Here’s one thing the cybersecurity world can agree on: there is no single product available today that will solve all of your cybersecurity problems. In today’s world, it takes many technologies and processes to provide comprehensive risk and security management. Instead, SMBs should continually be checking their systems for vulnerabilities, learning about new threats, thinking like attackers, and adjusting their defenses as needed.

Must-Have Solutions for Cyber Protection: Layered Security

Antivirus Software

Cybersecurity technology starts with antivirus software. Antivirus, as its name implies, is designed to detect, block, and remove viruses and malware. Modern antivirus software can protect against ransomware, keyloggers, backdoors, rootkits, trojan horses, worms, adware, and spyware. Some products are designed to detect other threats, such as malicious URLs, phishing attacks, social engineering techniques, identity theft, and distributed denial-of-service (DDoS) attacks.

Firewalls

A network firewall is also essential. Firewalls are designed to monitor incoming and outgoing network traffic based on a set of configurable rules – separating your secure internal network from the internet, which is not considered secure. Firewalls are typically deployed as an appliance on your network and in many cases offer additional functionality, such as a virtual private network (VPN) for remote workers.

Patch Management

Patch management is an important consideration as well. Cyber Criminals design their attacks around vulnerabilities in popular software products such as Microsoft Office or Adobe Flash Player. As vulnerabilities are exploited, software vendors issue updates to address them. As such, using outdated versions of software products can expose your business to security risks. There are a variety of solutions available that can automate patch management. 

Password Management

Recent studies have reported that weak passwords are at the heart of the rise in cyber theft, causing 76% of data breaches. To mitigate this risk, businesses should adopt password management solutions for all employees. Many people have a document that contains all of their password information in one easily accessible file – this is unsafe and unnecessary. There are many password management apps available today, like LastPass. These tools allow users to keep track of all their passwords. Encryption is also an important consideration. Encrypting hard drives ensures that data will be completely inaccessible, for example if a laptop is stolen.

These measures protect against a wide array of cyber attacks. However, because threats like ransomware are always evolving, security solutions are just on part of an effective defense strategy. You also need solutions in place that enable you to return to operations quickly if you do suffer a cyber attack. Data protection technologies are an essential second layer of defense against cyber crime.

The #1 Solution for Cybersecurity Protection: Backup and Recovery

Taking frequent backups of all data considered critical to your business is critical. The exact frequency of backups will vary based on your business’ specific needs. Traditionally, most businesses took a daily backup, and for some businesses this may still be suitable. However, today’s backup products are designed to make incremental copies of data throughout the day to minimize data loss. When it comes to protecting against cyber attacks, solutions that back up regularly allow you to restore data to a point in time before the breach occurred without losing all of the data created since the previous night’s backup.

Some data protection products can tale image-based backups that are stored in a virtual machine format – essentially a snapshot of the data, applications, and operating system. This allows users to run applications from the backup copy. This functionality is typically referred to as instant recovery or recovery-in-place.

Databranch offers a variety of solutions to help prevent attacks from happening, as well as backing up your data. To learn more about how Databranch can help you stay secure, give us a call at 716-373-4467 x 15 or email [email protected]

–Blog Provided Courtesy of Datto

Read More

1. Phishing

Phishing scams are the leading tactic leveraged by today’s ransomware hackers, typically delivered in the form of an email, chat, web ad, or website designed to impersonate a real system and organization. Often crafted to deliver a sense of urgency and importance, the message within these emails often appears to be from the government or a major corporation and can include logos and branding.

2. Baiting

Baiting is similar to phishing and involves offering something enticing to an end user in exchange for private data. The “bait” comes in many forms, both digital, such as a music or movie download, and physical, such as a branded flash drive labeled “Executive Salary Summary Q3 2016” that is left out on a desk for an end user to find. Once the bait is taken, malicious software is delivered directly into the victim’s computer.

3. Quid Pro Quo

Quid Pro Quo is similar to baiting and involves a request for the exchange of private data, but for a service. For example, an employee may receive a phone call from the hacker posed as a technology expert offering free IT assistance  in exchange for login credentials.

4. Pretexting

Pretexting is when a hacker creates a false sense of trust between themselves and the end user by impersonating a co-worker or a figure of authority within the company in order to gain access to private data. For example, a hacker may send an email or a chat message posing as the head of IT Support who needs private data in order to comply with a corporate audit (that isn’t real).

5. Tailgating

Tailgating is when an unauthorized person physically follows an employee into a restricted corporate area or system. The most common example of this is when a hacker calls out to an employee to hold a door open for them as they’ve forgotten their RFID card. Another example of tailgating is when a hacker asks an employee to “borrow” a private laptop for a few minutes, during which the criminal is able to quickly steal data or install malicious software.

The Takeaway

Employee awareness of social engineering is essential for ensuring corporate cybersecurity. If end users know the main characteristics of these attacks, it’s much more likely they can avoid falling for them. As many of us are visual learners, make sure to provide them with actual examples of these scams.

–Blog Provided Courtesy of Datto

Read More

What is Cyber Resilience?

The most common definition of cyber resilience is the ability of an enterprise to limit the impact of security incidents. It’s a broad approach that encompasses cybersecurity and business continuity  management, which aims to defend against cyber attacks and ensure that the business is able to survive.

Cyber resilience includes two primary components. Step 1 includes prevention measures, such as the ability to continuously discover and monitor all points in your attack surface and analyze this information to predict likely breach scenarios. Step 2 is to develop a plan to take appropriate action if and when an attack occurs. 

Unfortunately, most businesses fail to develop a plan.

Step 1: Assess the Risks

Before you implement an incident response plan, you’ll first need to assess the risks to which your company is exposed. Risks may include:

• Strategic – the failure to implement business decisions that align with the organization’s strategic goals;
• Reputational – negative public opinion;
• Operational – loss resulting from failed internal processes, people, system, etc.;
• Transactional – problems with service or product delivery; and
• Compliance – violations of laws, rules, or regulations.

To conduct a risk assessment, you’ll need to:

1. Characterize Your Business – Some questions to ask are: What kind of data do you use? Who uses it? What is the data flow? Where does the information go?
2. Identify Threats  – Common threat types include unauthorized access, misuse of information, data leakage or unintentional exposure of information, loss of data, or disruption of service or productivity.
3. Determine Inherent Risk and Impact – What would be the impact on your organization if the threat were exercised? Would the impact be high, medium, or low?
4. Analyze the Control Environment – You typically need to look at several categories of information to adequately assess your business’s vulnerabilities. Are your controls satisfactory or do they need improvement? A few examples of controls you might want to look at include:
   • Organizational Risk Management Controls
   • User Provisioning Controls
   • Administration Controls
   • User Authentication Controls
   • Infrastructure Data Protection Controls
   • Data Center Physical and Environmental Security Controls
   • Continuity of Operations Controls
5. Determine Your Organizational Risk – To do this, you’ll need to consider how high the threats are and how vulnerable the controls are. From there, you can decide if the risk is severe, elevated, or low.

Regular risk assessments are a fundamental part of your business and they should be reviewed regularly. Once you’ve completed your first risk assessment, you can implement an incident response plan. 

Step 2: Develop the Incident Response Plan

An incident response plan will identify the actions that should be taken when a data incident occurs. The aim of it is to identify the attack, contain the damage, and eradicate the root cause. When your organization responds to an incident quickly, it can reduce losses, restore processes and services, and mitigate exploited vulnerabilities. 

The SANS Institute’s Incident Handlers Handbook defines a six-step incident response plan:

1. Preparation: This step involves creating an incident response team and outlining their roles and responsibilities. You’ll need to develop policies to implement in the event of a cyber attack, as well as a communication plan.
2. Identification: Decide what criteria calls the team into action, such as a phishing attack. Start to assess the incident and gather evidence. 
3. Containment: Once your team isolates a security incident, the aim is to mitigate the damage. This includes an instant response, such as taking down production servers, a system backup, and long term containment, such as installing security patches on affected systems. 
4. Eradication: Contain the threat and restore systems to their initial state. This step also includes seeing if the attacker reacted to your actions and anticipating a different type of attack.
5. Recovery: Ensure that affected systems are not in danger and can be restored to working condition. Monitor the network system to ensure that another incident doesn’t occur.
6. Lessons Learned: Review the steps you took and see if there are areas for improvement. This report can be used as a benchmark for comparison or as training information for new incident response team members.

Following these steps can prepare your organization for a security incident and ensure that you’re taking appropriate measures.

–Blog Provided Courtesy of Datto

Read More

Olean, NY.  – (November 12, 2020). Databranch located in Olean, NY has joined with Repeat Business Systems, Inc. (RBS) as a new division bringing their 35 years of experience in the IT industry to RBS via the company’s lucky 13^th acquisition.

Databranch has been serving local, regional, national, and international businesses in Western/Central New York and Northwestern Pennsylvania since 1985. Their mission is to help clients implement technology solutions in order to reduce risk, protect their critical business data, increase productivity, and enhance customer service across four key areas: managed services, networking, security, and business continuity. Organizations who work with Databranch can rely on them to always provide professional technology services, executed with a personal touch and Databranch attributes their success to a unique blend of organizational capacity, expert project management, corporate values, and technical expertise.

RBS owned and founded by Dawn and John Abbuhl in 1987 has been offering office technology solutions including copiers, printers, scanners, document imaging software and Network and IT services with a focus on IT Security.  RBS has leading software engineers, expert consultants and the highest level of service in the region. With companies putting more emphasis on workflow and efficient production, Repeat Business System Inc. offers cutting edge solutions often saving customers thousands of dollars.  Repeat Business Systems, Inc. was named one of the Top Workplaces in the Capital Region nine straight years, is a New York Certified Women Owned Business Enterprise, and has numerous local and national awards for excellence.

“We are really excited about joining the great team at Repeat Business Systems.  Databranch will continue to provide the same high level of service and support, and we will now have expanded resources and products that we can offer to our clients as well!” said David Prince, President of Databranch.

“Acquisition discussions began before the pandemic. We continued to move forward as IT performance and security are even more important than ever, especially protecting those organizations where staff are working from home,” said Dawn Abbuhl, president of Repeat Business Systems. “We are very excited to add Databranch and their years of experience in the IT industry as a new member of the RBS family. The Databranch division will allow us to further expand our geographic market and add technical abilities while giving us the opportunity to leverage additional innovative technology solutions and success as a managed services provider. Both of our companies share similar values as family-owned businesses and through this change, we will both be able to serve our clients at an even higher level moving forward.”

You can contact Databranch at 716-373-4467, [email protected], or visit their website at www.databranch.com for additional information.

Read More

Doug Wilson

Education: Associates Degree in IT.

Professional Certifications: Working on it! Currently pursuing my CompTIA A+ certification.

How did you get into the technology field? I’m a late bloomer, but I got envious seeing all the fun my good friend and associate Mike Wilson was having in the technology field.

When did you join the Databranch team? July 2020

What do you like best about Databranch? I’ve never had the pleasure of working in such a tight-knit team environment with so many bright people.

How would you describe your role at Databranch? Just below Sophie on the food chain (and deservedly so!). On a serious note, I get to work with our clients to help resolve technology challenges and implement new solutions for their organizations.

What’s an interesting way that you use technology in your personal life?  I programmed my Super Nintendo to cook me breakfast in the morning.  Still awaiting the patent before I go worldwide.

How many computers do you own? Just one, luckily though, where I work there’s a whole bunch!

Hobbies: I basically live my life in a perpetual nostalgia machine, so everything that I liked when I was 13?  Good chance I still dig it.  

Kids:  Just one so far: Preston Bradford Wilson (sounds important right?).

Pets:  Also just one, a Yorkie named Leo (if you live local, you may have heard his shrill barking at some point…).

Read More

Joel Common

Education: Alfred State College

Professional Certifications: HP Self Maintainer. I am also currently pursuing my CompTIA A+ and Network+.

How did you get into the technology field? It all started when I was the kid who helped everyone with their computer problems.

When did you join the Databranch team? June 2020

What do you like best about Databranch? I like that it is a local business with a small team size. I also really like that they invest in their employee’s success through training and industry certifications.

How would you describe your role at Databranch? New and Exciting!

What’s an interesting way that you use technology in your personal life? I have a “smart” home setup that allows me to control many devices in my house and setup automation and routines. One example: When it’s past sundown and I arrive home after being “away,” it can turn on the outside porch light automatically!

How many computers do you own? At least 8 or 9…. My primary desktop is a self-built computer with an Intel i7-8700, 64GB of RAM, a GTX 1050 Ti graphics card, and 2x 512GB NVME storage drives 

Hobbies: Building computers, hiking, flight lessons to get my private pilots license, and gaming.

Pets: I have 2 cats: Malkin – 8 years old, and Del – 4 years old

Read More

Please join us in extending best wishes to Awilda Rivera, Office Manager, who will be retiring on June 26th after thirty years with Databranch. Awilda’s joy, work ethic, and compassionate heart for everyone she works with will be greatly missed by all of us at Databranch but we are excited for what she has planned next and know she will continue to share her talents with our community as she enters into the next phase of her life.

Databranch President, David Prince, had the following to share about Awilda, “She has been the glue, the calm and consistent presence throughout all changes and challenges we have faced and overcome. Her integrity, work ethic, compassion and positivity are second to none. Often I have posed a dilemma to her and she has always provided a great sounding board and insightful counsel when asked. There are few times in life where you can say that you have spent literally tens of thousands of hours working with a person and she will be greatly missed.”

Jennifer Wetzler will be transitioning into her role starting on June 29th and while we know Awilda is irreplaceable, we are confident she has trained Jennifer well to step into her shoes and continuing serving our clients in the same dedicated manner. Awilda can be reached directly at [email protected] or 716-373-4467 x 17, if you would like to reach out with any well-wishes this week!

Read More