Posts

Dark Web Security Risks and Dangers

/in

Dark Web Risks: Threats to Be Aware of, and How to Protect Yourself and Your Business

We offer a monitoring service for dark web risks.  In August, we received alerts for more than 40% of the companies we monitor about dark web risks and danger.

Threats from information mining and third party breaches continue to pose a risk.  The level of risk varies based on the source, scope, and nature of the breach. Learn about the dark web threats to be aware of, and learn what strategies you can implement to protect yourself, as well as your business.

Direct and Indirect Security Threats from the Dark Web

Third party breaches from the dark web pose direct and indirect security threats. A direct threat, as the name implies, represented a compromised identity with direct access to your system.  Indirect threats are breaches with information that enables more advanced attacks against your systems and user identities.

Direct threats, while less common, represent a breach of usernames and passwords for your system.  The source of direct threats may not be your systems. Hackers with access to valid email addresses and similar passwords will try permutations and patterns to gain access.  While they may then use the compromised credentials themselves, they may also put them up for sale or lease on the Dark Web.

Indirect Threats take many forms, and are a big risk on the dark web.  Identities with similar passwords are sold to hackers that will use them to gain access.  Personal identifying information is valuable to hackers looking to create effective spoofing and phishing attacks.  Repetitive breaches identify targets more easily compromised and/or more likely to respond to a phishing attack with personal information.

Dark Web Dangers and Threat Sources

Sources for Dark Web security threats vary.  Most common is a third party breach, for example the LinkedIn breach in 2018.  Given that many people use their work email address as an identity for LinkedIn, along with identical or similar passwords, the breach gave hackers a means to test access to core businesses services.  Simple testing of leaked passwords, permutations, and common patterns provides access to core businesses systems, including accounts on Microsoft, Google cloud, Salesforce, and others.

Growing in frequency, hackers grab personally identifying information matched to known email addresses.  While first and last names may not appear to create much risk, cyber criminals can use PII to create sophisticated spoofing and phishing attacks.  Your zip code, home address, job title, role in your company, and who you work with and for can all be used to create more effective attacks.  When matched to data from social media accounts — where you shop, foods you like, answers to “survey” questions that mirror security prompts — criminals can refine their attacks and sell your data for more on the dark web. This is why data protection services are highly recommended in todays environment.

Protecting Yourself and Your Business from the Dark Web

More than 70% of people use the same or similar passwords across systems, which is a huge dark web danger. When employees use work email addresses for other services, the nature of their passwords creates risks when any of these third party systems experiences a breach. Compromised third-party passwords reduce the effort required for cyber criminals to compromise other accounts. LinkedIn, Egnyte, Dropbox and other reputable services have all experienced breaches over the past few years.

An additional risk from third-party systems is the risk of personally identifying information, or PII.  With a valid email address and leaked or breach PII, cyber attackers have access to information that allows them to personalize phishing emails and other attacks.

Monitoring the Dark Web for these third party breaches, and responding appropriately, helps protect your employees and your business.

 

5 Effective Ways to Improve Work from Home

/in

Ways to Improve Work from Home

The Covid-19 pandemic proved that work from home and remote work was viable and productive for more employees than previously believed or acknowledged.  Necessity is a great motivator. Our businesses, employees, and customers responded, adapted, moved forward.  In the process, we have identified effectives new ways to improve work from home, as well as new benefits and pitfalls with remote work. Looking forward, our emergence from the COVID-19 pandemic is not a clear as hoped or predicted. The virus is here to stay and the impact on our lives is yet to be fully understood.  Our normal is not necessary “new”, but continues to evolve.

Considerations for Improving Work From Home

While we cannot predict the full extent of the shift, remote work, hybrid work, and work from home will be the norm. Learn how to work from home better, and remember to continue to reassess your work from home arrangement. This means asking yourself questions like, what can I do to improve my work-from-home setup? Could I boost my home productivity with additional productivity tools or technology? Is my work-from-home setup secure enough? What can I do to improve my communication skills while working from home?

5 Ways How to Improve Work From Home Effectiveness and Increase Productivity

Business need to continue to assess, plan, and adapt.  Here are 5 ways we can improve work from home and hybrid remote in-office work environments.

1. Device-as-a-Service

Device-as-a-Service, particularly remote desktop and virtual desktop infrastructure solutions, have clear benefits for new office norms. You can:

  • Provide a secure access to applications and systems with consistency regardless of where your employees are working
  • Better manage the computing environment, separating your business’ computing from the local device
  • Use existing, older laptops and desktops, thereby reducing hardware upgrade costs driven by operating system and application upgrades
  • Leverage Chromebooks as end user devices, lowering your total cost of ownership

2. Pick a Video Conferencing Service

Picking a standard video conferencing service lets you manage how you communicate internally and with customers. The right choice can also save you hundreds of dollars per year per employee while giving you and your team the features and functions they need to manage meetings and work efficiently.  By selecting a preferred service, you can invest the time and effort to integrate the service with your productivity and collaboration suites. An small investment in teaching employees how to fully use the solution also pays dividends.

3. Improve Employees’ Internet

You would never allow your Internet service to slow down work at the office. You should not allow home Internet speeds to slow down your remote employees. Reimbursing employees for increasing their Internet speeds improves productivity and morale. Providing employees with better WiFi routers and access points ensures their connections are available and reliable. Note: a few states require employers to reimburse home Internet services based on the percentage used for work.

4. Secure Your Remote Workers

Unless you provide the equipment and services, you cannot control your employees’ home networks and systems. At the same time, you want and need to secure your applications, data, and network. To do so:

  • Use multi-factor authentication (MFA) or two-factor authentication (2FA) whenever possible to control network, system, and application access.  MFA and 2FA are the simplest means of preventing hackers from using compromised user identities or credentials.
  • Upgrade home computers with additional, advanced threat protection services.  Many of the next-gen solutions offer greater protection from modern attacks and are designed to work with existing anti-virus solutions that may be installed on the device. Some of these solutions also provide tools for remote support.
  • Consider using physical security keys that provide authentication codes without the need for a smartphone or other device.

5. Protect Your Remote Resources

Whether using a company provided laptop or a personal computer, problems at home are disruptive and take longer to diagnose and repair than in-office problems. Things to improve working from home such as Device-as-a Service solutions separate the risk from the physical device, however employees using their local machines are still at risk.  At a minimum, ensure that you are backing up and can recover applications and data on remote laptops and desktops. If an employee performs critical or time-sensitive tasks, consider a continuity solution that enable the employee to return to work within minutes rather than hours.

Conclusion on How to Improve Work From Home

Whether work from home, remote work, or hybrid work will be strategic or tactical for your business, you can improve remote work security and employee experience with minimal cost.  We are here to help you assess, plan, and update your IT strategy and services to best meet your needs — and budget.  Contact us for an initial consultation, and to discuss how we can help you improve the work from home environment for your business.

 

The Kaseya Attack Effect

/in

Data Protection & SecurityThe Kaseya attack demonstrates how cyber crime is a big, organized business.  How big? You can subscribe to “Ransomware as a Service” and outsource attacks on your intended targets.  How organized? Hacker groups and service providers, such as the REvil Ransomware Group and DarkSide, actively manage their brands and reputations.  The REvil attack on Kaseya shows us that cyber criminals are technically advanced and operationally sophisticated. The nature of the attack, and its scope, should scare you.

By using known vulnerabilities in Kaseya’s VSA Remote Monitoring and Management system, REvil was able to create an automated ransomware distribution network. They used the very systems that Managed Service Providers (MSPs) use to monitor and manage customer servers, computers, and networks.

The Impact

MSPs update their Kaseya VSA servers automatically installed the Ransomware on their customers’ systems, as well as their own. Best estimates are that up to  1,500 small and medium-sized companies are victims. While this number seems small, those 1,500 business face an existential threat. Remember: more than half of businesses victimized by ransomware fail within six months.

Most MSPs shut down their Kaseya VSA services before spreading the ransomware. These firms had no ability to monitor, manage, or remotely support their customers. Customers facing IT issues were met with longer diagnostic and resolution times, resulting in business disruption, lost productivity , and the possibility of data loss.

As a managed cloud service provider, Cumulus Global does not use the Kaseya VSA system.  Our clients were not at risk, via our services, from this attack.

The Lessons

We were on the sidelines for the Kaseya attack. We understand, however, that the way in which may cloud services are managed create connections between vendors, resellers, partners, and customers. While these connections do not generally provide any access to customer data, they do provide access to management functions and information about users.  This information, in turn, could be used to improve the effectiveness of phishing attacks, spoof identities, and gain access to systems.

As a trusted IT advisor and a managed cloud service provider, we are part of a connected supply chain. We take our responsibility to secure our part of that chain seriously. While we follow commercially accepted best practices for security and privacy, the Kaseya attack warns us to step back and re-evaluate our strategy, policies, and procedures.

Our Next Steps

Cumulus Global is conducting an internal review of all of our internal and operational systems, including vendor portals and services we use to order, provision, manage, and support cloud services. As part of this review we are examining our policies and procedures related to:

  • Identity management and protection
  • Access to the systems
  • System level permissions related to function and data
  • Roles and responsibilities with respect to security and privacy
  • Business continuity plans and capabilities

Through this process, we are challenging our assumptions, re-assessing how we operate security and effectively, and raising our expectations for how well we protect ourselves and our customers.

We will also be making recommendations to our clients, and the broader community, on steps they can take to improve their security profile and protections.

Your Next Steps

As a user of cloud services, and technology in general, have responsibilities as well.

We Can Help

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

The State of SMB Cyber Security

/in

Data Protection & SecurityGone are the days when cybercrime was exclusively a big business problem. In the modern workplace, all businesses are at risk, regardless of their size or industry. Today, we recognize that implementing a cyber security program, much like hiring people and growing sales, is an essential part of running our companies.

With 43% of cyberattacks targeted at SMBs, it’s not surprising that many have identified cybersecurity as a priority. And while most of us have deployed protections, it is challenging to know if you have the right balance of protection relative to your risk.

Here are 4 key findings from research conducted by Microsoft:

01 Businesses understand that cybercrime is a problem, but understate the severity of the threat and overestimate their preparedness

The vast majority of businesses (85%) cite cybercrime as a concern, and more than half (56%) believe it is a top priority. Businesses are backing up this belief with action. Most have begun to invest both time and dollars into protecting their company from hackers and other malicious actors.

However, when you look a little deeper, it becomes clear that many have underestimated their risk. 74% of businesses don’t believe they are likely to be attacked at all and that corporations are two times as likely to be attacked.

90% of businesses say they have the right protections in place to prevent an attack, and those with more than 50 employees are even more confident. It is encouraging that businesses are investing in security, but the reality is that they are at greater risk than they think. Nearly half (41%) have been attacked

02 Small and medium-sized businesses are just as likely to be attacked as large corporations

For solutions that do cost money, businesses allocate about 15% of IT budgets go to cybersecurity,  and  21% plan to increase how much they spend protecting the company. Businesses recognize that this investment is worth it because three out of four know that it costs more to recover from an attack than it does to prevent one.

03 Employees can be a business’s biggest protection and also their biggest threat

As a small business owner, you face many of the same threats as larger businesses, but also unique challenges.

Given the number of security events tied to employees, businesses run the risk of underestimating the threat of employees leaking data or  sharing sensitive information, whether maliciously or accidentally.

Insider threats take several forms. Employees or partners may find it more convenient to transfer sensitive data using personal email or an unsecure cloud drive, not realizing the risk to your company. In fact, 30% of security events are attributed to careless or uninformed employees. More alarming is the roughly 36% of attacks where a malicious employee steals sensitive data.

04 Businesses have begun taking steps to protect themselves and there is a set of solutions and practices available to them

Most small and midsize businesses don’t have the same scale of resources to combat security threats and implement cyber security solutions as larger entities.

Fortunately, there are right-sized solutions and strategies designed to overcome the unique vulnerabilities of smaller companies. An effective security strategy doesn’t have to be expensive—or time-consuming. With a few simple, no-cost/low-cost steps, you can make a significant  impact on your company’s overall security profile. The key is to match security to your business needs and your budget.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Top 3 Types of IT Security Threats and How to Prevent Them

/in

Data Protection & SecuritySecurity Threats: 3 You Know and 1 You Should

Security threats take many forms. Most owners of small and medium-sized businesses (SMBs) are aware of the need to defend against the top three — viruses, ransomware, and phishing attacks — but their organizations are generally not as prepared to deal with the risks related to employees leaking data or sharing sensitive information, whether maliciously or accidentally.

Top 3 Types of IT Security Threats

1. Viruses

According to research conducted by Microsoft, infection by a computer virus is the most commonly cited among security threats facing businesses. Preventing viruses requires an integrated approach to endpoint and identity management.

How to Prevent Viruses:

  • Deploy next-gen antivirus software, with advanced threat protection, installed and updated, on all devices
  • Use web filtering and monitoring services to prevent infection, even from trusted sites
  • Roll out mobile device management to secure work devices (including laptops and desktops), as well as personal devices used for work
  • Enforce the use of multi-factor authentication as part of an integrated identity and access management solution

2. Ransomware IT Security Threats

Ransomware is a type of malware that restricts access, encrypts files, or even stops you from using your systems. Like viruses, ransomware can enter the company through insecure endpoints or unsuspecting users.

While virus protections also protect against ransomware, no protection is perfect. You need to be ready to respond and recover in the event of a successful cyber attack. This includes implementing solutions and services, and ensuring you have the proper protocols in place.

How to Prevent Ransomware Security Threats

  • Backup your data and system images, in the cloud, to ensure your ability to restore and recover
  • Encrypt all data, at rest and in motion
  • Deploy business continuity services to spin-up copies of servers in parallel with remediation
  • Pre-arrange access to forensic, legal, and communications resources to ensure a proper business response
  • Acquire cyber insurance to cover remediation, recovery, and regulatory costs, along with lost revenue
  • Focus on the four pillars of cloud security, and continue to review them on a yearly basis

3. Phishing Attacks

The majority, 67 percent, of cybersecurity professionals surveyed consider phishing attacks to be the greatest security threat facing your business and employees. Take the proper steps today to protect your people, your data, and your business.

How to Prevent Phishing Attacks:

  • Configure advanced threat protection services to identify and block attacks via email using links and/or attachments
  • Monitor inbound and outbound email traffic
  • Provide your team with awareness training to recognize problem emails, and how to respond/act
  • Instruct your team to report suspicious messages, links, and attachments
  • Deploy domain level services to prevent identity-spoofing

1 Additional IT Security Threat You Should Know

!! Internal Leaks & Threats

Insider security threats are often overlooked, and small and midsize businesses are generally unprepared to deal with these IT security threats, accidental or malicious. Surveys indicate that 53% of organizations have experienced insider attacks against their organization.

These risks take several forms. About 37% of internal leaks can be attributed to careless or uninformed employees. In many cases, these employees are using personal, less secure or unsecured services to conduct business.  Whether consumer versions of email or cloud drives for sync and share, these “shadow IT” services pose a significant risk.

While the majority of internal leaks and threats are unintentional, 36% of internal leaks are identified as attacks by a malicious employee.

To prevent data leaks and breaches, you should:

  • Actively manage access and permissions to networks, systems, applications, and data; periodically review permissions for compliance
  • Leverage features within your systems that help you manage and protect confidential and proprietary information
  • Deploy information protection solutions, such as Data Loss Prevention (DLP) and document/message level encryption, to block sensitive data from leaving your control
  • Implement proper cyber insurance and breach response protocols

>> Take Action Against IT Security Threats

All of the suggestions, above, fall within our CPR best-practice model for data protection and cyber security: Communicate & Educate; Prevent & Protect; Respond & Recover.

To assess your cyber security status, discuss your risks and needs, and identify solutions that fit your business and your budget, contact us to schedule a complimentary session with one of our Cloud Advisors.

Remote Workforce Security: Tips, Challenges & Lessons Learned

/in

As part of its Global Year in Breach – 2021 report, security firm ID Agent found that remote workforce security is more difficult than generally thought. With many of the changes in how we work expected to continue, as business leaders we need to embrace hybrid work as the way of the future.

What Exactly is Remote Work Security?

Remote workforce security is a subset of IT cybersecurity that focuses on protecting corporate data and other assets when employees work outside of a physical office. Implementing strong security protocols and technologies for remote access, educating employees on how to identify security risks and stay safe, and strengthening your overall business data protection and security are some of the best ways to secure your remote workforce.

What to Know When Developing Security Procedures for a Remote Workforce

Pandemic Triggers Panic

2020 and the onset of the global COVID-19 pandemic presented new challenges. The biggest challenge was cybercrime. The mix of understaffed IT departments, maintenance failures, unpreparedness, record-breaking cybercrime, and employee stress taxed IT teams and services. Cybercriminals took advantage of this golden opportunity, and businesses were hit hard.

Businesses needed to rapidly shift to remote operations. For those with older technology, this shift was especially difficult. Everybody became a remote worker. IT teams needed to become instant experts in remote workforce security, including knowing the four pillars of cloud security. For too many businesses, it was a mad scramble to to get their teams remotely or face shutting down entirely. Many employees lacked training in remote work; many IT teams had never managed remote security at scale. A barrage of unintentional, insider threats assaulted IT teams daily.

Stress Creates Vulnerabilities

Why was the massive shift to Work from Home such a boon to cybercrime?

IT departments were unprepared and understaffed.  Only 39% of IT executives polled felt they have adequate IT expertise on staff to assist with remote work issues. Only 45% of organizations reported having and adequate budget to support remote work.

At the same time, employees were dealing with unexpected stress at home and more likely to make cybersecurity mistakes. Over 50% of respondents admitted they were more error-prone while stressed. 40% said they made more mistakes when tired or distracted. Altogether, 43% of workers surveyed acknowledged mistakes resulting in cybersecurity repercussions for themselves or their company while working remotely.

Cybercrime Complications

Chaos and confusion created opportunities for cybercriminals. Experts estimate that overall cybercrime was up by 80% in 2020. Much of that increase was from phishing attacks. Cybercriminals took advantage distracted, stressed workers, with limited IT support, and immense numbers of email. In 2020, phishing attacks skyrocketed by more than 650%. Attacks hit 75% of companies and accounted for almost 80% of all cybercrime.

Successful ransomware also jumped more than 145%. In 2020, 51% of all businesses and 40% of small and midsize businesses experienced a ransomware attack. 50% of attacks on SMBs used vicious double extortion ransomware. Ransomware will continue to top the list of cybercrime trends in 2021.

FAQs About Remote Workforce Security

Next Steps for How to Secure Your Remote Workforce

Stopping ransomware and decreasing your company’s risk of a successful cyberattack against remote and hybrid workers starts with stopping phishing and its destructive effects. We have tools that help your IT team support and protect your people and your business, while also protecting your budget.

To learn more about you cyber risks, and solutions to fit your needs and budget, contact us and schedule a complimentary Cloud Advisor Session.

 

Business Email Compromise: 10 Stats; 5 Solutions

/in

Business Email Compromise (BEC) is a type of phishing-related fraud with far-reaching consequences. Not only can BEC attacks hurt your business, companies you work with can be damaged as well. BEC threats are hard to detect and mitigate, given the a byzantine structure of the attack.

Here are 10 statistics that demonstrate the increasing risk of BEC attacks, along with 5 solutions that reduce the chance of your business becoming a victim.

10 BEC Statistics

1Business email compromise rose by 14% overall in 2020 and up to 80% in some sectors
265% of organizations faced BEC attacks in 2020

3In 2020, BEC costs increased rapidly, from $54,000 in Q1 2020 to $80,183 in Q2.
4The energy and infrastructure sector topped the 2020 list with 93% of attacks
560% of the information on the dark web could potentially damage businesses

6In 2020, 80% of firms experienced an increase in cyberattacks

762% of BEC scams involve the cybercriminal asking for gift or money cards.
8The most common type of BEC scam is invoice or payment fraud
9Payment/invoice/billing scams skyrocketed by 155%, in 2020

10The average amount requested in wire transfer-based BEC attacks nearly doubled to $75,000 in the fourth quarter.

Protecting Against BEC Attacks

The most effective way to prevent business email compromise attacks is a strong, multifaceted defense against the primary delivery system: phishing email.  Here are 5 solutions that help you mitigate threats and the risk of successful cyber attacks.

1 Phishing Resistance Training

An absolute must-have for any organization in today’s tumultuous world is a strong cybersecurity culture. Too many employees are still clicking on dangerous messages. Strengthen your security culture and reduce your risk of suffering email-based cyberattacks by up to 70%.

2 Advanced Threat Protection

Go beyond attack profiles and blacklist lookups. Take advantage of next-gen protections that assess content and context, leverage machine learning, and analyze the behavior of links and attachments.

3 DNS / Web Protection

Secure your DNS traffic to help prevent cyber attacks that spoof or use your identity.  Block known, dangerous web sites. Block malicious web content and downloads, even from trusted sites that have been hacked.

4 Identity Access Management

Secure your user identities over time with a comprehensive approach. Include multi-factor authentication, password vaults, and single-sign on for your best protection.

5 Dark Web Monitoring

Your team probably uses their work email address (identity) to log into third party services. Breaches in these services put your business at risk. Monitor you domain for potential breaches so you can take action before you become a victim.

To learn more about these Business Email Compromise, other cyber threats, and solutions to fit your needs and budget, contact us and schedule a complimentary Cloud Advisor Session.

 

Modern Workplace: Benefits and Challenges

/in

The modern workplace brings together teams, information, and processes to empower our teams and enable our businesses. Powered by Microsoft, Google Cloud platforms, getting the most out of our systems requires more than simply moving from one system to another. Managing adoption and ensuring users understand how to use tools effectively increases individual and team productivity and efficiency. Below, we look at the most notable modern workplace benefits, as well as three major challenges to overcome.

5 Modern Workplace Benefits

Most of our businesses realize benefits when we create our modern workplace with Microsoft, Google, and other key solutions.

1 Faster and more reliable communication
The modern workplace improves our ability to communicate. Beyond fast Internet connections, the integration of voice, messaging, audio/video conferencing, file sharing, real-time collaboration, and other tools lets us work together and share information in the ways that work best for us. Secure access from virtually anywhere enables us to work where we are most productive.

2 Enhanced efficiency and productivity
The modern workplace ushers in efficiency and productivity in many ways. Automating tasks and workflows, improved access to files and information, and embedded AI help users complete work more effectively.

3 Lower costs; Higher profits
Technology-driven increases in efficiency and productivity decrease operating costs. Reduced travel, faster time to market, quicker customer response times, and faster and more effective decision-making all result from the reliability, mobility, and productivity of a modern workplace.  These benefits save time and money, and drive revenue and profits.

4 Greater transparency and interconnected operations
You can replace complex, bureaucratic processes when you match access to data and information with updated processes that take advantage of integrated, secure applications, tools, and services. Whether simple file sharing or ensuring you have one record of customer information across your systems, the modern workplace helps connect, streamline, and simplify.

5 Improved security
Modern workplaces are more secure. Integrated, layered security is embedded into the architecture of cloud infrastructure services, designed and built to meet your security and data privacy needs. Beyond the traditional focus of protecting physical computers in specific locations, security for the modern workplace protects the systems, networks, applications, data, and processes. You also protect your people with identity and access management that removes the physical boundaries of security.

3 Challenges of the Modern Workplace

Moving to a modern workplace, like any, change comes with challenges.

1 Resistance to Change
Even when they understand the objectives and benefits, some members of your team will hesitate to embrace change. Helping team members understand how the changes will benefit them individually —  how it will enable them succeed — improves buy-in and acceptance. Offering tools to help them learn and apply new features and capabilities supports their personal growth and overall adoption of new apps, tools, and processes.

2 Inadequate Training
Turning on a new app, tool, or process is not enough. “One and Done” sessions are not effective.  To fully benefit from your modern workplace investments, your team needs to understand your apps and tools as they use them. Individuals retain and apply learning best when they have time to use what they have learned. Adoption plans that provide training and support relevant to a person’s role and responsibility in small, manageable doses, over time are most effective.

3 Mismatched Technology
Technology for the sake of technology leads to disaster. Picking the best technology that is not the best fit creates problems. Start your selection process by defining your business goals and objectives. Identify the types of technologies you need and want to support your objectives. Then select the specific technologies that match your prioritized needs and wants.

Contact Us to Learn More About Modern Workplace Tools & Solutions

Email us or complete our contact form to discuss how a modern workplace, including Microsoft, Google, and other key tools, can help your business thrive and grow.

Exchange Server Zero-Day Threat

/in ,

On March 3, 2021, Microsoft issued an emergency Microsoft Exchange Server patch alert for multiple zero-day vulnerabilities that are being exploited by a nation-state affiliated group. The order impacts on-premise Exchange Servers 2010, 2013, 2016, and 2019. Older editions are past end of life and do not receive security updates. Microsoft highly recommends that you take immediate action to apply the patches for any on-premises Exchange deployments. The first priority is servers which are accessible from the Internet (e.g., servers publishing Outlook on the web/OWA and ECP).

To patch these vulnerabilities, you should move to the latest Exchange Cumulative Updates, followed by the relevant security updates on each server.

The vulnerabilities and risk do not exist for any version of Microsoft Exchange Online. The risk does not impact any version of Microsoft 365 or Microsoft Office 365.

As discussed in past posts, one of the benefits of cloud-based solutions is the integrated management of the environment. You are not depending on how well your IT provider of staff keep up with maintaining your systems and your security updates. Moving your infrastructure to the cloud shifts the burden of maintenance and operations, letting your team focus on activities that help your run and grow your business.

Want to learn more, contact us and schedule a complimentary Cloud Advisor session.

4 Pillars for Integrated Security

/in

All of us have data and services in the cloud and on-site. Whether we have local servers or just our laptops, securing your business means applying an integrated security solutions strategy.

What is Integrated Security?

An integrated security system is a centralized platform that typically combines or “integrates” two or more electronic security systems such as access control devices, video surveillance, or wireless alarm systems. This integration makes it easier to manage all of these seemingly disparate components and adds a layer of security to the organization.

An integrated system enables all of the company’s apps and tools to work in unison. It can improve sales while improving customer service and increasing efficiencies.

The following 4 pillars for integrated security solutions create a foundation that can be applied and adapted for your business.

4 Pillars of Integrated Security Solutions

1. Identity and Access Management (IAM)

IAM protects users’ identities and controls access to valuable resources based on user roles and responsibilities, risk levels, and regulatory (or policy) requirements. IAM solutions are often a collection of logins, each with their own requirements and processes, such as multi-factor authentication.  Integrated IAM solutions simplify the user experience, improve security, and lower hard and soft costs.

2. Advanced Threat Protection (ATP)

ATP protects against advanced threats and, if done well, helps you recovery quickly when attacked.  ATP is more than “next gen” email protection.  ATP applies to threats from infected websites and human behavior exploits. Integrating ATP into your security architecture helps prevent increasingly sophisticated attacks from succeeding.

3. Information Protection (IP)

Information Protection shares the same acronym, IP, as intellectual property.  This fits well as Information Protection ensures your documents, emails, and other communications are seen only by those authorized to do so. IP uses encryption, advanced access controls, recipient validation, and other services to manage data visibility. Integrated Information Protection is key to security hybrid cloud/on-site environments effectively.

4. Security Management

Security Management gives you visibility and control over your security tools, processes, and activities. As part of an integrated security architecture, Security Management empowers you to assess risk and compliance, manage services, and respond effectively.

How to Include Integrated Security Services

How do you know if your integrated security solutions architecture is up to stuff?  Do you have opportunities to simplify security for your team?  To save money?  Here is a roadmap.

ASSESS

Assess your current security architecture against your regulatory, industry, and business requirements. Ensure you have the necessary components, policies, and procedures. Assess the “user experience” and look for ways to simplify. If security is a burden, users will finds ways to sidestep the data protections.

PLAN

Plan you updated security integration. Understand the impact on your systems, and your people, and how you will make the changes. Communicate your needs and plans, as communications is key to success.

EXECUTE

Make the changes.  Too often, needed solutions get delayed or dropped as other issues arise.

Next Steps for Integration Security Solutions

Security, Privacy, and Compliance is a cornerstone of what we do. Contact us to speak with a Cloud Advisor; we are here to help.

Webcasts

Nothing Found

Sorry, no posts matched your criteria