Oct 12, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
As we know, October is Cybersecurity Awareness month. There is much to be aware of, including how to prepare for an attack, current threats, how well your data is protected, and who has access to it. Read on to learn how following rigorous compliance standards helps your cybersecurity efforts. Rigorous Standards Aid Cybersecurity Efforts Currently, new standards are being drawn up in the form of the Cybersecurity Maturity Model Certification, a Department of Defense program that applies to Defense Industrial Contractors and by extension to those businesses doing business with defense contractors. According to CISCO, the CMMC is designed as a unifying standard to ensure that contractors properly protect sensitive information. Three levels exist, with Level One containing seventeen practices to follow. Level 2 is more stringent, and Level Three is the highest. Domains within the model include Access Control, Identification and Authentication, Incident Response, Awareness and Training, among others. A few of these domains (like Identification and Authentication) could incorporate zero-trust, a paradigm gaining ground in the cybersecurity community. Considering Zero Trust as a Cybersecurity Model “Trust, but verify” as the saying goes. However, in cybersecurity efforts it should be “Verify, then trust.” Zero-trust is the practice of identifying each request for access to the network, and authenticating or verifying the request as a prerequisite for access to systems. The zero-trust paradigm still is a work in progress, because it’s a different way of thinking about cybersecurity, one that includes all of the organization and influences workforce and workflow decisions. The Cybersecurity Maturity Model Certification has the idea of zero-trust built in, and even...
Oct 7, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Readers are likely aware of some of the headline-grabbing cyber attacks in recent years–WannaCry, SolarWinds and Colonial Pipeline, just to name a few. But what about the attacks–and resulting loss of revenue and reputation–that don’t make the news? What is your organization’s cybersecurity posture, and how can it be improved? Read on to learn about cyber threats and how to protect your business. Threat Awareness and Intelligence Cyber attacks continue to occur, and to become more sophisticated. No longer coming just from lone hackers, attacks come through email and text (“phishing” and “smishing”, respectively). Supply chain attacks are also on the rise. The global cost of cyber incidents are about 6.1 trillion, far outstripping cybersecurity spending. Often, cyber threats are viewed as something “outside” the organization. The tendency is to treat symptoms and not possible root causes like a lack of threat intelligence. How well do you know what threats like malware and ransomware could do to your business if you’re attacked? According to the 2022 State of Cybersecurity report, businesses are aware of threats, but are not necessarily looking within the organization for vulnerabilities. Cybersecurity Awareness Throughout Your Organization More than simply a component of IT function, cybersecurity needs to become a business imperative, with deep awareness on the part of the C-suite and newest employees alike. For example, do your employees know how to recognize a phishing email designed to get them to give up confidential information? For managers, how does the adoption of new technology (along with the cybersecurity challenges it might represent) help with reaching business goals? Often, despite the...
Aug 15, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
How do you know your network and your digital assets are really safe? How can you be sure? Often, it takes a cyber attack and subsequent data breach to learn that your company’s defenses are not what you thought. Read on to learn more about taking stock of your company’s cybersecurity posture to prevent a cyber attack and its damage. Review Cybersecurity Policies and Procedures One place to start evaluating your cybersecurity posture is reviewing your cybersecurity policy, which states not just your company’s stance on cybersecurity, but the ways you plan to keep your network secure and processes and procedures you will follow while pursuing business goals. A sound policy starts with general security expectations as well as roles and responsibilities within your organization. Once these are clear, more specific policies deal with guidelines for antivirus software and use of cloud applications. Other specific elements include how devices can and cannot be used, how the system can be securely accessed, and what will happen in the event of an attack, like one resulting from a phishing email. Do workers know where and how to access the company network, and where not to? What are the processes for recovering from a disaster, and how will the business continue operating if one happens? These questions are just some of many to have a definite answer to, to be sure of your ability to keep your company secure. Auditing Your Network Do you know the security of your network, and all devices connected to it? Keeping a detailed asset inventory; records of all devices–their type, model, operating...
May 16, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
At one time, a firewall and antivirus protection were adequate protections to keep networks secure. Businesses had a perimeter, a boundary protecting the network from unauthorized access. All that has changed over the years, with millions of devices connected to networks all over the world, and to the Internet via these networks. Enter “zero trust”, granting access on a case-by-case basis. Read on to learn more about this principle and how it can benefit your organization. Why Zero Trust is Important Now In recent decades–especially the last two years since work went remote–more users are connected to business networks and other Cloud services. With the “perimeter” now outside the traditional office, more care is necessary to grant access only to legitimate users. With more devices connected, data and applications are available to more people. In the zero-trust model, no individual is assumed to be trustworthy simply by being part of the organization. And that begs the question of who is a legitimate user. Zero Trust Defined Zero-trust is a cybersecurity posture that assumes that any user seeking to access the system could be a bad actor. Organizations using a zero-trust architecture have set up various criteria to determine that the entity (a device or a person) seeking access is entitled to it. Not only that, but depending on the location of the device and the role of the person using it, access can be limited to the computing resources needed for that person’s function. A common practice used in zero-trust is multi-factor authentication. After giving their password, a user performs an additional step, like submitting...
May 6, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Threats are everywhere, and not expected to decrease. All over the world, individual and state actors seek to attack businesses of every size–malware and ransomware via phishing emails, denial of service attacks, and other intrusions. Read on to learn how you can keep your cyber shield up and your business protected. CISA and Your Company The Cybersecurity and Infrastructure Security Agency (CISA), a part of the United States’ Department of Homeland Security, leads the nation’s work in protecting the cybersecurity ecosystem, and helps protect critical resources undergirding American society. It helps organizations “prepare for, respond to, and mitigate the impact of cyberattacks.” Even in times of relative peace, bad actors still attempt to breach the cyber defenses of businesses of all sizes. Small and medium-size businesses are often particularly targeted, since attackers know they may not have the same level of security as a government agency or large corporation. In addition, they also target managed service providers, to whom small to medium-size businesses outsource their infrastructure. However, when MSPs and SMB’s work together, and enlist the help of the CISA, they can put up a strong shield against cyberattack. Partner With Your Technology Advisor To lower risk, consider implementing robust network monitoring and work with clients to ensure that the infrastructure is monitored and well-maintained. While you can play a role by assessing your own risks you can also work with your technology advisor to mitigate those risks. Require multi-factor authentication for everyone accessing the network, update software and operating systems, and perform continuous backup of critical data and systems, among other practices. Remember, if...
