Chat with us, powered by LiveChat
678-389-6200

Penetration Testing Methodology

Our industry leading penetration tests are standards-based. They are closely tied to the fundamentals found in the Open Source Security Testing Methodology Manual (OSSTMM), the Penetration Testing Execution Standard (PTES) and the Open Web Application Security Project (OWASP) Penetration Testing Guide.

The open method associated with OSSTMM builds on a foundation of truth, diminishing commercial gain and political agendas. PTES is an endeavor by a group of information security practitioners to develop a common language and scope for performing penetration testing. The core purpose of OWASP is to “be the thriving global community that drives visibility and evolution in the safety and security of the world’s software”. By combining the spirit of  these three methodologies, we create a formidable program of work to serve you. You can rely on our penetration testing services to be thorough and comprehensive. Real people, real skill, real experience. Not simply a scan and generic report.

Our goal is to identify areas of risk that impact the security of your information. We provide a remediation plan tailored specifically to your organization’s needs for security and compliance. We often learn from new clients’ past experiences that plans were recommended, but execution was never a part of the plan. Why plan if you’re not going to execute?

Components of Penetration Testing

Our penetration tests are specifically tailored to your organizations needs and requirements. Our penetration tests can be comprehensive and include social engineering exercises, web applications assessments, and a review of your key firewall rules base and configuration. our team of experienced enterprise consultants and cyber security analysts can quickly help you identify a penetration test plan that is right for your organization based on any compliance requirements you must adhere to as well as the sensitivity of the data your process, store and transmit.

  • Passive reconnaissance (Domain Squatting, Email and File Enumeration, etc.)
  • Vulnerability Assessment
  • Penetration Testing
  • Web Applications Assessment
  • Mobile Application Assessment
  • Social Engineering (Phishing, Baiting, Pretexting)
  • Physical Security Review
  • Firewall and Router Configuration Review
  • Wireless Security Assessment
  • Incident Response Threat Identification Training

Detailed & Actionable Penetration Test Reports 

Every penetration tests is accompanied by a formal report, which was designed to not only provide a high level overview of the engagement for upper management and C-Level staff, but also includes the detailed findings, along with key recommendations, that can assist those with remediation responsibilities. Our world-class penetration testing security engineers are battle-tested on the front lines every day. We deliver comprehensive security intelligence that lowers risk, prioritizes solutions, and minimized business disruptions. Whether testing for security vulnerabilities or exploiting them, our teams have the expertise, ingenuity, and integrity to uphold your trust and put your mind at ease.

DELIVERABLES

  • Formal Report (Our Flagship Report)
  • Snapshot Report (Report Supplement)
  • Vulnerabilities by Severity Report (Report Supplement)
  • Vulnerabilities by Host Report (Report Supplement)
  • Ports and Protocols Report (Report Supplement)
  • Custom reports available on a case by case need and special request

We will discuss your report to make sure you understand the findings and recommended actions.

Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200, schedule a 30 minute call or visit mPoweredIT.com.

Penetration Testing (Ethical Hacking)

We understand compliance – In many cases the penetration test is part of compliance with PCI, HIPAA, among other various compliance regulatory frameworks. In addition to probing general network and server vulnerabilities, we can assess specific IT targets, flags, such as firewalls, wireless networks, and web applications, or areas and assets containing sensitive data.

Employee Security Assessments

A major contributor to a security breach is human error. We will help you identify and validate your employees’ ability to follow documented policies, procedures and security best practices to reduce or eliminate inadvertent errors that could expose your data.

Compliance Expertise

If you are in an industry that requires compliance to exacting standards, such as healthcare, retail, finance, or government, you need the expertise to ensure your IT systems do not create a compliance issue with HIPAA, PCI-DSS, NIST, etc. Penalties for non-compliance can be extremely costly. We understand compliance and will ensure your organization’s IT system follows all necessary protocols.

Configuration Reviews

We will review your perimeter and internal firewalls & router configuration to identify any areas of risk, and will make recommendations if we find vulnerabilities.

Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200, schedule a 30 minute call or visit mPoweredIT.com.

Hack Your Own Network To Stay Ahead Of The Hackers.

We despise cybercriminals. They’re a menace to business. We’re very protective of small business in Atlanta and continuously up our game to stay ahead of them. We can do thorough penetration tests (ethical hacking) on your network to fix any vulnerabilities before you’re breached.

Our Penetration Testing Methodology

We use a penetration testing methodology that combines both traditional and new attack techniques to stay ahead of hackers.

INTELLIGENCE GATHERING

  • Information about your organization is gathered to map out the environment. In the case of an external penetration test, information such as domains, IP addresses and ranges, compromised email addresses, and employee information is discovered.

VULNERABILITY ANALYSIS

  • Once the targets have been identified, our certified consultant uses both automated and manual vulnerability analysis tools to identify security flaws.

POST-EXPLOITATION

  • Demonstration of impact is performed by attempting to escalate access into systems and/or sensitive data within the environment

THREAT MODELING

  • An assessment of the organization’s business is performed, which includes identifying the most critical business resources. From this analysis, the consultant identifies the best approach to formulation an attach against the exposed security flaws.

PERFORM EXPLOITATION

  • Depending on the security flaws exposed, exploitation is performed to attempt gaining unauthorized access to systems and/or sensitive data.

TIMELY REPORTING

  • Documentation is collected, reviewed, and presented to your organization in a clear, concise, and effective manner. In addition to supporting data, strategic and technical recommendations are provided to help your organization with successful remediation.

Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200, schedule a 30 minute call or visit mPoweredIT.com.

The 5 key features of keeping your business safe

Penetration Testing (ethical hacking) will tell you how easy it may be to break through your firewall and access your data.

Our penetration testing service allows your business to stay ahead of hackers with ongoing “hacking attempts” on your network. It’s much easier, more thorough, and less expensive than traditional security assessments.

Why use mPowered IT Penetration Testing services:

  1. You can perform penetration tests at any time you want, however often you want.
  2. Track penetration testing activities in real-time and use them for improvement of detection and monitoring controls.
  3. We send email and SMS notifications to establish up-to-date progress and activities.
  4. Turnaround time from start to finish is significantly faster while providing the same or more results than traditional penetration tests.
  5. Deliverable packages contain more comprehensive details to help you understand, mitigate, and attempt to reproduce threats identified found in your network.

mPowered IT provides your team with a dashboard to track the penetration test and its activities in real-time. As we identify more issues and learn more information about the network, our cybersecurity team updates the portal to reflect the latest information, activities, and security threats.

Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200, schedule a 30 minute call or visit mPoweredIT.com.

mPowered IT Executive Named to Alpharetta Chamber Board

mPoweredIT Logo

 

For immediate release:

mPowered IT Executive Named to Alpharetta Chamber Board

John Mamon, CEO of mPowered IT, has been named to the Board of Directors for the Alpharetta Chamber of Commerce. “As a local business owner myself, I am truly passionate about helping other businesses and organizations be successful. Giving back to the chamber and the community is a big part of who we are at mPowered IT”, said Mamon. “I am really excited to help the Alpharetta Chamber reach its fullest potential in providing support and service to the dynamic Alpharetta business community.”

In addition to his role on the Board, Mamon will also chair the new technology initiative the Chamber is launching. “I am so excited to welcome John to our Board of Directors this year. He brings tremendous executive-level business experience and industry knowledge which will be valuable as he helps lead the Chamber’s Technology Initiative in 2021”, said Deborah Lanham, CEO of the chamber. Mamon added, “It is our hope to bind together the vibrant technology community that exists in Alpharetta to create an ecosystem that benefits businesses in the entire area”.

John Mamon has over 25 years of I.T experience, ranging from engineering and sales to executive roles. Specialties include service design, increasing operational effectiveness, harnessing cloud and data center services and cyber security. He previously served as Chairman of Tech400 for three years.

###

If you would like more information about this topic please call John Mamon at 678-389-6200, or email jmamon@mpoweredit.com.

What is a Network Security Assessment/Penetration Test?

penetration test, often referred to as pen testing, is an evaluation of your organization’s network security. It identifies security weaknesses that expose your business to malicious attacks.

Unlike a traditional vulnerability assessment that only identifies security vulnerabilities within the tested environment, a penetration test usually takes it a step further by demonstrating potential impact. This gives you a better idea of the severity of the any vulnerabilities we find.

With a penetration test, you’ll know:

  • Security vulnerabilities present within the environment
  • Incident response procedures, including monitoring and alerting Potential impact of a security breach 
  • Effectiveness of implemented technical and compensating controls

We are passionate about keeping SMBs safe from cybercriminals. It’s our job to stay ahead of them and anticipate their next move. Wouldn’t you rather have someone who cares about your business test it’s “hackability” rather than find out from a real hacker?

Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200, schedule a 30 minute call or visit mPoweredIT.com.

4 Ways to Help Schools Secure Their Remote Learning Environments

The continuation of homeschooling and remote learning has been challenging for parents, educators, students, and school IT administrators. Even before remote learning became the norm, schools were major targets for cyberattacks. According to the K-12 Cybersecurity Resource Center, since 2016, there have been at least 775 publicly disclosed cyber incidents against educational institutions in the U.S. alone. Further, the number of incidents more than doubled between 2018 and 2019, increasing from 122 to 348.

Now that more students and teachers are using both their own and school-issued devices from remote locations, school IT administrators are being swamped with technical issues, which is diverting IT resources away from cybersecurity. Cybercriminals are taking full advantage of the chaos, prompting the U.S. Federal Bureau of Investigation to issue a formal warning regarding the cyberthreats posed by insufficiently secured remote education platforms.

Here are 4 ways password management and cybersecurity solutions help school IT administrators keep teachers and staff members, students, and parents secure.

1. Establish & enforce good password hygiene

Since Verizon estimates that about 80% of successful data breaches can be traced back to stolen or compromised passwords, ensuring that all staff members, parents, and students are practicing good password hygiene is crucial to securing online education platforms.

2. Enforce role-based access

Role-based access control (RBAC) and least-privilege are critical in all organizations, and arguably even more so in a remote education environment, where staff members, students, and parents all require different levels of access to different systems.

3. Prevent password overload & eliminate password-reset requests

Password overload is a serious issue. According to a survey by Digital Guardian, 70% of consumers have over 10 password-protected online accounts, and 30% have “too many to count.” In remote education environments, password overload problems are compounded in households that include multiple school-age children, on multiple grade levels and possibly attending multiple schools, all using their own systems.

4. Prevent phishing attacks

Cybercriminals are using the remote learning boom to take advantage of tech-challenged parents (and educators) and attempting to get them to enter their login credentials on phony lookalike sites with domain names that are just a tad different; for example, ABCE1ementary-dot-com instead of ABCElementary-dot-com.

Secure your school today

Reach out to mPowered IT today and discover how simple and affordable it is to protect your institution and its staff members, parents, and students against password-related cyber attacks.

Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200 or visit mPoweredIT.com.

Protecting Healthcare Facilities from Ransomware in a Post-Pandemic World

Over the weekend, Universal Health Services (UHS), which operates over 400 healthcare facilities, was struck by one of the largest ransomware attacks in the U.S history that left multiple facilities without access to computer and phone systems.

A data breach can bring a healthcare organization to its knees from a financial perspective. According to the University of North Dakota, the healthcare industry lost $25 billion to data breaches in 2019. However, since healthcare facilities are part of society’s critical infrastructure, financial ruin isn’t the only potential outcome of a cyberattack. In addition to threatening a facility’s finances, a ransomware attack can threaten patients’ lives by taking down critical patient records systems and smart medical equipment.

Ransomware Attacks Accelerate Post COVID-19

Many healthcare organizations simply don’t know how to prevent ransomware attacks, but there are steps they can take to harden their cyber defenses, especially password security. Weak or stolen passwords are responsible for over 80% of data breaches, and most ransomware attacks happen after successful brute-force cyberattacks. In these attacks, cybercriminals take lists of weak or previously compromised passwords, then attempt to use them to access healthcare systems. Once inside, they can steal data, plant ransomware, or both.

Hardening password security is simple and inexpensive:

  • Require that employees use strong, unique passwords for all accounts.
  • Require that employees use multi-factor authentication (2FA) on all accounts that support it.
  • Require that employees use a password manager.
  • Subscribe to a Dark Web monitoring service. These services scan Dark Web forums and notify organizations in real-time if any of their employee passwords have been compromised, allowing IT administrators to force password resets right away.

Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200 or visit mPoweredIT.com.

Easy Tips for Businesses and Consumers on Data Privacy Day

Data Privacy Day, which takes place annually on January 28th, is a global effort to educate consumers and organizations about the importance of privacy, promote easy ways to protect personal information, and illustrate to organizations that good data privacy is good business.

Consumers are very concerned about how the companies they do business with are using their data, particularly since the pandemic forced everyone to shift a significant portion of their lives online. Over 80% of consumers told Pew Research that they feel the potential risks of companies collecting data about them outweigh the benefits.

Here are some quick tips for consumers to protect their data privacy online, and for organizations to be good stewards of the data they collect.

3 Quick Data Privacy Tips for Consumers

  1. Be cautious about handing over your personal information. Don’t give out personal information online unless you initiated the contact or otherwise know who you’re dealing with. Never click on email links soliciting personal information, and never download unknown email attachments. Go to the organization’s website and contact them directly.
  2. Be cautious about app permissions. Don’t just blindly click “accept” when installing apps; take a look at what the app is asking to access, and be wary of apps that ask for a lot of personal information.
  3. Secure your passwords. Securing your passwords is fundamental to securing your online privacy. Use strong, unique passwords for every online account and app, enable multi-factor authentication (2FA) on all accounts that support it, and use a password manager like Keeper. Keeper automatically generates unique, high-strength, random passwords for all your sites and apps and stores them in a personal, encrypted digital vault that you can access from any device, running any operating system.

3 Quick Data Privacy Tips for Businesses

    1. Know your data. Many organizations are storing an enormous amount of “dark data,” an ominous-sounding name for digital assets that they’re not using and that they may not even know exist. Perform an audit of your existing data stores so that you understand what you have, and dispose of any dark data that isn’t subject to compliance holds.
    2. Assess your data collection processes. Review your existing data collection practices and policies so that you have a thorough understanding of what personal information you’re collecting or processing. If you don’t need a piece of data for business or compliance purposes, don’t collect it. In addition to protecting consumer privacy, this protects your organization; cybercriminals can’t steal what you don’t have.
    3. Secure your employees’ passwords. Verizon estimates that over 80% of successful breaches are due to weak or compromised passwords, so the biggest thing you can do to secure your data is to secure your employees’ passwords. Mandate the use of strong, unique passwords, and 2FA.

Are you interested in learning more on how an MSP could help your organization stay safe? Give us a call at 678-389-6200 or visit mPoweredIT.com.

Protect Your Company Against “Notification” Phishing Schemes

Cloud-based office productivity solutions, including Microsoft 365 (formerly Office 365), enable remote workers to communicate, collaborate, and work from anywhere. Unfortunately, cybercriminals are using these productivity apps to breach organizational networks. One of the attacks currently making the rounds is a phishing scheme that leverages the automated notifications that Microsoft apps send to employees whenever they’re mentioned in a group chat or a document.

Microsoft Teams Phishing Scheme

SC Magazine reports on a phishing scheme targeted at users of Microsoft Teams, a group communication and chat tool. Employees receive an email with the subject header, “There’s new activity in Teams.” The body of the email notifies them that their co-workers are trying to reach them and contains three hyperlinks: “Microsoft Teams,” “[contact] sent a message in instant messenger,” and “Reply in Teams.”

The email is designed to look like legitimate communication from Microsoft, the type that remote employees receive all day long. If the employee clicks on any of the links, they’re taken to a phishing website that looks like the real Microsoft login page. Should the employee not realize that they’ve landed on a phishing page and enter their login credentials, those credentials, as well as any other information stored on their account, will immediately be compromised.

Protecting Your Company from Notification Phishing Scams

  • Advise your employees not to blindly click on notification emails, even if they seem to come from a legitimate vendor like Microsoft or Google. Yes, we get a lot of them, all day long, but it’s important to read them carefully. If the recipient doesn’t recognize the document they were tagged in, they should contact the person who allegedly sent it and verify that the notification is legitimate.
  • Require that employees use multi-factor authentication (2FA) on all accounts that support it. With 2FA enabled, even if an employee’s credentials are compromised, cybercriminals won’t be able to access their account without the second authentication factor.

Learn more about Cyber Security

Related Articles
Email Security Can Save Your Small Business Big Money
Are Your Company Credentials For Sale On The Dark Web?
13 Email Threats You Should Know About

Ready for Better Network Security? Call us now at 678-389-6200 or

Web Analytics