Applying Our Award-Winning MSP Process to Your Security Framework

Every week, I’m sure your inbox becomes bombarded by the daily news alerts regarding the dangers of hacking attack, phishing attempts, and data breaches. The rapidly-evolving landscape poses major challenges for companies today, by establishing or updating your security framework.

Information and technology managers are especially concerned about gaps created in security system controls, and processes. These will begin your ongoing shortages of resources and expertise needed to protect information or stick to compliance. Your industry and business will begin to dictate your approach to advancing your security posture. Given the scope of this problem, your security team is uncertain where to begin and how to proceed.

Begin taking a phased approach to your cybersecurity systems. Plug the most important security gaps first, following the later when timing and process are flushed-out. Typically, security gaps are created when assumptions are made surrounding your IT network, as these new threat vectors emerge as soon as updates are rolled out.

Security Is More of a Journey

Typically, companies push security initiatives through, with no real destination in sight, so it wouldn’t be likely, every gap can’t be solved at once. For this reason, it’s best to begin revisiting your security framework, and any pressing risks or vulnerabilities. This better aligns our comprehensive security platforms better, over time. Begin focusing efforts around securing the most important aspect of your business, for some companies that are patient safety, for others, it’s privacy or monetary funds. By creating what is important, IT companies like ourselves can assist better in the threats haunting your business. It Starts with a reference point, and if you don’t have any security framework, or are unsure, it can usually be found by asking your IT manager, or the resident computer guy.

Getting cybersecurity right requires extensive experience, with a multitude of business models. Hackers are always looking for ways to generate some form of social engineering, to take advantage of our emotions. I get robot-dialers calling my cell phone all the time, with fake stories about a prince, needing my help. By following this framework, business leaders can evaluate the current and future state of business cybersecurity.

There will always be social engineering, hackers and sneaky back-door entries to software. As a result, no matter the stance on cybersecurity, it’s essential to your business to begin training the members in your organization and contribute to stopping the spread of these threats. As people will always be the weakest link when scrutinizing your cybersecurity.

Sharing the knowledge, we’ve gleaned from over 30 years in IT support and consulting services the best way to defend against the constant threat of cyber attacks for our managed service clients, is with a phased approach, built from alignment and cohesion of your strategic plan, and our knowledge.

To further understand what your security framework could be, or to have any questions answered, contact us today to get started.

Ready to Ditch the Protocol? Reasons to End Remote Desktop Protocol

Remote Desktop Protocol (RDP)has been known to IT professionals for years, added into our arsenal since the original release with Windows NT 4.0. This provided the technical people the ability to treat any system or task as though it were local. Before we go further, it’s worth noting most Ransomware attacks occur through the open-ports in your network. These ports are what leadership sometimes use to remote into a work machine. You’re internal IT uses this to assist in taking control of your work PC to troubleshoot a problem.

Quickly, the productivity tool was adopted, widely seen by many as an initial attack vector. From a security standpoint, any software or program that takes remote control of your PC is worth of severe scrutiny. In the wrong hands, RDPs can assist cybercriminals in deactivating device’s in the organization’s network, concerning endpoint protection, and deliver nasty payloads of malware.

Using a publicly accessible Remote Desktop Protocol session to reach systems creates major concerns surrounding your network vulnerability. Public sessions are targets, with cybercriminals discovering new ways of conducting port and IP sweeps. According to Tyler Moffit, Webroot’s Senior Threat Analyst and partner “It’s a matter of when not if.

Recent reports suggest the state of banking security as half of all banks in the SF Bay Area have left remote access and control interfaces like Remote Desktop Protocol, openly accessible from the internet. Shocking finding for many in an industry built on securing customer information.

Turning Remote Desktop Protocol into an Attack Vector

Although most cyber attacks are from the results of lateral movement through your IT network, malicious payloads will spread between each system, fully compromising and stealing each PCs data. By adding pubic accessible Remote Desktop Protocol, you compromise those with weak credentials, using password breakers to easily accomplish these lateral movements, from user to user.

With four high-level options for securing your environment, and managing them with more security:

  1. Consider eliminating the Remote Desktop Protocol access by changing the default TCP ports and leveraging a virtualized network, or VLANs to critical systems. A more secure option would be to block all RDP connections through none whitelisted IPs. Additional solutions are available when it comes to logon monitoring and activity summaries with heightened visibility utilizing multi-factor authentication.
  2. Secure all systems and endpoints first, with solution designs to monitor and remedy any network anomalies. Similar to that of an RDP session from other workstations and notify your technical team or leadership.
  3. Utilize paid encryption Solutions for remoting into work systems. Some of the most popular remote solutions are TeamViewer, LogMeIn, and Screen connect all companies through encrypted connections to release communications as need.

Ready to Ditch the Remote Desktop Protocol?

With security threats and attack vectors mounting, remote desktop options are out there, and your Managed Service Provider or IT Consultant should be attending to the major attack vector. Companies must begin to recognize the security dangers across their network, and how to best leverage their current technology investments. Paired with our award-winning suite of solutions, better secure the access to RDP, the data, or black all remote sessions until further notice, per security posture.

To learn more about what Managed IT Support can do in terms of your networks RDP, contact us today to get started in discovering network vulnerabilities, the criminals will leverage.

Uncovering the Gaps: 7 Proactive Cyber Security Best Practices for Bay Area Businesses

For businesses, the traditional approach towards cyber security is focused on defending against threats, and prevention. As criminals become bolder, and tactics grow in sophistication, defense and prevention aren’t enough. Over 80% of businesses are looking for third-party help with cybers ecurity. By following these practices, you can securely position your company from a secure-data standpoint.

Focus on Risk – Instead of achieving a 100% fully-secured business, shift the conversation towards how much risk to a business, and it’s data, each employee’s faces. Come to terms with the idea “100% Secured” is unattainable. Cybercriminals can and will always find new ways to attack. By implementing cybersecurity metrics that track logs and security patching. By uncovering how many applications lack the latest security patching, your team can uncover any security vulnerabilities that have not been addressed.

Prioritize the Data – Each business has that information, that remains at risk. For many of your businesses, it would be employee health records, customer information, bank routing numbers. This sensitive data should get the highest level of security. This ensures a harder time for hackers to access info, and work to educate employees on protecting these valuable assets.

Cyber Clean-up – It’s always good practice to stay vigilant about security maintenance, to prevent commonly overlooked threats, such as ransomware, and phishing attacks. These “housekeeping” tasks are typically strengthening endpoint security, administrative rights for hardware access, and folder structure, schedule and automate patching roll-ups, data backups, and overall response planning in preparation of an event.

Security Stand Out – While it’s obvious for most business to leverage security as a differentiator, it might be less clear for employees, who interact with multiple businesses each day. From financial firms to outsourced HR, or even healthcare, all of them require strong security, to protect employee data or their clients.

Regulatory Churn – New regulations, such as Europe’s recently released, General Data Protection Regulation (GDPR) often cause concerns for businesses based in the United States, but selling in Europe. Businesses are told to comply but lack the tools and know-how to bring systems, and processes to standards. Compliance managers were force-fed regulations, in hopes to determine how best to position the tools and services needed. As a trusted IT service partner, we assist companies in the discovery, and remediation of non-compliant networks to meet business needs, and compliance standard, making for great security.

Boosting Security Expertise – With a threat landscape, similar to that of the wild west, cyber security must change with it. Shrouded in secrecy, the threat landscape has never been more open to knowledge sharing. If your company doesn’t have the time to research the specific threats linked to your business, maybe it’s time to meet with us.

Build a Culture – Due to the constant threat of cyber attacks, security awareness training should employ best-of industry security habits, such as password changes, encrypting mobile devices, and avoiding public Wi-Fi, when accessing sensitive data. It’s ok to work while on-the-go but use a VPN, or a remote desktop receiver with 2-factor authentication.

Something most businesses lack and your competition forgot about. Win more business and increase your bottom line, by keeping network uptime maxed, and efficiency within your processes intact.

Realize the Power of Technology with the help of a trusted IT service provider. Contact us to begin an uncovering the gaps in your cyber security today.

Security Awareness Training Takes Business Protection to New-Heights

Security awareness training is seen by many as something “nice to have,” while several SF Bay Area business owners have begun implementing our on-site training in a necessity to any business looking to protect their network and backups from encryption.

Your decision to adopt user-based education has been passed over year-after-year due to budget constraints or a lack of in-house experts to demystifying technology. Small to medium-sized businesses have suffered from these types of constraints for years when compared to larger, resource-heavy organizations.

Though it’s clear end-user education doesn’t have to be a need for many business owners, as recently as August 2017, a Better Business Bureau study uncovered almost half of SMBs with 50 employees and under, regard security awareness training among their top 3 most proactive IT expenditures, alongside, firewalls and endpoint protection.

This increase comes as no surprise, as the cybersecurity landscape has become more dynamic than ever. The average small to medium-sized business faces annual losses of over $80,000 when everything is said and done. Your staff is the front line to your business, and even the most advanced security stacks, have limitations. If you’re not educating end-users by now, you’re putting your organization into harm’s way.

Here are a few tips and trips for SMBs looking to get started with end-user training, or security awareness training:

Gather Company Buy-In

As with any new programs, starting at the ground level will ensure success. Start with building a culture of security. Yes, it might require multi-factor authentication, or additional hoops to jump through. Begin generating the “buy-in” from the surrounding management teams, sending out an email explaining the value of security awareness, phishing details, and the latest in security trends, and reports for your information technology(IT) team.

Starts with Phishing

In the current technology landscape, security awareness should begin with the MOST COMMON attack vector, email phishing campaigns. With thousands of interactive tools and designs built to mislead and steal your credentials, there is no shortage of examples, and videos showing the intricate workings. Begin with the basics, and go through the varying amounts of phishing threats. Your staff should be able to identify and mitigate any phishing attempts after your training concludes.

Share results with End Users

Use this feedback to inspire smarter habits among staff, identifying key objectives for security awareness training to engage in at a later point. Who knows, maybe you will uncover security gaps left behind by a past managed IT, provider. Raise the level of cyber awareness throughout your organization, sharing the latest encounters internally with your staff. Chances are these criminals are working more than one of you at work and this can help employees understand the impact of poor online habits and motivate them to practice better behaviors.

Continuous Training: Set up your phishing and training program

Once your users are engaged and understand the value, the next step is setting up a training program for new employees. There is no one-size-fits-all program, but we recommend running at least one training courses per year. Depending on the needs of each organization, presentations can be tailored to highlight industry-specific security.

As the business scales, you will want to scale the frequency and adjust intervals throughout the year. Our Security Awareness Training includes real-world phishing scenarios that have been defanged from the wild.

When you start seeing the impact that proven security awareness training has on your employees, you’ll wonder how your business ever managed without it. Contact us to schedule your no-cost, no-obligation security awareness training for your organization.

 

Educating Partners on Risk Management & Disaster Recovery

According to the data, there were a total of 3 natural disasters in the state of California in 2018, resulting in $180.8 billion in insured losses. That’s up from the $23.8 billion last calculated in 2016. With a bad wildfire season just around the corner for the Bay Area, we’ve already seen an active Winter, with mudslides, and flooding through-out, followed by that sweltering California heat.

Despite their frequency, natural catastrophes aren’t the only disasters you and your customers have to worry about. The rest is attributed to instances such as data corruption, system failure, and human error. In fact, hardware failure is responsible for half the downtime that small to midsize businesses experience.

When Risk Management Meets Disaster Recovery

Unfortunately, ideal scenarios and real-world scenarios are two different things. While it sounds good in theory, trying to protect against every possible catastrophe is cost prohibitive and therefore impractical for most businesses. Helping develop a Risk Management and Disaster Recovery Plan for the most likely “disastrous events.”

Risk Management Plans assist in spending wisely, by budgeting for disaster scenarios that pose the biggest threat to the business. For instance, if a data center is located in Southern California, then earthquakes are a legitimate concern. On the other hand, if you’re in the Northeast–then snow storms are something you should plan for during the winter months.

Whether your risk management efforts uncover one type of event or another, there are certain disasters every organization should plan for. Educating employees on the importance of security, data backup, and consistent testing being cornerstones of any disaster recovery plan.

When onboarding our managed services clients, we remind them that solidifying a commitment to security can help prevent disasters, while a best-in-class backup and recovery plan is essential when disaster does strike. Periodically test procedures within your organization to make sure staff as prepared and data can be recovered–because just a plan itself, is all but useless.

In Closing

You never know when disaster will strike or in what form. What you can do is anticipate the biggest risks for customers and help them prepare for the worst. At the end of the day, disaster preparedness is the key to risk management.

Have a question regarding your organization’s disaster recovery plan, or any risk management surrounding your business?  Contact us – for a no cost, no obligation conversation, with one of our friendly staff members.

8 Modern Essentials for Endpoint Security Solutions in 2018

Managed Service Providers have always strived to deliver the most stringent options in endpoint security to their clients – but a solution that just detects threats ISN’T enough in today’s business ecosystem. To be truly effective, security platforms must also be designed for the modern requirements of the business. Accommodating the move towards a “digital transformation” includes cloud security solutions, and mobile device management(MDM), to deliver a swift, familiar response to these emerging technologies. This means avoiding overly complex implementations, or cumbersome management platforms and, in some cases can lead to errors that cause vulnerabilities instead of correcting them.

Here are 6 critical features to look for in your MSPs endpoint security solution:

1) Remote Access:

Many MSPs work on the go, logging into vital applications from multiple devices while on the go. Your endpoint security platform should provide the same kind of remote accessibility, to ensure administrators are able to detect and prevent threats from anywhere, at any time of day. Your solution should be cloud-based and delivers complete functionality from mobile devices to respond quickly to sudden threats. In most cases, cybercriminals don’t wait for business hours to strike.

2) Reliability in Protection:

When evaluating an MSP’s security platform review the industries perception of its performance in threat-detection and migration. Compare, and contrast, vendor performance and industry ratings for threat detection and mitigation and too many false-positives. Not only are they unlikely to provide adequate protection, but they create more work for internal teams. It should be noted, enterprise-grade solutions, offer granular controls and permissions.

3) Advanced Threat Protection:

Malware changes constantly, as one threat is being handled, several more will appear. Be certain your MSP or internal team can sustainably manage the amount of work that goes into endpoint protection. Look for software that offers advanced threat mitigation tools like Barracuda, Windows Defender, or Webroot SecureAnywhere offer enterprise-class device controls, machine learning, malware behavior analysis and largely, threat intelligence clouds. Mission critical features should also include, intelligent anti-phishing and anti-spam defenses, (DNS, URL, and Packet) as well as browser and application, exploit defenses.

4) Ease of Installation:

With a dynamic security landscape, endpoint protection can’t afford a large implementation process with steep learning curves, and assumptions being made. What business owners want, is a turn-key solution without hassle. Simplifying migrations from legacy server-based solutions to a more robust hosted solution. This provides teams the flexibility to set policies and rules, to complete tasks in the matter of a few clicks.

5) Comprehensive Reporting:

Your MSP needs as much information as possible, about the environments they plan to protect – along with the ability to quickly, and effectively share information with clients, in an effort, to promote more secure computing. That is why in today’s technology landscape, reporting has become so crucial to many businesses, and being able to condense all that information into report provides actionable insights for business owners. The more granular the report breakdown, the more useful it can become.

6) Automated Updates:

What business has time to worry about whether their security platforms are up to date, and actively protecting endpoints? They need a more-simple ware to stay protect without manual intervention. By providing a modern security solution, there’s never a concern with missed patching or unknown threats – and attention can remain focused where it’s needed most: protecting employees and companies.

Overwhelmed & Not Sure Where to Start?

You’re not alone, Clare Computer Solutions has provided the SF Bay Area with the “peace of mind” business leaders seek for over 30 years. If you plan to get a grip on your security policies for 2018 and 2019 to mitigate the threats of vulnerabilities, ransomware, and hacking, contact us to get started.

CCS_VulnerabilityAssessment_2018

10 Reasons Why SMBs Are Vulnerable to Security Attacks

They say recognizing a problem is the first step in solving it. But when it comes to cybersecurity, many SMBs don’t believe they have a real problem on their hands. Many simply believe that hackers will focus their attention exclusively on large and well-heeled organizations, and aren’t interested in smaller businesses. Unfortunately, this couldn’t be further from the truth, and it’s this mentality that leaves businesses highly susceptible to attacks.

1) Not If, but When
Many small businesses don’t invest sufficiently in IT security resources and protection. This may be due in part to the fact that they may not know they’re being targeted. According to the Ponemon Institute 2016 State of SMB Cybersecurity Report, hackers have breached 50% of the 28 million small businesses in the United States have no clue they’re being targeted.

2) Evolving Threat Landscape
Trying to keep pace with the changing nature of cyber threats is a full time. Many cannot afford the cost of internal IT security staff, which is why it’s imperative that their MSP keep them protected from zero-day threats.

3) Users Don’t Always Know Security Best-practices
In the last year, phishing was involved in 90% of breaches, which makes end users both the weakest link and the first line of defense. The best way to counter this threat is to train and educate end-users on the impact of their online behaviors. A well-trained user can help prevent threats like ransomware, drive-by downloads, keyloggers, and many more.

4) Lack of Effective Security Policies and Protocols
Companies should have documented policies in place to ensure all passwords are strong and regularly changed. Although these actions are “status-quo,” two-factor authentication is many. Access rights to network files, folders, and file shares need to be tightly controlled to avoid malware wreaking havoc on networks.

5) Exposure to Multiple Vector
All the ways that users’ can interact with the internet must be considered, from emails, attachments, links, to web browsing and network activity. Effective endpoint security starts with protecting each of these vectors from cyber attacks. Featuring multi-layered protection to defend you from threats that use different exploits to gain access to your network.

6) Complex Security Creates Admin Challenges
Consider not only the costs of buying cybersecurity software but also the operational expenses of the latest in security technology. Systems that use best-in-class solutions paired with minor automation can make security both more affordable and more effective. Using these solutions allows internal teams tasked with administration’s job easier.

7) Out-of-Date Systems
By following a rigorous patching regime, you can avoid many of the application vulnerabilities used to comprise networks. At times, patching can feel unimportant, but with the help of our staff, and a little automation, patching management has become smoother, and more cost-effective. WannaCry, 2018’s biggest cyber-scare could have been avoided completely by simply patching systems to best practices.

8) Murky Network Visibility
Having accurate information about your network technology, and what’s connected to it, is vital in protecting users from both internal and external threats. Network monitoring tools can identify network anomalies and counter threats before they do harm to your systems. Knowing can be half the battle, and being able to pinpoint affected systems and the potential path of destruction.

9) Poor Backup Practices
Faced with attacks like ransomware, SMBs must have an effective back-up and retention policy. 60% of companies that suffer from a cyber attack are out-of-business within 6 months due to the sheer amount of data loss. There are many on and off-premise cloud-based backup systems that will help avoid such fate. Unfortunately, for companies willing to pay the ransom these days, it will not guarantee you will get your data back.

10) Compliance
Regulations affect several of the largest industries, and securing endpoints are a routine compliance requirement for most. It has become vital to understanding your compliance obligations and ensuring sufficient security is in place, to protect your business.

Clare Computer Solutions has the tools and experience to handle any aspect of your IT security. With tools to assess and remediate vulnerabilities. Clare Computer Solutions handles multiple networks, so we can apply this broad experience to expertly advise on your company’s technology strategiesContact us today to begin the conversation on securing your business.

Your Security Policies Protect More Than a Multi-Generational Workforce

Every generation approaches technology differently. A 55-year-old, manager is going to think about data-security differently, then a 22-year-old just starting their career. Recent studies have shown that different generations have dynamic attitudes and behaviors regarding digital security, requiring businesses to move from a one-size, “fits-all mentality,” to a more tailored approach. Could this new-age workforce be your next vulnerability?

Viewing Security Policies Differently

Recent studies conducted by our partners, “Webroot Security” have shown, younger generations, think about online security less than their older counterparts. Younger generations can/will make the assumption, inherent levels of security, exist in the workforce. This is even more of a reason for layering security and to establish a plan via company-wide, security policies.

A 2016 Webroot survey found, despite a reputation for being less “tech-savvy,” 49% of baby boomers reported having anti-virus solutions installed on their devices; only 10% more than millennials. The survey found, that 49% of millennials were concerned about someone gaining access to their social media accounts, versus 33% concerned with someone gaining access to their email accounts.

82% of millennials re-use passwords for websites and applications, compared to 70% of baby boomers. It was also reported, that 86% of baby boomers hardly download free applications or software to work devices without consulting your company designated IT support.

Our partners, at Citrix, surveyed workers to find which generation posed the greatest risk to sensitive information in the workplace, and millennials received 55% of the vote. It should be noted – baby boomers as being the most susceptible to phishing and social engineering attacks. (33%)

Tailor Your IT Security Approach

  1. Identify and build contextual access controls so users have access to apps and data; nothing more.
  2. Automatically prevent employees from running unauthorized apps on corporate hardware or worse, networks.
  3. Extend protection to mobile platforms, but give users the freedom to access data securely on the go.
  4. Embrace virtualization and containerization for critical apps and data.
  5. Gain visibility via analytics, so you can be proactive about security.
  6. Increase Cyber-Awareness Training for users.

These steps won’t solve every security problem, but they will go a long way in helping to better secure your workforce; regardless of age.  With the cyber-landscape evolving faster than ever, applying education, training, and remediation with the assistance of your staff has become paramount. Like many, knowing where to start is half the battle, and if you need a kickstart – Contact Us – to schedule your free Cyber-Awareness Training today.

 

Three Most Common Network Security Failure Points for Businesses

Network security continues to be at the forefront of Bay Area businesses. The threats posed to an Information Technology (IT) network are well known – there’s a new story daily of malware or hackers tampering with or destroying data. Most companies make an effort to prevent such attacks on their IT infrastructure, but many, if not most, don’t do enough.

Here are some common mistakes companies make when it comes to network security:

Failure to Plug All the Holes

Most companies with a network connection to the internet have some sort of firewall regardless of hardware, software, cloud or on-premises. But how carefully was that device chosen and how was it configured? Your choice of the firewall should be more than a call to your internet service provider. With so many choices, it can become difficult to wade through the separate vendors. There are thousands of logical ports through which a hacker could gain access to the network, are they all protected? These are the questions you will need to ask yourself as a tech-savvy individual.

The network edge is not the only attack vector. Malware can breach the network via email, a USB port or through an infected website. A firewall alone cannot prevent all threats from entering your network.

Failure to Build Security into the Corporate Culture

The old saying is, a chain is only as strong as its weakest link. Similarly, network security is only as strong as its weakest point. Systems and devices can help, but unwitting employees can expose the network to attack, and in many cases, accidentally launch the malware. Having a good Security Policy is important. Enforcing it, and making sure everyone from the boardroom to the mailroom follows it is even more important. Employees should be trained in how to recognize common email scams.

Keys to Network Security

IT network security is critical and requires an IT consultant with up-to-date experience in all the ways business networks can be attacked from outside sources. Malware, hackers and other cyber attackers present serious risks to your system. Network security demands a robust plan for prevention of attacks and what to do when attacks occur. Corporate culture can be part of the problem or part of the solution.

Failure to Assess and Update Security Measures

Technology changes occur at an accelerated rate. How can the firewall that was installed three years ago be effective against the latest methods and technologies used by cybercriminals? The technology within the company changes, as does the personnel. These create a lack of continuity which isn’t scalable in any fashion

Regular assessments of the network’s security, along with reviews of the corporate Security Policy, and continued education for the staff, is necessary to stay as far ahead of the “bad guys” as possible. They’re not standing still, so you can’t afford to, either.

It’s wise to have a third party conduct security assessments (some industries even require it), and an IT consultant can help you create a workable plan to bolster your network’s protection against attack and keep it up to date.

Data Backup and recovery ebooks for Bay Area business

How Simple IT Fixes, Could Save Your Business Millions

Opportunity makes the cybercriminal – and online travel giant Orbitz disclosed Monday, March 18th, that hackers gained access to one of its “older platforms.” Upon gaining access, the hackers now have such data as credit card numbers, street addresses, legal names, and more. While not to the scale of an Equifax or Yahoo! breach, many can rest-assured knowing the site DID NOT contain any social security information. Although offering free credit monitoring, through AllClear ID to more than 880,000 people, a total cost of $13,156,000. Orbitz is an example of how simple fixes could have prevented a $13-million-dollar mistake.

HOW COULD WE HAVE BEEN HACKED?

Phishing emails have become commonplace amongst criminals, many times, you see exploits being sold on the dark web to other hacker’s and cybercriminals, to hurt your brand’s reputation. Although indirect, your business can suffer from these effects, like that of Orbitz. Having to fix this fatal error, Orbitz has offered those affected, a years-worth of free credit monitoring. What makes this case unique, is preventative maintenance could have saved all parties involved, at minimal cost.

Three Tier Approach:

When preventing Ransomware, and doing general cybersecurity you should focus on three major components.

1. Education – You must train staff members on the trials and tribulations to these threats. As many have reported, since last-year these styles of attacks have grown 500% since 2017. As everything becomes more connected, it will become vital to train your staff on spotting phishing emails, like that used in the Orbitz hack.

2. Backups & Storage – Once inside, criminals gain access, to all saved payment data. Best practice tells us, that old data should ALWAYS be encrypted and archived for safe keeping. From a technical standpoint, you should always check with local regulations on how to handle your industries, online payment information. Although hackers and ransomware exploits can encrypt your backups, most attacks don’t bother looking through achieved data, as the process becomes far too time-consuming.

3. Email & Web Filtering – You must gain control over inbound messaging. The largest attack vectors for ALL breaches and ransomware is email phishing. Filtering provides you the ability to filter incoming messages from high-volume attack countries like Korea, Serbia, Vietnam. Don’t allow outside attachments from cybercriminals into your network. Email and web filtering will provide you the ability to better control inbound messaging.

Assuming you have a backup appliance, built a retention policy, and educating your employees, are the BARE MINIMUM you need for starting a company culture of security. Instead of purchasing 880,000 people a years’ worth of credit monitoring, focus on the preventative measures in your organization.

Don’t know where to start?

Our staff is well-versed in the threat landscape and would be happy to assist your organization in building a better stance on security, and ward-off cybercriminals looking to hurt your business. Clare Computer Solutions has been serving the SF Bay Area’s IT needs for over 30 years. Contact us today to get started.