July Tech Talk Newsletter

Databranch Monthly Tech Talk

IT Solutions for the Workplace

July | 2021

What's Inside?

01 - Monthly Update from David

02 - Testimonial of the Month

03 - How to Create Cybersecurity Superheroes

04 - The Importance of Cyber Resilency

05 - Your Pocket-Sized Security Threat

Did you know?

If there was a computer as powerful as the human brain, it would be able to do 38 thousand trillion operations per second; and hold more than 3,580 terabytes of memory.

Testimonial of the Month

"Adam was very knowledgeable in trying to find an unknown problem with my email. He took care of it quickly. Databranch considered my safety with my email and recommended an authentication solution. As always, Karyn was super helpful!"

-Sara Nuszkowski, J.D. Northrup Construction

J.D. Northrup Construction is located in Ellicottville, NY, serving Western New York and Northwest Pennsylvania.

To learn more about J.D. Northrup Construction, click here!

MONTHLY UPDATE

FROM DAVID

Every time I hear about a new breach or security vulnerability (like the recent Microsoft Print Nightmare Vulnerability), I immediately think of our clients and the other organizations in our local communities and how we can collectively elevate our security posture.

Three security conversations we continue to have revolve around:

1. Multi-factor, or two-factor, authentication.

MFA reinforces your password with an additional layer of security to validate your identity often through an authenticator app (our favorite at Databranch is DUO!). By adding this layer, you can still keep cybercriminals out even if your credentials are compromised. MFA should be turned on whenever it’s available but especially for your Microsoft 365 email and SSL VPN accounts.

2. Cyber-Security Training.

Your team and organization will benefit from knowing the warning signs and red flags of malicious activity in email or online. Regular training also encourages your team to be cyber-conscious and always on the lookout for potential threats. (Learn more about our Breach Prevention Platform in the article below!)

3. Password Managers

This tool is helpful for all team members to ensure unique, complex passwords are generated for all accounts and apps.

We would love to help your organization set up these foundational security elements and as always you can reach me at dprince@databranch.com or 716-373-4467 x 12, to learn more about how our team can help your organization stay safe!

How to Create Cybersecurity Superheroes

How do you create cybersecurity superheroes?

By offering Security Awareness Training!

Databranch offers our client's a Security Awareness Training Program called the Breach Prevention Platform.

This program helps you empower your human firewall by:

Providing ongoing training with weekly micro-trainings and monthly newsletters
Allowing you to set an example by actively participating in the program and setting expectations
Helping you encourage participation with the dynamic leaderboard and friendly competition
Showing you how to make cybersecurity a part of your company culture. Celebrate staff wins and review program progress during evaluations
Most importantly, having fun! You can create a fun screen name and get competitive!

With our Security Awareness Training Program, training is made easy through the use of the Employee Secure Score.

Gain insight into your organization's human security threats at a glance.

Factoring in metrics such as training performance, program participation, and credential exposure, the Employee Secure Score - or ESS - analyzes your staff's potential security risk to your organization.

Staff is assigned high, medium, or low-risk scores and given recommendations to reduce your organization's overall risk level.

Every Thursday of the week: All staff should watch the Micro-Training video and take the accompanying quiz. The more Micro-Training quizzes they take, the higher their ESS!

The last Thursday of the month: All staff will receive an engaging, informative security newsletter. Feel free to share with friends and family!

These emails will come from no-reply@security-reminders.com automatically!

You may have some questions or concerns about setting expectations for or motivating your employees; we are here to help!

How can you set expectations for you employees? Set compliance standards, and be an example, by going ALL IN!

Encourage all staff, including management, to participate in all training activities
Set deadlines for your team to take the training course
Make the Employee Secure Score a part of their employee evaluations

How do you motivate your employees? Celebrate a culture of cybersecurity!

Our program makes cybersecurity training FUN with a gamified leaderboard and friendly competition, so create a fun screen name and get started!
Celebrate low-risk employees and reward those with high Employee Secure Scores (ESS). Some organizations have quarterly competitions and give a gift card to the employee with the highest ESS!

Databranch is here to help prevent attacks from happening and to help keep your organization safe!

Give us a call today at 716-373-4467 or email alasky@databranch.com to learn more about Security Awareness Training!

The Importance of Cyber Resiliency

The most common definition of cyber resilience is the ability of an enterprise to limit the impact of security incidents.

It's a broad approach that encompasses cybersecurity and business continuity management, which aims to defend against cyber attacks and ensure that the business is able to survive.

Cyber resilience includes two primary components:

1. Prevention measures, such as the ability to continuously discover and monitor all points in your attack surface and analyze this information to predict likely breach scenarios.

2. Develop a plan to take appropriate action if and when an attack occurs.

Unfortunately, most businesses fail to develop a plan.

Step 1: Assess the Risks

Before you implement an incident response plan, you'll first need to assess the risks to which your company is exposed. Risks may include:

Strategic - the failure to implement business decisions that align with the organization's strategic goals;

Reputational - negative public opinion;

Operational - loss resulting from failed internal processes, people, system, etc.;

Transactional - problems with service or product delivery;

Compliance - violations of laws, rules, or regulations.

To conduct a risk assessment, you'll need to:

1. Characterize Your Business - Some questions to ask are:

What kind of data do you use?

Who uses it?

What is the data flow?

Where does the information go?

2. Identify Threats - Common threat types include unauthorized access, misuse of information, data leakage or unintentional exposure of information, loss of data, or disruption of service or productivity.

3. Determine Inherent Risk and Impact:

What would be the impact on your organization if the threat were exercised?

Would the impact be high, medium, or low?

4. Analyze the Control Environment - You typically need to look at several categories of information to adequately assess your business's vulnerabilities. Are your controls satisfactory or do they need improvement? A few examples of controls you might want to look at include:

Organizational Risk Management Controls

User Provisioning Controls

Administration Controls

User Authentication Controls

Infrastructure Data Protection Controls

Data Center Physical and Environmental Security Controls

Continuity of Operations Controls

5. Determine Your Organizational Risk - To do this, you'll need to consider how high the threats are and how vulnerable the controls are. From there, you can decide if the risk is severe, elevated, or low.

Regular risk assessments are a fundamental part of your business and they should be reviewed regularly. Once you've completed your first risk assessment, you can implement an incident response plan.

Step 2: Develop the Incident Response Plan

An incident response plan will identify the actions that should be taken when a data incident occurs. The aim of it is to identify the attack, contain the damage, and eradicate the root cause. When your organization responds to an incident quickly, it can reduce losses, restore processes and services, and mitigate exploited vulnerabilities.

The SANS Institute's Incident Handlers Handbook defines a six-step incident response plan:

1. Preparation: This step involves creating an incident response team and outlining their roles and responsibilities. You'll need to develop policies to implement in the event of a cyber attack, as well as a communication plan.

2. Identification: Decide what criteria calls the team into action, such as a phishing attack. Start to assess the incident and gather evidence.

3. Containment: Once your team isolates a security incident, the aim is to mitigate the damage. This includes an instant response, such as taking down production servers, a system backup, and long term containment, such as installing security patches on affected systems.

4. Eradication: Contain the threat and restore systems to their initial state. This step also includes seeing if the attacker reacted to your actions and anticipating a different type of attack.

5. Recovery: Ensure that affected systems are not in danger and can be restored to working condition. Monitor the network system to ensure that another incident doesn't occur.

6. Lessons Learned: Review the steps you took and see if there are areas for improvement. This report can be used as a benchmark for comparison or as training information for new incident response team members.

Following these steps can prepare your organization for a security incident and ensure that you’re taking appropriate measures.

Cyber resiliency is needed to help keep your organization safe. Databranch can help further keep your organization safe by helping to prevent attacks from happening. Give us a call at 716-373-4467 x 15, email info@databranch.com, or click here to learn more about us and how we can help!

*Courtesy of our Great Partners at Datto*

Your Pocket-Sized Security Threat

How many people in your organization have a company-issued phone, or use their own to access company data like emails, client information, or documents?

Your phone may be a big risk to your data security. Smishing attacks (the text message equivalent of a phishing email) increased 328% in 2020 and will probably significantly rise again this year.

Once your phone is infected, malware can monitor your calls and messages, download and delete your data, and if a phone is connected to your business network, the infection might even spread.

Malware aside, mobile devices are more prone to loss and theft, which could see them easily falling into the wrong hands.

With all that in mind, what actions should you be taking to keep your team's phones protected from threats like cyber-attacks and data theft?

Educate your team on the dangers that smart phones pose. Make sure they know how to spot a smishing attempt, and not to click or respond to anything that raises a red flag

Encourage everyone to block any numbers sending bad texts, and even consider installing a spam blocking app on all devices

If your people are in any doubt as to whether a message is genuine or not, ask them to clarify with their contact with a phone call

Don’t respond to a message if there is any doubt over its authenticity

Make sure that everyone uses multi-factor authentication or biometrics to unlock handsets

Set up encryption and the ability to remotely wipe data if a device be lost or stolen

Everyone in your organization should also know what they have to do if they think they’ve tapped on a potentially dangerous link, downloaded something they shouldn’t have, or lost a device.

Create a protocol that details who needs to be informed and in what timeframe, the information that needs to be given, and how it’s escalated.

The sooner a potential breach is reported, the more can be done to quickly rectify the situation and protect your data.

Databranch has the resources to help you and your team train on how to recognize threats and prevent against attacks. Give us a call at 716-373-4467 x 15, email info@databranch.com, or click here for more information!

Give us a call at 716-373-4467 x 15, email alasky@databranch.com, or click here to get started!

WE LOVE REFERRALS

The greatest gift anyone can give us is a referral to your friends. Referrals help us keep costs down so we can pass the savings to our clients.

If your friend ends up becoming a client - we’ll gift them a free first month of service (for being a friend of yours) AND we’ll gift you a $100 Amazon Gift Voucher.

Simply introduce me via email (dprince@databranch.com) and I’ll take it from there. I personally promise we’ll look after your friend’s business with a high level of care and attention (just like we do with all our clients).

Technology Trivia

Which two companies rejected Tony Fadell’s idea for the iPod before he took it to Apple?

The first person to email us at info@databranch.com and give a correct answer gets a $25 Visa Gift Card

NEED A LAUGH?

What do you call an excavated pyramid?

Unencrypted!

If you were forwarded this email from one of our great Databranch clients and would like to receive future updates, click here to sign up for our newsletter/weekly tech news!