Posts

Security Best Practices to Protect Your Admin Accounts

Data Protection & SecurityIn any client environment, it is critical for you to protect your admin account with current security best practices. Most cloud services have multiple levels of admin accounts, including a super admin with the ability to access, manage, and change every configuration and security settings.  In many cloud services, “super admin” accounts also have blanket access to your data.  In effect your super admin and admin accounts hold the keys to your kingdom.

Protecting and managing admin accounts is critical for keeping your data and your business secure.

Here are four security best practices for managing and protecting admin accounts.

1 Multi-Factor Authentification

While we recommend multi-factor authentication (‘MFA”, also known as Two Factor Authentication or Two-Step Verification) for all user accounts, the added protection of MFA is critical for super admin and admin accounts.  MFA helps to protect your admin account by preventing somebody from using stolen or compromised credentials to access your cloud services, your data, and your business.

For Super Admin accounts, consider a FIDO-compliant security key.  These keys, or fobs, are physical devices that provide a timed access code required to log in. Keys provide the most secure method for multi-factor authentication, and are our number one recommendation when it comes to security best practices for administrator accounts.

2Secondary Super Admin Access

Even a super admin account can be lost or compromised.  Should this happen, you need a way to perform critical admin tasks while you recover the super admin account.  You have a few options, as follows.

  • Create a second, dedicated, super admin account.  While this comes with a licensing cost, you are not giving additional privileges to other admins or users.
  • Assign super admin rights to an existing admin or user. You avoid any increased fees, but grant privileges which can be accidentally or intentionally misused. These privileges can include access to sensitive data, archives, and the ability to alter security settings.
  • Engage your cloud partner/reseller. If your cloud partner/reseller has the ability to recover super admin accounts and/or reset super admin passwords, make sure you have a service or support agreement in place that covers admin account password reset and account recovery.

3Force Logout Super Admins

Day to day admin services can and should be performed by Admin accounts with permissions to perform specific sets of tasks.  User your Super Admin account for specific administrative and security tasks not permissioned to other Admin accounts.

As a Super Admin: Log in. Perform the specific task. Log out.

If possible, set your system to automatically log out Super Admin accounts if idle for a short period of time.

4Privileged Access Management

Our final best practices to protect your admin account includes Privileged Access Management, or PAM, which limits access to critical security and administrative functions. Permission is granted to specific functions, upon request by another Admin or the system, for a limited amount of time. Using PAM provides additional tracking of who/when/why for critical settings and tasks.

Call To Action

Take a look at your cyber security. Complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

Contact us or schedule time with one of our Cloud Advisors to discuss your cyber security protections and/or your broader security needs, priorities, and solutions.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

Cloud Computing Trends, Challenges & Provider Insights in 2023

Cloud Computing Trends

Earlier this month, CRN published a story covering Flexera’s 2023 State of the Cloud Report.  Flexera provides software and systems to manage enterprise private and public clouds.  The report on cloud computing trends originates with an annual survey of 750 technology leaders across sectors, geographies, and size of the business.  While the report classifies small and midsize businesses as those with under 1,000 employees, we still find the results interesting and relevant.

As small businesses, our concerns are spending, security, compliance, and managing cloud services. The cloud model hits our income statements and balance sheets differently than historical IT services. The need to protect our businesses, and our customers, has never been greater. And, we find it difficult to understand if we are spending efficiently and effectively.

We take a look at the top 3 cloud challenges, discuss managing clouds, and explore cloud waste.  Understanding these issues, you will better understand how to create better cloud solutions. You will also be better able to set expectations from those providing cloud solutions and related services.

Top 3 Cloud Computing Challenges

For 2023, SMB respondents identify the top three cloud computing challenges as:

  • Managing Cloud Spend (80%),
  • Security (73%), and
  • Compliance (71%).

These concerns make sense. The spending model for managed cloud services, based on subscriptions or usage, is an operating expense.  Most smaller companies are used to making capital expenditures and paying for service contracts and managed services.  Additionally, many of the IT firms working with small businesses will replicate on-premise networks and servers in a public cloud service. They may lack the expertise and tools to actively manage costs.

Concerns about security and compliance reflect the increasing need and demands of protecting sensitive business and personal information.  We face the same increased regulations and expanding industry standards as larger enterprises. But we do not have the in-house resources or the same access to experts. We place our trust on local or regional IT service firms.

Latest Trends and Developments in Cloud Computing

Undefined Cloud Management

Following closely behind the top 3 cloud challenges, governance (67%) and subscription management (61%) indicate that small businesses are not sure how to best manage their cloud services.  As cloud infrastructure matures, the number of options expand.  To make simple decisions, such as whether to subscribe monthly or make an annual commitment at a lower per unit price, we need to understand the operating cost models.  We need standard operating procedures, such as on/off-boarding and access controls, in place.

Cloud is still new. We need our IT service firms and managed service providers to guide, if not lead, our cloud management efforts. Co-management is a viable strategy, provided it includes policies and procedures as well as products and services.

Cloud Waste

On average, the survey results show that businesses spent 18% more than budgeted on public cloud services last year.  The greatest contributor to the overspend appears to be Cloud Waste.

Cloud waste is spending on cloud services that go unutilized or are under-utilized.  Reducing cloud waste can be as simple as

  • Shutting down unused resources after hours
  • Selecting lower cost regions / data centers
  • Periodically right-sizing systems and resources

Policies that scale resources in real-time based on usage will increase efficiency, but require expertise and planning during the solution design process, monitoring, and refinement over time.

How to Pick a Cloud Computing Provider

Traditional managed service providers, or MSPs, are experts in buying, monitoring, and managing things. They focus on network components, servers, systems software, and end user devices.  To get the most value from our cloud services, we need partners that understand service and cost management.

Managed cloud service providers, or MCSPs, understand how the “as-a-Service” model is different. Security, compliance, and cost management only work when they are built into the requirements, design, and management of your cloud services.

Before picking your cloud provider, ask about their management and co-management models. Understand if they actively work to monitor and manage security, compliance, and costs. Ask them to explain how.

Call To Action

Get a copy of our recent eBook, Cloud Strategies for Small and Midsize Businesses. In this eBook, we: set the stage by looking at how small and midsize businesses acquire and use technology and IT services; explore the challenges we face moving into the cloud; and map out four strategies for enhancing your use and expansion of cloud services.

To discuss how your business can better utilize a broader range of cloud services, please contact us or schedule time with one of our Cloud Advisors at your convenience.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

A Notable Shift in Cyber Attacks

As we proceed into 2023, we begin receiving reports and analysis of 2022, the year that was.  Now is a time when we gather data and perspectives on the past year. This new information helps guide us to better decisions in the year ahead. With respect to Cyber Attacks, the information is definitely both positive and negative in nature.

Mixed News

As reported recently in CRN, SonicWall reports in their 2023 annual Cyber Threat Report that ransomware attack volume dropped by 21% worldwide last year. In the US, the volume dropped by 48%.  While this is good news, we see some serious caveats in the data.

  • 2021 was the worst year on record for ransomware attacks, with more than 600 million worldwide.
  • Even with the 21% drop, 2022 still had the second largest number of ransomware attacks in history.
  • Ransomware attack volume in 2022 was 50% more than in 2020, and more than 2019 and 2022 combined.
  • SonicWall also reports that the last quarter of 2022 had a spike of attacks with an increase over Q4 in 2021.

What does this mean?  Ransomware attack volumes have dropped, but they are still at historical highs.  It is too soon for us to predict a change that would alter how we protect and respond these attacks.

Shifting Landscape

Related data suggest the cyber attack landscape is shifting. This information suggests that cyber criminals are focusing on other types of attacks. In 2022,

  • Cryptojacking attacks jumped by 43%
  • IoT malware attacks increased by 87%

Similarly, CRN reported that security vendor CrowdStrike noted a 20% increase in data theft and data extortion attacks that did NOT deploy encryption. More attackers are avoiding the protections against ransomware and simply threatening to expose or release sensitive data.

What does this mean? Businesses with solid cyber security and business recovery solutions in place can avoid paying ransoms. Collecting ransoms to decrypt files has become less attractive.  By quietly identify and collecting sensitive information, cyber attackers regain the upper hand.  They can release portions of the data if the victim hesitates to pay.

The Impact on Your Business

While we may see some encouraging signs, your business remains at risk. Our Security CPR model guides decisions on cyber security solutions. The model offers a holistic approach that begins with communication and education, ensures protection and prevention, and includes your ability to restore and recover.

To ensure your business has the resiliency it needs, focus on threats most likely to impact your business and those that will be the most damaging if successful. We have a number of blog posts, webcasts, and whitepapers in our Resource Center.

Call To Action

For a look at your cyber security, complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

Contact us or schedule time with one of our Cloud Advisors to discuss your cyber security protections and/or your broader security needs, priorities, and solutions.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

The Cloud, Shared Responsibility, and You

The vast majority of small and midsize businesses (SMBs) understand — or have learned the hard way — that the ability to recover lost or damaged data is critical to your IT services and business resiliency.  You need to be able to recover and restore files, databases, servers, and workstations from loss due to disasters, hardware failures, software errors, or human action. In the cloud, it is your shared responsibility to protect your data.

The Cloud

As we move data, services, and servers, we rely on infrastructure and security built into the services.  Google and Microsoft operate industry-leading, sophisticated services designed for security as well as performance, features, and functions.  The capabilities do three things:

  1. Continuity: Ensure the clouds run with little or no disruption
  2. Recovery: Enable the restoration of services without loss of failure do to hardware, network, or other issues
  3. Capability: Provide us with the ability to secure and protect our data based on our usage

Microsoft, Google, and other cloud services do not, however, protect us from how we use their services.

You

Microsoft and Google do not control how we use Microsoft 365 or Google Workspace services.  We, as subscribers, control how we manage and protect our data, including:

  • Who can access the services
  • Which applications can connect and integrate
  • Which other applications and services will share user identities
  • Which users can manage, edit, suggest, or view files and folders
  • Which users can access various services within each of the productivity suites

With these controls comes great responsibility.  You are responsible for how your data is stored and used.  You are responsible if that use causes data loss or damage.

Shared Responsibility

Microsoft and Google  both use a “Shared Responsibility” model for security and data protection. The model defines which aspects of the cloud service security and data protection are your responsibility and which are the responsibility of the service provider.

Microsoft

Microsoft Shared Responsibility ModelMicrosoft discusses Shared Responsibility as a component of its terms of service.  A recent Microsoft Learning article notes the following:

“In an on-premises datacenter, you own the whole stack. As you move to the cloud some responsibilities transfer to Microsoft. The following diagram illustrates the areas of responsibility between you and Microsoft, according to the type of deployment of your stack.”

For Microsoft 365, a “Software as a Service” (SaaS) offering, Microsoft expects you to take responsibility for protecting and recovery of your information and data; devices; accounts and identities; and portions of your identity and directory infrastructure. Microsoft has a detailed white paper covering shared responsibility for Azure services.

Google

Google Shared Responsibility ModelThe Google Workspace Data Protection Guide includes a section dedicated to the Shared Responsibility model. Google states:

“Data protection is not only the responsibility of the business using Google Workspace services; nor is it only that of Google in providing those services. Data protection on the cloud is instead a shared responsibility; a collaboration between the customer and the Cloud service provider (CSP).”

“As a Google Workspace customer, you are responsible for the security of components that you provide or control, such as the content you put in Google Workspace services, and establishing access control for your users.”

As a SaaS offering, Google warns that you are responsible for the access control, security, and protection of any and all content you place in the Google Workspace service. The Google Cloud Platform: Shared Responsibility Matrix provides a detailed overview of shared responsibility for Google Cloud Platform.

Back to You

Understanding your shared responsibility, you can meet your data security and protection obligations.

First and foremost, configure and use the security and data protection features included within your Microsoft 365 or Google Workspace subscription. These services range from multi-factor authentication to secure user identities and access to advanced data loss prevention services in enterprise level subscriptions.

Your next step is to add additional services to cover aspects of data protection not provided with your Microsoft 365 or Google Workspace subscriptions.  These services may include:

  • Advanced threat protection for inbound email
  • Backup/recovery of all user content in Google Workspace (including shared drives) and Microsoft 365 (including Teams)
  • Archive/eDiscovery services to meet internal data policy, industry guidelines, or regulatory requirements
  • Backup/recovery for data located on end user devices and on-premise or hosted servers
  • Continuity services for mission-critical servers and end user device
  • Message-level and file-level encryption for compliance with industry or regulatory requirements

Your business may or may not need all of the services listed.  Which services you deploy should be part of a larger assessment of your cyber security and data protection needs.

Call To Action

Contact us or schedule time with one of our Cloud Advisors to discuss how you are meeting your shared responsibility and/or your broader security needs, priorities, and solutions.

For a broader look at your cyber security, complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

About the Author

Chris CaldwellChristopher Caldwell is the COO and a co-founder of Cumulus Global.  Chris is a successful Information Services executive with 40 years experience in information services operations, application development, management, and leadership. His expertise includes corporate information technology and service management; program and project management; strategic and project-specific business requirements analysis; system requirements analysis and specification; system, application, and database design; software engineering and development, data center management, network and systems administration, network and system security, and end-user technical support.

Understanding a Third Party Data Breach & How to Prevent One

Understanding Third Party Breach AlertsWhat is a Third Party Data Breach?

A third party data breach occurs when an individual’s login identity and/or personally identifiable information (PII) has been disclosed by a third party system or service. A third party system or service is one that is unrelated to your business.

Third party data breaches are a security risk to your business and your employees. To understand this risk, we look at human behavior and the nature of modern cyber attacks. Knowing the risks, we look at ways to identify and respond. We discuss methods to ensure you are properly protecting your employees and your business.

The Risks of Third Party Data Breaches

The Risk of Human Nature

Multiple studies show that between 65% and 70% of humans will use identical or similar passwords across systems. The practices of “patterning” and “mimicking” passwords is more common across accounts using the email address or username as the account identity, whether or not the login is for a business system or some other system or service.

Think about employees using their work email for business-related services, such as video conferencing services, LinkedIn, or file sharing services. Some employees may have accounts to online stores for purchasing materials or supplies.  A breach in any of these systems, which are out of your control, poses a risk to your business.

A second aspect of human nature that works against us: humans are social creatures.  People, at different levels, want and need to interact with others.  In general, humans are trusting and we want to be helpful.  We will share information if and when it fits within typical interactions and when we think we are helping ourselves or others.

The Risk of Cyber Attack Methods

Currently, sophisticated criminal organizations (sometimes backed by hostile nation-states or terrorist groups) execute the vast majority of cyber attacks. They often sell and trade methods, malware, and data on the dark web, as different organizations build specialized expertise. Modern cyber attacks reflect the sophistication and expertise of the cyber criminals. Most cyber attacks involve indirect and direct methods.

Indirect Attacks

We define indirect attacks as those intending to gather information. Cyber criminals collect useful information in order to conduct direct attacks and to sell to other criminals. Phishing, social media “clickbait”, and third party data breaches are three common examples of indirect attacks that provide personal information for further attacks.

Direct Attacks

We define direct attacks as those intending to gain access to your systems and information. These include compromised user identities or credentials, ransomware, activity/keystroke monitoring, business email compromise attacks, and other attacks where your data is exposed or altered.

Direct attacks are more successful if they use data gathered from previous, indirect attacks.  And while cyber attackers may manage the complete attack, it is more common for those interested in direct attacks to buy data from those that specialize in conducting indirect attacks.  Your answers to quizzes and games on Facebook are being sold to cyber criminals that will use that information against you in a future attack. Indirect attacks also gather information that allow the attackers to impersonate you, organizations, or those around you.

Maybe the information lets them craft a surprisingly real-looking email asking you to log into a fake website, or to transfer money to a vendor using incorrect banking information.  Or, you are asked to share the MFA code you received by text. And with enough information, the attackers pretend to be you and ask your customers to make a payment by wire or ACH transfer using their banking information, not yours.

Tracking Third Party Data Breaches

The best method of tracking third party data breaches is subscribing to a monitoring and alert service.  Use the service to scan and monitor the dark web for data breaches related to any email address from your business domain(s).  The service should send you alerts that include:

  • Email address of the breached account
  • Origin of the breach, if known and disclosed
  • The Source of the breached data (where was the data posted/visible)
  • The type of the compromise
  • When the data was found
  • If a password was compromised, and if the password is visible or encrypted
  • Any PII disclosed in the breach

Using this information, you can assess the risk and take appropriate actions in response.

At Cumulus Global, we partner with DarkWeb ID for third party data breach monitoring and alerts.  Our eBook, Understanding Third Party Breach Alerts, covers how to analyze alerts, assess risks, and respond accordingly.

Protecting Your Business From a Third Party Data Breach

To fully protect your business from a third party data breach, your security strategy needs to ensure you have three things in place:

  1. You and your team should understand your security risks and how your behaviors can help or prevent an attack.
  2. Have procedures and technologies in place to protect you from successful attacks
  3. Have security services in place to prevent the disclosure or loss of data and/or system access.
  4. Capabilities and services in place to respond should an attack be successful, and to help your business recover.

We developed our Security CPR Model specifically to help small and midsize businesses create, deploy, and manage an appropriate security strategy. If you follow this model in addition to other cyber security best practices, you’ll be well positioned to prevent a third party data breach.

Communicate & Educate

    • Communicate with your team that Cyber Security is a priority and educate them on cyber security risks, the need for everybody to be vigilant, and the behaviors/actions they can use to help prevent successful attacks.
    • Develop policies and procedures to establish clear expectations for how your organization will maintain cyber security and how your team will use security technologies and services

Protect & Prevent

      • Select, deploy, and maintain security technologies and services that match and support your cyber protection needs and priorities.
      • You can simplify your security services by focusing on the most likely threats and those that would have the greatest impact if successful (see: How Can SMBs Streamline IT Security?)

Respond & Recover

    • Put systems in place to recover lost or damaged data and systems; consider business continuity solutions that enable you to continue operating your business while restoring your primary systems.
    • Pre-arrange resources to help you respond to the technical, regulatory, legal, reputation, and customer service impacts of a successful cyber attack

You can learn cyber security tips and key information about third party data breach prevention by viewing Security CPR, our 3T@3 Webcast from January 2023.

Call To Action

Complete our Rapid Security Assessment (free through June 2023) for a review of your basic security measures.

Or, contact us or schedule time with one of our Cloud Advisors to discuss your security needs, priorities, and solutions.

About the Author

Allen Falcon is the co-founder and CEO of Cumulus Global.  Allen co-founded Cumulus Global in 2006 to offer small businesses enterprise-grade email security and compliance using emerging cloud solutions. He has led the company’s growth into a managed cloud service provider with over 1,000 customers throughout North America. Starting his first business at age 12, Allen is a serial entrepreneur. He has launched strategic IT consulting, software, and service companies. An advocate for small and midsize businesses, Allen served on the board of the former Smaller Business Association of New England, local economic development committees, and industry advisory boards.

 

 

Lessons from the Rackspace Attack

ransomware

Cyber Security Ransomware Email Phishing Encrypted Technology, Digital Information Protected Secured

On December 2, 2022, a ransomware attack on Rackspace disrupted email services for thousands of businesses.  The attack encrypted files throughout Rackspace’s Hosted Exchange environment, one of the largest in the world.  The outage impacts mostly small and midsize businesses (SMBs).  While Hosted Exchange is only 1% of Rackspace revenue, the incident was large enough to warrant a filing with the Securities and Exchange Commission. We can all learn lessons from the Rackspace attack with respect to cybersecurity and response.

Lessons from the Rackspace Attack

1 Incident Response Must Be Quick

In their SEC filing, Rackspace noted that their “… information security team had strong incident response protocols in place that led to the quick containment of the ransomware attack.”  They were able to limit the damage to the Hosted Exchange service, protecting other aspects of the company’s operations and other services.

For SMBs like ours, speed is also necessary. Quickly identifying an attack and isolating effected devices is critical. An infected laptop can spread the infection to servers and through files sync’d into cloud storage (ie, OneDrive, Google Drive, Dropbox). From there, every connected device is vulnerable.

2 Recovery is Not a Sure Thing

Rackspace is NOT recovering customers’ Hosted Exchange service. The company is moving these customers to Microsoft 365.

Paying the ransom is not always possible. Paying a ransom does not guarantee that your get your data back.

3 Recovery is Difficult

As of December 12, 2022 — a full 10 days after the attack, Rackspace disclosed that about two thirds of its customers have been transitioned to Microsoft 365. Nearly one third of customers remain without email service. Rackspace is effectively abandoning its Hosted Exchange service.

The logistics of identifying recoverable data and understanding interdependencies is complex. Managing data restoration across multiple devices, systems, and data sets is challenging. Some data will be lost. Understanding which data, and how much data, has been lost is challenging.

4 Recovery is Big and Slow

Rackspace has hired staff and contracted with many Microsoft Fast Track service providers.  Even so, call wait times are still averaging about 30 minutes.  Rackspace is setting expectations, repeatedly telling customers that data recover will “necessarily take significant time”.

Starting with a clean system gets your systems up and running. How effectively can your run your business without your data?  Data recovery takes time, even from backups. While emails may be relatively easy to live without, what is the impact if your accounting system is unavailable for days or weeks?

5 Recovery needs Expertise

While Rackspace is a leading technology firm, they have hired outside firms to investigate the attack and remediate the incident.

Most IT firms servicing SMBs do not have the expertise or staff to respond to a cyber attack. Expertise and resources will be needed for investigations and forensics, data recovery, systems restoration, communications, regulatory reporting and compliance, and customer service.

6 Recovery is Expensive

Rackspace is actively promoting that it maintains sufficient cybersecurity insurance to cover the costs of the incident. Their SEC filing, however, does not indicate if or how they plan to compensate customer for their losses.

You will spend money … lots of money … beyond the cost of getting your data back, your systems restores, and your business back up and running. Regulatory filings, communication, legal services, and litigation can be a crushing burden that threatens. More than half of SMBs fail within six months of a significant cyber attack.

Steps You Can Take

Looking at the lessons from the Rackspace Attack informs how we should think about protecting our businesses and ensuring we can return to normal operations quickly and efficiently. Here are resources for you to learn more.

Earlier this year, we blogged about how Streamlining Security for SMBs can protect you from the most common and the most expensive types of cyber attacks without breaking your budget.  We held a webinar on the same subject.

Our Security CPR model outlines the three critical aspects of cyber security communication/education, protection/prevention, and recovery/response.  Our eBook, 15 Best Practices for Cyber Protection, dives into the model.

To discuss your security footprint, risks, and options, contact us by email, via our website, or by scheduling time directly with one of our Cloud Advisors.

Webcasts

Cloud Cover: Strategies for Small Businesses

(04/18/2023) – As small businesses, we can do more with the cloud then Microsoft 365 and Google Workspace. But if we want to take advantage of the benefits of managed cloud services, we need better cloud strategies.

Cyber Security: 3 Questions and Shared Responsibility

(03/21/2023) – The cloud’s Shared Responsibility Model places most of the security and data protection burden on you. Our webcast explores 3 key questions and the shared responsibility model to help you plan, deploy, and manage effective, and cost-effective, security..

Hybrid IT for SMBs

(02/21/2023) – A sound Hybrid IT strategy creates better collaboration, cost efficiencies, security, and resiliency. Review your hybrid business strategy and supporting IT services. Address your business, technology, security, and cost challenges.

Security CPR

(01/24/2022) – Cybersecurity requires policies, procedures, supporting technologies, and a culture of awareness. This webcast is a deep dive into our Security CPR model for preventing and surviving cyber attacks.