Why a Next Generation Firewall is Essential

next generation firewallIf your organization is operating behind last year’s firewall, you are not protected. Don’t believe us?

Traditional networks were like a snake eating its tail; they had a beginning, middle and an end in a closed loop of sorts. Today all kinds of digital devices are accessing your network from anywhere there’s an internet connection. This means your in-house IT team is dealing with a whole host of new security threats. All it takes is one look at tomorrow’s headlines for the latest data breach to figure out that yesterday’s firewalls aren’t doing a great job at mitigating the risk of companies like Equifax, Yahoo!, or Uber. If some of the biggest companies on the planet (JP Morgan Chase, Anthem – need we go on?) are failing to keep their in-house data secure, it calls into question both on-premise networks and the IT teams that run them.

As these threats are evolving, companies are looking to solutions that can shield their network of ever-increasing endpoints. Among the various cyber security solutions available, you will find next-generation firewalls that, according to Gartner, have, “integrated deep packet inspection, intrusion detection, application identification and granular control.”

What Problems Can a Next-Generation Firewall Solve?

“Firewalls have become ubiquitous across enterprises over the past decade, but the combination of new and varied access methods combined with increasingly sophisticated attacks has forced network operators and security professionals to constantly evaluate their defenses.”
Network World

There are three primary areas why next-generation firewalls make sense in today’s hyper-digital environment:

1. Application Monitoring

HP says 84% of hacker breaches occur at the application level. Having application-level control is crucial to stay ahead of these risks. This is granular control down to user-specific rules by application.

2. Mobile Device Controls

2018 is the year of “mobile-first;” user activity on mobile devices and applications will far outpace any other type of digital usage. But these applications are filled with potential vulnerabilities that hackers could exploit. According to HP, 77% of mobile apps have these vulnerabilities.

3. Revolving Environments

Any organization housing data that hackers consider important is at risk. As the volume of our data captured increases, the more attractive we become to hackers. We must monitor advanced persistent threats (APTs), borderless networks, and enterprise risk environments. Traditional firewalls simply cannot keep up with collecting, storing, and analyzing activity data within a network that has no walls.

What to Look for in a Next-Generation Firewall

Network World suggests that a next-generation firewall include some of the following features:

  • Intrusion prevention systems
  • Deep packet inspection
  • SSL inspection

CWPS offers our customers a full cyber security suite of products including advanced next-generation firewall protection from Cisco Meraki. The firewall made Gartner’s latest Magic Quadrant as a best in class security solution for any business. We combine this next-generation product with a secure Internet gateway, NextGen Antivirus protection, and security awareness training that will help protect your organization from what’s next on the hacker’s radar. Contact us to discuss how these tools can keep your data safe.

You Should Never Have to Hire a Data Recovery Services Company (Here's Why)

cyber-attack-data-breach.jpgWhat would happen if you lost a portion of your business data? What critical business functions would be affected? How would it affect your clients? 

The Disaster Recovery Preparedness Benchmark survey says three out of every four companies are at risk of having no data recovery plan in place. In 2014, more than one-third of the organizations surveyed lost one or more crucial data applications over the year. Those outages ran from hours to days, according to the survey.

With ransomware and phishing emails increasing, your critical business data is at risk. Data recovery services are standing by to help you recover, but are they really necessary if you have a strong data recovery mechanism in place? 

Here’s the number one reason why you shouldn’t need to hire a data recovery services company: Your disaster recovery plan should include robust and constant data backups in the cloud. 

Data Recovery Services – Unnecessary in the Cloud

Data loss is a serious threat to any business. Whether it’s a data breach from cybercriminals or a natural disaster, housing your data onsite without offsite redundancies can be a risky proposition.

Typical scenarios that could affect your data include:

Hardware failure, such as the loss of an email server, could wipe out communications across your business. If you’re still running an email server in-house, do you have redundancies built into the infrastructure to counteract equipment failures?

Human error may be the most common reason for data loss. If you’ve ever trashed a document that you meant to save, or forgotten to save it in the first place, you know how easy it is to make a mistake.

Even worse, human error is the most frequent cause of malware infections; one click on a phishing email could infect your network with a virus. According to Barkly, every 1 in 131 emails contains malware.

via GIPHY

Creating a data recovery plan incorporating cloud technology is an important way to counteract all of these potential problems. Backing up your data – all of your data – is an important component of this approach. Some of the benefits of cloud backups include:

  • They occur constantly, and your data can be fully encrypted in transit and at rest in remote off-site data warehouses.
  • The infrastructure is state-of-the-art and backed by an enterprise-level multi-regional secure architecture.
  • Virtual machines can be developed in the cloud that allow you to continue to access your functions, even if you are in the thick of a weather-related disaster or man-made crisis.
  • Data storage is efficient, redundant, and backed by the best security features today, making the cloud more secure than most on-premise IT infrastructures.

 Managed service providers like CWPS can help your company migrate to the cloud and create a data backup and recovery plan that will ensure you never have to hire a data recovery services company. Data backups, secure cloud connections, and the development of virtual machines, are all important functions provided by managed service providers. Contact us today to find out how we can ensure the security of your data in the cloud.

Guide to Keeping company's data safe

Must-have Cyber Security Essentials for Your Business

cyber_security_tips.jpgManaging cyber security for your business should be a top priority for 2018. That’s because the threats from hackers are multiplying, whether your business is small or enterprise-sized.

It’s not melodramatic to suggest that your employees are all that stands between you and malware; every day they are one click away from infecting your company. That’s because the volume of phishing emails are the highest they’ve been in years. 

The threats are real, and your corporate information is vulnerable – unless you arm yourself with cyber security essentials to protect your data.

Cyber Security Essentials for 2018

“Malicious emails were the weapon of choice for a wide range
of cyber attacks during 2016, used by everyone from state- sponsored
cyber espionage groups to mass-mailing ransomware gangs.
One in 131 emails sent were malicious, the highest rate in five years.”
Symantec Corporation
Internet Security Threat Report, April 2017

From cyber attacks on political parties in the United States to a hack this month of 143 million Social Security numbers from the number one credit-reporting firm, incidents of data theft are all over the news. These are high-profile cases so you may believe that the data housed in your small to mid-sized company could simply fly under the radar of hackers.

We wish that were true. The New York Times reports 60% of all online attacks targeted the small to mid-size company.

Installing cyber security essentials for the small to mid-size business does not have to be expensive. Partnering with a managed services firm in a monthly subscription can be an affordable way to increase security. Whether you choose the help of an expert or do-it-yourself, here are seven cyber security essentials: 

1. Cyber security needs to be a part of your corporate culture. This means that you need to train employees in how to avoid physical and digital risks. This could include everything from teaching employees how to detect phishing emails, to never leaving a company laptop in your car, to how to select a secure password.

2. Develop a cyber security strategy that defines who is responsible for what in the event of a breach or attack.

3. Keep your operating systems up-to-data with the latest upgrades and patches. If you’re using software-as-a-service or storing your data in the cloud, security updates happen constantly as new threats emerge. But what if you have an email server tucked away in a back closet? When was the last time the operating system was updated?

4. Have a strong firewall and hide your data behind it. If your employees work from home, be sure they aren’t opening a backdoor to your data every time they dial in.

5. Backup all data in the cloud. Backups can be the best protection from ransomware.

6. Create and follow an action and security plan for cell phones. Users should encrypt their data, password protect all devices, and install security apps that prevent theft when accessing public networks.

7. Control access by creating user accounts with strong, frequently changing password protection.

8. Secure and encrypt all Wi-Fi connections.

Staying on top of data security is something you won’t have to worry about when you work with a managed service provider like CWPS. Contact us for a confidential assessment of your data vulnerabilities and the cyber security essentials to keep your company safe.

Guide to Keeping company's data safe

Cyber Security for Business - Why You Need an IT Recovery Plan

startup-593327_960_720.jpgInformation technology has evolved beyond being a tool for your business to being the central hub for all of your business operations.

That’s our best argument for developing an IT recovery plan in case something goes wrong.

One look at today’s headlines and you’ll understand that myriad threats have emerged to create the perfect storm with the potential for shutting down your business operations. From natural disaster to data breaches, mitigating the risk means creating an IT recovery plan to keep your business safe.

The Risk Landscape – Cyber Hacks

The actuarial assessment of risk for cyber breach is very high. Some of the most notorious hacks in history have happened in the last few years, including:

  • Home Depot lost billions to a cyber security failure.
  • The U.S. Veteran’s Administration had an external hard drive stolen from an employee’s home during a burglary, costing the agency $500 million.
  • Big box store Target had a cyber security failure that cost them $252 million to repair.
  • North Korea hacked Sony Pictures, causing reputational damage in addition to $151 million.

If you’re the owner of a small business, you may be rolling your eyes; surely the risk is not as high. However, NTT Security’s threat assessment shows that the risk of cyber hacks affects every size business in the form of phishing scams. Phishing are emails with embedded code that can spread viruses like ransomware, which encrypts your files until you pay a ransom.

All it takes is one employee to open the wrong email. In fact, 67% of all cyber attacks start in this simple, but effective way.

The Risk Landscape – Natural Disasters

Over the past few weeks we’ve heard about Hurricane Harvey and the devastation it’s bringing to Texas. CNBC says the cost could reach as high as $75 billion. How many of these businesses will simply close, in part, because their IT infrastructure has failed, stopping business as usual in its tracks?

From tornados to floods, most businesses are one disaster away from an irretrievable data loss. But the list of crises beyond catastrophic weather include electrical fires and burglary, vandalism or just plain equipment failure. With an IT recovery plan in place, your business stands a much better chance of surviving, no matter what human-made or natural catastrophe arises.

Elements of an IT Recovery Plan

Developing a disaster recovery and business continuity plan for your IT systems includes an assessment of your current network. Here is an overview of what your plan should encompass:

  • Asset inventories
  • Off-site data backup and recovery planning
  • Development of redundant IT systems
  • Creating a communications plan
  • Development of off-site workflows to encompass systems such as accounting, payroll, and client billing
  • Mitigation plan in the event of a data breach

For a more detailed look at what your plan should include, check out our earlier post on what every IT recovery plan should include.

Inc. says 40% to 60% of all small businesses that lack an IT recovery plan will close their doors after a major disaster. Don’t let this happen to your business.

Contact CWPS today to begin an assessment and threat mitigation process that will help keep your IT infrastructure safe in the event that an unthinkable event will occur.

New Call-to-action

How to Prevent Phishing Scams and Create a Culture of Security in Your Office

Defend against phishing.jpgIf you’re concerned about cyber security then phishing should be high on your worry list. That’s because phishing is one of the most common causes of cyber security breaches on the planet. In order to remain vigilant against this hacker’s technique, your entire workforce must be aware of how to prevent phishing, and the consequences of falling prey to an attack.

Let’s look at creating an office culture that focuses on to preventing these cyber threats.

Phishing 101

Phishing typically takes the form of fake emails designed to unleash a virus in your computer or steal personal information. Global security firm Symantec says 54.3% of all emails generated are spam with a potentially malicious intent.

Some of the phishing techniques today include:

  • Embedding a link in an email that takes you to an external site and asks you to enter information.
  • Attaching a file to an email that spreads a virus.
  • Requesting sensitive information via faked credentials that look very, very real.

Because these techniques are designed to exploit the individual within your company, it is imperative that your entire team understands how to prevent phishing attacks and what to do if they make a mistake and the unthinkable happens.

Training Staff in How to Prevent Phishing 

Creating a cultural emphasis on how to prevent phishing starts with training and education. The first step is to teach anyone that receives email in your organization how to recognize a potential phishing email. Here’s what to look for:

  • The email will likely be from a company you’re familiar with; it will have an easily recognizable logo stolen from a real business.
  • Do you see misspellings in the email? That’s always a red flag!
  • Never click on a link in an email. We used to suggest that you rest your mouse on the link (without clicking!) to see a string of digits that in no way match the URL of the supposed sender of the email to prove it’s a phishing scam. Today, it’s not even safe to do that; there’s a line of malware (viruses) now that have a new type of link. If you hover over the URL containing Zusy malware, it will release the virus.
  • If you receive an .exe file, that file is likely a virus just waiting to be unleashed.
  • If the web address (URL) resembles a popular company but the spelling is slightly off – it’s a scam.

Barkly reminds us the number one vehicle for computer viruses is email. The Verizon 2017 Data Breach Investigations Report said two-thirds of all the malware on infected computers in 2016 came from phishing emails. 

Is Your Business Prepared?

In addition to training your team to be alert for phishing scams, make sure your operating systems; firewalls and security intrusion systems are fully up to date. Make sure your IT team is backing up all of your data frequently. Also, always encrypt sensitive company information. 

CWPS offers security training in how to prevent phishing and other cyber security threats. Businesses depend on our managed services that include cyber security intrusion monitoring and mitigation. Contact us and keep your business safe.

New Call-to-action 

Markus Spiske

Cyber Security Training for Businesses - Why You Need It

58754912_s.jpgYour employees have constant access to the technology that your business relies upon -- and even if they are careful, it's likely that they are still a threat. Cyber security training is not relegated to the realm of IT professionals. All employees need to be aware of modern cyber security best practices if you want to reduce your risk.

Cyber Security is one of the Biggest Threats Today

Small businesses face cyber security threats every day. Not only are threats pervasive throughout many industries, but a single successful attack could result in business disruption for days or even weeks. Cyber security threats can cost an organization millions of dollars, shutting down their operations and adversely impacting their reputation. Cyber security threats may even result in employee or client information being stolen, requiring a costly mitigation that could last months. 

Most Threats Come from Within

Though businesses may have state-of-the-art technology protecting them, this does not help if the threats come from within. Employees may be negligent, malicious, or simply make a mistake. They may click on the wrong link, download the wrong email attachment, or simply not be paying attention to what they are doing on their network-connected personal device or phone. Regardless, an employee's actions can very easily lead to a network compromise, even if the company was already protected through its technology. This makes it critical for employees to understand the risks that they face -- especially when it relates to modern tactics, such as the phishing, that may now be associated with ransomware. If employees cannot even recognize a threat, it is impossible for them to defend against it. 

Many Employees Don't Understand the Need for Cyber Security

Though employees may understand cyber security in the abstract, they may not understand how it impacts their tasks on a day-to-day level. Employees need to be introduced to a culture of cyber security for a business to be able to truly defend itself from cyber threats. Cyber security training puts employees through the paces and runs simulations so they better understand what they should do when confronted by a threat. Preparedness empowers employees so they can act fast and with authority.

Are your employees prepared to protect your organization against cyber security threats? You can find out. CWPS offers cyber security training for businesses through training and simulations. Contact CWPS today to sign up for KnowBe4 training and make sure that your employees are ready for any threat.

Guide to Keeping company's data safe

Cyber Security Tips - The Importance of a Defense-in-Depth Strategy

cyber security tipsWhat is defense-in-depth and why is it an important security strategy for organizations today? Defense-in-depth is an IT security strategy that uses a multilayered security approach, with multiple security measures designed to protect the organization's most important data assets. In a defense-in-depth strategy, a company's most important data may be protected by many layers of security, whereas less important data may be less restricted. The average cost of a data breach is $4 million; a proactive defense can protect against this.

The Benefits of Defense in Depth

A multi-layered approach can be tailored to different levels of security. Not every asset needs to be completely secure; instead, only the most business critical assets, such as proprietary and confidential information, can be protected by the most restricted settings.

If one system fails, there are other systems functioning. It's impossible to guarantee the security of any single type of security application; there are always vulnerabilities and exploits. By using multiple systems to mitigate damage, the organization can ensure that even if one (or multiple) systems fail, the system itself is still protected.

There are many niche solutions -- and threats. Organizations today often need to maintain multiple cyber security applications, such as antivirus programs, anti-spyware programs, and anti-malware programs. Cyber security involves so many threats today that unique tools are often necessary.

Achieving a Defense-in-Depth Strategy through an IT MSP

An IT MSP can aid an organization in transitioning towards a defense in depth strategy in three major ways. IT MSPs are able to chart a course for the organization, so that they can better transition to this type of strategy without business disruption. IT MSPs can also identify the best technology, using their advanced knowledge of current cyber security measures and the threats that the organization is most likely to face. Finally, IT MSPs can leverage the power of cloud solutions to provide a defense in depth strategy that isn't going to utilize more resources than the organization has access to. Without cloud-based infrastructure, most defense-in-depth strategies would be prohibitively expensive in terms of infrastructure and resource costs.

Not only is a defense in depth strategy critical to modern organizations, but companies should switch to it as quickly as possible to fully protect themselves. CWPS can help your organization setup a multilayered, defense-in-depth strategy today. Contact CWPS for information about the benefits of defense-in-depth and to find the best way to transition your organization.

New Call-to-action

One Thing Every SMB Should Know About Choosing an IT MSP

55217092_s.jpgWhy are you interested in a managed IT service provider? For the most part, many SMBs look towards an IT MSP to improve upon their operations and manage their technology. But MSPs also provide a far more important service: they can manage a company's cyber security. And it isn't just that an MSP can help protect against some cyber threats. When you work with an MSP, you put the bulk of your IT infrastructure in their hands. You need an MSP that can protect your IT assets from all of the various types of cyber threats – not just one or two.

Maintaining Security in a Changing World

Why are SMBs so frequently targeted by cyber criminals? Because most small-to-midsized businesses are not properly secured. Whether it is because of a lack of time or resources, many SMBs find it prohibitively difficult to setup a reliable security system. There are three core challenges that SMBs run into when maintaining their security:

Staying up-to-date on current threats. Ransomware, ghostware, phishing -- all of these threats are constantly evolving. Cyber criminals are very smart, and they are continuously acting to defeat new security methods. Not only do businesses need to be aware of these threats, but they also need to be prepared to counter them.

Investing in the right technology. Firewalls, antivirus solutions, and DNS filtering are all required to create a complete security ecosystem. SMBs have to find the right technologies, ensure that they are well-integrated, and keep them updated. This can be an overwhelming task for a small business owner and their (often small) internal IT team.

Reacting in a proactive manner. When threats are detected, a business needs to be able to react quickly to both secure assets and mitigate the threat. SMBs often don't have the resources to monitor their systems continually -- and they may not have disaster preparedness plans for data loss and business disruption.

Selecting a Managed IT Service Provider

A solid MSP should be able to help a business with all of the above security issues -- this is the one thing any SMB needs to know about choosing an IT MSP. A good MSP will be able to setup the right technology infrastructure and manage and maintain it. They will be well-educated on all current security threats and they will be able to advise you on the best course of action to mitigate and defeat them.

Naturally, there are many things that a business should consider when they are choosing an IT MSP. But security is one of the most important factors. IT MSPs must be well-versed in all levels of IT security and must be able to provide consistent support and defense against modern security threats. If you want to learn more about securing your IT infrastructure, contact CWPS today.

New Call-to-action

4 Takeaways from the Recent Dyn DDoS Attack

63576084_s.jpgOn October 21st, 2016, one of the major DNS providers in Europe and North America experienced a substantial cyberattack. The Distributed-Denial-of-Service attacks disrupted Dyn, the service provider, for the majority of the day, making it difficult for users to access the Internet. Connectivity to popular services such as Twitter, Netflix, and Facebook was intermittent and spotty for consumers, as multiple waves of attack occurred throughout the day. While there are many lessons that can be learned from this attack, here are the four biggest takeaways for businesses:

1. A System is as Vulnerable as Its Weakest Link

Or, in some cases, its biggest target. Cyber criminals were able to take down millions of users and disrupt major services all by targeting a DNS provider. This is because domains need to be resolved before returning any data; the DNS provider is an important third-party link between the user and the websites they request. This type of vulnerability is also why video game networks are commonly targeted: because a single server going down can take down authentication for millions of users and multiple games at once.

2. Cyber Criminals Are Becoming Better Organized and More Sophisticated

The Dyn attack occurred in a total of three ways and it involved 10s of millions of unique IP addresses. Better technology, both in terms of hardware and software, could not have protected Dyn from this attack. Though the security team was able to finally mitigate the attack by the end of the day, they could not have prevented the attack from occurring with the technology currently in place. Technology will need to advance to the height of these cyber criminals.

3. Internet of Things Devices Can Be Dangerous

As noted, 10s of millions of IP addresses were utilized throughout the Dyn attack. These were not likely to be computers. In the past, DDoS attacks had to rely upon computing devices -- often in a botnet -- to create enough connections and traffic. Today, there's a proliferation of Internet of Things devices, each of which can be considered a small computer and therefore vulnerable to malware. This makes DDoS attacks incredibly powerful and highlights modern IoT security challenges.

4. Every Business Needs a Disaster Preparedness Plan

Dyn was able to resolve the issue by acting quickly to the DDoS attack. Otherwise, the Dyn DDoS attack could have been sustained for significantly longer and done substantial damage. Without the right preparedness, Dyn itself might even be considered liable for a prolonged attack. This highlights the need for an effective and complete disaster preparedness plan -- and these plans need to include the potential for IoT devices to become compromised. 

The Dyn DDoS attack could not have been as devastating without the Internet of Things -- and the IoT is here to stay. Cyber criminals have become sophisticated and advanced, and they have learned that a strategic application of these IoT devices can be enough to knock down large organizations. Companies need to protect themselves from these and other threats by securing their IoT systems and having a plan in place if the worst occurs.

New Call-to-action

Have a Mobile Workforce? Follow these 6 Cyber Security Tips

39198211_s.jpgPersonal devices are used for work by 40% of the U.S. employees working at large enterprises today. Unfortunately, that's a security risk. Whether working from home or connecting in a coffee shop, employees are far more likely to be concerned about their work than their security. If you have a mobile workforce then you should keep the following cyber security tips in mind.

Cyber Security Tips for a Mobile Workforce

  1. Create a clear and transparent security policy. Many employees are not aware of the risks or don't understand the consequences. By defining a clear security policy, you can tell them exactly what they shouldn't do -- and also introduce a level of accountability. Your security policy should also include what occurs in the event that an employee loses their device.
  2. Invest in a secure authentication and identity service. Identity-as-a-service solutions are becoming particularly commonplace because they create a centralized and secure authentication service.
  3. Start using multi-factor authentication. Traditional login name and password systems simply
    aren't enough to reliably secure a system. Multi-factor authentication goes a step further and may also track the devices themselves. 
  4. Lock down your important digital assets. Rather than allowing copies of digital media to be transferred and stored, allow the live viewing of data on your company server. The more in control of your data you are, the less likely you are to have it compromised. Otherwise employees may save critical information in personal email accounts, instant messaging services, and personal cloud servers.
  5. Monitor your system consistently. The goal of network monitoring is to identify unusual traffic or potential data breaches before they can become damaging. By constantly monitoring your system, you can resolve issues before they cause damage. You can also account for employee mistakes -- which will happen regardless of training.
  6. Create a layered security system. By relegating mobile devices to certain areas of the network, you can prevent breaches to more important areas of the network. A layered security system will make it more difficult for a cyber criminal to breach all of your data.

The average cost of a data breach is $4 million, but this can all be avoided with the proper preparation and planning. CWPS can help you find the best and most cost-effective methods of securing your network -- even against your employees. Contact CWPS today to learn more.

Image via Giphy