Call (716) 373-4467
06Dec

Is Your Data Secure? Databranch’s 8 Best Practices for Vetting Cybersecurity Vendors

IMAGE SOURCE: https://pixabay.com/photos/cyber-security-internet-network-4610993/

An effective way to bolster your business’s data security is to work with a Managed Service Provider (MSP) or I.T. Service Provider (ITSP) like Databranch. They address network vulnerabilities to prevent cyber criminals from exploiting them.

Besides monitoring and organizing your servers, a Managed Service Provider (MSP) or I.T. Service Provider (ITSP) plays a pivotal role in the cybersecurity program of your business. They implement several strategies to shield your network from attacks and protect your data. 

For instance, many providers use email authentication protocols to monitor your server’s vulnerabilities. They can keep users from accidentally accessing malicious websites by determining spam emails containing malware or viruses. This results in enhanced system security. 

Another common practice is training your employees to ensure they follow the highest security standards. This is especially important if you have remote team members since there’s no way to keep track of their activities. To tackle this issue, an MSP or ITSP teaches your staff how to operate safely to avoid harm to your company’s infrastructure and reputation. 

On top of that, an MSP or ITSP can neutralize various threats due to their proactive approach. They offer several tools such as firewalls and endpoint detection to control the traffic and stave off cyber attacks. Also, they can install antivirus software and email security to stop intrusion attempts. 

Needless to say, an MSP or ITSP can shield you from a wide array of cybersecurity issues. But it’s vital to work with the right provider. 

To ensure this happens, you should look for and abide by the best practices for an MSP or ITSP in the cybersecurity space. This article will examine what they are. 

THE 8 BEST PRACTICES

PRACTICE #1 – ENFORCE MULTI-FACTOR AUTHENTICATION (MFA)

Cybercriminals are becoming proficient at accessing your credentials, so it’s critical to enable MFA for all your users. 

It consists of three elements: a password, security token, and biometric verification. Consequently, if attackers breach one security layer, they’ll still have to do a lot of digging to access your information.

PRACTICE #2 – MAKE PATCHING A PRIORITY

Application and operating system exploits are common. Hackers target them to access your system and compromise your data, but you can prevent this through regular patching. 

Making sure your system is up to date with the latest security standards decreases the risk of exploitation. 

PRACTICE #3 – CONDUCT REGULAR CYBERSECURITY AUDITS

An MSP or ITSP must be aware of on boarding, off boarding, and lateral movements within an organization. This warrants frequent cybersecurity audits to assess the competency of your team. 

Many MSPs or ITSPs hire third-party companies to perform their security audits. They can detect if a person who no longer needs access to the network still has it. It’s something that can endanger the client’s information, especially if the individual is a former employee. 

Conducting regular audits mitigates this risk. It enables an MSP or ITSP to implement some of the most effective access privilege limitations: 

  • IP restrictions – These security measures ensure that only users who can access your local network can utilize remote administration tools. 
  • RMM software updates – Software vendors typically dispatch updates to fix vulnerabilities and patch numerous security gaps. 
  • RDP (Remote Desktop Protocol) Security – This Windows native administration tool reduces the chances of ransomware attacks in your organization. 

PRACTICE #4 – HAVE AN OFF-SITE BACKUP

Backups are crucial for tackling malicious activities and ensuring operational continuity after cyber attacks. 

They also help address whether the company and its clients can access the latest version of their data and applications. This feature is vital for enterprises that must adhere to compliance requirements, including PCI-DSS and HIPAA. 

But besides implementing on-site backups, your MSP or ITSP should also set up off-site versions. If attackers compromise your RMM software, they can most likely reach on-site backups, too. 

So, to avoid disasters, businesses should have an off-site backup accessible to only a few people. It should also be offline for greater security. 

(Databranch is a proud Datto Diamond Partner and can help your organization implement a true business continuity/data protection solution for your organization.)

PRACTICE #5 – INCORPORATE LOG MONITORING

IMAGE SOURCE: https://pixabay.com/photos/startup-business-people-students-849804/

Log monitoring is analyzing your logs for potential glitches. As an MSP or ITSP scrutinizes your records, they can detect traffic from harmful sources and provide a clear idea of threat patterns. And over time, they can deploy countermeasures to seal these gaps. 

For example, cybersecurity experts use reliable security information and event management (SIEM) tools. They facilitate scanning through piles of information to enable faster threat detection.

PRACTICE #6 – LAUNCH PHISHING CAMPAIGNS

Phishing cyber criminals target your team members with emails or text messages, posing as legitimate institutions to steal your data. Unfortunately, most attacks succeed because of human error, meaning your MSP or ITSP should be aware of and monitor employees’ behavior. 

Setting up fake phishing campaigns is a great way to test your team’s ability to respond to phishing attacks. It allows you to pinpoint and improve inadequate responses, bolstering data security. 

To learn more about Databranch’s Breach Prevention Platform which includes monthly simulated phishing attempts and continuous end-user security awareness training, click here or email: [email protected]

PRACTICE #7 – CHOOSE YOUR SOFTWARE CAREFULLY AND SECURE ENDPOINTS

From small browser plugins to large-scale business systems, be sure your providers take data protection and cybersecurity seriously. Learn about their commitment to these aspects before purchasing their application. 

Furthermore, employ web filtering tools, antivirus software, and email authentication to fend off ransomware attacks through malicious emails. Ensure each endpoint and your virus definition library are secure and up to date with the latest standards. 

PRACTICE #8 – SET ALERTS AND DOCUMENT EVERYTHING

An MSP or ITSP that configures their systems to receive alerts upon system changes can work proactively and tackle threats early on. Many platforms automate this process through rules templates, personalization, and direct tickets to the PSA. This eliminates manual digging, saving precious time. 

Another useful strategy is to document your cybersecurity information, such as your defense mechanisms, emergency guidelines, and disaster recovery plans. You should also review it regularly to help preempt cyber attacks.

CYBERSECURITY IS PARAMOUNT

While digitalization has significantly streamlined your operations, it’s also made you more susceptible to data theft. 

To ensure cyber criminals don’t get their hands on valuable information and ruin your reputation, your MSP or ITSP needs to adopt well-established security practices. 

But if your provider hasn’t introduced off-site backups, regular patches, and employee training, you’re not getting your money’s worth. Hence, you may be frustrated since your provider isn’t delivering the necessary results. 

This makes you a sitting duck for cyber criminals. You need to resolve the issue as soon as possible. 

Databranch can help you do so. Reach out to us for a quick 15-minute chat at 716-373-4467 x 15 and our tech experts will do their best to show you a way out of your cybersecurity dead end.

Article used with permission from The Technology Press.

Read More

Comments
13Sep

Do you know Rock-IT VoIP?

 

Have you heard about Databranch’s Hosted VoIP Platform, Rock-IT VoIP?

VoIP stands for Voice Over Internet Protocol, or having your phone service over the internet, and is the next generation of phone systems.

Hosted VoIP has steadily been replacing traditional communications since 2004, and with the rise of Work From Home, Rock-IT VoIP can help you connect to your team anywhere!

We offer three simple plan options that can be just right for your business!

Start your Hosted VoIP journey today with Rock-IT VoIP! Give us a call at 716-373-4467 x 15, or click here to have our team help you choose the right plan for your organization today!

Read More

Comments
07Sep

Your Windows 11 Checklist!

 
Are you excited for Windows 11?
 
The new Microsoft operating system is sleek, modern looking, and includes a handful of upgrades, compared to Windows 10.
 
There are many new features, such as integrated Teams, and widgets that can be accessed directly from the taskbar. You can also use Android apps on your PC for the first time.
 
On October 5th, Windows 11 availability will begin for eligible Windows 10 PCs and PCs that come pre-loaded with Windows 11 will start becoming available for purchase.
 
Not every PC will be eligible for Windows 11, however. There’s a strict list of hardware requirements.
 
To run Windows 11, your PC must have:
  • A 1GHz, 64 bit processor with two or more cores
  • Minimum 4GB of RAM
  • At least 64GB of storage
  • A Trusted Platform Model (TPM) chip, which is a security chip
  •  
If you would like the Databranch team to check your organization’s machines to see if they are Windows 11 ready, give us a call at 716-373-4467 x 15, email [email protected], or fill out the form below to learn more!
 

Read More

Comments
27Aug

Don’t Blame the New Guy….

 
 
Have you taken on any new staff recently?
 
Did your onboarding include cybersecurity training?
 
If not it should, because both new hires and seasoned are at risk from something called social engineering.
 
Social Engineering is a clever way that criminals trick people into making a bank payment, clicking an unsafe link, or downloading a file containing malware.
 
For example, they might hack into someone’s account and send an email that seems to be from a real supplier, changing the bank details for invoice payments.
 
With so many people working from home, these socially engineered attacks have risen, possibly because we’re less alert to the dangers as we feel safe at home.
 
All it takes is a momentary lapse in judgement by anyone for your organization to suffer a loss. 
 
Fortunately, there is a tool available to help keep your organization stay safe against the dangers of social engineering: Cybersecurity training.
 
If you are interested in learning more about Cybersecurity Training and how my team can help you, give us a call at 716-373-4467 x 15, email [email protected], or fill out the form below!
 

Read More

Comments
19Aug

Three scary stats..

 
Are you afraid of ransomware? You have a good reason to be.
 
Ransomware occurs when a criminal gets access to your data, and then encrypts it. The data is still there, but you cannot read it or use it.
 
You then must pay a large ransom fee, most commonly in Bitcoin, to get your data back. It can devastate and even bankrupt a business all thanks to one click on one bad link.
 
Here are three scary stats that can show how bad ransomware has become:
  • Scary Stat #1: About 1 in 3,000 emails that get through filters contain malware. Think about how many emails you receive in a day; how long will it take for a dangerous email to reach your inbox?
  • Scary Stat #2: This year, a ransomware attack on a business can be carried out every 11 seconds. Of the businesses hit, many pay the ransom. However, many of them still may not get their data back.
  • Scary Stat #3: If your organization is hit with ransomware, it can lead to a long downtime period, as well as a high cost of cleaning your network and retrieving data.
It’s vital that you take this threat to your business seriously. Thanks to the pandemic, ransomware is on the rise, and if your business is unprepared, sooner or later you will lose data to an attack.
 
Always make sure:
  • You have the latest versions of security software and all updates installed
  • Your backup is working every day
  • Your people have been trained about the risks
Our team can help to keep your organization protected and help prevent ransomware from occurring. These are conversations that we will be having with our managed services clients. If you would like to start the conversation on how to prevent ransomware, give us a call at 716-373-4467 x 15, email [email protected] or fill out the form below!
 

Read More

Comments
12Aug

What’s the plan?

With all the changes the pandemic has brought on, have your business costs increased?

Do you have a new IT plan and budget for the rest of this year, and into 2022?

Some businesses are planning long term changes to their IT, thanks to COVID 19 and making flexible working permanent.

Other businesses will be using their IT budget on training to support their remote workers and others plan to improve their security, risk and governance.

What will your organization focus on for 2022?

Will you need to improve your own cyber security measures to include a permanent work from home policy?

Will you require better ways for your teams to communicate, share files and work on projects?

Perhaps you’ll need to invest in more cloud services?

These are all conversations we will be having with our Managed Services Clients. To have our team help you and your organization put a plan together, give us a call at 716-373-3367 x 15, email [email protected] or fill out the form below!

Read More

Comments
06Aug

The 3 ways criminals infect you with ransomware..

 
There has been a lot in the news over the last few weeks about ransomware attacks and we want to help clarify some things.
 
First, what is a ransomware attack? During a ransomware attack, a criminal gains access to your data and then encrypts it. The data is still there, but you can no longer read it or use it.
 
If you don’t have secured, unaffected backups in place, the most common way to get your data back is to pay a large ransom fee, typically in Bitcoin. (Do you know how much downtime costs your business? Check out our calculator to help determine what your potential recovery costs could be!)
 
Second, what effect can ransomware have on your business? It can be devastating. It can cost your business thousands of dollars to reinstate your data and secure your network even without paying the ransom. It can also cause days of downtime.
 
Third, how do criminals get in? There are typically three ransomware attack methods:
  • Exploit kits: These are used to compromise a website with hidden code in advertisements (known as malvertizing). They secretly redirect you to an unsecure page and download a malicious payload which infects your system.
  • Malicious attachments in email: Often, malicious emails look genuine and appear to be sent by someone you know and trust within your business, a supplier, or even your bank. When you open the attachment, the ransomware is triggered and infects your device.
  • Malicious links in email: You receive a link via email, which infects your device when you click it. These emails also seem to be from a believable source which is why so many people are tricked into clicking them.
The more prepared and protected you are, the better off you will be. Give us a call at 716-373-4467 x 15 or email [email protected] to learn more about how our team can help prevent malicious attacks and keep your organization safe!

Read More

Comments
02Aug

Have you been to the dark side?

 
The dark side of the web that is.
 
The dark web is a hidden section of the internet that you need a special browser to access. Its pages aren’t indexed by search engines and it hosts a lot of illicit dealings.
 
It isn’t all bad, though. Sometimes the dark web can be used for above board purposes. For example, journalists may use it to interview sources who wish to remain anonymous.
 
Regardless, the criminal activity there is huge, with a multitude of illegal items being sold. One of the other high demand products for sale is data.
 
Unfortunately, this could also mean your data.
 
If you’ve ever had a company inform you that it’s had a data breech, it’s likely your details could be floating around the dark web. If that’s the case, it’s only a matter of time until you’re targeted by cyber criminals.
 
While you can’t do much about your data being breached, you can stay a step ahead, and stop cyber criminals from accessing your accounts by:
  • Using a password manager to create unique passwords for all your accounts and apps.
  • Implementing multi-factor authentication where possible to add an additional layer of protection (usually by generating a login code on another device).
 
It can be difficult to navigate data security, so if you’d like some help, we’re here for you. You learn more, give us a call at 716-373-4467 x 15, email [email protected], or fill out the form below!
 

Read More

Comments
30Jul

Creating Cybersecurity Superheroes

 

 
 
How do you create cybersecurity superheroes?
 
By offering Security Awareness Training!
 
Databranch offers our client’s a Security Awareness Training Program called the Breach Prevention Platform.
 
This program helps you empower your human firewall by:
  • Providing ongoing training with weekly micro-trainings and monthly newsletters
  • Allowing you to set an example by actively participating in the program and setting expectations
  • Helping you encourage participation with the dynamic leaderboard and friendly competition
  • Showing you how to make cybersecurity a part of your company culture. Celebrate staff wins and review program progress during evaluations
  • Most importantly, having fun! You can create a fun screen name and get competitive!
With our Security Awareness Training Program, training is made easy through the use of the Employee Secure Score.
 
Gain insight into your organization’s human security threats at a glance.
 
Factoring in metrics such as training performance, program participation, and credential exposure, the Employee Secure Score – or ESS – analyzes your staff’s potential security risk to your organization.
 
Staff is assigned high, medium, or low-risk scores and given recommendations to reduce your organization’s overall risk level.
 
Every Thursday of the week: All staff should watch the Micro-Training video and take the accompanying quiz. The more Micro-Training quizzes they take, the higher their ESS!
 
The last Thursday of the month: All staff will receive an engaging, informative security newsletter. Feel free to share with friends and family!
 
These emails will come from [email protected] automatically!
 
You may have some questions or concerns about setting expectations for or motivating your employees; we are here to help!
 
How can you set expectations for you employees? Set compliance standards, and be an example, by going ALL IN!
 
  • Encourage all staff, including management, to participate in all training activities
  • Set deadlines for your team to take the training course
  • Make the Employee Secure Score a part of their employee evaluations
 
How do you motivate your employees? Celebrate a culture of cybersecurity!
  • Our program makes cybersecurity training FUN with a gamified leaderboard and friendly competition, so create a fun screen name and get started!
  • Celebrate low-risk employees and reward those with high Employee Secure Scores (ESS). Some organizations have quarterly competitions and give a gift card to the employee with the highest ESS!
 
Databranch is here to help prevent attacks from happening and to help keep your organization safe!
 
Give us a call today at 716-373-4467, email [email protected], or fill out the form below to learn more about Security Awareness Training!

Read More

Comments
22Jul

Still Using Paper?

Have you thought about using an electronic filing system and investing your resources into getting rid of your paper filing system, and taking it online? 

There are so many benefits to your organization filing paper-free and they’re not all about the environment. 

Getting rid of paper files will mean that your business can be a lot more organized. Your documents will be easier to find, which means less time wasted hunting through filing cabinets and you can access them from wherever you are. 

You’ll likely also save money when you think what you spend annually on printers, ink, postage, and physical storage.

We can also increase your data security. When everything is online it can be encrypted, locked behind passwords and protected by security software.

Of course, it does require time and resources to create a paperless file system, but once you’ve done it, you will definitely be glad you did.

Databranch can help you get started with a paperless filing system! Give us a call at 716-373-4467 x 15 or email [email protected] to learn more!

Read More

Comments
Administrative Privileges AI algorithms Annual Security Training Anti-Virus Artificial Intelligence Authenticator App Backup and Recovery Backup Redundancy BCDR breach prevention Breach Prevention Platform Breaches business continuity Business Email Compromise Business Email Compromises Business Phone System Business Software BYOD Call Directory Cisco Cloud Accounts Cloud Infrastructure Cloud Security Cloud Solutions Comprehensive Cybersecurity Compromised Credentials computer support Computer Upgrades Conditional Access Credential Theft Cyber Attacks Cyber Criminals Cyber Defenses Cyber Insurance cyber liability insurance Cyber Risk Management Cyberattacks Cyberinsurance cybersecurity Cybersecurity Awareness month Cybersecurity Breach Cybersecurity Culture Cybersecurity Training Cybersecurity Webinar Dark Web Dark Web Monitoring Data Backup Data Backup and Recovery Data Backup Solution Data Breach Data Breaches Data Governance Data Management Data Privacy Compliance Data Privacy Regulation data protection Data Recovery Data Restoration deepfake Deepfakes Defense in Depth Denial of Service Device Security Disaster Recover Disaster Recovery DNS Filtering doug wilson employee cybersecurity training Endpoint Detection and Response field technician Foundation Security Gift Card Scams Hackers Hosted VoIP i.t. service provider Identity Theft incident response plan Incident Response Planning Insider Threats Internet Explorer Internet of Things Intrusion Detection Intrusion Prevention IoT Devices IT Compliance IT Infrastructure IT Myths IT Partner IT Policies IT Resource IT Security IT Service Provider IT Services Juice Jacking Local Admin local admin privileges Lost Devices M365 malware Managed Clients Managed IT managed service provider managed services Manages Services MFA Microsoft Microsoft 356 Microsoft 365 Copilot Microsoft Office Mobile Devices MSP MSP501 Multi-Factor Authentication Network Monitoring Network Security Network Testing New Computer NIST Framework Offboarding Office 365 Outlook Outsourced IT Password Manager Password Managers Password Protection password security Passwords Patch Management Patches Patching PC Performance Penetration Testing Personal Data phishing Phishing Attacks PII Proactive Monitoring Processor productivity Professional Tune-Up Public WiFi Push-Bombing RAM Ransomware Ransomware Prevention Recovery Time Calculator Remote Monitoring Remote Working repeatbusinesssystems Ring Groups risk assessment Risk Management Risk Tolerance Rock-It VoIP RTO Costs Scammers Scams security Security Assessment Security Awareness Training Security Defaults Security Key Security Scans SLAM Method Smishing SMS Social Engineering Social Media Security Solid-State Drive Sponsored Google Ads SSD stolen credentials Storage Teams technical support scam technology best practices Technology Management Technology Policies Technology Review Threat Detection Threat Identification Threat Modeling Updates virus VoIP Systems VPN Vulnerabilities Vulnerability Assessment Warning Signs Webinar Windows 8.1 Work Computers World Backup Day