Posts

3 ways to eliminate gaps in enterprise security

/in /by

 

Enterprises have a large number of active endpoints, and each one can represent a major threat if it’s not protected properly. Bigger organizations often have challenges enforcing security policies and monitoring activities across the workplace to identify and address unusual activity. However, as threats become more sophisticated, it’s essential for enterprises to eliminate gaps in their security in three big ways:

1. Establish better access control

Organizations should place a heavier focus on internal protections in addition to external security measures. While it’s true that a malicious party can significantly damage a business, employees could be some of the biggest threats to data loss and compromised files. A survey by Ponemon found that the leading cause of data loss or theft is insider negligence. In fact, 62 percent of end users have access to sensitive company data they shouldn’t see, and only 29 percent of respondents enforce a least privilege security model. To make matters worse, 38 percent of participants don’t monitor file or email activity, making it difficult to identify ransomware encryption and other unusual behavior.

Enterprises must establish a security model that keeps business data on a need-to-know basis. This will improve accountability and reduce the overall likelihood for errors or data loss. A low-level employee should not have the same authorizations as a manager, and this accessibility must be reflected in enterprise protection measures and policies.

Your own employee could be the biggest threat to business security.Your own employee could be the biggest threat to business security.

2. Communicate effectively between departments

Goals and resources can vary dramatically across different teams within an enterprise, and these disparities can lead to gaps in security. In fact, according to a survey by BMC and Forbes Insights, 33 percent of respondents noted that it’s difficult knowing what systems to patch first due to differing priorities between the security and IT operations teams. These groups only have a general or small understanding of each other’s requirements and that lack of knowledge can take a toll on the strength of the enterprise’s security posture, The VAR Guy stated. However, nearly half of survey respondents don’t have a plan in place to bring these teams closer together.

To close the protection gaps, enterprises must improve coordination between IT and security teams. This could include establishing procedural policies, leveraging collaboration tools and providing additional training. If teams can boost their understanding of each other, it will significantly enhance communication and decision-making processes. These advancements will be essential to patching systems and filling in security gaps quickly.

3. Utilize capable tools

“It’s essential for enterprises to augment and capitalize on their security capabilities by providing capable tools.”

The demand for IT professionals, especially those with security knowledge, is skyrocketing across industries. Unfortunately, the supply of available candidates cannot keep pace. It’s essential for enterprises to augment and capitalize on their security capabilities by providing capable tools. According to a survey by SkyHigh Networks, 80.4 percent of participants viewed incident response management as the most important IT skill to have within the next five years. However, IT members must have the right tools in order to facilitate this. Just over 40 percent have tools that send alerts without actionable information. Additionally, 27 percent have experienced incidents without receiving a security alert, and 31 percent ignore their alerts due to ongoing false positives. A lack of tools like this can leave significant holes within an enterprise’s security and can even lead to shadow IT.

Organizations must reevaluate what systems they have in place for security monitoring and if they provide valuable information. With the right tools, IT teams can view real-time security updates with actionable information to quickly fix issues. Providing this type of asset will improve protection measures and quickly root out any unusual behavior across the entire enterprise. Even with a small team, a tool can improve security over the network, monitor file activity and detect authorization failures.

Security is a critical priority for organizations, but any gaps can make it easy for vulnerabilities to impact an enterprise. With capable tools, effective communication between teams and better access governance, businesses can protect their systems and sensitive files from internal and external threats. As threats become more sophisticated on all fronts, enterprises should take the time to close their security holes and supply their teams with the means to maintain protection measures.

3 myths about Office 365 that just aren't true

/in , , /by

The rate of innovation involved with modern technology is increasing with every year. Companies are working hard to constantly give new features to their clients, a sentiment that is especially true of Microsoft’s Office 365. This cloud-based productivity platform has exploded on the enterprise IT scene and is completely changing how and where employees complete tasks.

Despite having been on the market for nearly five years now, those who haven’t had the chance to work with Office 365 yet still don’t know much about it. In fact, there is a portion of this population that have formulated myths based on unfounded rumors and hearsay. We wholeheartedly believe that Office 365 is an incredibly beneficial tool, and we would hate to see a company miss out on it due to unsubstantiated claims.

Therefore, we’ve put together a list of myths about Office 365 that just aren’t true, and what the reality behind the situation actually is.

Myth #1: It’s not secure

No matter which sector your company works in, one of your most important areas of concern has to be cybersecurity. This is because a data breach could seriously affect how clients view your organization. A study from Centrify found that two-thirds of consumers living in the U.S. will stop their business relationship with an institution following a major hacking event. Clearly, staying on top of your firm’s security is of the utmost importance.

This is especially true when you’re talking about a platform like Office 365. This service handles so many pieces of important information that it makes sense for people to be worried about it’s ability to mitigate the risks of a cyberattack. However, the idea that Office 365 is inherently less secure than other options is completely false.

This service has a good level of security. Office 365 is incredibly secure.

Microsoft has spent years refining and polishing the security features on Office 365, and it truly shows. This service has been built from the ground up with cybersecurity in mind, and businesses all over the world rely on Office 365 to keep their data safe. The company’s website even has a list of the most important features, which are:

  • Identity security: Ensuring that only the right employees have access to secure data is paramount. Therefore, Office 365 relies upon multi-factor authentication, which means you have to utilize multiple security credentials in order to log onto an account. This puts another obstacle between your company’s data and the hackers.
  • Data and app encryption: Encryption is by far the most important tool in the fight against cybercriminals. Office 365 utilizes this technology when information is moving between systems and when it’s stored on a particular device.
  • Responding to issues: Microsoft stated that Office follows the response tactics of the National Institute of Standards and Technology. This includes having a dedicated security team, detecting and analyzing threats, containing incidents and spearheading an investigation after everything’s said and done.

Clearly, there are too many security features baked in to Office 365 for it to be considered a vulnerable platform. Working with this tool means that your data has an added level of security that will help lower the chances of a data breach.

“One of the major selling points of Office 365 is that it clears up a lot of technical issues.”

Myth #2:  It’s going to steal your job

One of the major selling points of Office 365 is that it clears up a lot of technical issues that other platforms present to company IT teams. While it is obviously a clear advantage, some workers see this as a threat to their current position. They see all the work that they put toward just keeping their current system running, and they think if they don’t have to do this maintenance then they’ll be out of a job.

While this comes from a very real place of self worth, this is once again a very false myth. Although Office 365 will streamline certain processes and eliminate the need to constantly put out fires, it won’t completely take away the need for a robust IT department. As a matter of fact, the truth is quite the opposite.

Office 365 gives you the opportunity to explore internal goals like never before. Due to the fact that you won’t have to waste time simply fixing what should already work, you can move on to opportunities to expand your current IT infrastructure. A deployment of this platform isn’t the death of the IT team; it gives your department new life.

Myth #3: Moving from a different platform is next to impossible

This is less of a specific Office 365 myth and more of a misconception for most newer technologies. Companies very often get comfortable with their current solution, and they start to imagine that making the move to another platform would just be more trouble than it’s worth. Of course, the multitude of benefits provided by Office 365 show that this just isn’t the case. Sticking with an older solution that doesn’t work properly just because you’re used to it doesn’t make any sense, and it could end up costing your company big in terms of productivity and effectiveness in dealing with client needs.

However, making the transition can lead to certain obstacles. But don’t worry, ISG Technology is here to help. Our staff members have quite a lot of experience dealing with moves to Office 365, and we can help make sure yours goes as smoothly as possible.

3 myths about Office 365 that just aren’t true

/in , , /by

The rate of innovation involved with modern technology is increasing with every year. Companies are working hard to constantly give new features to their clients, a sentiment that is especially true of Microsoft’s Office 365. This cloud-based productivity platform has exploded on the enterprise IT scene and is completely changing how and where employees complete tasks.

Despite having been on the market for nearly five years now, those who haven’t had the chance to work with Office 365 yet still don’t know much about it. In fact, there is a portion of this population that have formulated myths based on unfounded rumors and hearsay. We wholeheartedly believe that Office 365 is an incredibly beneficial tool, and we would hate to see a company miss out on it due to unsubstantiated claims.

Therefore, we’ve put together a list of myths about Office 365 that just aren’t true, and what the reality behind the situation actually is.

Myth #1: It’s not secure

No matter which sector your company works in, one of your most important areas of concern has to be cybersecurity. This is because a data breach could seriously affect how clients view your organization. A study from Centrify found that two-thirds of consumers living in the U.S. will stop their business relationship with an institution following a major hacking event. Clearly, staying on top of your firm’s security is of the utmost importance.

This is especially true when you’re talking about a platform like Office 365. This service handles so many pieces of important information that it makes sense for people to be worried about it’s ability to mitigate the risks of a cyberattack. However, the idea that Office 365 is inherently less secure than other options is completely false.

This service has a good level of security. Office 365 is incredibly secure.

Microsoft has spent years refining and polishing the security features on Office 365, and it truly shows. This service has been built from the ground up with cybersecurity in mind, and businesses all over the world rely on Office 365 to keep their data safe. The company’s website even has a list of the most important features, which are:

  • Identity security: Ensuring that only the right employees have access to secure data is paramount. Therefore, Office 365 relies upon multi-factor authentication, which means you have to utilize multiple security credentials in order to log onto an account. This puts another obstacle between your company’s data and the hackers.
  • Data and app encryption: Encryption is by far the most important tool in the fight against cybercriminals. Office 365 utilizes this technology when information is moving between systems and when it’s stored on a particular device.
  • Responding to issues: Microsoft stated that Office follows the response tactics of the National Institute of Standards and Technology. This includes having a dedicated security team, detecting and analyzing threats, containing incidents and spearheading an investigation after everything’s said and done.

Clearly, there are too many security features baked in to Office 365 for it to be considered a vulnerable platform. Working with this tool means that your data has an added level of security that will help lower the chances of a data breach.

“One of the major selling points of Office 365 is that it clears up a lot of technical issues.”

Myth #2:  It’s going to steal your job

One of the major selling points of Office 365 is that it clears up a lot of technical issues that other platforms present to company IT teams. While it is obviously a clear advantage, some workers see this as a threat to their current position. They see all the work that they put toward just keeping their current system running, and they think if they don’t have to do this maintenance then they’ll be out of a job.

While this comes from a very real place of self worth, this is once again a very false myth. Although Office 365 will streamline certain processes and eliminate the need to constantly put out fires, it won’t completely take away the need for a robust IT department. As a matter of fact, the truth is quite the opposite.

Office 365 gives you the opportunity to explore internal goals like never before. Due to the fact that you won’t have to waste time simply fixing what should already work, you can move on to opportunities to expand your current IT infrastructure. A deployment of this platform isn’t the death of the IT team; it gives your department new life.

Myth #3: Moving from a different platform is next to impossible

This is less of a specific Office 365 myth and more of a misconception for most newer technologies. Companies very often get comfortable with their current solution, and they start to imagine that making the move to another platform would just be more trouble than it’s worth. Of course, the multitude of benefits provided by Office 365 show that this just isn’t the case. Sticking with an older solution that doesn’t work properly just because you’re used to it doesn’t make any sense, and it could end up costing your company big in terms of productivity and effectiveness in dealing with client needs.

However, making the transition can lead to certain obstacles. But don’t worry, ISG Technology is here to help. Our staff members have quite a lot of experience dealing with moves to Office 365, and we can help make sure yours goes as smoothly as possible.

The presidential debate and the future of American cybersecurity

/in , , /by

Cybersecurity is becoming less of an individual problem and more of an issue that entire states need to deal with. Due to the importance of this issue, both presidential candidates were asked in the recent debate to discuss the current state of cybersecurity within the U.S. as well as what they plan to do when they get into the Oval Office. Their responses – as well as their previous actions – could very well foretell the future of America’s cybersecurity efforts.

Both candidates need to study up

During the debate, moderator Lester Holt asked the candidates about their opinions concerning the current state of U.S. cybersecurity. Hillary Clinton was quick to jump on Russia as a major antagonist. In fact, she went so far as to blame Putin himself for the hack levied against the Democratic National Convention. She also took a very hard line against anyone considering a cyberattack against America, saying that the U.S. would not “sit idly by” and allow foreign entities to breach private American data.

That said, Clinton has certainly had trouble with cybersecurity in the past. She set up her own private email server against State Department regulations, which was eventually compromised by a hacker.

Clinton has been hacked before. A hacker was able to gain access to Clinton’s private email server.

Donald Trump was also adamant that America needs to improve its defenses, although his response was slightly different. As Government Technology’s Eyragon Eidam pointed out, Trump brought up the uncertainty of cyberattacks like the one that befell the DNC. When discussing this attack, the candidate said it could have been anyone from Russia to Iran or even “somebody sitting on their bed that weighs 400 pounds.”

While it’s certainly true that America’s enemies are no longer visible on a map, broadly painting hackers as obese people downplays the importance of this issue.

New federal CISO’s job hangs in the balance

Although both of the candidates will continue to duke it out, the current president has decided to take action. President Obama has created the position of federal chief information security officer, and he’s appointed retired Brigadier General Gregory J. Touhill to the post. Touhill has more than 30 years of experience in the U.S. military, much of which was spent within IT. He’s also been awarded the Bronze Star Medal, according to his biography on the Air Force’s website. This position is meant to come up with a uniform cybersecurity plan for federal government organizations.

“The federal CISO is an appointed position.”

While it’s certainly good to see the White House attempting to tackle the widespread security problems present across the government, the federal CISO is an appointed position. This means the current president is allowed to choose who can fulfill the role, which puts Touhill in a tenuous position. The next president will enter office on January 20, 2017, which means Touhill has around four months to implement some changes.

Whether the next president keeps Touhill will depend entirely on who wins. If Trump is voted into office, he’ll most likely want a fresh slate and appoint his own CISO. There’s a good chance that Clinton will do the same – however, she’s probably Touhill’s only hope at job security. He’ll have to make some huge leaps in the next few months if he hopes to impress.

White Paper: Cybersecurity Best Practices

/in , /by

Register to receive the ISG white paper



cybersecurityIn the ever-changing security landscape, it’s hard to fully understand security threats and even more difficult to create lasting, effective solutions. Read the ISG executive report to learn:

  • How to identify potential threats
  • Best practices to protect your business

White Paper: Tech For Community Banks

/in , , , , /by

Register to receive the ISG white paper



community-banksIn the face of regulatory changes and cybersecurity threats, IT plays a more critical role than ever for community banks. This free report will teach you how to not just survive, but how to thrive, with technology as a main driver. Topics covered include:

  • Key trends in regulation and market forces driving change
  • How video conferencing can improve the client experience
  • The latest developments in cybersecurity and what you need to prepare
  • Disaster Recovery and Business Continuity: are you ready?

The Boardroom vs. IT: Who drives change?

/in , , /by

When it comes to ensuring business continuity and keeping all parts working properly, it’s crucial for communications between departments to be easy and effective. You especially want interaction between executives and IT administrators to be productive. In those conversations, if there is any kind of disconnect with either party, bottom lines could suffer.

How does the proper implementation of IT impact corporate objectives? Having the right technology solution in place can make a difference in the long run across the board, but decision-makers sometimes don’t consult their IT departments before investing in something new. According to InformationWeek contributor Andrew Froehlich, this may be due in part to the fact that new technologies are constantly coming out, sometimes so quickly that tech staff can’t keep up.

Shadow IT is creating cybersecurity vulnerabilities for enterprises.

Shadow IT is compounding this issue even further. With the continued implementation of bring-your-own-device policies, extraneous technologies make their way into companies’ networks. Employees are carrying their smartphones and tablets into the workplace and downloading different – and perhaps unapproved – applications to use in their jobs. This creates cybersecurity and compliance issues due to the entrance of unknown actors on the network.

For instance, one study from 2014 on the information systems of health care organizations found that the average provider has 928 cloud services running on its systems – only 10 percent of which are known to their IT departments. In addition, only 7 percent of the total systems on the cloud comply with industry-specific standards. These kinds of statistics illustrate why it’s crucial for the IT department to be involved in the decision-making process of any company. To ensure compliance and maintain security, technology teams and executives need to be on the same page.

Different departments need to work together to elicit the best outcome for a business – meaning that to achieve the best bottom line, communication between IT staff and the executive board needs to be efficient. Computer Weekly contributor Marc Cercere noted that the agendas of both the business technology and IT departments are equally as important to focus on and improve.

For instance, due to the increase in shadow IT and the continuing focus on cybersecurity across every industry, the IT department should be consulted about any change to technology strategy. Instead of implementing tech “solutions” that may or may not solve a company’s problems, getting the go-ahead from the IT department allows every portion of the company to work in unison toward the same goal.

In today’s business climate, technology should align with corporate objectives. You want IT to work in your favor. If relationships within your business between executives and the IT department aren’t up to par, costly disconnect can occur, and business processes can be hampered.

Ransomware: How hackers hold data hostage

/in , /by

Crime has changed with the Internet age. Although physical theft is still a problem, the introduction of computer systems into the workplace has brought about a generation of criminals who use code to steal rather than a gun. Perhaps the epitome of this trend is ransomware, a specific piece of malware that encrypts a victim’s files until the user pays the hacker a ransom.

Ransomware attacks have been steadily increasing recently, with more businesses than ever being forced into a corner by cybercriminals. What does the current ransomware landscape look like, and how can companies protect themselves from this ever-growing threat?

The online underworld has taken a shine to ransomware. This popularity has a lot to do with just how simple and effective a ransomware campaign can be. All it takes is for the user to open the wrong attachment on a bogus email, and the malware takes it from there. What’s more, these kinds of attacks are extremely effective. Victims generally panic, sometimes scared by phony messages from the FBI or CIA about having to pay a fine, and will often enforce this malicious behavior by paying the criminal.

In fact, a November 2015 McAfee Labs Threats Report found that hackers are throwing their full weight behind these campaigns. The study discovered that total ransomware more than doubled between the fourth quarter of 2014 and the third quarter of 2015, eventually resting at a whopping 5 million observations.

Forbes contributor Thomas Fox-Brewster noted the example of Locky, a specific type of ransomware that is compromising around 90,000 devices per day. It’s a strong and effective piece of malware and shows just how troublesome these kinds of attacks are.

Although a ransomware attack is pretty straightforward, hackers are constantly innovating their techniques to make a fast buck. One of the ways they’re doing this is by branching out in terms of what systems they attempt to infect. Cybercriminals are going for less of a “spray and pray” method and more of a targeted approach, going after CEOs and CFOs. The logic here is that the important people in a company have important data on their computers and as such would be more willing to fork over a ransom.

Bitcoin.jpg

Another trend: Hackers are also beginning to target entire servers rather than specific computers. This was recently proven to be a solid tactic after cybercriminals held Hollywood Presbyterian Medical Center’s data hostage, eventually forcing the health care facility to pay $17,000 in untraceable bitcoins. Hackers using ransomware often ask for bitcoins because they’re so hard to trace.

Ransomware may be a frightening concept, but it can be beaten if a business takes the right preventive steps. These steps include three key areas of focus: technology, processes and people.

Technology is already the backbone of your organization, so it makes sense that you’d need to invest in it if you want to prevent a ransomware attack. There are a lot of tools that detect infections before they become a problem, but what you’ll really want to focus on is backup software. The practical uses of backing up your most important data are nearly endless, but it also has the added bonus of mitigating the risks of a ransomware attack. If you have your mission-critical information backed up somewhere, you can simply ignore the hackers’ demands of payment to unlock your files.

Next is processes, and this is one that the boardroom is going to need to take a specific interest in. Executives often ask questions like “Are we backing data up?” This kind of inquiry doesn’t really mean anything, as it doesn’t tell you the specifics behind your company’s contingency plan. You should be asking where the data is or how far back the records go in order to have a full understanding of where your organization is at.

Last, and most importantly, businesses need to invest in education for their workers. Despite the fact that they keep operations running, the people at your company are the weakest link in your cybersecurity chain. You need to train them to be able to spot what a fishy email looks like and how to avoid clicking on suspicious links. Your company is only as safe as you want it to be, so make sure to train your employees to recognize the dangers of cyberattacks.

KsFiberNet Appoints New Board President

/in /by

KsFiberNet is pleased to announce the appointment of Ben Foster as Chairman of the Board of Managers. Foster is the President and CEO of Twin Valley Telephone and the Chairman/CEO of ISG Technology, Inc. He has been a member of the KsFiberNet Board of Managers since 2009.

“The future of reliable broadband connectivity and services in rural Kansas is our highest priority,” said Foster. “Our recent 100Gbps network upgrade has paved the way for future growth and we are poised to support the bandwidth requirements for growth initiatives across Kansas.”

Additionally, CEO and General Manager of Blue Valley Tele-Communications, Brian Thomason, was newly elected to the KsFiberNet Board of Managers.

“We’re excited to have such experienced leaders on board,” said KsFiberNet President Steven Dorf. “We look forward to working with both Ben and Brian through this exciting phase of exponential growth.”

KsFiberNet is an association of 29 fiercely independent rural Kansas telephone companies, some of which having been in business for more than a century. We help these companies develop broadband solutions by creating a ubiquitous network throughout the state. By hiring Kansas contractors and creating Kansas jobs we are bringing incoming revenue to rural Kansas. We are growing fast and bringing with us a lot of energy to fulfill this mission. By moving the entire state forward with this network, we’re giving small telephone companies a pathway to serve clients in the future and ensuring that the people who live in rural Kansas can stay connected to the rest of the world while thriving in the communities they love.