What is Cyber Resilience?

The most common definition of cyber resilience is the ability of an enterprise to limit the impact of security incidents. It’s a broad approach that encompasses cybersecurity and business continuity  management, which aims to defend against cyber attacks and ensure that the business is able to survive.

Cyber resilience includes two primary components. Step 1 includes prevention measures, such as the ability to continuously discover and monitor all points in your attack surface and analyze this information to predict likely breach scenarios. Step 2 is to develop a plan to take appropriate action if and when an attack occurs. 

Unfortunately, most businesses fail to develop a plan.

Step 1: Assess the Risks

Before you implement an incident response plan, you’ll first need to assess the risks to which your company is exposed. Risks may include:

• Strategic – the failure to implement business decisions that align with the organization’s strategic goals;
• Reputational – negative public opinion;
• Operational – loss resulting from failed internal processes, people, system, etc.;
• Transactional – problems with service or product delivery; and
• Compliance – violations of laws, rules, or regulations.

To conduct a risk assessment, you’ll need to:

1. Characterize Your Business – Some questions to ask are: What kind of data do you use? Who uses it? What is the data flow? Where does the information go?
2. Identify Threats  – Common threat types include unauthorized access, misuse of information, data leakage or unintentional exposure of information, loss of data, or disruption of service or productivity.
3. Determine Inherent Risk and Impact – What would be the impact on your organization if the threat were exercised? Would the impact be high, medium, or low?
4. Analyze the Control Environment – You typically need to look at several categories of information to adequately assess your business’s vulnerabilities. Are your controls satisfactory or do they need improvement? A few examples of controls you might want to look at include:
   • Organizational Risk Management Controls
   • User Provisioning Controls
   • Administration Controls
   • User Authentication Controls
   • Infrastructure Data Protection Controls
   • Data Center Physical and Environmental Security Controls
   • Continuity of Operations Controls
5. Determine Your Organizational Risk – To do this, you’ll need to consider how high the threats are and how vulnerable the controls are. From there, you can decide if the risk is severe, elevated, or low.

Regular risk assessments are a fundamental part of your business and they should be reviewed regularly. Once you’ve completed your first risk assessment, you can implement an incident response plan. 

Step 2: Develop the Incident Response Plan

An incident response plan will identify the actions that should be taken when a data incident occurs. The aim of it is to identify the attack, contain the damage, and eradicate the root cause. When your organization responds to an incident quickly, it can reduce losses, restore processes and services, and mitigate exploited vulnerabilities. 

The SANS Institute’s Incident Handlers Handbook defines a six-step incident response plan:

1. Preparation: This step involves creating an incident response team and outlining their roles and responsibilities. You’ll need to develop policies to implement in the event of a cyber attack, as well as a communication plan.
2. Identification: Decide what criteria calls the team into action, such as a phishing attack. Start to assess the incident and gather evidence. 
3. Containment: Once your team isolates a security incident, the aim is to mitigate the damage. This includes an instant response, such as taking down production servers, a system backup, and long term containment, such as installing security patches on affected systems. 
4. Eradication: Contain the threat and restore systems to their initial state. This step also includes seeing if the attacker reacted to your actions and anticipating a different type of attack.
5. Recovery: Ensure that affected systems are not in danger and can be restored to working condition. Monitor the network system to ensure that another incident doesn’t occur.
6. Lessons Learned: Review the steps you took and see if there are areas for improvement. This report can be used as a benchmark for comparison or as training information for new incident response team members.

Following these steps can prepare your organization for a security incident and ensure that you’re taking appropriate measures.

–Blog Provided Courtesy of Datto

Read More

Olean, NY.  – (November 12, 2020). Databranch located in Olean, NY has joined with Repeat Business Systems, Inc. (RBS) as a new division bringing their 35 years of experience in the IT industry to RBS via the company’s lucky 13^th acquisition.

Databranch has been serving local, regional, national, and international businesses in Western/Central New York and Northwestern Pennsylvania since 1985. Their mission is to help clients implement technology solutions in order to reduce risk, protect their critical business data, increase productivity, and enhance customer service across four key areas: managed services, networking, security, and business continuity. Organizations who work with Databranch can rely on them to always provide professional technology services, executed with a personal touch and Databranch attributes their success to a unique blend of organizational capacity, expert project management, corporate values, and technical expertise.

RBS owned and founded by Dawn and John Abbuhl in 1987 has been offering office technology solutions including copiers, printers, scanners, document imaging software and Network and IT services with a focus on IT Security.  RBS has leading software engineers, expert consultants and the highest level of service in the region. With companies putting more emphasis on workflow and efficient production, Repeat Business System Inc. offers cutting edge solutions often saving customers thousands of dollars.  Repeat Business Systems, Inc. was named one of the Top Workplaces in the Capital Region nine straight years, is a New York Certified Women Owned Business Enterprise, and has numerous local and national awards for excellence.

“We are really excited about joining the great team at Repeat Business Systems.  Databranch will continue to provide the same high level of service and support, and we will now have expanded resources and products that we can offer to our clients as well!” said David Prince, President of Databranch.

“Acquisition discussions began before the pandemic. We continued to move forward as IT performance and security are even more important than ever, especially protecting those organizations where staff are working from home,” said Dawn Abbuhl, president of Repeat Business Systems. “We are very excited to add Databranch and their years of experience in the IT industry as a new member of the RBS family. The Databranch division will allow us to further expand our geographic market and add technical abilities while giving us the opportunity to leverage additional innovative technology solutions and success as a managed services provider. Both of our companies share similar values as family-owned businesses and through this change, we will both be able to serve our clients at an even higher level moving forward.”

You can contact Databranch at 716-373-4467, [email protected], or visit their website at www.databranch.com for additional information.

Read More

Doug Wilson

Education: Associates Degree in IT.

Professional Certifications: Working on it! Currently pursuing my CompTIA A+ certification.

How did you get into the technology field? I’m a late bloomer, but I got envious seeing all the fun my good friend and associate Mike Wilson was having in the technology field.

When did you join the Databranch team? July 2020

What do you like best about Databranch? I’ve never had the pleasure of working in such a tight-knit team environment with so many bright people.

How would you describe your role at Databranch? Just below Sophie on the food chain (and deservedly so!). On a serious note, I get to work with our clients to help resolve technology challenges and implement new solutions for their organizations.

What’s an interesting way that you use technology in your personal life?  I programmed my Super Nintendo to cook me breakfast in the morning.  Still awaiting the patent before I go worldwide.

How many computers do you own? Just one, luckily though, where I work there’s a whole bunch!

Hobbies: I basically live my life in a perpetual nostalgia machine, so everything that I liked when I was 13?  Good chance I still dig it.  

Kids:  Just one so far: Preston Bradford Wilson (sounds important right?).

Pets:  Also just one, a Yorkie named Leo (if you live local, you may have heard his shrill barking at some point…).

Read More

Joel Common

Education: Alfred State College

Professional Certifications: HP Self Maintainer. I am also currently pursuing my CompTIA A+ and Network+.

How did you get into the technology field? It all started when I was the kid who helped everyone with their computer problems.

When did you join the Databranch team? June 2020

What do you like best about Databranch? I like that it is a local business with a small team size. I also really like that they invest in their employee’s success through training and industry certifications.

How would you describe your role at Databranch? New and Exciting!

What’s an interesting way that you use technology in your personal life? I have a “smart” home setup that allows me to control many devices in my house and setup automation and routines. One example: When it’s past sundown and I arrive home after being “away,” it can turn on the outside porch light automatically!

How many computers do you own? At least 8 or 9…. My primary desktop is a self-built computer with an Intel i7-8700, 64GB of RAM, a GTX 1050 Ti graphics card, and 2x 512GB NVME storage drives 

Hobbies: Building computers, hiking, flight lessons to get my private pilots license, and gaming.

Pets: I have 2 cats: Malkin – 8 years old, and Del – 4 years old

Read More

Please join us in extending best wishes to Awilda Rivera, Office Manager, who will be retiring on June 26th after thirty years with Databranch. Awilda’s joy, work ethic, and compassionate heart for everyone she works with will be greatly missed by all of us at Databranch but we are excited for what she has planned next and know she will continue to share her talents with our community as she enters into the next phase of her life.

Databranch President, David Prince, had the following to share about Awilda, “She has been the glue, the calm and consistent presence throughout all changes and challenges we have faced and overcome. Her integrity, work ethic, compassion and positivity are second to none. Often I have posed a dilemma to her and she has always provided a great sounding board and insightful counsel when asked. There are few times in life where you can say that you have spent literally tens of thousands of hours working with a person and she will be greatly missed.”

Jennifer Wetzler will be transitioning into her role starting on June 29th and while we know Awilda is irreplaceable, we are confident she has trained Jennifer well to step into her shoes and continuing serving our clients in the same dedicated manner. Awilda can be reached directly at [email protected] or 716-373-4467 x 17, if you would like to reach out with any well-wishes this week!

Read More