Back to Blog
Security Awareness Training – Time to Jump on the Bandwagon
Human-error; we talk about it all the time, but what exactly do we mean? Human-error occurs when an individual performs a task or does something with an unintended outcome. It’s easy to point the finger at employee’s as being an organization’s weakest link, but without appropriate security awareness training provided by the employer, how can employees truly know what to watch out for?
An IBM study found that human-error accounts for 95% of security incidents, yet security awareness training for employees often ends up on the back burner.
In a recent survey by ESET, we learned that cybersecurity training is not a top priority for many organizations, with 33.3% of employees feeling that their employer has provided them with absolutely none. Only 17.9% of survey respondents felt their employers were providing them with “A lot” of cybersecurity training.
With the need for security training clear, even the most surprising organizations are jumping on the bandwagon, offering security awareness training as part of their services.
Since security incidents are often a result of employee mistakes, it is evident that technology alone is not enough to protect an organization. While antivirus (AV) companies may have previously found success in offering their virus protection services alone, the realization that employees are an organization’s weakest link has led many AV vendors to one conclusion: to be successful and provide services that can truly defend against cybercrime, providing education through security awareness training is key.
Educating employees on security awareness is crucial to organizations, especially those with sensitive data, so why is the AV industry just recently making a push to offer this service? Cybercriminals are relentless in their efforts to carry out their attacks, and while AV companies have historically been embarrassed to admit their products are not the catch-all for fighting cybercrime, they have since recognized that these criminals are becoming more sophisticated in their attempts. In the digital era, criminals have become masterminds at forming social engineering attacks to trick their victims, a scheme that no antivirus can protect against.
In addition, a fierce competition and the desire to generate more revenue could be contributing factors. With free AV software that provides enough coverage for organizations to feel protected, they may look to use those funds in other areas to defend themselves.
AV does play a crucial role in defending an organization, but it’s important to remember that a layered security strategy is necessary for adequate protection. We must not forget that without appropriate training provided by organizations, employees cannot effectively act as that first layer of defense.
Security awareness training will certainly help employees learn how to spot malicious attempts by cybercriminals, but it is also required to comply with federal and in some cases state regulations. A lack of training will open the door for cybercriminals and may result in a breach, causing potentially significant fines and penalties as well as likely damage to an organization’s reputation.
The time is now to jump on the security awareness training bandwagon! After all, employees can’t help defend against cybercrime if they aren’t provided with the necessary tools to do so.
Back to Blog
What Are the Benefits of Managed Services Over Time & Materials or Block Time?
Managed Services offer customers a per user or per device cost which provides business owners with a more fixed proce and holistic approach to managing their IT needs. With this also comes several advantages.
First you have instant access to a team of experts to help maintain your current environment as well as plan for your future growth. This can save you a lot of time and research as you try to decide what you should be doing when it comes to current IT decisions that impact your company. Meeting with your Managed Services team on a regular basis can help keep your business on track and make sure your IT environment will support your business goals.
Managed Services can also allow you to focus on your customers. If you have a full managed services plan, you no longer need to spend time trying to fix IT issues, you simply submit a request and let the experts take it from there. You no longer have to be distracted by all the little things that come up on a daily basis which distract you from your main focus which is taking care of your customers.
Going with Managed Services usually offer a comprehensive list of security programs which make your company safer. Standard packages usually include Antivirus and Malware protection, spam filtering but can be more advanced and include things like log monitoring and Security Awareness training. Security Awareness training is quickly becoming part of the stand program as most breaches are actually started by your employees doing something they could have been trained not to do.
When small businesses choose to go the “time and materials” or “block time” route they are usually hesitant to call and ask for help because they know there is a charge involved each time they request help. Managed Services provides a set cost which you can budget for and in turn it can make environment run smoothly, free up your time to deal with REAL business and make your business more secure. Reach out to Kansas City Managed IT today if you would like to learn more.
Back to Blog
Is Your Staff Your Biggest Security Threat?
As we move into 2019 have you thought about what your biggest security threat is? The answer is your staff. Your staff emails, transfer files, browse the internet and download programs without your IT departments approval. Think about implementing a couple cost effective additions to security education this year which can go a long way in helping to improve your staff’s security rating.
The first one is to implement some sort of a security awareness training. This would consist of receiving a weekly email with a short video which goes over a specific area an employee needs to be aware of. At the end of the video the employees must answer a couple quick questions and the results are kept so you know who is and isn’t participating. These quick videos will sometimes seem like common sense, but you would be amazed how often people forget to use it and they serve as good reminders to the little things that can cause havoc on your network.
The second would be to offer “Lunch and Learns” which have topics to do with security. Lunch and Learns are a good way to remind employees of key things they can be doing to ensure they are following best practices when it comes to cyber security. They also give employees an opportunity to ask questions that aren’t covered in the video training and Lunch and Learns.
If you would like to get started with a security awareness training program give Kansas City Managed IT a call and we can help you determine what program would work best for you.
Back to Blog
Are You Tired of Receiving Spam?
Are you tired of receiving all the spam? Kansas City Managed IT can help. We can setup a solution which will remove the spam from your mailbox, while providing you with a list of what was blocked each day.
In addition to receiving the spam lists which are easy to scan through, each user can also control their own spam settings and create their own blacklists and whitelists. If they don’t want to wait on the spam list to be sent to them, users can log into the portal at anytime to look for missing messages.
Do you need to encrypt messages to meet compliancy requirements like HIPAA ? This same solution can provide an easy to use system for message encryption. One of the biggest complaints people have about using encryption services is that the end user must create yet another account and keep track of their password. The technology used by our selected solution encrypts the message without the need for a new account and password.
Reach out today to learn more.
Back to Blog
What is Crypto Mining and Crypto Jacking?
Crypto Mining is the process used to attempt to generate cryptocurrency. It requires a substantial amount of resources and because of this, groups of people often join resources to gain more computing power. Cryto Mining in and of itself is not bad. It is almost impossible to create a coin with the resources you have access to.
Why is all this important to businesses? If your computers are being hijacked to mine for crypto currencies, then your employees’ computers are running slower which can cause a loss in productivity or cause you to purchase unneeded bandwidth or hardware. The scripts are easy to install and it is becoming more common for employees to intentionally add the software to machines at their offices.
It is more important than ever for businesses to make sure they have the proper security policies and procedures in place to help prevent these types of attacks.
Back to Blog
What Can Ransomware Infect?
Did you know that ransomware does not only infect your desktop and any drives you have attached to it, but it can also infect your cloud storage. This has not been reported on as often, but it has happened and will continue to evolve and infect more and more platforms. With this in mind, you need to make sure your backups are being done in such a way that they can detect ransomware. If you are backing up to the cloud you need to ensure that it is as secure as possible to help combat against infection.
Another problem companies are facing is their backups are backing up an infection, which can prevent backed up data from being recovered. This is why it is important to keep multiple instances of your backups. Some backup solutions have begun to build in notification measures to let you know if it detects an abnormal amount of changed files so that you do not overwrite your offsite backups with corruption.
If you would like to learn more about backup solutions we offer to help keep your backups as secure and reliable as possible.
Back to Blog
How Good is Your Disaster Recovery Plan?
Since hurricane Michael has been in the news with its mass devastation and it being Cyber Security month, we thought it would be good to review what a good Disaster Recovery Plan looks like.
It really doesn’t matter what size your company is or whether your data is in the cloud or on-premises, every company should have a detailed disaster recovery plan with step-by-step instructions on how to do the recovery.
This plan should include: what will need to be recovered, detailed steps on how to do the recovery for each device, contact information, device specifications, where to acquire the new equipment and the order of importance if you are recovering multiple devices at once.
Reach out if you would like to learn more or need help setting up your Disaster Recovery Plan.
Back to Blog
The Importance of Cybersecurity
Cybersecurity is the protection of internet connected systems from security threats. There are many layers to cybersecurity and companies should make sure they are doing all they can to protect themselves in each category.
Listed below are several of the categories, definitions and remediations to consider:
Back to Blog
Keeping hardware and software up-to-date
While everyone likes to get as much life as they can out of equipment it is also important to think about other key factors. Equipment and application vendors provide an end of life date at which time they quit supporting equipment and quit providing security updates. In today’s world, it is more important than ever to make sure you have systems that are being continually updated. People with malicious intent, are constantly trying to find the easiest ways into systems and often that is through systems which are no longer being updated or patched.
Productivity can greatly be affected by out-of-date equipment. Faster equipment and more efficient applications are constantly being released. By keeping these up-to-date, your employees will have the ability to be more productive. Aging computers get bogged down with miscellaneous applications that over time, slow down your computer systems.
Lastly, if you wait too long to upgrade the combination of equipment and applications, you can find the process very painful. You will find that when you get that new operating system and try to run applications that are 10-15 years old, they no longer work or certain features no longer work. By keeping both equipment and applications up-to-date together, you will find everything runs smoothly and your employees are not getting frustrated due to poor performance of aging equipment.
Back to Blog
Why is it important to keep your equipment and applications up-to-date?
How much does your company depend of the computer systems you have in place?
Would your employees be able to do their jobs without them?
How much time would it take to restore your systems?
How much data can you afford to lose?
How much time would it take to rekey missing and new data after a restore?
What devices would you need to purchase in order to get back up and running? Can you purchase these items easily at your local store?
These are all things to consider when developing a good disaster recovery plan. We touched on different backup offerings in the last blog and how the backup option you choose can affect your recovery time. As you can see by all these questions, there are many more things to consider. One of the best ways to get started is to document all your IT assets. You can then use the asset list to help create your disaster recovery plan. You can document the importance of each asset as well as where to get a replacement and how long it might take to get. In some cases it may make sense to have spare equipment stored off site to speed up the process. You then need to think about other variables like internet access, where can we work from temporarily if needed. When you begin to think about downtime and its cost it may also help guide your future technology strategy. You may determine that it would be too costly to have a disaster occur at your place of business which can drive you to move your technology applications out to the cloud for instance.
Kansas City Managed IT can assess your situation and help you develop your disaster recovery plan.