24 September





Small to medium-sized businesses often struggle with identity management because they lack the resources of big companies to implement enterprise solutions, but something as simple as two-factor authentication can help keep your company secure.

Two-factor authentication simply means that after entering your password, you need to do something else like enter a code that gets texted or emailed to you, or confirm the change with an authentication service.

Of course, you want the individual’s identity to be secure, but at the same time you don’t want to be overly complex. I’ve worked for a large organization that signs me out every couple of weeks, then forces me through a burdensome process that starts with sending a code to my phone.

After I enter the code, I need to come up with a new 20-character password, which can’t be like any of my previous passwords. Then, I have to enter the password twice and make them match. Once I’m able to make that work, which usually takes a couple of shots at least because getting 20-character passwords to match takes some doing, I need to approve the change on my smartphone.

If that sounds like a bit of an ordeal, I can tell that it absolutely is, and it’s probably a cycle you want to avoid putting your employees through.

The password conundrum

Complex passwords are good, but often force silly work-arounds like writing them down. If you have your passwords written on post-it notes in your drawer (or worse, attached to your monitor), this isn’t the most secure approach, is it?

On the other hand, people can be amazingly simplistic, when it comes to creating passwords. The worst password lists have 12345 and password (yes, the word password) topping the lists every year. You don’t have to be a hacker genius to figure that one out, do you?

Many people end up using the same passwords over and over across the internet for simplicity’s sake, and with each breach, those passwords get leaked. It means your regular password is probably floating around the internet somewhere, just waiting for someone with nefarious intent to pick it up and enter your company network using the stolen credentials.

By bringing in that second factor, you can limit the harm done by stolen credentials. If you are using an approve/disapprove service, you should train your employees to change passwords immediately if someone is trying to make a change that’s not them. You could even have a protocol to force this to happen.

Two-factor isn’t foolproof of course, but it does offer you a simple way to protect against stolen (or guessed) credentials without putting an undue burden on your users.



Article by Ron Miller

Ron Miller is a freelance technology reporter and blogger. He is contributing editor at EContent Magazine and enterprise reporter at TechCrunch.

20 September





You know, we’ve been doing this a while.  And by this we mean I.T.  Now here’s the thing, at CITON we truly believe that we are only as good as the last problem we solved. We work hard to design a solution that is creative to the point where it solves not one, but many challenges at the same time.  Yeah, we love tech but we love it because of what it can do for our clients.  

Success in I.T. requires us to evolve. In our 24 years we have had to re-invent our company many times over.  Why? Because, for us to remain relevant, we have to continually adapt our offerings and our skill set.  This allows us to provide real solutions that work and provide real value to our clients.

But how do we do this? Who “trains the trainer?” For us at CITON we have found that partnering with our vendors and distributors is the fastest way to educate our entire team on the latest methods available to use technology to build business. We are fiercely loyal to our business and technology partners.  The reciprocal loyalty, tenure and strength of these partnerships creates a level of understanding, access and consistency which empowers CITON to solve problems more quickly, more creatively and more conclusively than our peers

One example of this is our long term partnership with Hewlett Packard Enterprise or HPE.  Their blend of hardware and software provide the best possible experience for our customers. It’s incredible how devoted HPE is to designing technologically superior products. HPE’s line of storage, the “Nimble and Simplivity” line of products, provides both CITON and our customers with the best-in-class storage experience along with a sense of peace of mind that our all-important data will be available quickly and securely whenever and wherever we need it.  Want further proof? Well, CITON just installed a brand new Nimble storage array in our data center.  If you are one of our many hosted customers you probably didn’t even know that.  And, that’s just the point.  We migrated all data, across platforms in the dead of night, seamlessly.  That’s how partnerships work.  For you and for us.


HPE Nimble Storage is a predictive flash storage technology developed by Nimble Storage that was based in San Jose, California founded in early 2008. Nimble Storage produced hardware and software products for data storage, specifically data storage arrays that use the iSCSI and Fibre Channel protocols and includes data backup and data protectionfeatures.[1] Nimble is a subsidiary of Hewlett Packard Enterprise.[2]

10 September

Threat Denial?


It’s a messy place, but it’s our messy place!


We get it. We are all somewhat numb to these threats. Like your Mom said “drive carefully, you could get into an accident on your way home from work.” It could happen, but its unlikely. This isn’t the same. It is not a question of “if” but “when” you get hacked. At Citon we agree with Travelers that there are steps every business needs to take to strengthen their business from these prevalent attacks.

Call our security experts for advice on how to protect your small, medium or large enterprise.


7 September

Threat Landscape



Threat Landscape: Virtually no firm is immune from severe exploits

Of the 103,786 vulnerabilities published on the CVE List since it began, 5,898 (5.7%) were exploited in the wild according to research from our recently released Threat Landscape Report. With over 100,000 known exploits, most organizations cannot patch vulnerabilities fast enough to keep up. This indicates that cybercriminals are not only developing new technologies and strategies to exploit potential victims, but they are also becoming more selective in the way they leverage those exploits, focusing on those that will generate the biggest bang for the buck.

Such information can be extremely valuable when it comes to prioritizing patching vulnerabilities. If criminals aren’t exploiting the vast majority of vulnerabilities, then fixing everything—beyond being impossible—is not the right approach. Instead, it is essential to incorporate the knowledge of what they are exploiting through threat intelligence services such as the ones provided by FortiGuard Labs into the decision-making process. Organizations can then couple such threat intelligence with Security Rating Services that provide real-time insights on security preparedness across all security elements to take a much more proactive and strategic approach to vulnerability remediation.

This conclusion is just one of the highlights taken from the latest Fortinet Threat Landscape Report. The FortiGuard Labs team processes over 65 trillion security events per year using advanced techniques and patented technologies—including one of the most advanced self-learning systems in the world—to extract timely and relevant threat intelligence, seek out avenues of attack and discover emerging threats. Fortinet then collects and publishes those finding quarterly, highlighting critical takeaways for organizations of all sizes and industries.

At Citon we understand the threat landscape. We have spent almost a quarter of a century working to enhance security. Our roster of partners are knowledgeable, smart and fast.  If you are in a crisis or want to tighten your security before a breach, we can help.

If you’d like to Download the full report. Read the news release announcing the report.

Thanks to our friends over at Fortinet for the research into the current threat landscape.  

Hint: These guys are good!

19 December

8 Hard Truths for SMBs not Worried About Data Recovery and Business Continuity

7 Must Haves for Your Small Business Website

8 Cold Hard Truths for SMBs Not Worried About Disaster Recovery and Business Continuity

The foundation of any successful business continuity solution is the ability to retrieve data from any point in time from anywhere. When the topic of data recovery and business continuity comes up, you get the feeling that many decision makers at smaller businesses and organizations wish they could channel their inner six year old, simply cover their ears, and sing “La, la, la. I Can’t Hear You. I’m Not Listening.”

Everybody thinks bad things only happen to other people. Just because we hear about a fatal car accident on the morning news, doesn’t mean we fixate on that news when we ourselves get into a car and drive to work.

So no matter how many times the owner or executive of a small to midsize business (SMB) hears of other small businesses being crippled by hurricanes, tornados, fires, or flooding, they aren’t necessarily overcome with fear to the point that they feel an urgency to take action.

Sure, they may think about backup and data recovery solutions a little more that day, but not enough to initiate immediate change or reverse a lenient approach to their processes.

If you fall into this category, here are eight cold hard truths to consider

  • It isn’t natural disasters or catastrophic losses like fires that take down small businesses but something far more sinister – malware. Cyber attacks through malware have grown exponentially in the past four years. Malware is hitting everything from PCs to Macs to mobile devices and it’s inflicting damage.
  • Over half of the small businesses in the U.S. have experienced disruptions in day-to-day business operations. 81% of these incidents have led to downtime that has lasted anywhere from one to three days.
  • According to data compiled by the Hughes Marketing Group, 90% of companies employing less than 100 people spend fewer than eight hours a month on their business continuity plan.
  • 80% of businesses that have experienced a major disaster are out of business within three years. Meanwhile, 40% of businesses impacted by critical IT failure cease operations within one year. 44% of businesses ravaged by a fire fail to ever reopen, and only 33% of those that do reopen survive any longer than three years.
  • Disaster recovery solution providers estimate that 60% to 70% of all business disruptions originate internally – most likely due to hardware or software failure or human error.
  • 93% of businesses unable to access their data center for ten or more days filed for bankruptcy within twelve months of the incident.
  • In the United States alone, there are over 140,000 hard drive crashes each week.
  • 34% of SMBs never test their backup and recovery solutions – of those who do, over 75% found holes and failures in their strategies.

It’s critical that small businesses review their backup and disaster recovery processes and take business continuity seriously. Given the vulnerabilities associated with the cloud and workforce mobility, the risk of critical data loss today is quite serious and firms must be truly prepared for the unexpected.

Contact us at Citon