Cybersecurity Archives | OTAVA® https://www.otava.com/blog/category/cybersecurity/ We do the cloud so you can do you. Fri, 19 Jul 2024 13:54:40 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 Proactive Measures and Rapid Response: OTAVA’s Handling of the CrowdStrike Outage https://www.otava.com/blog/proactive-measures-and-rapid-response-otavas-handling-of-the-crowdstrike-outage/ https://www.otava.com/blog/proactive-measures-and-rapid-response-otavas-handling-of-the-crowdstrike-outage/#respond Fri, 19 Jul 2024 13:54:39 +0000 https://www.otava.com/?p=17087 The post Proactive Measures and Rapid Response: OTAVA’s Handling of the CrowdStrike Outage appeared first on OTAVA®.

]]>
The post Proactive Measures and Rapid Response: OTAVA’s Handling of the CrowdStrike Outage appeared first on OTAVA®.

]]>
https://www.otava.com/blog/proactive-measures-and-rapid-response-otavas-handling-of-the-crowdstrike-outage/feed/ 0
Fortifying Defenses Against Ransomware: The Role of Security Compliance https://www.otava.com/blog/fortifying-defenses-against-ransomware-the-role-of-security-compliance/ https://www.otava.com/blog/fortifying-defenses-against-ransomware-the-role-of-security-compliance/#respond Wed, 03 Jan 2024 20:50:04 +0000 https://www.otava.com/?p=16650 The post Fortifying Defenses Against Ransomware: The Role of Security Compliance appeared first on OTAVA®.

]]>
The post Fortifying Defenses Against Ransomware: The Role of Security Compliance appeared first on OTAVA®.

]]>
https://www.otava.com/blog/fortifying-defenses-against-ransomware-the-role-of-security-compliance/feed/ 0
OTAVA Speaks: OTAVA talks compliant multi-cloud on the Compliance Unfiltered Podcast https://www.otava.com/blog/otava-speaks-compliance-unfiltered-multicloud/ https://www.otava.com/blog/otava-speaks-compliance-unfiltered-multicloud/#respond Tue, 28 Feb 2023 16:10:19 +0000 https://www.otava.com/?p=16163 The post OTAVA Speaks: OTAVA talks compliant multi-cloud on the Compliance Unfiltered Podcast appeared first on OTAVA®.

]]>
The post OTAVA Speaks: OTAVA talks compliant multi-cloud on the Compliance Unfiltered Podcast appeared first on OTAVA®.

]]>
https://www.otava.com/blog/otava-speaks-compliance-unfiltered-multicloud/feed/ 0
Ransomware: What it is, How it Works and How to Prepare https://www.otava.com/blog/ransomware-what-it-is-how-it-works-and-how-to-prepare/ Mon, 27 Dec 2021 13:28:10 +0000 https://www.otava.com/?p=10294 Each day, there are more and more companies crumbling to the invisible threat that is Ransomware. Find out what Ransomware is and how to prepare for an attack.

The post Ransomware: What it is, How it Works and How to Prepare appeared first on OTAVA®.

]]>
IT.jpgWhat would you do if your business was under attack by malicious software? It’s a question that several CIOs and IT leaders lose sleep over. Each day, there are more and more companies being affected by the invisible threat that is Ransomware, a malicious software that blocks access to your entire computer system until a ransom is paid. Clicking an infected email link, downloading a malicious file, and other seemingly routine tasks can be the beginning of an expensive gridlock. For some companies, the cost of paying the ransom alone is enough to bankrupt them; and In some cases, businesses that have given in to paying the ransom still do not get their files back.

With yet another threat to the continuity of our businesses, it is only appropriate that we prepare ourselves to combat it. Let’s walk through the basics of ransomware: How it gains access to your systems, what it costs you and how to protect your company.

How Ransomware Gains Access:

A majority of attacks conducted via Ransomware are performed from oversees on American businesses. In addition, the ransom is primarily paid using Bitcoin (prolifically used in the black market), which is untraceable. As a result, American law-enforcement often does not have jurisdiction to prosecute these attackers nor the means to identify them. This is a problem so inexhaustible that even the FBI’s advice is “to just pay up”.

Infection of ransomware can come from:

  • Opening an email attachment with the malicious virus attached
  • Clicking on a counterfeit online ad
  • Insertion of an infected USB
  • Download of software that contains malware
  • Download of randomly infected Google image
  • Poor cybersecurity of an outsourced company working with your business (janitor, plumbing service, etc.)
  • Poor cybersecurity of current business

Even though you can be infected randomly by clicking on a hacked website, or downloading a virus, you can also be targeted specifically. Many of these ransomware hackers research and target their prey and bait them into their virus. These viruses are almost impossible to be killed once it is on your computer.

The Costs of an Attack:

According to a study completed by Intermedia, every size business is susceptible to infection. 15% of attacks are on businesses under 100 employees, 60% are targeted to organizations that have over 100 employees, and 25% target enterprise level businesses. In addition, companies that operate 24 hours a day are at an increased risk of attack due to the greater cost of downtime (about 3X more) compared to normal business operating hours. Cybercriminals will attack hospitals, restaurants, police stations and other businesses open 24 hours and set ransoms at a higher prices. The number of attacks are also rising, as the number is up 30% (Infrascale) just from last quarter. 30% in a $1B cyber-crime industry (CNNMoney) is huge and is due to the growing amount of transmissions.

Emerson Network Power estimates that the average cost per minute of a data outage is $8,851. The average cost of a data center outage has increased 38 percent over the past six years and is now reaching $740,357 (up from $505,502 in 2010). This does not even account for the downtime costs, which is at an all-time high of $2,409,991 (up 81% since 2010). Cybercrimes, like Ransomware, are the fastest growing causes of data center outages, up 22 percent. With that being said, this is not something to overlook, and precautionary steps are almost a no-brainer at this point.

Protecting Against Ransomware:

In November, 2016 San Francisco’s Municipal Railway (Muni) was attacked by crypto (a ransomware family), and was demanded to pay over $70,000 worth of bitcoins. The hackers effectively shut down the Muni’s fare system for two days while Muni restored its operations from its backups, costing them thousands in revenue. The power to disrupt an entire transportation system in a major west-coast city proves that these ransomware families truly have the ability to infect anybody. However, this attack could have had much dire consequences had Muni not been prepared with system backups.

Security vendors are working around the clock to end the ransomware struggle, but they are forever one step behind. As a result, you and your business will likely, one day, suffer a ransomware attack.

The important thing to remember, as we learned with Muni, is that the solution lies it preparation. Creating a rigorous backup and disaster recovery regimen, will help to restore your systems to a pre-ransomware attack level. One backup copy on premise, however, is not enough to overcome an attack, as hackers can encrypt local backup servers. A best practice to avoid these attacks would be to follow the 3-2-1 Rule (three copies of your data, on two forms of media, with one copy located offsite). Following this rule will enable an organization to significantly reduce the risk of losing data in the event of a Ransomware attack, as it takes away all of the leverage away from the cyber criminals.

The Bottom Line:

One thing to take away from this is that backing up to the cloud is by far the best weapon against ransomware. It will lower the time you are down, from a few days to a minuscule 15 minutes. Which if you’re following along will save you thousands of dollars and possibly your entire business.

With the increasing urgency of the Ransomware threat, now is the time to become educated on what cloud backup is, and create a plan for recovering your environment.

Set yourself up for success, talk to a cloud backup service provider, and be prepared, not scared!

 {{cta(‘bb19fd51-e849-4421-a8dd-a92ebb2cc063′,’justifycenter’)}}

The post Ransomware: What it is, How it Works and How to Prepare appeared first on OTAVA®.

]]>
How Ransomware is Spreading: Popcorn Time https://www.otava.com/blog/how-ransomware-is-spreading-popcorn-time/ Mon, 27 Dec 2021 13:28:10 +0000 https://www.otava.com/?p=10289 Popcorn Time allows you to avoid paying your ransom after you get infected. But wait, these are cyber-criminals, so you can bet there’s going to be a catch.

The post How Ransomware is Spreading: Popcorn Time appeared first on OTAVA®.

]]>
Popcorn-Time-Ransomware-Pic-1.png

Ransomware is already a $1B cyber-crime industry and is projected to grow even more, partially due to its emerging tactic, called “Popcorn Time”.

What is Popcorn Time?

The Good News: Popcorn Time allows you to avoid paying your ransom after your systems get infected. But wait, these are cyber-criminals we’re talking about here, so you can bet your bottom dollar there’s going to be a catch.

The Bad News (AKA The Catch): Popcorn Time is now asking for referrals, in exchange for a decryption key. Essentially, you can avoid paying the ransomware all together if you infect two other businesses for them. Once payment from the other two businesses is received, then everyone gets their decryption key.

Ransomware is Becoming Like Social Media

Great! You just got hacked by a few Syrian cyber-terrorists, and can’t access your business-critical data. You’re panicking as you lose thousands every hour in downtime costs. But then you get a message that looks like this:

Restoring your files – The fast and easy way

To get your files fast, please transfer Bitcoin to our wallet. When we get the money we will immediately give you your private decryption key. Key should be received about 2 hours after payment made.”

You then begin to panic and realize this isn’t a dream. This is real, and you have now entered the negotiation stages. There has to be another way, you ponder, so you continue to read further down the message to see this:

Restoring your files – The nasty way

Send the link – below to other people, if two or more people will install this files and pay, we will decrypt your files for free.”

You are then given a link that you have the option of forwarding out to all of your friends, family, business partners, etc., in attempt to get them to pay the ransom for you.

You are intrigued further into their message that writes:

Why we do that? We are a group of computer science students from Syria, as you probably know Syriais having bad time for the last 5 years. Since 2011 we have more the half million people died and over 5 million refugees. Each part of our team has lost a dear member from his family. I personally have lost both my parents and my little sister in 2015. The sad part of this war is that all the parts keep fighting but eventually we the poor and simple people suffer and watching our family and friends die each day. The world remained silent and no one helping us so we decided to take action (Syria War in Wikipedia)

                 Source. Syria War in Wikipedia – Link.

They’ve successfully added another layer of guilt to the equation. They know you are more likely to just pay the ransom now, because you think it’s going to a good cause. Just be careful what you believe though, as there is no proof that this message wasn’t sent from someone in Dallas TX, or even your next door neighbor.

Decision Time

Hurry! There’s no time to waste! You are experiencing downtime and that is costing you more than just a huge check.

This is a tough position to be in. Do you partake in the spread of the malware or do you bite your tongue and just pay the hackers?

The Bottom Line

If you have the luxury of not being infected yet, take the opportunity to protect yourself with backup and disaster recovery. It really isn’t that hard, and it could save you the downtime costs, the dreaded moral dilemma and disheartening terrorist negotiations.

We have a plan that will fit your business, so take 5 minutes to learn about the only four things you’ll need to protect yourself from Ransomware!

{{cta(‘6ca05e8f-ce60-409d-b57c-ab7a0f2bac89′,’justifycenter’)}}

The post How Ransomware is Spreading: Popcorn Time appeared first on OTAVA®.

]]>
5 Use Cases for Desktop as a Service https://www.otava.com/blog/5-use-cases-for-desktop-as-a-service/ Mon, 27 Dec 2021 13:28:09 +0000 https://www.otava.com/?p=10272 Desktop as a Service (DaaS) helps businesses deal with real-time business changes by simplifying IT, cutting costs, and improving user experience.

The post 5 Use Cases for Desktop as a Service appeared first on OTAVA®.

]]>
Double exposure of businessman shows modern technology as concept.jpeg

The modern business does not look the same as it once did. With the evolution of technology and the advancement of mobile devices, the workplace is no longer confined to the office and the personal computer looks a lot different. With all of these changes, organizations still need to manage and upgrade their users’ systems to be compatible with modern cloud applications, all while on a tight budget. For these reasons and more, Desktop as a Service (DaaS) has entered the market to help businesses deal with real-time business changes. Keep reading for 5 reasons for your business to use DaaS:

1. Cost Savings

Many companies are making the shift to the cloud for the cost benefits that come with a reduced capital investment. with DaaS, companies no longer need to worry about PC hardware costs, and can instead shift expenses toward an easy to manage subscription service. DaaS also has the added benefit of helping to control IT costs because it requires less in-house technical support to deploy.

2. Faster and Easier Deployment

Speaking of deployment, with DaaS, companies no longer need to spend days or weeks onboarding new employees, or bringing personnel up to speed with desktops. DaaS allows companies to  provide employees will all necessary rights and permissions in a matter of hours. DaaS is a great option for companies with strapped IT departments and engineering staff that needs a quick environment for test and dev.

3. Enables the Mobile Workforce

With more and more companies shifting to the bring your own device model with employees, DaaS creates a unified platform across multiple devices. This allows companies to ensure employees have access to content they need, regardless of their chosen device. DaaS is also enabling the telecommuters  and traveling employees to access information from anywhere, while standardizing performance, security and support.

4. Security Advantages

With the majority of security breaches caused by human error and issues at the edge of the network, DaaS is an attractive option because data is held in the cloud, not on end-user devices. DaaS allows businesses to deploy a consistent set of user protocols across all devices. And with Service Providers managing your DaaS, security gets the attention it needs.

5. Reduced need for Internal IT

Organizations that struggle with an understaffed IT department and juggling IT tasks benefit from DaaS. DaaS does not require the same level of expertise and experience as other solutions, and its therefore much easier for small businesses to manage. It does not require large amounts of time to set up and therefore does not put immense strain on internal IT staff.

Conclusion

More and more businesses are realizing the benefits of moving away from physical desktops in favor of desktop as a service. This transition has helped many organizations to reduce IT complexity, lower costs and improve user experience. This shift is driven by the ease of deployment and management for IT organizations, as well as the benefits of standard security and user protocols. Otava Desktop as a Service can help IT organizations of all sizes to simplify the deployment of cloud-based desktops.

{{cta(‘d45e1e3d-33bc-4a77-8a14-1e7b50c86aea’)}}

The post 5 Use Cases for Desktop as a Service appeared first on OTAVA®.

]]>
The Importance of Cybersecurity in Today’s Business World https://www.otava.com/blog/the-importance-of-cybersecurity-in-todays-business-world/ Mon, 27 Dec 2021 13:28:08 +0000 https://www.otava.com/?p=10256 Cyberattacks are common these days with an ever-expanding Internet of things. Let's look at the threats of cyberattack and ways that you can secure yourself.

The post The Importance of Cybersecurity in Today’s Business World appeared first on OTAVA®.

]]>
Student girl with trainer working on computer and tablet

Cyberattacks are common place these days with an ever-expanding Internet of things. It is important to be aware of the potential for attack and to be prepared in the event that an attack on your systems or data does occur. The biggest trend in cybersecurity right now is that IT professionals and leaders are losing control of their technologies. Cybersecurity needs to be at the forefront of any businesses mind today, and oftentimes it is not and attacks occur. Let’s take a look at the constantly evolving threat of cyber attack and look at some ways that you can secure yourself.

Cloud Computing

Many people falsely assume that cloud computing is less secure than traditional methods of computing. This could not be further from the truth! First, where your data is stored means very little if there is a means to access it. People assume that since they have their servers on site they are more secure than if they were stored in a cloud, but what a lot of people fail to realize is that people who build cloud computing systems tend to have more of a focus on security and governance than people who build traditional enterprise systems that will sit behind a firewall. If you do not take the rigorous steps necessary to make security a priority when you build your system it does not matter if you are on the cloud or have a traditional set-up, you are just as vulnerable.

The future of computing is in the cloud. Back in 2010 the federal government of the United States of America embraced cloud and mobile technologies with its “cloud-first” policy. That was nearly ten years ago now, and more and more systems are moving to cloud-based networks because it is better technology. Security is your responsibility. You need to take the steps to ensure your safety, and newer cloud technology makes it easier than ever before to stay safe and respond to incoming attacks.

Prevention VS Response

There are a lot of different ways that a cyber attacker could potentially launch an attack against you. With a constantly evolving Internet, more and more devices being linked to the Internet, and a class of cyber attackers that is getting more intelligent all the time, stopping every attack is not very realistic. The good news is that you don’t have to stop them. In fact, it is better to have a fast-response prevention strategy instead. This way you are able to learn how an attack started and where it got in. Quick prevention allows you to evolve your defenses along with the evolution of the attack itself. A lot of security teams focus too much on total prevention instead of spending more time responding to real-time attacks. In a lot of cases they don’t even realize they are being attacked right away. A responsive defensive plan aims to know the second an attack starts, which is something that a preventative defense cannot do. It is important to have both strategies employed in your defensive plans, but it is time to put more resources and energy into response instead of prevention.

WannaCRY Recent Incident  

To highlight the importance of cybersecurity in a constantly evolving world of sophisticated cyber attacks one only need to look as far as the recent WannaCRY ransomware attacks. These attacks affected over 300,000 people around the globe. It got into people’s computers by exploiting a gap in Microsoft Windows operating system. It then locked people’s computers and information and demanded a ransom in untraceable Bitcoins for their return. These attacks also affected the UK’s NHS, Fedex, and many other large-scale organizations as well as regular people.

Bottom Line

Cybersecurity has never been more important than it is today. In such a volatile and quickly evolving area of business, businesses are building out their security teams and processes more than ever before. Your business is worth protecting; make sure you’re prepared with the most up-to-date security and best practices.

{{cta(‘6a6b3235-3fde-4805-9556-4719bc4c437b’)}}

The post The Importance of Cybersecurity in Today’s Business World appeared first on OTAVA®.

]]>
5 Best Practices for Protecting Your Data https://www.otava.com/blog/5-best-practices-for-protecting-your-data/ Mon, 27 Dec 2021 13:28:08 +0000 https://www.otava.com/?p=10253 The incidence of Ransomware is up and shows no sign of decline.Reduce the impact of Ransomware on your business with these best practices for data protection:

The post 5 Best Practices for Protecting Your Data appeared first on OTAVA®.

]]>
Businesswoman holding tablet pc entering password. Security concept.jpeg

The most important asset of any business is its data. And protecting that data is the priority of each and every CIO. With the onslaught of Ransomware on the IT world, protecting mission critical data has become a major challenge. Cyber security solutions alone are no longer enough to keep data safe, companies need to educate their employees on the best practices of data security and protection.

If Ransomware and other cyber threats are not a concern in your organization, they should be. The incidence of Ransomware is up to the highest of all time and shows no sign of decline. To get an idea of how you can reduce the impact of Ransomware on your business, check out these best practices on data protection:

Best Practices of Data Protection

1.The 3-2-1 Rule

When it comes to protecting your company’s data, the most important solutions that you can implement are backup and disaster recovery. To do so effectively, your company should follow the 3-2-1 rule, which states that you should have 3 copies of your data over 2 different medias with 1 being offsite. By adhering to the 3-2-1 rule your company can reduce its vulnerabilities to catastrophic data loss and easily restore from a Ransomware attack.

2. Rotating Drives

Ransomware viruses can target your critical files, lock you out of your systems or delete your files until you pay a ransom. To combat these cyber threats, a good best practice is to rotate your drives for backups. In the event that your company is attacked, you have the advantage of an offline drive that was not infected but can be easily turned on and recovered from.

3. Strong User Passwords

Though this seems obvious, you’d b surprised how many cyber attacks could be prevented if employees had followed appropriate password procedures. If you have not changed your standard issued “Password!” to something more complicated, this is for you. Strong user passwords are the first line of defense against hackers and cyber criminals. Attacks due to faulty passwords are often the most impactful and the most preventable.

4. Strong Backups and Snapshots

As we mentioned above, backups and DR are an important part of your data protection. The more types of backup and DR solutions you implement and the more frequently you backup, the more protected your data is. To help you understand how often you should backup, identify your company’s recovery time and point objectives (RTPO). And just as the 3-2-1 rule outlines, the more copies of your data on multiple media the better.

5. Mixed Repositories

The cloud is an amazing tool for fighting Ransomware. Storing your data offsite in cloud repositories makes it more difficult for cyber criminals to corrupt.  To further ensure your data protection, consider using mixed repositories, Windows OS and otherwise. Multiple contingencies ensures that in the event of an attack you can easily restore. 

Bottom Line

Data protection is top of mind for all IT professionals. And while we should always be aware of what we are clicking and how it could affect our systems, there are actions to be taken to provide a peace of mind.  Though there is no one solution that can 100% prevent a Ransomware attack, there are ways to reduce the impact of one. Follow the above best practices to better protect your data.

{{cta(‘c487f8ab-5e41-43d6-9053-0c3636a4dd99′,’justifycenter’)}}

The post 5 Best Practices for Protecting Your Data appeared first on OTAVA®.

]]>
10 Proactive Steps to Secure Your Company’s Data https://www.otava.com/blog/10-proactive-steps-to-secure-your-companys-data/ Mon, 27 Dec 2021 13:28:06 +0000 https://www.otava.com/?p=10227 Cyber-attacks don't just happen to big companies. What can you do to secure your company's data? We have 10 proactive steps you can start using today.

The post 10 Proactive Steps to Secure Your Company’s Data appeared first on OTAVA®.

]]>
secure-your-companys-data.jpg

There’s a myth about cyber-security and it’s potentially a dangerous one— only big businesses get hit by cyber-attacks.  The truth is that cyber-criminals don’t attack businesses because they’re big— they attack businesses because they’re vulnerable and they’re willing to pay a premium to get their data back. Many cyber-attacks are automated, with bots crawling the internet looking for vulnerable sites.

To debunk the myth Small Business Trends says that about 43% of all cyber-attacks are against small businesses. In fact, 55% of small businesses in a recent survey indicated that they had experienced such an attack in the past year, and only 14% say their ability to mitigate cyber risks and attacks is “highly effective.”  The stakes couldn’t be higher:  the impact of such an attack can be devastating, with an alarming 60% of companies going out of business within 6 months of the attack.

What Can Businesses Do?

Stats can be scary. Fortunately, there are proactive steps your business can take to dramatically decrease the odds that you’ll become a victim of a cyber-attack:

  1. Back up your data: If your system crashes, you need to ensure that your data is safe.  That means you need some form of effective data backup— in fact, you should probably have multiple back up strategies. This could be using an external hard drive, keeping copies of important documents on a secondary computer, and using flash drives. Of course, each of these methods has its drawbacks (for example, hard drives can crash, and flash drives can fail). The best strategy is arguably moving your data to reliable cloud storage.
  2. Use a web application firewall (WAF): Web application firewalls (like Sucuri and CloudFlare) will stop many (though not all) attacks. They’re particularly effective at preventing distributed denial of service (DDoS) attacks—these make your website unavailable by overloading it with traffic—and protecting your business against cross-site scripting (XSS) vulnerabilities.
  3. Implement a 2-step verification process: Also called two-step authentication, this can make accounts more secure.  With 2-step verification, you can only access an account with both something you know (like a password) and something you have (like a code which is sent to your mobile phone). You can augment this strategy by using longer passwords which are more difficult for attackers to crack.
  4. Encrypt your data: The data you store is increasingly at risk, this because of the inter-connectedness of smart devices.  One way to protect data is to encrypt it.  When data is encrypted, it can only be accessed by someone who can provide appropriate authentication.  Google recently launched its BeyondCorp initiative, for example, which requires such authentication, and in this way is helping businesses secure their most important documents and information.
  5. Store some sensitive data offline: The fact that you can digitize all information doesn’t necessarily mean that you should. One approach an increasing number of companies are taking to protect their data is to store some of their most confidential data in physical files.
  6. Move data to the cloud: Moving data to cloud storage can solve myriad problems, and puts that data in the hands of those with the expertise and resources to ensure its security.  There is, of course, the risk that cloud storage could make data accessible to some people you wouldn’t want to have it.  You can solve that problem by establishing robust permission levels, which restricts the number of people who can access it, and by carefully selecting the most reliable cloud services provider.
  7. Have everyone in your business optimize passwords: When employees create obvious passwords (like “123456,” or “password”), you greatly increase the risk that those passwords will be cracked.  Educate your workers to test the strength of the passwords they create, and insist that they change their passwords regularly—ideally, at least every 3 months or so.
  8. Stay on top of current security practices: Hackers and cyber criminals are continually updating and improving the strategies they use to gain access to your data, which means security experts are continually updating what they do to protect it. It’s important to educate yourself about these practices, perhaps in consultation with your cloud services provider.
  9. Test your system on a regular basis: To ensure your data remains secure, you should run regular scans to identify potential internal and external security vulnerabilities. The concept is a simple one:  if you can hack your data, so can experienced hackers.
  10. Partner with experts: Perhaps the most reliable way to secure your company’s data is to outsource the job to experts who specialize in security and can create a holistic strategy, customized for your business. Although there are many common-sense steps you can take on your own, including those listed above, businesses that have deep experience are bound to consider things you won’t, and take precautions of which you’re not aware.

Conclusion

As the number of business which are hacked continues to increase, it becomes more important than ever to adopt a proactive approach to data security. To learn more about the ways our custom cloud solutions can help you secure your company’s data, contact us today.

{{cta(‘6a6b3235-3fde-4805-9556-4719bc4c437b’)}}

The post 10 Proactive Steps to Secure Your Company’s Data appeared first on OTAVA®.

]]>
Why You Need A Vulnerability Assessment https://www.otava.com/blog/why-you-need-a-vulnerability-assessment/ Mon, 27 Dec 2021 13:28:06 +0000 https://www.otava.com/?p=10224 Discover if your systems may be at risk with NewCloud Network's vulnerability assessment. We'll help you understand the holes that lie within your environment.

The post Why You Need A Vulnerability Assessment appeared first on OTAVA®.

]]>
why-you-need-a-vulnerability-assessment.jpg

Every network and device on the Internet is a target. Criminal organizations and rogue individuals constantly probe every system they can find. If they discover a weakness, they can steal information, wipe out files with ransomware, and take control of computers to gain more attacking power.

To keep your systems safe, you need to discover their weaknesses before someone else does. Doing this systematically is called a vulnerability assessment. If you haven’t done one, you can be sure there are weaknesses to discover. Even the most secure networks have some flaws.

An assessment prioritizes risks as well as identifying them. It takes both importance of information and degree of vulnerability into account. Valuable databases obviously are a serious concern, but so is any device with weaknesses that could give an attacker an easy foothold in the network.

Identify data at risk

The first step in assessing vulnerabilities is to identify your valuable digital assets. Where is critical information stored? How well-protected is it? Are there secondary locations which also hold the information?

Business databases require serious protection. Someone who gets access to one can obtain customer data and business records. They’re the most obvious assets to protect, but other files may contain critical information as well. Mailing lists may be plain text files. Desktop machines can hold confidential memos about upcoming deals. Outdated information sets may have been abandoned but not purged. The assessment needs to locate all points that have a significant need for protection.

Examine the network

Any device which is reachable from the Internet is a target. The assessment needs to include an inventory of them, with information about their operating systems and Net-accessible software.

The network architecture needs a careful examination. The firewall should keep out any access which doesn’t have a business purpose. Attackers can exploit bugs in protocols and services which no one else is paying attention to. The most critical parts of the infrastructure shouldn’t be directly accessible from outside the local network.

If employees can use their home computers and smartphones to access the network, they need to be counted. There are clear benefits from telecommuting and a BYOD policy, but they’re also a source of risk.

Examine the software

Any device with software that isn’t maintained is vulnerable. If patches have been issued but not installed, it has publicly known weaknesses. The operative word is “devices,” not just computers. Printers, Wi-Fi access points, and fax machines are all computing devices which can have dangerous bugs if they aren’t patched. Old devices are an especially serious problem if they can’t be updated anymore.

Configuring software properly is an essential part of protecting it. Risky features should be disabled if they aren’t needed. Passwords need to be strong. Access controls should be set up correctly.

Software should store critical data, such as passwords and financial information, in encrypted form. Unencrypted information is a significant risk.

Review human factors

Most breaches can be traced to human error. Hardware and software protections aren’t very effective if employees don’t understand good security practices. They need to learn to use good passwords, to treat email with caution, and to be careful about the information they put on their personal devices.

Access from outside the company is another source of human risk. Business partners and contractors have their own security issues, and a compromise of their networks could give an attacker a way into your network. Outside organizations should have the access they need, but no more.

The benefits of a vulnerability assessment

Once the assessment is complete, the company is in an informed position to improve its security. Not all vulnerabilities are exploitable; for instance, an open port with no software responding to it can’t be exploited — currently. The next step is to prioritize vulnerabilities and address them starting with the greatest risks. Penetration testing can be a valuable tool for this. Knowledge is power, and knowing where the vulnerabilities are is the best basis for a security strategy.

Otava lets you keep your backups secure and off-site for maximum safety. Contact us to learn more.

{{cta(‘f04c49b1-849a-4976-b784-eb4323ac2741’)}}

The post Why You Need A Vulnerability Assessment appeared first on OTAVA®.

]]>