Author: adminjeff

Employee of the Month: February 2023

February 2023

Tracy Teague

Tracy has been working as our Bookkeeper since September 2021. Since coming onboard, she’s had a positive impact on our critical finance functions (billing, collections, and payables). She has a wonderful attitude and is passionate about her work. She is always willing to step up on special projects and interface with customers. We very much appreciate her efforts and are very happy that she is apart of our team!!!

When DNS filtering and website blacklisting aren’t enough-and they aren’t

Your computer uses the Domain Name System (DNS) to direct you and your employees to the websites you wish to access. In this case, your computer contacts DNS servers to request the IP address associated with a website’s domain name and then uses the IP address to connect to the desired website or service.

Businesses can be vulnerable to DNS spoofing attacks, in which attackers redirect DNS traffic to fake or malicious sites. To protect against DNS spoofing, companies like yours choose to work with our team to provide Advanced Web Protection.

Advanced Web Protection is the process of securing DNS servers and clients from attacks.

Our Advanced Web Protection is a layer of security that complements and goes beyond traditional content filtering, antivirus, and firewalls. It helps keep your employees safe and productive as they browse the web by giving you granular control of the websites your employees can access. This improves overall security and workplace efficiency.

Some things Advanced Web Protection
can do for you
:

  • Set web-filtering policies
  • Determine website block lists
  • Create time and content-based browsing policies
  • Provision different web-filtering profiles for
    varying workplace roles
  • Employ AI and machine-learning technologies to go beyond simple website filtering and secure at a behavioral level

Some of the ways we use Advanced Web
Protection to protect your web traffic are:

  • Configuring DNS servers to only accept queries from trusted sources
  • Using encryption and authentication for all communications between DNS servers and clients
  • Monitoring DNS traffic for suspicious activity

Advanced Web Protection is an effective way to improve the security of your business’ IT systems. By blocking malicious or unwanted traffic at the DNS level, you can minimize the threat of access to your systems and data by criminals. Advanced Web Protection is an effective way to improve the security of your business’ IT systems.

Some benefits of our Advanced Web
Protection include:

  • Prevent data breaches by blocking malicious traffic before it reaches your systems
  • Improve system performance by reducing the amount of unwanted or malicious traffic that your systems have to process
  • Reduce the costs associated with cyber attacks by guarding against criminals looking to access your systems and data

For more information on how Advanced Web Protection can improve the security of your business’ IT systems, contact our team of cyber-
security specialists for a no-obligation conversation.

Need more information?

CYBER INSURANCE CONSULTING AND CYBER RISK ASSESSMENTS

Insurance helps a business like yours manage your exposure by providing financial payments to cover potential losses that you may not be able to afford if they should occur. This allows you to continue to operate when risk may be too great, as well as acting to soften financial burdens that could arise due to a covered event.

Cybersecurity insurance (or cyber insurance) provides coverage for losses due to cyber attacks, data breaches, or other tech-related risks.

Our team does not sell cyber insurance. However, we work with companies like yours to, provide consulting services that support you in navigating the IT systems and processes side of applying for cyber insurance, and in maintaning of those systems in line with the expectations of your insurers.

What can a typical cyber insurance policy
cover? The costs associated with:

  • Incident response
  • Post-threat event Investigations
  • Ransom Demands
  • Notifying customers about the exposure of PII, PHI or PAN
  • Credit monitoring
Helping you navigate an underwriter’s risk assessment

When you apply for cyber insurance, the
underwriter may want information related to:

  • Your company
  • The individuals managing the IT and data for your business
  • Assessment audits performed by third parties on behalf of the insurer

Coverage:

Based on the insurer’s risk assessment of your business, the insurer they will propose a coverage limit. Often, the coverage starts at $1 million per occurrence or an aggregate per year limit. Depending on your business, this may or may not be enough. Our consultants can help you think through this and dozens of other variables.

Assisting you with the insurer’s request for information.

  • Assets (physical and data)
  • Current security controls
  • Previous cyber events
  • Prior cyber liability claims
  • Process and documentation

You still need IT specialists on your side after your new cyber insurance policy is signed.

Getting the policy is the easiest part of a very complex process. If needed, filing a claim is the hard part. Our team works to assist you in the following:

  • Maintaining your security controls in accordance with the policy you’ve signed
  • Implementing a recognized cyber security framework
  • Demonstrating due care to the insurer
  • Keeping documentation, audits, reports, and anything else that can prove things are as they should be

Need more information?

Cyber Risk Profile

Doctors look at your medical and family history to determine which diseases are most likely to afflict you in your lifetime. From this assessment, they are able to suggest proactive actions that can lower your risk for these problems to occur.

It’s no different with the IT systems within your company.

A team of IT professionals are needed to survey the general cyber health of your systems and determine the current reality of your IT security posture.

Knowing your cyber risk profile helps you make proactive, executive decisions about everything from investments in your tools to the management and monitoring of your IT security protocols.

Our team works in coordination with companies like yours to help assess the state of your cybersecurity and make recommendations to align your security efforts with threat trends.

The assessment offered by our specialists generally consists of sending a technician onsite to deploy some tools along with building out a review and report of the results of those evaluations.

Just like your health, knowing your current state is the first step in mitigating the risk to your organization’s operations.


What is PAM (Privileged Access Management)

PAM (Privileged Access Management)

Let’s talk about PAM, and no I am not talking about the beloved cooking spray. I am talking about PAM; Privileged Access Management. Many define this as a technology that controls the elevated or privileged access permission for users, service accounts, processes, and systems within the IT ecosystem. Placing this into terms of why we would need to do this. We have all seen a request for these cyber insurance forms, compliance requests, contractor self-attesting, etc. On these forms, it can commonly be found requesting how your company is handling its Least Privilege access.

What can I do with a PAM to apply the principle of least privilege you may ask? That comes down to restricting permissions to the minimum levels a user or program needs to perform. And it has become a great way to protect against cybersecurity threats.

What can PAM do at a practical level of an organization?

A simple answer prevents mistakes or malicious action from happening because the fact is the user, service account or application cannot run said function without approval.

What are the capabilities to look for in your PAM?

  • Integration – Improving user workflow by centralizing access
  • Automation – Remove manual tasks with an automated process
  • Role-based access control – Restrict network access to authorized users based on their role
  • Auditing – Records and monitors privileged session activity
  • Compliance – Help your organization achieve its cybersecurity goals
  • Easy – It should be user-friendly to streamline the process

What does this mean for you and your staff?

Pretty simple question and yet brings a rather large change to the day-to-day operations within a network. You may have heard your IT team say they need to prevent users from installing senseless applications on machines. In most small to medium businesses, most users are configured with administrative rights on the local machine, giving them a great level of autonomy to install and update anything they want. But if you think about it, this is where most mistakes occur, and breaches happen. If a user can no longer run an executable on their machine that has not already been approved to run, they would need to send in a request for approval.

What does this mean for management?

Well, you need to have a procedure defined on what is and is not approved applications for the staff to perform their duties. If they are putting in a request to download uTorrent or Spotify on a work machine, most likely this is not something you want happening inside your business. Having this process will allow the IT security team a workflow to follow for approvals.

Do the requests ever end?

Short answer, no, not really. Users are always going to install new things on their workstations. It is not that they are doing this maliciously it is the feeling of need and want rather than safe or required. With a PAM solution that is properly configured, it can be incredibly manageable to handle hundreds of users and their requests. Best to take control of the situation than let your network become the wild west of your users.

Conclusion

Implementing a PAM solution is an efficient method to control permissions within your network. Better auditing and insight into what transpires at the user, and machine access level. Reducing the risk of over privilege and poor off boarding to prevent security holes. At the end of the day, it is about protecting your business.


Data Backups

Is your company utilizing Data Backups?

What would happen if got to the office one day and ransomware had locked you out of your files? The document you need for an early meeting is encrypted and unusable; the client file your staff needs to work on before their deadline is unreadable; and the presentation your sales team has worked on for the past week can’t be accessed.

Everything is going wrong, so you call your IT support partner.

If you’ve been doing regular backups, they might say something like, “This is bad, but it’s fixable. We’re on it. Give us some time and we’ll get into it.”

Without regular backups, the response from your IT guys may be completely different. Companies have been forced to pay thousands of dollars to ransomware-wielding criminals just to regain access to everyday company files.

Recent ransomware news stories illustrate the need for proactive anti-ransomware activity and ongoing vigilance. One of the most important anti-ransomware strategies you can implement in your business is a robust data/workflow backup protocol. By systematically backing up your essential files, you have a fall-back copy to utilize―even if your in-house IT systems become infected.

The backups our team implements can be activated in the event of a ransomware attack as well as any negative incident―natural or man made―that limits your access to on-site data/workflow.

To learn more, Contact us today.


Is Antivirus Enough?

Managed Endpoint

Detection and Response

The best way to manage today’s security threats

Security used to be so simple. You installed anti-virus (AV) solutions, trained employees not to click on unknown links, and kept software and websites up to date.

AV solutions have done a great job of keeping small and medium-sized businesses (SMBs) safe for many years. However, the threat patterns are changing, and SMBs need a different type of protection to combat these increasingly sophisticated, severe attacks.

Here’s why: AV solutions rely on signatures to detect threats, but the latest threats don’t use signatures and can slip through and enter your company’s networks undetected.

Here are a few examples of some of the risks we’re
seeing in the marketplace now:

  • Weaponized documents that may seem like harmless PDF attachments in your emails but execute attacks once they enter your network.
  • Fileless threats that don’t require downloads, but execute from memory, making them difficult to identify.
  • Zero-day threats that find an unknown computer vulnerability and exploit it before software or hardware providers can issue updates.
  • And of course, continued ransomware attacks, which can disable IT networks as cyber-attackers demand huge ransoms to restore data and services.

82% of SMBs say they have experienced a cyber-attack that their AV systems didn’t catch.

“The ransomware attack was the last straw. It took days to restore our systems. We’ve upgraded our security system with Managed Endpoint Detection and Response to keep our business safe from these types of threats moving forward.”

Keep Your Business Safe from the Latest Threats

You want to keep your business, employees, and all your devices safe from cyberattacks. And we all know that mobile devices are often the weakest link of IT security, as workers use less caution on-the-go than they do in the office. Here’s why Managed Endpoint Detection and Response (EDR) is the best choice now for your IT security and business continuity.

Managed Endpoint Detection and ResponseAnti-Virus Solution
Gain freedom from ransomware by rolling back
devices to their pre-infection state.
Can’t roll back to a pre-infection state, increasing
your ransomware risks.
Use artificial intelligence (AI) to detect and
prevent both current and emerging threats, with
continual updates to the platform.
Use signatures to identify threats, meaning
capabilities lag cyber-attackers’ latest strategies.
Monitor processes before, during, and after
execution, to prevent new threats from slipping in.
Fly blind during execution, creating an entry point
for new threats from savvy attackers.
Monitor your systems in real-time.Rely on daily or weekly scans, increasing your risks.
Keeps device performance fast with continual
monitoring.
Can slow down your device performance with
long scans.

Never worry about ransomware again with Managed EDR.
Just click and restore your devices to their pre-infection state.

How Managed EDR Benefits You

Protect your business from ransomware attacks –
Gain peace of mind by using Managed EDR to roll
back any and all devices to their pre-threat state.
Simply click and restore infected machines to full
productivity, no matter which strain of ransomware
is holding them hostage. There’s no need to pay
expensive ransoms to cyber-attackers or hire
high-priced consultants to rebuild network access.
Managed EDR pays for itself by keeping you safe
and secure.

Increase employee productivity – Eliminate
threats that outwit traditional AV solutions and
maintain faster device performance, creating fewer
distractions that eat into employee productivity.
Let the experts manage it for you – Don’t spend
time trying to support and manage your own
systems and security. Focus on running and
growing your business, with ongoing support from
your managed service provider.

Need More Information?

Phishing

It started with an innocent-looking email. An employee opened it and clicked on an attachment that seemed legit.

In that moment, ransomware embedded itself in the company’s system and slowly encrypted files in the background until the employees were locked out of their server-based spreadsheets, documents, presentations, and client databases. This was quickly followed by a ransomware demand.

The company called us to help them sort out the mess. Fortunately, there were two things that helped them avoid permanent data and productivity loss―some of their workflow was already in the cloud and they were already having us do regular data backups.

It took a bit, but we got them back on their feet without paying the ransom. It could have been much worse―and exponentially more expensive.

Once the company regained control of their systems and their internal postmortem on the incident was complete, they updated their employee onboarding policy to include cybersecurity awareness training.

While there’s no way to avoid every danger, the risk of the big ones―like ransomware―can be mitigated with proactive steps like regular, offsite backups and employee training.

Need some help implementing or managing these protocols? We’re here for you.


Web Design and Hosting

A business’s online presence, regardless of industry, can have a massive impact on its success. In this day and age, some businesses still don’t realize that a majority of their customers will visit their website before making a purchase.

Having a strong online presence, particularly a website, can be make or break for generating more revenue. Yes, the quality of your website impacts results, but the purpose of this email is to stress the importance of making sure you have a website.

Decisive Data Systems has helped numerous companies of varying sizes create their digital presences. In some cases, organizations are hesitant to get online because they feel they are not tech-savvy enough and don’t understand how to manage a website. Other times, companies are concerned about the price.

The good news is that there’s a solution out there that will work for you. If you still need convincing, here are the top reasons it’s important for your business to have a website:

Credibility

One of the main reasons you should have a website for your business is to increase your organization’s credibility. Chances are there are several providers offering a similar service to yours. One way you can stand out is by having a website that looks good and clearly communicates quality information to your consumers.

Without a website, people may question your legitimacy as a business. Having a website is an opportunity to make a great first impression and give people comfort that you’re an established business.

Brand

Showcasing your brand to your prospective customers is one of the most important things that you can do. By clearly establishing who you are, what you represent and what you stand for, you increase the chances of your customers buying from you.

This is also something that can set you apart from your competitors. Without a website, it can be incredibly challenging to do this because people can’t easily find quality and reliable information on your business.

Leads

Perhaps one of the most intriguing reasons to have a website for your business is because it can increase your chances of getting leads.

Once people find you online, become interested in your product or service and want to know more, they’ll know how to contact you thanks to the information on your website, which gives you the opportunity to increase your sales. Even though websites have a cost, when used correctly, they have a positive Return on Investment.

Organic Traffic

Once you’re online and have an Search Engine Optimized (SEO) website, you have a chance of showing up in Google search results. This means that when people are searching for a product or service, there is a chance your website will show up in the results. This gives you the opportunity to drastically increase your customer base.

Saving You Time + Customer Service

Many businesses get calls from prospects or existing customers asking simple questions about location and hours of operation. If you miss a call, the customer is left unhappy. Calls can also distract your staff from focusing on the most important parts of your business. A website can reduce these calls and increase internal productivity. At the same time, it helps customers find useful information without needing to call, which ultimately provides an all-around better user experience.

Updates And Announcements

Since your website is on 24/7, it’s easy to post updates and announcements to your customers. It’s a way to keep them up to date on everything that you’re doing. When something is particularly relevant to them, it increases the chance of you being able to up-sell them.

Digital Marketing

If you plan on leveraging digital marketing to increase your leads and grow your business, you’ll likely want to drive traffic to a website or landing page. To do this effectively, leverage historic traffic that has been going to your website so you can target the most qualified customers and get the best ROI on your ad spend. This is something that can’t be set up retroactively, so it is best to get your website running early even if you’re not planning on running ads at the moment.

Websites have become essential to business today. I strongly recommend creating one if you haven’t done so already. You can improve it over time, but the key is to start.

Verified by MonsterInsights