Posts

Ensuring Network Security: Best Practices Guide

/in /by

In the rapidly evolving landscape of the digital world, network security has become an indispensable concern for businesses and individuals alike. With cyber threats growing in sophistication and frequency, it’s crucial to implement robust security measures to safeguard sensitive data and maintain the integrity of your network. In this comprehensive guide, we will delve into the best practices for ensuring network security that will not only protect your systems but also help you outrank other websites in Google’s search results.

Understanding the Importance of Network Security

Network security is the foundation of a safe and reliable digital environment. It encompasses a wide range of strategies, policies, and technologies designed to defend against unauthorized access, data breaches, and other cyber threats. Here’s why it should be a top priority:

Data Protection

Data is the lifeblood of any organization. Ensuring the confidentiality, integrity, and availability of data is paramount. Network security measures help prevent data leaks, ensuring that sensitive information remains confidential.

Business Continuity

A security breach can disrupt operations, leading to downtime and financial losses. Robust network security safeguards your business’s continuity by minimizing the risk of such disruptions.

Reputation Management

A data breach can tarnish your brand’s reputation. Implementing strong security practices not only protects your data but also maintains the trust of your customers and stakeholders.

Best Practices for Network Security

Now that we’ve established the importance of network security, let’s explore the best practices that will help you fortify your network and outrank competing websites on Google.

1. Conduct Regular Security Audits

To identify vulnerabilities in your network, conduct regular security audits. This involves evaluating your network’s infrastructure, software, and policies to pinpoint weaknesses. Address these vulnerabilities promptly to minimize the risk of cyberattacks.

2. Employ Strong Authentication

Implement multi-factor authentication (MFA) to enhance user login security. MFA requires users to provide multiple forms of verification, such as a password and a one-time code sent to their mobile device. This significantly reduces the risk of unauthorized access.

3. Keep Software and Hardware Updated

Outdated software and hardware are more susceptible to security vulnerabilities. Ensure that all your systems, applications, and devices receive regular updates and patches. This keeps potential entry points for cybercriminals up to date and secure.

4. Educate Your Team

Human error is a common cause of security breaches. Educate your employees about security best practices, such as recognizing phishing attempts and using strong passwords. Regular training and awareness programs can go a long way in strengthening your network’s security.

5. Implement Network Segmentation

Divide your network into segments to limit the potential impact of a breach. By isolating sensitive data and critical systems from the rest of your network, you can contain security incidents and prevent them from spreading.

6. Employ Intrusion Detection and Prevention Systems (IDPS)

IDPS continuously monitor network traffic for suspicious activities and intrusions. They can automatically block or alert administrators about potential threats, allowing for rapid response to security incidents.

7. Back Up Data Regularly

Data backups are a crucial part of network security. In the event of a ransomware attack or data loss, having up-to-date backups ensures that you can quickly recover your data and minimize downtime.

8. Create an Incident Response Plan

Prepare for the worst-case scenario by developing a comprehensive incident response plan. This plan should outline the steps to take in the event of a security breach, ensuring a swift and effective response to mitigate damage.

Network security is not a one-size-fits-all solution. It requires a multifaceted approach, incorporating the best practices mentioned above to protect your organization’s digital assets effectively. By prioritizing network security, you not only safeguard your data and operations but also enhance your online presence and outrank competing websites on Google. Remember, a secure network is the foundation upon which trust and success are built in the digital age.

Firewall Setup & Optimization: A Comprehensive Guide

/in /by

In today’s digital age, where the internet plays a pivotal role in our daily lives, cybersecurity has become a paramount concern. With cyber threats evolving constantly, protecting your digital assets and sensitive information has never been more critical. That’s where a robust firewall setup and optimization come into play. In this comprehensive guide, we will delve deep into the world of firewalls, exploring their importance, types, setup procedures, and optimization techniques to ensure your online safety.

Understanding the Significance of Firewalls

Firewalls, in the realm of cybersecurity, act as a shield between your network and potential threats from the internet. They are your first line of defense, monitoring incoming and outgoing traffic and allowing or blocking data packets based on a set of predetermined security rules. Here are some key reasons why firewalls are indispensable:

1. Protection Against Unauthorized Access

  • Firewalls prevent unauthorized access to your network or computer. They scrutinize incoming connection requests and only allow access to trusted sources, safeguarding your sensitive data.

2. Malware and Virus Defense

  • By examining data packets for malicious code, firewalls thwart malware and viruses from infiltrating your system. This is especially crucial in today’s world, where malware attacks are rampant.

3. Network Privacy

  • Firewalls enhance network privacy by concealing your IP address and making it difficult for hackers to trace your online activities.

4. Regulatory Compliance

  • For businesses, adhering to various regulatory standards is mandatory. A well-configured firewall ensures compliance with data protection regulations.

Types of Firewalls

Before diving into the setup and optimization process, it’s essential to understand the different types of firewalls available:

1. Packet Filtering Firewalls

  • These firewalls inspect individual data packets and determine whether to allow or block them based on predefined rules. While simple, they lack the sophistication of more modern firewall types.

2. Stateful Inspection Firewalls

  • Combining packet filtering with an understanding of the state of active connections, stateful inspection firewalls offer improved security by tracking the state of connections and making decisions based on the context.

3. Proxy Firewalls

  • Proxy firewalls act as intermediaries between your network and the internet. They forward requests and responses, adding an additional layer of security by hiding your network’s internal structure.

4. Next-Generation Firewalls (NGFW)

  • NGFWs are the latest evolution in firewall technology. They incorporate deep packet inspection, intrusion detection, and application-level filtering to provide comprehensive security.

Firewall Setup

Now, let’s get into the nitty-gritty of setting up a firewall for optimal protection. While the specific steps may vary depending on your chosen firewall hardware or software, the following are general guidelines:

1. Selecting the Right Firewall Solution

  • Choose a firewall solution that aligns with your needs. Consider factors like scalability, ease of management, and the level of security required. Popular choices include hardware firewalls, software firewalls, and cloud-based options.

2. Network Segmentation

  • Divide your network into segments, separating sensitive data from less critical information. This reduces the attack surface and limits potential damage.

3. Rule Configuration

  • Create firewall rules that dictate how traffic should be handled. These rules should be based on the principle of least privilege, allowing only necessary traffic and services.

4. Regular Updates and Patch Management

  • Ensure your firewall software and firmware are up-to-date. Manufacturers release updates to address vulnerabilities, and staying current is essential for security.

Firewall Optimization

Optimizing your firewall is just as important as setting it up correctly. Optimization ensures that your firewall operates efficiently and continues to protect your network effectively.

1. Performance Tuning

  • Regularly monitor your firewall’s performance and adjust settings as needed. This may include fine-tuning rule sets, optimizing bandwidth usage, and load balancing.

2. Logging and Monitoring

  • Implement robust logging and monitoring procedures to track network activity. This will help you identify suspicious behavior and potential threats in real-time.

3. Security Policy Review

  • Regularly review and update your firewall’s security policies. As your network evolves, so should your firewall rules to adapt to new threats and requirements.

4. User Education

  • Educate your employees or users about safe online practices. Even the most secure firewall can be compromised if users unwittingly click on malicious links or download infected files.

To sum it up, a well-configured and optimized firewall stands as your first and most formidable line of defense against cyber threats in today’s interconnected world. By understanding the various types of firewalls, diligently following proper setup procedures, and continually fine-tuning your firewall’s performance, you can ensure the safety and security of your digital assets. Remember, cybersecurity is an ongoing process, and maintaining vigilance is paramount in safeguarding your network and sensitive information.

ISG Technology Recognized on CRN’s 2023 Security 100 List

/in /by

Overland Park, KS, March 15, 2023 — ISG Technology, today announced that CRN®, a brand of The Channel Company, will feature ISG Technology to its Managed Service Provider (MSP) 500 list in the Security 100 category for 2023. CRN’s annual MSP 500 list identifies the industry-leading service providers in North America who are driving a new wave of growth and innovation for the channel through forward-thinking approaches to managed services, helping end users increase efficiency and simplify IT solutions, while maximizing their return on investment.

MSPs have become a vital part of the success of businesses worldwide. MSPs not only empower organizations to leverage intricate technologies but also help them keep a strict focus on their core business goals without straining their budgets.

The annual MSP 500 list is divided into three sections: the MSP Pioneer 250, recognizing companies with business models weighted toward managed services and largely focused on the SMB market; the MSP Elite 150, recognizing large, data center-focused MSPs with a strong mix of on- and off-premises services; and the Managed Security 100, recognizing MSPs focused primarily on off-premises and cloud-based security services.

“We continue to see increasing demand for our managed services, especially our managed security offering.” “Unfortunately, too many companies are experiencing breaches and then getting ahold of us to remediate the situation. It’s keeping our incident response team busy, but we’d prefer to help companies get proactive with their cybersecurity efforts and their overall IT operations.”

Brent McCollum, COO of ISG Technology

“Managed services offer a path for businesses of all sizes to remain efficient and flexible as they grow,” said Blaine Raddon, CEO of The Channel Company. “The solution providers on our 2023 MSP 500 list are bringing innovative managed services portfolios to market, helping their customers win by doing more with the IT budgets they have and freeing up resources to focus on mission-critical activities to drive future success.”

Blaine Raddon, CEO of The Channel Company

The MSP 500 list will be featured in the February 2023 issue of CRN and online at www.crn.com/msp500.

About ISG Technology

ISG Technology helps organizations unlock possibilities so they can realize their full business potential. They do it by providing a unique combination of managed IT services, technology consulting, professional services, and cloud/data center solutions.

Part of the Twin Valley Family of Companies and a fourth-generation family business, ISG Technology has grown and evolved into the recognized leader in the Midwest by aligning its success with the long-term success of its clients. They are consistently recognized in CRN’s Top IT Providers in the nation, most recently as part of the Tech Elite 150 for excellence in managed IT services.

ISG is headquartered in Overland Park, KS, with 8 locations across the Midwest including a regional network of SOC II Certified data centers. For more information please contact Scott Strickler, Director of Marketing, ISG Technology, 913-826-6058.

About The Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequalled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

© 2023 The Channel Company LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.

The Channel Company Contact:

Natalie Lewis

The Channel Company

nlewis@thechannelcompany.com

Log4J – What it is. And What You Need to Know.

/in /by

What is Log4J?

Log4j2, also known as Log4Shell, is a vulnerability that exploits Apache Log4j – a free, open source software that provides logging functionality, debugging and other mundane functions most people don’t think about.

On December 10th, the National Institute of Standards and Technology (NIST) issued cyber security alert CVE-2021-44228 giving it a “10.0 Critical” severity rating. If exploited, bad actors can completely take over a server running Log4J, steal money, data, etc. via Remote Code Execution (RCE).

How Widespread is the Log4j Vulnerability?

Because of its reliability and flexibility, Log4j is used by thousands of websites and applications across the world. Companies like VMware, Microsoft, Cisco and others are evaluating various product sets to determine the extent of the exposure. One thing we do know, is the challenge is worldwide and it affects companies of all sizes.

A list of known Log4j related softwares has been published on Github to help identify where you may have vulnerabilities. Important to note is that the risk of exploitation applies to public devices and applications.

What is being done?

The Apache Software Foundation has issued patch revision 2.16 which disables some underlying code within Log4j 2 that allows exploitation. But with the widespread nature of the framework/applet it is not yet know how many systems, appliances, and software applications are affected.

ISG Technology is actively working with our vendors and partners to identify any potential exposure that may exist within our customer base. We are also scanning our systems and the customer systems which we manage to find and address Log4j vulnerabilities. If you have any questions, please reach out to your ISG representative or Contact Us to schedule a meeting.

What can you do to protect yourself?

Apply the Patch – The first thing to do is apply the Log4j patch if the application allows for it. Please note that most vendors/manufacturers will need to provide unique patches for their specific applications. And, just like any patch, this can cause downstream issues. So, make sure to check any connected systems to ensure they are fully operational after the patch.

Scan Your Systems – There are a handful of ways to scan your systems for this vulnerability. If you’d like help doing this, reach out to your ISG representative or Contact Us to schedule a meeting.

The Role of Firewalls in Defending Your Data

/in /by

A firewall is an essential part of your cybersecurity. It serves an integral part in your organization’s defense against threats and cyber attacks.

A firewall protects many vulnerable programs on your systems. It forms one of the crucial layers in a company’s layered security strategy. If you want a layered security architecture, you need a stable firewall.

Besides the firewall, your layered security should also include the following;

  • Regular assessments
  • Endpoint protection
  • Employee training and awareness
  • Web and email filtering
  • User access control
  • Patch management
  • Data backups

These elements constitute multi-layer cybersecurity. With these multiple security layers, your risk of a security breach is minimized.

What is a Firewall?

A firewall is a security firmware or software that forms a barrier between networks to allow and block certain traffic. It inspects traffic so that it can block threats that might harm your systems.

Firewalls are designed to authorize low-risk traffic that might not harm your network. If it detects harmful traffic, either from a virus or a hacker trying to gain entry, it blocks it immediately.

Just like a guard in your gates, a firewall prevents what’s coming in and going out. It uses pre-set commands to filter suspicious and unsecured sources. It guards traffic from a computer’s entry point.

Why is a Firewall Important?

It is vital to have a stable and reliable firewall in your company’s network. It plays a crucial role in protecting it from intruders. Ideally, it acts as a guard to your perimeter, performing the following tasks:

Preventing Hacks

With businesses taking a digital approach, hacking activities continue to rise significantly. A firewall defends you from unauthorized connections, potentially from hackers. Firewalls have become an essential part of any company that wants to protect its data. It can deter a hacker from accessing your network entirely.

Monitoring Network Traffic

A firewall monitors traffic at all times to safeguard your network. Your IT team can rely on the information gained from continuous monitoring to create advanced security layers.

Promoting Privacy

Since firewalls proactively keep your network safe, they promote brand reputation. Clients know they can trust your company with their data since all systems are secure and inaccessible by hackers. With a strong firewall, no data can be stolen whatsoever.

Different Types of Firewalls

There are multiple types of firewalls that help block malicious traffic, including proxy service, stateful inspection, and packet filtering. These firewalls limit network entry based on different criteria. Each has their own advantages and disadvantages, which is why firewall technology has produced something more well-rounded: next-generation firewalls.

Next-Generation Firewalls

A next-generation firewall (NGFW) combines all the strengths of past firewall technologies into one tool. This bundle of security measures includes elements such as:

  • Antivirus
  • Intrusion prevention
  • Encrypted traffic inspection
  • Deep packet inspection

NGFWs are more advanced than traditional firewalls and help forge your cybersecurity. They move beyond port/protocol, blocking to a more advanced protection system.

The Benefits of an NGFW  

A NGFW is a threat-focused approach that provides advanced risk detection. It’s the gold standard of firewall protection. If you have not implemented an NGFW, then you are doing your business a disservice.

Advanced Policy Control

Thanks to deep packet inspection, next-generation firewalls enable the use of internet applications that allow more productivity while blocking less desirable applications. Unlike the traditional firewalls that only allow or block traffic, NGFWs deny access to all applications considered insecure.

Content and User Identification

NGFWs monitor and scan content in real-time, so no data can leak. This includes filtering and files and threat identification. Also, these firewalls easily detect specific users responsible for traffic that poses threats.

Firewalls Reinforce a Layered Security Approach

Cybersecurty is crucial in today’s world. Threats are constantly evolving, and defenses must continuously improve to stay ahead. 

Securing your network should be a top priority for all businesses. The best way to remain secure is to implement a layered approach to your cybersecurity

At ISG Technology, we are committed to helping businesses improve their network security. Get in touch with us today to consult with our experts.

4 cybersecurity facts your company's leadership team should know

/in /by

As the owner or manager of a company, you entrust your team leaders to handle a number of important responsibilities to ensure smooth daily operations. One of those responsibilities should be cybersecurity. It’s essential to keep sensitive company data safe from hackers. Not only that, but viruses and malware still pose a very real threat. And today’s privacy laws and regulations demand that you be protective of customer data, as well.

If your team leaders are already aware of the threat cyber criminals pose, kudos to them. But are they as informed as they should be? And what’s more, how do you know the protection they have put in place is sufficient? Are your leaders fully aware of all the important cybersecurity facts they need to know to protect the business?

While technology has certainly facilitated the way we do business, it has also paved the way for hackers and digital thieves to take advantage of the vulnerabilities in your network. All that company data—data you rely on day in, day out to do business—is at risk. Here are a couple stats to help you understand the magnitude of the issue:

That’s why it’s important that company leaders stay well informed on a number of important cybersecurity facts. Equipped with this important knowledge, they can better combat and protect your data from the growing environment of cyberthreats.

Cybersecurity fact #1:

Cybersecurity measures often fail due to human error

This is one of the most important cybersecurity facts. Cybercriminals are pretty savvy individuals. They rely on the negligence and lack of knowledge of employees in a business to enable them to gain entry into the network or infect a computer.

Consider the damage a single employee can do. Is everyone in your office safe when browsing the internet and downloading files? Do your team leaders know how to avoid falling for spear phishing scams? Does everyone use secure passwords?

A basic education in keeping the company safe is critical, and that starts with your leadership team. Make sure they know these cybersecurity facts.

Cybersecurity fact #2:

Cybercriminals are always seeking to exploit loopholes in virus protection application

The latest version of that virus protection software you’ve installed might not stop a virus or malware developed the very next day. That’s because hackers can quickly find ways to breach virus protection software.

To combat this, software companies quickly and consistently release updates to combat new threats. But you often have to install these updates manually. In the interim, malware, spyware, or a virus could slip through.

Your IT department may take care of all relevant updates. But if policy requires the end-user to update their own machine, make sure your leaders under stand the importance of these updates.

Cybersecurity fact #3:

Offsite backups through the cloud can help protect your data

If you’ve become infected with malware, or worse yet, ransomware, then your data may become corrupted or even lost. Unless, of course, you have a backup.

But it’s possible that local backups are compromised, too. That’s why many companies utilize cloud computing and cloud-based data backup services, where data is backed up to a secure, off-site location.

While it may not change anything about how your team leaders do their day-to-day jobs, make sure they understand the importance of backups. A better understanding of the value of the data they work with will inevitably result in greater care to protect that data.

Cybersecurity fact #4:

The most common method that cyber criminals use is email

As mentioned above, employees can unknowingly click on a link in an email or download an attached file without realizing that they have just allowed malware or spyware to be installed on their system.

Team leaders must teach employees to be ever vigilant when visiting websites and downloading files, and especially when clicking on links in email. They must be taught to recognize the signs of a possible scam or fake website. No one should every download any files they aren’t 100% sure about.

Cybersecurity facts matter

Everyone in the organization needs to take cybersecurity very seriously, not just team leaders. But for many companies, a well-educated staff starts with fully-informed team leaders.

After all, it only takes one wrong click to invite a cybercriminal into your system.

Critical Cisco Systems Vulnerability: Patching Needed

/0 Comments/in , , /by

On January 31st, Cisco Systems disclosed a vulnerability allowing up to complete control of a device from the Internet, affecting Cisco ASA Software that is running on several Cisco products.  The purpose of this blog post is to:

  • Help you understand the issue
  • Point you to trusted resources to explain it in more depth
  • Determine how you can protect yourself against it

The Issue

Cisco Systems released an advisory and a patch for a vulnerability allowing up to complete control of a device from the Internet.

What You Should Do

Check the following systems for the webvpn configuration, and if enabled for external communications, the systems need the patch from Cisco.

Vulnerable Products[1]

This vulnerability affects Cisco ASA Software that is running on the following Cisco products:

  • 3000 Series Industrial Security Appliance (ISA)
  • ASA 5500 Series Adaptive Security Appliances
  • ASA 5500-X Series Next-Generation Firewalls
  • ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers
  • ASA 1000V Cloud Firewall
  • Adaptive Security Virtual Appliance (ASAv)
  • Firepower 2100 Series Security Appliance
  • Firepower 4110 Security Appliance
  • Firepower 9300 ASA Security Module
  • Firepower Threat Defense Software (FTD)

What ISG Is Doing

Currently, the ISG Data Centers are following our normal process for patching, with additional analysis for the critical configuration problems.  Our service engineers are available to assist any customer with any Cisco product help in regards to this issue and any other issue.

References & Further Information

Please view the Cisco advisory linked below for more technical details on the products and vulnerability.  Ars Technica also produced a story about the issue: https://arstechnica.com/information-technology/2018/01/cisco-drops-a-mega-vulnerability-alert-for-vpn-devices/

[1] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1 

Why should your company fear social engineering?

/0 Comments/in , /by

Cybersecurity may be the biggest issue facing the enterprise. The costs of dealing with an attack are through the roof, and experts believe it's only going to get worse. The Official 2017 Annual Cybercrime Report from Cybersecurity Ventures predicted that by 2021, cybercrime would cost the worldwide economy around $6 trillion

With so much money funneling into the criminal underground, it's easy to see why so many companies are terrified of a hack. To satisfy this urgent need for data safety, businesses have started to invest in highly-complex technologies aimed at catching digital incursions before they get out of hand. These systems are certainly necessary in this day an age, but many administrators mistakenly think they're the only way to secure information. 

In fact, many hackers actually rely on a technique called social engineering. This approach is incredibly successful, mainly due to the fact that companies don't plan for it. To help officials stave off such an attack, let's explore exactly what social engineering is and what you can do to prevent it. 

How does social engineering work? 

Although the term is used to discuss a certain type of attack, social engineering actually encompasses a wide range of hacking techniques. That said, they basically all boil down to using human error to accomplish a goal. 

For instance, a hacker may come to find that he needs login credentials to access a certain data set. One popular technique in such a situation involves the hacker calling the front desk to say that they've just been hired at the company. They could spin a sob story about not being able to gain access to a certain system and will plead for help. If this cybercriminal has the right charisma, he can pretty easily persuade someone into giving him exactly what he wants. 

Another way hackers rely on social engineering is by physically breaking into a company's office. In the same scenario where the cybercriminal needs login credentials, he might put on a pair of overalls and say he's an electrician. If he can make it past the front desk, he might get lucky enough to find a person's username and password written on a sticky note on their computer. If he's not that fortunate, he could even install a keylogger on someone's machine that could give him the information he needs. 

Every person allowed into the office needs to be vetted. That friendly electrician may not be as innocent as he looks.

While these two scenarios aren't the only ways social engineering techniques are deployed, the point is that all of these attacks rely on unearned trust from your employees. People want to help those in need, and hackers use this desire to get what they want. 

Companies just aren't prepared

Due to the fact that social engineering relies on good-hearted people just trying to be nice, there's a real chance that your company is at risk. This is especially true of employees who have to be helpful by nature of their position, such as receptionists and HR workers. However, this epidemic reaches just about every inch of most companies. 

"Two-thirds of employees will give out information like their Social Security numbers."

A security company called Social-Engineer took a deep look into just how big of an issue this hacking technique is. They found that around 90 percent of employees will give up their names and email addresses without even confirming who's calling. That's certainly an issue, but the real problem is that around two-thirds of employees will give out information like their Social Security numbers. On top of that, Social-Engineer has a perfect record when it comes to physically breaking into an office, which shows just how vulnerable companies are. 

How can you avoid an attack? 

Clearly, a majority of companies are in serious risk of a breach due to social engineering. Thankfully, there are some steps administrators can take in order to lessen the chances of an employee making a grave error. 

To begin, you'll want to hold a mandatory meeting for all employees about security. If possible, try to break up the courses by department so you can discuss specific needs with all the different professionals at your company.At these meetings, you'll need to discuss social engineering attacks like impersonation and phishing, as well as how to report these issues should one arise. 

Finally, and perhaps most importantly, you'll want to lower the number of individuals who have access to admin privileges. The more people you have with access to every system, the larger your attack surface area. 

3 Cybersecurity Tips For 2018

/0 Comments/in , /by

Cybersecurity has become one of the most important areas of study for the new millennium. With so much data being traded and stored in the digital landscape, it just makes sense for criminals to focus their energy on this new means of theft.

That said, the simple novelty of hacking in terms of human history means that companies are still trying learning and adapting to the new threats facing them. For example, the idea that a criminal could hold your information hostage would have seemed ludicrous a few years ago. Now, society is dealing with ransomware attacks like the 2017 “WannaCry” malware that experts have estimated cost the economy around $4 billion.

The world is changing rapidly, but this doesn’t mean your organization has to be left behind. The next year certainly holds surprises for the cybersecurity industry, but following these tips can help prepare your company for the worst of it.

1. Backup your data now

Data is at the heart of any company’s success. It’s simply impossible for organizations to function without information, which is why it’s so shocking that so many businesses don’t properly backup the data they create and collect.

To begin, not doing so is simply an accident waiting to happen, especially for small businesses. In fact, a study posted by Small Business Trends found that 58 percent of small organizations are not at all ready for a data loss event.

However, the truly frightening aspect of this is the fact that a robust backup system is often the best protection against a multitude of attacks. The best example of this is ransomware, which is where the hacker encrypts the data on a device or network and will only unlock it when paid a certain amount of money. What’s more, security firm SOPHOS stated that the increased market for ransomware kits on the dark web is going to lead to a rise in attacks in 2018.

Wiping the ransomware from a gadget without removing the data itself is next to impossible most of the time, which is why many experts recommend 3-2-1 backup. This process requires three copies of a piece of data where two are stored on different mediums – such as the cloud and a physical drive – and one must be kept offsite.

Those looking to boost their backup system should consider the Backup-as-a-Service model offered by ISG Technology. Our top-of-the-line system uses the cloud to implement robust backup, which allows you to utilize multiple mediums and store data offsite.

2. Discuss security with your employees

Although a lot of people think of high-tech solutions when it comes to cybersecurity, the fact of the matter is that a huge portion of successful hacks have to do with something called social engineering. This is where the cybercriminal uses pity, deceit and emotional manipulation to get what they want out of an employee.

“Just about every person is vulnerable to social engineering.”

Most people don’t know it, but just about every person is vulnerable to social engineering. In fact, experts at security firm Social-Engineer have found that around 90 percent of the employees they try to hack end up willingly giving up their names and email addresses without even confirming the identity of the person asking. But that’s not all. Around two-thirds of people will give their Social Security numbers, birthdays or employee identification numbers.

Clearly, this is a major attack vector and it makes sense that hackers would exploit it as much as they do. Therefore, it’s important to educate employees on the multitude of ways a cybercriminal could use their benevolence against the company.

To begin, employers must emphasize the importance of vigilance when it comes to email. Hackers love beginning their attacks through something called phishing, which is where they send messages to workers in the hopes that one of them will click a link or give up sensitive information. However, the real problem many companies are dealing with these days is spear phishing, which is where the hacker targets a specific person by using information about them to convince them the email is legitimate.

According to PhishMe, attacks of this nature rose about 55 percent in 2016. What’s more, around 91 percent of data breaches can be traced back to an original spear phishing email.

Companies need to be scared of phishing. Phishing is a huge issue that many companies aren’t taking seriously.

Therefore, it falls upon employers to convince employees of the importance of email security. This should certainly involve a company-wide meeting discussing the risks, but it’s also vital that administrators set up tests for workers to see if they’ll fall for such an attack. Hackers have been relentless with spear phishing and it looks like that will continue in 2018, so the best way to avoid such an issue is to stress email security now.

3. Keep an eye on mobile security

Mobile devices aren’t a luxury anymore. They’re a vital necessity for workers all over the world, and ignoring this fact could have enormous security ramifications. The Pew Research Center found that 77 percent of Americans owned smartphones in 2016, This is causing a lot of companies to understand the value of the bring-your-own-device trend, which allows employees to use their own gadgets for work-related purposes.

While BYOD is certainly a huge step forward, the fact that many organizations are ignoring it is extremely dangerous. Gartner found that around 37 percent of employees are currently using their own devices for work without the knowledge of their employers.

The ramification here is that a huge number of devices are accessing sensitive company information without any sort of uniform security system protecting them.

While the importance of security measures must be stressed to employees, ignoring BYOD is most likely doing your company more harm than good. Therefore, the new year is a great opportunity to reorganize how your business handles employee-owned devices.

The future may be uncertain, but that shouldn’t paralyze you. By taking the proper precautions and being prepared for whatever cybercriminals can throw at you, you can avoid the biggest mistakes and ensure the success of your firm.

Video: ISG Security – Put Trust On Your Side

/in , , , , , , , /by

Just as quickly as new technologies are developed to secure the information your organization is responsible for, cybercriminals are discovering new ways to get in. And to do it, they’re exploiting one thing – trust.

When you put ISG Technology to work for you, you don’t just put industry leading security experts on your team, you put security at the top of your priority list. You put the concern that someone might be selling you a short-sighted solution to the wayside. You put trust back where it belongs – on your side.

Get Our Whitepaper: 5 Things You Probably Trust, and How They Affect The Security Of Your Business
Download Now