Archive - Security RSS Feed

Happy Birthday, PCI Council! Unfortunately, Compliance Is Not Enough

pci-compliance-birthday-blog-big

To honor the Council’s 10th birthday―and just in time for a new retail holiday season― let’s look back on how retail security challenges have intensified over the past decade.

The PCI Council’s inaugural year coincided with one of the first highly public, holiday-season retail breaches when, in December 2006, retailer giant TJX acknowledged that they had been the victim of a major breach, stemming from an insecure wireless network that was easily attacked by Continue Reading…

The Beauty of Managed, Automated Security for IT

AdobeStock_94688471

Security has gotten too complex for an SMB IT staff to fully manage without help. The threats posed by cybercriminals are worse than ever, and the damage that they do is unparalleled. Keeping up is tough enough. Staying ahead seems near impossible.

Security is Job One

As a member of the IT department, your most important function is to protect the network and safeguard your organization’s critical data. While down servers and unstable applications can make your department look bad, the most visible failure is a security breach. That’s ‘heads rolling’ territory.

Security is also a visibility issue for companies who see their reputation and business possibly ruined due to breach publicity.

These fears are what makes security the number one priority for business leaders and the top way they judge IT.

Meanwhile most SMB IT staffs don’t have the time, budget, manpower or the tools to handle security in an optimum way.

So what’s a responsible IT department to do? Continue Reading…

Turn Managing Office 365 from Bear to Breeze

relaxing

Microsoft Office 365 sounds like a piece of cake to install and use. And for a single end user, it can be. But just try and move an entire shop, even a small one, over to the Microsoft productivity cloud suite. The management difficulties can be shocking.

Part of the problem is the administrator skills needed for on-premises Microsoft Office are almost exactly the same as those required for Office 365 – which translates into  a deep mastery of PowerShell scripting and Active Directory. This comes as quite a surprise to many Office 365 customers.

The result? Some customers looking to move to the cloud opt for Google Apps, and live with far fewer features, rather than tangle with the management beast that is Office 365.
Continue Reading…

9 Top Security Predictions from Gartner– Plus Advice!

3030security

As a leading analyst firm, Gartner comes out with a steady stream of predictions. One of the latest rounds concerns security. The predictions are designed to help IT pros take security seriously. After all, cybercriminals are more organized and dangerous every day.

Continue Reading…

The Risks and Rewards of a Hybrid Cloud

hybrid-cloud

Remember when the cloud was the new big thing? Then private clouds where all the rage. Now we are inundated with talk of hybrid clouds which combine private and public clouds into one unified system.

Before we talk about why hybrid clouds sound so great, we should touch on why private clouds are so compelling.  With the help of server virtualization, you take your own infrastructure and make it cloud-like – basically turn it into a utility. But you control the whole thing and, because it is local, you have full control of its performance.

The problem is that as demand grows you have to scale up the private cloud by adding more resources – even if you only need those resources every now and again. At the same time, there are services you want in the easy-access public cloud (because users can get to the cloud from anywhere) but you still  want these applications and data linked to your on-premises applications.
Continue Reading…

Policy-driven Security Helps You Stay Ahead of the Bad Guys

policy-based-securityKaspersky Labs just published a new eBook, Cybercriminals: Unmasking the Villain, which provides insight into cybercriminals’ evolving strategies and tactics. There are three points in particular that I want to highlight:

  • “31% of all cyberattacks are directed at businesses with less than 250 employees”
  • “42% of confidential data loss is caused by employees” often due to well-meaning employees “opening unauthorized email attachments, forwarding sensitive information or storing data insecurely”
  • “Hacking a small business to get into a larger business is now standard operating procedure for cybercriminals.”

These evolving cybercriminal practices underscore the reality that proper, up-to-date security practices are more vital than ever to the health and well-being of every company, no matter its size.  The risks are too high, and the incidence of exposure and breaches is only increasing.
Continue Reading…

GUEST BLOG: Become the Trusted Security Advisor Your Clients Need

These days, every organization needs someone they can trust for advice on IT security. Global enterprises like the Wall Street banks can afford to put one or more trusted security advisors on staff; but down on Main Street, most folks have to look outside the organization for trusted security advice, just as they do for trusted IT advice. And that represents a great opportunity for MSPs who make the right investments in security knowledge and offer the right mix of security solutions.

Traditionally, anti-malware has been the leading edge of security selling by MSPs and it still represents a golden opportunity for adding revenue to IT contracts, if you can get past some of the current linguistic confusion about malware protection. Here’s how I would boil it down for prospective clients: “the best way to keep malicious code off your systems is a properly licensed, appropriately configured, fully-supported anti-malware solution that is both comprehensive and centrally managed.” And in my opinion, the best way to implement this approach in all but the largest organizations is through an MSP who really understands the security landscape and can offer the kind of flexible billing that today’s business environment demands.

Continue Reading…

Security You Can Take to the Bank

password-protection

How Banks and Credit Unions Can Safeguard Data and Ace Audits

In today’s rough and tumble environment where hackers no know bounds, every financial institution, regardless the size, has to beef up security and remain ever vigilant.

According to recent surveys, 83% of the financial leaders who responded felt that data is their most important asset, and 79% said that having a strong technology infrastructure was critical to ward off cyberattacks. Unfortunately while most feel that security is a top IT budget priority, fewer than one in five believe they have strong security in place.

It shouldn’t be that way – nor does it need to be. Smaller banks may feel that they can’t afford to implement measures to detect and prevent security breaches. The truth is they can’t afford not to. Let’s look at why security is so important to financial institutions, and how even the smallest institutions can achieve their security goals without “breaking the bank.”

Continue Reading…

The Patch Management Crisis and How to Solve It

patch-software

Most end users, and even some IT pros, feel pretty safe if they have up-to-date anti-virus/antimalware, firewalls turned on, and complex passwords in place. This overlooks one of the biggest threats to your PC and network – poor or non-existent patching.

The vast majority of successful exploits are against unpatched machines, some 85% according to US-CERT, part of the US Department of Homeland Security.

Why is This So Bad?

While viruses can be a nuisance (and often worse) to unprotected machines, the kind of attacks aimed at unpatched machines can be far worse. These are targeted at doing real damage – stealing data, escalation of privilege, releasing bots, gaining deep entry into the network, and worse.
Continue Reading…

GUEST BLOG: Solid Security with Kaseya plus Proven Next-Generation Endpoint Protection from Webroot

Each year, Webroot publishes a Threat Brief, a detailed report which details the churn, change and growth within the cybercrime ecosystem. 2015 was another record year in which more malware, malicious IPs, websites and mobile apps were discovered than in any previous year. The current rate of cybercrime comes as no surprise, given continuous innovations and little in the way of risk for those who choose to participate. The continued onslaught of hacks, breaches and social engineering scams targeting individuals, businesses and government agencies has caused many in the security field to ask if it’s truly possible to defend against a persistent attacker.

At Webroot, we believe it is possible to effectively protect enterprises and end users alike, but only by understanding your adversary and the techniques they employ for their attacks. Webroot’s sophisticated approach and secure solutions reflect an in-depth understanding of the threat landscape and how attackers think, allowing us to provide cutting-edge, proven next-generation protection and real-time detection of threats as they emerge. With Kaseya VSA’s integration of Webroot SecureAnywhere® Business Endpoint Protection, it has never been easier for you to manage and protect your users.
Continue Reading…

Page 3 of 6«12345»...Last »
-->