Recommendations for Mitigating Cyber Risks During Russia/Ukraine Conflict

The White House has warned about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed. To prepare, we recommend all organizations implement the following cybersecurity practices as soon as possible.

Improve Network Monitoring at Your Perimeter

Ensure you have visibility for incoming and outgoing traffic with appropriate safeguards.

  • Monitor and consider blocking high-risk outbound network traffic:
    • SSH (TCP 22)
    • MSRPC (TCP 135)
    • SMB (TCP 139, 445)
    • Unsecured LDAP (TCP 389)
    • Secured LDAP (TCP 636)
    • MSSQL (TCP 1433)
    • RDP (TCP/UDP 3389)
    • WinRM (TCP 5985, 5986)
  • Review your WAF configuration and set to blocking mode to mitigate zero-day attacks.
  • Log, correlate, and review events. Focus on threat intelligence, lower alerting thresholds if possible, and be aware of risk patterns associated with Russian actor tactics, techniques, and procedures (TTPs).

Create Contingency Plans to Disconnect High Risk External Connections

Preparedness, control, and proactiveness are key in a successful defense.

  • Inventory any unfiltered VPNs and other vendor/contractor connections. Make sure you have monitoring in place and understand access risks.
  • Limit traffic destinations for high-risk protocols wherever possible (see column to the left).
  • Watch for collateral damage and propagation via automation. NotPetya showed us that poorly monitored and unpatched interconnected systems provide reliable attack surfaces.
  • Perform tabletop exercises to ensure readiness during any disruptive event and at least annually. Ensure all your key resources have current contact information and can support business continuity on short notice.
  • Validate your backup and recovery processes.

Bolster Your Security Awareness Program

Educating end users will lower your risk from malware and social attack vectors.

  • Implement or execute a simulated phishing campaign. These attacks are usually carried out via email but now are frequently delivered via SMS, phone calls, and social
  • media. Ensure your employees are vigilant.
  • Reassess your password standard. Encourage pass phrases and strong passwords: easy to remember, hard to guess. Use a secure password manager to reduce call
  • center events due to users who use complex, hard-to-guess passwords.
  • Implement MFA on any external ingress points. Consider expanding scope to those that don’t store or transmit sensitive information. If they pose a risk by being able to pivot to other systems if compromised, assume the worst.
  • Timely and effective communication is paramount. Consider the human factor: most people are scared during conflicts. You’ll receive the best outcome by keeping your communications simple, actionable, and direct while delivering with calmness.

Improve Your Rigor Around Patching and Update Consistently

Poorly monitored, unpatched assets create additional risk.

  • Ensure your assets are patched and up to date (computer systems, mobile devices, applications, etc.). Automatic updates are strongly encouraged.
  • Ensure your endpoint detection and response agents are active, receiving threat intelligence feeds, and set to protect/block risks.
  • Enable an allow-listing policy on your EDR solution (which files can execute). Recent attacks have showed Russian actors have misused legitimate drivers from trusted vendors, such as EaseUS (Partition Master), to weaponize wiper attacks and in some cases bypass poorly configured or mismanaged EDR/MDR.
  • Look for behavioral evidence or network and host-based artifacts from known Russian state-sponsored TTPs. Table 1 from CISA’s Alert (AA22-011A) lists commonly observed TTPs.

Webinar: Cyber Insurance. And The War On Ransomware.

Cyber insurance is a must-have weapon for all organizations trying to mitigate modern security threats. But the exponential increase in ransomware has created an industry chain reaction – Insurance providers are leaving the market, premiums are on the rise, more security controls are being required, and organizations are left scrambling.

Prepare For The War On Ransomware

In this executive panel discussion, you’ll get actionable advice directly from an industry-leading cyber insurance provider as well as the technology/solution providers actively fighting the war on ransomware. View the full webinar here

What You’ll Learn:

  • The rise of ransomware and industry chain reaction
  • The role of cyber insurance in incident response plans
  • Evaluating your current policy (Good? Bad? Or Ugly?)
  • The increasing controls insurance providers are requiring
  • How business and IT leaders must partner together

Google Chrome Zero-Day Vulnerability Affects Billions, Here Is How To Fix It

Google Chrome Zero-Day Exploit

This Forbes article has all the up to date information on the zero-day vulnerability.

Earlier this month Google issued a warning on its official blog, revealing a new zero-day flaw on Windows, macOS, and Linux. Google is currently restricting information about the exploit to try and buy time for users to update their browser.

What makes this vulnerability more dangerous than others is that the number of users this can affect and it’s a zero-day flaw, meaning, the vulnerability is known to the threat actors before Google could fix it which makes every Chrome user vulnerable.

What You Can Do

Google has released an emergency update for Chrome and Edge to patch the vulnerability. Follow these steps to update your browser ASAP.

For Google Chrome:

  1. Open a Chrome browser and click the 3 dots in the upper right corner
  2. Click “Help”
  3. Click “About Chrome” this will open a new page and the update Version 99.0.4844.84 should begin automatically
  4. Once the update is complete click “refresh browser”

For Microsoft Edge:

  1. Open an Edge browser and click the 3 dots in the upper right corner
  2. Click “Help and Feedback”
  3. Click “About edge” this will open a new page and the update Version 99.0.1150.55 should begin automatically
  4. Once the update is complete restart your browser

ISG Technology Recognized on CRN’s 2022 Tech Elite 250 List

Overland Park, KS, March 8, 2022 — ISG Technology, today announced that CRN®, a brand of The Channel Company, will feature ISGTechnology on its 2022 Tech Elite 250 list. This list recognizes solution providers across the U.S. and Canada that have earned the highest level of technical certifications from leading technology suppliers such as Hewlett Packard Enterprise, Dell Technologies, Cisco and more. Companies chosen for the Tech Elite 250 list have distinguished themselves as dedicated and passionate solution providers willing to go above and beyond for their customers by ensuring they have the training and technical know-how necessary to provide expert-level service.

These solution providers know their customers depend on their training and expertise to help them overcome today’s IT challenges and achieve full digital transformation across the enterprise. In order to provide that expert service and care, solution providers must maintain consistently high levels of training and certification from IT vendors and achieve the highest tiers within those vendors’ partner programs.

“We continue to see increasing demand for our managed services, especially our managed security offering.” “Unfortunately, too many companies are experiencing breaches and then getting ahold of us to remediate the situation. It’s keeping our incident response team busy, but we’d prefer to help companies get proactive with their cybersecurity efforts and their overall IT operations.”

Jon Bierman, COO of ISG Technology

“CRN’s annual Tech Elite 250 list recognizes solution providers that have earned top-level certifications from key technology suppliers and proven their ability to consistently meet the high standards of their customers and partners, Solution providers featured on this list have maintained a consistent focus on innovation and have built a comprehensive understanding of the ever-evolving technologies and practices that enable ongoing success in the IT channel. We’re proud to honor them in this manner.”

Blaine Raddon, CEO of The Channel Company

Coverage of the Tech Elite 250 will be featured in the April issue of CRN Magazine and online at www.CRN.com/techelite250.

About ISG Technology

ISG Technology helps organizations unlock possibilities so they can realize their full business potential. They do it by providing a unique combination of managed IT services, technology consulting, professional services, and cloud/data center solutions.

Part of the Twin Valley Family of Companies and a fourth-generation family business, ISG Technology has grown and evolved into the recognized leader in the Midwest by aligning its success with the long-term success of its clients. They are consistently recognized in CRN’s Top IT Providers in the nation, most recently as part of the Tech Elite 150 for excellence in managed IT services.

ISG is headquartered in Overland Park, KS, with 8 locations across the Midwest including a regional network of SOC II Certified data centers. For more information please contact Scott Strickler, Director of Marketing, ISG Technology, 913-826-6058.

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

© 2022 The Channel Company LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.

The Channel Company Contact:

Jennifer Hogan

The Channel Company

jhogan@thechannelcompany.com

ISG Technology Recognized on CRN’s 2022 MSP 500 List

Overland Park, KS, February 14, 2022 — ISG Technology, announced today that CRN®, a brand of The Channel Company, has named ISG Technology to its Managed Service Provider (MSP) 500 list in the Security category for 2022. CRN’s annual MSP 500 list identifies the leading service providers in North America whose forward-thinking approaches to managed services are changing the landscape of the IT channel, helping end users increase efficiency and simplify IT solutions, while maximizing their return on investment.

With many customers still recovering from the impact of the ongoing pandemic, MSPs have become a vital part of the success of businesses worldwide. MSPs not only empower organizations to leverage intricate technologies but also help them keep a strict focus on their core business goals without straining their budgets.

The annual MSP 500 list is divided into three sections: the MSP Pioneer 250, recognizing companies with business models weighted toward managed services and largely focused on the SMB market; the MSP Elite 150, recognizing large, data center-focused MSPs with a strong mix of on- and off-premises services; and the Managed Security 100, recognizing MSPs focused primarily on off-premises and cloud-based security services.

ISG Technology continues to be a fixture in this group of IT solution providers serving clients in the Midwest and across the nation with its IT ConsultingProfessional ServicesManaged Services, and its SOC2 audited data centers. The company was also recognized on CRN’s 2021 MSP 500 list last year in the Elite 150 category for their excellence in providing managed services to the mid-market.

“We continue to see increasing demand for our managed services, especially our managed security offering.” “Unfortunately, too many companies are experiencing breaches and then getting ahold of us to remediate the situation. It’s keeping our incident response team busy, but we’d prefer to help companies get proactive with their cybersecurity efforts and their overall IT operations.”

Jon Bierman, COO of ISG Technology

“In addition to having to adjust their own business operations to account for the changed conditions during the pandemic, MSPs have also seen increased demand for their managed communications, collaboration and security services.” “The solution providers on our 2022 MSP 500 list deserve credit for their innovative and game-changing approaches to managed services in these unpredictable times, as well as their ability to optimize operational efficiencies and systems without straining IT budgets.”

Blaine Raddon, CEO of The Channel Company

The MSP 500 list will be featured in the February 2022 issue of CRN and online at www.crn.com/msp500.

About ISG Technology

ISG Technology helps organizations unlock possibilities so they can realize their full business potential. They do it by providing a unique combination of managed IT services, technology consulting, professional services, and cloud/data center solutions.

Part of the Twin Valley Family of Companies and a fourth-generation family business, ISG Technology has grown and evolved into the recognized leader in the Midwest by aligning its success with the long-term success of its clients. They are consistently recognized in CRN’s Top IT Providers in the nation, most recently as part of the Tech Elite 150 for excellence in managed IT services.

ISG is headquartered in Overland Park, KS, with 8 locations across the Midwest including a regional network of SOC II Certified data centers. For more information please contact Scott Strickler, Director of Marketing, ISG Technology, 913-826-6058.

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

© 2022 The Channel Company LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.

The Channel Company Contact:

Jennifer Hogan

The Channel Company

jhogan@thechannelcompany.com

Twin Valley & SKT to Help Boost Kansas Tech Industry FlagshipKansas.Tech Announces Board of Directors, Officers

For immediate release

WICHITA, Kan. (January 7, 2022) — In its commitment to lift up Kansas’ powerhouse technology industry, FlagshipKansas.Tech has appointed three new members and a slate of new officers to its board of directors. Among the new board members is Megan Harper, manager of marketing and sales for Twin Valley and SKT, the state’s largest independent broadband and communications company. She joins technology industry leaders in furthering the nonprofit’s mission to raise awareness, attract and retain technology talent, and support technology workforce training and education initiatives in the state.

“Supporting technology companies, tech innovation, and education is vital in elevating our state’s profile to attract and retain businesses and creating a next generation workforce,” Harper said. “Twin Valley and SKT have been advocating for cutting-edge communications and connectivity in rural Kansas for more than 75 years, giving individuals, businesses, and communities the tools to succeed in a digital world. Supporting FlagshipKansas.Tech’s mission is an important part of fulfilling our Pledge to create meaningful community outreach initiatives on a broader scale.”

Technology companies continue to find themselves accelerating to meet current market needs and position themselves for the future. According to CompTIA, the tech industry makes a

$10 billion impact on the Kansas economy, and FlagshipKansas.Tech looks to gain even more momentum to help propel the industry forward in 2022.

In addition to Harper, Rick Ehresman, President of Spectrum, Inc., and Scott Sproul, President and CEO of Northwest Kansas Economic Innovation Center, Inc., have also joined the FlagshipKansas.Tech board of directors. Each will serve an initial three-year term.

FlagshipKansas.Tech 2022 board officers will include:

  • Chair – Luis Rodriguez, President of Keycentrix
  • Vice-Chair – Ben Sebree, Vice President of R&D and Technology for Civic Plus
  • Treasurer – Amanda Duncan, Vice President & Chief Development Officer for Workforce Alliance of South Central Kansas
  • Secretary – Rick Ehresman, President of Spectrum, Inc.

“We, of course, love to help attract new tech companies to Kansas, but we are even more eager to champion the amazing technology companies that are already here,” said Luis Rodriguez, President of Keycentrix and FlagshipKansas.Tech Board Chair. “Our state is a place where tech companies can thrive. We will do all we can to support the growth of technology companies in Kansas.”

“The diverse experience from our new board members will enhance our commitment to amplifying Kansas as a top priority for tech companies, talent, and education,” said Ashley Scheideman, Executive Director of FlagshipKansas.Tech. “I look forward to our board members contributing their leadership gifts and ability to get the job done to help Kansas technology reach new heights in 2022,” Rodriguez added.

About FlagshipKansas.Tech

FlagshipKansas.Tech raises awareness, attracts and retains technology talent, and supports technology workforce training and education initiatives in Kansas. Those interested in learning more about FlagshipKansas.Tech’s mission, membership, and/or collaboration opportunities can contact Executive Director Ashley Scheideman at ashley@flagshipkansas.tech or (316) 469- 6800. The FlagshipKansas.Tech office is located in Suite 351 of Groover Labs, 334 N. St. Francis Avenue, Wichita.

About the Twin Valley Family of Companies

Twin Valley is a fourth-generation family business that has 75 years of experience providing cutting-edge technology and connectivity throughout the central U.S. Together with ISG Technology and SKT, Twin Valley helps customers unlock possibilities to realize their full potential by providing a unique combination of broadband, managed IT services, technology consulting, professional services, and cloud/data center solutions for both residential and business. Twin Valley and SKT are committed to providing customers and communities with the most reliable broadband network, internet options at the best value, quality hometown customer service, and meaningful community outreach initiatives. Learn more at twinvalley.net, SKTC.net, and isgtech.com.

12 Days of Chri… We Mean Cybersecurity

12 Days of Cybersecurity

The holidays are a time for celebration and spending time with family and friends. But they can also be a time when your cybersecurity is put to the test.  During the holiday season, small and medium-sized businesses are often a target for cybercriminals, as they may be less likely to have robust cybersecurity measures in place than larger businesses.

Cybercriminals may attempt to steal sensitive information such as customer data or financial information or to infect devices with malware that can be used to launch future attacks.

Through the 12 Days of Cybersecurity, we will cover 12 different cybersecurity areas that, when properly secured, will help make your holidays a little more secure.

1. Vulnerability Testing

The first tip for keeping your business safe is to do a PEN test or vulnerability scan.  A PEN test helps you understand how vulnerable your systems are by having a third-party attempt to penetrate your systems from outside your network and from within. This will tell you how well your security system is working. A vulnerability scan tests for specific vulnerabilities in your network, making changes to what you need to be fixed.

Remember, security is a journey. There is no magic bullet when it comes to security. It takes a combination of strong security measures, vigilance, and ongoing education to keep your business safe from cybercrime.

Cybercriminals are continually getting smarter and coming up with new ways to exploit vulnerabilities in systems. As a business owner, it is important to be proactive and continually update your security measures to stay ahead of these threats.

2. Network patching

According to a recent study, 60% of security incidents could have been prevented if a patch had been applied. This is because many security vulnerabilities are fixed with patches, which are small software updates that fix the security holes.

However, many businesses do not apply these patches, as they can be time-consuming and can sometimes cause compatibility issues. Businesses need to be sure to apply these patches in a timely manner, as leaving them unpatched can leave your systems vulnerable to attack.

Additionally, make sure you have a system in place for testing patches before you apply them to your live systems. This will help to mitigate any potential issues that may arise from the patch.

3. Managed Firewalls

One of the most important aspects of cybersecurity is keeping your systems and devices up to date and configured properly. This means regularly applying patches, using strong passwords, and avoiding malware. To help make this happen, businesses are using next-generation firewalls (NGFWs).

While NGFWs have quite a few similarities to traditional firewalls, they can block malware from entering a network, something that a traditional firewall is unable to do. If your business is looking for a low-cost option that will boost your basic security, an NGFW is the way to go.

By keeping your systems and devices up to date and properly configured, you can help reduce the risk of a cyberattack or data breach.

4. Multi-factor Authentication

One of the most important steps businesses can take to protect themselves from cybercrime is to implement multi-factor authentication (MFA). MFA is a security measure that requires more than one form of identification to access a system or account.

This can include things such as a password, a pin number, a security token, or biometric verification. MFAs and 2FAs can be as simple as a one-time password sent to a mobile device but can be incredibly effective. A study by Microsoft found that Two-Factor Authentication (2FA) can block up to 99.9% of automated attacks.

Businesses should consider using MFA to protect their online accounts, such as email and social media accounts, as well as their networks and systems. Additionally, MFA can be used to protect cloud-based applications and data.

5. Employee Awareness

Cybercriminals often use email as a means of delivering malware and stealing data. Phishing emails can trick unsuspecting victims into giving up sensitive information by pretending to be from a trusted source.

It is important to provide employees with training on how to recognize phishing emails, as well as other cybersecurity threats, in order to minimize the risk of a cyberattack on your business.

We recommend running phishing campaigns on your network periodically to train people who click, turning them from a liability into a human firewall.

6. Email Security

Email security is one of the most important aspects of cybersecurity. In fact, according to a recent study, 90% of attacks happen as a result of employees clicking on emails. This makes employee education and awareness training imperative to reducing the risk of falling victim to phishing emails.

Emails that contain malware, viruses, or ransomware can infect your computer networks and devices. This can give cybercriminals backdoor access to your systems, data, and other critical information.

By having email security tools in place, you’ll be able to filter out malicious emails before they have a chance to get the best of one of your employees. 

7. End-User Protection

No matter how well-protected you, your employees, and your data are, it can all come crumbling down with one click from end-users. By and large, end-users are every organization’s greatest security liability and have the potential to turn your business into the next cybersecurity headline. 

If your end-users are not protected, they can easily become infected with malware and other viruses. This can leave your business vulnerable to cyberattacks and data breaches.

Businesses need to have a comprehensive security solution in place that includes DNS/Web Security and endpoint protection. DNS/Web Security helps to stop threats before they happen, while endpoint protection helps to protect users if they do get infected.

By including both DNS/Web Security and endpoint protection in your security solution, you can help keep your end-users safe from cybercrime.

8. Combine AI with Security Experts

So, you’ve got the basic layers of protection in place: A firewall, antivirus, web and email security, etc. Now what?  Technology tools, while a great first step, is not the end of your security journey. Once the tools are in place, you will find the result to be an influx of alerts.  A lot of alerts. While admittedly helpful, they can be problematic as well.

The next level of protection to consider is implementing a Security Information and Event Management (SIEM), in combination with a team of security experts. A SIEM provides real-time analysis of security alerts generated by applications and network hardware and monitors for threats and possible problems. 

Combined with a  team of security experts trained to know what alerts are most important, they can focus their attention on the threats that matter most to your organization. The presence of a SIEM in your business enables in-depth analyses of threats in order to create best practices in real-time in order to prevent problems before they happen.

9. 24×7 Monitoring

While businesses may take a break during the holiday season, cybercriminals do not. In fact, they may be working even harder to steal data and infect systems. This is why it is important to have a comprehensive security solution in place that includes 24×7 monitoring.

A Security Operations Center (SOC) can provide round-the-clock monitoring of your systems and networks for threats. This allows you to detect and respond to threats quickly and effectively.

Additionally, having a SOC can help you to mitigate the risk of a data breach or cyberattack.

The best way to protect your business from cybercrime is to partner with a SOC that has the experience and expertise to keep your systems safe.

10. Incident Response

No business is safe from cybercrime. In fact, even the most resilient businesses can still be hacked. The best way to protect your business is to have a comprehensive security solution in place that includes incident response planning.

If you do experience a cyberattack, it is important to have a plan in place so that you can respond quickly and effectively. This plan should include the steps that need to be taken in order for your business to recover.

It is also important to have a team of experts who can help you during an incident. A team of cybersecurity professionals can help you to mitigate the damage caused by a cyberattack and help you to get your business back up and running.

11. Data Backup

Another important aspect of cybersecurity is backups. If you don’t have backups, your business can be easily devastated in the event of a data breach or cyberattack.

It is important to make sure that your backups are air-gapped from your network. This helps to ensure that they are not compromised.

Additionally, you should make sure that your backups are stored in a secure location. This helps to protect them from cybercriminals.

12. Cyber Insurance

Cyber insurance is a type of insurance policy that helps to protect businesses from data breaches and cyberattacks. It can help to cover the costs associated with these incidents, including the costs of repairing the damage done, hiring experts to help with the recovery process, and paying for credit monitoring services for affected employees.

Cyber insurance is becoming increasingly important as the number of cyberattacks continues to rise. Businesses that do not have cyber insurance are at a higher risk for data breaches and other types of cybercrime.

It is important that you do your research when it comes to cyber insurance. This will ensure that you are not stuck with insurance that dictates what you should do in the event of an attack.

… And a Great Managed Service Provider Team

The holiday season is a time when many businesses take a break. However, cybercriminals do not take a break and continue to work hard to steal data and infect systems.

No business is safe from a cyberattack or data breach, which is why protecting your business is important for the future of your company. If you are not sure where to start, it is important to partner with an award-winning IT Company that provides Managed Cybersecurity that can help you to protect your business from cybercrime.

Log4J – What it is. And What You Need to Know.

What is Log4J?

Log4j2, also known as Log4Shell, is a vulnerability that exploits Apache Log4j – a free, open source software that provides logging functionality, debugging and other mundane functions most people don’t think about.

On December 10th, the National Institute of Standards and Technology (NIST) issued cyber security alert CVE-2021-44228 giving it a “10.0 Critical” severity rating. If exploited, bad actors can completely take over a server running Log4J, steal money, data, etc. via Remote Code Execution (RCE).

How Widespread is the Log4j Vulnerability?

Because of its reliability and flexibility, Log4j is used by thousands of websites and applications across the world. Companies like VMware, Microsoft, Cisco and others are evaluating various product sets to determine the extent of the exposure. One thing we do know, is the challenge is worldwide and it affects companies of all sizes.

A list of known Log4j related softwares has been published on Github to help identify where you may have vulnerabilities. Important to note is that the risk of exploitation applies to public devices and applications.

What is being done?

The Apache Software Foundation has issued patch revision 2.16 which disables some underlying code within Log4j 2 that allows exploitation. But with the widespread nature of the framework/applet it is not yet know how many systems, appliances, and software applications are affected.

ISG Technology is actively working with our vendors and partners to identify any potential exposure that may exist within our customer base. We are also scanning our systems and the customer systems which we manage to find and address Log4j vulnerabilities. If you have any questions, please reach out to your ISG representative or Contact Us to schedule a meeting.

What can you do to protect yourself?

Apply the Patch – The first thing to do is apply the Log4j patch if the application allows for it. Please note that most vendors/manufacturers will need to provide unique patches for their specific applications. And, just like any patch, this can cause downstream issues. So, make sure to check any connected systems to ensure they are fully operational after the patch.

Scan Your Systems – There are a handful of ways to scan your systems for this vulnerability. If you’d like help doing this, reach out to your ISG representative or Contact Us to schedule a meeting.

A Beginner’s Guide to VPNs: What are They, and How Can They Help My Business?

The onset of the Covid-19 pandemic meant a rapid shift to remote-based work environments for many organizations worldwide. However, while the explosion of remote work accelerated many companies’ digital transformation, it also brought new cybersecurity risks and threats. 

Produced in Partnership with VMWare

Luckily, with the help of tools like Virtual Private Networks (VPNs), businesses can keep their data secure while allowing their remote workers to connect to internal servers without creating a security breach.

What Is a VPN?

A VPN is an app that allows internet users to connect to a network or transfer information securely through end-to-end encryption. It allows the organization to send their data from one computer or server to another through a shared network. 

A VPN renders the data passing through the network untraceable and unreadable to bad actors or third parties who may attempt to steal confidential information. Users can also create what appears to be a new IP address, which can help them get around location restrictions and other problems.

How Can a VPN Benefit Your Company?

VPNs are relatively simple, but the work they do is complicated. If your company or business is not already using a VPN service, it is time to consider getting one. Due to the pandemic, most small and medium-sized businesses have begun using VPNs to connect with their employees who work in remote locations. 

But that is not all a VPN can do. Here are more benefits a business can get from using a VPN.

  • Guaranteed data security
  • User and online anonymity
  • Geographic independence
  • Cheaper long-distance telephone charges
  • Improved network efficiency

What Are Some of the Disadvantages of Using A VPN?

As much as VPNs are great, they also have their limitations. Here are some of the drawbacks of using a VPN service:

  • May limit your internet speed
  • Premium VPNs can be expensive
  • Cheap or free VPNs are prone to attack as they are not secure
  • Can’t access data saved on the computer if it’s not connected to the VPN
  • Illegal in some countries

How Businesses Can Protect Themselves From Cyber Attacks

Produced in Partnership with VMWare

VPNs are excellent tools for small businesses as it lets them access their private network securely from remote locations. However, it is essential to consider more security measures, as you are still on the internet. Here are some tips businesses can consider to further protect their network from cyberattacks.

  • Establish strong passwords
  • Put up a strong firewall
  • Install antivirus protection
  • Enable two factor or multi-factor authentications
  • Regular data backup
  • Provide employee security training
  • Work with a trusted managed IT services provider

Secure Your Business Today

The benefits of using a VPN as a business are undeniably substantial. However, depending on the VPN you use, you might have some trouble setting it up. 

ISG Technology is a leading Managed IT services provider with world-class IT experts who have extensive experience helping businesses protect their remote employees and their data by installing secure VPNs. 

Get managed backup, data recovery, and cloud services from ISG for comprehensive protection at an affordable price. Contact us today to learn more about how ISG Technology can help your business thrive.

Produced in Partnership with VMWare

Employee Security Tips That All Businesses Should Use

Effective workplace security is becoming more and more critical. With news of increased ransomware attacks dominating headlines, the threat couldn’t be clearer. The majority of the most devastating hacks in recent memory couldn’t have happened without negligent or ill-informed employees.

The two most common attack methods used by ransomware bad actors are phishing attacks and brute force hacking carried out against RDP services. Why? Because they work—by targeting the weakest links in a cybersecurity perimeter, bad actors can gain access to systems and data far more easily than if they go after vulnerabilities in software.

Educating your employees about the kinds of threats they face gives you a better chance of avoiding these expensive and disruptive events. Here are some practical tips to increase employee awareness—and data security.

  1. Learn How to Identify Phishing Attacks

Phishing attacks are typically emails that seem to be from a legitimate source. The email might ask for “verification” of sensitive information or include some sort of “software update” that the recipient is urged to install right away. Teaching your employees how to recognize the signs of a phishing attempt may be the best first line of defense in keeping your data secure

Here are some more things to be aware of:

Misspelled Words, Mangled Grammar, Nonspecific Salutation Lines

If you receive an email that contains language that doesn’t seem right, that’s a sign it could be a phishing attack. If an email sent to you opens with “Valued Customer” or some other generic form of address, that’s another big warning sign.

Always Check Links

Hover over links in email messages to be sure they’re pointed to where they claim to be. The domain in the text of the email should match the domain of the link in the preview. If it doesn’t? Don’t click it.

Requests For Usernames, Passwords, or Other Sensitive Information 

It’s unlikely that anyone would legitimately ask for this information via email. If you receive a request like this, call your IT department for more information.

Be Wary Of Attachments

Scan every attachment you get for viruses, and never open an attachment with a file extension you don’t recognize.

If you want the highest quality of cybersecurity education for your employees, invest in managed IT services that can ensure thorough employee security training.

Use Unique, “Fresh” Passwords

Passwords should never be used more than once and should be changed every 90 days at a minimum.

Some useful tips about passwords:

  • The best passwords contain 12-15 characters and use a variety of letters, numbers, and symbols.
  • Length is the most important factor in password creation. A password using all lowercase letters will suffice if it is long enough.
  • Use a phrase or a short sentence for you to remember, but not one from pop culture. A good example could be “ilovepepperonipizza”.

Better yet, use a password manager that can store passwords safely in an encrypted vault and only require you to have a master password.

Avoid Single Factor Authentication

99.9% of compromised user accounts fail to use Two or Multi-Factor Authentication. 2FA or MFA is a must for secure logins.

While this might sound fancy, MFA or 2FA will usually send a code or request to a secondary device. Once you authenticate access on that device, you’re good to go.

Separate Business and Personal Devices

Keep personal devices off of your business network, or use a VPN to ensure files can be accessed securely by remote workers. Allowing employees to access your network from potentially compromised personal devices is asking for trouble.

And while it may be tempting to use your work devices for personal means (e.g. social media, gaming, and online shopping), designate those activities to your personal devices.

Be Cautious About Wifi Connections

It’s well-known that public hot spots aren’t secure, but it’s worth saying again. While it may be tempting to get some work done at the airport or a coffee shop, those connections will leave your online activity viewable to anyone looking.

Similarly, some stores or public locations will use Wi-Fi or Bluetooth connections to track your location while within range. When not in use, turn off Bluetooth and Wi-Fi so that you aren’t automatically connected unknowingly.

If your job means traveling and using public Wi-Fi, invest in a VPN to make your connection more secure.

Keep a Clean Machine

One of the best ways to keep your device secure is by staying on top of what’s on it. This can be done in two ways: keeping all applications and software up-to-date, and deleting old or unused applications periodically.

Having an up-to-date device is a great defense against viruses, malware, and other online threats.

Use Encryption

Encrypting devices is widely recognized as one of the best steps you can take to ensure data security—so much so that device encryption has been a default feature on Android devices since Android 6, and Apple devices since iOS 8. 

For Windows, use BitLocker, for macOS use FileVault, and on Linux use something like dm-crypt.

Final Thoughts

IT security isn’t something to be taken lightly, and having reliable cybersecurity training isn’t something that can wait. Good security relies on well-trained and knowledgeable professionals, making your IT support team one of your most valuable assets.

If you’re looking for high-level IT security professionals, ISG Technology can help. Our team of expert technicians is more than capable of keeping your network secure, and your data safe.

Want to learn more? Contact us today.