How schools can upgrade their online infrastructure

Nothing is perhaps more important to the U.S.'s future than maximizing the potential of education. It is through mass schooling that children learn the essential social and learning skills that will prepare them for adult life and professional work. While education is a complex process with many different factors affecting outcomes, access to technology clearly plays a role in children's learning.

It is unfortunate then to learn that 6.5 million students in the U.S. still lack broadband, according to Education Superhighway. Broadband is an essential communication medium for educational facilities with large student and teacher populations, as it allows for messages and online actions to be completed simultaneously.

However, broadband is only one crucial aspect of improving online infrastructure in schools and other educational facilities. Further complicating the matter are tight budgets that many of these institutions must operate within. As the Center on Budget and Policy Priorities reported, state and local funding is still recovering and is well below what it was in 2008.

With this in mind, schools may have to focus on the most essential upgrades first, spreading out the investments in a way that maximizes learning potential.

The advantages of a fiber connection
Sites like Education Superhighway are big on the advent of fiber in the classroom. According to Techno FAQ, one of fiber's biggest advantages is its reliability. Fiber functions on symmetrical connections, allowing downloads and uploads to happen at the same time without impacting connection speed. The system also tends to be more passive and separated from power lines, meaning that it will likely remain operational during a storm.

Time is precious in schools and fiber is designed for high-speed connections, typically over 1Gbps. This allows educators to stream video content in seconds, without having to pause constantly for buffering videos.

A fiber connection allows for high bandwidth and enables faster broadband. A fiber connection allows for high bandwidth and enables faster broadband.

Planning for increased bandwidth usage
Think of bandwidth like a highway: the more lanes there are, the more easily traffic can flow. In a school situation, every student and teacher is a car on that highway – meaning that things will slow down very quickly with only a couple of lanes. Without proper bandwidth, hardware investments will not work the way they should. Even the most up-to-date tablet cannot magically conjure efficient internet connection on its own. 

Bandwidth management can keep everything flowing smoothly. While schools can (and should, up to a point) purchase more bandwidth, management will help reduce the amount of spending while maximizing efficiency. Techsoup for Libraries recommended bandwidth management to help prioritize which programs get access to the connection speed first.

For instance, a student wrongly downloading a new mobile game should never receive the same bandwidth as a teacher trying to stream a news program for a class. Student devices can even be put on a separate, slower network, freeing up room for the educators to use on lessons.

While schools can have their own servers – many universities do – a cloud services provider can help alleviate this investment. Just be sure that any contracted third party has the proper security certification to be a trusted partner.

"Wearable technology like smartwatches are starting to enter the educational space."

Factoring in IoT and BYOD
Whatever the plan, make sure spending accounts for more than just the computers in the classroom. Everyone, student and teacher, has a smartphone. Numerous other wearable technology like smartwatches and similar products are also starting to enter the educational space. As the internet of things continues to grow, each one of these devices could sap bandwidth away from where it is needed.

This represents a cybersecurity issue, especially as most faculty and students are bringing their own devices. School online infrastructure should carry a layered password system to ensure that access is restricted to authorized users. In addition, the principle of least privilege should be applied.

This will ensure that students on have as many permissions as they need, keeping them away from confidential teacher data. Ideally, the IT team will have oversight and the only administrator privileges on the network. This way if there is a breach, the potential damage will be contained.

Remote monitoring programs are useful tools for school systems that cannot afford to keep a dedicated IT staff in every building. While this software is convenient, schools should be wary of investing in any solution without doing the proper research. A report from Schneider Electric analyzed a possible danger in certain solutions as, if compromised, they provide an open window for cyber criminals to inflict damage.

Students can be placed on a separate network, freeing up bandwidth and reduces the likelihood of a school data breach. Students can be placed on a separate network, freeing up bandwidth and reduces the likelihood of a school data breach.

Preparing for 5G
Any education institution investing in wireless internet infrastructure needs to consider 5G. While not readily available now, 5G has already begun limited rollout and is expected to start becoming widespread in 2020, according to IEEE 5G. This will serve as not only the next telecommunication standard but will also empower higher capacity, massive machine communications.

Essentially, the bandwidth concerns of today may be outdated and a whole new set of possibilities and problems will open up. While it is still too soon to definitively say with certainty what kind of wireless internet infrastructure 5G will bring, schools that need to design systems between now and 2020 should incorporate easy scalability into the infrastructure. It makes no sense to optimize exclusively for platforms that may soon be obsolete.

As schools and other education establishments begin improving online infrastructure, a solid IT solutions provider can help smooth the transition and reduce cost spending. ISG Technology stands ready to do its part in ensuring that the U.S. education system empowers the most complete learning experience in the world. Contact us today to learn how we can help update your infrastructure.

Why phishing is so dangerous

As 2018 begins, the total number of cyberattacks continues to rise. Data from the Identity Theft Resource Center and CyberScout showed there were 1,579 successful data breaches in 2017. This figure represents a nearly 45 percent uptick from the year before. The numbers turns especially troubling when broken out by industry.

On the whole, most sectors are tightening their security measures and reporting fewer breaches. Health care, government, education and financial industries all reported a continued decrease in successful data breaches. While this is good news, there is one market that more than made up for this gradual decline: business. In 2017, the business sector accounted for nearly 60 percent of all breaches. This trend has been steadily increasing since 2013, according to the report.

Part of this is the pace of cyberattack evolution. Businesses invest heavily in methods to prevent one type of cyberattack, only to have hackers change their strategy within months. At that point, the organization has already spent its budget in information security and may be scrambling to allocate more. However, data suggests that one of the simplest forms of cyberattack is still among the most effective: phishing.

"Less than half of all executives understand their company's information security policies."

False sense of safety
While ransomware and other, more elaborate types of cyberattack routinely make the news, phishing has been flying under the radar. Many equate it with stories of foolish people falling for schemes from a Nigerian prince or believing that they had suddenly acquired millions from the government – fantasies that businesses tell themselves they would never fall for.

Data from a couple years ago may also have looked hopeful. A 2016 Symantec report concluded that the overall email spam rate was falling and that fewer phishing bots were being used. This information, likely the result of email server providers like Gmail and Outlook stepping up their sorting technology, may have given a false sense of safety to business executives.

Compound this will another major problem in the business sector: Most executives are in the dark when it comes to understanding cybersecurity concerns. A cybersecurity survey report from BAE systems in 2016 found that less than half of all executives claimed to understand their company's information security policies.

This same survey found that only 60 percent of companies had formal cybersecurity training sessions in place, and that 70 percent of that number only had training roughly once per year. Given how rapidly cyberattacks change and adapt, this strategy would leave companies exposed to vulnerabilities – perhaps more so than other organizations because of the misplaced sense of safety.

"Cyber criminals now create fake websites that look legitimate."

Phishing is getting smarter
Part of Symantec's data – the decline of phishing bots – should not have been received with good news. Especially when, according to Comodo Threat Intelligence Lab data, the overall number of phishing attacks continues to increase. Bots are, for lack of a more proper term, dumb. They follow predictable formulas that can be easily filtered into spam boxes and out of employees' vision.

However, phishing has gotten smarter. One of the new methods outlined in Comodo's report is called "clone phishing." In this scenario, hackers intercept an authentic email communication, typically from an executive, and recreate it nearly flawlessly. The fake email is then sent to the employee in the hopes of getting a response.

In addition, the practice of spear phishing is on the rise. Most early phishing was a mass attack – the same email or recorded message sent to many people, hoping to snag a minority of those contacted. Spear phishing is more precise. This phishing tactic learns of the victim's personal information and uses it. This means that the phishing message may include real names, dates and relevant organizations – all factors that will make the communication look more genuine.

Phishing has also gotten more complex in the sense that it has evolved past emails, phone calls and text message. Cyber criminals now create fake websites – similar to originals – that look legitimate. However, these malicious sites often betray themselves in the domain name, which is typically longer or more complicated than it needs to be. These website forgeries will almost never use common domain names like .com or .org.

Everyone is a target
According to the Comodo report, 50 percent of employees will open an email from an unknown sender if it lands in their inbox. This number alone explains the increasing amount of phishing attacks, as well as why they are such a prevalent method. Every employee is a potential target.

Phishing stresses the need for comprehensive employee training at every level. Even one person being compromised can put an entire organization at risk. For example, if an entry level analyst is targeted and successfully breached, the hacker or malicious group may be in possession of the network passwords, meaning that they suddenly share his or her level of access. This can be used to install ransomware or other harmful programs. 

Every employee who receives corporate emails on a professional or personal device is the potential victim of phishing.Every employee who receives corporate emails on a professional or personal device is the potential victim of phishing.

Training to beat phishing
Information shows that training sharply decreases the likelihood of phishing success. A PhishMe report concluded that susceptibility fell to roughly 20 percent after relevant sessions on improved cybersecurity practices occurred.

Even these newer, smarter methods of phishing have telling signs. CSO stressed that malicious emails are usually more threatening or urgent than typical office communication. This is part of cyber criminals' strategy, as panicked employees are less likely to think clearly if they legitimately believe their job is on the line.

Employees should also be advised to carefully check the sender's name. If it is an unknown sender, all emails should be double-checked with the supervisor before response. Spelling and grammar are also more likely to have mistakes as cyber criminals have no corporate standard or editing department.

Business companies should be willing to partner with the experts to ensure the best training and prep programs for their employees. IT service providers like ISG prepare cybersecurity compliance as part of our extensive product portfolio. Consult with us today to find out how we can help secure your company against future data breaches. 

Critical Cisco Systems Vulnerability: Patching Needed

On January 31st, Cisco Systems disclosed a vulnerability allowing up to complete control of a device from the Internet, affecting Cisco ASA Software that is running on several Cisco products.  The purpose of this blog post is to:

  • Help you understand the issue
  • Point you to trusted resources to explain it in more depth
  • Determine how you can protect yourself against it

The Issue

Cisco Systems released an advisory and a patch for a vulnerability allowing up to complete control of a device from the Internet.

What You Should Do

Check the following systems for the webvpn configuration, and if enabled for external communications, the systems need the patch from Cisco.

Vulnerable Products[1]

This vulnerability affects Cisco ASA Software that is running on the following Cisco products:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)

What ISG Is Doing

Currently, the ISG Data Centers are following our normal process for patching, with additional analysis for the critical configuration problems.  Our service engineers are available to assist any customer with any Cisco product help in regards to this issue and any other issue.

References & Further Information

Please view the Cisco advisory linked below for more technical details on the products and vulnerability.  Ars Technica also produced a story about the issue: https://arstechnica.com/information-technology/2018/01/cisco-drops-a-mega-vulnerability-alert-for-vpn-devices/

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 

3 things SMBs need to know about cybersecurity

If you run an SMB, cybersecurity should consistently weigh on your mind. Cybercriminals are extremely common these days, and fighting them off can be quite the challenge. In fact, the Duke University/CFO Magazine Global Business Outlook Survey found that more than 80 percent of companies in the U.S. have been hacked.

While this should make any company administrator worried, this is an especially frightening statistics for those that run SMBs. While larger organizations certainly receive more attention when they’re hacked, they also have the money and public image to bounce back when a data breach occurs. Smaller businesses, on the other hand, don’t have this luxury. A single hack can be a signal to your customers that you aren’t trustworthy, regardless of what actually happened during the hack.

With your entire business’ image on the line, it’s clear that cybersecurity needs to be a major focus n 2018. That said, this topic is so complex that finding a place to start can be difficult. Cybersecurity is vital, and not beefing up your protections simply because you don’t know where to begin is a bad idea. Therefore, let’s take a look at some of the most important areas of security today, as well as tips for SMBs to avoid these issues.

1. BYOD is vital, but it needs a security upgrade

If you run a small business, there’s a good chance you have a solid familiarity with the bring-your-own-device (BYOD) trend. This is where employees are encouraged to bring their own gadgets into the office for work-related purposes.

The benefits of such a system are obvious and very compelling for smaller organizations. The biggest of these is the cost advantages BYOD brings. The traditional model of getting devices into the hands of workers is to simply buy these devices, which can take a huge chunk out of your budget. However, by allowing workers to use their own tablets, smartphones and computers, SMBs can put the money they would have spent on gadgets toward objectives that can further the company’s success.

On top of the cost advantages, BYOD also allows for a level of familiarity that you won’t be able to produce with company-owned devices. According to a study from CIsco, U.S. employees that were allowed to use their own gadgets at work saved about 81 minutes every week. Clearly, BYOD allows for a big boost to productivity.

“There is a major drawback to BYOD in the form of cybersecurity.”

Despite all of these obvious benefits, there is a major drawback to BYOD in the form of cybersecurity. The issue is that most people simply don’t secure their own devices properly. While the lack of antimalware software on personal mobile devices is certainly an issue, the fact that many people don’t even use PINs to acces their phones is disturbing. If such a person were to lose their phone, quite literally any person that finds it would be able to access sensitive data.

While there are some clear downsides to BYOD, that doesn’t mean you shouldn’t allow for such a system within your company. You simply need to prepare your employees. This begins with some sort of meeting where teh security needs of the company are outlined. On top of that, it may be a good idea to install protective software on any device that has access to the company’s network and data.

2. Ransomware isn’t going away

In a similar vein, ransomware has also reared it’s ugly head and is making moves against SMBs. At its most basic, a ransomware attack is where the attacker encrypts a certain device or multiple devices on a network. The idea is that companies need constant access to the data contained on these gadgets, and that encrypting this information would be a major blow to operations. Therefore, the hacker is able to name his price in order to decrypt the captured data.

While this is a major issue for all the devices your company uses, one area you may want to focus on is how ransomware might affect your mobile infrastructure. Kaspersky Lab reported a 253 percent increase in ransomware attacks in Q1 2017 over the previous quarter. That’s an enormous uptick, and this is very clearly a mounting trend within the enterprise.

“Going after mobile devices simply makes sense to a ransomware hacker.”

Going after mobile devices simply makes sense to a ransomware hacker. Due to BYOD, these gadgets often contain incredibly important information, and companies can’t simply ignore how much data they contain. What’s more, smartphones and tablets often have a lower level of security than traditional computers, which is the perfect opportunity for a hacker to strike.

While the tips above can help prevent such an attack, an additional piece of advice is to back up every scrap of data that you consider important to the company. In fact, the 3-2-1 Backup technique is generally though of as the best way to protect data security from a ransomware attack. This is where you have three copies of a piece of data, kept on two different mediums with one of these mediums being kept offsite. By doing this, you can simply wipe any device hit by a ransomware attack without having to worry about losing precious information.

3. Social engineering should be your biggest concern

Social engineering is a topic we’ve touched on before, but its importance deserves constant attention, especially within smaller businesses. You can think of these attacks in the way you might think of a conman. They generally involve preying on people’s kindness in order to accomplish some sort of malicious task. For example, a hacker dressed up as a plumber might be able to talk a receptionist into letting him into a secure part of the building without clearance.

Are you sure you know who the plumber is? That handyman may not be who he says he is.

The reason this is such an issue for small businesses is that these organizations generally have a more neighborly feel to them. The entire point of hiring a small business is the friendly personal touch these companies can provide, which is a major selling point. However, this attribute can allow for hackers to get away with more than they would have if they’d attacked a larger organization.

The sad truth is that the only way to lower the threat of a social engineering attack is by hardening your employees to sob stories. Hackers will usually spin a yarn about how they lost their ID card or their login credentials, and this story is often convincing enough to get them everything they could ever want out of a company.

Therefore, organizations need to teach employees that being nice isn’t always the best thing to do. Losing login credentials may get a person in trouble, and its human nature to want to help someone in such a situation. However, doing so could be disastrous for the company.

At the end of the day, a company is really only as secure as you want it to be. You can purchase all kinds of cybersecurity software, but if you aren’t willing to take step to prevent an attack, you’re no more protected than someone who avoided these services. By increasing your knowledge and working to ensure your employees understand the importance of security, you can help keep your company’s data safe.

Why should your company fear social engineering?

Cybersecurity may be the biggest issue facing the enterprise. The costs of dealing with an attack are through the roof, and experts believe it's only going to get worse. The Official 2017 Annual Cybercrime Report from Cybersecurity Ventures predicted that by 2021, cybercrime would cost the worldwide economy around $6 trillion

With so much money funneling into the criminal underground, it's easy to see why so many companies are terrified of a hack. To satisfy this urgent need for data safety, businesses have started to invest in highly-complex technologies aimed at catching digital incursions before they get out of hand. These systems are certainly necessary in this day an age, but many administrators mistakenly think they're the only way to secure information. 

In fact, many hackers actually rely on a technique called social engineering. This approach is incredibly successful, mainly due to the fact that companies don't plan for it. To help officials stave off such an attack, let's explore exactly what social engineering is and what you can do to prevent it. 

How does social engineering work? 

Although the term is used to discuss a certain type of attack, social engineering actually encompasses a wide range of hacking techniques. That said, they basically all boil down to using human error to accomplish a goal. 

For instance, a hacker may come to find that he needs login credentials to access a certain data set. One popular technique in such a situation involves the hacker calling the front desk to say that they've just been hired at the company. They could spin a sob story about not being able to gain access to a certain system and will plead for help. If this cybercriminal has the right charisma, he can pretty easily persuade someone into giving him exactly what he wants. 

Another way hackers rely on social engineering is by physically breaking into a company's office. In the same scenario where the cybercriminal needs login credentials, he might put on a pair of overalls and say he's an electrician. If he can make it past the front desk, he might get lucky enough to find a person's username and password written on a sticky note on their computer. If he's not that fortunate, he could even install a keylogger on someone's machine that could give him the information he needs. 

Every person allowed into the office needs to be vetted. That friendly electrician may not be as innocent as he looks.

While these two scenarios aren't the only ways social engineering techniques are deployed, the point is that all of these attacks rely on unearned trust from your employees. People want to help those in need, and hackers use this desire to get what they want. 

Companies just aren't prepared

Due to the fact that social engineering relies on good-hearted people just trying to be nice, there's a real chance that your company is at risk. This is especially true of employees who have to be helpful by nature of their position, such as receptionists and HR workers. However, this epidemic reaches just about every inch of most companies. 

"Two-thirds of employees will give out information like their Social Security numbers."

A security company called Social-Engineer took a deep look into just how big of an issue this hacking technique is. They found that around 90 percent of employees will give up their names and email addresses without even confirming who's calling. That's certainly an issue, but the real problem is that around two-thirds of employees will give out information like their Social Security numbers. On top of that, Social-Engineer has a perfect record when it comes to physically breaking into an office, which shows just how vulnerable companies are. 

How can you avoid an attack? 

Clearly, a majority of companies are in serious risk of a breach due to social engineering. Thankfully, there are some steps administrators can take in order to lessen the chances of an employee making a grave error. 

To begin, you'll want to hold a mandatory meeting for all employees about security. If possible, try to break up the courses by department so you can discuss specific needs with all the different professionals at your company.At these meetings, you'll need to discuss social engineering attacks like impersonation and phishing, as well as how to report these issues should one arise. 

Finally, and perhaps most importantly, you'll want to lower the number of individuals who have access to admin privileges. The more people you have with access to every system, the larger your attack surface area. 

3 Cybersecurity Tips For 2018

Cybersecurity has become one of the most important areas of study for the new millennium. With so much data being traded and stored in the digital landscape, it just makes sense for criminals to focus their energy on this new means of theft.

That said, the simple novelty of hacking in terms of human history means that companies are still trying learning and adapting to the new threats facing them. For example, the idea that a criminal could hold your information hostage would have seemed ludicrous a few years ago. Now, society is dealing with ransomware attacks like the 2017 “WannaCry” malware that experts have estimated cost the economy around $4 billion.

The world is changing rapidly, but this doesn’t mean your organization has to be left behind. The next year certainly holds surprises for the cybersecurity industry, but following these tips can help prepare your company for the worst of it.

1. Backup your data now

Data is at the heart of any company’s success. It’s simply impossible for organizations to function without information, which is why it’s so shocking that so many businesses don’t properly backup the data they create and collect.

To begin, not doing so is simply an accident waiting to happen, especially for small businesses. In fact, a study posted by Small Business Trends found that 58 percent of small organizations are not at all ready for a data loss event.

However, the truly frightening aspect of this is the fact that a robust backup system is often the best protection against a multitude of attacks. The best example of this is ransomware, which is where the hacker encrypts the data on a device or network and will only unlock it when paid a certain amount of money. What’s more, security firm SOPHOS stated that the increased market for ransomware kits on the dark web is going to lead to a rise in attacks in 2018.

Wiping the ransomware from a gadget without removing the data itself is next to impossible most of the time, which is why many experts recommend 3-2-1 backup. This process requires three copies of a piece of data where two are stored on different mediums – such as the cloud and a physical drive – and one must be kept offsite.

Those looking to boost their backup system should consider the Backup-as-a-Service model offered by ISG Technology. Our top-of-the-line system uses the cloud to implement robust backup, which allows you to utilize multiple mediums and store data offsite.

2. Discuss security with your employees

Although a lot of people think of high-tech solutions when it comes to cybersecurity, the fact of the matter is that a huge portion of successful hacks have to do with something called social engineering. This is where the cybercriminal uses pity, deceit and emotional manipulation to get what they want out of an employee.

“Just about every person is vulnerable to social engineering.”

Most people don’t know it, but just about every person is vulnerable to social engineering. In fact, experts at security firm Social-Engineer have found that around 90 percent of the employees they try to hack end up willingly giving up their names and email addresses without even confirming the identity of the person asking. But that’s not all. Around two-thirds of people will give their Social Security numbers, birthdays or employee identification numbers.

Clearly, this is a major attack vector and it makes sense that hackers would exploit it as much as they do. Therefore, it’s important to educate employees on the multitude of ways a cybercriminal could use their benevolence against the company.

To begin, employers must emphasize the importance of vigilance when it comes to email. Hackers love beginning their attacks through something called phishing, which is where they send messages to workers in the hopes that one of them will click a link or give up sensitive information. However, the real problem many companies are dealing with these days is spear phishing, which is where the hacker targets a specific person by using information about them to convince them the email is legitimate.

According to PhishMe, attacks of this nature rose about 55 percent in 2016. What’s more, around 91 percent of data breaches can be traced back to an original spear phishing email.

Companies need to be scared of phishing. Phishing is a huge issue that many companies aren’t taking seriously.

Therefore, it falls upon employers to convince employees of the importance of email security. This should certainly involve a company-wide meeting discussing the risks, but it’s also vital that administrators set up tests for workers to see if they’ll fall for such an attack. Hackers have been relentless with spear phishing and it looks like that will continue in 2018, so the best way to avoid such an issue is to stress email security now.

3. Keep an eye on mobile security

Mobile devices aren’t a luxury anymore. They’re a vital necessity for workers all over the world, and ignoring this fact could have enormous security ramifications. The Pew Research Center found that 77 percent of Americans owned smartphones in 2016, This is causing a lot of companies to understand the value of the bring-your-own-device trend, which allows employees to use their own gadgets for work-related purposes.

While BYOD is certainly a huge step forward, the fact that many organizations are ignoring it is extremely dangerous. Gartner found that around 37 percent of employees are currently using their own devices for work without the knowledge of their employers.

The ramification here is that a huge number of devices are accessing sensitive company information without any sort of uniform security system protecting them.

While the importance of security measures must be stressed to employees, ignoring BYOD is most likely doing your company more harm than good. Therefore, the new year is a great opportunity to reorganize how your business handles employee-owned devices.

The future may be uncertain, but that shouldn’t paralyze you. By taking the proper precautions and being prepared for whatever cybercriminals can throw at you, you can avoid the biggest mistakes and ensure the success of your firm.

Video: ISG Security – Put Trust On Your Side

Just as quickly as new technologies are developed to secure the information your organization is responsible for, cybercriminals are discovering new ways to get in. And to do it, they’re exploiting one thing – trust.

When you put ISG Technology to work for you, you don’t just put industry leading security experts on your team, you put security at the top of your priority list. You put the concern that someone might be selling you a short-sighted solution to the wayside. You put trust back where it belongs – on your side.

Get Our Whitepaper: 5 Things You Probably Trust, and How They Affect The Security Of Your Business
Download Now

Video: The Anatomy of an Attack – Vol. 1

Watch Cisco’s Ransomware Video: The Anatomy of an Attack to see how an effective ransomware attack comes together. This is why today’s enterprises require effective security. Learn how Cisco Email Security and Umbrella DNS provide dynamic security against ransomware. Umbrella DNS is cloud-based to provide security for all users on or off a network – essential cover for mobile devices and employees working out of office.

Only suspicious websites are redirected by Umbrella DNS for further investigation, offering robust security without compromising network speed or performance. If you manage to connect to a malicious website, Umbrella DNS blocks the site from requesting data, protecting your network until the threat is removed.

When you put ISG Technology to work for you, you don’t just put industry leading security experts on your team, you put security at the top of your priority list. You put the concern that someone might be selling you a short-sighted solution to the wayside. You put trust back where it belongs – on your side.

Video Thumbnail

Biggest cybersecurity mistakes businesses make

WannaCry attacks in June and NotPetya breaches this month serve as stark reminders that cyberattacks are still a very real threat and that businesses must protect themselves. The Black Hat Attendee Survey found that a majority of professionals believe that they will have to respond to a major breach of critical U.S. infrastructure within the next two years. However, are these organizations and other companies ready to face damaging breach events? Let's take a look at some of the biggest cybersecurity mistakes that business make:

1. Trusting your employees

Human error is the single largest cause of security breaches, network infections and data loss. While your employees might be reputable individuals, that won't prevent them from falling victim to a phishing attack or other malicious downloads. Harvard Business Review contributor Marc van Zadelhoff noted that misaddressed emails, stolen devices and confidential data sent to insecure systems are all very costly mistakes that well-meaning insiders can make. Hackers are even adept at leveraging stolen credentials to increase their access within a network to steal sensitive information.

"Understanding the users who hold the potential for greatest damage is critical," van Zadelhoff wrote. "Addressing the security risks that these people represent, and the critical assets they access, should be a priority. In particular, monitor IT admins, top executives, key vendors, and at-risk employees with greater vigilance.

Human error is the biggest cause of data breaches.Human error is the biggest cause of data breaches.

The biggest issue here is that infiltration techniques are becoming so sophisticated, they look legitimate and can fly under the radar of some security tools. To reduce the risk of human error, it's essential to go back to the basics, with comprehensive training for safe internet use practices. Educating employees will raise awareness and be a major step toward reducing the potential threat surface. Leaders should also enforce company use policies and establishing proper technology use protocols when working at the office and remotely.

2. Having faith in the technology

Technology exists to solve specific sets of problems, but relying on it too much might be your downfall. Failures can cost time, money, productivity as well as the trust of partners, customers and employees. It's important to setup the right solutions and create policies to guide staff through worst case scenarios. Dark Reading contributor Roman Foeckl noted that using just an antivirus and a firewall is not enough to secure data anymore. Threats have significantly evolved and are continuing to advance at a rapid rate. It's within your best interest to update your security systems to ensure it's maintained correctly and will address the newest threats.

Establish procedures around data loss prevention and test them on a regular basis. Ensure that you can recover quickly and that you have a plan B instated in case your critical assets fail. This will help ensure that your policies are effective and that the data will be protected appropriately. Staff members should also have the necessary knowledge and support to use the technology effectively and mitigate potential risks.

"Unencrypted devices create a massive problem as anyone could gain access to sensitive information."

3. Ignoring the basics

While many organizations are focusing on establishing sophisticated cybersecurity structures, it's important to start with the basics. For example, organizations might not encrypt their laptops or business cellphones. Unencrypted devices create a massive problem as anyone could gain access to sensitive information and business resources, the National Federation of Independent Business stated. Measures should be in place to scramble data in case someone without the encryption password tries enter a lost or stolen device.

Some companies also don't have strict password enforcement. Employees might use a simple password or could leverage the same password across multiple channels. These situations make it easier for hackers to get into sensitive systems and other accounts. Leaders must also ensure that any access credentials for departing employees are changed immediately. This will prevent any malicious intent and narrow the potential threat landscape. Create policies around remote wipe capabilities and what processes must be observed following a worker's exit. 

Cybersecurity is a complex pursuit, but necessary to keep businesses and their data safe. At ISG Technology, we have the expertise and means to restore your trust in your network and your technology partner. For more information on avoiding cybersecurity mistakes, contact us today.