by John Mamon | Aug 11, 2021 | IT Service Blog
The Growing Cyber Security Threat
How serious of a problem is cybercrime? A study by Cybersecurity Ventures predicts these crimes will cost the world $6 trillion a year by 2021. This is a big number, but it’s no surprise to anyone who has followed the exploits of hackers and online scammers.
Cybercrimes have become big news, with large data and security breaches at companies generating headlines, and cyberthreats from foreign locales such as China and Russia threatening U.S. businesses and elections.
The increasing amount of large-scale, well-publicized breaches suggests that not only are the number of security breaches going up — they’re increasing in severity, as well. Data breaches expose sensitive information that often leave exposed users at risk for identity theft, ruin companies’ reputations and almost always leave the company liable for compliance violations.
Security breaches have increased by 11% since 2018, and the average lifecycle of a breach in 2019 was 314 days (from the breach to containment). That’s a lot of time for data to be stolen, corrupted, or held for ransom.
Even enterprise companies and multinational corporations are discovering that their current IT security is not sufficient to fend off an ever-evolving list of cyber threats. This is perhaps most evident in the recent high-profile data breaches that have made headlines. A network breach can result in catastrophic losses of data and high costs for recovery and damage control. A breach can ruin a company’s reputation, making it harder for them to do business in the future. Security breaches at large companies are a matter of national security, as they have damaged our infrastructure and threatened our financial markets.
It’s tempting for small-to-medium sized businesses to assume that they won’t be a target of threats such as ransomware, malware, and phishing because of their size. The reality is that hackers target thousands of businesses simultaneously — size is not really a factor. If you have a connection to the internet, you’re a target.
Dependence upon cloud computing and an increasingly remote, mobile workforce means threats that compromise one system can compromise a larger network relatively easily. All it takes is a single security gap. To combat these threats, businesses are naturally turning to their own IT departments to shore up their networks, implement disaster recovery plans, and coach their fellow employees on data security.
Unfortunately, skill shortages and budget constraints have made security a significant challenge even at the largest, most well-funded companies.
To augment their own IT departments, manage costs, and gain access to additional IT resources, businesses of all sizes have relied on managed service providers (MSPs).
What is the difference between a Managed Service Provider and a Managed Security Service Provider?
It’s important to understand the difference between a managed service provider (MSP) and an MSSP. An MSP is a third-party organization that is contracted to perform ongoing IT services, essentially an outsourced IT department for businesses or organizations who do not want it all managed in-house.
A managed security service provider (MSSP) is similar to a managed service provider, but with more cybersecurity capabilities such as virus and spam blocking, next-generation firewalls, breach detection, and end user security training. An MSP can function as an MSSP as long as they offer that level of specialization and select services, which mPowered IT is.
Both MSPs and MSSPs are designed to help organizations tackle complex IT problems without taking on the burden alone. Each tends to operate on a strategic level, offering valuable solutions and insights throughout all stages of the business’ life cycle.
Why do Businesses turn to MSSPs?
Skilled IT Professionals are in Short Supply
There simply aren’t enough trained and experienced cybersecurity specialists to handle the needs of the modern threat landscape. Unfortunately, hackers and other bad actors can function alone or in small cells, but cybersecurity is typically a team effort that requires constant attention from skilled individuals.
IT Departments are Often Spread too Thin
When a business’ internal IT department becomes overwhelmed, they will often turn to MSPs or MSSPs to fill in gaps. This is generally a much faster way to find and deploy a knowledgeable team without spending months hiring and training new staff.
Even Small Businesses need to be Secure
Small businesses are being targeted more frequently as larger enterprises shore up their own security. Hackers usually look for the weakest points, and that is usually the small business who isn’t taking cybersecurity seriously, not the massive corporation with a huge IT budget.
Cyberthreats are Constantly Evolving
One of the most challenging aspects of IT is that it is constantly evolving — and that goes double for the cybersecurity landscape. IT professionals and cybersecurity specialists must maintain a constant state of continuing education to keep up with the changes in their industries. This isn’t the kind of thing that business owners or C-level executives have time to do on their own. By working with an MSSP, a business can be sure that their defenses are evolving to meet the changing needs of the times.
What Services does an MSSP Provide?
The typical MSSP works as an extension of your business through consulting, planning, and project-based action or ongoing management. Cybersecurity must work in layers, and that means every business needs a tailored suite of solutions working together to completely protect their network and data.
Here are some of the Essential Services Offered by MSSPs:
- Offsite Backups and Recovery Plans
- Employee Awareness Training
- Next-Generation Firewall Protection
- Encryption Services
- Password Regulations
- Security Assessments
- Email & Web Filtering
- 24/7 Network Monitoring
- Offsite Backups and Recovery Plans
- Antivirus Services
- Breach Prevention Services
- Automated Updates
- Dark Web Scanning
- Multi-Factor Authentication
End User Awareness Training
In most of the recent high-profile security breach cases, the cause was employee negligence — usually initiated by a phishing email or SMS text message. Humans are almost always the weakest link in a security chain, which means the weakness must be addressed through training in threat awareness and avoidance.
According to a study reported by Tech Republic, 54% of the 1,000 IT professionals surveyed said poor password policies and the careless actions of employees were the root causes of cybersecurity incidents at their companies. More than 50% of the companies surveyed had experienced a ransomware attack in the past year, and 79% of those affected said the ransomware entered their system through a social engineering attack (such as phishing).
What are the other common culprits? Poor password maintenance, a lack of two-factor authentication, or having no password regulations in place at all.
While it’s important to strengthen your network, the human factor must be addressed for your security effort to be successful. MSSPs can be contracted to create a culture of security at your company. They’ll coach your employees to recognize common security threats like phishing emails and malicious links. They can even help you establish a password policy so that passwords are updated regularly and stronger company-wide.
24-7 Network Monitoring
Most organizations can’t afford a staff of in-house IT professionals to manage their network around the clock. Network Operations Center (NOC) monitoring is an important service provided by MSPs, typically to monitor for network outages, server overloads, and other errors by scanning critical network functions. MSSPs provide 24/7 Security Operations Center (SOC) monitoring to identify security issues, manage firewalls, scan for vulnerabilities, and provide intrusion protection and prevention.
MSSPs can monitor networks continuously via their own SOC or through specialized third-party providers. In the event of an issue or security threat, engineers at the MSSP are notified and act quickly to resolve problems. This type of active monitoring is the surest way to ensure data security and minimize downtime.
Emergency Backup and Recovery
Data backup is common at most companies and often required when regulatory compliance is a factor.
Offsite data protection ensures your data is secure and ready to be recovered in the event a system crash or internal error. It also ensures your data is protected in the event of a catastrophic natural disaster. Secure, reliable backups can also serve as a means to access and recover data in the event of a ransomware attack.
Antivirus Services
To combat growing security threats, modern organizations need a layered approach to security. This includes enterprise level antivirus software as well as anti-malware, Next-Generation Firewall Protection, intrusion detection and prevention, and well-trained employees. An MSSP provides all of these security layers as part of a package to your organization.
Don’t make the mistake of relying on consumer-grade antivirus software in a business environment. While many commercial antivirus solutions are fine for personal use, they do not offer all of the solutions needed when protecting a business. You should be able to manage and monitor all your devices from a single platform. Your antivirus software should receive automated updates and provide advanced protection beyond what is needed for personal use.
Email & Web Filtering
Email filtering helps to identify spam and phishing emails and delete or quarantine them before they can do harm. Most modern email platforms, such as Gmail or Office 365, have a built-in spam filter, but hackers have become very good at bypassing these filters. Since some spam will always make into your employees’ inboxes, scam or fraudulent emails will always be a threat to your business.
An MSSP can provide you with advanced layers of email filtering services along with training to help you identify harmful emails before they’re opened and clicked. The security tools provided by an MSSP can also help you filter out malicious websites when your employees are browsing online. To increase employee productivity, you can also use web filtering to block specific types of content such as online shopping sites, social media sites, and gaming sites.
Breach Prevention
A breach occurs when data is compromised and finds it way into the wrong hands. This can happen through network intrusion, through a malicious email link, or if someone downloads your data to physical storage and then uploads it to the dark web (like from a stolen device).
With so many ways for breaches to occur, cyber defense must move beyond the IT department and into your organization as a whole by fostering a culture of security. In addition to monitoring for attacks and unusual behavior, an MSSP can help you create this culture at your company through training, monitoring, and technical expertise. They’ll help you get control over who is accessing your data so you can stay proactive and prevent dangerous activity before it occurs.
Automated Updates
Updates to your applications, software, and operating systems aren’t just to improve functionality. Many updates are sent to protect the software or device against a new type of threat or to patch vulnerabilities that have been recently discovered. These updates don’t always download and apply themselves automatically. They must be authorized by a user, or by an administrator. Too often, important updates are neglected because internal IT staff are overstretched or unsure of what an update will do to the system. Neglected updates quite frequently leave your system vulnerable.
An MSSP ensures that you’ll never have to worry about missing updates and making yourself vulnerable to avoidable threats. Part of their job is to find outdated software and provide automated updates and patching services so you’ll never need to go through your systems and apply updates manually.
Password Standards
As we mentioned, humans are usually the weakest link in a security chain. One way that is true is that people are often careless with creating and maintaining their passwords. When employees are responsible for creating and maintaining their own passwords, you can expect vulnerabilities. Employees will often use the same password for all their accounts, use passwords for years at a time, or they may use a very weak password like “12345,” “password,” or their name and birthdate.
Passwords like these are easy for password cracking programs to decipher. If the same password is used for multiple logins, it could give hackers access to your entire system as well as any software you use. Part of the issue is that too much of the burden is placed on individual employees, many of whom simply want to log in and get to work without having to deal with complicated passwords.
Without any guidance, they’re likely to pick a password that’s easy to remember and stick with it. An MSSP can help your company develop a strong password policy and implement password standards for all your employees. Password regulations, or password policies, govern how your employees create, manage, and use passwords. You may also benefit from using a password manager to help your employees keep track of their passwords. This may be necessary if they use several accounts throughout the day.
Data Encryption Services
Data encryption is important for businesses that must meet regulatory requirements, but every business should include encryption as part of their security strategy. The most comprehensive approach is usually to encrypt any and all data that may be passing through or coming from your business via email, your website, or the internet in general.
Encryption is about protecting data during transit so that theft by interception is nearly impossible. There are many forms of encryption including website, email, network, and hardware encryption. Encryption is becoming the new standard for many businesses. Most major email plat- forms either encrypt emails automatically or make it easy to encrypt emails yourself. At the beginning of 2017, Wired magazine reported that at least half of the web is now encrypted.⁵
Nonetheless, managing the encryption of your data can be difficult and time-consuming. An MSSP can provide your company with Encryption as a Service (EaaS) so you can focus on other tasks with the knowledge that your data is secure. They can also provide additional network layer encryption and hardware encryption.
Security Assessments
Many organizations are bound by regulations and must have certain security measures in place in case they are audited, but any organization that handles important data should check their security status regularly. An MSSP can help you conduct such evaluations and asses your own security. It’s important to do this regularly, as time creates gaps in security that can make you vulnerable to new forms of attack. During a security assessment, an MSSP will look for common problems, including:
- Poor network architecture
- System configuration errors
- Data integrity and confidentiality
- Weak passwords and poor password regulation
- Missing system updates and patches
- Network vulnerabilities
An MSSP can provide an initial security assessment of your organization followed by periodic assessments to keep you secure.
Dark Web Scanning
The dark web is part of the internet that is hidden from conventional search engines like Google, and thus, doesn’t attract much legitimate traffic. It acts as a marketplace for stolen data and hosts many other illicit activities and illegal trades. When a system is breached, it’s common for cybercriminals and other bad actors to post data on the dark web for sale. An MSSP can provide you with dark web scanning to help identify any of your data for sale on the dark web, thus allowing you to minimize further damages.
Although the best protection is to protect your business from breaches in the first place, dark web scanning helps to mitigate damages. It also serves as a means to located stolen data that could have been originated before your current cybersecurity strategy was put into place.
Multi-Factor Authentication
Multifactor or Two-factor Authentication (2FA) has become almost essential, as it helps to offset the risks associated with weak passwords. While you should still focus on creating strong passwords and enforcing password policies at your company, you should also take into account the possibility that at least one of those passwords will eventually be compromised. Hackers can decode passwords using cracking programs, buy them from adjacent data breaches, or bypass them using phishing scams.
Once a password is revealed, it won’t matter how strong it is. If one email account is breached, it can be used to reset the passwords of other accounts or perform further spoof email attacks within the network.
In a two-factor authentication (2FA) system, an account holder must provide two separate pieces of information to access an account. This often takes the form of a primary password and a temporary, randomly generated PIN that is usually sent to the account holder’s smartphone via SMS or email.
This can also be accomplished through a specific device that generates a random PIN, token, or password which the account holder possesses. The second piece of information, or token, is secure because only the account holder has access to it. Additional layers of security can be put in place for extremely sensitive information. For example, you can add biometrics, such as a thumbprint, as a requirement for access. Such an approach offers three layers of protection: “something the user knows,” “something the user has,” and “something the user is.”
Who are we?
mPowered IT provides a full range of IT Support, including technical helpdesk, data backup and recovery, and strategic consulting to small and medium-sized businesses. We take cybersecurity very seriously and always go the extra mile in securing both ourselves and our clients from the latest cyber threats.
We work with many types of businesses throughout the area, and strive to eliminate IT issues before they become costly and frustrating. You can continue to drive your business forward while we make sure your technology is functional and secure. Our dedicated staff loves seeing our clients succeed.
Give those hours wasted on IT problems back to your staff and create a lasting impression on your clients through superior technology services and customer care. Give us a call at 678-389-6200 or visit our website to learn more.
SOURCES
by John Mamon | Aug 9, 2021 | IT Service Blog
Learn to Spot Phishing Email | Good Email Hygiene
Avoid the spread of ransomware by learning to avoid malicious emails. Most phishing attacks can be stopped with a little diligence and awareness. Don’t let one bad click bring down your company!
Can you spot…
…use of a trusted name?
…an almost legitimate sender address?
…a generic greeting?
…attempts to create urgency?
…a suspicious attachment?
…a malicious link?
…generally unprofessional look and feel?
Train for phishing awareness
WATCH FOR GENERIC CONTENT AND GREETINGS
Greetings like “Dear valued customer” or “Important client” are a bad sign. If you or your company isn’t identified by name at the beginning of the email, be suspicious.
NOTICE MISSPELLINGS, INCORRECT GRAMMAR, & ODD PHRASING
Phishing emails from other countries (which is the majority of them) often contain poor grammar and misspelled words.
URGENCY IS THEIR MOST POWERFUL TOOL
Scammers have known this for ages: if you make someone panic or hurry, it’s much easier to make them slip up.
MANUALLY CHECK ALL LINKS
Mouse over every link to check the URL you’ll be sent to. If you don’t know for sure that it’s safe, don’t take the chance.
EXAMINE THE SENDER’S EMAIL ADDRESS
Scammers use email addresses that look almost like legitimate email servers. Be wary of addresses like “@microsoft.custsupport.com” or “@ups-service.com”
ONLY INPUT DATA ON SECURE WEBSITES
Any webpage where you enter personal information should have a url beginning with https://.
For ways to protect your small business, call mPowered IT at 678-389-6200 or visit mpoweredit.com.
by John Mamon | Aug 4, 2021 | IT Service Blog
Cybersecurity is a complex subject, which makes many businesses hesitate to fully address it. Don’t be one of them.
Cybersecurity Statistics
The first step to understanding the importance of cybersecurity is to realize the number and type of current threats, the potential damages they can cause to your business, and the common mistakes that increase cyber risk.
1. It’s predicted that, by 2021, cybercrime will cost the world $6 trillion annually.
2. On average, a cyberattack is carried out every 39 seconds.
3. 1 in 323 emails sent to small businesses involve malicious links or a phishing attempt.
4. 95% of cybersecurity breaches can be traced back to human error.
5. The average cost of a data breach in 2021 will exceed $150 million.
6. 60% of small businesses that fall victim to a cyberattack go out of business within six months.
7. 56% of Americans are unsure how to respond in the event of a data breach.
8. On average, SMBs experience 8+ hours of downtime during a breach.
9. 62% of SMBs lack the in-house skills to handle cybersecurity.
10. 21% of business data folders are not encrypted or access controlled in any way.
Ransomware Threats
Ransomware is still one of the most common threats to businesses in 2021. Typically spread through seemingly-harmless emails, ransomware can easily make its way into your network and lock access to your systems and data.
11. 63% of ransomware victims in 2019 were small businesses.
12. During 2019, in the US, ransomware infected 113 state and municipal governments and agencies, 764 healthcare providers, and 89 universities, colleges, and school districts.
DATA Backup and Disaster Recovery
Every business should have a data backup solution in place, regardless of size or industry. With technology playing such a huge role, the prospect of losing files or being denied access to your own systems is costly — and could be devastating.
13. Only 21% of SME companies have a full disaster recovery plan.
14. The average cost of downtime to a business is $5,600 per minute.
15. The most common causes of data loss are hardware/system failure (31%), human error (29%), and viruses, malware, or ransomware (29%).
16. A simple drive recovery can cost upwards of $7,500, and success is not guaranteed.
17. 58% of SMBs say they test their disaster recovery plan just once a year or less, while 33% say they test infrequently or never at all.
For ways to protect your small business, call mPowered IT at 678-389-6200 or visit mpoweredit.com.
by John Mamon | Jul 29, 2021 | IT Service Blog
Your organization needs IT support from professionals with experience in the legal sector. How can your law firm can benefit from Managed IT Services? Are technology-related struggles becoming part of the daily challenges of running your law firm? They don’t have to be.
Why Should technology Be A Priority For Your Law Firm?
The previous decade has proven that managed IT services provide the best model for addressing the IT needs of law firms like yours. Rather than taking a break/fix approach to IT, managed services set you up with a comprehensive stack of proactive solutions, productivity tools, and risk mitigation strategies.
What challenges will arise without fully-managed it?
- Frequent support calls
When your IT support charges by the hour, it doesn’t benefit them if your tech is working the way it should. With no motivation to minimize service call volume, you could find yourself repeatedly calling them to help with a problem that never quite gets resolved.
- Rapid Escalation
A minor computer problem can quickly turn into a disaster if left unchecked. Take ransomware attacks as an example; What starts out with just one malicious email can spread throughout your entire network, locking down your data, and bringing your operations to a halt.
- High Cost Of Downtime
A non-managed IT service will only start working after something has broken — and the clock on downtime has begun.
This is why so many law firms are opting for managed support, which can be best delivered by an IT company with experience in the legal sector. Providers like us are familiar with the needs of law firms, as well as the relevant compliance standards and increased security needs that are involved.
How Will Your firm Benefit From Managed IT Services?
Much of what a law firm does is reliant on technology, whether it be maintaining records, scheduling court dates, or communicating by email. The state of your technology directly impacts your firm’s success. Fully managed IT services are generally considered the best option for keeping your technology working, your staff productive, and your data secure.
In practice, instead of waiting for something to go wrong and stepping in to correct it, an IT company that provides IT services takes on all the responsibilities of a traditional in-house IT department. This means working to prevent issues from happening in the first place.
- Protect Your Firm
Security is one of the most important aspects of modern technology. As the role of tech evolves and the depth of data expands, the number of ways your IT network can be compromised increases. Protective measures must be put in place, and your security constantly monitored.
Working with a managed IT services company, you’ll have access to cybersecurity technologies and best practices that were once only available to large enterprises. Whereas affording enterprise anti-virus solutions, advanced email security software, and end-user awareness training would be cost-prohibitive on an independent basis, doing so with a managed IT services company is extremely cost-effective.
- Vendor MANAGEMENT
Your IT system is a complex — and often expensive — investment. From budgeting to installation to ongoing maintenance, operating the hardware and software necessary to support a business is a daunting task. It also involves choosing and managing large numbers of hardware and software vendors.
The research for external service alone is enough to frustrate anyone that would rather just have their IT infrastructure meet their business needs without all the hassle. You also need to communicate with vendors in other areas of your firm (copiers, alarm systems, phones, etc.) to address all of your needs.
As their technologies integrate into your IT environment, you need to make sure they’re being managed properly. Your IT support should make use of every industry connection they have in communicating with third-party vendors on your behalf. Whether they are software developers, Internet service providers, copier or telephone companies, your IT company should work on your behalf to get the best solutions, products, and services for your business.
- improved Efficiency and productivity
Downtime is extremely harmful for businesses of all types. Small businesses with up to 50 million in annual revenue reported last year that just a single hour of downtime cost them $8,600. The main cost of downtime is not remediation, it’s the loss in your firm’s productivity. If an IT-related or natural disaster occurs and takes critical systems offline, employees will be unable to complete their tasks, yet your normal business expenses will carry on.
During downtime, you will incur all the expenses of running a firm without the revenue you would usually generate. Even if downtime does not bring your entire operation to a halt, some of your staff will have to divert themselves from their normal work to mitigate the problem resulting in wasted hours. While your systems are down, it’s almost certain you can’t deliver services, conduct research, or communicate effectively with clients.
The fact is that downtime is often the result of poorly supported IT. The best way to approach downtime prevention is proactively – you need to keep an eye out for minor issues that could spiral into total stoppages. You should implement and test backup solutions to minimize losses from outages. You need to enhance your cybersecurity to protect against cybercrime.
Clearly, that’s a lot of IT to handle on your own, especially when you have other work to focus on. This is exactly why Managed IT Services companies have become so popular in the legal space. They’ll provide 24/7 active monitoring of your systems, enact business continuity best practices, backup solutions, and cybersecurity services that will keep costly downtime at a minimum. Managed IT providers are simply the easiest, fastest way to turn your technology into an asset instead of a hassle.
For more information, call mPowered IT at 678-389-6200 or visit mpoweredit.com.
