New Year’s Security Resolution

How can you strengthen your cybersecurity?

As 2018 comes to a close many people make New Year Resolutions. So today I’m going to ask you to include this on your list: Resolve to take time to make your online life safer.

Start by taking a piece of paper and make a list of all the Internet-connected devices in your home: Desktop and laptop computers — including those of your kids — modems and Wi-Fi routers, smart phones, connected TVs, smart speakers, surveillance cameras, baby monitors. Next, for devices like computers and smart phones, look at what applications are on them. Are there ones aren’t you using? Get rid of them, they’re a security risk. Of those that remain, are you updating them? If not, why not? Are the developers issuing security updates or is the software so old it’s no longer supported? Get rid of them, they are a security risk.

For other devices, like routers, is their software patched? Replace old devices that are no longer supported.
Then make a list of everything that has a password. Make sure the passwords aren’t easily guessable – like the word ‘password’ or 123456.

If a hacker’s target is a person, they’ll do some research. Which is why passwords directly related to your work – for example, that include the name of your company or your title – aren’t safe.

Two-factor authentication is where in addition to your password you get a number sent to you on a smart phone that also has to be entered when you login. Gmail has it, Facebook has it, your bank may have it. Investigate whether the sensitive sites you use have it, and enable it. Don’t have the second code sent to you by SMS text, use Google Authenticator or Authy.

How do you keep track of all those passwords? With a password manager. You might have one that comes with the antivirus or anti-malware suite already on your computer. There are versions for smart phones.

 

Article written by Howard Solomon with itworldcanada.com

While you make your New Year’s Resolutions for your personal or professional life take a minute to look into how you could improve your cybersecurity in both of those areas. There are a few tips below that can help make your devices a bit more secure. Contact CITON today for more information on securing your data. (218) 720-4435.

 

Defense against Cyberattacks

What action are you taking to protect your network?

How confident are you that your business will continue to operate in the event of a cyberattack? How would you recover from a cyberattack? Do you have a cyber-incident recovery plan that makes every second count?

Information security and business continuity leaders often face these questions from their chief executive or their board. In all likelihood, they often ask themselves these same questions.

Today’s malware can affect systems and networks, even if they are seemingly fully patched, leading to loss or theft of millions of records, high financial costs, regulatory penalties, damage to brand and reputation, not to mention loss of customer trust.

Why is it important to build resilience?

Over the past few years, cybersecurity technologies have evolved by leaps and bounds. We are getting better at securing our network perimeters, and threat intelligence today is powered by artificial intelligence. But adversaries are now as equipped and resourceful as legitimate business organizations — and they only need to get it right once, while we need to be right all the time. The Ponemon report also indicates that business organizations face more than a 32% likelihood of a material data breach by 2020.

With attacks becoming more malicious and techniques more advanced, the strategies and plans to mitigate the impacts of such attacks must also change. Businesses need new technologies and practices to survive and adapt to today’s cyber outage scenarios. Cyber resilience is a unified approach combining cybersecurity with data protection and disaster recovery methods, designed to protect against and rapidly recover from disruptive cyber incidents.

While IT and information security leaders are struggling to determine the appropriate technology areas to spend their limited budget on, it is imperative that they take a holistic view of IT risks and build a robust cyber resilience program to keep their business operations functional during and after a cyberattack. With a cyber-resilient environment, IT can be at the forefront of fostering relationships with business leaders and partnering with them to confidently drive their digital transformation journey forward.

Start the new year with an improved recovery plan by updating your tools and services, like CITON Aardvark. Curious? Contact us to learn about the security options we offer to support your business’ information. 218 720 4435

By Andrea Sayles, General Manager of IBM Business Resiliency Services

Cyberattacks can happen to anyone at any time. It is a growing threat that is not slowing down. While you may not be able to prevent attacks from happening you can harden your defenses and have a recovery plan in place for when it does. CITON offers detailed assessments of your system that assist in the detection and protection of your data.

 

Growing threats to network security

How secure is your network?

Is your network security infrastructure prepared for these threats?

The modern, globally connected digital world demands that business applications, data and services be constantly available from any location, which means networks must span multiple hosting environments, fixed and mobile devices and other forms of IT infrastructure. The network has become not only a target, but also a channel for disruption: It’s a primary route of distribution for distributed denial of service (DDoS), phishing, ransomware, worms and other types of malware attacks.

Make sure that your network security infrastructure is up-to-date to efficiently react to these network threats:

DDoS attacks are proliferating.  The volume and strength of DDoS attacks are growing as hackers try to bring organizations offline or steal their data by flooding websites and networks with spurious traffic. Two factors are helping criminals in their endeavors. One is the widespread availability of “DDoS for hire” services, whereby hackers rent out their skills for very low sums of money. The other is the growing volume of internet-of-things products with poor security defenses that are being attached to device-to-device, edge and core networks.

Remedy: Be sure to create a DDoS mitigation plan. Protect networks against DDoS attacks by monitoring and controlling LAN/WAN traffic flows and device bandwidth consumption to receive earlier warnings of attack.

Network-based ransomware is designed to destroy systems … and data. Self-propagating ransomware attacks that quickly spread across systems do not rely on humans to click a button, download a file or plug in a USB stick. They just need an active and unpatched workstation (think WannaCry and NotPetya) and an automated software update. Many security researchers believe that the primary purpose of some ransomware attacks is not to extort money but to deliberately destroy data on infected systems.

Remedy: Perform regular backups of mission-critical data, ensure all systems and applications are patched and up to date and use vulnerability assessment tools to find gaps in defenses. It’s basic stuff, but it couldn’t be more vital.

Malware is evolving, with activity masked by legitimate cloud services.  Today’s business needs have changed the way enterprises send and store sensitive data, with more organizations using off-premise cloud-hosted repositories and services.

Remedy: Threat intelligence monitoring and analytics are more advanced than ever before. These services can identify suspicious behavior that could indicate legitimate services disguising hacking activity.

Encryption is meant to enhance security, but it’s also helping hackers to conceal their communications. We’ve seen a big rise in the percentage of network traffic that is encrypted — a natural consequence of organizations protecting sensitive data by scrambling communications. But this approach to securing data cuts two ways, with threat researchers also noticing a threefold increase in the volume of encrypted network communication employed by malware in 2017. Encryption gives hackers more time and space to operate prior to their eventual detection and remediation.

Remedy: Use machine learning and artificial intelligence to identify unusual patterns in encrypted web and network traffic and send automatic alerts to security staff if issues merit further investigation. Automation really is the future of network security.

 

Written by Sander Barens from GNC.

Network based attacks are on the rise, and not slowing down. These cyber-attacks aimed at businesses have almost doubled in the past years. How secure is your network infrastructure? Call CITON to defend your business’ network, and design a disaster recovery plan.

 

Security in the workplace

SETTING HIGH SECURITY STANDARDS

WITHIN YOUR ORGANIZATION 

Gemalto, a leader in digital security, reports that more than 4.5 billion digital records, each with an estimated average value of $148, were compromised in data breaches during the first half of 2018. The breaches have a staggering financial and operational impact.

The survey of 400 full-time U.S. employees found a general understanding of security risk, but risky online behaviors. The survey concluded:

  • Workers understand cyber basics. 80% would not share passwords via email or text and most had passwords that included letters, numbers and symbols.
  • Kindness takes priority over security. Nearly 50% admitted they would allow a fellow employee to use their work machine. Only 35% of employees with administrative access would refuse to let a colleague use their device.
  • People continue to swallow phishbait. Only 36% of employees polled were able to identify suspicious links as an indicator of a phishing email.

The current baseline understanding of on-line security needs ramping up through training at all levels. A whole-of-organization approach is called for, and tailored interactive training can help build a culture in which each employee recognizes their responsibility to stay safe and secure online.

 

Article from KnowBe4, written by Stu Sjouwerman.

Securing your business data is only half the battle. Get your employees the knowledge they need to be part of online security within your organization. Call CITON to find out how we can provide the necessary security measures you need.

 

Entrusting your data to HP

IF YOU CAN’T TRUST YOUR HARD DRIVE –

DON’T TRUST YOUR DATA

Why Buy HPE Server and Storage Hard Drives?

In today’s distributed enterprise with larger, more complex applications than ever before, an increase of mission-critical data moving to the server, and continued server consolidation, storage has become more important than ever. HPE delivers the highest quality products to ensure the integrity and availability of data. A major component of this process is HPE’s commitment to deliver the highest quality hard drives in the industry. So Why Buy HPE Hard Drives?

Qualification Process. HPE drives are NOT the same as their OEM equivalent. HPE has set up an industry recognized qualification process unmatched in the industry with four teams dedicated to testing drives in real-life and extreme environments:

  1. Selection Evaluation Team
  2. Development Validation Team
  3. Supplier Production Qualification Team
  4. Continuous Improvement/Performance

Not only does HPE test for data and signal integrity and physical defects, but we also audit supplier processes and put drives through real-life situations to see how they cope with the differences of various operating systems. The HPE system compatibility aspects of an HDD product are validated through a series of test sequences defined by a set of matrices that describe representative configurations, including both HPE legacy and new storage applications. Typically, more than 2,000 unique HDDs are used to evaluate a product family during the Development Validation phase, and approximately 2 million drive test hours occur during each family qualification. Closed-Loop Quality System. HPE’s closed-loop

Closed-Loop Quality System. HPE’s closed-loop quality system includes multiple quality controls and monitoring systems. These quality controls and monitoring systems ensure the product meets HPE’s quality and reliability requirements. The controls will alert HPE and the HDD Supplier to any “out of control” conditions and quality issues, allowing HPE to contain nonconforming product and implement corrective actions prior to shipment of nonconforming product to customers.

Integration. Many issues customers have with third party hard drives have to do with “simple” integration concerns. All HPE hard drives ship with the correct cables, SCSI ID settings, termination schemes, and documentation for HPE servers. When buying from another supplier, there is no guarantee that these drives have been set properly from their generic default settings to ensure proper operation with HPE servers.

HPE has developed strong long-term working relationships with all of its HDD suppliers. HPE engages with HDD suppliers in researching new technologies, product requirements, long-range product roadmaps, new features, and defining requirements for product designs. HPE also works with HDD suppliers 2 to 3 years in advance of product availability to ensure technology feasibility and successful system integration.

Firmware. High performance drives include a firmware-based feature named “Tagged Command Queuing”, which improves performance and dramatically increases the complexity of drive operations, making the firmware similar to a multi-tasking operating system. There are an enormous number of timing sequences that need to be tested to ensure that the drive firmware design is “bullet proof” with amendments made accordingly. Only HPE drives have firmware tested and optimized for HPE systems.

Pre-Failure Warranty. HPE’s Integrated Lights Out (iLO) leverages technology embedded in Smart drives to detect anomalies in drive operation. When a drive performs outside an accepted parameter, the agents send an event to iLO. Under HPE’s exclusive Pre-Failure Warranty, the drive can then be replaced at HPE’s expense. This feature allows Systems Administrators to proactively schedule downtime for maintenance without interruption to business critical operations. With a combination of hot-pluggable drives and a Smart Array Controller, the faulty drive can be replaced without any downtime. Only HPE drives can be monitored by the health log and benefit from this warranty. Note of caution: The HPE warranty may be invalidated when HPE products have been damaged or rendered defective by the installation or use of third-party parts.

Price Competitiveness. HPE monitors the drive market on an on-going basis to ensure that our drives are price competitive with all competitors and to offer superior price/performance and the lowest total cost of ownership (TCO).

Written by Levi Norman, HP

CITON has used HPE hard drives since the first server we built. We believe in providing the highest quality products to our customers. Hard drives are a vital piece of equipment for the security and performance of your business. Contact CITON to learn more on how HPE hard drives can improve the integrity of your data.