I was recently asked to be part of a webinar moderated by Elliott Markowitz, The VAR Guy. Elliott wanted me to share my thoughts on the top threats facing small to mid-size businesses. My answer is not scientifically derived, but based upon what I am seeing most often in the past two years of IT and security management in my world. I am seeing the top threats from these five areas:
1. Ransomware – Organized crime groups that encrypt all your important files and hold your data hostage until you pay.
2. Internal breaches – Insiders with privileged information and access embezzling money, stealing data and/or just making everyone else in the company feel like hostages to the Information Technology
3. Spyware – Malware that records your keystrokes and screen images so that cyber criminals can steal your banking information, etc.
4. Lost or stolen hardware – Losses of laptops and PCs can lead to data breaches if Personally Identifiable Information and Protected Health Information. When that occurs you are subject to large fines and settlement costs.
5. Social engineering – Tricksters out roaming the internet will fool you into revealing vital information like passwords and banking information.
So what can you do about these threats? I compiled a short, but key list of recommendations.
- Patch your software with the latest security updates
- Make Sure your anti-virus and anti-spyware software is installed and up-to-date
- Manage your overall security policies, get help with this one, you will need it
- Maintaining strong passwords and make sure you change them every 90 days
- Spam filter and virus scan all your emails
- Encrypt your hard drives, especially if you are in healthcare
- Block certain domains, this really helps with ransomware
- Assessing vulnerabilities, do a vulnerability scan periodically
- Run intrusion protection systems, many new firewalls have this feature
- Review your Active Directory for stale accounts or people logging in who no longer work at your company
- Avoid running out-of-date software
- Train your users on which behaviors are dangerous
This is not a complete list, but assessing your vulnerability in each of these categories is relatively easy to do. Alvaka even automated the process to gather this information for seven of these 12 items. The assessment for most networks is only $500. Carefully reviewing the results of the assessment and fixing the problems is not very hard to do. Some of the activities involve periodically doing short trainings or reminding your users about which practices are good and which ones are bad when they are using IT. Shoring up your protections in these areas will do an amazing job of reducing your exposure to the most prevailing computing threats.
If you are interested in getting one of these low-cost assessments, give me a call at 949 428-5000 x213 or E-Mail Me Here
You can read Markowitz’s column Here
You can watch and hear the Webinar Here.
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.