Tag

Columbus IT security Archives - thinkCSC

Usernames and Passwords: An Illusion of Security 

By | Data Security, Email Security

Many organizations, especially small businesses, rely on username and password protocol as their primary cybersecurity protection method. They assume that requiring employees to use strong passwords, and then requiring regular changes to those passwords, is an adequate approach to cyberattack prevention. On the contrary: Relying primarily on passwords is not as secure as most of us are led to believe.

The Verizon 2017 Data Breach Investigations Report revealed two of the major findings that bear directly on this issue. Of the data breaches that were analyzed:

  • 75 percent were perpetrated by outsiders (with the exception of healthcare, where 68 percent were internal)
  • 81 percent of hacking-related breaches (50 percent of all breaches) leveraged weak or stolen passwords

What does this say about relying on usernames and passwords to secure your network – and why are strong passwords not a solid cybersecurity strategy?

Most people don’t want to remember numerous usernames and passwords for multiple accounts and programs, and many don’t feel confident in their ability to accurately recall that information. More so, they dislike having to regularly change passwords on individual accounts, and being forced to forget previous passwords in exchange for new ones. To deal with this frustration, they tend to do one of two things (or both):

  • Re-use the same usernames and passwords across multiple accounts
  • Write down their usernames and passwords, and store them in their workspace (usually in a place that is easy to find, often on their desk or in a top drawer)

The problems with these widespread tendencies are simple:

  • Remember, 81 percent of all hacking-related breaches leveraged weak or stolen
  • Repeated passwords used on multiple sites increase the risk of successful breaches on internal company sites. If passwords on personal accounts (online shopping, banking, personal email, social media, etc.) match passwords on company sites (employee login, company email, etc.), hackers can apply those identical passwords to other accounts with the same or similar usernames – and many people use the same username format across multiple accounts (e.g., John_Doe, or John.Doe).
  • This means that any password, no matter how strong it is, is vulnerable the more often it is used with multiple accounts, especially when it is associated with the same (or similar) username.
  • If 75 percent of breaches were perpetrated by outsiders, this means that 25 percent were committed by insiders. Many internal attacks don’t have to target one particular employee’s access; in many cases, accessing one member of a team or department (or even the entire company) is all that is required. Thus, having an employee record usernames and passwords, and store them in an obvious place, makes internal attacks much easier and more likely.

Having a system of employee usernames and passwords is not enough. Passwords, to be at all effective, need to be randomly generated strings of characters, changed frequently, and accompanied by two-factor authentication and protected by additional layers of security, backup and recovery, and monitoring.

thinkCSC is here to help ensure your cybersecurity systems are strong and vibrant, to assist you in your preparation for and response to cyberattacks. Together, we can avoid the mistakes that are common among so many businesses and organizations, in the end becoming as secure as possible in today’s technological world.

While thinkCSC believes that employees will always be the first line of defense against ransomware attacks, the only real solution is for leaders of all –organizations – businesses of all sizes, government entities, schools, hospitals, and –others – to invest in stronger IT security that includes offsite backup and recovery and managed security. These protections, combined with ongoing staff training, strict security policies, and constant vigilance, are an absolute necessity in today’s cyber-environment.

For new customers interested in information on obtaining our services, please contact us at sales@thinkcsc.com

Protect Your Investment in Your Business: Invest in IT Security

By | Data Security

lock up your dataWhen you close your business for the night, you power down the equipment, turn off the lights,  and lock the doors as you leave. You don’t assume that no one will consider entering through the back door to steal merchandise or damage assets. You make sure that no one can get into the building; you may even have an alarm system and physical security in place to protect your organization.

So why, then, do organizations leave their IT networks vulnerable to attack when they are taking steps to protect valuable data?  Why do they leave their virtual back doors open to hackers? Unfortunately, many businesses do exactly that: They take some steps to protect their IT networks while ignoring other risks completely.

Here are some things to consider when it comes to IT security and protecting your business.

Don’t Just Lock Your Doors – Lock Up Your Data

Your data is the backbone of your business. Whether you’re storing client files or proprietary information about your operations, you need to keep your data safe. How? Take these 8 steps now:

  1. Develop and strengthen policies regarding who has access to your data. Use strong passwords, limit who is allowed access to certain data, and address employee departures immediately by revoking access.
  2. Require every employee to use strong passwords, and require those passwords to be changed regularly.
  3. Employ layers of security, beginning with firewalls and virus protection, but also include threat detection, malware filters, and remote wipe capability.
  4. Back up data early, often, systematically, and offsite.
  5. Develop strict mobile security policies, and engage mobile protection that works whether you are securing your device or those of your employees.
  6. Provide ongoing training to employees to help prevent the biggest risk – human error. Download our email security guide to help you get started.
  7. Use enterprise-level data sharing solutions, such as SyncedTool, rather than Dropbox.
  8. Use sender policy framework and hosted email to limit the risk of phishing and spoofing.

Backup Data Early, Often, Systematically, and Offsite

Yes, this is redundant. But redundancy is often good and data backup is that important. If you have your data backed up offsite and you do it regularly, you’ll always have access to the information you need to operate your business – even if you inadvertently do leave the back door unlocked and someone breaks in and steals everything. Or your building burns down. Or an employee clicks on a link and installs ransomware across your network.

You wouldn’t leave the cash register open or the back door unlocked at your physical location, and you always do what you can to mitigate risk, by insuring your business against loss, adding security, locking doors, and more. Doing the same for your digital assets only makes sense. Your IT security investment is insurance against loss, protecting your business and ensuring that it remains profitable.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to your advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Security Concerns Will Drive IT Security Spending Over $100 Billion by 2020

By | BDR, Business, Data Security, Email Security, Managed IT Services

IT SecurityFor many years, organizations have argued that security budgets are already stretched to the max and that there is no more room for increased security. With costly security breaches impacting governments, social media platforms, the IRS, and more small and mid-size businesses than we can count, the investment in security suddenly seems like the least expensive option.

IT Security vs. Security Breach

Whether you increase your spending on IT security or simply find a better way to spend your budget, one thing is certain: what you spend on IT security is a predictable, planned cost that doesn’t send your shareholders into a panic, doesn’t make your customers question their loyalty, and doesn’t put you out of business. A security breach, on the other hand, can result in fines, lawsuits, costly recovery, and a loss of customers.

If your organization has decided to increase IT security, how do you make sure you’re getting the most out of your investment? We recommend focusing on these areas:

Email Security

Email is still one of the most popular ways for hackers to penetrate your security, because all it takes is one email on one employee’s system compelling them to open an attachment or click on a link to create a breach that will affect your entire IT infrastructure. People will always be the weakest link in security. Sender policy framework protocols, hosted email exchange services, and ongoing employee training are all essential. Download our email security guide to help your employees think before they click.

Endpoint Security

Every device that touches your network needs to be secure, whether it’s an employee-owned cell phone, vendor equipment, or a field tech’s laptop. It is crucial to identify every remote device that might potentially connect to your network; have a way to both detect that connection, protect that connection, and eliminate the connection if needed.

Threat Detection

Enterprise threat detection uses predictive analytics on a powerful and global scale to recognize and block threats before they happen. Rather than relying on end users to determine the safety of a file or a site, it uses intelligence to stop threats by preventing malware-infected devices from connecting and by blocking phishing sites.

Backup and Data Recovery

Unless you want to be permanently locked out of your data or forced to pay a ransom to restore access, having an offsite backup and recovery service is essential. The email security, endpoint security, and threat detection efforts you implement will prevent many of the ransomware attempts from getting through, but all it takes is one employee clicking on one link in one email that sneaks through to create havoc.

Effective network security that keeps your IT environment efficient and stable is about applying layers. The initial layer is a solid backup and recovery solution, protected by an antivirus solution, and then guarded by a firewall. Enterprise threat detection, email security, and endpoint security are the shields that head off attacks on your business before they happen. It’s more than peace of mind: It’s good business sense.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to your advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Cybercriminals are Going Phishing for Your Data

By | Data Security

cybercriminals are phishing for your dataEmail may not be a popular communication form for millennials and younger generations, but it is still one of the most-often-used technologies in business. Collaborating, sending information and files, and working remotely are made possible with email. Email, however, is also what makes it possible to trick your employees into wiring $300,000 to a hacker in East Asia, revealing the credit card numbers of every customer who has ever shopped with you, or delivering the social security numbers of every employee in your organization. And just when you think you’ve outsmarted cybercriminals and have a handle on phishing issues, a single employee clicks on a link and invites ransomware to invade your network.

No business is immune – businesses of all sizes and in every industry have reported phishing attacks. Avoiding these attacks requires more than just telling employees to be careful; it requires ongoing training and regular reminders, combined with layered security designed to detect and thwart attacks.

Improve email security

Prevent as many phishing emails as possible from even landing in employees’ inboxes, by implementing a hosted email service. In addition, develop a sender policy framework that makes it less likely for spoofed email to work. Better email security is an essential first step in thwarting phishing attacks.

Implement layered security

Carefully layered detection and security protocols can make it much more difficult for cybercriminals to hack your database. Consider how and where your data is stored and accessed; running files from desktops, USB sticks, or external drives can leave you without a safety net. Enterprise file sync software, such as SyncedTool provides a secure way to access data from anywhere. Backups of your data should also be stored offsite and protected with a comprehensive backup and recovery (BDR) solution. In the event of an attack, a managed services provider can perform a mass revision restore to the point in time before the attack.

Train and retrain (and train them again)

The only way to prevent phishing attacks from succeeding is for every employee to be vigilant at all times. Establish policies that require wire transfer requests to be verified by phone and approved by at least two people. Have a no-tolerance policy for clicking on unverified links or opening unknown files. Provide ongoing training to your employees and reminders about phishing techniques.

Download the thinkCSC email security guide.

Email security must be a top concern for every business. Take the necessary steps to protect your organization. Minimizing your risk is easier when you align your business with a trusted managed IT service provider that partners with your organization, understands your needs, and provides customized solutions to ensure that you have the protection you need. thinkCSC is committed to helping you find the most economical solutions to meet your needs. For more information, contact us today.

Avoid Devastating Security Breaches with Sender Policy Framework

By | Communication Security

at-99378_960_720Over the last year we’ve seen a significant increase in the volume of “spoofed” email, where the sender of the email appears to be internal to the company, attempting to trick the recipient into initiating an action that appears to be legitimately requested, such as a wire transfer or the opening of an attachment that enables ransomware. These emails can be very deceptive. Often, company executives are impersonated, and emails are sent to people within the organization who would typically be involved in such transactions. While there is no foolproof way of stopping these messages – and the best line of defense, of course, is a well-trained staff who reacts with caution before opening attachments or sending money – we do recommend implementing Sender Policy Framework (SPF) technology to help prevent the spoofed emails from even reaching their destinations. 

Sender Policy Framework 

Sender Policy Framework is a technology used to establish approved email systems for a domain. To implement SPF, thinkCSC creates a special DNS record that identifies which servers are allowed to send email for your domain. This record is then read by supported mail systems and processed according to their configured policies. In other words, we create a special code that tells the email provider which messages are legitimate email, allowing the provider to better detect spoof messages and mark them as spam. Most major mail providers now factor SPF evaluation into their overall scoring mechanism for determining whether a message should be delivered or marked as spam, and some mail providers will automatically junk messages that fail an SPF evaluation. While this technique does not ensure that spoofed message will always be considered spam, it does increase the likelihood considerably.

In order to successfully implement an SPF record, it’s critical to identify all of the mail servers and third-party services that could be used to send email on behalf of a domain, including the email provider, company websites, relays, third-party SaaS tools (like CRM), and marketing software that sends emails on behalf of the organization. Once these are identified, thinkCSC will create the DNS record, test and validate email flow from known senders, and update the SPF record as needed.

If you have been the victim of phishing emails or would like to learn how to protect your organization from sender address forgeries, contact thinkCSC for more information.

Take a Page from the Boy Scouts Be Prepared

By | Cloud Services

file0001376930592

There are a lot of factors that go into making a successful business, but the number-one factor is having the ability to remain open and operational despite any disruptions. Keeping your business operational so that you can serve your customers – providing that business continuity – would be simple if not for the what-ifs. And it’s because of the what-ifs that the Boy Scout’s motto, Be Prepared, will serve you well.

  • What if there is an earthquake, tornado, hurricane, or other natural disaster that either destroys your building or makes it impossible for you to work from that location?
  • What if a fire consumes your building, or a flood or water leak makes it unusable for a time?
  • What if a vandal breaks into your building and destroys your equipment?
  • What if, despite your best efforts to prevent such a scenario, an employee opens an unknown email attachment and delivers a virus to your entire network?

Can You Navigate Potential Disruptions?

Your customers can’t afford to care about those catastrophes that may affect your business; if they can’t still be served, they are likely to find somewhere else to go. And being prepared doesn’t just mean readying your business for the big disasters; you may experience the minor inconvenience of a single-day power outage that occurs when a road worker accidentally cuts through a buried utility line. For your organization to succeed despite the “what-ifs,” you need to have a business continuity plan.

  • If your building is destroyed or inaccessible, do you have a location from which you can work and handle customer needs?
  • If your equipment is damaged or infected with a virus, do you have your information backed up offsite that you can access from anywhere?
  • If your network goes down, can your employees continue working by accessing your offsite backup?
  • If the phone lines go down, do you have a plan in place to still receive calls from customers?

Disaster Recovery: Rebuilding After a Crisis

Your business continuity plan is designed to keep you operational in the moments during and after an unplanned disruption has occurred. It may include protocols, such as everyone works from home, or key personnel meet at an alternate worksite to keep the business operational during a disruption. But that can only work if a part of your business continuity plan includes disaster recovery.

Disaster recovery is the rebuilding of your network, system, data, and infrastructure after the disruption is over – and it ensures that you have the data you need to remain operational in the short term. Disaster recovery planning should include:

  • Automated backups of critical files to an offsite location
  • Access to offsite information from any location
  • The ability to work from virtual machines on an alternate server
  • File- and image-based backups
  • System monitoring
  • A team of expert engineers at your disposal to help you recover when the worst happens

Be Prepared

Don’t wait for a catastrophic event to remind you of the importance of being able to continue serving your customers. Having a plan for remaining operational, that includes backing up your data and protecting your files, is critical to plan for before disruptions occur. By the time disaster strikes, it will be too late. Ask thinkCSC to help you develop a disaster recovery plan that keeps your business running in the most difficult situations. Contact us to learn how.

Secure Mobility Is the Key to Productivity

By | Cloud Services | No Comments

file0001376718168There is nothing like a sunny summer day to remind you of why you enjoy the flexibility of being able to manage your business away from the office.

Today’s technologies make it easier to work anywhere, but if you operate a corporate or government entity, it’s not enough to just consider convenience; you have to consider security too.

Having secure, adaptable tools that allow you and your team to work from anywhere can improve productivity, help you attract new talent and ensure that the work of your business is complete, even when the pleasant weather is luring you away from your desk. thinkCSC offers a variety of tools designed to increase your freedom without sacrificing security.

Cloud Services: Anywhere Can Be Your Office

Put mobility in the hands of your team without risking your data. From hosted email that you can access from anywhere and any device to mobile device management that ensures a successful BYOD program, thinkCSC cloud services provide your organization with the necessary protection to let you offer flexible work programs with peace of mind.

VoIP FollowMe: Receive Phone Calls Wherever You Are, Provide Better Service

VoIP is more than just a phone system. thinkCSC’s hosted VoIP is a complete customer service system as well:

  • Assign dial-in codes that put clients in touch with your on-call team.
  • Set up calls so that voicemail is delivered anywhere that is convenient, from your cell phone to your laptop.
  • Maintain consistency across multiple locations, by having a single number with assigned extensions that reach your team members wherever they choose to have the calls delivered.
  • Manage calls and voicemails without sacrificing security.

SyncedTool: Collaborate Securely and Access Documents from Any Device

Most organizations recognize the benefits of using collaboration tools, and Enterprise File Synchronization and Sharing (EFSS) is becoming the norm. Even with the newest updates to Dropbox that allow you to share read-only versions of documents, the risk of relying on such a solution is extremely high. thinkCSC’s  EFSS, SyncedTool, offers enterprise-grade security as a foundation to the document-sharing-and-collaboration solution, and it’s all housed on a private cloud that we manage for you.

Lync:

To take mobility to new heights, thinkCSC has introduced Microsoft Lync to its collaboration offerings. Lync incorporates all of your communication tools and enables you to communicate with your staff over a secure connection from wherever you are.

Don’t stare out your office window and let summer pass you by. Escape and enjoy – and let your staff do the same – without losing productivity or sacrificing security. thinkCSC mobility tools give you the solutions you need to be flexible.

Security Alert: Do Not Open .TIFF Files from Unrecognized Sources

By | thinkCSC Security Alert | No Comments

Zero-Day attacks targeting Windows users has been detected by Microsoft and is already affecting people in Asia an the Middle East. It is expected to spread to the U.S. and Europe very quickly. This vulnerability enters your system when you open a .TIFF file and allows the attacker (potentially on a remotely hosted computer) to gain administrative access to your system and network.

It is imperative that you refrain from opening any questionable .TIFF file, as the messages are often constructed to make the user believe they are coming from a trusted choice.

While Microsoft is working to develop a patch to protect users, at this time, current antivirus and firewall solutions are unable to prevent infection. Most vulnerable are Microsoft Office users who are running Windows Vista or Windows Server 2008. Microsoft Office 2003 through Office 2010 are impacted in this zero-day attack.

If you have any questions or believe you have been a target of this threat, please contact our team at your earliest convenience.

Columbus 2020: Investing in the Future of Columbus

By | Community Involvement, thinkCSC Leadership Series | No Comments

columbusPublic and private enterprises in the Columbus region are funding a non-profit economic growth initiative known as Columbus 2020. Columbus 2020 organizers are using the combined strengths of these government & business investors to significantly increase per capita income and employment by attracting major employers to the region while retaining and developing existing companies.

Columbus 2020 investors see the value of 2020’s mission and want to help it succeed. The idea is that by bringing more businesses to Columbus, the local economy will grow stronger – everybody wins. The companies involved are putting this investment forward knowing that there is no guarantee that the initiative will succeed, but this is a great symbol of leadership. As a leader, you know what the right thing is to do, you believe in it and you hope it turns out for the best – and the expectations are that it will.

thinkCSC is a proud investor in the 2020 mission, and while Columbus 2020 asks for a five-year commitment, it is not binding. However, an economic development initiative such as this – which is to market Columbus and persuade entrepreneurs of the value of moving or starting their businesses here – it makes sense to invest for the long haul. Such a venture does not happen over night; it takes time.

Columbus has been ranked by Forbes as one of the best places for business and careers. IBM, having closed the deal on the acquisition of Sterling Commerce, is creating approximately 500 high-tech jobs over the next three years. These types of stories are becoming more common, and much of this can be attributed to the efforts of Columbus 2020. New projects are regularly being considered for the Columbus region.

Am I worried that Columbus 2020 will bring in more competition in addition to jobs and prosperity? Of course, I think about remaining competitive. But as a business leader, I know in my heart that if my business and my people are strong, and if our services are relevant, we will realize more in terms of opportunity than we lose with additional competition.

thinkCSC believes in the Columbus 2020 initiative and we appreciate having the opportunity to share our Columbus stories with those businesses considering a move to Columbus. Investing in Columbus 2020 is good for the community and for thinkCSC it is smart business.

Image via: Columbus 2020