Secure RPC: The Windows Server Vulnerability You Must Address Before February 9th

Earlier in 2020, a security bug was discovered in Microsoft Windows Systems that the US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency order to all federal departments to address the issue. In this article, we’ll help you understand why this vulnerability warrants emergency status, the potential impact to your business and what you can do to avoid issues when February 9th rolls around.

Secure RPC Overview

In August Microsoft patched a very interesting vulnerability that would allow an attacker with a foothold on your internal network to essentially become Domain Admin with one click. This is according to security firm, Secura, which discovered the bug. All that is required is for a connection to the Domain Controller to be possible from the attacker’s viewpoint.
Since then, IT administrators have been urged to prioritize the installation of this security patch for Windows Server. In September, Microsoft reported that it is seeing the vulnerability exploited by hackers.

Fixing the Vulnerability

Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.

Phase 1 – Initial Deployment Phase (Began in August 11, 2020)
In August, Microsoft released the first phase of a two-phase fix to force secure RPC with Netlogon.

Phase 2 – Enforcement Phase (Begins February 9, 2020)
The second phase activates an enforcement mode. “The DCs will now be in enforcement mode regardless of the enforcement mode registry key. This requires all Windows and non-Windows devices to use secure RPC with Netlogon secure channel or explicitly allow the account by adding an exception for the non-compliant device.” Specifically, the policy will;

  • Enforce secure RPC usage for machine accounts on Windows-based devices.
  • Enforce secure RPC usage for trust accounts.
  • Enforce secure RPC usage for all Windows and non-Windows DCs.

How Can This Impact My Business?

Devices that are non-compliant with secure RPC will not be able to connect to the domain. This will include any non-supported Microsoft operating systems including Server 2003, 2008, 2008r2, W7.

This will also include Non-Windows devices that connect to Microsoft Active Directory Domain Services such as Storage Area Network/Network Attached Storage devices, Linux Operating Systems and non-Windows based products that do not support connecting via Secured RPC connection.

Devices that cannot connect to a patched Microsoft Active Directory Domain Controller will not be able to authenticate with or share resources with any Microsoft Active Directory domain that has been patched.

Examples could include the inability to connect to a file server or get security settings from the domain or login network devices such as switches and routers that use Microsoft Active Directory Domain controllers for AAA/Radius Authentication.

What Should I Do?

The critical nature of this vulnerability warrants that action be taken. Here are the four steps to take:

Assess the Situation
Review the information within this article and the resources listed below to fully understand the issue.

Identify & Plan
Identify the devices that are not compliant within your environment and develop a plan.

Address the Issues
Replace non-compliant devices or follow the Microsoft options to allow non-secure RPC.

Seek Advice
If you need any assistance, contact us and we’ll help ensure you’re covered.

Resources

DHS Emergency Directive
Mitigate Netlogon Elevation of Privilege Vulnerability from August 2020 Patch Tuesday

Microsoft Resources
How to manage the changes in Netlogon secure channel connections
Netlogon Elevation of Privilege Vulnerability

Other Resources / Overviews
Admins urged to patch Windows Server immediately to close vulnerability
Zerologon (CVE-2020-1472): Critical Active Directory Vulnerability

Overcoming Alert Fatigue

The major challenge in cybersecurity protection isn’t the lack of capable tools. It’s actually the human element. Cybersecurity teams experience alert fatigue, which hinders their ability to deal with threats.

Modern threat protection solutions generate many alerts, but not all received alerts pose threats. According to a study by McAfee, over 40% of IT experts say the majority of alerts lack actionable insights. Differentiating between the real threats and false ones can be a challenge.

The overwhelming number of alerts cause ‘alert fatigue,’ something that many IT personnel find hard to cope with. This is why many alerts end up being ignored.

Why Do IT Security Professionals Ignore Alerts?

With enterprises recording over 2 billion transactions monthly, lots of unnecessary alerts occur in the process. This huge number of alerts tend to be overwhelming. Due to a large number of false positives, 31.9% of IT experts said that the high frequency of alerts lead to some of them being ignored, according to McAfee.

While many of the alerts may be benign, ignoring them can be detrimental to any business. A 2014 data breach at Target cost $252 million. The IT personnel admitted to having seen the alert, but they ignored it because of the large number of false alerts.

How to Overcome Alert Fatigue

In a 2020 survey, 99% of IT professionals complained that high volumes of alerts made work harder. These alarming statistics show that despite having high-end solutions, your IT environment isn’t secure yet. As long security professionals experience alert fatigue, they’ll always ignore some alerts.

Successful cyber attacks and data breaches can lead to a diminished brand reputation, loss of customers, and huge financial losses. Overcoming alert fatigue is an important aspect of your security. Here are a few ways to do it.

Automating the Security Stack

To effectively minimize the risk of ignored alerts, you should look for automated solutions. They provide real-time analysis of security threats and help differentiate between high- and low-risk alerts. With automated solutions, it will be easier to detect and solve threats in real-time.

66% of teams that use high levels of automation in their IT resolve threats the same day. Those with low levels of automation find it hard to deal with security threats. 94% of IT teams say automation is the best method when faced with high-frequency alerts. 

Cloud Monitoring

Since most of the transactions that send alerts are in the cloud, there is a need for real-time cloud monitoring. As more businesses adopt cloud services and applications, more hackers will seek to occupy that gap.

With cloud monitoring, it’s easier to detect threats that might lead to attacks. You can easily detect the source of the attack, contain the damage, and prepare for similar attacks in the future.

Follow a Security Framework

A cybersecurity framework acts as the blueprint to a safe business. Depending on your business, you should have a security framework for data protection and compliance. At ISG, we follow the NIST Security Framework, which consists of 5 elements:

  • Identification

The first step should be to identify the potential risk facing your business. This involves classifying risks from high to low.

  • Detection

You should always monitor your systems so you can detect any vulnerabilities and threats.

  • Protection

You need to invest in the right protective technologies. This includes system patching and employee training.

  • Response

How do you respond to threats? Ideally, you should have a plan to evaluate and mitigate security breaches and a way to communicate with customers and staff.

  • Recovery

After an event, you’ll need to build your business back up with a recovery plan, including contingency plans.

Working With an IT Managed Service Provider to Overcome Alert Fatigue

Today’s attackers are smart, capable, and adaptable. That’s why, even with high-end solutions, detecting threats is a challenge. 

There are many tools that should be a part of your multi-layered cybersecurity approach, but they aren’t always enough on their own. You shouldn’t neglect the human element of cybersecurity.

If you’re concerned about alert fatigue with your IT team, or your cybersecurity posture in general, consider consulting with our IT professionals. We can help you identify where your systems and security can be strengthened and how to solve any IT problems you may be facing, including alert fatigue.

The Role of Firewalls in Defending Your Data

A firewall is an essential part of your cybersecurity. It serves an integral part in your organization’s defense against threats and cyber attacks.

A firewall protects many vulnerable programs on your systems. It forms one of the crucial layers in a company’s layered security strategy. If you want a layered security architecture, you need a stable firewall.

Besides the firewall, your layered security should also include the following;

  • Regular assessments
  • Endpoint protection
  • Employee training and awareness
  • Web and email filtering
  • User access control
  • Patch management
  • Data backups

These elements constitute multi-layer cybersecurity. With these multiple security layers, your risk of a security breach is minimized.

What is a Firewall?

A firewall is a security firmware or software that forms a barrier between networks to allow and block certain traffic. It inspects traffic so that it can block threats that might harm your systems.

Firewalls are designed to authorize low-risk traffic that might not harm your network. If it detects harmful traffic, either from a virus or a hacker trying to gain entry, it blocks it immediately.

Just like a guard in your gates, a firewall prevents what’s coming in and going out. It uses pre-set commands to filter suspicious and unsecured sources. It guards traffic from a computer’s entry point.

Why is a Firewall Important?

It is vital to have a stable and reliable firewall in your company’s network. It plays a crucial role in protecting it from intruders. Ideally, it acts as a guard to your perimeter, performing the following tasks:

Preventing Hacks

With businesses taking a digital approach, hacking activities continue to rise significantly. A firewall defends you from unauthorized connections, potentially from hackers. Firewalls have become an essential part of any company that wants to protect its data. It can deter a hacker from accessing your network entirely.

Monitoring Network Traffic

A firewall monitors traffic at all times to safeguard your network. Your IT team can rely on the information gained from continuous monitoring to create advanced security layers.

Promoting Privacy

Since firewalls proactively keep your network safe, they promote brand reputation. Clients know they can trust your company with their data since all systems are secure and inaccessible by hackers. With a strong firewall, no data can be stolen whatsoever.

Different Types of Firewalls

There are multiple types of firewalls that help block malicious traffic, including proxy service, stateful inspection, and packet filtering. These firewalls limit network entry based on different criteria. Each has their own advantages and disadvantages, which is why firewall technology has produced something more well-rounded: next-generation firewalls.

Next-Generation Firewalls

A next-generation firewall (NGFW) combines all the strengths of past firewall technologies into one tool. This bundle of security measures includes elements such as:

  • Antivirus
  • Intrusion prevention
  • Encrypted traffic inspection
  • Deep packet inspection

NGFWs are more advanced than traditional firewalls and help forge your cybersecurity. They move beyond port/protocol, blocking to a more advanced protection system.

The Benefits of an NGFW  

A NGFW is a threat-focused approach that provides advanced risk detection. It’s the gold standard of firewall protection. If you have not implemented an NGFW, then you are doing your business a disservice.

Advanced Policy Control

Thanks to deep packet inspection, next-generation firewalls enable the use of internet applications that allow more productivity while blocking less desirable applications. Unlike the traditional firewalls that only allow or block traffic, NGFWs deny access to all applications considered insecure.

Content and User Identification

NGFWs monitor and scan content in real-time, so no data can leak. This includes filtering and files and threat identification. Also, these firewalls easily detect specific users responsible for traffic that poses threats.

Firewalls Reinforce a Layered Security Approach

Cybersecurty is crucial in today’s world. Threats are constantly evolving, and defenses must continuously improve to stay ahead. 

Securing your network should be a top priority for all businesses. The best way to remain secure is to implement a layered approach to your cybersecurity

At ISG Technology, we are committed to helping businesses improve their network security. Get in touch with us today to consult with our experts.

ISG CEO, Ben Foster, Named to Family Business CEOs to Watch 2020

ISG Technology CEO, Ben Foster, was recently named to the Family Business CEOs to Watch 2020, a publication that recognizes family and non-family chief executives who are leading their businesses with a view toward long-term success.

According to Family Business Magazine, a family business chief executive must have the talent to steer the business to growth and profitability while maintaining family engagement and harmony, ideally promoting good governance to help smooth the way. Family business CEOs in 2020 have had to emphasize resilience in communicating with a stakeholder group that includes family members not employed in the family company.

Here’s what they wrote…

“The Twin Valley family of companies operates in two ultra-competitive spaces, telecommunications (voice/internet/video and business services) via the Twin Valley companies in north central Kansas, and IT technology/managed services via ISG Technology, operating in Kansas, Missouri and Oklahoma,” notes Scott Leitzel, chief operating officer at Twin Valley and human resources executive at ISG Technology.

“In order to remain competitive in these spaces, a CEO must be forward-thinking, bold and willing to push him/herself and team outside traditional comfort zones, time and time again,” says Leitzel, who has reported directly to Foster for 10 years. “Ben operates in this manner on a consistent basis, and in partnership with previous generations has led [the business] to growth that would not otherwise have occurred.”

Foster joined Twin Valley Telephone in 2004 as vice president of operations. He rose to chief operating officer and was named CEO in 2014. Prior to Twin Valley he was the director of consumer support centers and chief of staff at SBC, now AT&T.

At Twin Valley Telephone, he managed the integration and subsequent upgrade of 13 exchanges and 6,000 customers, which tripled the size of the company. He brought in the company’s first two non-family executives and led the acquisition of ISG Technology as a diversification strategy.

Five of the seven fourth-generation members work in the business, Leitzel notes. “This presents a unique responsibility in which Ben serves as CEO of the Twin Valley family of companies while representing the collective ownership and heritage of the company, which dates to 1947.

“Ben has done this while serving on multiple boards, including currently serving as chairman of KsFiberNet and ESPi.”

“I am passionate about being a positive steward of the business that we inherited from previous generations,” Foster says. “I do this by living by the values that we were taught and talking about those values with our team. I wish to leave the next generation a family asset that is more resilient and larger than what we received. Improving ownership cohesion, hiring professional board members and mentoring key executives with expertise that goes beyond my own are three ways of ensuring that my skillset improves and is never the limiting factor to my family achieving our goals for the company.

“Family businesses are important to the economy and broader society because we put the heart behind the capital, as well as a longer-term horizon that helps solve bigger problems. I find tremendous purpose in being a small part of the positive impact our companies make.”

ISG Technology Awarded “Oklahoma’s Best IT Firm 2020”

ISG Technology is proud to announce that it has been awarded Oklahoma’s Best IT Firm by The Oklahoma Journal Record newspaper, The Journal Record. The award was featured in the publication’s 2020 Reader Ranking Awards, which compiles the best organizations across 84 categories including technology, finance/accounting/insurance, health care, legal services, as well as many others. 

To obtain the results, readers were notified of the ballot through direct emails and print advertisements linking to the ballot and were encouraged to share the link with their colleagues. More than 1,400 businesses were nominated during the open nomination process from January 20th to February 28th. The ballot was open from March 2nd through April 20th and garnered more than 58,000 votes from business professionals across Oklahoma. The results were tallied to come up with the list of award-winning businesses. 

“We’re honored to be a part of such a great list of businesses here in the Oklahoma City area,” said Walter Hirsekorn, General Manager of ISG’s South Region. “Winning this award this year is especially meaningful as I know our team has worked tirelessly to help clients through the business and technology challenges created by the pandemic.”

ISG Technology manages the IT systems of business in Oklahoma City and throughout the United States. 2020 has been a challenging year for business across the globe, and managed services providers (MSPs) like ISG Technology have been essential in keeping businesses operational during stay at home orders, and a number business disruptions caused by the spread of COVID-19. 

For more information on The Journal Record’s 2020 Reader Ranking Awards, visit The Journal Records website. For more information on ISG Technology, please visit www.isgtech.com or contact them at (877) 334-4474.

ISG Technology and Twin Valley Communications Aligning Services to Help Businesses Adapt to Pandemic

Twin Valley Management, an Overland Park, Kansas-based holding company for Twin Valley and ISG Technology, is announcing its plan to improve the technological capabilities of organizations in underserved areas of North Central Kansas. Twin Valley Communications is among the largest privately-held telecommunications companies in Kansas and ISG Technology is a leader in IT cloud & managed services in Kansas, Oklahoma, and Missouri.

This comes on the heels of Twin Valley being awarded $1.3 million of CARES Act and Connectivity Emergency Response grant dollars. Additional investment by Twin Valley of almost $900,000 has been committed to deploy a combination of fiber to the premise & fixed wireless broadband services. Twin Valley Communications will also utilize the CBRS spectrum that it won at auction.

President and CEO of ISG and Twin Valley, Ben Foster stated, “There are so many businesses, schools, hospitals and local governments in these areas that simply don’t have access to the broadband needed to enable things like remote work, virtual healthcare and distance learning. We’re trying to fix that.”

Foster continued to talk about their strategy to combine Twin Valley’s broadband services with ISG’s suite of managed IT services and its data center offering to provide a complete technology solution for organizations in rural areas. “Unfortunately, many businesses spend countless hours stuck in the middle of a blame game when issues arise. The ISP points the finger at the IT provider and vice versa. When we deliver bundled connectivity and IT, the client knows who to call. We see a massive opportunity to create new value in the fiber-optic broadband, managed IT & cloud services space.”

The companies are focused on helping businesses in these areas adapt to the changing work environment the pandemic has created. Bringing together broadband and managed IT services allows companies to stay connected and focus on their core business.

In addition to providing Gigabit service to businesses and households in cities that are covered by the 15-mile fiber optic cable build-out – hundreds of households will have fixed wireless broadband speeds up to 100 megabits/second. This infrastructure will pass through multiple cities and will provide the foundation for future investment and even faster connections.

10 Simple Ways to Boost End User Cybersecurity

October is National Cybersecurity Awareness Month. It’s a great opportunity to review the basics of cybersecurity with your employees. 

Cybersecurity is a complex and ever-evolving field. To many people, it can seem daunting and confusing. Fortunately, there are many simple ways to boost cybersecurity on a user level. 

We’ve collected ten of the most simple and effective ways to boost your cybersecurity. Sharing these simple security measures with your team will help boost the security of your business by minimizing the risk of human error.

Strengthen Your Passwords

Your passwords are the first barrier protecting your confidential information from hackers, so practice using strong ones. Get creative with the passwords you choose by replacing letters with punctuations marks, deliberately misspelling words, and using long passphrases. The greater mixture of letters, numbers, and special characters you use, the harder it is for hackers to crack.

You should also use a different password for each account you have. The more you reuse passwords, the weaker your security will be. Proofpoint offers great training programs to help employees understand and implement effective password security.

Use A Password Manager

Passwords that are easy to remember are often easier to hack. A password manager can be very helpful in keeping all your passwords memorized so that you don’t have to. It can even suggest strong passwords for you!

There are lots of password manager platforms and services available. To get started, here is a roundup of some of the best password managers out there.

Avoid Oversharing On Social Media

Even simple information that you post on social media, like your favorite coffee shop, can be used against you. Names, addresses, and even vacation plans can give criminals the information they need to target you. If someone posts personal information without your consent, ask them to remove it promptly.

Another dangerous aspect of social media is location sharing services that allow people to see where you are at any time. Always disable these services in your apps, and be mindful of what someone can learn about you based on your social media.

Update Your Software

Your software is important and is always being improved, whether on your computer or mobile devices. Don’t delay recommended updates! They contain important patches to fix security issues. Not updating software leaves you vulnerable to cyberattacks. 

Secure Your Network

Your personal network is rarely going to be as secure as the one you use when you’re at work. It’s essential that you’re securing your network as much as possible. Get in touch with your network provider and ask if there’s anything you can do in order to strengthen and protect your network from harm.

Use Multi-Factor Authentication

Multi-factor authentication requires multiple steps to access an account. Often, this means you need a password and authentication via your phone. It can help take your security to the next level.

Multi-factor authentication has definitely helped many people and organizations strengthen their security. Many businesses, such as banks, now require it.

Watch For Phishing Emails

Many cyber criminals send fraudulent emails that imitate those from well-respected sites. These phishing attempts try to get you to reveal personal information by clicking on links, opening attachments, and responding to requests. If you aren’t sure if the message is truly from the company (or individual) it expresses to represent, call the company directly and ask.

ISG Technology partners with Proofpoint for security awareness training. They have many resources available to help teams identify phishing emails.

Check Emails For Suspicious Hyperlinks

One aspect of phishing prevention is to always double-check links in emails, especially those in unexpected messages. Always be wary of what you click on. Before clicking on a link in an email, hover over the link to see where it directs to. If it looks suspicious, don’t click.

Install Antivirus Software

The antivirus software that you have on your devices is going to add that extra layer of security and highlight any potential dangers before you encounter them. They can scan your devices routinely and alert you to any suspicious activity or threats when they occur. 

It’s a good idea to choose an antivirus that is both effective and lightweight. That way, it will be able to combat modern threats without bogging down your computer as it scans. For this aspect of security, ISG Technology recommends Webroot.

Be Deliberate About App Privileges

Apps on your mobile device often ask for permission to access aspects of your data, such as the device’s location. But you shouldn’t grant the permissions without considering it first. If the request doesn’t make sense, or is for more information that seems reasonable, don’t grant it. This is especially true with less reputable apps.

As the rate of cybercrime is rising, your personal cybersecurity is something you should always be proactive about. These ten tools and habits will prevent the loss of your personal data, as well as minimize the risk of a breach for your company.

7 Habits of Highly Secure Organizations

In today’s economy, businesses must understand and leverage the value of data to remain competitive and appealing. Data has enabled us to create more desirable products and better understand consumers’ behavior, becoming a company’s major asset. 

This content is brought to you in partnership with Aruba Networks

And so, it becomes crucial to implement a bulletproof cybersecurity system to protect such an essential asset. But, data security is much more than that, and implementing organization-wide habits to keep this information secure should be part of any security system.

A recent survey by the Ponemon Institute and HPE identified 7 commonalities in the cybersecurity plans of highly-secure organizations. Jim Morrison, former FBI Computer Scientist and current HPE Distinguished Technologist, presented these principles in a special webinar for ISG Technology, in partnership with the Hewlett Packard Enterprise. The following is a summary of those principles.

1. They Value Security as Part of Digital Transformation

Technology has become an essential aspect of any business’s operations, and without investing in the current digital transformation, your company is likely to become outdated and less competitive quickly. 

However, along with these technological innovations come a few challenges that entrepreneurs can’t ignore. As your company gathers data, it becomes crucial to implement solid security systems. Security can’t be an afterthought. It should be an integral part of a digital transformation plan.

2. They Manage Risk Effectively

This content is brought to you in partnership with Aruba Networks

Proactively and effectively managing the risks inherent in business is an essential component of a successful digital transformation. Throughout the digital transformation process, over 75% of high-performing enterprises work in close collaboration with a risk management team.

A risk management team can offer valuable advice regarding the implication of any initiative you are launching, identifying the areas that carry the highest cybersecurity risk, and can help build security into the design of new projects

3. They Use Security Automation

Human error still represents one of the major risks for any company’s security, despite how advanced our technological innovations have become. Eliminating or reducing manually-operated systems through automation can represent a suitable solution to this issue. 

Automation can play a major role in your security system. The automated system will introduce compliance as code, implement a standard response and access control system, and reduce reliance on the decisions made by an analyst.

4. They Implement a Zero Trust Model

When it comes down to protecting the data of your business, clients, employees, and contractors, you want to always be sure of your security. Implementing a Zero Trust model means you always verify the status of your security.

This is “not because workers are bad,” explained Jim Morrison, HPE Distinguished Technologist. “It’s that workers get distracted.”

HPE’s Silicon Root of Trust is a security measure built in to a server’s silicon. It provides a unique, immutable fingerprint that connects the silicon to the firmware. If the firmware is ever compromised by an attack, the Root of Trust will not allow the server to boot up. It’s the strongest hardware security solution on the market.

5. They Use Machine Learning

Machine learning is among the most revolutionary innovations of our era. Using machine learning in data security will decrease the company’s reliance on human perception and decision making.

Instead, the system itself is to recognize the voice, face, or optical character of whoever is trying to access data. This can help you implement a standard recognition and access system that will nearly eliminate human error.

6. They Purchase Cyber Insurance.

Today, investing in a cyber insurance policy is one of the best ways to protect your company against losses or damages due to data breaches, which can be extremely costly for any business. A cyber insurance policy can cover you in the event of business interruption, cyber-extortion, reputational damage, media liability, and more.

7. They Connect Privacy and Security

It’s crucial to understand that it is not possible to have privacy without a strong security system. Effective cybersecurity reduces the risk of privacy breaches for customers, employees, and partners. It also minimizes human error. Because of this, cybersecurity defenses and privacy measures are tied together. 

Understanding these perspectives on business security can help you find the weaknesses in your own cybersecurity posture. For help implementing the security measures you need, contact us today.

Digital Handbook: 5 Steps to Strengthen Cybersecurity Posture

The global cost of cybercrime is expected to exceed $6 trillion in 2021. That means that cybersecurity should be a big priority for businesses. If you’re looking to strengthen your cybersecurity posture and lower the risk of attacks and breaches, this guide will explore effective measures and highlight five key steps to success.

What Is Cybersecurity Posture and Why Does It Matter?

“Cybersecurity posture” refers to the collective efforts to protect the business from cyber threats. It is a term used to describe the overall defense mechanisms in place to tackle and prevent cybercrime. This phrase relates to any kind of security measure, including policies, staff training, and spam filters.

It’s hugely beneficial to be aware of the status of your cybersecurity posture so that you can identify potential security weaknesses, make improvements, and ensure you meet industry guidelines and benchmarks. 

1. Follow a Security Framework

Security frameworks provide a strategic blueprint to help businesses stay safe. There are different frameworks in place within different industries, based on each one’s specific needs for 

compliance and data protection, such as HIPAA for the healthcare industry.

The most widely used and recognized framework in the US is from the National Institute of Standards and Technology (NIST), and it comprises five elements:

  • Identify: Understand and identify potential risks based on the data you handle, your client base, and the regulations that are relevant to your organization.
  • Protect: Invest in the right protective technologies and implement security procedures, including employee training and regular system patching.
  • Detect: Monitor continually for threats and system vulnerabilities.
  • Respond: Have a plan to mitigate and evaluate security breaches, as well as communicate with staff and customers.
  • Recover: Restore systems, patch system weaknesses, and take steps to manage your reputation.

All ISG Technology security solutions are founded on the NIST framework. For more details on this framework and how it can be implemented in your cybersecurity posture, check out our whitepaper on the subject.

2. Understand Where You Are

This image has an empty alt attribute; its file name is HPe-Cobranded-Content-Img.jpg

To address weaknesses and strengthen defenses, it’s vital to understand where your business is in terms of security posture. Carrying out several kinds of tests provides critical information about your security status. 

There are a number of tests that can determine the current strength of your security, such as penetration tests and vulnerability assessments. Which test you use depends largely on your situation. That’s why the most efficient way to perform testing is to contact an IT services provider. Those experts will help you understand which assessment is right for you, how to perform the test, and how to read the results. 

Did You Know? Hewlett Packard Enterprise is the only major server manufacturer shipping world’s most secure industry-standard, made-in-USA servers. The new HPE ProLiant DL380T server is shipping today to U.S. customers as the first industry-standard server to be produced through the HPE Trusted Supply Chain process, which HPE plans to expand to the rest of its portfolio in 2021. Customers from select countries can purchase products delivered through HPE Trusted Supply Chain in 2021. Read the press release>>

3. Begin Building Resilience

Building resilience in the field of cybersecurity can be compared to fortifying a castle. Different elements, such as a moat, high walls, and guards, come together to create a more robust, tougher defense. In cybersecurity, this translates to firewalls, spam filters, antivirus software, and employee training.

Every company has different needs, but the goal of each should be to take their cybersecurity to the next level. At this stage, it may be beneficial to add more advanced technology, fill in security gaps, and boost efficiency by automating processes. The aim is to reach a point beyond protection and prevention where organizations are secure by design.

4. Create a Culture of Cybersecurity

Employees are often a company’s best asset, but when it comes to cybersecurity, they can be a liability. Because more than 90% of attacks start with email, it’s important for employees to recognize the role they play in your company’s security posture. 

Creating the right company culture and promoting education about cybersecurity can help lower the risk of breaches and phishing scams significantly. Changing the culture involves:

  • Awareness: Employees should be aware of the importance of cybersecurity, the potential implications of breaches, and their role in prevention. 
  • Testing: Testing enables businesses to identify who is most susceptible to phishing attacks and provides practice for employees.
  • Training: Regular training teaches employees how to spot phishing attacks and how they should respond.

This process is so important, we’ve given it a blog post of its own to explore the steps in more detail. The easiest way to implement these strategies is to work with an experienced managed service provider. As part of our managed security services, our IT experts can analyze your company’s security posture and implement needed changes, including simulated phishing attacks and training for employees.

recent survey by the Ponemon Institute and HPE identified 7 commonalities in the cybersecurity plans of highly-secure organizations. Jim Morrison, former FBI Computer Scientist and current HPE Distinguished Technologist, presented these principles in a special webinar for ISG Technology, in partnership with Hewlett Packard Enterprise.

5. Plan for the Attack

We often assume that big businesses are the main targets of cybercriminals, but statistics show that isn’t true. Around 70% of ransomware attacks involve small or medium-sized businesses. Every business should be prepared for a cyber attack. 

Preparing an Incident Response Plan will help you and your team know what to do when an attack happens. Responding as quickly as possible will minimize the risk of downtime, protect your reputation, and reduce the risk of financial losses. 

This plan involves:

  • Assembling your team
  • Detecting and confirming the source of the breach
  • Containing the issue 
  • Assessing the damage
  • Notifying the relevant authorities and affected individuals in line with compliance requirements
  • Preparing for the future

Having a clear Incident Response Plan in place will help team members handle the high stress of a cyber attack, leading to better management of the situation.

Learn more about HPE server security>>

If you’re keen to improve your security posture but aren’t sure where to begin, investing in managed IT services will provide access to security experts and a raft of cutting-edge, tailored solutions that will help you lower the risk of data breaches and ensure your company is prepared for cyber attacks. 

Three Critical Elements of Creating a Culture of Security

Your employees are the most valuable asset to your organization. But they are also one of the biggest risks to your cybersecurity posture. This is particularly true when it comes to phishing attacks. 

For business owners, it’s incredibly beneficial to create an environment which actively champions and promotes safe, secure work practices. This culture of cybersecurity facilitates the adoption of positive policies, procedures, and practices which are designed to minimize risks. 

There are three key elements to building this culture successfully: awareness, testing and training. 

1. Security Awareness

Cybersecurity should be a priority for every organization, from small-scale businesses to international corporations. It’s easy to think that only big businesses are the desired target for hackers, but this simply isn’t true. More than 70% of ransomware attacks involve small and medium-sized companies. 

Additionally, over 90% of cyber attacks originate from phishing emails. This means that in the vast majority of cases, it’s the human element, not technology, that is the weakness in a network. Employees can put businesses at risk due to a lack of understanding regarding phishing threats and how to respond appropriately. 

Every individual should be aware of the importance of cybersecurity and the potential consequences of their actions. Something as simple as clicking on a link or responding to a spam email can jeopardize the future of a business. Data breaches are expensive and damage the reputation of the business, which leads to customer loss.

2. Security Testing

Regular testing is an effective means to improve awareness of hazards like phishing scams. Simulated phishing tests enable employees to learn how to spot the difference between legitimate emails and spam. 

Phishing emails are often amazingly lifelike and they can be tricky to spot. The tests are engaging and interactive, and with frequent tests, employees learn what to look out for. This first-hand experience is often a more influential way to learn than reading about red flags or listening to a colleague talk about potential dangers.

If they do click on a simulated phishing test, the link will take them to a message that reminds them of the ways to identify phishing attacks. The program can also be customized to assign specific training for those employees who frequently fall for phishing emails. 

3. Security Training

Most employees aren’t cybersecurity experts, which is why training is so crucial. Training programs, sessions, and interactive workshops can help employees to understand the threats the business faces, to recognize potential dangers, and to adopt safe online practices. 

The testing software used to simulate phishing attacks uses interactive videos on different topics to train employees. This means that, while all employees will receive training, the more “phish-prone” users will be directed to more training videos, because they will click on more phishing tests.

Threats evolve, and hackers are creative and intelligent. This means that ongoing training is essential. Employee training is an important aspect of cybersecurity policies and procedures, and may mean the difference between a breach and a failed attack. 

Creating a Culture of Security

Employees often pose cybersecurity threats to businesses without knowing it. The right company culture can help to prevent attacks and reduce risks. Raising awareness of the importance of cybersecurity and the implications of cybercrime, carrying out regular testing, and providing training can help to protect and shield organizations. 

The easiest way to implement these strategies is to work with an experienced managed service provider. As part of our managed security services, our IT experts can analyze your company’s security posture and implement needed changes, including simulated phishing attacks and training for employees.

Companies who implement these awareness, testing, and training programs see a significant decrease in their risk score. To learn more about creating your culture of security, check out our webinar, “Protecting Against Cyber Threats With The Human Firewall,” or contact us today.