It’s Time to Have a Talk with your IT Company

/in , , , , /by

The relationship between a business and IT team or IT person used to be so simple. Do you remember those old Saturday Night Live skits with Jimmy Fallon playing “Nick Burns: Your Company’s Computer Guy?” It was kind of like that, only with less sarcasm.

You would call up your IT Company when you had an issue with your server or a company computer, and someone would come over and fix it.

Today, things are much more complicated. Akron, OH IT Service providers are not only tasked with keeping your networks up and running, but they are also your first line of defense against cyberattacks. If they fail to adequately protect your network, or if their own system gets hacked into, your IT provider could destroy your business and everything you worked so hard for.

We meet with one or two companies every month whose business is on the brink of disaster because their IT company failed to properly secure their network or because they didn’t have a proper backup plan in place. Please, don’t let this happen to your business.

It’s OKAY to ask questions

It’s important to have an open dialogue with your in-house IT team or outsourced IT company to learn everything about what they are doing, and what they plan to do in regards to your company’s Information Technology.

Whether or not you outsource your IT or have an in-house team on staff, your IT provider is an extension of your business. You need to stay on top of what they are up to just as you would one of your employees. Often, business leaders will simply write a check and let the IT provider do “their job.”

10 questions to ask your IT Company

 

Please, have a conversation with your IT Company and ask specific questions about things like cybersecurity, backup plans, and network monitoring.

As we wrote in the article The Wild West of IT Services, there are no regulations governing IT Service Providers. It’s up to you to do your homework before hiring an IT person or team, and to continuing monitoring the work you are doing for you.

What Questions should you ask?

We have created a Cyber Security Risk Assessment that we encourage you to take. This questionnaire takes less than five minutes to complete and will give you an idea of how well your IT Service Provider is managing your network security and protecting your business against cyberattacks.

IN ADDITION, feel free to ask your IT Company any of the questions from this assessment. If there is a question you are unsure of, ASK your IT Provider for the answer. This is a great tool to help you get the conversation started.

 

Feel free to email me directly with any questions.

Pat Carroll

4 Reasons Penetration and Vulnerability Testing Is Important

/in /by

In today’s world, cybersecurity threats have become more prevalent than ever. The growing number of cyber incidents like ransomware, DDoS attacks, and phishing scams have caused many organizations to rethink their threat management efforts. One way many companies are addressing threat risks and vulnerabilities is through penetration testing solutions.

 

Claim your free Pen Test here >>

Penetration and Network Vulnerability Testing and Its Role in Exposing Security Risks

Penetration and vulnerability tests are threat remediation tactics used to improve your network’s resistance to hackers. These procedures are meant to reveal any weaknesses in your system. Once these weaknesses are revealed they can be fixed, effectively boosting the strength of your network’s security. 

To understand why companies perform these tests, think of your network like a bank. Your network’s firewall acts as hired security guards and cameras. However, because you know there could be areas where you didn’t think to put a camera or have a guard patrol, you hire someone to try and find those blind spots. If that person discovers a way around your security, you can then adjust your security accordingly.

Penetration Tests vs Vulnerability Tests 

Although they’re often confused for one another, there is a difference between penetration testing and vulnerability scanning. Vulnerability testing is used to find vulnerabilities, like employees who can be tricked by social engineering tactics. Penetration tests, on the other hand, are used to find weaknesses in your system.

Who Should Perform Penetration Tests?

Penetration tests, also known as pen tests, work best when performed by someone with little to no knowledge of how your network is secured. Most companies will hire a contractor—often called an ethical hacker—or a penetration testing company to hack into their system. These hackers can range anywhere from experienced developers with advanced degrees to hackers who were self-taught. Some organizations will even have reformed criminal hackers lend their expertise.

Stages of a Pen Test

When performing a pen test, the process will typically go through five stages:

  • Planning and reconnaissance
  • Scanning
  • Gaining access
  • Maintaining access
  • Analysis

The first step involves identifying the target, deciding on the scale of the attack, and setting up testing methods to use. Once that’s done, the ethical hacker will gather information to use during the attack. The next step is to figure out how the target’s security reporting system reacts to different intrusion attempts. Step three and four are to gain access and maintain access. Finally, when the test is complete, security personnel can analyze the security assessment and fix any flaws.

Types of Pen Tests

There are five different types of pen tests:

  • White Box: In a white box test, the ethical hacker will be given some information on the company’s security beforehand.
  • Black Box: During a black box test, the hacker will attack the network without any data. This is also called a “blind” test.
  • Covert: This is a test where only a small number of people will be aware that a pen test is being performed. This is also known as a “double blind” test.
  • External: An external test will target the external assets of the company, like the company’s public website.
  • Internal: This pen test starts from inside the firewall and is an internal test.

What Happens After a Pen Test?

After a penetration test is complete, the ethical hacker will then share their findings with the security team. The security team can then use this information to implement updates to erase the flaws that were exposed and improve their security reporting software.

Protect Your Network with PCR Business Systems

Protecting your network from hackers, computer viruses, and other threats require a proactive approach. Don’t wait until it’s too late. PCR Business Systems offers comprehensive cybersecurity services to keep your computer system safe and secure. If you want the best in IT solutions, request a free quote for penetration and vulnerability testing with PCR Business Systems today.

Cyberattack Monitoring: What Is Your Internal IT Team Missing?

/in /by

Cybersecurity is a never-ending game of cat and mouse. Cyberattacks evolve and threaten your network; in turn, cybersecurity measures adapt to detect and address those threats. At the rate cyberthreats evolve, it can be hard for your business to keep up. However, while it may be hard, it’s not impossible. The key to keeping your network protected is through 24/7 cyberattack monitoring.  

Why Does Your Business Need 24/7 Monitoring?

Companies like DoorDash and Canva have made headlines in recent cyberattack news. Both organizations suffered data breaches that weren’t detected until it was too late. As a result, millions of users were affected, putting their sensitive data at risk. If the DoorDash and Canva intrusions were detected sooner, there’s a good chance the number of affected users would have been much smaller.

These aren’t the only businesses that have fallen victim to threats like data breaches or ransomware attacks, and they won’t be the last. 24/7 monitoring can help in situations like these by alerting the network administrators of unusual activity. Constant network monitoring is a crucial aspect of a proper cybersecurity strategy. However, to understand its importance, you’ll need to know what the service is and what it can offer.

What Is 24/7 Monitoring?

The terms 24/7 monitoring, network monitoring, and continuous security monitoring all refer to a type of security solution that’s automated and used to monitor your network all day and night. The service works around the clock to preserve your infrastructure by constantly looking out for cyberthreats and vulnerabilities within your network. Businesses have increasingly relied on this solution as dependence on digital processes and operations has increased.

This automated solution can be implemented by your internal IT team or you could partner with an outsourced IT provider. However, many small- to medium-sized businesses may not have the time or manpower to devote to staffing a dedicated IT team that could administer such a system. With a managed services provider, they can become your dedicated IT team and take over this process for you. This convenience is highly beneficial for business owners.

How 24/7 Monitoring Works

Continuous monitoring works by providing real-time data on devices and users who attempt to access or work on the company network. What this means is all devices—whether it’s a computer, phone, or tablet—on the network can be monitored. This gives your organization the ability to know what’s happening inside your network at all times. So if malicious software manages to find its way into your system, the administrator will be alerted and they can take the appropriate approach to address the issue and implement the necessary security protocol.

What Does This Service Offer?

Network monitoring is something that can provide a broad range of services such as network debugging and vulnerability scanning. However, what’s included ultimately depends on the provider you work with. When you partner with PCR Business Systems, you can expect to receive services like these:

  • Software updates and network patch management
  • Backup monitoring and restore verification
  • System asset management
  • Software licensing management
  • Hardware monitoring
  • Bandwidth monitoring
  • Onsite and remote support services
  • Immediate alert system

The Benefits of Monitoring

Having a bird’s-eye view of the activity within your network isn’t the only benefit associated with 24/7 monitoring. It also allows your company to stay ahead of threats and minimize damage if your network does succumb to an attack. In addition, 24/7 monitoring can help keep you in compliance with your industry’s compliance standards.

Choose PCR Business Systems for Your Monitoring 

Cybersecurity is something you can’t take for granted, no matter what the size of your business is. Get the security solution you need with PCR Business Systems. We offer a range of managed IT services you can take advantage of, including 24/7 monitoring and support. Our experts will work with you to discuss your needs so we can tailor our services to fit perfectly with your business. We’ll monitor your network at all times so if anything happens, we’ll know about it. To learn more about how we can help you, contact us today!

Cyber Tricks to Watch out for!

/in , , , , , /by

It’s fitting that Halloween falls during Cyber Awareness Month. That’s because cyber criminals and hackers love to dress up in costumes to try and lure us into online scams or to steal our passwords and sensitive data. This year’s most popular costumes are sure to include the usual suspects: IRS employees, friends and family members in need of cash, and the timeless classic–wealthy Nigerian princes and princesses.

But cyber criminals are also now wearing more sophisticated disguises that are becoming harder for us to identify who they really are. It’s up to us to stay on top of the latest cyber trends and be proactive when it comes to protecting our personal and business information from a devastating cyber trick.

Below are 4 current Cyber “Tricks” to look out for:

1 Malware & Ransomware

What’s scarier than werewolves? How about someone holding your computer files hostage while demanding a large sum for you to get them back! This year alone, ransomware attacks are estimated to cost businesses and individuals close to $12 billion in damages!

How to prevent Malware & Ransomware attacks? There are many things you can do to prevent becoming a victim of a malware or ransomware attack, which can be a devastating cyber trick. You can start by changing your passwords regularly, using multifactor authentication, not using public or unsecured WIFI, installing proper firewalls and antivirus software, as well as following these IT Best Practices.

Cyber trick

2 Social Media Scams

Hackers love to dress up as old high school friends or relatives trying to connect on Facebook and Linkedin, only to take advantage of your trust by asking you to click a corrupt link, viewing your private data, or even stealing your identity.

How to prevent Social Media Scams? Don’t post anything on social media that you wouldn’t want a stranger to know or see. In addition, be careful using apps that log you in through third-party sites; exercise caution when accepting friend requests; and never click on suspicious links or send money to someone asking for cash online (even if it is grandma)!

3 Corrupt Email Attachments and Downloads

Phishing scams are becoming harder and harder to detect. They may appear in the form of normal looking, everyday emails from trusted senders asking you to download a corrupt attachment or click on a corrupt link (often the source of a ransomware attack).

Also, as we discussed in the Cyber Crimes article: Case #104: The Heavy Machinery Hacker, some hackers are so bold that they impersonate vendors or trusted company employees and then ask for money to be wired for business-related purchases or expenses.

How to prevent online phishing scams? First, stay up-to-date on the latest phishing scams and educate yourself on what to look out for. Second, don’t click on any links or attachments without being 100% sure they are from a trusted source. Third, if anyone asks you to send money or for your private information, such as a credit card number, reach out to them by phone to verify that the transaction is in fact authentic.

4 Attacks on Service Providers

Is your IT company the weak link in your company’s online security? How about your cloud computing service provider? It’s becoming more and more common for hackers to go after vendors rather than individual companies.

Why? First off, there are no regulations in the IT Industry. That means your IT provider—the same company who has access to many of your passwords and sensitive company data—may not be practicing the high level of cyber security they preach, and thus are an easy target for hackers. In addition, IT companies work with multiple clients. So when a hacker infiltrates their network they gain information to all of their customer’s data.

It’s like leaving a candy jar out on the porch and letting anyone grab what they like.

How can you prevent a 3rd party vendor from being your weakest link? Only work with trusted service providers. You can start by making sure the vendors you work with have been thorough vetted by an independent auditing firm and are SOC certified.

For more cyber security tips to prevent a cyber trick, follow PCR Business Systems on Linkedin and Facebook.

Cybersecurity Awareness Month: How to Prevent Cyberattaks

/in /by

Did you know that October is National Cybersecurity Awareness Month (NCSAM)? NCSAM was created as a collaborative effort by the government and IT industry to bring awareness to the importance of taking proactive steps to protect yourself online. This goes for both home and the workplace. In honor of NCSAM, let’s talk about cyberattacks and how to keep your company from becoming the victim of a data breach.

Protecting Your Business From Cyberattacks

Companies are often the target of cyberattacks committed by cybercriminals in an attempt to gain personal or sensitive information. Many business owners who are in charge of smaller sized companies mistakenly think cybercriminals only focus on the bigger entities. 

However, small to medium-sized companies are often at even greater risk than their bigger counterparts. That’s why it’s important to review your cybersecurity measures, regardless of the size of your organization, to ensure your business isn’t vulnerable to an attack. 

Here are a few steps you can take to improve your business’s cybersecurity.

Secure Your Hardware

The first mistake many business owners make when addressing cybersecurity is focusing solely on the software side of things. They often end up overlooking the importance of securing the hardware itself. Many data breaches occur because of stolen equipment, so your cybersecurity strategy should start off with safeguarding company hardware.

Use Robust Passwords

Creating strong passwords can be a hassle, but it’s necessary for the protection of the various accounts you work with throughout the day. Too often, employees rely on weak or reused passwords because they’re easy to remember. However, weak or reused passwords are easy for hackers to crack. A good solution to this would be to invest in a password management tool. These tools take the hassle out of password creation by creating strong passwords for you and storing them.  

Perform Regular Updates

Your operating system (OS) works hard to fend off would-be attacks, but the effectiveness of that software decreases over time. This is because cyberattacks are a constantly evolving threat. That’s why companies such as Windows and Apple push out new updates for their OSs.  Keeping your OS updated with the latest security patches is a crucial step in staying secure.

Speak With an Expert

If the pipes in your building sprung a serious leak, you wouldn’t try to fix them yourself, would you? No, you would likely hire an expert to deal with the problem because they have the knowledge to fix it right the first time. The same thought process should be used for your cybersecurity. 

Managed IT providers like PCR Business Systems specialize in cybersecurity solutions and can provide the advice you need to enhance your protection. In addition to consultation, these providers can offer comprehensive services specifically geared toward proactively fighting against security breaches.

Educate Your Staff

You could have the best cybersecurity protection on Earth, but that won’t mean a thing if your employees are unknowingly creating a pathway for malware to invade your system. Most cyberattacks are socially engineered to trick people into inviting malware into your network. So while your staff may not be trying to compromise your network, their lack of knowledge could cause problems down the road. That’s why employees are often considered the biggest vulnerability to cybersecurity efforts. Properly educating your team on how to stay secure will dramatically improve your overall security.  

Stay Secure With PCR Business Systems

At PCR Business Systems, we’re dedicated to the protection of your company’s sensitive information. Our highly trained team of experts will work with you to build a comprehensive cybersecurity strategy. We’ll also provide security solutions so you can rest easy knowing your network is safe. For more tips on how to stay protected from cyberattacks or to learn about what PCR Business Systems can do to keep your important data secure, contact us today!