IT-Support-Miami-Cybersecurity-Blog

Cyber Attacks Happen: Build Resilient Systems

You can’t stop all attacks or build the perfect defense system. The higher-level objective is resilience.

Every week, billions of cyber-events batter government networks. Millions of these attacks hit at network speed, and thousands succeed, as reported by the Homeland Security Department’s US Computer Emergency Readiness Team. The US Navy alone was attacked more than 1 billion times in 2016. Although security analysts strain to counter these breaches, mostly with manual processes, it’s likely terabytes of data are stolen.

Given this dynamic landscape, you might think federal CIOs are getting more resources to defend against mounting cyberthreats. They’re not. Money and security expertise are in short supply, meaning agencies need to innovate. First and foremost, they can no longer take a piecemeal approach to information security. A holistic strategy that incorporates real-time risk management and continuous monitoring is the only way to go.

To help companies build these more-resilient systems, the National Institute of Standards and Technology, in collaboration with the Defense and Homeland Security departments and private sector intelligence communities, has come up with security controls that focus on mobile and cloud computing, application security, the insider threat, supply chain security, and advanced persistent threats.

So it comes as no surprise that more than half of the respondents to Information eek’s 2014 Federal Government IT Priorities Survey say cybersecurity/security is the top priority in their agencies. Seventy percent rate security as “extremely important,” with another 16% viewing cyber-security/security as “very important.”

Federal managers want to know “how to stop the bleeding,” says Ronald Ross, project leader of NIST’s FISMA Implementation Project and Joint Task Force Transformation Initiative. You can’t stop all attacks or build the perfect defense system. The higher-level objective is resilience. “What does it mean to have an adequate degree of resilience in a modern information system that supports critical missions?” Ross asks, in a question that’s neither rhetorical nor unique to federal agencies. State and local governments as well as private sector companies are struggling, too — anyone with valuable information and using very complex high-end technology is subject to the same types of threats.

Resiliency means “becoming healthy after something bad happens,” says Bret Hartman, VP and CTO of Cisco’s security business group. “That is a good way to think of security because it’s impossible to stay healthy all the time.” Agencies should consider the attack continuum and which technologies they need in place before an attack occurs, during an attack, and after the attack to do systems remediation. This last area is still maturing and is where the biggest challenge lies today, Hartman says.

Time for better cyber “hygiene”
To address resiliency in federal government, NIST and its partner agencies are focusing on two tracks: improving “cyber hygiene,” and designing IT system architectures that can bounce back from damage and contain attacks. A good way to view cyber-security, says Ross, is to have a way to address areas “above the water line,” such as known patching and maintenance, and those below the water line — problems you can’t see that could cause trouble and inflict serious damage without warning.

Cyber hygiene focuses on tasks that security administrators deal with daily, such as promptly updating operating systems and applications with the latest security patches or making sure all operating systems and network devices are configured properly to close down attack vectors that could be exploited. IT must also assemble and maintain a complete inventory of everything on the agency’s network and the information it has to protect.

With NIST 800-53 R4, the government is starting to address security below the water level, too. Specifically, we’re talking about contingency-planning types of controls, which allow agencies to define alternate processing capabilities, storage sites, and communications plans in case of a natural disaster, like a hurricane, or a cyber-attack. “We have contingency plans in place and run those exercises as frequently as we need to, so when the event happens, we can move smoothly into that backup scenario,” Ross says.

Use social media for more than marketing

Use social media for more than marketing

Social media has become an important part of any business’s marketing strategy. By having an active presence on the main networks, you will likely see increased sales and or brand recognition. So, while social media is an invaluable marketing tool, there are also other departments which could benefit from it.

Below are four non-marketing oriented uses of social media that businesses could benefit from.

Hiring
LinkedIn is a social network dedicated to helping professionals and organizations connect, find jobs and new talent. Most social savvy companies will have a presence on this network and may even hire exclusively from here.

If you are looking for new employees, it wouldn’t hurt to have a LinkedIn profile. To find the best talent, you need to forge and maintain connections (usually starting with people you know), and be somewhat active in groups and on message boards.

It’s also important to not forget the other major networks when it comes to hiring. Tweeting a job opening on Twitter, or posting ads on Facebook could also help you find your next employee. Facebook can be particularly useful because you can pay to target ads (in this case, job openings) at specific demographics.

Internal communications
Communication is an important part of the business, and most people choose to communicate using email. You have probably seen emails with jokes, invitations to after work events,  sent to the whole company and also received many replies that go with it. This can get very annoying, and also confusing.

Why not utilize social media for non-essential (aka. not related to work) communication. Set up a Facebook group where your employees can share content, invitations to lunch or after work gatherings, interesting stories, etc. That way you can limit email to more important, business-related aspects.

Using social media for internal communication is also beneficial for companies with younger workers. Most already see Facebook, Twitter, etc. as their main form of communication. Some even feel more comfortable communicating over this medium as opposed to speaking out in meetings. Having a group portal or Facebook page could give less-empowered employees a way to voice their ideas, and maybe even improve on them with feedback from others.

Learning
A common complaint of many business owners is that they have a tough time staying on top of ever-changing trends and what interests their customers. Using social media to connect with your customers can be a great way to learn not only hot trends but also about new ideas.

Customer service
When it comes to social media, users will often complain publicly on their wall or through their tweets. This is bad for you, as the reach of this complaint can go a long way and make you look bad. Some companies have decided to confront this head on by having specific customer service accounts. If a customer complains, has an issue, or even compliments you, be active and respond using that account.

If done properly, over time, you will see more and more people reaching out to your customer service account through social media. This also gives you another way to please clients or turn around negative customer experiences.

Social media and the various platforms are not only great for marketing but can be incredibly useful for other business functions. Do you have any other ways you use social media? Let us know. Or, if you would like to learn more about how it can help your company, then contact us today.

Secure your business in 5 ways

Secure your business in 5 ways

Most computer users, including business owners and managers, know that while computers are incredibly useful, they can pose a security risk. While a security breach for personal users can be serious, it is potentially even more so for businesses. This is why, when it comes to company use, those in charge want to make sure that their systems are secure. The problem is that this is seen to be not only expensive but a drain on time and other valuable resources. In truth though it doesn’t have to be.

Here are five low-cost things you can do to ensure that your business is secure.

1. Communication is key
Many companies take adequate steps to ensure that their systems are adequately protected. The thing is, many security breaches come from within the company. If your employees keep passwords written on pieces of paper that they leave lying around their desks, this is a security issue. It is a good idea to agree with employees where to keep important information and ensure they follow these rules.

Beyond that, if you implement security changes or new systems e.g., new virus scanning software, it is important that you talk to your staff to ensure they know how the system works and how they can use it. You would be surprised at how much effective communication can help to minimize security issues, and best of all? It’s free!

2. Educate your staff
One of the more common security issues comes from spam and malware found in emails. It is a good idea to educate your staff on how to spot these different types of emails and other malicious websites, as well as how to avoid them.

It is worthwhile ensuring that your employees know their roles when it comes to security too. If you have a secretary who you believe is responsible for ensuring the office is locked at the end of the night, take steps to ensure that this person understands their responsibilities. The same goes for computers your staff use: If they are responsible for conducting security scans let them know this. While this may take some time, the cost is low to free.

3. Keep track of your keys
To ensure the security of your IT systems and your physical office, you should keep control of your keys. That is, both the physical keys and those associated with your software (the codes you enter to verify software and unlock full versions).

Keep track of which staff members have a key to the office and if possible number them. The goal here is to know where your keys are at any given time, and if a staff member changes employers make sure you ask for them back.

Many software keys or licenses are single use only. If you invest in software and an employees steals this along with the key, you will likely have to purchase the software again. A good tip is to keep software keys secure and separate from the software itself. The best part about this step is that the cost of doing this is minimal.

4. Keep your software updated
Hackers can be a lazy bunch. They will often target those with out of date software, because it’s usually easier to hack. To reduce the chance of being hacked, you should take steps to ensure that your software is up-to-date. This includes your virus and malware scanners, as well as browsers and even software you don’t use.

Get your staff to perform a ‘software audit’ on their computers on a regular basis. This means going through their computer and properly uninstalling software that they don’t use, while also taking time to ensure their system is completely updated. This step is easy to implement and will cost you next to nothing.

5. Keep important systems off site
Many small to medium businesses keep their servers on site. While this is convenient as your systems are right there and easily accessible, this could also create a security issue. One way to minimize this is to work with an IT partner who can host your systems or servers off site or in the cloud. While this involves some cost, working with an IT partner could save you profits and productivity in the long run, as good providers will ensure that your systems are secure and working properly.

If you are looking to make your systems more secure, please contact us today. We may have a solution that will work for your business.

Connected Lives

Our Continuously Connected Lives: What’s Your “Apptitude”?

pogo-we-have-met-the-enemy-and-it-s-us

                                              National Cybersecurity Awareness Month, Week 4. #CyberAware

 

October —  National Cybersecurity Awareness Month (NCSAM) — gives all of us an opportunity to share tips, tricks, and techniques to keep our organizations, employees, neighbors, and selves safe online.

We’ve seen many changes over the last 13 years since NCSAM was established. Most of us now live in the cloud with the Internet of Things (IoT) all around us. We repeatedly hear “there’s an app for that.” Everything is “smart”: smart phones, smart homes, smart cars. But are we really smarter about how to keep these devices and our information stored on them safe? How do we help people remain vigilant about protecting their data and themselves when it’s easy to assume that these smart gadgets will take care of everything?

The rules of security, safety, and privacy stay the same regardless of the technology. Cybersecurity is fundamental to realizing the promise of new and expanded technologies. This blog checks your cybersecurity “apptitude.” How well are you and your institution doing in these areas?

Universal Participation

Security is everyone’s business. One weak link in the security chain, whether technology or people, can cause headaches for all. It only takes one insecure system, application, or user. You need universal participation in the security solution.

  1. Up-to-date systems. Anything on the network needs to have the most current patches and updates. This includes servers, PCs, laptops, mobile devices, network devices, and applications. Automate this as much as possible to reduce the reliance on humans.
  2. Trusted applications. Use only applications that are trusted and vetted. End users shouldn’t be allowed to download and install their own applications. While this can be tricky for campuses due to academic freedom, it’s really to protect the users from themselves, unknown apps, and current Internet threats.
  3. Security awareness for all. Everyone needs to receive security awareness training at least annually. This is a great time to remind users to stop and think before they click. It’s easy with our Special Cyber Security Audit and Training Offer . ( Contact us to learn more ).

“Leaky” information happens in a variety of ways: accidental disclosure, carelessness in storage and protection, and direct attacks. Many times, it happens because people do not always use care with their personal information. As the cartoon character Pogo said, “We have met the enemy and he is us.”

  1. Do the administrators and professors at your institution know how to guard information in their care? Are restrictions in place to make sure only those people with a need to know can see that information?
  2. Do you know your info? Is the information you handle sensitive or confidential? What damage would result if it gets out to the public or one of your competitors?
  3. Do you label sensitive, proprietary, or confidential information? You may know that the information is sensitive, but do your co-workers?
  4. Does your institution protect sensitive, proprietary, or confidential information? Answering this question is a separate article. In general, you can do the following things to move in the right direction:
    • Remove any extra copies of sensitive documents. Maintain originals in a secure location and get rid of all other copies. Place documents in a secure location (not a public folder or even a laptop hard drive). If you don’t need a copy of a document, then don’t keep it.
    • Don’t send sensitive documents to an outside e-mail address unless absolutely necessary.
    • Encrypt your information using tools like Microsoft Bitlocker, Veracrypt, or 7–Zip.

Risky Business

We experience risk simply by living. Eliminating risks isn’t feasible; knowing the risks you have and doing something smart about them is. We need to take that approach both in our lives and at our institutions. Security is all about identifying risks and finding appropriate strategies for managing those risks.

As you approach risk management, consider this simple equation: RISK = IMPACT x PROBABILITY weighed against the cost of mitigation. Ideally, you would first handle the risks with the greatest impact and the greatest probability of occurring, and then later handle risks with a lower probability of occurrence or lower loss.

You can use the same risk equation and process for managing any risks or problems. Ask yourself the following:

  1. What am I trying to protect? That is your asset.
  2. What bad things can happen to it? These are the threats to your asset.
  3. How much money could I lose should these bad things happen?
  4. What weaknesses or vulnerabilities are associated with the asset?
  5. What am I already doing to reduce the risk?

The first three questions define the impact and the last two define the probability. Together they formulate the overall risk. With this information, you can make smart cybersecurity decisions.

Respond, Don’t React

The Internet is the World Wild Web with potential dangers around every corner. You can’t protect everything perfectly, so know what to do when something bad happens. By responding thoughtfully to the issue rather than reacting to it, you can better aid your institution.

  1. Have a plan. Take time to develop a security incident response plan. In it, you should document the who, what, when, where, and how of addressing a real or potential security issue.
  2. Practice, practice, practice. Periodically test your plan to know where it works and where it needs work.
  3. If you see something, say something. Often our users first detect a potential problem. Train them to be part of the security solution . Everyone should know to report security issues early.

How would you rate your “apptitude”? Does your institution meet the security goals needed to avoid the effects of “Security Groundhog Day”? Whether your computers are in the cloud or you’re part of the Internet of Things, the simple suggestions listed here will help with basic cybersecurity steps to keep your institution, faculty, staff, and students safe and secure.

Still have questions? Need help? Check out our Cyber Security solutions or Contact us. We are here to Help!

Texting and Instant Messaging

Instant Messaging: An Evolution

It doesn’t take a rocket scientist to see technology is getting faster every day. On average, more than 100 billion emails are sent and received every day – a nearly instantaneous form of communication free to anyone on the Internet. For comparison’s sake, 509 million items are processed by the United State Postal Service each day, and may take days or weeks to arrive at their destination. The Internet offers a level of instantaneous communication not even the telegraph or telephone could achieve, and it offers countless platforms for said communication.

Instant messaging had humble beginnings, however – spending decades confined to single laboratories and university campuses. True appreciation of modern instant messaging requires some degree of knowledge of its past.

Humble Beginnings

The most archaic messaging systems were housed in laboratories at universities and were used as notification system or to send basic text messages between users logged into the same machine. Throughout the 70s and 80s, technology grew to allow messages to be exchanged between multiple devices connected to a shared server, and by the late 1980s, programs like MIT’s Project Athena had built networks which could send communications throughout entire university campus. The 1980s also saw the popularization of bulletin board systems, or BBSes, which allowed users connected to a network to upload and download information to a server, or even for just one computer to call another computer and exchange information. Bulletin board systems were made feasible by early dial-up modems which didn’t require manual user intervention to connect to a server.

When dial-up Internet became widely accessible in 1994, bulletin board systems and other communication systems confined to a single small network began their slow-but-rapidly increasing journey to oblivion.

The Age of the Internet

With the rise of the Internet in 1994, instant messaging became a much more plausible idea for the general public. The first America Online (AOL) instant message was sent in 1993, and AOL Instant Messenger, or AIM, would go on to become one of the most popular messaging platforms through the early 2000s, offering one-on-one communication and chat rooms. Internet forums began to pop up, some of which are still maintained. While they weren’t necessarily instant mediums, they allowed for prolonged and in-depth discussion.

Cell phones also gained the ability to send SMS messages in 1994, though text messaging wasn’t nearly as efficient then as it is today. Original full keyboards were a feature of task managers rather than phones – until the two device categories were married by the rise of the smartphone.

The Instant Era

Smartphones helped to kick off the era in which we currently live, where instant communication is a normal part of life. Phones with built-in keyboards made text messaging practical as a form of communication, making “textspeak” a part of the Millennial vernacular.

The release of the iPhone and subsequent spike in popularity for Android devices allowed an instant messaging service to dwell inside a device as an app. Whatsapp, founded in 2010, is among the most popular instant messaging services on smartphones. Whatsapp is ubiquitous in Europe and Asia, where unlimited texting isn’t as widely offered from service providers. Social networks like Facebook and Twitter, as well as conferencing apps like Skype, also offer built-in chat functions.

Apple then streamlined texting by introducing the iMessage, which replaces SMS messages for texting between multiple Apple devices.

Instant messaging has grown from humble beginnings into a generation-defining phenomenon with a litany of personal and professional applications. These services will only get bigger and better over time, but even today, current technology allows for lightning-fast communication that connects people on opposite sides of the planet each and every day. As space exploration and futuristic technologies trudge along, we may yet discover that not even the sky is the limit for instant messaging.

Want to IM Like A Boss? Talk To A Nerd.

We Nerds are pretty darned excellent at setting up the best IMs and collaboration systems for business. Drop us a line, and we’ll get you chatting as early as yesterday. Sorry, nerd joke.