Information about Meltdown and Spectre Hardware Exploits

We provided the following to our GUARDIAN Support Clients on Friday:

Earlier this week the existence of two CPU related security vulnerabilities was released to the general public. These vulnerabilities affect most modern computing device processors (including Intel and AMD), and allow an unauthorized process access to privileged system memory.

There are currently no known active exploits of these vulnerabilities.

Microsoft has released a Security Only Update on January 3, 2018 to address this vulnerability for Windows devices. This patch has a known compatibility issue with most antivirus programs. If this patch is applied prior to pending updates by your antivirus vendor, your computer will not boot.

On January 9th Microsoft will be releasing their Monthly Security Patch Rollup, which contains the same patch, but will automatically detect if your antivirus software has been updated to be compatible.

Actions and plans: 

GUARDIAN Support clients will only need ensure your computers are left online during their normal patch cycle. Patches will automatically be deployed, in the correct order, over the next few days.

If you have any questions or specific concerns, please contact us.

Thank you for your business!

 

Sensitive data demands special attention

If you need to maintain compliance of any sort, your company needs to ensure that you’re up-to-date on all the proper requirements and regulations. Too many businesses run without sufficient policies, plans and procedures.
Join us for a 1-hour webinar, “5 Hidden Threats That Put your IT Systems at Risk” on January 10th at 1:00pm
 Thorough discovery and assessments BEFORE a regulatory audit can uncover security issues and provide corrective action to help avoid potential data breaches and fines.
Seating is limited, so register today.
Picture1 Picture2a

Do you have the budget, skills or resources to have inhouse experts devoted solely to cybersecurity?

Dedicated Cybersecurity Expertise Combined with Advanced Threat Intelligence

You may have employees who handle cybersecurity along with other general IT responsibilities, but that’s not enough. Through no fault of your own, you’re unprepared to protect against and remediate these cyber
threats. If you’re attacked, you won’t be ready.

A Managed Security Services Provider (MSSP) provides the proactive, preventative maintenance and technology you need to secure your  workstations, servers, devices and networks. Working with an MSSP is also a more cost-efficient way to address your information security needs.

Some additional benefits you’ll receive include:

Multi-Layered Threat Protection and Prevention
You don’t always have the time, bandwidth or resources to stay up-to-date on the latest security processes and implement the proper defenses to keep your network protected. The easiest and most beneficial solution for you is to partner with an MSSP like us and fully leverage our services and expertise.

Together, we can minimize your business’ risk and develop a plan that focuses on resiliency, not only prevention. The best approach to IT security is a multi-layered approach (education, prevention, preparation, response)  and we can provide that with you.

Simplified Management
If your IT security strategy is a patchwork of different devices from multiple vendors, it may be putting too much strain on your in-house team to manage. Our unified threat management and cybersecurity services allow for a more centralized management of threats to local and remote
environments from a single console. And as your MSSP, we can take care of the deployment, management and monitoring for you – thereby addressing your security needs in an efficient and simplified manner.

Your Ultimate Failsafe
We can be the expert you can turn to in case of a ransomware or other cyber attack.  As your MSSP, we’ll give you the steps you need to take so as to minimize interruption to your business and profitability, and also provide you and your employees with training and education to prevent future
attacks. The key to protecting your business is to take preventative measures now. When you work with us, you can rest easy knowing that your network is secure, your data is protected and that we’re available 24x7x365 for any and all of your support needs.

After reviewing our CyberSecurity Checklist to assess your security posture, contact us today at 218.534.5357 to schedule an appointment to discuss how our expert services team can help with your IT support needs.

Are your employees helping hackers?

Consider what happens when a threat bypasses perimeter defenses and targets an employee—in the form of a malicious email or text, or even a voicemail that might prompt a response with confidential company information.
Your employees need to practice strict and secure cybersecurity habits— not only to thwart digital attacks, but also to prevent someone from simply walking by their desk (in the office or at home) and picking up a device or document that contains sensitive information.
It only takes one incident to completely destroy any goodwill you’ve  established and built with your customer base.  Educating your staff on what it takes to protect proprietary documents and data is critical.
Download our e-book: Cybersecurity Tips for Employees, then contact us to schedule Security Awareness Training  – provided as part of our GUARDIAN Managed Security Services.

IT security must continually be revisited

Data Security Now Requires Consistent, Vigilant Monitoring and Maintenance 

With all of the various threats to your company’s data and factoring in the impact of exploited network or system vulnerabilities, you simply don’t
have the time to do what it takes to keep your business secure.

If you don’t have someone constantly and actively monitoring your network, you may not detect any issues until it’s too late. What if you didn’t know you were hit with ransomware until after the ransom payment window closed, and you couldn’t access any of your files?

The average time to detect malware or criminal
attack is 170 days (Heimdal Security).

Examples of time-consuming, but necessary cybersecurity tasks you can offload include:
Reviewing firewall rules
Updating your firewall
Patching the latest vulnerabilities discovered
Maintaining required controls and standard certifications, such as: ISO, SSAE16, HIPAA, SOX, etc.
Filtering web content
Updating software

Download our CyberSecurity Checklist to see where your company currently stands.

If you have questions about keeping up with your company’s security – whether it’s in-house or outsourced – contact us today. We’ll be glad to begin the conversation with you!

Don’t Risk Your Reputation

Besides the cost and lost productivity that we’ve mentioned in past blog posts, there’s a less obvious consequence from cyber-attacks… your company’s reputation. You’ve probably worked for years to build a solid image and reputable brand. And even though it may not show up on a balance sheet, it’s a key component to your success.

Here are a few ways in which a company’s reputation is affected by a cyber-crime:

  • Current customers lose confidence in your ability to mitigate another breach and may begin to question their loyalty to your business.
  • Potential customers may immediately rule you out as a partner.
  • Employees question the management or leadership’s competence if the situation isn’t handled quickly and efficiently; frustrations mount the longer they’re ‘left in the dark’ and work doesn’t get back to normal.
  • Vendors may seek other partners, wondering if (or when) it will happen again.
  • Competitors notice the weakness and capitalize on the competitive advantage they now have.

And don’t be fooled into thinking that cyber criminals will overlook you because you’re a start-up or located in a rural area or part of lesser-known industry. If you have data – and every business does – you’re a target for them.

If you have questions about your company’s security, contact us today. We’ll be glad to begin the conversation with you!

Cyber security – more facts!

Small and medium-sized businesses are a prime target for attackers because they tend to be easier targets. They’re often less secure and unprepared for attack. (Think about burglars that go after houses where they know no one is home – it’s a similar concept!)

Besides the facts we shared last week, here are a few more facts about cyber crimes and their impact on small and medium-sized businesses:

  • Did you know that 79 percent of small businesses do not have an incident response plan? Without one, you may never be able to fully recover when a security incident becomes a reality. (Nationwide Cyber Security Survey)
  • An IBM and Poneman Institute study found that the estimated global average cost of a data breach was a staggering $3.62 million. (Cost of Data Breach Study)
  • Similarly, 60 percent of companies that lose their data due to an attack or disaster will shut down within six months. (Boston Computing Network)

This information is intended to help make an informed decision about what cyber-security solution is right for your business. Investing in an outsourced cyber-security solution to protect against the expanding threat landscape can help mitigate damages inflicted upon your business. When you’re ready to get serious about IT security, keep our team in mind – we’re here to help!

Today’s cyber-security landscape: a few facts!

In the IT world, cyber-crimes and data breaches are becoming more and more common. And unfortunately, it doesn’t matter what size of business or type of information, everyone is fair game. We’re finding that whether it’s credit card data, client records, vendor contracts, or other private information… even your small business data is worth big money.

Here are a couple tidbits about today’s cyber-security world:

Many small businesses think that they’re not a target!

In fact, 82% of small-medium sized businesses (SMBs) say they’re not targets for attacks as they don’t have anything worth stealing. (Towergate Insurance). However, 55% of SMB respondents have experienced a cyber-attack in the past year, and another 50% have experienced a data breach involving customer and employee information. (2016 State of SMB Cybersecurity)

You may underestimate the value of your information.

It doesn’t always seem like it, but every business has data worth stealing. Did you know that the average cost per lost or stolen record is $158? It may not seem like a lot, but this number grows quickly once these records are stolen by the hundreds. (Cost of Data Breach Study)

Remember… from audits to zero-day threats and everything in between, we’re here to help you navigate today’s security landscape!

Planning for Adversity: Ensuring business communication continuity with the cloud.

Your new marketing campaign was a huge success and your office is receiving the highest level of calls you’ve ever experienced in your growing business.  Your staff is taking live calls, checking voicemail and returning customer inquiries as fast as they can.

Can you imagine the impact if your phone system goes down mid-morning – at the peak of the call volume?

Who knows why disaster strikes?

It could be a clumsy utility worker, a lightening storm or some other unpredictable problem.  Phone system issues are a reality with traditional telecommunications systems and can create enormous business headaches for you.

If your business hasn’t planned for adversity with a disaster or redundancy plan, those kinds of communication failures can significantly disrupt your business from, well, doing business.

What is your communication continuity plan?

In the past, developing a disaster recovery plan meant that your IT staff would need to re-engineer your business phone system so it could be recovered successfully. If you’re a growing business, you likely don’t have that kind of unlimited resources for equipment and infrastructure.

This is where cloud communication can help.

Cloud phone systems have greatly advanced system recovery and business continuity in the face of an outage. They’re hosted virtually, so there’s no need to worry about the types of disastrous scenarios that used to disrupt on-premise or landline phone services.

If a phone line is cut, cloud-based systems are totally unaffected. If Internet service goes down, phone calls can be re-routed to backup cell phone numbers or other business offices.

3 Essential Business Benefits of Switching to the Cloud

As you think about a continuity plan for your phone system, there are several important benefits to the cloud that you want to consider.

  1. Your phones stay up and running – always. Even if a total outage strikes, wiping out your office’s power and Internet service, cloud-based phone systems allow employees to connect from anywhere — their home, a coffee shop, or wherever they can tap into power and a data connection.
  2. Redundancy is built into the architecture in all the applications. This means that the system isolates any issues and the redundancy allows you to troubleshoot during business hours rather than coming in after-hours.
  3. Cloud-based phone systems are completely scalable. If you need to re-direct call flow from one site to another, it’s very easy to do without any disruption in call quality or service.

Simply put, recovery and continuity is a non-issue.

With these benefits in mind, the question, then, is why you wouldn’t switch to the cloud?