Small Business and Big Threats

The integrity and security of data are now paramount concerns for businesses of all sizes. Recent high-profile incidents, such as the National Public Data breach, the CrowdStrike outage and the CDK data security breach, have underscored the vulnerabilities that large enterprises face. However, small and medium enterprises (SMEs) are often at a greater risk due to limited resources and expertise. This is where comprehensive managed IT security services, like what clients of CCI Managed Services get, come into play.

The Growing Threat Landscape

Cybercriminals are becoming more sophisticated in their methods. SMEs are particularly vulnerable due to a lack of robust cybersecurity measures. In many cases, they are seen as easy targets because they may not have the same level of defenses as large corporations. And let’s face it, not every manager and employee can possibly understand all the risks when they are online, and often, even offline.

High-Profile Breaches: A Wake-Up Call

The National Public Data breach, the CrowdStrike outage and the CDK data security breach serve as stark reminders of the potential consequences of inadequate cybersecurity. These incidents affected millions of people and businesses worldwide, leading to significant financial losses and reputational damage. For SMEs, such breaches can be devastating, potentially leading to business closure. A recent industry analysis revealed that 60% of small businesses close or cease operating following a major security breach.

Why Small and Medium Businesses Need Managed IT Security

Most SMEs do not have the luxury of a dedicated IT security team. Employees often juggle multiple roles, and cybersecurity may not be their primary focus or expertise. This lack of specialized knowledge can lead to common gaps in security that cybercriminals know about and can exploit.

Cost-Effectiveness

Hiring an in-house IT security team can be prohibitively expensive for SMEs and especially small businesses. Managed IT services offer a cost-effective solution by providing access to a team of experts without the overhead costs associated with full-time employees. This allows businesses to allocate resources more efficiently while still maintaining robust security measures.

Proactive Threat Management

Managed IT service providers like CCI employ a proactive approach to cybersecurity. They (we) continuously monitor networks for potential threats and vulnerabilities, ensuring that any issues are addressed before they can cause significant damage. This proactive stance is crucial in today’s threat landscape because waiting to react can result in severe consequences.

You Need an IT Security Partner

CCI Managed Services offers comprehensive network protection tailored to the unique needs of SMEs. Their services include firewall management, intrusion detection and prevention, and regular security audits. By employing advanced technologies and best practices, CCI ensures that your network remains secure against a wide range of threats.

Data Security and Compliance

Data security is not just about protecting against external threats; it also involves ensuring compliance with industry regulations. CCI helps businesses navigate the complex landscape of data protection laws, ensuring that they remain compliant while securing sensitive information. This dual focus on security and compliance provides peace of mind for business owners.

Disaster Recovery and Business Continuity

In the event of a cyber-attack or data breach, having a robust disaster recovery plan is essential. CCI Managed Services provides comprehensive disaster recovery solutions that ensure business continuity. Their team works to quickly restore systems and data, minimizing downtime and reducing the impact on business operations.

The CCI Security Advantage

Every business is unique, and a customized approach to cybersecurity is often the only right approach. CCI offers custom solutions tailored to the specific needs and risks of each client. This personalized focus ensures that businesses receive the protection they need without unnecessary services or costs.

24/7 Support

Cyber threats do not adhere to business hours, and neither does CCI. Our 24/7 support ensures that businesses are protected around the clock. Whether it’s a minor issue or a major incident, CCI’s team is always available to help and provide support.

Know-how and Experience

With hundreds of combined years of experience in the IT industry, CCI’s team of experts is well-equipped to handle the most complex cybersecurity challenges. Our deep understanding of the threat landscape and commitment to continuous learning ensures that we stay ahead of emerging threats for you.

Your Complete Care Solution

Robustly managed IT security is truly a necessity for small and medium enterprises today. The recent high-profile breaches serve as a stark reminder of the potential risks and the importance of having a trusted IT partner.

CCI offers Complete Care IT Services; cost-effective solutions that ensure the security and continuity of your business. By partnering with CCI, SMEs and small businesses can focus on growth and innovation, knowing that their IT security and system performance are in capable hands.

The post The Growing Imperative of Managed IT Security for Small and Medium Enterprises appeared first on CCI Managed Services | IT Services & Support.

How IT Hiring and Firing Policies Could Expose Your Business to Risk

It was Pauline’s first day at “HiTech Software, Inc.” where she would be a new hire software engineer. She was happy to be introduced to her new cubicle and new colleagues, but disappointed when she discovered the computer equipment and applications she would be using were delayed because IT hadn’t finished the appropriate configuration and credentials. She needs to work initially from her own computer.

Unfortunately, the lack of synchronous policies and procedures between HR and IT for effective onboarding of new hires not only frustrates eager new employees, but also adds unnecessary costs and risks to company projects.

Sensitivity and Timing

Consider another scenario. As Joe P sat in his cubicle typing away on his company computer at “Acme Electronics,” he received a phone call from his manager who said the company was letting him go. He was told to gather is personal belongings and a security representative would stop by his cubicle to walk him to the door. As his manager hung up, Joe’s initial feeling of being stunned changed to anger, then rage. Within the next 10 minutes before the security guard arrived, he rampaged through the software files had been working on for the past few weeks, corrupting everything of value.

Unfortunately, the company had not setup HR and IT policies and procedures that would immediately remove active access roles and credentials applications and data stores prior to employee firings or leaving the company. Even with backups, it would take some time for IT and his colleagues to piece together the project damage he had done.

Access Control is No Simple Matter

Hiring and firing employees are not easy tasks for businesses these days. Networks, data storage and retrieval have significantly evolved since pre-COVID days. Back then, these resources were almost exclusively on-premise and under lock and key by IT departments. It was much easier to give a new hire access credentials, modify those credentials for an employee with a new role, or remove all access when they left the company or were fired.

These days, IT must offer more flexible access to applications and data spread across different clouds. Employees need to able to work from anywhere. Unfortunately, this increase in flexible access has significantly complicated access control management for your IT professionals. Their policies must reduce risks to the company while keeping up-to-date with the increasingly complex steps required to add access to new hires, change access as employee roles change, and remove access when employees leave the company whether fired or resigned.

Let’s face it, access control management has become complicated. An approved process needs to be followed and reviewed for adjustment regularly. Mistakes will cause new hires to have a negative experience and expose company and personnel data to loss and theft, as well as compliance penalties.

Ask yourself these pertinent questions:

1. What does “hiring” and “firing” really mean for your manual and automated IT processes and procedures?
2. What happens when steps in your policy procedures are missing or not followed by your HR and IT staffs?
3. Can you afford delays in employees having the right access for the work they do?
4. Can you afford to have employees who are in the process of being fired or leaving the company still having access to critical data and resources, including servers, laptops, applications, emails, and data repositories?

As noted by itglue.com, “IT policies and procedures establish guidelines for the use of information technology within an organization. In other words, it outlines what everyone is expected to do while using company assets. With the help of strong policies and procedures, you can incorporate actions that are consistent, effective and efficient. In addition to helping you combat security threats by creating proper awareness, documented policies and procedures can also define how you incorporate and manage technology in your corporate environment.”

Implementing the Right Access for Your Teams

The best way to limit risk to your business when hiring, changing, or firing personnel is to ensure your IT policies are set up properly for your business. To accomplish this, we recommend you follow CIS Control 6.1 & 6.2, which recommends, “Securely dispose of data as outlined in the enterprise’s data management process. Ensure the disposal process and method are commensurate with the data sensitivity. Establish and follow a process, preferably automated, for revoking access to enterprise assets, through disabling accounts immediately upon termination, rights revocation, or role change of a user. Disabling accounts, instead of deleting accounts, may be necessary to preserve audit trails.”

Your business will be safer and more secure, as well as more productive by following CIS industry recommendations. The readthedocs.org organization notes that the CIS Control 6 focuses on “managing who has access to IT accounts, ensuring users only have access to the data or enterprise assets appropriate for their role, and ensuring that there is strong authentication for critical or sensitive enterprise data or functions. Accounts should only have the minimal authorization needed for the role. Developing consistent access rights for each role and assigning roles to users is a best practice. Developing a program for complete provision and de-provisioning access is also important. Centralizing this function is ideal.”

Since 1987, CCI Managed Services has been providing local network management expertise. Our experts can inspect, test, and fine tune this process as part of a network security assessment. This is just one of dozens of practical steps we will take to help your organization know and improve your cybersecurity and digital access controls report card.

For further information about how we can help you define and implement your IT policies for your entire business, contact us online or give us a call today at (603) 542-5109.

The post Understanding Network Access Controls appeared first on CCI Managed Services | IT Services & Support.

Disposing IT equipment may create high risk to your organization

You decided it’s time to finally upgrade your company servers. The old ones got removed, the new ones installed, and now they are already being used in operations. Everyone is happy and reporting improvements in critical application performance.

But wait, where did the old servers go? What happened to them, and more importantly, all the data? If you don’t know and have chains of custody documented, your organization could be exposed to data loss or theft, or worse, being held hostage for Ransomware by cyber terrorists. And you could face business continuity interruptions as well devastating regulatory compliance penalties. Heavens! Who knew getting rid of old equipment could cause so much trouble?

What Most People Don’t Know about Offline Electronics

Unfortunately, most employees have no idea what needs to be done with old equipment to properly ensure the safety of private and proprietary information. They assume that IT picks it up and simply gives them new equipment. Out with the old and in with the new replacement. But ask yourself these key questions which can impact what could happen to the information on your old equipment:

1. Do you know for sure what happens to the data on older equipment when it gets recycled? You should have a log of what has been performed. You will need this ensure your data is safe and secure as well comply with any regulatory audit your industry requires.
2. Why not Just delete the data off older systems before disposal? Because online and consumer-oriented applications often do not completely “wipe” the data, leaving traces of data that an expert thief can access.

Disposing IT equipment without following the latest industry standards that take into consideration the today’s significant risks associated with cyber security issues and data theft, can jeopardize your organization’s ability to operate securely. It can also lead to potential legal risks for failure to comply with regulatory laws covering theft and loss of privacy data.

Can your business afford to have all of its customer, partner, and vendor data held hostage by some crook? Or, face the news that your customers’ private information has been exposed to the world? Probably not.

Common Equipment Data Breaches

Costly scenarios are easily possible when you don’t know the best practices for securing data on devices. For example, here are just two common mistakes businesses make. A company simply throws its old printers out in the dumpster. How smart can these devices be? Well, many old printers, copiers, and faxes often still contain electronic proprietary data, from phone numbers to passwords, which anybody could easily retrieve and use. Another innocent-seeming scenario is companies giving away old laptops and computers to employees which contain privacy data and company network access details. Not only do these practices expose private information to the public but also opens the organization to legal and financial risks if the equipment falls into to the wrong hands.

Here are a few recent regulatory penalties applied to companies that failed to properly secure data as required by regulatory laws:

• Morgan Stanley fined $60 million
• Home Depot fined $28 million
• Target fined $7.4 million
• Big Lots fined $3.5 million
• Walgreens fined $3.5 million
• Dollar General fined $1.1 million

Proper Disposal of IT Assets

The Center for Internet Security (CIS) recommends how to properly dispose of equipment potentially containing private data. CIS Control 3.5 calls for “Securely dispose of data as outlined in the enterprise’s data management process. Ensure the disposal process and method are commensurate with the data sensitivity.”

Having a data disposal policy and teaming up with a reputable vendor that can professionally handle the end-of-life process for your older systems is a smart decision. This policy should define who oversees the process, what practices are employed, and it should include documentation and a chain of custody from the rack to the scrap heap, so you know everything about how the data has been handled. The key advice is to not leave your sensitive data to chance. Ensure the data is removed and properly document this has occurred.

We’ve got your back!

Since 1987, CCI Managed Services has been sharing its network management expertise with our clients. As part of our network security assessment, we can evaluate and make recommendations for improving your existing security policy. If you don’t have a policy, we can work with you to create one that effectively protects your organization from today’s data security risks – online and offline.

For further information about IT asset disposal and how you can properly secure your data, give us a call today at (603) 542-5109 or contact us online for a free IT assessment.

The post Understanding Secure Data Destruction appeared first on CCI Managed Services | IT Services & Support.

Did you know that most company security breaches are caused by employee misuse of passwords? You would think that, with all the security training programs companies require their employees to sit through these days, password problems would no longer be a major cause of security intrusions. Perhaps employees should do more than “sit through” such important training. Unfortunately, most employees are probably thinking more about convenience than securing data. Fortunately, there is an efficient solution to securing your enterprise data.

Why Passwords Can be a Problem

Security and password training programs have been around for years. They continue failing because of inconsistency, lack of planning, and unengaging content. Employees are bored with having to constantly complete security trainings. They’d rather just do their work.

Let’s face it, it is much easier to use the same old password, or a short, simple one. The corporate password policies that automatically require changing passwords every 60 or 90 days can raise havoc with employees doing their jobs by impeding access to servers and data. (Of course, these occurrences increase the number of IT Support tickets.) Also, sharing passwords with co-workers to “get the job done” can be a problem as well, especially with employee turnover.

You may find the statistics about passwords and data risk particularly useful at this link: 55 Important Password Statistics You Should Know: 2022 Breaches & Reuse Data – Financesonline.com

Consider these basic questions about passwords:

• Which cybersecurity process is over 99% effective at preventing breaches and incidents? Answer: Multifactor Authentication (MFA).
• How many passwords are on the dark web? Answer: Over 555 million! Password reuse is the most common reason for company data breaches.
• How many office workers admit to sharing passwords over email or writing them on sticky notes? Answer: 60%

What’s the Remedy?

The biggest data breach risk to your company comes from using poor passwords. By poor, we mean passwords that are too short, too simple, too easy to guess, and are used over and over by staff for different purposes. These passwords are ripe for any skilled intruder to easily discover. Unfortunately, just telling staff to use complex and unique passwords is an uphill battle.

So, what are the experts suggesting? The Center for Internet Security’s CIS Controls® recommends implementing CIS Control 5.2, which calls for using unique and complex passwords to protect all enterprise assets, and implementing, at a minimum, an 8-character password for accounts using MFA and a 14-character password for accounts not using MFA. So, what’s MFA all about?

MFA (Multifactor Authentication) is a process where you not only specify a username and a password, but you also reply to a text message with an automated, secret 6-digit authentication code. By requiring MFA for access to your company network and email, you can expect a 99% or greater reduction in costly and embarrassing breaches. Your IT professionals will ideally implement software policies across your organization that require at least 8-character passwords with some degree of complexity combined with MFA to log in. Industry trends show that MFA is becoming a widely accepted and often expected mode for reducing risk.

Reliable Password Management Systems

By the way, how can you manage all of this? The best way is to implement an enterprise password management system which makes it easy to generate, store, secure, and use unique and complex passwords. Ask us about this effective and easy-to-use system as part of your network security stack.

Since 1987, CCI Managed Services has provided local businesses with secure network management services. CCI can help you with all aspects of password management by independently and affordably assessing your organizations network security. Let our experts assess your setup. We will provide you with a clear and concise report card that spells out the risks you have now and how to solve them.

Feel free to call us today with your questions about password security and MFA. Or contact us online to request a password security assessment.

The post Importance of Multifactor Authentication appeared first on CCI Managed Services | IT Services & Support.

Cyber Security Services

How easily can a thief grab private data on your laptop?

Have you or somebody you know ever had this something similar happen? …You are sitting in a busy cafe talking on your phone and don’t notice that a person walks behind you and stealthily lifts your laptop out of your open bag near you. Later, when you get up to leave, you notice something is wrong. Your bag feels lighter, and you discover your laptop is missing. Are you frantic? Of course you are. Are you worried about losing and exposing sensitive data? You should be.

Millions of laptops get stolen each year. If you are one of the unfortunate owners, I bet you didn’t know how easy it is for the thief to access your private, sensitive information quickly and easily passwords or not. The typical reason is that data on the hard drive didn’t get encrypted.

Never Assume Your Data is Protected

How protected is your data? Ask yourself these few questions:

• How easy would it be to access sensitive information on your laptop if it were one of the millions that get stolen every year? It is very easy if not encrypted!
• Did you know that many versions of Windows include the capability to encrypt your sensitive information, but that the feature isn’t enabled by default?
• If your notebook computer is lost or stolen, did you know in most cases the information can be accessed without any need for your login and password?

According to the FBI, approximately 2 million laptops are stolen each year. Most victims believe their information is secure. Often it is not. Here’s why.

Most computers sold each year are running Windows. You would think that Windows PCs would be automatically set up for data encryption. According to PCWorld.com, “Security is such a big focus for Microsoft’s latest operating system that automatically keeping stored data scrambled unless the computer is unlocked seems sensible. In fact, the mechanisms to do exactly that are already in place.” Some versions of Windows already support automatic device encryption. You just have to sign into the machine with a Microsoft account, which nearly all people do during setup. Sounds simple enough.

However, what interferes with automatically setting up your laptop is the hardware itself. “If a PC doesn’t meet the required standards, device encryption doesn’t automatically kick on, even if your laptop or desktop system is brand new. That doesn’t mean your computer can’t be encrypted, but you may have to do some work or pony up more money to make it happen.”

Unless your computer is using software that already encrypts your sensitive data, you will be at risk. Here are examples of data that could be left unsecured:

1. Files that are saved on your desktop or locally in folders are not automatically secure and are fully exposed.
2. Cached copies of files used with One Drive, Google Drive or other cloud file storage services are fully exposed.
3. Worse yet, emails stored in local cache for offline use are easy to access.
4. Let’s hope you didn’t keep passwords in a spreadsheet or email because that could open an even broader series of risk issues.

In reality, it is easy for a thief to pull out the device’s hard drive and simply access all this sensitive data with no need to even enter your Windows password. Yikes!

You could hope you’re never a victim. But is hope really an appropriate strategy? A more beneficial approach to encrypt data all on all of your end-user devices that contain sensitive data to prevent its readability without the assigned decryption software.

This corresponds to the “CIS Control 3.6 standard, Endpoint Encryption”, one of the many security actions recommended by CIS Controls (CIS stands for the Center for Internet Security) which sets the standards for cyber security. Having these business controls in place ensures that your laptop is secure at all times.

Endpoint Data Encryption Solutions

CIS Control 3.6 describes the importance of encrypting data on end-user devices containing sensitive data. Examples of encryption solutions for different operating systems include using such software as Windows BitLocker®, Apple FileVault®, Linux® dm-crypt.

At CCI Managed Services, we recommend whole disk encryption to ensure your data cannot be accessed by anyone other than you. Keep in mind that this capability may already be included with your operating system but not set up yet for your use.

Just like taking your car or truck to your mechanic once a year to inspect its safety, it is a good practice to visit your security advisor periodically to inspect your network and tackle any issues found. You’ll have the peace of mind knowing what’s really going on.

Learn just how exposed your data could be to constantly changing cybersecurity threats, and potential loss or theft with a security audit. CCI Managed Services has the experience and knowledge to provide you with a thorough security inspection and solution to safeguard your business.

We understand that keeping your data safe is crucially important. In fact, good network security means better productivity, less drama, and fewer disruptions to your organization.

Contact CCI today and ask about our practical security assessment and report card. It’s short money for that priceless piece-of-mind feeling.

The post The Critical Nature of Endpoint Data Encryption appeared first on CCI Managed Services | IT Services & Support.