Nov 10, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Many companies, while they have defenses against cyberattack, still fight to keep ahead of cyberattacks. What if your company is one of these, and could find a better way to protect your technological assets–data, applications, your network itself–from attack? Read on to learn more about “defense-in-depth” and how your company can use it to build a robust defense in all parts of your network. Definition of Defense in Depth Simply defined, defense-in-depth is a cybersecurity approach in which independent layers of controls are employed to build redundancy. If one control fails, another will take over. If an intrusion occurs, the bad actor can go only so far and will be dealt with before they cause serious harm. All the way from your perimeter to the most sensitive data at the core of operations, controls will keep your data and applications safe from loss and compromise. A first layer is detection, which catches anomalies and reports them to cybersecurity personnel, stopping them from intruding further into your network. Evaluating Your Current Cybersecurity Posture How do you know what an anomaly looks like, and whether it is a cyberattack in the making? Before making the transition to a multi-layered cybersecurity structure, knowing your current cybersecurity posture is important. One thing to consider is what a possible attack might look like. Viewing intelligence from past activity logs, especially when an intrusion occurred, should show you what unusual activity looks like. A next step is identifying your mission-critical data and applications, not to mention your most sensitive data, to determine which assets need the greatest protection and should be...
Nov 2, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Any time of year, a disaster can happen, disrupting business operations and even threatening your company itself. Statistics show that some small to medium-size businesses close after a disaster; even some of those that reopen may be out of business in a year. Having a plan for disaster recovery can help your business defy the statistics. Read on to learn more about preserving your company’s data, reputation and bottom line by having a disaster recovery plan in place. Why You Need a Disaster Recovery Plan A Disaster Recovery (DR) plan outlines how to protect your data and other technological assets during and after a disaster. Since data is the lifeblood of your business, a DR plan can make a difference between staying in business and having to close. In the shorter term, it can save you money that you might lose from an unacceptable amount of downtime. Costs can escalate to $100,000 per hour from an infrastructure failure, and a critical application failure can cost up to $1 million. Aside from financial damage, a data breach resulting from a disaster can cost a business its reputation. Apart from cyber threats that affect any organization, your location may be subject to natural hazards like fires, floods or earthquakes. Even equipment failures resulting in unacceptable downtime can be costly. Disaster Recovery is Part of an Overall Business Continuity Plan While a Business Continuity (BC) is an overall plan for keeping your business going during and after a disaster, a Disaster Recovery plan deals with protecting your company’s data from loss and compromise. It’s a part of your...
Oct 12, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
As we know, October is Cybersecurity Awareness month. There is much to be aware of, including how to prepare for an attack, current threats, how well your data is protected, and who has access to it. Read on to learn how following rigorous compliance standards helps your cybersecurity efforts. Rigorous Standards Aid Cybersecurity Efforts Currently, new standards are being drawn up in the form of the Cybersecurity Maturity Model Certification, a Department of Defense program that applies to Defense Industrial Contractors and by extension to those businesses doing business with defense contractors. According to CISCO, the CMMC is designed as a unifying standard to ensure that contractors properly protect sensitive information. Three levels exist, with Level One containing seventeen practices to follow. Level 2 is more stringent, and Level Three is the highest. Domains within the model include Access Control, Identification and Authentication, Incident Response, Awareness and Training, among others. A few of these domains (like Identification and Authentication) could incorporate zero-trust, a paradigm gaining ground in the cybersecurity community. Considering Zero Trust as a Cybersecurity Model “Trust, but verify” as the saying goes. However, in cybersecurity efforts it should be “Verify, then trust.” Zero-trust is the practice of identifying each request for access to the network, and authenticating or verifying the request as a prerequisite for access to systems. The zero-trust paradigm still is a work in progress, because it’s a different way of thinking about cybersecurity, one that includes all of the organization and influences workforce and workflow decisions. The Cybersecurity Maturity Model Certification has the idea of zero-trust built in, and even...
Oct 7, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Readers are likely aware of some of the headline-grabbing cyber attacks in recent years–WannaCry, SolarWinds and Colonial Pipeline, just to name a few. But what about the attacks–and resulting loss of revenue and reputation–that don’t make the news? What is your organization’s cybersecurity posture, and how can it be improved? Read on to learn about cyber threats and how to protect your business. Threat Awareness and Intelligence Cyber attacks continue to occur, and to become more sophisticated. No longer coming just from lone hackers, attacks come through email and text (“phishing” and “smishing”, respectively). Supply chain attacks are also on the rise. The global cost of cyber incidents are about 6.1 trillion, far outstripping cybersecurity spending. Often, cyber threats are viewed as something “outside” the organization. The tendency is to treat symptoms and not possible root causes like a lack of threat intelligence. How well do you know what threats like malware and ransomware could do to your business if you’re attacked? According to the 2022 State of Cybersecurity report, businesses are aware of threats, but are not necessarily looking within the organization for vulnerabilities. Cybersecurity Awareness Throughout Your Organization More than simply a component of IT function, cybersecurity needs to become a business imperative, with deep awareness on the part of the C-suite and newest employees alike. For example, do your employees know how to recognize a phishing email designed to get them to give up confidential information? For managers, how does the adoption of new technology (along with the cybersecurity challenges it might represent) help with reaching business goals? Often, despite the...
Sep 12, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
Much as your business will practice its plan for getting out of the building in case of fire, it also needs to practice its response to a cyber attack. Your response ideally will be nearly automatic, and the way to make it so is to practice repeatedly. Read on to learn more about an incident response plan (IRP) and practicing the response to a cyber attack. The Importance of an Incident Response Plan An Incident Response Plan (IRP) shares a close connection to a Disaster Recovery Plan, in that it outlines a company’s response to a cyber attack that results in a data breach. An effective plan is a “combination of people, process and technology that is documented, tested and trained toward in the event of a security breach.” The primary goals of the IRP are to mitigate damage (to data, network, revenue and reputation) and to get your business back up and running as soon as possible. For this to happen, every worker needs to know their role and responsibilities, including the first thing to do if a data breach occurs. For example, a worker gets a suspicious email that might be a “phishing” attempt. Do they know who to report it to, and also not to click on suspicious links? Depending on the size of your company, you may have an in-house team, or the response may be distributed among more than one team, each in a different location. No matter which approach you use, your IRP will document how you plan to handle an emergency. Practicing Your Plan Documenting what your company...
Sep 7, 2022 | SMB Technology, SMB Technology, SMB Technology, SMB Technology, Technology News
There’s been a lot of hype about 5G, the next generation of cellular technology. It will build on 4G and LTE, offering faster mobile broadband speeds, extremely reliable low-latency connections, and enabling machine-to-machine connections like never before. As wonderful as this new technology is, it is a work in progress, and requires consideration before adopting. Read on to learn more about the promise and progress of 5G cellular technology. Business Benefits of 5G Technology While 5G will provide more streamlined and enjoyable experiences of non-business computing, the benefits to businesses of all sizes are even more exciting. The key questions about cellular coverage have always been about coverage, capacity and bandwidth. Is there a strong signal between the device and the cell tower? Can that tower handle traffic from multiple users at all times? Will data transfer be fast enough for requested services? The new generation of cellular technology aims to answer these questions. Data that might have been lost due to latency will be easily captured, allowing sharper decision-making in real time. The higher broadband speeds (1-2 gigabytes-per-second downloads) will accommodate more traffic and facilitate uninterrupted communication. Companies can convert from a local cable/DSL internet connection to one powered by 5G. The technology will promote automation, leading to smart cities, wearable healthcare telemetry, and real-time management. Progress Catching up to Hype While this technology has wonderful potential, much still needs to be done. Since 2019, though, 5G has caught on with cellular technology, with some carriers providing 5G to their customers. Instead of larger cells that were a hallmark of previous generations of technology,...
