Tag

IT security Archives - thinkCSC

Need Better IT Security? Managed Security Service Providers are the Answer

By | Cloud Services, Data Security, Email Security, Managed Security

Meeting your business objectives is virtually impossible without a well-developed information security program. With businesses of every size and industry facing threats on a daily basis, comprehensive data security is now a primary need. However, many businesses don’t dedicate the personnel, time, or resources to maintain something that is always evolving. How can you address the constant barrage of hackers, malware, and phishing attacks and still stay in business?

The Importance of Managed Security

Cyberthreats are on the rise, and the technology used to launch these virtual offensives only gets more sophisticated with each attack. If you happen to have an experienced IT specialist at your disposable, you are one of the lucky few. Many small businesses lack the resources necessary to employ an IT professional, and even those businesses with full IT departments struggle to keep pace with cyberthreats. A Managed Security Service Provider, or MSSP, can offer premium IT services that are provided by highly-trained cybersecurity experts. Every aspect of data security for your business is covered, while an MSSP tackles cyberthreats so you can get back to running your business.

IT Departments Are Overwhelmed

It’s tough to admit when your professionals are stretched too thin, but outsourcing to a knowledgeable MSSP can offer relief to your entire organization. There’s no doubt that your IT personnel feel stress when a fraudulent email is opened and results in a system-wide crash, but all employees experience frustration when they can’t do their jobs. We work in a digital age that demands a reliable cybersecurity infrastructure. Even the best IT departments can lack the training and resources required to combat threats, and they are expected to simultaneously manage the daily upkeep of your business. IT security is more important than ever, making it crucial to control the many variables that exist.

An IT Strategy is a Necessity

Do you know when your basic programs need an upgrade? What are the proper security precautions for your eCommerce store? Are you in compliance with the latest regulations? These questions, and more, require up-to-date answers, and many businesses struggle to establish an IT strategy that covers all angles. An IT strategy should also create defense mechanisms within your systems that will alert you to data breaches. Faster responses save time and money, and although every breach can’t be prevented, hackers can be promptly stopped in their tracks. Not every strategy is going to look the same, and an MSSP can offer specialized solutions that fit your business objectives.

You Can’t Afford Regular Attacks

When considering an IT budget, many businesses don’t recognize the hidden costs that are inevitable. Breaches cost money, and frequent attacks will exhaust whatever budget resources you have established. Cutting costs where IT personnel and strategy is concerned will hurt you in the long run, putting your entire business at risk. You’ll spend more time on pursuing hackers and repairing the damage they have caused than you will on improving cybersecurity. An MSSP can greatly reduce costs by preventing breaches of sensitive information, and an agreement will usually offer a predictable monthly fee.

What Can thinkCSC Do for Your Business?

At thinkCSC, we take security seriously, and we want to give you the most control over your business with the necessary cybersecurity measures. Our determination to offer ourselves as an experienced MSSP has promoted the development of innovative levels of security monitoring for our clients. Massive cyberthreats are a normal part of doing business, but they are risks that can, and should, be addressed and abated. thinkCSC provides excellent levels of monitoring and detection designed to protect your data and keep your organization running smoothly.

At thinkCSC, cybersecurity is simply what we do. We can partner with you to develop a unique solution designed to fit your business model. Take the first step towards advanced cybersecurity practices and contact us today to learn more about our enhanced Managed Security options.

IT Security, Strategy, and Infrastructure – A Look Ahead

By | Cloud Services, Data Security, Managed IT Services

the-future

For most organizations, preventing, detecting, and overcoming cyber threats will become a necessary factor in every business function. With billions of devices connecting to and sending data through the cloud, viable artificial intelligence becoming a reality, and businesses relying on APIs to deliver better customer experiences, security will take a front seat in every business decision. Here’s a look ahead:

Internet of Everything

By 2020, it’s predicted that there will be billions of devices, appliances, cars, and other objects connected to the internet, speeding data around the world at a rapid pace. This phenomenon is referred to as the Internet of Things, or IoT. No industry will be left untouched by IoT, from agriculture and healthcare to manufacturing and government. Gartner estimates that there will be 25 billion of these smart devices – smart cars, smoke detectors, thermostats, industrial robots, traffic lights, medical devices (many implanted), public transportation, and refrigerators – communicating personal data to and through the cloud. Everything we do, from stopping at the store on the way home from work, to managing our health, will be facilitated by IoT. For businesses that will be developing or selling smart devices, the most critical component of the process will be maintaining the highest possible level of security to protect the data that will be continuously transmitting back and forth. This means not only developing products with built-in security but also ensuring that the gateways that connect the devices are equally secure.

Artificial Intelligence

Artificial intelligence, or AI, is the development of machines and robots with the humanlike capability of making decisions and handling tasks typically performed by humans. While advancements in AI have been occurring for the past few decades, it’s never been more ubiquitous. Scientists predict that artificial intelligence will not only make the world safer, by providing robots that can act as first responders during crises, but that the ability of humanized computers to learn more quickly how to save us from climate change, poverty, and other global challenges will increase exponentially. AI will likely even improve the lives and longevity of humans, as implants and other medical uses of AI become more prevalent. As with IoT, AI must be developed with the idea of security in mind. We don’t need a team of robots who can be hacked and controlled by cyber criminals. At the same time, artificial intelligence may take center stage in improving cyber security.

 

API Management

According to Forrester Research, companies will spend more than $3 billion on API development by 2020. An API – application program interface – allows your customers to access specific data or interface with specific components of your website. A doctor’s office might use an API to allow patients to schedule appointments online; a social media company might use APIs to access Twitter to generate monthly reports. All of this back-channel communication is crucial to delivering the best experience to your customers, regardless of industry, but it also highlights the importance of implementing serious, multi-layer security and detection to protect your organization and your data.

An Ongoing War on Cyber Threats

For most organizations, preventing, detecting, and overcoming cyber threats will become a necessary factor in every business function, and IoT, AI, and APIs will only make security more necessary. Yet even without these technological developments, the security of every organization is continually threatened. From email security to the physical security of structures, cyber threats are a growing risk. It will continue to be an ongoing battle, in which new security protocols are developed and cyber criminals become more sophisticated in their ability to circumnavigate these safeguards. The human element – employee training, limited access, strict and enforced policies – will play an essential role in the success or failure of these efforts.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to your advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Protect Your Investment in Your Business: Invest in IT Security

By | Data Security

lock up your dataWhen you close your business for the night, you power down the equipment, turn off the lights,  and lock the doors as you leave. You don’t assume that no one will consider entering through the back door to steal merchandise or damage assets. You make sure that no one can get into the building; you may even have an alarm system and physical security in place to protect your organization.

So why, then, do organizations leave their IT networks vulnerable to attack when they are taking steps to protect valuable data?  Why do they leave their virtual back doors open to hackers? Unfortunately, many businesses do exactly that: They take some steps to protect their IT networks while ignoring other risks completely.

Here are some things to consider when it comes to IT security and protecting your business.

Don’t Just Lock Your Doors – Lock Up Your Data

Your data is the backbone of your business. Whether you’re storing client files or proprietary information about your operations, you need to keep your data safe. How? Take these 8 steps now:

  1. Develop and strengthen policies regarding who has access to your data. Use strong passwords, limit who is allowed access to certain data, and address employee departures immediately by revoking access.
  2. Require every employee to use strong passwords, and require those passwords to be changed regularly.
  3. Employ layers of security, beginning with firewalls and virus protection, but also include threat detection, malware filters, and remote wipe capability.
  4. Back up data early, often, systematically, and offsite.
  5. Develop strict mobile security policies, and engage mobile protection that works whether you are securing your device or those of your employees.
  6. Provide ongoing training to employees to help prevent the biggest risk – human error. Download our email security guide to help you get started.
  7. Use enterprise-level data sharing solutions, such as SyncedTool, rather than Dropbox.
  8. Use sender policy framework and hosted email to limit the risk of phishing and spoofing.

Backup Data Early, Often, Systematically, and Offsite

Yes, this is redundant. But redundancy is often good and data backup is that important. If you have your data backed up offsite and you do it regularly, you’ll always have access to the information you need to operate your business – even if you inadvertently do leave the back door unlocked and someone breaks in and steals everything. Or your building burns down. Or an employee clicks on a link and installs ransomware across your network.

You wouldn’t leave the cash register open or the back door unlocked at your physical location, and you always do what you can to mitigate risk, by insuring your business against loss, adding security, locking doors, and more. Doing the same for your digital assets only makes sense. Your IT security investment is insurance against loss, protecting your business and ensuring that it remains profitable.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to your advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Security Concerns Will Drive IT Security Spending Over $100 Billion by 2020

By | BDR, Business, Data Security, Email Security, Managed IT Services

IT SecurityFor many years, organizations have argued that security budgets are already stretched to the max and that there is no more room for increased security. With costly security breaches impacting governments, social media platforms, the IRS, and more small and mid-size businesses than we can count, the investment in security suddenly seems like the least expensive option.

IT Security vs. Security Breach

Whether you increase your spending on IT security or simply find a better way to spend your budget, one thing is certain: what you spend on IT security is a predictable, planned cost that doesn’t send your shareholders into a panic, doesn’t make your customers question their loyalty, and doesn’t put you out of business. A security breach, on the other hand, can result in fines, lawsuits, costly recovery, and a loss of customers.

If your organization has decided to increase IT security, how do you make sure you’re getting the most out of your investment? We recommend focusing on these areas:

Email Security

Email is still one of the most popular ways for hackers to penetrate your security, because all it takes is one email on one employee’s system compelling them to open an attachment or click on a link to create a breach that will affect your entire IT infrastructure. People will always be the weakest link in security. Sender policy framework protocols, hosted email exchange services, and ongoing employee training are all essential. Download our email security guide to help your employees think before they click.

Endpoint Security

Every device that touches your network needs to be secure, whether it’s an employee-owned cell phone, vendor equipment, or a field tech’s laptop. It is crucial to identify every remote device that might potentially connect to your network; have a way to both detect that connection, protect that connection, and eliminate the connection if needed.

Threat Detection

Enterprise threat detection uses predictive analytics on a powerful and global scale to recognize and block threats before they happen. Rather than relying on end users to determine the safety of a file or a site, it uses intelligence to stop threats by preventing malware-infected devices from connecting and by blocking phishing sites.

Backup and Data Recovery

Unless you want to be permanently locked out of your data or forced to pay a ransom to restore access, having an offsite backup and recovery service is essential. The email security, endpoint security, and threat detection efforts you implement will prevent many of the ransomware attempts from getting through, but all it takes is one employee clicking on one link in one email that sneaks through to create havoc.

Effective network security that keeps your IT environment efficient and stable is about applying layers. The initial layer is a solid backup and recovery solution, protected by an antivirus solution, and then guarded by a firewall. Enterprise threat detection, email security, and endpoint security are the shields that head off attacks on your business before they happen. It’s more than peace of mind: It’s good business sense.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to your advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Cybercriminals are Going Phishing for Your Data

By | Data Security

cybercriminals are phishing for your dataEmail may not be a popular communication form for millennials and younger generations, but it is still one of the most-often-used technologies in business. Collaborating, sending information and files, and working remotely are made possible with email. Email, however, is also what makes it possible to trick your employees into wiring $300,000 to a hacker in East Asia, revealing the credit card numbers of every customer who has ever shopped with you, or delivering the social security numbers of every employee in your organization. And just when you think you’ve outsmarted cybercriminals and have a handle on phishing issues, a single employee clicks on a link and invites ransomware to invade your network.

No business is immune – businesses of all sizes and in every industry have reported phishing attacks. Avoiding these attacks requires more than just telling employees to be careful; it requires ongoing training and regular reminders, combined with layered security designed to detect and thwart attacks.

Improve email security

Prevent as many phishing emails as possible from even landing in employees’ inboxes, by implementing a hosted email service. In addition, develop a sender policy framework that makes it less likely for spoofed email to work. Better email security is an essential first step in thwarting phishing attacks.

Implement layered security

Carefully layered detection and security protocols can make it much more difficult for cybercriminals to hack your database. Consider how and where your data is stored and accessed; running files from desktops, USB sticks, or external drives can leave you without a safety net. Enterprise file sync software, such as SyncedTool provides a secure way to access data from anywhere. Backups of your data should also be stored offsite and protected with a comprehensive backup and recovery (BDR) solution. In the event of an attack, a managed services provider can perform a mass revision restore to the point in time before the attack.

Train and retrain (and train them again)

The only way to prevent phishing attacks from succeeding is for every employee to be vigilant at all times. Establish policies that require wire transfer requests to be verified by phone and approved by at least two people. Have a no-tolerance policy for clicking on unverified links or opening unknown files. Provide ongoing training to your employees and reminders about phishing techniques.

Download the thinkCSC email security guide.

Email security must be a top concern for every business. Take the necessary steps to protect your organization. Minimizing your risk is easier when you align your business with a trusted managed IT service provider that partners with your organization, understands your needs, and provides customized solutions to ensure that you have the protection you need. thinkCSC is committed to helping you find the most economical solutions to meet your needs. For more information, contact us today.

Small Businesses Are a Big Target

By | Data Security, Email Security

cybersecurityA tech startup in New York lost over a million dollars after they were hacked. Prior to that, the startup had recently earned a lot of money in a funding round. But as soon as the cash had hit their bank account, it was gone, ready to be sent off to bank accounts in Russia, China, and Turkey. This cyber heist was pulled off using software that observed the keystrokes of the CFO and comptroller, which allowed the hackers to obtain banking credentials and then steal the money.

While we would love to say this was a rare occurrence, the truth of the matter is, smaller businesses and startups are a favored target for cyber criminals. Why? Hackers used to target big businesses, but as bigger businesses began to recognize the importance of investing in multi-layer, comprehensive IT security, hackers have turned to smaller businesses that can’t afford (or think they can’t afford) to have the best cyber security.

If you:

  • Operate a business of any size
  • Work with privileged client information
  • Have proprietary business dealings
  • Conduct any financial transactions online
  • Use email to conduct business
  • Store files on your computer system
  • Use a mobile device to access information
  • Connect to public WiFi

– then you are at risk, and so is your business.

Take these steps NOW to protect your business:

  1. Identify where the most important information for your business is stored. Make sure you have automated, off-site backups occurring regularly to make sure you don’t lose information. Make sure whatever is stored locally is protected.
  2. Limit information access to only those who truly need it, and make sure everyone who works with you is trained and regularly reminded about the risk of phishing attacks, ransomware, and malware.
  3. Address security from multiple directions. Yes, you need firewalls and virus protection, but you also need email security, malware detection, and security for every device that is used to access your business.
  4. Take security seriously. The “it would never happen to me” mentality is costly.

It only takes a moment for a criminal to access your data, steal your clients’ personal information, or walk away with your million-dollar investment. Thwart their attempts with a serious and considered look at your business security.

Cybersecurity should be a top concern for every small business owner, and taking the necessary steps to protect your organization must be a priority. Minimizing your risk is easier when you align your business with a trusted managed IT service provider that partners with your organization, understands your needs, and provides customized solutions to ensure that you have the protection you need. thinkCSC is committed to helping you find the most economical solutions to meet their needs. For more information, contact us today.

Avoid Devastating Security Breaches with Sender Policy Framework

By | Communication Security

at-99378_960_720Over the last year we’ve seen a significant increase in the volume of “spoofed” email, where the sender of the email appears to be internal to the company, attempting to trick the recipient into initiating an action that appears to be legitimately requested, such as a wire transfer or the opening of an attachment that enables ransomware. These emails can be very deceptive. Often, company executives are impersonated, and emails are sent to people within the organization who would typically be involved in such transactions. While there is no foolproof way of stopping these messages – and the best line of defense, of course, is a well-trained staff who reacts with caution before opening attachments or sending money – we do recommend implementing Sender Policy Framework (SPF) technology to help prevent the spoofed emails from even reaching their destinations. 

Sender Policy Framework 

Sender Policy Framework is a technology used to establish approved email systems for a domain. To implement SPF, thinkCSC creates a special DNS record that identifies which servers are allowed to send email for your domain. This record is then read by supported mail systems and processed according to their configured policies. In other words, we create a special code that tells the email provider which messages are legitimate email, allowing the provider to better detect spoof messages and mark them as spam. Most major mail providers now factor SPF evaluation into their overall scoring mechanism for determining whether a message should be delivered or marked as spam, and some mail providers will automatically junk messages that fail an SPF evaluation. While this technique does not ensure that spoofed message will always be considered spam, it does increase the likelihood considerably.

In order to successfully implement an SPF record, it’s critical to identify all of the mail servers and third-party services that could be used to send email on behalf of a domain, including the email provider, company websites, relays, third-party SaaS tools (like CRM), and marketing software that sends emails on behalf of the organization. Once these are identified, thinkCSC will create the DNS record, test and validate email flow from known senders, and update the SPF record as needed.

If you have been the victim of phishing emails or would like to learn how to protect your organization from sender address forgeries, contact thinkCSC for more information.

Take Steps Now to Protect Your Business against Ransomware

By | Data Security

ransomware2Ransomware is a vicious form of malware that locks users out of their systems, forcing them to pay an often exorbitant fee to regain control of their data. Some ransomware, like CryptoLocker, actually encrypts files so that they cannot be accessed without paying the ransom. Often, paying the ransom will not guarantee that you will regain access to your data. The only solution is to prevent the attacks whenever possible. Without the right security in place, it is very easy to fall victim to ransomware, and recovering from such an attack can be costly.

Common Sense Steps to Deter Ransomware

If anyone in your company has already been infected by ransomware, immediately disable system restore and run an anti-malware detection scan to remove ransomware files. To prevent ransomware from gaining access to your data and impacting your business, be sure to:

  • Back up files regularly
  • Install patches and security updates immediately when they are available
  • Scan systems regularly for malware detection and removal
  • Implement strong email security, antivirus, and firewall protection

Avoid Ransomware with Smarter Security Measures

Ransomware attacks can be avoided with carefully layered detection and security protocols that make it very difficult for hackers to break in. Organizations must also be cautious about where and how data is stored and accessed. Running files from desktops, USB sticks, or external drives can leave you without a safety net. We recommend the use of an enterprise file sync software like SyncedTool from which files can be accessed and used. Alternatively, organizations can operate using hosted desktops where the file data is stored offsite and protected with BDR.  In either case, if there is an attack, your managed services provider can perform a mass revision restore to the point in time before the ransomware encrypted the files.

Don’t Ignore the Need to Educate Staff about Ransomware

It is imperative that you train your staff to be alert when opening attachments in emails. Take extra precaution when working with email links and attachments. There are three fundamental questions you should ask yourself before opening any message:

  1. Do I know the person who sent me this message?
  2. Am confident that I know the nature of the attachment or link?
  3. Am I expecting this attachment or link, or is this an attachment or link that I regularly receive from this person?

If you can’t answer all of those questions in the affirmative, then it’s best to err on the side of caution and reach out to the person via phone or follow-up email to confirm the nature of the message.

At thinkCSC, we take your security seriously, so please take a moment to review our email guidelines with your staff. We regularly receive reports of spoofed emails that appear as internal communications and may contain attachments or links containing malicious malware or ransomware. Don’t let an innocent click of the mouse leave your organization in shambles. Be proactive and take steps to protect your company today. To learn more about having  the right layers of security in place to protect your organization from these vicious attacks, contact thinkCSC.

IT Trends – 2015 Edition

By | Data Security, Managed IT Services | No Comments

Crystal BallLast year we predicted several IT trends that are, for the most part today, standard operating procedures for most businesses. From VoIP to secure collaboration using Enterprise File Synchronization and Sharing, the big focus last year was the shift away from legacy processes and applications, with the gradual adoption of access-anywhere, work-anywhere work tools that didn’t compromise security.

This year we predict nearly every operational focus trending in IT will have something to do with security. IT security is the trend of 2015.

In fact, the biggest trend of 2015 will be the acknowledgement that no business is secure. No business – from the one-man work-at-home freelancer to the largest international corporation – is immune from incident. If you use technology and access the internet, whether from a smartphone or through applications on a bank of servers, you are a potential target for malware, cyber-attacks, viruses, natural disasters, and other business-disrupting issues.

Managed IT

Managed IT services, while not a new trend, will take center stage for even more companies because the need to maintain state-of-the-art equipment and have access to offline backup and disaster recovery will be too great to ignore and too costly for every non-IT business to do well. Shifting from a capital expenditure model for IT to an OPEX model will also be a priority for businesses striving to remain globally competitive. Managed IT services accomplishes that.

BDR Goes Mainstream

When disaster strikes, business leaders recognize the need for remaining operational. Backup and disaster recovery services provide a cost-effective business continuity solution that reduces downtime and allows you to keep serving customers from anywhere.

Enterprise Threat Detection

Rather than waiting for hackers and malware to highlight security gaps, then developing security patches in response to protect businesses, you can make your approach to security more aggressive. Enterprise threat detection offers proactive security that uses predictive analytics to stay ahead of the next attack. This will become a necessity for businesses of all size.

The most competitive businesses are the ones preparing for possibilities and designing their infrastructure in such a way that they can remain flexible, proactive, and competitive. Managed IT and BDR are not new concepts, but they are trending in 2015 as adoption becomes ubiquitous.

Discover how thinkCSC can help your business. Learn more.