Cybersecurity has to be a priority for every business and one of the best ways that you can gain the perspective you need to make the right decisions is to look at the statistics. Today, there is more known about how hackers and scammers try to get around cybersecurity efforts than ever before and it can help you develop a strategy to combat cybercrime.
Shadow IT—while it sounds like the title of some B-movie suspense thriller or airport gift shop novel, it’s a very serious business issue that can easily make its way into your operations. Let’s review what shadow IT is, and what can be done to minimize the threats that it causes your business.
With cybercrime more prevalent than ever, the importance of keeping your business protected cannot be overstated. In fact, it is so important that there’s a C-suite level role dedicated to it: the Chief Information Security Officer—the CISO. While such a position is fairly common amongst enterprise organizations, smaller businesses might not be able to implement this role in their own hierarchy… at least, not without assistance.
We know that cybersecurity isn’t the most interesting topic in the world, especially for a small business owner, this doesn’t diminish its importance. If you fail to adequately protect your business, even a low-profile SMB can fall victim to a cyber threat. It’s your job as the business owner and thought leader to make sure this doesn’t happen.
It’s good to go about your business with an abundance of caution, but sometimes this abundance of caution can lead people to see threats where they simply do not exist. In cybersecurity, this is actually quite easy to see happening, as cybersecurity is such a multi-faceted topic. But how much do these false-positive security reports wind up costing organizations?
The ransomware attack against Kaseya’s VSA servers for approximately 1,500 organizations was yet another major challenge for businesses to overcome, and while most of the affected companies did not give in to the hackers’ demands, others felt forced to pay the ransom. The problem, however, is that some of those who did pay the ransom are now having trouble decrypting their data, and with REvil MIA, they do not have the support needed to decrypt their data.
How is a Pen Test Carried Out? A pen test is carried out more or less exactly like any cyberattack would be. Using the same tools as the cybercriminals do, a sanctioned professional is set loose on a computing system to try and crack it as a cybercriminal would. Like any cybercriminal, the pen tester follows a basic process: Scoping – The professional and their client come to an agreement regarding the evaluation, and a non-disclosure agreement is signed. Information Gathering – The professional starts to collect any data they can on the company and its technology to help identify vulnerabilities. A shocking amount of this data is publicly available. Probing – The professional first approaches the network they are targeting, sending probes to collect any information they can. This information helps them decide which attacks are most likely to take root. Attack – Once their strategy is compiled, the professional attempts to actively penetrate the targeted system. Of course, their data collection activities continue throughout the process. This does not inherently mean that all identified vulnerabilities will be targeted. Camping – If the professional successfully gets into the system, their job is to then remain there for some time. They’ll install software that allows them to get back in when needed, even if a network administrator makes changes or reboots the system. Clean-Up – Once the professional has the data they need for their report, they remove the software they installed and effectively undo everything they did, leaving the system as it was when they first attacked. At this point, the professional submits their report to the client, prioritizing all identified vulnerabilities by severity. This report should serve as the blueprint for the security improvements that should be implemented. Oftentimes, the professional will attempt another breach after the improvements have been put in place. Why is Pen Testing Important? Hopefully, this much is obvious at this point. Without an objective pen test, your only way to evaluate your security’s practical effectiveness is through a legitimate threat. That certainly wouldn’t be the time to discover that your network is vulnerable, would it? No, it’s better to have these threats identified in a controlled environment. SRS Networks is here to help you shore up any vulnerabilities that may be identified. Give us a call at (831) 758-3636 to learn more about what it takes to secure your business without sacrificing productivity.
1. Security Let’s consider the amount and kind of data that your business accesses, compared to what is assembled on your home network. While your own data is obviously important, the data you have on everyone else is what can get you into serious legal trouble for your business. Therefore, you need to ensure that your router has been configured to be as secure as possible. For instance, you should have a firewall in place to protect your incoming traffic. Any connection that is made to the Internet through your Wi-Fi router could potentially let in a threat, so you need to make sure that you’re mitigating these risks with an enterprise-level firewall. Furthermore, you should make sure that your Wi-Fi router is built with the hardware that a commercial-level router will use. 2. Size The size of your network should be considered as you determine the router that you should be using. In addition to your workstations, you have a sizable number of devices connected to your Internet, including your laptops, tablets, point-of-sale systems, connected printers, and mobile devices. Balancing your network between devices that need to be hardwired and those that can serve you just as well when connected over Wi-Fi should be a priority. 3. Support Levels Depending on how your business is set up, whether you have multiple locations or just one, you may need to have a different kind of router. An edge router is great for sending information from one network to another, while a branch router is suited for an internal network. Of course, the devices that your operations need will be impacted by a variety of circumstances. If your business takes up a large area, or shares space with multiple businesses or residential spaces, or if you will need to support guest users on a regular basis, your required support levels will vary. For more assistance with your Wi-Fi and your other business networking needs, turn to SRS Networks today. Our professionals and their expertise are only a call to (831) 758-3636 away.
Do Macs Get Viruses? In short, the answer is yes, absolutely. Apple computers can get infected with malware like viruses and ransomware. Macs can also suffer from other typical PC problems, such as hardware failure, data loss, slowing down over time, crashes, and more. So where did this misinformation come from? Why do so many casual users tend to think that Macs don’t suffer from the same issues as the Windows PC? Once place to start is Apple’s own (brilliant) advertising. You have to admit, Apple has had some very memorable advertisements over the years. In fact, one of my favorite ad campaigns may be one of the reasons that so many people think that Macs are immune to viruses. Check out the Mac. Vs PC commercial here. These ads are cute and charming and feel honest enough to be true. To Apple’s credit, no lies are being told in the ad. Swarms of new viruses are created for Windows PCs every year, and many of these viruses can’t infect Mac computers. Macs still get viruses, but there are definitely more variants out there for PC. Why is this? PCs Vastly Outnumber Macs In 2018, it was estimated that for every 10 active PCs on the Internet, there was only one Mac. If roughly 90% of the world runs on Microsoft Windows, it makes much more sense for hackers to develop viruses that would affect this broader target. Most businesses use PCs. Most schools and universities use PCs. In fact, most industries tend to use PCs. Most home computing is done on PC as well. That isn’t to say that there is anything wrong with a Mac. Apple makes incredibly solid laptops, and extremely capable desktops. The problem lies with third-party developers. For many businesses, certain core applications don’t have Mac versions. On top of that, when compared to the PC market, Apple doesn’t have a low-end tier for hardware. Your billing department doesn’t need the same computer that your video editor would use, and there isn’t a reason to spend that kind of money on a high-end Mac when a mid-range PC will handle the workload just fine. There really isn’t anything that you can do on a $2000 MacBook that you can’t do on a $2000 Windows laptop – at that point it’s just about preference and what works for your business. On the flipside, there are some limitations to what you can do on that Mac; when it comes to easily connecting and using a business network that’s designed for PCs, and when it comes to the software mentioned above. So, Mac Owners Do Need to Worry About Viruses? Yes sir. Although historically, there haven’t been as many viruses targeting Macs over the years, and it’s always felt like Macs might have a slightly lower risk, that has been changing. According to a recent report by Malwarebytes, the amount of malware on Macs is actually outpacing PCs for the first time ever. It sounds like hackers are relying on the complacency of Mac users. Malwarebytes goes on to report that there was a 400 percent increase in threats on Mac devices between 2018 and 2019. Mac users need to worry about the same threats, and practice the same security hygiene as any other computer user. Whether you […]
When it comes to the permissions that a business’ assorted users need to use inavigate ts network, most businesses turn to Microsoft Active Directory to help manage them. Simply put, Active Directory allows you to review and distribute access to the assorted resources found on your network and other user capabilities. However, whether you use Active Directory or another solution, the following practices and policies apply: Keep Permissions in Check One of the most crucial parts of your data security is the process of restricting access to your data (and your business as a whole) to only those who need it. For most businesses, there is no reason for anyone–especially a non-employee–to enter the premises in the middle of the night. Furthermore, different employees shouldnt have the same access as each other, simply because they have different access needs. Will one of your newly-hired employees need the same access as you do? Almost certainly not, so there is no reason to allow such a thing to ever take place. Make sure your network permissions are reviewed and corrected periodically. Establish Role-Based Permissions On the subject of restricting permissions, a utilitarian policy is generally best to follow. Will one of your users need access to a given resource in order to successfully do their job? If not, don’t give them that access. By assigning these permissions based on work roles, you can granularly give your team members the access they need, without unnecessarily exposing your data to individual employees who may not need a certain asset. Optimize and Supplement Password Policies A strong password policy is an absolute must when it comes to your data security. Not only do these passwords need to be strong, they should need to be updated frequently. This will help prevent users from sharing their passwords, or reusing old ones. Because there are so many passwords that everyone is expected to remember nowadays, the strength of these passwords has suffered. Combining this with the fact that cybercriminals now have stronger tools than ever to crack passwords, the username/password combination is often no longer sufficiently secure. To remedy this, implement two-factor authentication, which makes a cybercriminal’s job that much harder. Need help with these steps, or any other part of your business’ technology? We can help! Give SRS Networks a call at (831) 758-3636 to speak to one of our IT professionals!