The Elephant in the Room Keeps Growing!

 

It seems that no one wants to talk about it, or acknowledge its existence, but the elephant in the room is the continuing and constant growth of ransomware (malicious software designed to deny access to a computer system or data until a ransom is paid).

One of our partner companies, Datto, produces a fantastic yearly report on the global state of ransomware as reported by over 2400 managed service providers (MSPs) around the world. The report is filed with excellent information in a very readable format.  You can download the whole thing here.

If you don’t want to tax yourself with the whole report, below are some of the key points and main takeaways that are important to you and your business: Read more

8 quick ways to reduce your cyber risk

Whether it’s the risk of a security breach or the possibility of hardware failure, every company has cyber risk that can affect their productivity or even their ability to continue running their business.

While there are no real shortcuts to proper cybersecurity and network management, there are a few simple ways to reduce your risks.

Here are 8 things you can do to reduce your cyber risk quickly: Read more

Downtime got you down? Here are 5 steps to stay up and running!

IT downtime in your business can be caused by so many things – hardware failure, power surges, security breaches, storms, coffee spills, just to name a few. But no one cares WHY they’re down when they count on being up and running!

So, what’s the quickest way to get your business running again? At IT Direct, we use the axiom “proper preparation prevents poor performance,” in other words, plan ahead!

Yup, not the answer you were hoping for, I’m sure, but it’s the best way to ensure that downtime doesn’t ruin your day, your week, or even, possibly, your business.  Read more

What manufacturers need to know about NIST compliance

The President of IT Direct, Ari Santiago, recently gave an hour-long webinar on NIST compliance. He provided a quick, but very thorough overview of what NIST 800-171 is, why it’s important, and the 14 families of the framework.

If you’d like to listen to the entire webinar, you can find it here on YouTube.

In today’s blog post, we’re going to give an overview of that overview – a 60,000 ft view, if you will!  Read more

Cybersecurity reminder!

Today the Connecticut Higher Education Trust College Savings Program (CHET) had a over a $1 million stolen in a security breach. You can read more about it here.

This is just the latest in a stream of cybersecurity breaches hitting the public and private sectors. Cybersecurity risks are on the rise and we all need to remain extra vigilant and careful. Pay attention to what you’re doing when you’re online, what you’re clicking in your emails, and who you are giving your information to.

Hackers are making money…so they aren’t going to stop anytime soon!

Give us a call if you want to learn more about your organization’s cybersecurity risks.
860-249-1200

Cybersecurity for compliance: Top 5 reasons you may need a Security Information and Event Management (SIEM) system

A security auditor may have recommended, or even insisted (in case of compliance requirements), that you have a Security Information and Event Management (SIEM) system in place.

Your first question might be, “What is that?” followed closely by, “It costs how much?” followed right after that by, “That’s a lot of money. Do I really need that?” Let us try to answer these questions for you.  Read more

Top 5 ways to prepare for a ransomware attack

Ransomware attack!
A top cybersecurity threat for businesses today is ransomware – a type of malicious software designed to block access to a computer system until a sum of money is paid. In fact, 12 Connecticut state agencies were just attacked with ransomware, with 160 computers affected. Luckily, the attack was thwarted by the state’s excellent multi-layered cybersecurity strategy.

Your business needs to be prepared too. And just like the state of CT, the multi-layered approach is the best way to do it.

Here are the top 5 ways to prepare for a ransomware attack: Read more

NIST compliance: it’s just good cybersecurity practice

NIST compliance

We all know that cybersecurity risks are not going away. The truth is, they’re only getting worse. Cyber-criminality is an industry, with a lot of money to be made. And as we’ve seen from the news about security breaches lately, they’ll take just about anything they can get their hands on!

The government has a plan!

Hmm…that sounds a little scarier than it is and not completely accurate. The National Institute of Standards and Technology (NIST) is a government agency responsible for maintaining cybersecurity standards for all government agencies. As you may know, they have created a set of standards for non-governmental organizations that handle Controlled Unclassified Information (CUI), NIST 800-171. They’ve created the standards, now you have to create the plan.

What is NIST compliance?

Read more

Security flaws Spectre and Meltdown – what you need to know!


As you may have already heard in mainstream publications or on social media, computer researchers have recently found security flaws in the CPUs of most modern computers. These flaws, known by the names Spectre and Meltdown, are the results of design flaws in the hardware which is found in PCs, Apple, networking equipment and more. These flaws have actually been there for years, but until recently were both unknown and unexploited. This security issue affects almost every computer, server, and personal device. The hardware bug allows malicious programs to steal data that is being processed in your computer’s memory, making password managers, emails, messaging, documents, photos and more, vulnerable.  Read more

digital network security illustration

What is a Network Security Audit?

How secure is your company’s network? If it doesn’t have robust security settings, you could lose important data. A data loss could impact your business in a very negative way. The best way to ensure that your company’s network is in good shape is to perform a network security audit.

A network security audit goes through all aspects of your information technology systems, measuring how well each piece conforms to the standards you have set. By doing a network security audit, it will be easy for you to see where parts of your system are not as safe as they could be. It’s an ideal way to learn where you should focus to ensure security.

What Should a Network Security Audit Cover?

Your network security audit should look at your physical system set-up, including the hardware itself, and it should examine software, apps, and other programming in place. It should also consider the way users access the system. This check covers any entry points into your system.

There are many specific things you can look at within these categories.

For instance, one aspect you could start with is user accounts. Any business that has given access to users has introduced a potential security risk. Your network security audit should ensure that users understand best practices for accessing the network, including how to protect themselves from threats. This includes making sure that regular users have different permissions than administrators. Other users also need authorization to perform more actions on the system. Remove any users that are no longer with the company, or no longer authorized in a certain role.

Your audit can cover policies such as password requirements, if and how users can use their own devices on the network, privacy rules, and more. Make sure that your systems conform to the policies you have set out, and fix any conflicts that arise.

On the hardware side of things, you will want to ensure that physical hardware is in warranty, that operating systems are current, and that your server is working well. This is a good time to make sure that you have system backups, including backup power options if this is an important part of your security plan.

See that your networks are configured appropriately, that antivirus measures are in place, and that encryption and firewall protection is set up to keep unwanted activity out. Include email systems in your network security audit. Security failures are frequently traced back to emails.

As you can see, a lot goes into a network security audit. The factors mentioned above are only the start. Your audit plan could look very different depending on your business and your needs.

The most important thing is to ensure that you schedule regular audits and take action if you uncover problems. A vulnerable network is a significant risk to your company, your clients, and your reputation. It is worth the time and effort to check in and keep your network security in good shape on a regular basis. We completely understand this here at IT Direct. Contact us today to get started on that audit!