Category Archives: Security

Cybersecurity in the Workplace is Everyone’s Business

Cybersecurity in the Workplace is Everyone’s Business

The growing sophistication of cyber threats can be particularly devastating to a small business. There is no denying the fact that small to medium size businesses are just as likely a target as large enterprise. The criminals are after your critical data and they’re targeting your people to get it. Unfortunately end users are easy prey for cybercriminals. People are the common denominator in most cyber intrusions because they are increasingly exposed to phishing schemes and ransomware attacks via the most common threat gateway: email.

With education and awareness employees can become a front line of defense against threats to critical business data and systems. A security awareness training program for your team is a great place to start. It creates awareness and communications through ongoing training solutions embedded into employees daily activities. This works to minimize human error by keeping security at the forefront while staying compliant with industry regulations or state laws.

The National Cyber Security Alliance’s (NCSA’s) CyberSecure My Business™ is a national program helping small and medium-sized businesses learn to be safer and more secure online. They’ve outlined 5 actionable steps to take to better secure your business and promote security awareness.  

  1. Learn how to identify the assets and systems that are critical to your business–would have difficulty operating if they were lost our compromised and could be a high value target for cybercriminals. Put appropriate policies and systems in place to keep your digital assets secure. This is also a good time to establish cybersecurity policies for BYOD and mobile/remote employees.
  2. Build your cyber protections around these assets first as you create a trajectory forward to protect your entire business. The goal is to build a culture of cybersecurity that includes employees knowing how to protect themselves and the business and understanding the cyber risks as your business grows or adds new technologies or functions. Make privacy a top priority and educate staff about their roles and the value of protecting consumer and employee information. This step is also where a comprehensive security awareness program is critical.
  3. Detection is all about knowing when something has gone wrong. We have fire alarms in our businesses and homes that alert us to problems. In cybersecurity, the faster you know about an incident, the quicker you can mitigate the impact and get back to normal operations. Security technologies play an integral role in prevention and detection.
  4. Even when we take all the precautions we can, incidents can still happen. Being prepared to respond in a thoughtful and comprehensive manner will reduce risks to your business and send a positive signal to your customers and employees. Therefore, planning for a response is critical. Another proactive measure to consider is a Cyber Insurance policy which could help prevent significant financial loss from a cyber incident.
  5. The final step is the recovery efforts that will follow a response to a cyber incident. Like the response step, recovery requires planning. The goal of recovery is to move from the immediate aftermath of a cyber incident to full restoration of normal systems and operations. A thorough data backup and recovery solution that provides immediate copies of your info means you can retrieve your files quickly and minimizes downtime if you fall victim to a cyber attack.

Awareness, education, planning and implementation are key to preventing cyber threats. The strategic and comprehensive outline above is ideal but can be overwhelming to implement in a thorough and effective manner with out the proper resources. If your business is in need of a professional evaluation for cybersecurity planning and solutions Ancero can provide a complimentary consultation. We can help you start from scratch or just fill in the cyber security services you might be missing in your current processes. Let’s talk!

 

You’ll catch more phish with honey than vinegar

Managed SecurityYou’ll catch more phish with honey than vinegar

Businesses know that they have to combat the human error that results in cyberattacks to their network and potential loss of critical data. They value their employees but need to create an atmosphere of awareness. Savvy business owners and managers turn to training and education. But it can be challenging to train employees in best practices without a security background.

Studies prove you’ll get a higher retention rate and better participation when you train employees with “carrots, not sticks”. The Wall Street Journal examined this idea in the recent article ‘A Better Way to Teach Cybersecurity to Workers’: “The problem, security experts say, is that the usual security training is a big turnoff for employees. Most of the time, all it does is try to instill fear of clicking on suspicious links or using weak passwords. But research shows that approach doesn’t work.”

Keep your cyber awareness training from becoming a chore. Make it positive and incentivize employees for participation. Develop a security awareness training with built in reporting features so that the program tracks your employee’s progress. Giving you the perfect opportunity to reward them for successfully spotting a phishing trap!

What is the most common result of clicking on a link in a phishing email? Ransomware. The cyber epidemic that results in 57% critical data and/or hardware loss and up to 75% downtime for small to medium sized businesses (Datto State of the Channel Report). That’s too much to risk! Social engineering techniques exploit a very basic concept: it’s possible to trick people into doing the dirty work for thieves. Ransomware is the payload of choice for malicious email campaigns and in 2016 U.S. companies experienced the greatest number of ransomware attacks, over 500 million due to the Locky ransomware.

So how do you reduce the 30% phishing email open rate? Education, Engagement and Encouragement.

A training and awareness program that encourages good cyber hygiene can make a big difference between recognizing a phishing email or becoming a victim. When employees fully understand the issue – and the risks – they’re in a position to serve as the barrier of protection, essentially the “human firewall”. A security awareness program should combine a 3 step approach:

• Training – Employee email security training on a computer based training module

• Evaluation – Periodic testing through the use of simulated phishing that puts their training to the test

• Insight – In depth quarterly reporting reveals campaign statistics, vulnerabilities and employee activity

If organizations aren’t monitoring internal emails, they risk potential downtime, data & financial loss. Combat attacks by utilizing education with cutting-edge training methods to reduce human error. And with the detailed reporting features you can track the employees who successfully detect the phishing emails and reward them with recognition and prizes. Something as simple as an Amazon gift cards goes a long way to fostering good cyber awareness. A positive-reinforcement campaign will result in greater security, peace of mind and enthused team members!

Where do you start? Our data protection specialists can help you implement a security awareness training program, give us a call at 856-210-5800 or email at info@104.219.251.195.

New firewalls, new protections, no upfront capital expense!

sonicwall tz seriesNew firewalls, new protections, no upfront capital expense!

Don’t fight the threats of today with the technology of the past. Upgrades are essential to your security. Ancero Managed Security as a Service (SECaaS) combines the security of a SonicWall firewall appliance with Ancero managed IT services, reporting software, and content filtering, plus all related warranty and subscription services in a bundled solution at a low monthly subscription price. Always have a current firewall with no capital expenditure. And SonicWall firewalls and management software deliver the features, flexibility and visibility you need to fight threats without slowing down your network.

With Ancero SECaaS all the necessary security components are bundled into a convenient monthly subscription price with no upfront hardware investment required. Deploy a network security solution that fits within virtually any budget!

What’s included with SECaaS?

  • Firewall hardware
  • Advanced software solutions
  • Security configuration
  • 24×7 Monitoring and management
  • On-Demand Reporting
  • Content Filtering
  • Hardware flexibility
  • Ancero support service

Always have a current firewall with long-term flexibility to upgrade equipment as your needs change and as technology changes. Eliminate your capital expenditure with no upfront cost for hardware, and pay a predictable monthly service fee for security instead. SECaaS is available across the entire SonicWall product portfolio – from the smallest to the largest firewall.

Eliminate time consuming management when you outsource your network security to Ancero. We install, configure and deploy your security solution – managing everything for you, plus 24×7 Ancero support. SECaaS includes many of the SonicWall network security services that are essential to your data protection, including their Capture Advanced Threat Protection.

For the full features and list of benefits download our Managed SECaaS brochure.

The #1 selling small business firewall, the SonicWall TZ firewall, delivers the same level of security, performance and manageability as firewalls used by banks, government agencies and large businesses. Watch the video or download the TZ firewall technical data sheet

Ready to upgrade your old firewall? Call Ancero, your full service IT company, to discuss this new Managed SECaaS service 856-210-5800 or email us at sales@104.219.251.195.