Most people use their devices all day every day and not just for personal use. They’ll access their work emails, documents and client data and their devices hold their passwords, their location history, and financial information.

1. If you don’t already, create policies for your business to ensure that lost or stolen devices are reported immediately; that updates are installed as soon as they become available; and that two-factor authentication, passcodes, or biometric logins are used.
2. Give your entire team formal education in cyber security and the red flags to be aware of. Discourage your team from accessing public Wi-Fi and test them regularly on their security awareness.
3. Make sure that data on employee devices is encrypted, and that you have a lockout policy in place if a login is entered incorrectly after a few attempts. This will block brute force attacks, where lots of possible passwords are repeatedly entered until the right one is found.

Read More

The Colonial Pipeline is a the largest pipeline system in the United States, supplying nearly half of the Eastern U.S. with fuel.

On April 29th, a group of hackers known as DarkSide, accessed the Colonial Pipeline network using a single compromised password and downloaded critical business information.

Then on May 7th, employees received a ransom note demanding payment in the form of cryptocurrency and caused the pipeline to be shut down for the first time in 57 years.

Because of this shutdown, and the effects it had on the country, Colonial Pipeline was forced to pay the $4.4 million ransom.

This attack shows us the how important it is to have and follow proper IT security protocols.

There is a growing enemy that plans these attacks and is getting stronger every day; organized cyber criminals.

No one is safe from these hackers, anyone could become a victim.

Ransomware is a growing crime that has become more significant since the start of the pandemic and more teams working from home.

However, there are several ways to prevent ransomware attacks:

• Encrypt your email to prevent unwanted visibility into your sensitive data.
• Back up your data regularly and keep these backups outside of your network.
• Keep your networks up to date.
• Educate your team on which emails to click on and which emails to question.
• Implement an endpoint security platform

By taking these steps, you are going in the right direction to fight against ransomware. Databranch is here to help you prevent ransomware attacks from happening in your environment.

We have the tools to help you and your organization! To learn more about how we can help you, give us a call at 716-373-4467 x 15 or email [email protected]!

*Courtesy of MailProtector*

Read More

Read More

Portability and accessibility are two of the most important benefits of Hosted VoIP over traditional telephone networks.

Over the past year, many people began working from home and businesses needed to have flexibility with their phone systems.

In the future, businesses will need even more flexibility with more employees wanting to Work-From-Anywhere moving forward.

With Rock-IT VoIP, you can stay connected from anywhere!

This means you can:

• Always communicate with your clients and colleagues
• Make and receive calls from anywhere using remote call routing and simple call forwarding tools
• Make and receive calls from your desk phone, cell phone, or even your computer
• Take your business with you at the touch of a button and make sure you never miss a call
• Stay in touch with clients through our mobile app while traveling
• Work from home or abroad without your clients knowing the difference

Visit Rock-IT VoIP or give us a call at 716-373-4467 x 15 to learn more about how you can stay connected anywhere!

Read More

I was speaking with some clients a few days ago about their phone systems.

They shared with me the challenges they experienced with their current analog phone service and how inflexible it was for mobile and remote workers.

It was the perfect opportunity to introduce them to Rock-IT VoIP, our new Hosted VoIP Solution, and review the benefits of switching to a Hosted VoIP platform.

Rock-IT VoIP offers a variety of features which are included at no extra cost!

Some of my favorite features include:

• Auto Attendant: Digital receptionist that allows you to direct calls automatically
• Call Reporting: Filter by number, direction of call, and disposition
• Call Parking: Place calls on hold and pick them up from any device
• Web Portal: Manage users and call routing from anywhere (which can be accessed right through Rock-IT VoIP!)
• Call Recording: Set call recording by default or on demand
• Hunt Groups: Set calls to ring any number of people, any way you want
• Attendant Console: Route calls and check user availability from anywhere
• Voicemail to Email: Receive voicemail attachments automatically to your email

Hosted VoIP also offers flexibility and scalability to accommodate for fluctuations and growth in your business, and we can service locations nationwide!

Leverage the power of Hosted VoIP to increase productivity, improve business continuity, and always stay connected! Check out Rock-IT VoIP to learn more about our Hosted VoIP Solution Features or give me a call at 716-373-4467 to review the the right-fit VoIP Solution for your organization.

-David Prince, President

Read More

By the end of this year, 3 billion users are expected to be using a VoIP system.

You may be asking why would Hosted VoIP be better for my business?

Hosted VoIP can provide your business with cost-effective communication solutions, simplified management for better calling experiences, and both mobility and portability for better business continuity.

• User Friendliness
• Cost Effectiveness
• Voicemail Transcription
• Customizable Auto Attendants
• Web Portal
• Access from Anywhere
• Mobile Device Compatibility
• Call Recording

And with Rock-IT VoIP, we also port your numbers so they stay the same and handle any upgrades, maintenance, and programming!

Visit Rock-IT VoIP or give us a call at 716-373-4467 x 15 to learn more about our Hosted VoIP Solution!

Read More

The Department of Defense has been working to improve cybersecurity over the last several years. 

News of nation-state sponsored theft of defense secrets makes the news on a regular basis.

The biggest source of leaks of leaks of sensitive intellectual property: the hundreds of thousands of contractors that have access to sensitive but unclassified information called Controlled Unclassified Information or CUI.

In 2013, the DoD created a security requirement in the Federal Acquisition Regulations called DFARS 252.204-7012. A few years later, NIST released a security requirement named SP 800-171.

While both of these began to improve security for the defense industrial base, they did not solve the problem. Compliance with the DFARS is mandatory, as is compliance with NIST, but in most cases compliance with these regulations is based on the honor system – this has not worked.

The solution: Cybersecurity Maturity Model Certification (CMMC).

The release of the CMMC in 2019 is the first time the DoD has required contractors, sub contractors, and suppliers to be certified to participate in the DoD supply chain.

So what do you need to know?

• The DoD is now requiring that all contractors and subcontractors “self-certify” they are compliant with NIST SP 800-171 by November 30, 2020. This self-certification will include posting audit scores and expected date of compliance to the SPRS portal.
• The government is now requesting that all DoD contractors and sub-contractors be in compliance with CMMC by 2025.
• Companies need to look at their existing maturity with DFARS 800-171 and understand what CMMC Level (1, 2, 3, 4, or 5) they need to be in compliance with moving forward.
  • The DoD entity will dictate what Level of Compliance the contractor or sub-contractor must be at.

Databranch and Cyberstone are here to help! Cyberstone received Registered Provider Organization status from the Cybersecurity Maturity Model Certification Accreditation Body (CMMC-AB) and are well positioned to provide advice and consulting services to organizations seeking CMMC certification.

The steps are easy: Contract with Databranch and Cyberstone Security and complete a maturity assessment engagement.

Understand the gaps in your maturity level and develop a roadmap for compliance: technology changes may require budget cycles to resolve.

Don’t wait! The DoD wants to see policy and practice within your organization for an 8-12 month period BEFORE they audit and issue a certificate of compliance.

Once deemed compliant, the compliancy level is good for a 3-year period.

To learn more about how Databranch and Cyberstone can help your organization prepare for the CMMC, give us a call at 716-373-4467 x 15!

*Courtesy of Cyberstone*

Read More

Voice over Internet Protocol, in basic terms, is having your phone service over the internet.

VoIP is the next generation of phone systems and Databranch is excited to announce that we have launched a new website for our own Hosted VoIP Platform, Rock-IT VoIP!

Rock-IT VoIP offers a variety of plans, downloadable datasheets, and answers to many VoIP questions!

VoIP has been steadily replacing traditional communications since 2004.

Landlines have higher setup and maintenance fees; VoIP systems average 60% savings over landline.

Because making calls over the internet is often less expensive and users can enjoy many enterprise level features through VoIP, analog lines are being replaced by hosted solutions across many business settings.

By the end of 2021, it is predicted that there will be 3 billion VoIP Users!

Check out Rock-IT VoIP today or give us a call today to discuss our new Hosted VoIP Solution!

Read More

Here’s one thing the cybersecurity world can agree on: there is no single product available today that will solve all of your cybersecurity problems. In today’s world, it takes many technologies and processes to provide comprehensive risk and security management. Instead, SMBs should continually be checking their systems for vulnerabilities, learning about new threats, thinking like attackers, and adjusting their defenses as needed.

Must-Have Solutions for Cyber Protection: Layered Security

Antivirus Software

Cybersecurity technology starts with antivirus software. Antivirus, as its name implies, is designed to detect, block, and remove viruses and malware. Modern antivirus software can protect against ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, adware, and spyware. Some products are designed to detect other threats, such as malicious URLs, phishing attacks, social engineering techniques, identity theft, and distributed denial-of-service (DDoS) attacks.

Firewalls

A network firewall is also essential. Firewalls are designed to monitor incoming and outgoing network traffic based on a set of configurable rules – separating your secure internal network from the internet, which is not considered secure. Firewalls are typically deployed as an appliance on your network and in many cases offer additional functionality, such as a virtual private network (VPN) for remote workers.

Patch Management

Patch management is an important consideration as well. Cyber Criminals design their attacks around vulnerabilities in popular software products such as Microsoft Office or Adobe Flash Player. As vulnerabilities are exploited, software vendors issue updates to address them. As such, using outdated versions of software products can expose your business to security risks. There are a variety of solutions available that can automate patch management. 

Password Management

Recent studies have reported that weak passwords are at the heart of the rise in cyber theft, causing 76% of data breaches. To mitigate this risk, businesses should adopt password management solutions for all employees. Many people have a document that contains all of their password information in one easily accessible file – this is unsafe and unnecessary. There are many password management apps available today, like LastPass. These tools allow users to keep track of all their passwords. Encryption is also an important consideration. Encrypting hard drives ensures that data will be completely inaccessible, for example if a laptop is stolen.

These measures protect against a wide array of cyber attacks. However, because threats like ransomware are always evolving, security solutions are just on part of an effective defense strategy. You also need solutions in place that enable you to return to operations quickly if you do suffer a cyber attack. Data protection technologies are an essential second layer of defense against cyber crime.

The #1 Solution for Cybersecurity Protection: Backup and Recovery

Taking frequent backups of all data considered critical to your business is critical. The exact frequency of backups will vary based on your business’ specific needs. Traditionally, most businesses took a daily backup, and for some businesses this may still be suitable. However, today’s backup products are designed to make incremental copies of data throughout the day to minimize data loss. When it comes to protecting against cyber attacks, solutions that back up regularly allow you to restore data to a point in time before the breach occurred without losing all of the data created since the previous night’s backup.

Some data protection products can tale image-based backups that are stored in a virtual machine format – essentially a snapshot of the data, applications, and operating system. This allows users to run applications from the backup copy. This functionality is typically referred to as instant recovery or recovery-in-place.

Databranch offers a variety of solutions to help prevent attacks from happening, as well as backing up your data. To learn more about how Databranch can help you stay secure, give us a call at 716-373-4467 x 15 or email [email protected]

–Blog Provided Courtesy of Datto

Read More

1. Phishing

Phishing scams are the leading tactic leveraged by today’s ransomware hackers, typically delivered in the form of an email, chat, web ad, or website designed to impersonate a real system and organization. Often crafted to deliver a sense of urgency and importance, the message within these emails often appears to be from the government or a major corporation and can include logos and branding.

2. Baiting

Baiting is similar to phishing and involves offering something enticing to an end user in exchange for private data. The “bait” comes in many forms, both digital, such as a music or movie download, and physical, such as a branded flash drive labeled “Executive Salary Summary Q3 2016” that is left out on a desk for an end user to find. Once the bait is taken, malicious software is delivered directly into the victim’s computer.

3. Quid Pro Quo

Quid Pro Quo is similar to baiting and involves a request for the exchange of private data, but for a service. For example, an employee may receive a phone call from the hacker posed as a technology expert offering free IT assistance  in exchange for login credentials.

4. Pretexting

Pretexting is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker or a figure of authority within the company in order to gain access to private data. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data in order to comply with a corporate audit (that isn’t real).

5. Tailgating

Tailgating is when an unauthorized person physically follows an employee into a restricted corporate area or system. The most common example of this is when a hacker calls out to an employee to hold a door open for them as they’ve forgotten their RFID card. Another example of tailgating is when a hacker asks an employee to “borrow” a private laptop for a few minutes, during which the criminal is able to quickly steal data or install malicious software.

The Takeaway

Employee awareness of social engineering is essential for ensuring corporate cybersecurity. If end users know the main characteristics of these attacks, it’s much more likely they can avoid falling for them. As many of us are visual learners, make sure to provide them with actual examples of these scams.

–Blog Provided Courtesy of Datto

Read More