Posts

What Exactly Is a Security Posture & What Does It Mean to Your Business

Our business ecosystems have begun rapidly changing, with cybercriminals evolving rapidly, a new vocabulary is developing. A new addition to the lexicon of many is the concept of “Security Posture.” Another techy-word, referring to the strength and security of your IT infrastructure. Putting an increased presence on internet-born vulnerabilities for business technology. How you manage current hardware and software purchases, policy & procedure generation and controls.

What Makes-Up Your Security Posture

Any of these singular aspects are defined under cybersecurity, your security posture develops the likelihood of a breach, and what it would take for hackers to gain access to these critical pieces of network technology, but also the state of your employees, and if they can spot similar threats, making these difficult for many to observe.

In the context of managing cybersecurity, larger organizations, including Directors of IT, Chief Technology officers, and any compliance officer, must make decisions based on the deliberation and analysis of their security posture. Generating a better understanding surrounding certain aspects of your cybersecurity approach, but this is simply not enough anymore. In today’s connected age a more holistic approach is needed to meet regulations and compliance. Read more

Cyberattacks Using SSL Encryption Swells the Success Rate of Malware to 400%

Utilizing Microsoft’s latest partner release of the 2019 Security Intelligence Report, a report put together to inform Microsoft and Office365 Partners of the latest threat-analytics to hit the landscape. Of the 470 billion emails analyzed, the year-to-date trend was well over 250% since it’s last publication in 2018. As phishing attacks continue to trend upwards, attackers are beginning to leverage more sneaky tactics to accomplish their end goal, including blackmail, extortion and worst of all, data corruption.

For many businesses, encryption has become the norm as cyber-criminals begin looking to disrupt operations to turn a quick profit.  One of the largest goals behind any cyber-attack is stealth, the longer a malicious activity goes on unnoticed in your systems, the greater the chances of their attack succeeding. One popular avenue has begun involving SSL encryption to disguise the transmissions of the attack from your local anti-virus or malware agents.

As previously warned, these attackers are persisting to utilize website encryption to provide users with a false sense of confidence while surfing or researching something on the web. As we have mentioned here, Security Awareness Training can assist in informing your employees of the perils found in today’s connected businesses. Begin scrutinizing the sender’s domain name, and the content they want from you.

  • Phishing – 2.7 Million phishing attacks occur monthly, a 400% increase since we’ve been tracking these states in 2017.
  • Content is King – 196 Million instances of “malicious content” including websites, malicious scripts, and malvertising we all found on some of the most well-known websites this year.
  • Botnets – 32 Million botnet callbacks were performed and blocked on average each month since 2018
  • Domains – 32% of all spoofed domains or websites were using SSL to deliver content.

Most Phished Brands through HTTPS:

  1. Microsoft Office365 or OneDrive – 58%
  2. Facebook – 12%
  3. Amazon – 10%
  4. Apple or iTunes – 10%
  5. Adobe – 4%
  6. Dropbox – 4%
  7. DocuSign – 2%

By preparing your employees with a security mindset, we broaden business’ stance on security, to better prevent things like SSL attacks from reaching your end-users. Each of these acts leverages more ways for cybercriminals to establish credibility, and the context needed to fool business.

Recently, I received an email from one of our clients in the North Bay, and they copied me on an email that was dressed up to represent a Microsoft Office 365 notice. Now, this notice contained links to an “invoice” that were crafted and carefully coded, to send the staff to a fake Russian URL, where Office365 logos were plastered everywhere. Even more conveniently, was the willingness for this HTTPS encrypted website to take down ANY information relating to my own personal Office 365 account. Thankfully, this partner reached out to our staff to double-check the status of their Office 365 account and wouldn’t you know it, no issues were reported.

(Email Pictured Below)

7 Cybersecurity Tips That Give Your Business an Unfair Advantage in 2019

Clare Computer Solution’s partner and security experts, Webroot, revealed the findings on their 2019 Threat Report, displaying many “tried-and-true” attack vectors or methods are still at the top of the list, with new threats emerging every day. It would appear the attackers are innovative, to say the least. This comes just in time, as many of our partners spoke to these very claims at the 2019 RSA Conference hosted just last week in San Francisco, California.

Hal Lonas, Chief Technology Officer at Webroot reports:

 

“We wax poetic about innovation in the cybersecurity field, but you only have to take one look at the stats in this year’s report to know that the true innovators are the cybercriminals. They continue to find new ways to combine attack methods or compromise new and existing vectors for maximum results. My call to businesses today is to be aware, assess your risk, create a layered approach that protects multiple threat vectors and, above all, train your users to be an asset—not a weak link—in your cybersecurity program.”

Clare Computer Solutions Couldn’t Agree More; Here are some from Webroot’s 2019 Security Report highlights:

  1. A staggering 40% of malicious URLs were found on “good” or “safe” domains. Legitimate websites are frequently compromised to host malicious content. To protect users, and employees data cybersecurity needs URL-level visibility or domain-level metrics to accurately showcase these dangers. Far too often, standard antivirus or endpoint protection can lack the capabilities, leaving these links in an employee inbox.
  2. Phishing attacks have increased by 36%, with the number of malicious sites swelling to 220% from last year. We’ve even seen phishing sites use SSL Certificates, and HTTPS to trick unknowing users into believing they’re secure and legitimate. Microsoft’s latest Security Intelligence Report, confirms this with analytics reporting 250% increase in phishing messages being sent through Office 365.
  3. 77% of spear phishing attacks impersonated financial institutes, and most likely to use HTTPS over other types of target. With over 80% of financial institutions finding compromised links residing on an HTTPS page.
  4. Google followed by Microsoft, and UPS/FedEx ranked among the most impersonated brands in phishing overall for 2019.
  5. Security Awareness Training reports from Webroot and KnowBe4 both show an average of 80% less likely to fall for phishing attempts, especially with phishing simulations, and on-demand training.
  6. One-third of all malware makes attempts to hide inside of %appdata% folders. What makes these locations price for hiding, is the commonality between paths. Every user directory, with full user-permissions, will install here and are hidden by default in most operating systems. Although malware can and will hide almost anywhere, the most common locations are as follows:
    – 29.4% in %appdata%
    – 24.5% in %temp%
    – 17.5% in %cache%
  7. Devices using Windows 10 are at least 2x more secure than those systems still on Windows 7. Webroot has reported a steady decline in malware on Windows 10 machines in the business space.

Furthering your Security Measures

While ransomware was less of a problem in 2018, it has become more targeted, and companies, customers, and employees will fall victim to ransomware. In 2018 many attacks saw the use of Remote Desktop Protocol (RDP) as an attack vector. Leveraging tools to scan systems with inadequate RDP settings. It’s these unsecured RDP connections that hackers can use to gain access to a given system and browse through all its shared data. Further providing criminals with sensitive information that ransomware can exploit.

Begin furthering your security measures today, with the use of a cybersecurity assessment. Easily track your current security posture, and rely on the experts to build you a roadmap for securing your business. Dive-deeper into your network than ever before, with the use of our Security Posture Assessment from Clare Computer Solutions. If you wish to view the Webroot report, you can find that here.

Empowering Executives with Integrations for the Technology You Love

For many CIOs and COOs, the process of technology continues to be a top priority for many come 2019. As a major headache, businesses are increasing their cloud investments to move forward with digital transformation efforts were then faced with the massive undertaking of getting multiple resources connected for a seamless user experience.

Many of the local SMBs have found a lack of competency in many smaller providers, with stitching together applications and services to make up your current IT environments. It’s these environments that will increasingly become more-hybrid. With a large mix of on-premises equipment dispersed across various sites, public and private continue to muddy the waters.

As part of the many businesses moving towards a digital transformation, IoT (Internet of Things) has entered further cluttering device options and platforms that can begin to optimize your operations. As many begin with 2019 initiatives, that will further bring-on greater levels of complexity. As a result, many local business owners have identified this gap and began to address this in their technology plans.

Digital Initiatives
As many CEOs begin cracking down according to the latest “State of the CIO 2018” report, IDGs. This continues to add pressure on the organization. As one of the most experienced MSPs in the SF Bay Area, we continued to rapidly innovate, enhance your speed-to-market and greater your customers experience with your business.

By assessing your existing investments in equipment and resources to better determine what new investments need to be made, when achieving technology goals. The digital transformation many businesses are undergoing isn’t exclusively about new technology, but instead, deciphering what makes sense to retain and what needs to be integrated for legacy applications and services, it’s more of a comprehensive assessment.

With all this in mind, we offer CIO’s and COO’s a range of services to further assist in the development of these transformative plans. In our experience, these three components continue to best assist companies in their digital future.

  1. Assessments & Planning – As you begin launching digital initiatives the need to measure twice, cut once an be a great undertaking for several businesses. Involving a review of current architecture, and bandwidth demands of these assets require greater discovery and review to determine a solution that’s right for your business.
  2. Execution – Once planning and alignment are finished, technology providers assist in multiple ways to execute this vision. It takes an IT Expert to match workloads to platforms with optimization in mind, followed by the task of creating a truly digital ecosystem where your business network can be secured and managed successfully by a business that’s done it for over 30 years.
  3. Follow Through – With experience gained through time, we continue to see clients with a lack of talent and expertise in these fields. To fully integrate technology, it requires businesses to either hire someone full-time or outsource to an MSP. As your business continues to propel further towards a more connected network, how does a business keep all of this secure, and up-to-date?

Security Awareness Training Takes Business Protection to New-Heights

Security awareness training is seen by many as something “nice to have,” while several SF Bay Area business owners have begun implementing our on-site training in a necessity to any business looking to protect their network and backups from encryption.

Your decision to adopt user-based education has been passed over year-after-year due to budget constraints or a lack of in-house experts to demystifying technology. Small to medium-sized businesses have suffered from these types of constraints for years when compared to larger, resource-heavy organizations.

Though it’s clear end-user education doesn’t have to be a need for many business owners, as recently as August 2017, a Better Business Bureau study uncovered almost half of SMBs with 50 employees and under, regard security awareness training among their top 3 most proactive IT expenditures, alongside, firewalls and endpoint protection.

This increase comes as no surprise, as the cybersecurity landscape has become more dynamic than ever. The average small to medium-sized business faces annual losses of over $80,000 when everything is said and done. Your staff is the front line to your business, and even the most advanced security stacks, have limitations. If you’re not educating end-users by now, you’re putting your organization into harm’s way.

Here are a few tips and trips for SMBs looking to get started with end-user training, or security awareness training:

Gather Company Buy-In

As with any new programs, starting at the ground level will ensure success. Start with building a culture of security. Yes, it might require multi-factor authentication, or additional hoops to jump through. Begin generating the “buy-in” from the surrounding management teams, sending out an email explaining the value of security awareness, phishing details, and the latest in security trends, and reports for your information technology(IT) team.

Starts with Phishing

In the current technology landscape, security awareness should begin with the MOST COMMON attack vector, email phishing campaigns. With thousands of interactive tools and designs built to mislead and steal your credentials, there is no shortage of examples, and videos showing the intricate workings. Begin with the basics, and go through the varying amounts of phishing threats. Your staff should be able to identify and mitigate any phishing attempts after your training concludes.

Share results with End Users

Use this feedback to inspire smarter habits among staff, identifying key objectives for security awareness training to engage in at a later point. Who knows, maybe you will uncover security gaps left behind by a past managed IT, provider. Raise the level of cyber awareness throughout your organization, sharing the latest encounters internally with your staff. Chances are these criminals are working more than one of you at work and this can help employees understand the impact of poor online habits and motivate them to practice better behaviors.

Continuous Training: Set up your phishing and training program

Once your users are engaged and understand the value, the next step is setting up a training program for new employees. There is no one-size-fits-all program, but we recommend running at least one training courses per year. Depending on the needs of each organization, presentations can be tailored to highlight industry-specific security.

As the business scales, you will want to scale the frequency and adjust intervals throughout the year. Our Security Awareness Training includes real-world phishing scenarios that have been defanged from the wild.

When you start seeing the impact that proven security awareness training has on your employees, you’ll wonder how your business ever managed without it. Contact us to schedule your no-cost, no-obligation security awareness training for your organization.

 

Your Internal Teams Greatly Benefit from a Managed IT Service Provider

Having a Managed IT Service Provider (MSP) in your IT mix can free-up internal staff for more strategic projects, like that app you always wanted, or those file-sharing tools your employees need. Establishing a strategic partnership with your IT vendor is essential to the relationship’s success. After 30 years in the IT Service realm, these are the biggest misconceptions, surrounding your current MSP, and internal teams.

“Bargain-Shop” Managed IT Service Provider

Organizations are continuing to turn towards MSPs to handle certain IT functions, as an extension of their internal teams. Although it appears most businesses see the value of augmenting a Managed Service Provider, many are looking for the “cheapest” option available.

This highlights the very reason an organization turns to a Managed IT Service Provider in the first place – for change. Cost-savings were always seen as benefits to Managed IT Services, but many have shifted their mindset, from finding the lowest price to hunting for the greatest value.

Look for MSPs that have experience in your industry, and speak less about technology. Across the board, you want a partner that can explain business outcomes, and how services can help shorten the roadmap to your goals, not pushing product.  Managed Service Providers share business perspective, not technology pushed by vendors. The only way to avoid “deadbeat-IT” is by leveraging outside partners that carry proven track records with established clients.

Top Managed Service Providers Extend Proficiency and Reach

Your MSP usage doesn’t have to be confined to break-fix services related to hardware and its availability. Many CIOs are looking for MSPs that can deliver advanced services, like virtualization, converged-infrastructure or Security-as-a-Service.

With an increase in demand for services around network analytics, business intelligence, and application monitoring, your service provider should have an evolving offering. One that meets the demands of a dynamic technology landscape. It should be noted, a shift with some MSPs has begun, as we’ve seen several refuse the extension to support legacy infrastructure and outdated software.

Partners, NOT Replacements

While more and more companies are relying on outside help for IT needs, MSPs should complement your internal team, rather than replace it. Instead, this frees up existing assets to focus on core business functions, to better utilize company resources. Many of our clients have claimed it brought IT departments, “out-of-the-shadows” and allowed them to focus on core initiatives, a win-win for your IT staff.

Your MSP should provide you with strategy, documentation, repeatable process, access to their ticketing portal and friendly staff welcoming your calls. Company technology doesn’t have to keep you up at night.

Contact Us – to discover how Managed IT Services with Clare Computer Solutions can begin to benefit your business overnight.

Your Advantages When Outsourcing IT Through an MSP

More security threats emerge every year, leaving many businesses to begin the search for outsourcing their IT tasks to a Managed Service Provider (MSP). An MSP allows businesses to focus on core-objectives, instead of resolving IT issues. Without the necessary experience, trying to fix IT problems on your own can lead to higher costs, when compared to letting a professional service provider take care of issues as they arise.

When trusting your private-business data to a third party, you want to work with a company focused on maintaining the lowest level of risk. In addition, when deciding on an MSP, do thorough research and make sure all your requirements are met.

Here Are 5 MSP Benefits Your Business Can Reap When Building a Partnership

#1. Reducing Cost

Reducing cost is a major benefit for most businesses using an MSP. Working with a wide variety of clients, expired IT Companies know what services can help bring your costs to a minimum. As an MSP, we make costs more convenient, charging monthly – making it no surprises for our clients. Keeping your needs covered, so your free to concentrate on your business.

#2. Infrastructure Updates & Procurement

As you know, setting up IT infrastructure isn’t only about purchasing the hardware, installing software, and configuring it to your network. Regular updating and upgrading are critical to the security of your business. MSPs help business owners keep IT infrastructure, up-to-date and able to take-on such business tasks.

#3. Scalability

As you grow and expand, the ability to scale IT environments are needed for a company’s survival. Scaling is one more task companies can outsource, and another benefit your MSP can provide. MSPs help leverage current infrastructure investments, paring with innovative thinking to provide users a robust solution.

Many business owners fear falling behind the technology curve because the costs to recover can become far too great. MSPs can assist in implementing only business-critical changes to IT environments as business needs change. As a technology partner, your MSP should assist in achieving a better ROI.

#4. Use your staff more effectively

An MSP helps your internal IT team by freeing them from the day-to-day operations of your network. If you’re without an internal team, you’ve probably the been forced to rely on a “technically-gifted” staff member to handle user inquiries or on-site issues. With outside assistance from an IT expert, your team can do what it was hired to do, increase their productivity, and move the company ahead

#5. Security

Regardless of your employee count, IT security will protect your most critical business data. Outsourcing your security to an MSP that is aware of the latest trends, will bring the appropriate essential for network defense. An MSP provides peace-of-mind in term of security, for your cloud, and on-premises infrastructure.

 

Portfolio Items