Category: Articles

What is PAM (Privileged Access Management)

PAM (Privileged Access Management)

Let’s talk about PAM, and no I am not talking about the beloved cooking spray. I am talking about PAM; Privileged Access Management. Many define this as a technology that controls the elevated or privileged access permission for users, service accounts, processes, and systems within the IT ecosystem. Placing this into terms of why we would need to do this. We have all seen a request for these cyber insurance forms, compliance requests, contractor self-attesting, etc. On these forms, it can commonly be found requesting how your company is handling its Least Privilege access.

What can I do with a PAM to apply the principle of least privilege you may ask? That comes down to restricting permissions to the minimum levels a user or program needs to perform. And it has become a great way to protect against cybersecurity threats.

What can PAM do at a practical level of an organization?

A simple answer prevents mistakes or malicious action from happening because the fact is the user, service account or application cannot run said function without approval.

What are the capabilities to look for in your PAM?

  • Integration – Improving user workflow by centralizing access
  • Automation – Remove manual tasks with an automated process
  • Role-based access control – Restrict network access to authorized users based on their role
  • Auditing – Records and monitors privileged session activity
  • Compliance – Help your organization achieve its cybersecurity goals
  • Easy – It should be user-friendly to streamline the process

What does this mean for you and your staff?

Pretty simple question and yet brings a rather large change to the day-to-day operations within a network. You may have heard your IT team say they need to prevent users from installing senseless applications on machines. In most small to medium businesses, most users are configured with administrative rights on the local machine, giving them a great level of autonomy to install and update anything they want. But if you think about it, this is where most mistakes occur, and breaches happen. If a user can no longer run an executable on their machine that has not already been approved to run, they would need to send in a request for approval.

What does this mean for management?

Well, you need to have a procedure defined on what is and is not approved applications for the staff to perform their duties. If they are putting in a request to download uTorrent or Spotify on a work machine, most likely this is not something you want happening inside your business. Having this process will allow the IT security team a workflow to follow for approvals.

Do the requests ever end?

Short answer, no, not really. Users are always going to install new things on their workstations. It is not that they are doing this maliciously it is the feeling of need and want rather than safe or required. With a PAM solution that is properly configured, it can be incredibly manageable to handle hundreds of users and their requests. Best to take control of the situation than let your network become the wild west of your users.

Conclusion

Implementing a PAM solution is an efficient method to control permissions within your network. Better auditing and insight into what transpires at the user, and machine access level. Reducing the risk of over privilege and poor off boarding to prevent security holes. At the end of the day, it is about protecting your business.


Data Backups

Is your company utilizing Data Backups?

What would happen if got to the office one day and ransomware had locked you out of your files? The document you need for an early meeting is encrypted and unusable; the client file your staff needs to work on before their deadline is unreadable; and the presentation your sales team has worked on for the past week can’t be accessed.

Everything is going wrong, so you call your IT support partner.

If you’ve been doing regular backups, they might say something like, “This is bad, but it’s fixable. We’re on it. Give us some time and we’ll get into it.”

Without regular backups, the response from your IT guys may be completely different. Companies have been forced to pay thousands of dollars to ransomware-wielding criminals just to regain access to everyday company files.

Recent ransomware news stories illustrate the need for proactive anti-ransomware activity and ongoing vigilance. One of the most important anti-ransomware strategies you can implement in your business is a robust data/workflow backup protocol. By systematically backing up your essential files, you have a fall-back copy to utilize―even if your in-house IT systems become infected.

The backups our team implements can be activated in the event of a ransomware attack as well as any negative incident―natural or man made―that limits your access to on-site data/workflow.

To learn more, Contact us today.


Is Antivirus Enough?

Not too long ago, if your business had a firewall and a decent antivirus, you were protected against most threats to your data and operations.

But the world of cyber-crime has evolved.

Today’s cyber criminals are deploying new, sophisticated attacks that find the smallest unguarded points of entry into your systems and exploit those security gaps.

Have you heard about the company targeted through an unprotected, Wi-Fi-connected HVAC system? What about the one where hackers found a way in through their office’s smart TV?

The explosion of IoT and mobile workflow devices has made it easier for criminals to find unprotected endpoints they can use as gateways to your network. This tactic bypasses traditional antivirus and firewall protection efforts. Many companies are discovering endpoint detection and response (EDR) services AFTER they’ve been targeted, but we suggest you consider implementing one now.

EDR services protect your workflow by monitoring each internet-connected device on your network for potential cybersecurity issues and responding to any anomalies.

Many of our clients have already determined that investing in EDR now is more cost-effective than dealing with the aftermath of a cyberattack.

Antivirus and firewall are a PART of a holistic IT protection strategy, but you can no longer rely on them alone to keep your systems secure.

We’d be happy to have a conversation with you about EDR. Just reach out.


Cyber Risk Profile

Doctors look at your medical and family history to determine which diseases are most likely to afflict you in your lifetime. From this assessment, they are able to suggest proactive actions that can lower your risk for these problems to occur.

It’s no different with the IT systems within your company.

A team of IT professionals are needed to survey the general cyber health of your systems and determine the current reality of your IT security posture.

Knowing your cyber risk profile helps you make proactive, executive decisions about everything from investments in your tools to the management and monitoring of your IT security protocols.

Our team works in coordination with companies like yours to help assess the state of your cybersecurity and make recommendations to align your security efforts with threat trends.

The assessment offered by our specialists generally consists of sending a technician onsite to deploy some tools along with building out a review and report of the results of those evaluations.

Just like your health, knowing your current state is the first step in mitigating the risk to your organization’s operations.


Phishing

It started with an innocent-looking email. An employee opened it and clicked on an attachment that seemed legit.

In that moment, ransomware embedded itself in the company’s system and slowly encrypted files in the background until the employees were locked out of their server-based spreadsheets, documents, presentations, and client databases. This was quickly followed by a ransomware demand.

The company called us to help them sort out the mess. Fortunately, there were two things that helped them avoid permanent data and productivity loss―some of their workflow was already in the cloud and they were already having us do regular data backups.

It took a bit, but we got them back on their feet without paying the ransom. It could have been much worse―and exponentially more expensive.

Once the company regained control of their systems and their internal postmortem on the incident was complete, they updated their employee onboarding policy to include cybersecurity awareness training.

While there’s no way to avoid every danger, the risk of the big ones―like ransomware―can be mitigated with proactive steps like regular, offsite backups and employee training.

Need some help implementing or managing these protocols? We’re here for you.


Web Design and Hosting

A business’s online presence, regardless of industry, can have a massive impact on its success. In this day and age, some businesses still don’t realize that a majority of their customers will visit their website before making a purchase.

Having a strong online presence, particularly a website, can be make or break for generating more revenue. Yes, the quality of your website impacts results, but the purpose of this email is to stress the importance of making sure you have a website.

Decisive Data Systems has helped numerous companies of varying sizes create their digital presences. In some cases, organizations are hesitant to get online because they feel they are not tech-savvy enough and don’t understand how to manage a website. Other times, companies are concerned about the price.

The good news is that there’s a solution out there that will work for you. If you still need convincing, here are the top reasons it’s important for your business to have a website:

Credibility

One of the main reasons you should have a website for your business is to increase your organization’s credibility. Chances are there are several providers offering a similar service to yours. One way you can stand out is by having a website that looks good and clearly communicates quality information to your consumers.

Without a website, people may question your legitimacy as a business. Having a website is an opportunity to make a great first impression and give people comfort that you’re an established business.

Brand

Showcasing your brand to your prospective customers is one of the most important things that you can do. By clearly establishing who you are, what you represent and what you stand for, you increase the chances of your customers buying from you.

This is also something that can set you apart from your competitors. Without a website, it can be incredibly challenging to do this because people can’t easily find quality and reliable information on your business.

Leads

Perhaps one of the most intriguing reasons to have a website for your business is because it can increase your chances of getting leads.

Once people find you online, become interested in your product or service and want to know more, they’ll know how to contact you thanks to the information on your website, which gives you the opportunity to increase your sales. Even though websites have a cost, when used correctly, they have a positive Return on Investment.

Organic Traffic

Once you’re online and have an Search Engine Optimized (SEO) website, you have a chance of showing up in Google search results. This means that when people are searching for a product or service, there is a chance your website will show up in the results. This gives you the opportunity to drastically increase your customer base.

Saving You Time + Customer Service

Many businesses get calls from prospects or existing customers asking simple questions about location and hours of operation. If you miss a call, the customer is left unhappy. Calls can also distract your staff from focusing on the most important parts of your business. A website can reduce these calls and increase internal productivity. At the same time, it helps customers find useful information without needing to call, which ultimately provides an all-around better user experience.

Updates And Announcements

Since your website is on 24/7, it’s easy to post updates and announcements to your customers. It’s a way to keep them up to date on everything that you’re doing. When something is particularly relevant to them, it increases the chance of you being able to up-sell them.

Digital Marketing

If you plan on leveraging digital marketing to increase your leads and grow your business, you’ll likely want to drive traffic to a website or landing page. To do this effectively, leverage historic traffic that has been going to your website so you can target the most qualified customers and get the best ROI on your ad spend. This is something that can’t be set up retroactively, so it is best to get your website running early even if you’re not planning on running ads at the moment.

Websites have become essential to business today. I strongly recommend creating one if you haven’t done so already. You can improve it over time, but the key is to start.

Backup for Microsoft 365

Backup for Microsoft 365

Protect Your Data—Protect Your Busines

Your business constantly creates data that fuels your operations and growth. So, who is responsible for protecting and backing it up?

You may believe that Microsoft maintains all your Microsoft 365™ data. However, the reality is the burden can fall on you— unless you elect to add Backup for Microsoft 365.

Adding this vital online backup service can help protect you from security incidents such as ransomware and business email compromise (BEC), as well as file and account deletions that exceed the default Microsoft retention policies. With Backup for Microsoft 365, we can help you recover files and accounts at any time, even if they are accidentally or maliciously deleted by an insider or external cybercriminal.

AUTOMATE BACK UP TO PROTECT YOUR FILES

  • We will manage your Backup for Microsoft 365 to:
  • Back up Microsoft 365 Exchange™ every four hours
  • Back up Microsoft 365 OneDrive® every six hours
  • Back up Microsoft 365 SharePoint® (including Microsoft Teams® files and data that are stored in SharePoint) every six hours. Custom- and sub-libraries are backed up and can be recovered individually as needed

RETAIN AND RECOVER YOUR DATA

We will use the solution to help ensure you can:

  • Recover the data you want swiftly and easily
  • Meet retention requirements for data storage
  • Retain and recover Microsoft 365 Exchange email, calendars, contacts, and tasks for seven years
  • Retain and recover Microsoft 365 OneDrive data for one year
  • Retain and recover Microsoft 365 SharePoint data and permissions for one year

BACK UP IN THE DATA CENTER OF YOUR CHOICE

You can:

  • Keep your data in region with more than 30 worldwide data centers helping meet your business and retention requirements

EXTEND AND MODERNIZE DATA PROTECTION

We can help you:

  • Keep your data protection services up-to-date as your new business units or employees adopt Microsoft 365
  • Avoid lost time, reduced productivity, and frustration while trying to recover irrecoverable data, such as expired or permanently deleted files and sites
  • Maintain effective business continuity by recovering files, ranging from individual requests to complete employee or business reinstalls

Conclusion

Using Backup for Microsoft 365 can help protect your business and data against accidental and malicious acts of file and account deletion. If this online backup service helps you restore your business after a security incident such as ransomware or BEC, the ROI on your investment will be exponential.

Protect your business and productivity. Get peace of mind knowing you can recover your Microsoft 365 data for any reason, at any time. Start today.

Need more information?

Virtual CIO Services

Virtual CIO Services

Executive-level consulting to get the most from your IT investment

Company leaders who want to move their business forward are looking to technology to play a pivotal role in that progress. But technology alone isn’t enough. An experienced, high-level IT professional on your side will help you leverage that technology for maximum impact.

What is a VCIO?

A virtual chief information officer (vCIO) is an executive-level IT professional that provides advice, guidance, and management of your overall technology strategy. The virtual part of a vCIO service allows businesses of any size to access the deep expertise of a C-suite IT professional without the cost of hiring another in-house executive.

Helping you take advantage of tech advancements for business profitability

Digital transformation of workflow now allows small to mid-size businesses across the globe to do more with less, streamline processes, expand profit margins, and compete with their larger competitors. A vCIO is the right person to help your business assess your current IT environment, build a strategy to utilize tech for your business advantage, and manage the implementation of that strategy for you.

What does a vCIO do?

  • Becomes intimately familiar with the technology in use by your company
  • Provides the IT information you need to make go-forward decisions
  • Helps you navigate what new technologies might be helpful for your business
  • Gives guidance on IT purchases and budgeting
  • Oversees a comprehensive IT management strategy
  • Delivers consultation surrounding cybersecurity protocol implementation and management
  • Works to align people, technology, and processes
  • Makes IT analytics available to executive team members for real-time decision making

The business benefits of partnering with us for vCIO services

  • High-level IT advice aligned with your organizational objectives
  • IT budgeting consulting to get the highest ROI from your IT spend
  • Executive IT insight into and management of your cybersecurity posture and protocols
  • Visibility into the cost and capability of IT to support proposed next business steps
  • Hands-free oversight of your current IT environment
  • A single point of contact for today’s IT use and tomorrow’s IT opportunities

Staying competitive while staying on budget

Hiring a full-time, in-house IT executive (CIO) can be both time-consuming and expensive. By partnering with our firm or virtual CIO services, you get all the advantages of a C-suite IT professional on your team at a fraction of the cost of another salaried executive on staff. Your competitors can make the most of the technology they use because they have a top-shelf IT strategy. That same strategic IT consulting and management experience is available to you

within an easily budgeted, outsourced framework.

Need more information?