates, as necessary. If your security budget allows, investing in asset tracking software such as UptimePM and Asset Panda can provide additional benefits.

 

  1. Apply patches and updates regularly.

Software improvements are inevitable. When a software provider discovers a security flaw in their product and notifies you about it, make sure you apply the patch as soon as possible. If the provider has discovered it, there’s a good chance that cybercriminals know about it and are looking for organizations that have implemented it so they can take advantage of them.

 

  1. Backup data regularly.

Your security plan should include a method for recovering your data if a security incident occurs. It’s a good idea to create a schedule and back up your most critical data more often than data that is not as essential.  To protect your backup data, it is a good idea to encrypt the data (make sure you store the keys in a safe place) and create multiple copies that are stored using different methods.

 

  1. Contribute to user awareness.

Implementing the security protections and best practices listed above without training employees about cybersecurity is like adding a security system to your home and leaving the front door wide open while you sleep. According to a security awareness training survey conducted by Enterprise Management Associates of more than small to medium-sized 500 organizations, awareness training was not provided by more than half the respondents. Of the business that do provide training, 18% of them do not measure the effectiveness of the training, while 34% had no clue if they measured the effectiveness of the training. Hopefully, your organization has implemented training for employees that teaches them the behaviors to exhibit to protect the organization’s assets. You can contribute to user awareness by setting an example and by sending employees regular messages about security via email to keep security on their minds.

Conclusion

Cybersecurity has become an important aspect of doing business—regardless of size or industry.  Organizations have a lot to consider when it comes to implementing cybersecurity. As an IT professional, you play an important role in the implementation and management of security. Learning about the types of threats and protection and common best practices will equip you with the basic tools you need to help protect your organization’s assets.

Partnering with BACS is a good plan because we have experience assisting organizations of all sizes and needs. We provide security solutions for organizations that get them up and running for the long term. Our solutions are designed to help you obtain the most from your technology so that you can focus on what your organization does best.

 

Choosing the right cyber security vendor

Choosing the Right IT Security Provider

By | Security

IT security today is more complex than ever. More devices, more connections, and more distributed IT environments have helped broaden the threat landscape for organizations of all sizes.  

While businesses understand the importance of building a strong defense, many simply lack the resources and technical expertise needed to effectively combat today’s escalating threats without undercutting other business priorities.  

To help ease this burden, companies are increasingly relying on the skill and expertise of managed service providers (MSPs). By assuming responsibility for daily maintenance and support tasks, MSPs can help you keep your IT operation running efficiently, reliably, and securely while freeing up IT resources to focus on more pressing business initiatives. 

While outsourcing IT security can be an effective business strategy, not all IT providers are created equal. The range of capabilities and types of services offered by today’s MSPs run the gamut. To help ensure an optimum match for your specific needs, it’s important to carefully evaluate your prospective IT provider across several core areas. 

 

Needs-focused

A good IT provider should start by seeking to understand your current security posture, taking into consideration your unique data protection needs, compliance issues, and long-term business goals. How sensitive is the data you manage? What are your current methods of storage and will this change in the future? What are your protocols for data access? This detailed review will help uncover weaknesses or gaps in your security infrastructure. The goal isn’t to sell you a bunch of new technology but to ensure an optimum level of security without sacrificing functionality.  

 

Industry expertise

Ideally, you want to look for an IT provider with experience working in your particular field, especially if you operate in a regulated industry, such as healthcare or banking. As data privacy regulations continue to proliferate, one major challenge is keeping track of new compliance updates and changes. Some data assets require minimal protection while others may require more robust security. Determining the optimum balance is essential. If a provider has limited experience working within your industry, this wouldn’t necessarily exclude them from providing reliable service. However, you’ll want to perform extra due diligence to validate their level of competence and their ability to meet your unique security and compliance needs.

 

Technology-tuned

Today’s cybercriminals are more sophisticated than ever. That’s why it’s critical that your IT provider be up to speed on current and emerging threats as well as the technology needed to combat them. They should be capable of implementing advanced security techniques and practices, including strong access controls, the latest malware protection, and proactive security scanning. You’ll want to make sure the provider you work with can adapt to change and growth and stays on the cutting edge of technology innovation. Your provider should be well-versed in technology planning to help ensure your security strategy is designed, implemented, and managed in a consistent manner.   

 

Solid track record

Your IT provider should be able to provide references and case studies of how they solved security challenges and examples of reliable security service delivery across a variety of IT environments. Active client references provide a good gauge of performance, responsiveness, reliability, and expertise. Customer feedback should provide a view into how the provider operates, and if they are a good match for your organization. Do they understand the business they are protecting? Are they up-to-date with the latest technologies, trends, and potential avenues of attack? Are they inquisitive and aggressive about helping you achieve your business goals and objectives? Can they be your trusted partner?

 

Fast response

You may not work 24 hours a day, but your IT infrastructure never sleeps. That’s why it’s important that your IT provider offers around-the-clock support. Your business demands it. Your service provider should be able to clearly outline and define its response capabilities. What is the expertise level of support staff? What is the standard response time? Will you get immediate help from an expert or will someone call you back? Ideally, your provider should offer an automated process to generate and track tickets and resolve problems from a single dashboard. 

 

Disaster recovery

Finding time to focus on the routine functions of backup and recovery is increasingly difficult in today’s fast-paced business world. That’s where the knowledge and guidance from an outside IT provider can help. As backup and storage processes migrate to the cloud, you’ll want a provider skilled at determining optimum price points, evaluating storage media options, and choosing the best course of action for your unique needs. With today’s flexible managed services offerings, looks for a provider who can integrate the entire process of backup and recovery into a single service. Storage, design, testing, and around-the-clock proactive backup monitoring allow you to keep an eye on performance without having to manage the task yourself.

 

Roadmap planning

Planning for IT security is an ongoing process. Central to this effort is understanding your business goals and the role data, security, and compliance play in supporting those goals. Effective IT security requires a holistic approach that effectively blends proven techniques and practices with advanced technologies. A good IT provider will develop a clear picture of your IT capabilities and prepare a defined action plan to address any infrastructure, performance or compliance gaps. You should be able to rely on the advice and expertise of your provider to assist you with ongoing planning and strategy―continuously looking for ways to save money, improve performance, and leverage technology to support your company’s long-term growth.

 

Gain a performance advantage

Safeguarding your vital IT infrastructure is not just a security concern; it is a fundamental business issue. It requires an intelligent investment in resources to meet an increasingly complex threat landscape. Selecting the right security provider can help ensure the best approach to protecting your vital business assets, mitigating risks, and optimizing your return on investment.