Databranch has been named as one of the world’s premier managed service providers in the prestigious 2023 Channel Futures MSP 501 rankings.

For the past 17 years, managed service providers around the globe have submitted applications for inclusion on this prestigious and definitive listing. The Channel Futures MSP 501 survey examines organizational performance based on annual sales, recurring revenue, profit margins, revenue mix, growth, innovation and supported technologies.

MSPs that qualify for the list must pass a rigorous review conducted by the research team and editors of Channel Futures. It ranks applicants using a unique methodology that weighs financial performance according to long-term health and viability, commitment to recurring revenue and operational efficiency.

Channel Futures is Pleased to Name Databranch to the 2023 MSP 501

“We are honored and delighted to be recognized as a top Managed Service Provider in the 2023 Channel Futures MSP 501 Awards!” said Mike Wilson, President of Databranch. “This accolade is a reflection of our unwavering commitment to not just serve, but truly partner with our clients to meet their unique technology needs. We believe in a collaborative approach, working side by side with our clients to deliver innovative solutions and deliver an exceptional support experience.”

This year’s list is one of the most competitive in the survey’s history. Winners will be recognized on the Channel Futures website and honored during a special ceremony at the Channel Futures Leadership Summit, Oct. 30-Nov. 2, in Miami, Florida.

Since its inception, the MSP 501 has evolved from a competitive ranking into a vibrant group of innovators focused on high levels of customer satisfaction at small, medium and large organizations in public and private sectors. Many of their services and technology offerings focus on customer needs in the areas of cloud, security, collaboration and hybrid work forces.

“The 2023 Channel Futures MSP 501 winners persevered through challenging times to become the highest-performing and most innovative IT providers in the industry today,” said Jeff O’Heir, Channel Futures senior news editor and MSP 501 project manager. “The MSP 501 ranking doesn’t award MSPs solely on their size and revenue. It acknowledges the business acumen, best practices and trusted advice they deliver to customers every day. They deserve the honor.”

“We extend our heartfelt congratulations to the 2023 winners, and gratitude to the thousands of MSPs that have contributed to the continuing growth and success of the managed services sector,” said Kelly Danziger, general manager of Informa Tech Channels. “These providers are most certainly driving a new wave of innovation in the industry and are demonstrating a commitment to moving the MSP and entire channel forward.”

The data collected by the annual NextGen 101 and MSP 501 drive Channel Futures’ market intelligence insights, creating robust data sets and data-based trend reports that support our editorial coverage, event programming, community and networking strategies and educational offerings.

Background

The 2023 MSP 501 list is based on confidential data collected and analyzed by the Channel Futures research and editorial teams. Data was collected online from February to May, 2023. The MSP 501 list recognizes top managed service providers based on metrics including recurring revenue, profit margin and other factors.

About Databranch

Databranch, Inc., is an IT consulting and outsourcing provider serving local, national and international businesses in Western New York and Northwestern Pennsylvania since 1985. We help our clients use information technology to cut costs, increase efficiencies and enhance customer service across three main areas: managed services, networking and security.

The Databranch staff is made up of highly skilled, experienced, and certified professionals. Our clients look to us to provide technology solutions that work. We offer consulting services that provide organizations with the best possible solutions for the most affordable price that are executed with a personal touch. Contact us today to see what we can do for you.

About Channel Futures

Channel Futures is a media and events destination for the information and communication technologies (ICT) channel community. We provide information, perspective and connection for the entire channel ecosystem, including solution providers (SPs), managed service providers (MSPs), managed security service providers (MSSPs), cloud service providers (CSPs), value-added resellers (VARs) and distributors, technology solutions brokerages, subagents and agents, as well as leading technology vendor partners and communication providers.

Our properties include many awards programs such as the Channel Futures MSP 501, a list of the most influential and fastest-growing providers of managed services in the technology industry; Channel Partners events, which delivers unparalleled in-person events including Channel Partners Conference & Expo, Channel Futures Leadership Summit, Women’s Leadership Summit, the MSP Summit and Channel Partners Europe; and a DEI Community Group, our initiative to educate, support and promote diversity, equity and inclusion (DE&I) in the ICT channel industry. Channel Futures is where the world meets the channel; we are leading Channel Partners forward. More information is available at channelfutures.com.

Channel Futures is part of Informa Tech, a market-leading B2B information provider with depth and specialization in ICT sector. Every year, we welcome 14,000+ subscribers to our research, more than 4 million unique monthly visitors to our digital communities, 18,200+ students to our training programs and 225,000 delegates to our events.

What’s the Value of Managed IT Services?

Here at Databranch, our Managed Network Services provides your company with the security of knowing that your network is being monitored and maintained on a 24/7 basis. 

It’s designed to keep your network functioning seamlessly by utilizing a suite of cost-effective computer managed services that proactively monitor and support your network and Technology infrastructure.

See how much better your business can operate when a professional is handling your tech.

Questions about costs and services? Contact Databranch today at 716-373-4467 x 115, [email protected], or visit us here to learn more.

Read More

What is Ransomware?

Ransomware is a type of malware that encrypts data on a computer or network into an unreadable format until a sum of money, or ransom, is paid.

How does Ransomware Work?

When run, ransomware will scan the file storage disk for files to encrypt – typically documents, spreadsheets, etc. The files are encrypted with a key that only the attackers know, thus preventing your access to the files. Then, threat actors hold you files hostage, demanding a ransom to be paid for you to get your access back.

How do Hackers Sneak into an Environment?

Hackers are stealthy and can sneak in using many different approaches. Here are a few of the most popular ways that hackers gain access:

• Phishing: This is when a threat actor tricks someone into handling over their sensitive, personal information, such as a credit card or Social Security number. The victim believe they’re handing over their information to a trustworthy resource when in reality, they’re giving their information to threat actors.
• Public-Facing Vulnerabilities: Threat actors scour the internet looking for systems with known vulnerabilities. Then, they exploit them to gain access to the environment.
• Drive-By Downloads: This is when someone navigated to a malicious webpage and unknowingly downloads malicious code to their computer – all by visiting the webpage.
• Purchased Access: There’s a marketplace for everything these days, and cyberattacks are no exception. The dark web is a treasure trove of hackers for hire and deployable ransomware for download.

Ransomware Prevention

1. Keep your computer updated and patched.
2. Verify, then trust.
3. Make sure your connection to a site is secure before submitting any personal information.
4. Stay up-to-date on the latest cybersecurity education.

Ransomware Detection

Prevention is only part of the puzzle. Some attacks are virtually impossible to prevent. It all comes down to fast detection and response times, which help you combat tomorrow’s threats that may not be detectable today.

The most efficient way to detect ransomware is to leverage the tools in your security stay. 

Secure your business with a cybersecurity platform that secure your business and detects hackers. To protect our managed clients, we deploy a suite of cybersecurity tools that are backed by a 24/7 Threat Operations Center that worked to protect your assets and evict malicious actors.

Reach out to Databranch today at 716-373-4467 x115 or [email protected] to learn more.

Read More

Cloud account takeover has become a major problem for organizations. Think about how much work your company does that requires a username and password.

Employees end up having to log into many different systems or cloud apps.

Hackers use various methods to get those login credentials. The goal is to gain access to business data as a user as well as launch sophisticated attacks, and send insider phishing emails. 

How bad has the problem of account breaches become? Between 2019 and 2021, account takeover (ATO) rose by 307%.

Doesn’t Multi-Factor Authentication Stop Credential Breaches?

Many organizations and individuals use multi-factor authentication (MFA). It’s a way to stop attackers that have gained access to their usernames and passwords. MFA is very effective at protecting cloud accounts and has been for many years.

But it’s that effectiveness that has spurred workarounds by hackers. One of these nefarious ways to get around MFA is push-bombing.

How Does Push-Bombing Work?

When a user enables MFA on an account, they typically receive a code or authorization prompt of some type. The user enters their login credentials. Then the system sends an authorization request to the user to complete their login.

The MFA code or approval request will usually come through some type of “push” message. Users can receive it in a few ways:

• SMS/text
• A device popup
• An app notification

Receiving that notification is a normal part of the multi-factor authentication login. It’s something the user would be familiar with.

With push-bombing, hackers start with the user’s credentials. They may get them through phishing or from a large data breach password dump.

They take advantage of that push notification process. Hackers attempt to log in many times. This sends the legitimate user several push notifications, one after the other.

Many people question the receipt of an unexpected code that they didn’t request. But when someone is bombarded with these, it can be easy to mistakenly click to approve access.

Push-bombing is a form of social engineering attack designed to:

• Confuse the user
• Wear the user down
• Trick the user into approving the MFA request to give the hacker access

Ways to Combat Push-Bombing at Your Organization

Educate Employees

Knowledge is power. When a user experiences a push-bombing attack it can be disruptive and confusing. If employees have education beforehand, they’ll be better prepared to defend themselves.

Let employees know what push-bombing is and how it works. Provide them with training on what to do if they receive MFA notifications they didn’t request.

You should also give your staff a way to report these attacks. This enables your IT security team to alert other users. They can then also take steps to secure everyone’s login credentials.

Need help enhancing your employee training? Contact Databranch today or visit us here to learn more about our Breach Prevention Platform and Security Awareness Training with simulated phishing tests.

Reduce Business App “Sprawl”

On average, employees use 36 different cloud-based services per day. That’s a lot of logins to keep up with. The more logins someone has to use, the greater the risk of a stolen password.

Take a look at how many applications your company uses. Look for ways to reduce app “sprawl” by consolidating. Platforms like Microsoft 365 and Google Workspace offer many tools behind one login. Streamlining your cloud environment improves security and productivity.

Adopt Phishing-Resistant MFA Solutions

You can thwart push-bombing attacks altogether by moving to a different form of MFA.

Phishing-resistant MFA uses a device passkey or physical security key for authentication. 

There is no push notification to approve with this type of authentication. This solution is more complex to set up, but it’s also more secure than text or app-based MFA.

Visit our website here to learn more about passkeys along with the other 2 main forms of MFA.

Enforce Strong Password Policies

For hackers to send several push-notifications, they need to have the user’s login.

Enforcing strong password policies reduces the chance that a password will get breached.

Standard practices for strong password policies include:

• Using at least one upper and one lower-case letter
• Using a combination of letters, numbers, and symbols
• Not using personal information to create a password
• Storing passwords securely
• Not reusing passwords across several accounts

Put in Place an Advanced Identity Management Solution

Advanced identity management solutions can also help you prevent push-bombing attacks. They will typically combine all logins through a single sign-on solution. Users, then have just one login and MFA prompt to manage, rather than several.

Additionally, businesses can use identity management solutions to install contextual login policies. These enable a higher level of security by adding access enforcement flexibility.

The system could automatically block login attempts outside a desired geographic area. It could also block logins during certain times or when other contextual factors aren’t met.

Do You Need Help Improving Your Identity & Access Security?

Multi-factor authentication alone isn’t enough. Companies need several layers of protection to reduce their risk of a cloud breach.

Are you looking for some help to reinforce your cybersecurity? To learn more about how we can help take this off your IT plate, call 716-373-4467 x 115 or email [email protected].

Article used with permission from The Technology Press.

Read More

You wouldn’t think a child’s toy could lead to a breach of your personal data. But this happens all the time. What about your trash can sitting outside? Is it a treasure trove for an identity thief trolling the neighborhood at night?

Many everyday objects can lead to identity theft. They often get overlooked because people focus on their computers and cloud accounts. It’s important to have strong passwords and use antivirus on your PC. But you also need to be wary of other ways that hackers and thieves can get to your personal data.

Here are six common things that criminals can use to steal your information.

Old Smart Phones

People replace their smartphones about every two and a half years. That’s a lot of old phones laying around containing personal data.

Just think of all the information our mobile phones hold. We have synced connections with cloud services. Phones also hold banking apps, business apps, and personal health apps. These are all nicely stored on one small device.

As chip technology has advanced, smartphones have been able to hold more “stuff.” This means documents and spreadsheets can now be easily stored on them. Along with reams of photos and videos.

A cybercriminal could easily strike data theft gold by finding an old smartphone. Make sure that your company is properly cleaning any old work phones by erasing all data. You should also dispose of them properly. You shouldn’t just throw electronics away like normal garbage.

Wireless Printers

Most printers are wireless these days, this means they are part of your home or work network. Printing from another room is convenient, but the fact that your printer connects to the internet can leave your data at risk.

Printers can store sensitive documents, such as tax paperwork or contracts. Most people don’t think about printers when putting data security protections in place. This leaves them open to a hack. When this happens, a hacker can get data from the printer and they could also leverage it to breach other devices on the same network.

Protect printers by ensuring you keep their firmware updated. Always install updates as soon as possible and you should also turn it off when you don’t need it. When it’s off it’s not accessible by a hacker. 

How does your company handle patching their devices? If you don’t know, chances are it’s performed nearly enough. All Databranch Comprehensive Care and Foundation Security clients have scheduled automatic patching and Windows updates on their devices. Visit us here to learn more about how we can help take this off your IT plate.

USB Sticks

Did you ever run across a USB stick laying around? Perhaps you thought you scored a free removable storage device. Or you are a good Samaritan and want to try to return it to the rightful owner. But first, you need to see what’s on it to find them.

You should never plug a USB device of unknown origin into your computer. This is an old trick in the hacker’s book. They plant malware on these sticks and then leave them around as bait. As soon as you plug it into your device, it can infect it.

Old Hard Drives

When you are disposing of an old computer or old removable drive, make sure it’s clean. Just deleting your files isn’t enough. Computer hard drives can have other personal data stored in system and program files.

Plus, if you’re still logged into a browser, a lot of your personal data could be at risk. Browsers store passwords, credit cards, visit history, and more.

Need help disposing of your old office devices? Reach out to Databranch today for assistance, we can help clean your computer to make it safe for disposal, donation, or reuse.

Trash Can

Identity theft criminals aren’t only online. Thieves are known to sort through trash in search of documents containing personal information. Be careful what your employees throw out in the trash.

It’s not unusual for garbage to enable identity theft. It can include voided checks, old bank statements, and insurance paperwork. Any of these items could have the information thieves need to commit fraud or pose as you.

A shredder can be your best friend in this case. Your company should shred any documents that contain personal information, for yourself and your clients. Do this before you throw them out. This extra step could save you from a costly incident.

IoT Devices

Smart lightbulb, thermostats, and security cameras… all toys that hackers love. Even Mattel’s Hello Barbie was found to enable the theft of personal information and a hacker could also use its microphone to spy on families.

These futuristic gadgets make life easier and can be found in many offices. Owners might think they’re cool, but they might also forget to consider their data security. After all, it’s just a smart printer. But that often means they can be easier to hack, so cybercriminals will zero in on these IoT devices knowing they aren’t going to be as hard to breach.

You should be wary of any new internet-connected devices you bring into your office. Install all firmware updates and do your homework to see if a data breach has involved the toy. 

Schedule an IT Security Audit

Don’t let the thought of identity theft keep you up at night. Contact us today at 716-373-4467 x115 or [email protected] to schedule a chat about IT security audit. Databranch also offers Dark Web Monitoring where we scan the dark web based on your domain and find all accounts that have been involved in a breach. Request a free Dark Web scan below to get started.

Article used with permission from The Technology Press.

Read More

It’s common belief that people are the last line of defense during a cybersecurity attack. Wrong. In many instances people are in fact the first line of defense. If your employees are (1) aware and (2) properly trained, then they will be one of your single strongest assets in fighting a never-ending war against cybercrime.

Basic human behaviors such as inquisitiveness, excitement, distraction, and indecision make people extremely vulnerable to one of the most popular and effective cyber-attacks called Social Engineering. Social Engineering is a term used to describe a wide variety of techniques that are used by malicious hackers to exploit human beings and execute a successful cyber-attack. 

The most common example of a Social Engineering attack is called Phishing. This is an exercise where an email is sent with the intent of tricking the recipient and convincing them to either click on a malicious link, download a malicious attachment, or even relinquish sensitive information such as passwords, credit card numbers or bank account details.  The victim rarely knows they are being exploited until it is too late.

The results of a successful Phishing attack can be devastating. In some cases, the network is infected with malware or a virus causing loss of data and significant outages or disruptions. In other cases sensitive information or data is stolen and further exploited or resold on the dark web. There are even many documented cases of unauthorized wire transfers resulting in tremendous and unrecoverable financial losses.

So, how does an organization take a group of employees and turn them into an effective cybercrime fighting machine? I’m glad you asked. There are three simple steps that must be executed:

Step 1. Develop A Culture Of Security 

Cultures are ultimately defined and upheld from the top down. Leadership, Executive and Management teams must commit to the creation and enforcement of cybersecurity policies, procedures and processes. They must also emphatically message and communicate the importance of good cybersecurity hygiene.

Employees should understand how exactly they can be good cybersecurity stewards and more importantly why it is so critical that they are. Lastly, employees who transform into skeptical, protective and enlightened cybercrime fighting soldiers should be recognized and rewarded.

TIPS to help Develop A Culture Of Security:

• Create cybersecurity policies – these are the guidelines and rules.
• Publish cybersecurity policies – allow employees to read and digest the content.
• Assign roles and responsibilities – tell employees what they must do.
• Good governance – enforce the rules, reprimand offenders & celebrate achievers.
• Frequent Communication – talk about cybersecurity often, remind and reinforce!

Step 2.  Educate And Train

The best armies are well trained. They are not only armed, but they understand exactly how and when to use their weapon. They understand their mission, know what they are fighting for, and they have practiced and are ready for combat.

Teach your employees about common threats and dangers such as Social Engineering attacks. Show them how to use software and computers in a secure fashion. Explain correct process and procedures are. Provide them with the critical training they need to effectively fight cybercrime.

TIPS to help Educate And Train:

• Implement a security awareness training program – commit to the training.
• Be sure the content is meaningful and relevant.
• Make the training fun and engaging – tell lots of stories.
• Make the training mandatory.
• Make the training frequent – at least once a year.
• Focus on the basics – keep the content simple and easy to understand.

Contact us today to learn how we can help you start establishing cybersecurity throughout your organization.

Step 3. Test The Effectiveness

It will be difficult to know if your new cybersecurity culture is performing as you hoped unless you test the effectiveness of policies, processes, procedures and awareness training. Is the effort you’ve put into creating an army of equipped cybercrime fighting employees actually providing the protection you desire?

There are only two ways to find out. One, wait for a legit attack to occur and hope for the best – or – two, launch a simulated attack yourself. Controlled Phishing attacks, penetration tests, table top incident response exercises or even a Monday morning pop quiz can all be effective exercises to test your employees’ level of understanding and compliance.

Use the test results as an opportunity to re-engage with employees or even re-tool training efforts. Get better with practice.

TIPS to help Test The Effectiveness:

• Launch simulated Phishing attacks – see how employees actually behave.
• Spot check for policy compliance – it is after 5PM, is the Clean Desk Policy working?
• Include social attacks in the scope of penetration testing.
• Conduct table top exercises.
• Document and share results.
• Learn and get better.

Right now, your employees are probably the weakest link in your cybersecurity defense chain. Make them your strongest link. Our Breach Prevention Platform and Security Awareness Training with simulated phishing tests will give your employees the tools they need to spot a phishing attempt. Reach out today at 716-373-4467 x115 or [email protected] to speak with one of our experienced team members about getting started.

Content used with permission from Cyberstone.

Read More

Once upon a time, our most precious assets were confidently protected behind layers of security defenses. Cash was neatly stacked in a cast metal safe which was bolted to the floor of the building. Customer lists and bank records were locked in a filing cabinet and only accessible to the person who had the key. Human Resource records were protected by the shelter of the impenetrable HR office door.

Then, digital electronics revolutionized the typical business office. Instead of accessing records from a locked filing cabinet, employees now used computers to navigate a digital file system which contained an abundance of information – much of it considered to be confidential. The sensitive documents that were once tangible and secured behind a physical lock and key were now accessible in digital format and stored in the data network for end users to access.

Security controls such as passwords and file permissions were established to protect the confidential information in its new digital format. This was a time however, when computing devices were stationary and did not typically leave the confines of the physical office. Employees would report to the office for work, log onto their computer, and only then – be granted with access to confidential information. The data that companies treasured most rarely – if ever – left the building.

The same statement cannot be made today. Mobile computing devices are very popular and can be found in most corporate computing devices. Employees are no longer forced to work on a computer that is tethered to the floor beneath their office desk. Laptops and tablets have provided employees with the freedom and flexibility to work from just about anywhere. Mobile devices have also changed the corresponding security landscape too.

The Customer Lists, HR records and Bank Statements are now leaving the building.

The 2 Significant Risks Associated with Mobile Computing Devices:

People lose them and people steal them.

The most common item stolen by thieves is cash, the second is electronic devices. So, what happens when the hotel maid swipes your work laptop or tablet? Or, what if it’s accidentally left at a train station or airport?

The answer to both questions is simple: Someone now has a device that contains sensitive and confidential business information. Chances are that “Someone” is not a trusted entity at all. Many data breaches start with a stolen work device. The stolen property is then compromised, and the thief has the ability to use or sell the stolen data.

There is no doubt that mobile computing devices pose a real security challenge. We have grown accustomed to the elasticity they provide and it is unreasonable to think we will revert back to using the stationary computer we once used at our desk. Laptops and tablets are here to stay.

Human beings will continue to lose these devices and criminals will continue to steal them. Although we can fight to minimize these occurrences through effective awareness training, the reality is that we will not be able to prevent them all together. 

However, there are security controls you can put in place to help minimize your businesses risk when it comes to laptops and tablets.

Use a VPN

Free Wi-Fi may be a welcome site when you’re on the road, but it can also be dangerous. You don’t know who else is using that Wi-Fi. A hacker hanging out on the connection can easily steal your data if you’re not protected.

It’s better to use either your mobile carrier connection or a virtual private network (VPN) app. VPN plans are inexpensive and will keep your data encrypted, even if you’re on public Wi-Fi. It is highly recommended that VPNs are secured using Multi-Factor Authentication, this provides an additional layer of security against threat actors.

Visit our website here to learn more about VPNs and what factors to consider when choosing a plan.

Backup Your Data

Don’t lose all your work data with the device! Back up your devices to the cloud or local storage before you travel. This ensures that you won’t lose the valuable information on your device. 

Need help with a Data Backup and Recovery plan for your business? Contact us today or visit our website to learn more.

Restrict Privileges 

Local Admin Privileges allow employees to make adjustments to their work computers without the need for IT interference. This means that they can download programs, connect to printers, and modify software already installed on their computer.

This can be convenient, but poses a major cybersecurity risk.

If a device is stolen and the thief were to gain access to an account with local admin privileges, the damage could be endless. This is especially true for a business that is not utilizing security measures such as Multi-Factor Authentication (MFA) or Password Managers. 

Once a hacker has breached your computer they could download malware, spyware, or even ransomware. Resulting in computer files being locked, credentials being stolen, or even a virus spreading throughout your entire network.

Visit our website here to learn more about Local Admin Privileges.

Databranch Can Help

There are key digital solutions we can put in place to keep your business safer from online threats. Contact us today at at 716-373-4467 x115 or [email protected] to schedule a chat about mobile security.

Content provided curtesy of Cyberstone.

Read More

Once data began going digital, authorities realized a need to protect it. Thus, the creation of data privacy rules and regulations to address cyber threats. Many organizations have one or more data privacy policies they need to meet.

Those in the U.S. healthcare industry and their service partners need to comply with HIPAA. Anyone collecting payment card data must worry about PCI-DSS. GDPR is a wide-reaching data protection regulation that impacts anyone selling to EU citizens.

Industry and international data privacy regulations are just the tip of the iceberg. Many state and local jurisdictions also have their own data privacy laws. Organizations must be aware of these compliance requirements along with any updates to these rules.

By the end of 2024, about 75% of the population will have its data protected by one or more privacy regulations.

Authorities enact new data privacy regulations all the time. For example, in 2023, four states will have new rules. Colorado, Utah, Connecticut, and Virginia will begin enforcing new data privacy statutes.

Businesses must stay on top of their data privacy compliance requirements. Otherwise, they can suffer. Many standards carry stiff penalties for a data breach and if security was lacking, fines can be even higher.

The Health Insurance Portability and Accountability Act (HIPAA) uses a sliding scale. Violators can be fined between $100 to $50,000 per breached record. The more negligent the company is, the higher the fine.

Don’t worry, we have some tips below for you. These can help you keep up with data privacy updates coming your way.

Steps for Staying On Top of Data Privacy Compliance

1. Identify the Regulations You Need to Follow

Does your organization have a list of the different data privacy rules it falls under? There could be regulations for:

• Industry
• Where you sell (e.g., if you sell to the EU)
• Statewide
• City or county
• Federal (e.g., for government contractors)

Identify all the various data privacy regulations that you may be subject to. This helps ensure you’re not caught off guard by one you didn’t know about.

2. Stay Aware of Data Privacy Regulation Updates

Don’t get blindsided by a data privacy rule change. You can stay on top of any changes by signing up for updates on the appropriate website. Look for the official website for the compliance authority.

For example, if you are in the healthcare field you can sign up for HIPAA updates at HIPAA.gov. You should do this for each of the regulations your business falls under.

You should also have these updates sent to more than one person. Typically, your Security Officer or equal, and another responsible party. This ensures they don’t get missed if someone is on vacation.

3. Do an Annual Review of Your Data Security Standards

Companies are always evolving their technology. This doesn’t always mean a big enterprise transition. Sometimes you may add a new server or a new computer to the mix.

Any changes to your IT environment can mean falling out of compliance. A new employee mobile device added, but not properly protected is a problem. One new cloud tool an employee decides to use can also cause a compliance issue.

It’s important to do at least an annual review of your data security. Match that with your data privacy compliance requirements to make sure you’re still good.

4. Audit Your Security Policies and Procedures

Something else you should audit at least annually is your policies and procedures. These written documents that tell employees what’s expected from them. They also give direction when it comes to data privacy and how to handle a breach.

Audit your security policies annually. Additionally, audit them whenever there is a data privacy regulation update. You want to ensure that you’re encompassing any new changes to your requirements.

5. Update Your Technical, Physical & Administrative Safeguards As Needed

When you receive a notification that a data privacy update is coming, plan ahead. It’s best to comply before the rule kicks in, if possible.

Look at three areas of your IT security:

• Technical safeguards – Systems, devices, software, etc.
• Administrative safeguards – Policies, manuals, training, etc.
• Physical safeguards – Doors, keypads, building security, etc.

6. Keep Employees Trained on Compliance and Data Privacy Policies

Employees should be aware of any changes to data privacy policies that impact them. When you receive news about an upcoming update, add this to your ongoing training.

Good cybersecurity practice is to conduct ongoing cybersecurity training for staff. This keeps their anti-breach skills sharp and reminds them of what’s expected.

Include updates they need to know about so they can be properly prepared.

Remember to always log your training activities. It’s a good idea to log the date, the employees educated, and the topic. This way, you have this documentation if you do suffer a breach at some point.

Visit our website here to learn more about our Breach Prevention Platform and Security Awareness Training which includes simulated phishing tests and weekly micro-trainings!

Get Help Ensuring Your Systems Meet Compliance Needs

Setting up well-designed IT compliance may be a long process, but it can make a world of difference in terms of business security. It keeps your business reputation intact and allows you to avoid penalties and fines. 

However, you’ll need to pay special attention to several aspects and one of the most significant ones is your IT provider. 

If your IT isn’t living up to its potential, you’re bound to face compliance issues. This can cause tremendous stress and halt your operations. 

Luckily, there might be an easy way out of your predicament. Contact us today at 716-373-4467 x115 or [email protected] to schedule a quick chat with Databranch to discuss your IT problems and find out how to get more out of your provider.

Article used with permission from The Technology Press.

Read More

Buyer beware – software programs or tools that claim the ability to conduct a risk assessment by scanning your network with little to no human interaction should raise concern!

These tools will generally do a nice job discovering vulnerabilities that exist in your technology environment, but vulnerabilities are not risks by default. 

Is you business familiar with vulnerability assessments and their benefits? If not, visit our website here to learn more about the benefits and how they can enhance your cybersecurity posture.

What is Needed

Risk requires the presence of a vulnerability PLUS the action of threat actor.

To illustrate this concept using an example from the tangible world, lets visualize a car. The car is parked, and the doors are unlocked. A premature conclusion would be to state that the doors being unlocked translates to risk. If you apply critical thought however, you will discover that the unlocked doors are simply a vulnerability that could be exploited.

You would need more information to determine actual risk. Is there anything valuable in the car? What is the crime rate associated with the place the car is parked? What would the impact be if someone gained access to the car? Who would attempt to gain access to the car? Are there other compensating controls in place, like a security camera? The same logic applies to the digital world.

The presence of vulnerabilities like unpatched computers or misconfigured devices will contribute to the likelihood of a risk event occurring, but it is shortsighted to say that vulnerabilities equal risk. That statement simply is not true.

A risk assessment requires critical thought to occur beyond the discovery of vulnerabilities by software tools. It requires critical thinking and the use of logic and reason. All of which made capable by the involvement of qualified human beings during the risk assessment process.

Relying on the arbitrary risk statements and scores created by software tools that simply discover vulnerabilities in your network, can lead to a false understanding of your actual risk profile. This can then easily lead to the wasteful allocations of resources – intended to reduce risk – but end up remediating a vulnerability instead.

What Happens After the Assessment?

Typically, a vulnerability assessment can be completed in a day or two. The results of a vulnerability assessment are documented and provided to the stakeholder complete with recommendations around remediating any weaknesses found.

Security shortcomings found during a vulnerability assessment can almost always be fixed. Many times, the fixes are very easy to accomplish. Roughly 60% of all reported cybersecurity breaches occurred because the bad actors exploited common vulnerabilities and exposures (CVE).

This means that roughly 60% of all reported cybersecurity breaches could have been prevented if the victim had simply conducted a vulnerability assessment and made small improvements to their cybersecurity posture that would have eliminated a substantial amount of risk. 

Interested in setting up a vulnerability assessment? Contact Databranch today at 716-373-4467 x115, [email protected] , or fill in the form below to set up a meeting with one of our experienced team members.

Not only will we help with the assessment, but our team of highly trained engineers will help your business prioritize based on your specific business needs.

Content was provided courtesy of CyberStone.

Read More

What does “End of Support” mean? It means that after this date, these products will no longer receive non-security updates, security updates, bug fixes, or technical support. It also means that you will not be in compliance with most industry wide compliance standards and regulations.

What Should I Be Doing?

• Start planning your migration NOW.
• Determine how many instances of Server 2012(R2) are being utilized in your current network setup.
• Assess the upgrade path for applications that currently run on these operating systems.
• Allocate resources and budget for necessary hardware upgrades to transition to a newer version.

What Happens If I Don’t Upgrade?

Security & Compliance Issues

Software and OS vulnerabilities are sought out and exploited all the time. This is what hackers do for a living. The vulnerability cycle usually begins with hackers finding a software “loophole.” They then write code to exploit it that allows them some type of system access.

The software developer learns of this, usually once hackers start breaching systems. They write code to fix that vulnerability. Developers then send the fix to users via an update that they install. This protects the device from one or more hacker exploits.

When a software reaches its end of life, these fixes are no longer made. The developer has moved on to focus on its newer products. So, the vulnerability remains. It leaves a device vulnerable to hacks for days, months, or years afterward.

Approximately 61% of security vulnerabilities in corporate networks are over five years old.

Visit us here to learn more about penetration testing and how it helps identify the vulnerabilities in your business.

If you have to comply with a data privacy regulation, like HIPAA, you’ll also run into issues. Data privacy rules dictate making reasonable efforts to protect data. Using a device with a outdated software jeopardizes meeting compliance. 

Slowed Productivity

The older a system gets, the slower it will get. Staff that must work on outdated software often complain that it hurts productivity. 77% of surveyed employees were frustrated with outdated tech. Employees dealing with outmoded systems may also quit. They are 450% more likely to want to leave and work elsewhere.

An outdated operating system can hold your staff back. They will miss out on modern time-saving features and they can also run into problems with bugs that will no longer get fixed.

Incompatibility With Newer Tools

Software and hardware developers aren’t looking back. Once Windows Server 2012 reaches “End of Life”, they aren’t prioritizing its compatibility. In fact, some may not want their product to be compatible with it because of the liability.

When you run into issues because of outdated software and modern hardware, it hurts your business. You become less competitive and begin to fall behind. 

Get Help With Your Windows Upgrades

The good news is, we are still six months away from the end of support date. But it’s important to start preparing now. Databranch has successfully migrated numerous clients and our team is excited to work with you to create a migration plan for your organization! Reach out today at 716-373-4467 x115 or [email protected] to speak with one of our experienced team members.

Read More

Companies both large and small share this one cybersecurity problem. They have computers that are still running older operating systems. Staff might use these devices only occasionally or the company may be running customized software that won’t run on newer OS versions.

The problem is that when the OS becomes outdated, the system is open to cyberattacks. When Microsoft or another developer retires an OS, it means that it is no longer supported. No more feature updates and no more security patches for newly found vulnerabilities.

The latest operating system to lose all support is Windows 8.1. Microsoft released the OS in 2013, and it was officially retired on January 10, 2023. Microsoft issued the following warning for companies:

“Continuing to use Windows 8.1 after January 10, 2023 may increase an organization’s exposure to security risks or impact its ability to meet compliance obligations.”

Here are a few facts you should know about what this retirement of Windows 8.1 means.

The OS Will Still Technically Work

When an operating system reaches its end of life, it doesn’t just stop working. Thus, many companies go on using it without realizing the security risk. Technically, the OS will work as it did the day before retirement. But it’s a lot less safe due to the loss of support.

Your System Will No Longer Receive Security Patches

Software and OS vulnerabilities are sought out and exploited all the time. This is what hackers do for a living. The vulnerability cycle usually begins with hackers finding a software “loophole.” They then write code to exploit it that allows them some type of system access.

The software developer learns of this, usually once hackers start breaching systems. They write code to fix that vulnerability. Developers then send the fix to users via an update that they install. This protects the device from one or more hacker exploits.

When an OS reaches its end of life, these fixes are no longer made. The developer has moved on to focus on its newer products. So, the vulnerability remains. It leaves a device vulnerable to hacks for days, months, or years afterward.

Approximately 61% of security vulnerabilities in corporate networks are over five years old.

Visit us here to learn more about penetration testing and how it helps identify the vulnerabilities in your business.

Options for Upgrading

If you have a computer that is still running Windows 8.1, you have two options for upgrading. You can opt for Windows 10 or Windows 11. If the computer is running such an old OS, there is a chance your system may not meet the requirements for one or both. In this case, you may need to buy a new device altogether.

Microsoft states that there is no free option to upgrade from 8.1 to Windows 10 or 11. Some of the advantages you gain when upgrading include:

• Better built-in security
• Faster processing
• Capability for more modern features (like facial recognition)
• Improved accessibility features
• Updated productivity tools (like snap layouts in Windows 11)

What Happens If I Don’t Upgrade?

Security & Compliance Issues

Your data security is at risk if you stay on Windows 8.1. Without any security updates, any vulnerabilities will stay unpatched. This leaves your system highly vulnerable to a breach. One hacked system on a network can also cause the breach or malware infection to spread to newer devices.

If you have to comply with a data privacy regulation, like HIPAA, you’ll also run into issues. Data privacy rules dictate making reasonable efforts to protect data. Using a device with an outdated OS jeopardizes meeting compliance. 

Slowed Productivity

The older a system gets, the slower it will get. Staff that must work on outdated software often complain that it hurts productivity. 77% of surveyed employees were frustrated with outdated tech. Employees dealing with outmoded systems may also quit. They are 450% more likely to want to leave and work elsewhere.

An outdated operating system can hold your staff back. They miss out on modern time-saving features. They can also run into problems with bugs that will no longer get fixed.

Incompatibility With Newer Tools

Software and hardware developers aren’t looking back. Once Microsoft retires an OS, they aren’t prioritizing its compatibility. In fact, some may not want their product to be compatible with it because of the liability.

When you have issues using modern software and hardware it hurts your business. You become less competitive and begin to fall behind. Staying on an outmoded OS keeps you stuck in the past.

Get Help With Your Windows Upgrades

All Databranch Comprehensive Care and Foundation Security clients have scheduled automatic patching and Windows updates on their devices. To learn more about how we can help take this off your IT plate or help your organization upgrade to a system with a supported operating system, call 716-373-4467 x 115, email [email protected] or visit us here to learn more.

Article used with permission from The Technology Press.

Read More