Technology vulnerabilities are an unfortunate side effect of innovation. When software companies push new updates, there are often weaknesses in the code. Hackers exploit these weaknesses until software makers address the vulnerabilities with a security patch. The cycle continues with each new software or hardware update.

It’s estimated that about 93% of corporate networks are susceptible to hacker penetration. Assessing and managing these network weaknesses isn’t always a priority for organizations. Many suffer breaches because of poor vulnerability management.

61% of security vulnerabilities in corporate networks are over 5 years old.

Many types of attacks take advantage of unpatched vulnerabilities in software code. This includes ransomware attacks, account takeover, and other common cyberattacks.

Whenever you see the term “exploit” when reading about a data breach, that’s an exploit of a vulnerability. Hackers write malicious code to take advantage of these “loopholes.” That code can allow them to elevate privileges, run system commands or perform other dangerous network intrusions.

Putting together an effective vulnerability management process can reduce your risk. It doesn’t have to be complicated. Just follow the steps we’ve outlined below to get started.

Vulnerability Management Process

Step 1. Identify Your Assets

First, you need to identify all the devices and software that you will need to assess. You’ll want to include all devices that connect to your network, including:

• Computers
• Smartphones
• Tablets
• IoT devices
• Servers
• Cloud services

Vulnerabilities can appear in many places. Such as the code for an operating system, a cloud platform, software, or firmware.  So, you’ll want a full inventory of all systems and endpoints in your network.

This is an important first step, so you will know what you need to include in the scope of your assessment.

Step 2: Perform a Vulnerability Assessment

Next will be performing a vulnerability assessment. This is usually done by an IT professional, such as Databranch, using assessment software. This could also include penetration testing.

During the assessment, the professional scans your systems for any known vulnerabilities. The assessment tool matches found software versions against vulnerability databases.

For example, a database may note that a version of Microsoft Exchange has a vulnerability. If it detects that you have a server running that same version, it will note it as a found weakness in your security.

Learn more about the benefits of penetration testing here.

Step 3: Prioritize Vulnerabilities by Threat Level

The assessment results provide a roadmap for mitigating network vulnerabilities. There will usually be several, and not all are as severe as others. Next, you will need to rank which ones to address first.

At the top of the list should be the ones that experts consider severe. Many vulnerability assessment tools will use the Common Vulnerability Scoring System (CVSS). This categorizes vulnerabilities with a rating score from low to critical severity.

You’ll also want to rank vulnerabilities by your own business needs. If a software is only used occasionally on one device, you may consider it a lower priority to address. While a vulnerability in software used on all employee devices, you may rank as a high priority.

Step 4: Remediate Vulnerabilities

Remediate vulnerabilities according to the prioritized list. Remediation often means applying an issued update or security patch. But it may also mean upgrading hardware that may be too old for you to update.

Another form of remediation may be ringfencing. This is when you “wall off” an application or device from others in the network. A company may do this if a scan turns up a vulnerability for which a patch does not yet exist.

Increasing advanced threat protection settings in your network can also help. Once you’ve remediated the weaknesses, you should confirm the fixes.

Here at Databranch, our Managed Service plans offer proactive monitoring tools that helps us detect threats before they can impact your network. They also provide increased protection from malware, ransomware, and phishing compromises. Read more about the benefits of Managed Services here.

Step 5: Document Activities

It’s important to document the vulnerability assessment and management process. This is vital both for cybersecurity needs and compliance.

You’ll want to document when you performed the last vulnerability assessment.  Then document all the steps taken to remediate each vulnerability. Keeping these logs will be vital in the case of a future breach. They also can inform the next vulnerability assessment.

Step 6. Schedule Your Next Vulnerability Assessment Scan

Once you go through a round of vulnerability assessment and mitigation, you’re not done. Vulnerability management is an ongoing process.

In 2022, there were over 22,500 new vulnerabilities documented. Developers continue to update their software continuously. Each of those updates can introduce new vulnerabilities into your network.

It’s a best practice to have a schedule for regular vulnerability assessments. The cycle of assessment, prioritization, mitigation, and documentation should be ongoing. This fortifies your network against cyberattacks. It removes one of the main enablers of hackers. 

Get Started with a Vulnerability Assessment

Take the first step towards effective vulnerability management. We can help you fortify your network against attacks. Contact us today at 716-373-4467 x 115 or info@databranch.com to schedule a vulnerability assessment to get started. You can also fill out the form below to request your free baseline security assessment.

Article used with permission from The Technology Press.

Read More

Do you think paying monthly for IT support is unnecessary? Or does your staff just handle their own device security?

When a system goes down, then you can call someone to help… right?

Running a business without an IT support partner is like going through life with no regular doctor or auto mechanic.

Yeah, you can get by. You can get help in an emergency. But being reactive with your business operations could hurt your bottom line.

Managed IT support can lower your overall technology costs while also providing less downtime since employees aren’t interrupted all the time by computer problems. This means your team can focus on your customers instead of getting the Wi-Fi back up.

What do you get when you sign on for managed IT services?

• Ongoing management of your technology
• Fast response from someone that knows your business
• Proactive maintenance to ward off breakdowns
• Network security monitoring and attack prevention
• Tools that help you stay safe and efficient
• A full IT team vs. a single IT resource
• Databranch’s vCIO services for strategic technology planning & Technology Roadmap/Budget Creation

Here at Databranch, our Managed Network Services provides your company with the security of knowing that your network is being monitored and maintained on a 24/7 basis. 

It’s designed to keep your network functioning seamlessly by utilizing a suite of cost-effective computer managed services that proactively monitor and support your network and Technology infrastructure.

Imagine a secured network with maximized uptime, predictable expenses, and optimized business availability – leaving you and your employees free to focus on what you do best: running your business.

See how much better your business can operate when a pro is handling your tech.

Questions about costs and services? Contact Databranch today at 716-373-4467 x 115, info@databranch.com, or visit us here to schedule a chat.

Read More

The Importance of Training

We all learn differently.  While some individuals can read instructions one time and know what to do, there are others who benefit from being taught visually or by ‘doing’.  Regardless of how you learn, having a single approach for everyone isn’t ideal.

The one thing we do know about learning, or training, is that when it comes to cybersecurity, repetition is important.  That doesn’t mean taking the same course every quarter, or re-reading the manual once a year.  Smart and safe cyber practices are critical to your business’s success and human error is the number one reason that breaches occur.  You and your colleagues are your company’s greatest risk, but also your greatest asset. 

Our Approach

We offer ongoing and interactive training.  Why? Because to stay secure, you need keep up with cybercriminals and their ever-changing tactics. This isn’t a one-and-done approach. Cyber-crimes are always adapting to the way we live and work, so we need to adapt to mitigate the risks.  These nefarious characters want to catch you off guard.  Which means that as soon as a new device is released, a pop culture story becomes news, or a pandemic hits the world, they are ready to dupe you.  That might mean they’ll come after your money, your identification, or hit you with a slow burn that gets them into your business, and you don’t realize it until months later…but they are there lurking and waiting for their next score.  

Everyday Habits

Our approach mixes video training, with integrated tools that teach on the job.  This will help to address not only the variety of ways that people learn, but also the variety of ways that you can be targeted!  If you are a current client and want to ensure that you’re maximizing the tools and resources that we offer, or you’re new here and interested in learning more about how you can work with our team to protect your business, let’s talk today!

The Cybersecurity Training Courses for 2023 are available now! Contact Databranch today at 716-373-4467 x115 or info@databranch.com for more information on these courses and how you can enroll in a security awareness training program.

Read More

Bring your own device (BYOD) is a concept that took hold after the invention of the smartphone. When phones got smarter, software developers began creating apps for those phones. Over time, mobile device use has overtaken desktop use at work.

According to Microsoft, mobile devices make up about 60% of the endpoints in a company network. They also handle about 80% of the workload. But they’re often neglected when it comes to strong cybersecurity measures.

This is especially true with employee-owned mobile devices. BYOD differs from corporate-owned mobile use programs. Instead of using company tools, employees are using their personal devices for work. Many businesses find this the most economical way to keep their teams productive.

Purchasing phones and wireless plans for staff is often out of reach financially. It can also be a pain for employees to carry around two different devices, personal and work.

It’s estimated that 83% of companies have some type of BYOD policy.

You can run BYOD securely if you have some best practices in place. Too often, business owners don’t even know all the devices that are connecting to business data. Or which ones may have data stored on them.

Here are some tips to overcome the security and challenges of BYOD. These should help you enjoy a win-win situation for employees and the business.

Define Your BYOD Policy

If there are no defined rules for BYOD, then you can’t expect the process to be secure. Employees may leave business data unprotected. Or they may connect to public Wi-Fi and then enter their business email password, exposing it.

If you allow employees to access business data from personal devices, you need a policy. This policy protects the company from unnecessary risk. It can also lay out specifics that reduce potential problems. For example, detailing the compensation for employees that use personal devices for work.

Keep Your Policy “Evergreen”

As soon as a policy gets outdated, it becomes less relevant to employees. Someone may look at your BYOD policy and note that one directive is old. Because of that, they may think they should ignore the entire policy. 

Make sure that you keep your BYOD policy “evergreen.” This means updating it regularly if any changes impact those policies.

Use VoIP Apps for Business Calls

Before the pandemic, 65% of employees gave their personal phone numbers to customers. This often happens due to the need to connect with a client when away from an office phone. Clients also may save a personal number for a staff member. For example, when the employee calls the customer from their own device.

Customers having employees’ personal numbers is a problem for everyone. Employees may leave the company and no longer answer those calls. This could result in the customer may not realize why and could get aggravated.

You can avoid the issue by using a business VoIP phone system. These services have mobile apps that employees can use. VoIP mobile apps allow employees to make and receive calls through a business number.

Hosted VoIP also offers flexibility and scalability to accommodate for fluctuations and growth in your business, and we can service locations nationwide. With Rock-IT VoIP, we also port your numbers so they stay the same and handle any upgrades, maintenance, and programming!

Create Restrictions on Saved Company Data

Remote work has exasperated the security issue with BYOD. While BYOD may have meant mobile devices in the past, it now means computers too. Remote employees often will use their own PCs when working outside the office.

No matter what the type of device, you should maintain control of business data. It’s a good idea to restrict the types of data that staff can store on personal devices. You should also ensure that it’s backed up from those devices.

Require Device Updates

When employee devices are not updated or patched, they invite a data breach. Any endpoint connected to your network can enable a breach. This includes those owned by employees.

It can be tricky to ensure that a device owned by an employee is kept updated. Therefore, many businesses turn to endpoint management solutions. An endpoint device manager can push through automated updates. It also allows you to protect business data without intruding on employee privacy.

The monitoring and management capabilities of these tools improve security. This includes the ability to safelist devices. Safelisting can block devices not added to the endpoint manager.

Include BYOD in Your Offboarding Process

If an employee leaves your company, you need to clean their digital trail. Is the employee still receiving work email on their phone? Do they have access to company data through persistent logins? Are any saved company passwords on their device?

These are all questions to ask when offboarding a former staff member. You should also make sure to copy and remove any company files on their personal device. Additionally, ensure that you deauthorize their device(s) from your network.

As a managed client, Databranch will handle the offboarding process to help make the transition smooth and simple.

Let Us Help You Explore Endpoint Security Solutions

We can help you explore solutions to secure a BYOD program. We’ll look at how your company uses personal devices at your business and recommend the best tools. Contact us today at 716-373-4467 x 115 or info@databranch.com to speak with one of our experienced team members. 

Article used with permission from The Technology Press.

Read More

Annual MSP 501 Identifies Industry’s Best-in-Class Businesses

Databranch has been named as one of the world’s premier managed service providers in the prestigious 2022 Channel Futures MSP 501 rankings.

We have been selected as one of the technology industry’s top-performing providers of managed services by the editors of Channel Futures. For the past 16 years, managed service providers (MSPs) from around the globe have submitted applications to be included on this prestigious and definitive listing. The Channel Futures MSP 501 survey examines organizational performance based on annual sales, recurring revenue, profit margins, revenue mix, growth opportunities, innovation, technology solutions supported, and company and customer demographics.

MSPs that qualify for the list must pass a rigorous review conducted by the research team and editors of Channel Futures. It ranks applicants using a unique methodology that weighs financial performance according to long-term health and viability, commitment to recurring revenue and operational efficiency.

Channel Futures is pleased to name Databranch to the 2022 MSP 501

This year’s list once again attracted a record number of applicants, making it one of the most competitive in the survey’s history. Winners are being recognized on the Channel Futures website and were honored at a special ceremony at the Channel Futures MSP Summit + Channel Partners Leadership Summit, Sept. 13-16, in Orlando, Florida.

Since its inception, the MSP 501 has evolved from a competitive ranking into a vibrant group of innovators focused on high levels of customer satisfaction at small, medium and large organizations in public and private sectors. Today, many of their services and technology offerings focus on growing customer needs in the areas of cloud, security, collaboration and support of hybrid work forces.

“The 2022 Channel Futures MSP 501 winners are the highest-performing and most innovative IT providers in the industry today,” said Allison Francis, senior news editor for Channel Futures. “The 501 has truly evolved with the MSP market, as showcased by this year’s crop of winners. This is also the fifth consecutive year of application pool growth, making this year’s list one of the best on record.”

“We extend our heartfelt congratulations to the 2022 winners, and gratitude to the thousands of MSPs that have contributed to the continuing growth and success of the managed services sector,” said Kelly Danziger, general manager of Informa Tech Channels. “These providers are most certainly driving a new wave of innovation in the industry and are demonstrating a commitment to moving the MSP and entire channel forward.”

The complete 2022 MSP 501 list is available on Channel Futures’ website.

Background

The 2022 MSP 501 list is based on confidential data collected and analyzed by the Channel Futures editorial and research teams. Data was collected online from Feb. 1-April 30, 2022. The MSP 501 list recognizes top managed service providers based on metrics including recurring revenue, profit margin and other factors.

About Channel Futures

Channel Futures is a media and events platform serving companies in the information and communication technologies (ICT) channel industry with insights, industry analysis, peer engagement, business information and in-person events. We provide information, perspective, and connection for the entire channel ecosystem. This community includes technology and communications consultants, integrators, sellers, MSPs, agents, vendors and providers.

Our properties include the Channel Futures MSP 501, a list of the most influential and fastest-growing providers of managed services in the technology industry; Channel Partners events, which delivers unparalleled in-person events including Channel Partners Conference & Expo, the MSP 501 Summit and Channel Partners Europe; and Allies of the Channel Council (ACC) and DEI Community Group, our initiatives to educate, support and promote diversity, equity and inclusion (DE&I) in the ICT channel industry. Channel Futures is where the world meets the channel; we are leading Channel Partners forward. More information is available at channelfutures.com.

Channel Futures is part of Informa Tech, a market-leading B2B information provider with depth and specialization in ICT sector. Every year, we welcome 14,000+ subscribers to our research, more than 4 million unique monthly visitors to our digital communities, 18,200+ students to our training programs and 225,000 delegates to our events.

Interested in learning more about our Managed Services? Contact us today at 716-373-4467 x 115, info@databranch.com or click here to talk to one of our experience team members.

Read More