MSPNetworks Blog

Your business works with a lot of vendors. Each of these vendors requires your time, energy, and resources. Do you have the assets to handle all of them yourself, or would it all be better spent elsewhere on more profitable tasks and projects? Today, we’ll highlight your business’ vendor management options.

A popular automotive dealership software platform has recently become the target of a cyberattack, resulting in the solution going down for several days. Any business that has a solution it relies on can sympathize with the situation. After all, if you lose access to your critical business apps for several days, would your operations be able to recover?

Perhaps predictably, the word “insure” has roots that tie it closely to “ensure,” as it is meant to ensure a level of security after some form of loss. Nowadays, that loss often pertains to data, making cyber insurance an extremely valuable investment for the modern business to make.

However, in order to obtain this kind of insurance, businesses commonly need to meet some basic requirements. Let’s go over some of these requirements now.

What Are Insurance Providers Looking for to Approve Cyber Insurance?

It’s important that your business is not only meeting the requirements that an insurance provider expects from you, but that you also have it fully documented. This helps make it easier for everyone to stay on the same page, as well as to evaluate how prepared the business is to protect its data. What follows are some of the preparations that many insurance providers expect to see from businesses seeking coverage.

Multi-Factor Authentication Protecting Email (at a Minimum)

It should come as no surprise that email is a major target for cybercriminal activity. It’s popular, it’s convenient, and—as countless attacks have proven—it works. If a cybercriminal manages to gain access to a target’s email account, they effectively have the keys to the castle, as any accounts tied to that email can then be altered and adjusted.

This is what makes it so important that if you have multi-factor authentication protecting anything, your email is a good candidate… although, we recommend that it’s implemented wherever it is available. Multi-factor authentication reinforces your security by adding additional requirements to a login process before access will be granted, ideally by also requiring a user to confirm their identity, often through a secondary key or by providing a generated code or biometric proof.

The long and the short of it is that MFA is a very effective means of eliminating unauthorized access, which is something that insurance providers want to see before they offer coverage.

Testing and Training for Cybersecurity Awareness

On a related note, insurance providers want to see staff engagement where a business’ cybersecurity is involved. After all, all the protection in the world won’t matter if one of your team members leaves the door open or allows an attacker in. This makes it critical that your team knows about the threats they face and—crucially—how to appropriately identify and react to these threats as they encounter them.

Due to the evolving nature of cybercrime, this needs to be an ongoing process. You should be regularly evaluating your employees with and without warning, providing immediate education to anyone who misses one of your simulated threats. Your potential insurance provider will likely want to see documented proof that these steps exist and are enforced as they consider your application.

Incident Response, Backup and Disaster Recovery, and Similar Defenses

In order for these policies to stay profitable, insurance companies will want to see that every precaution has been put in place. After all, the less likely a policyholder is to suffer the damages that their policy covers, the less likely it is that the insurer will have to issue a reimbursement payment. As a result, insurance providers like to see that businesses are as prepared as possible, so they don’t just want to see preventative measures, but mitigations as well.

Therefore, your insurance provider is going to want to see everything you have in place as a part of your incident response plan. They’ll want to see that your backups are situated and updated appropriately, they’ll want to see established processes and systems, and they’ll want to see that you have different people assigned to carry these processes and systems out.

Applicable Compliance Gap Assessments

Chances are pretty good that you process credit card information as part of your business operations in some shape or form. This means that you presumably need to align to the Payment Card Industry Data Security Standard (PCI DSS), which dictates what businesses need to do to protect the information of their cardholding customers. A gap assessment is a process that helps you identify anywhere that you fall short of true compliance, allowing you to more effectively resolve these issues to reach the standards expected. Because of this, insurance providers will want to see the results of your gap assessments and documentation of any steps that you’ve taken to fix the issues present regarding any applicable compliance requirements.

We can help you maintain the standards that an insurance company will be looking for to approve your business for cyber insurance coverage. Learn more about our managed IT services by giving us a call at (516) 403-9001.

If you watch technology news, you might notice that there is one day out of every month that gets a lot of attention from the technology sector, and that day is what is called Patch Tuesday. This is the day each month when Microsoft issues all of their patches and security updates, and it’s important to know when this day falls each month—at least, for your IT team it is.

What is Patch Tuesday?

You don’t need us to tell you that Microsoft as a software developer is a big deal, having released major computer operating systems and business applications that are used by countless individuals and organizations across the globe. We want to highlight one quality that is a little easy to forget sometimes, though, and that is the fact that Microsoft, like any other software developer and publisher out there, is not infallible. They are bound to create products with flaws in them, just like anyone else.

This is why Patch Tuesday exists. It provides Microsoft with the opportunity to routinely address performance issues, security risks, and other bugs that might be discovered in their software. Each month, the Microsoft Security Response Center puts out information using Common Vulnerabilities and Exposures numbers on their website. This information is designed to inform IT workers and the public in general about security issues that are addressed with each update. These updates typically cover Windows operating systems—including those that have reached their end-of-life but are covered under an extended support contract—as well as other Microsoft software products.

Patch Tuesday is the second Tuesday of each month. Patches and updates are issued at 5:00pm (Coordinated Universal Time).

Why is Patch Tuesday Important?

Simply put, Patch Tuesday was created to give IT workers a heads-up as to when patches and updates will be applied. Oftentimes IT workers will need to prepare an infrastructure for a blanket installation of important patches and updates, so this gives them an official date and time to work towards.

Patch Tuesday is also important to another, slightly less altruistic group of individuals: hackers. Cybercriminals and developers of online threats can scour the code of Microsoft’s patches to gain insights into vulnerabilities that might have been addressed within them. They can then use that information to reverse-engineer patches, so to speak, to target individuals who have not deployed their new patches and updates, thereby getting the jump on users who have not expediently deployed them.

Why Are Patches and Updates In General Important?

There is a reason why patches and security updates are issued so regularly, and it’s a big one: your business is very much at risk without them. Patches and updates are issued to shore up security vulnerabilities in software—vulnerabilities that could ultimately give hackers access to your network if they are crafty enough.

It’s important to note that not all vulnerabilities are actively exploited in the wild prior to being detected. It’s entirely possible that developers at Microsoft happened upon them out of the blue and decided to address them appropriately. When they do find unpatched vulnerabilities that are being exploited, however, they tend to release patches and updates out of their routine to get them into the hands of the public as soon as possible.

If all this talk about patches and updates has you concerned about the future of your organization, fear not. MSPNetworks is happy to assist you with the management and deployment of all patches and updates for your mission-critical systems. To learn more about what we can do for your business, reach out to us at (516) 403-9001.

Businesses go through a lot of technology, but how does your organization dispose of electronics that are no longer in use? Let’s discuss this incredibly important topic, as the improper disposal of devices could not only put your organization at risk, but also the environment.

Why Shouldn’t I Just Throw Out My Old Technology?

There are several reasons why you don’t want to just throw your technology in the trash.

• First, there is no real accountability if you just throw your technology out. If you don’t take care to remove data from the device, it could be accessible to anyone who finds it.
• Second, modern computer components have a ton of hazardous materials in them, meaning that it’s just bad for the environment for them to sit in a landfill.
• Third, it’s wasteful and unnecessary. Many of the components found in these devices can be repurposed or reused, so making sure the device is processed and recycled is a great choice.

It doesn’t matter what the processes or policies of your recycling facility are; you should always go out of your way to make sure that your devices have been appropriately wiped so that any data found on them is inaccessible moving forward—especially if you are recycling the device. It’s also worth asking whoever is disposing of your device if they plan to erase this data and destroy the hard drives so that nothing can be recovered. Chances are this isn’t the case, and if so, we’re happy to assist.

How Electronics are Recycled

Once a computer has been delivered to a reputable recycling center,it will be broken down. Recycling companies will disassemble the device and process the various components and parts. Each of these parts will then be recycled according to best practice. This is also the process for removing hazardous materials from these devices.

These disassembled components are then processed and renewed. These materials are used to create new devices, cutting out waste that would otherwise sit unused in a landfill elsewhere.

Technology is an incredibly important part of running any business, and we want to make sure that you are getting the most out of yours. For help with this, reach out to MSPNetworks at (516) 403-9001.

2020, unsurprisingly, has decided to go out with a bang, as it has been revealed that the United States was targeted in the largest cyberespionage attack to date. Let’s go over what this attack means, and how things will need to play out in the future.

How Did the Attack Happen?

In short, an IT management company known as SolarWinds was breached back in March, affecting a massive number of organizations—18,000 in all. These organizations include the likes of Microsoft, Cisco, and FireEye, as well as many states and federal organizations, including:

• The U.S. Department of State
• The U.S. Department of the Treasury
• The U.S. Department of Homeland Security
• The U.S. Department of Energy
• The U.S. National Telecommunications and Information Administration
• The National Institutes of Health, of the U.S. Department of Health
• The U.S. National Nuclear Security Administration

When the attackers gained access to SolarWinds’ network, they were able to use what is known as a supply chain attack to introduce their malware to these departments and organizations by pushing it through the company’s automatic software update system for their Orion products. These kinds of attacks can be particularly effective since the threat is introduced to an environment via a trusted application.

Making this situation worse, many SolarWinds customers had excluded Orion products from their security checks on SolarWinds’ recommendation to prevent their other security products from shutting them down due to the malware signatures that these security products contain.

While (at the time of this writing) it is unclear what the attackers responsible used this access to do, the potential ramifications are truly terrifying. While government departments were targeted, it also needs to be said that this attack could have potentially continued from the major providers like Microsoft and Cisco to their clients, and so on and so forth. That’s why there is still no estimate of this attack’s true scope.

This attack was seemingly only discovered when an employee at FireEye received an alert that their VPN credentials had been used from a new device, and a little digging revealed the much larger situation playing out.

This Wasn’t the Only Attack, Either

Another attack was also discovered on SolarWinds’ network when the company performed an internal audit of its systems. On December 18, a second malware was found to have used the same tactic to infiltrate SolarWinds, but as of this writing does not seem to come from the same source.

What This Needs to Teach Us

Frankly, the most important lessons to be learned here are painfully obvious. First off, cybersecurity needs to be prioritized above all else, and all potential threats should be considered a likelihood. After all, the U.S. government was warned about the viability of exactly this kind of threat back in 2018 by the Government Accountability Office.

Secondly, the concept of your employees being a huge part of your cybersecurity strategy needs to be reinforced. This was only discovered when an employee was alerted of unusual activity and took that alert seriously. Your team needs to know what they are looking out for, and how to proceed if they spot it.

Unfortunately, the full extent of this threat will not be clear to us until much later, but what is clear is that we’ll be here to keep your business’ IT as secure as possible. To learn more about what we can do for your business and its security, take a few moments to give us a call at (516) 403-9001.