All Posts By

thinkCSC

vCIO

Improve IT Security with a vCIO

By | Managed IT Services, Managed Security, vCIO | No Comments

Unless you are a major corporation, hiring a full-time CTO or CIO is often beyond your means, as the average salary of a CIO in the U.S. is over $200,000 per year. But going without an IT security expert at your disposal can potentially cost you even more, depending on the severity of the inevitable breach that will occur if your IT security is not up to speed.

A vCIO can Offer You the Best of Both Worlds

A virtual CIO – or vCIO – on the other hand, gives you the C-level expertise you need to operate your business with the best risk management tools available without spending $200,000 or more plus benefits for another C-level executive. Our vCIO service is an integral piece of the managed services we provide our clients, and it comes at a fraction of the cost of hiring your own Chief Information Officer.

vCIO ROI

Having hands-on access to CIO-level expertise, without the cost, means you not only have top-notch cybersecurity protection for your business, but you also have the funds necessary to invest in comprehensive cybersecurity for your organization.  From investments in infrastructure to better employee training, you can more effectively manage risk.

What Does a vCIO Do?

We remove the stress from your risk-management efforts by providing support and insight about risk management, remediation efforts, and the general effectiveness of your cybersecurity program.  Our virtual CIO role exists so that we can help your organization achieve the proper cybersecurity governance within your organization.

If we’re all honest with each other, a business could go just about anywhere to obtain cloud services or implement IT security. You can click a link and buy services online and never even meet the people who store your valuable data. And many businesses often choose their IT services based on who offers the best price at the time. But smart business leaders see the growing role IT plays in the everyday operation of their organizations and seek something more than break-fix solutions.

– Tom Hastings, thinkCSC President

C-Level Guidance without C-Level Costs

vCIO services level the playing field for small- and medium-sized organizations that can now have access to the same level of expertise as large corporations, without bearing the cost of a full-time CIO. In today’s globally competitive, rapidly transforming environment, small and midsize businesses must find ways to remain as competitive as possible, and when it comes to business IT, the vCIO solution is a great equalizer.  At thinkCSC, our vCIO is a free service that is provided as part of our managed services. Your vCIO will:

  • Take time to understand your business and industry
  • Understand your vision and provide solutions
  • Solve problems and ease pain points, proactively seeking solutions that keep your organization ahead of the competition
  • Demonstrate business acumen and a commitment to delivering customized solutions that align with your business goals and strategy
  • Provide regular, comprehensive reviews of your infrastructure and security and follow up with strategic guidance and solutions
  • Partner with you on the implementation of customized tech solutions designed to help your organization more effectively meet business objectives
  • Align IT infrastructure, applications, and security to organizational needs

The net results are proactive insights and informed decisions. Uninformed choices often result in irreparable damage. Our team does the legwork and research for you to ensure you make IT decisions that are strategic and cost-effective. We identify IT issues before they cost you time and money, by conducting a network assessment, inventorying your IT systems and licenses, identifying potential risks, and tagging obsolete systems for replacement.

What Can thinkCSC Do for Your Business?

At thinkCSC, we take security seriously, offering innovative levels of security monitoring for our clients. Cyber threats are a normal part of doing business, but these risks can, and should, be addressed and abated. Partnering with the right managed services provider does make a difference. Today’s MSP does more than just provide technology and facilitate server upgrades; the right MSP is an integral layer of your cybersecurity, providing the expertise you need to remain competitive, secure, and in business. We can partner with your Columbus-region organization to develop a unique solution designed to fit your business model. Take the first step towards advanced cybersecurity practices and contact us today to learn more about our managed security and vCIO services.

robbinhood ransomware

Municipalities Under Threat from RobbinHood Ransomware

By | BDR, Cybersecurity, Ransomware | No Comments

Baltimore is the latest city government to fall victim to ransomware, for the second time in as many years. The city’s systems have been locked up since May 7 after being attacked by “RobbinHood” ransomware.

While the mayor is refusing to negotiate with the hackers or pay the 13-bitcoin ransom they’ve demanded, many of the city’s networks have been compromised, including police email and board of elections.

What Is RobbinHood Ransomware?

RobbinHood ransomware is a ransomware that targets an entire network and attempts to take over as many systems as possible. Once infected with the ransomware, it demands bitcoin payment in order to release the files. In the case of Baltimore, they’ve requested demanded $17,600 in bitcoin per system — a total of about $76,280, according to Dark Reading.

How Do You Get RobbinHood Ransomware?

Like other ransomware, the RobbinHood hackers gain access to an organization’s network through phishing emails that are deliberately designed to appear legitimate to the recipient of the email. In the case of Robbin Hood, they use several psychological tricks to compel the email recipient to click on the link that begins the encryption process. Prior to the attack on Baltimore, they successfully infiltrated Greenville, North Carolina networks.

Stop Clicking Links and Downloading Files

Email is a convenient method for communicating and has made business operations so much more efficient, but every employee in every organization has an obligation to stop clicking on links and files. If there is any doubt whatsoever about the legitimacy of the email (and even if there is not any doubt) follow up in person or over the phone with the sender to make sure they actually sent the file.

What to Do If You Get Ransomware

If you believe your network has been infected with ransomware, or if you have received a ransom demand, immediately disconnect from the network and call your IT department or managed services provider. In many cases, you can prevent the attack from getting worse by removing access to the network by the infected system.

Don’t Pay the Ransom

Paying the ransom only fuels the motivation of hackers to continue holding businesses hostage. Instead, make sure you have mitigated your risk by having a disaster recovery and data backup plan in place. Regular offsite backups can protect you from needing to pay a ransom to gain access to your network.

If you are concerned about the threat of RobbinHood and other common ransomware threats, contact us to learn more about how you can improve your security and better protect your organization. As you can see, every organization – from schools and hospitals to municipalities and utilities to businesses of every size – are at risk.

At thinkCSC, we take security seriously, offering innovative levels of security monitoring for our clients. Cyber threats are a normal part of doing business, but these risks can, and should, be addressed and abated. Partnering with the right managed services provider does make a difference. Today’s MSP does more than just provide technology and facilitate server upgrades; the right MSP is an integral layer of your cybersecurity, providing the expertise you need to remain competitive, secure, and in business. We can partner with your Columbus-region organization to develop a unique solution designed to fit your business model. Take the first step towards advanced cybersecurity practices and contact us today to learn more about our managed security services.

password spraying

Citrix Data Breach – What You Need to Know

By | Data Security, thinkCSC Security Alert | No Comments

Recently, Citrix, a U.S.-based software firm, confirmed that the “international cyber criminals gained access to the internal Citrix network” and downloaded business documents and other files. The hackers gained access using a method called “password spraying.”

What Is Password Spraying?

Password spraying occurs when hackers use a list of common passwords to try to breach the system. They sometimes use passwords leaked from other breaches, according to Dark Reading, hoping that employee reuse their passwords at work.

How Do You Protect Your Organization from Password Spraying?

Nothing makes a stronger argument for more stringent password requirements for your employees than the results of this study conducted by the National Cyber Security Centre, UK’s independent authority on cybersecurity:

  • 75% of the participants’ organizations had accounts with passwords that featured in the top 1,000 passwords
  • 87% had accounts with passwords that featured in the top 10,000

Allowing your employees to set their own passwords puts your organization at risk.

Most people don’t want to remember numerous usernames and passwords for multiple accounts and programs, and many don’t feel confident in their ability to accurately recall that information. More so, they dislike having to regularly change passwords on individual accounts and being forced to forget previous passwords in exchange for new ones. To deal with this frustration, they tend to do one of two things (or both):

  • Re-use the same usernames and passwords across multiple accounts
  • Write down their usernames and passwords, and store them in their workspace (usually in a place that is easy to find, often on their desk or in a top drawer)

Learn a Lesson from Citrix

If you do not have strong password security and password policies, today is the day to change that practice. Passwords should be long, randomly generated, changed often, and only one layer in many of your overall security effort. You should also be monitoring the Dark Web. thinkCSC is here to help ensure your cybersecurity systems are strong and vibrant, to assist you in your preparation for and response to cyberattacks. Together, we can avoid the mistakes that are common among so many businesses and organizations, in the end becoming as secure as possible in today’s technological world.

thinkCSC provides Dark Web monitoring services provided through a strategic partnership with ID Agent, provider of Dark Web monitoring and identity theft protection solutions. With Dark Web ID, thinkCSC can now offer 24/7 monitoring of millions of sources, including botnets, criminal chat rooms, peer-to-peer networks, malicious websites, bulletin boards, and illegal black-market sites, to alert you of stolen or compromised data and passwords.

While thinkCSC believes that employees will always be the first line of defense against ransomware attacks, the only real solution is for leaders of all –organizations – businesses of all sizes, government entities, schools, hospitals, and –others – to invest in stronger IT security that includes offsite backup and recovery and managed security. These protections, combined with ongoing staff training, strict policies, and constant vigilance, are an absolute necessity in today’s cyber environment.

For new customers interested in information on obtaining our services, please contact us at sales@thinkcsc.com.