Over the course of this three-part series, we have explored security measures to help keep your organization better protected from cyber criminals. In part one, we examined the importance of patching, and in part two,we explored advanced email security. In this final part of the series we will cover security awareness training that should be implemented in every business.
With election campaigns and candidate advertisements running rampant, it makes sense to go into some basic dos and don’ts when surfing the Internet. Once connected to the Internet, a majority of the sites are primarily free. Although, most of these websites are not there just to help you out, they are there to make money. A blogger, if they get enough viewers to their site, can sell ads that help pay them to write. Home Depot’s site is there to educate you on what they sell and get you to go to the store. Facebook and Google are there operate to make money off advertisements.
Distributed denial of service or (DDoS) attacks typically make news when they are large enough to bring down a website, and the affected website belongs to a well-known organization. In 2017, the total number of DDOS attacks that were observed and reported was 7.5 million, up from 6.8 million in 2016. On average, companies are faced with 237 DDoS attacks per month. Most DDoS attacks are not large, volumetric attacks, and DDoS hackers target all kinds of organizations. No organization is immune to a DDoS attack, and any size DDoS attack should be cause for alarm.
I still talk with people in the security industry that confuse a vulnerability scan with a penetration test. These are very different yet complimentary tools.
A vulnerability scan can be run against your external IP range, as well as your internal IP range. If you run it against your external IP range you will see what the hackers see when they look at your network from the outside. If there are any known vulnerabilities, the scanner should pick it up and report it to you. This would be the first step in getting your network more secure.
This three-part series will highlight areas that are easy for Thrive to implement to help keep your business protected from outside threats. If you missed Part One: Patch, Patch, Patch, we covered the importance of patching your environment to prevent potential disruption or even disaster. This installment, Part Two, will focus on advanced email security; how it developed and why you should ensure to use it in your businesses. Moving forward, Part Three will use this information and detail the proper measures to take when it comes to security awareness training.
There’s an old adage in IT that goes something like this: “people only notice/value technology when it doesn’t work as expected.” This is never truer than with the databases that sit behind so many of the applications we use every day. We expect applications to perform as quickly as we’ve grown accustomed to. We also expect the information contained in them to be kept securely, accurately, and for as long as we need it. A substantial part of an application’s capability to satisfy these baseline requirements depends on the database. So, while most of us never interact directly with databases, most of us become acquainted with them when they become slow, or worse, lose data to theft or other disaster.
This three-part series will highlight areas that are easy for Thrive to implement in your organization to help keep your business protected. Part one will cover patching, part two advanced email security, and part three security awareness training.
Just as you could have a hole in a window in your house, you may have one on your servers and computers as well!
During our last family get together someone asked me about data protection. Thinking back, I might have said too much. I had proceeded to explain how text messages are not safe, your Facebook data isn’t private, and your SSN is out there for the world to see. I think that was when everyone migrated away from me during the party and started talking to others.
At least in the security realm. The NSA is secretly, or not so secretly, working with AT&T to gather up our data, Naval contractors are being hacked, and APT is attacking every firm possible! Relax and let’s review.
Yes, the world is becoming much less safe than we thought. Yes, things are looking a little grim. But take a breath and realize that the fundamentals of security have not changed. When you put that Virtual Private Network (VPN) into your Chicago office many years ago, it was top of the line, but just like all things with technology, it is time to revisit and update it.
During my last blog post, I discussed the differences between vulnerability scanning and a penetration test. Now that I, hopefully, explained why you want both and how they are useful, it is time to discuss what to do with this information. Both a vulnerability scan and a penetration test will give you the standard way to fix the vulnerability. I hate to say this, but I doubt your network is standard, and if you do fix it, you will most likely break something else.