Think About IT with Chris Messer, CTO | Coretelligent Blog

Think About IT: Corporate Technology Assessments

Thoughts from Coretelligent’s Chief Technology Officer, Chris Messer

Regular technology assessments are critical to ensure your organization has the right tools to enable employees to perform their job efficiently and successfully. These exercises are designed to measure and validate performance, security, workflows, and identify potential deficiencies in your technology platform to better serve your business now and beyond. Software and IT hardware are all critical tools to your business, but all tools have a finite lifespan and should be reviewed to determine if they should be replaced and/or upgraded. Your current and future systems, including computers, network systems, and all supporting equipment, should be assessed at least annually to confirm they are providing optimal performance and that you are not missing out on new products or enhancements now available.

Wondering where to start? Let us discuss how to determine what internal systems may need improvement, most critical data to assess, necessary steps to conduct assessments, and how your MSP partner and IT solutions can serve you.

Do Your Current Systems Need Improvement?

Our new normal has changed the lens of what accessible technology we need and are using day-to-day. If your current systems are not top performers, you should decide if it is cost-effective to find replacements. Where possible, you can run diagnostics tests to discover what factors may be limiting or otherwise preventing high performance. Download our guide, How to Determine Improvements for Internal Systems, for more information.

If you find that your current systems are performing well, remain secure for remote access, have the right features, and are refreshed, great news! Perform new diagnostic tests six months from your initial query for best results. Your engaged MSP partner is an available resource for you to contact if needed to confirm the best steps for your business.

The Most Critical Data to Assess

Now that all current internal systems have been evaluated and you have come to the conclusion it’s time to find new ones, before performing your technology assessment, it is critical to think about what data will be the most important to gather. Essential data includes boundaries for evaluation, budget expectations, and flexibility, to name a few.

When setting boundaries, think about the technology’s features and functionalities, business challenges you may need to solve, and the reputability of the manufacturer. As we are approaching the end of the year, budget is front of mind for many of you, and where there is space to improve productivity or security for your new technology, account for it. If you are purchasing technology with licensing, how flexible are the models? It is best you know in advance whether licenses are per workstation or per company to ensure you are getting the most reward for your dollar.

How to Conduct a Corporate Technology Assessment

The main steps in conducting a technology assessment are to establish requirements, conduct market research, create a list of vendor finalists, conduct a demo or proof of concept (PoC) phase, and then move to final ordering, procurement, and deployment. Once you identify the key requirements, features, and improvements you are hoping to achieve with the adoption of a new technology, you can take some time for market research and learn what others are saying about the systems you found within your budget. Read reviews or market reports to make sure the new technology appears to be received well by other purchasers and businesses and is appropriate for your needs. If everything sounds seamless, procure those devices, and prepare for setup!

During your research step, if your business is operating remotely or has plans to remain remote, it’s important to think about if your technology and software are safe, effective, and functional for your employees while they are not strictly tied to the office.

Your MSP Partner, Coretelligent, is Here to Serve You

Our recommendation to our clients and prospects is to perform technology assessments on their current and future internal systems for high productivity, cost-effectivity, and to keep operations safe and secure. Coretelligent is here to offer support in any way you need while performing your assessments. We can provide advice on technology offerings and apply strategic IT solutions to protect your infrastructure. We are here to make sure your technology plan and systems align with your business strategy to reduce risks and promise optimal performance.

Regardless of your challenges, our project managers and engineers will learn your business, your IT and technology needs, and resolve issues quickly and accountably. If your business is not currently working with an MSP provider, schedule a no-obligation consultation with Coretelligent today.

For additional technological counseling and to learn how to invest in strong collaboration technology, download our Technology Checklist for Achieving Greater Alpha.

About Chris

Chris Messer, Chief Technology Officer at CoretelligentAs Chief Technology Officer, Chris Messer is a transformational and strategic IT leader who establishes and leads Coretelligent’s technical vision and technological development.

Click here to learn more about Chris

by
Think About IT with Chris Messer, CTO | Coretelligent Blog

Think About IT: SOC 2 Certification

Thoughts from Coretelligent’s Chief Technology Officer, Chris Messer

The recent changes to the workforce and increase in cyberattacks have many organizations wondering if their IT partners are managing their data securely. Reevaluating a current vendor or shopping for a new one can be a daunting task for decision-makers. How can you trust that your vendor’s practices are aligned with regulatory and industry standards that affect your business? With an evolving threat landscape and increasingly rigid regulations, this question has never been more critical.

Whether your vendor provides cloud hosting, software as a service (SaaS), platforms, or facilities, they should have at a minimum their SOC2® certification. This is a must for any partner that is interacting with your data.

What is SOC2?

Service Organization Control 2, or as it’s commonly known, SOC2®, is the industry standard for validating that a service organization can secure data while at rest and in transit. This certification is regulated by the American Institute of Certified Public Accountants (AICPA). It helps attest that a vendor is a stable and mature organization implementing the right security controls and that these controls are operationally effective to minimize the potential of a data breach or outage.

There are two types of SOC2® reports. The Type 1 report is a snapshot of a service organization’s controls as of a specific date. The Type 2 report, which is more robust, measures a service organization’s controls over several months: typically taking 12 months.

From a compliance standpoint, anywhere your data is transmitted or stored should be SOC2® certified. For more information on how service providers are measured, check out our SOC2® Guide.

Data Loss, Leaks, and Breaches, Oh My!

Organizations may make the mistake of assuming that all vendors are held to the same regulatory standards as their business. Unfortunately, this is not the case. Service providers that don’t implement cybersecurity best practices become an insider threat to your data.

Without the proper controls, your business has an increased risk of experiencing a data breach, unauthorized access of data, or data loss. This past February, General Electric experienced a data breach through a third-party vendor. The vendor allowed an unauthorized user to gain access to the personally identifiable information (PII) of current and former GE employees.

SOC2® certified vendors give your business reasonable assurance that the proper systems and procedures are in place to maintain data security and privacy.

The Benefits of a SOC2® Service Provider

SOC2® certification is crucial whether you are entering a new relationship with a service organization or just need to validate that they are implementing the proper security controls. As a part of your vendor risk assessment, ask service providers if they are SOC2®certified.

Security is the foundation of everything we do at Coretelligent. We want our clients to feel confident that their data is safe, and our security practices are aligned with industry and regulatory standards. Our SOC2® certification represents our commitment to security, our clients, and overall IT best practices.

 

About Chris

Chris Messer, Chief Technology Officer at CoretelligentAs Chief Technology Officer, Chris Messer is a transformational and strategic IT leader who establishes and leads Coretelligent’s technical vision and technological development.

Click here to learn more about Chris

by
Coretelligent logo & Coretelligent Blog icon

Email Security Threats: You’ve Got Malware

Companies in almost every industry rely on email. Whether it’s for collaboration or deal flow, email keeps businesses operating. With email being so critical, it’s no surprise that it remains one of the top attack vectors for cybercriminals.

One of the reasons attackers favor email is because they can go around technical security measures by focusing their efforts on humans. Human error is one of the top causes of data breaches. This is partly because human behavior is predictable, and attackers know how to abuse these patterns effectively. A recent example of this would be COVID-themed emails. Throughout 2020 cybercriminals have attempted to use COVID-themed emails to gain access to networks and data. Bitdefender’s 2020 Mid-Year Threat Landscape Report found that four out of ten COVID-themed emails were spam.

Email Security Threats

One of the first steps in improving your email security is being aware of the types of threats that exist. Below are some common email threats:

Spam

Spam emails can be used for both commercial and criminal purposes. Spam emails are bulk emails sent out to large distribution lists. While some companies create spam to advertise a product or service, attackers generate these emails to harbor something sinister. Cybercriminals use these bulk emails to deliver malware and other viruses.

Phishing

In phishing attacks, cybercriminals use social engineering via email to get users to complete a task. Attackers gather information on their victims from social media and other public databases. They use this information to make their emails sound more personal in hopes of gaining your trust. The emails encourage you to take action like clicking a link or responding with sensitive information. Phishing emails often have a sense of urgency so that users don’t spend much time contemplating the request. Unfortunately, phishing emails are highly effective because they play on societal norms and human behavioral patterns.

Impersonation Fraud

Similar to phishing, impersonation fraud uses social engineering to provoke user action. Just as it sounds, cybercriminals pretend to be a trusted entity like your bank or even your boss. The attacker’s goal is to pressure the user into completing an action or interacting with malicious content. It may sound absurd that your boss asks you to send him $500 in gift cards immediately, but people are often too afraid or embarrassed to question the validity of a request from an authority. So, despite the feeling in their gut, they carry out the request.

According to a Mimecast report, impersonation fraud increased by 30% during the first one hundred days of COVID-19. Attackers took advantage of people’s fear of the virus, pretending to be entities like the CDC, WHO, and healthcare facilities. These emails would encourage people to download the latest information on COVID or click a link to donate to research. In reality, they were installing a virus on their computer or device.

Malware & Ransomware

Verizon found that email is still one of the top vectors for delivering malware. Malware and ransomware are deployed when a user downloads an attachment or clicks on a URL. Once deployed, attackers can access users’ workstations and move laterally through the company network.

Ransomware is a form of malware that allows attackers to encrypt files, workstations, or networks. Once they control your systems, they lock you out and demand payment in exchange for a decryption key.

Insider Threats

Businesses often overlook the potential dangers posed by internal threats. Without proper access management, a user could have unlimited access and control over systems and data. If an attacker gained access to these credentials, there are no limits to the damage they could do.

Data breaches can happen by accident. Users are human, and that means they have the potential to make mistakes. An unaware user that interacts with an attacker email or mistakenly clicks on a malicious link can cause a data breach.

Increasing Your Email Security

As with all aspects of cybersecurity, taking a holistic approach to email security is the best way to lower your risks of a breach. Consider implementing the following:

Email Security Platform

Email security platforms serve as one of your first lines of defense. These platforms filter emails looking for patterns, keywords, and malicious attachments and links. When it detects harmful content, it will prevent the email from entering the inbox by putting it into quarantine. From there, your security analysts can investigate further.

Next-Generation Antivirus

Increase your endpoint security by implementing a next-generation antivirus. Unlike traditional antivirus, next-gen antivirus uses artificial intelligence and machine learning to identify and respond to attacks. It can detect and block malware, including fileless attacks.

Security Awareness Training

Why do users engage with malicious emails? Often, it’s because they are unaware of security best practices and common cybercriminal tactics. Conducting regular user awareness training empowers users to recognize attacker emails and respond appropriately. Businesses should also perform routine phishing tests to measure the effectiveness of their security awareness training.

Password Policies

Two of the most common password behaviors are generating weak passwords and reusing passwords for multiple accounts. Attackers use algorithms that can guess common or weak passwords. Businesses need to implement password policies that require users to generate long and complex passwords. Reusing passwords is incredibly dangerous in that if an attacker has access to one account, they have access to multiple or all accounts. In essence, one breach leads to another. Imagine your employee uses the same password for both their social media and their company email. If their social accounts are hacked, the attacker can compromise the business email account, if not more.

Multifactor Authentication

If an employee’s email credentials are stolen, having multifactor authentication (MFA) makes it more difficult for an attacker to use them. MFA requires additional factors to confirm the user’s identity. Additional factors are typically codes from a text or app. So even if an attacker can obtain credentials, they more than likely will not have the user’s cellphone, which is needed for an authentication code.

Secure Archiving

Highly regulated businesses, particularly in financial services, are often required to archive all correspondence, including email. To maintain security and compliance, enterprises need secure email archives that use encryption and MFA. User controls for these archives should follow the rule of least privilege, limiting access to only those who need it.

Monitoring

There are different types of monitoring. Not all monitoring looks for cybersecurity incidents on your network. If a user installs malware from an email, actively monitoring your IT infrastructure will alert you to changes being made on user workstations and the company network in real-time. This allows your security team to respond quickly to prevent further damage.

Comprehensive Cybersecurity

Email is critical for day-to-day operations, which is why it’s a focal point for attackers. Mitigate your email security risks by partnering with an MSP who understands cybersecurity and compliance. At Coretelligent, we believe in providing clients with superior cybersecurity solutions that allow for maximum performance. CoreArmor, our security and compliance solution, provides holistic and robust protection with innovative solutions and monitoring from our in-house Security Operations Center.

Are you looking to enhance your email security or increase your overall cybersecurity posture? Call us at 855-841-5888 or contact us to learn how Coretelligent can help your business.

Learn how cybercriminals use stolen credentials in our blog, OCIE Alert: Protecting Client Data from Credential Stuffing.

by
Coretelligent logo & keyboard

OCIE Alert: Protecting Client Data from Credential Stuffing

Only two months after releasing an alert on ransomware, The Office of Compliance Inspections and Examinations (OCIE) once again released a cybersecurity alert advising SEC registrants of an increase in cyberattacks. This time the focus was on credential stuffing. In a successful credential stuffing attempt, an attacker will gain access to client accounts, sensitive data, and the company network using stolen credentials.

Hackers have been focusing their credential stuffing attacks on institutions within financial services. They are hoping to access client accounts, personally identifiable information (PII), and financial assets. ZDNet reported that attackers used credential stuffing on a NY-based investment firm and an international money transfer platform sometime between the summer of 2019 and earlier this year. The attacks caused outages, which resulted in $2 million in lost revenue.

How Does Credential Stuffing Work?

Credential stuffing is when a hacker uses stolen credentials to gain access to user accounts and networks. Attackers create automated scripts to test thousands of credentials on multiple web applications. Hackers use tools to make it seem like their scripted login attempts are the regular activities of thousands of people. The tools make the logins appear as though they are coming from different browsers and IP addresses.

The reason credential stuffing is so successful is because many people use the same username and password for multiple accounts, e.g., their bank, email, and social media. According to INC., around 66% of Americans reuse passwords. Let’s say your employee uses the same credentials for accessing the company network and their online bank account. If a hacker breached your employee’s bank, the attacker now has user credentials for your network. This is why it’s critical to have a password policy.

Breach after Breach

Hackers can obtain user credentials using many different techniques. For a credential stuffing attack, user accounts typically come from a prior breach. Attackers may have their own database of usernames and passwords from previous hacks, or they could purchase databases from the Dark Web. Disturbingly it seems to be a growing trend for hackers to publish stolen credentials on forums for free. One of the largest stolen credential databases is known as “Collections #1-5”. According to Wired, the collections include around 2.2 billion usernames and passwords.

If a hacker can gain credentials for client accounts or your network, they will more than likely sell them on the Dark Web. Unfortunately, that means you are more likely to be breached again as a result. Data breaches are more than an inconvenience and bad public relations. Security incidents and breaches can cause damages like:

  • Noncompliance
  • Downtime
  • Lost Revenue
  • Litigation Fees
  • Reputational Damage
  • Business Closure

It can take years for a company to overcome the challenges caused by a data breach.

Protecting Client Accounts and PII

OCIE recommends the following cybersecurity practices to mitigate the risks associated with credential stuffing:

Create Strong Passwords and Do Not Reuse Them

The unfortunate truth is humans are one of the top causes of data breaches. Human behavior is often predictable, and hackers use this to their advantage. Two common password faux pas are weak passwords and reuse of passwords. Creating weak passwords makes it easier for hackers to guess your passwords. Reusing the same password for multiple accounts means that if a hacker has access to one account, they have access to all your accounts.

Protect client accounts and PII by reviewing and updating policies and procedures. Have a password policy that requires employees and clients’ passwords to be strong and regularly updated. Require users to have unique passwords for each account they access. Having strong passwords dedicated to specific accounts will limit the amount of damage a hacker can do with stolen credentials.

Implement Multi-factor Authentication

By having multi-factor authentication (MFA), a hacker would need more than a username and password to access an account. MFA requires additional factors like a code via text or application. Even if a hacker has obtained your credentials from the Dark Web, they more than likely will not have access to your phone.

Deploy CAPTCHA

When logging into your web-based email, you have probably been prompted to identify streetlights in a series of images. You may remember nervously trying to determine if a few corner pixels counted as a streetlight so that you could continue to your inbox. It’s okay; we have all been mistaken for a robot by CAPTCHA at least once. CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart. Just as it sounds, CAPTCHA asks users to complete a task to prove they are human and not a bot or automated script. This test prevents automated scripts containing stolen credentials from being able to access your accounts.

Actively Monitor Your Network

Some organizations don’t realize for weeks or even months that their network experienced a breach. Businesses may think because they have some form of monitoring, it will detect cybersecurity events. There are different types of monitoring, and not all systems can identify and respond to cybersecurity incidents. To detect suspicious activities and incidents, you need to actively monitor your network around the clock. Remember, hackers use tools to mask their activity as normal user behavior. Find an IT partner with cybersecurity experts who can use forensic analysis to understand the activities on your network.

Find a Cybersecurity Partner

As cybercriminal’s tactics become, more sophisticated breaches have become less about if and more about when. Stolen credentials can create a domino effect causing one breach to lead to another. Businesses need comprehensive cybersecurity solutions to mitigate their risks and stay compliant. Work with a cybersecurity partner like Coretelligent. Our CoreArmor cybersecurity solution provides real-time protection and threat intelligence to safeguard your systems and ensure you are aligned with regulatory standards.

Do you have questions about maintaining security and compliance? Coretelligent can help! Give us a call at 1-855-841-5888 or contact us today.

Read our blog for more information on OCIE’s recent ransomware alert.

by
Think About IT with Chris Messer, CTO | Coretelligent Blog

Think About IT: Vulnerability Management

Thoughts from Coretelligent’s Chief Technology Officer, Chris Messer

IT is an ever-changing field, and the reality is IT isn’t top of mind with many of our clientele. Nor should it be. That’s our role – to come in, evaluate, update, remediate, and think proactively for growing businesses. That way, you have the time and resources to focus solely on your day to day operations.

Vulnerabilities, Everyone has Them

Your vulnerabilities are one of our top priorities. They can come in many different forms- from technical weaknesses, including issues with software and hardware or misconfigurations of systems, to human behavior and process-based vulnerabilities.

Believe it or not, risky user behaviors are some of the top vulnerabilities. With COVID and remote work, we’ve seen an uptick in phishing and malware related schemes. In general, attackers are trying to take advantage of people’s fear and uncertainty around COVID. In addition, Biotech firms are being targeted at a higher rate because of their COVID research.

We are also seeing account-based vulnerabilities, where attackers are using stolen passwords. Once they capture one user’s information, they compromise your email and then work their way through the organization. If we look at Marriott’s breach from February of this year, stolen credentials resulted in an attacker having access to the information of 5.2 million guests. It’s possible attackers obtained those credentials through phishing emails.

No matter what category a vulnerability falls under, it’s a weak point that cybercriminals can exploit. One vulnerability is all an attacker needs to breach your system. That’s why it’s critical to have risk and vulnerability programs in place.

How Should You Address These Vulnerabilities?

Every company should invest in a robust vulnerability management program. You need to have a foundation in place that incorporates procedures and policies that identify, evaluate, and address vulnerabilities. Although email and stolen credentials have been the two most common attack vectors, COVID and remote work have exacerbated these attacks.

In terms of email and phishing, remember if an email looks suspicious, it probably is. Businesses should have frequent and repeatable security awareness training in place to keep end-users up-to-date and aware of current threats. Conduct phishing campaigns to test or validate that awareness training is effective. Remind users not to provide their information, download attachments, click on links, or forward emails that could be malicious. If something feels off or looks strange about a vendor email or pop-up, trust your gut. Check with IT or your MSP before taking action.

With account-based threats, implement solutions like multi-factor authentication (MFA), which requires a code in addition to a password. If a user’s credentials become compromised, MFA could protect your company from a breach. Make sure users are adhering to corporate password policies. They should not be rotating or reusing passwords.

Businesses need to continually train and retrain employees on best practices and company policies. You need to continuously go through your vulnerability management program to identify and remediate issues. If you are interested in learning the more technical aspects of vulnerability management, check out our Vulnerability Management Guide: https://coretelligent.com/it-resources/guide-to-vulnerability-management/

Vulnerabilities: Why Care? Your Bottom Line.

There will always be new vulnerabilities that affect your systems. That’s why organizations must have a vulnerability management program that continuously addresses risks. When an attacker exploits your vulnerabilities, it affects your bottom line. A successful breach can cause data loss, monetary loss, loss of reputation, and possibly closure of your business.

Managing Vulnerabilities with White Glove IT

At Coretelligent, we understand that your time is valuable and best spent focusing on organizational objectives. Our job is to ensure that your IT solutions are proactively aligned with your current and future business goals. Vulnerability management is a constant process that requires regular maintenance and monitoring. That’s why we recommend CoreArmor in addition to remote support. CoreArmor provides the active monitoring and human analysis needed to continuously assess and treat vulnerabilities.

About Chris

Chris Messer, Chief Technology Officer at CoretelligentAs Chief Technology Officer, Chris Messer is a transformational and strategic IT leader who establishes and leads Coretelligent’s technical vision and technological development.

Click here to learn more about Chris.

by
Coretelligent logo & professional woman on a laptop near data servers

Upgrading to Modern GxP Solutions for Validated Environments

Data is the lifeblood of the life sciences. As therapeutics, medical devices, and diagnostics advance from early-stage development into clinical testing and beyond, the scrutiny of reported data and procedures dramatically increases.

In the 1990s, many pharmaceutical and biotech companies implemented SFTP and file servers to store, exchange, and analyze regulated data from environments governed by GxP (e.g, clinical trials, manufacturing, toxicology, etc.).These systems also underwent costly validation procedures to ensure they could hold regulated GxP data. Fast-forward 20 years and these workhorses are becoming ‘long-in-the-tooth’ and are approaching end-of-life. As companies seek to leverage new technologies, like cloud and AI, and reduce costs, many IT teams are evaluating new options to handle regulated data. Here are some considerations when replacing these historical systems with modern, compliant data infrastructure.

High-priority Capabilities

When you are ready to upgrade your GxP data infrastructure, you should consider implementing replacements that provide four essential functions: integrated user access & provisioning, configurable metadata, hybrid cloud support, and robust data security.

Active Directory integration: Any new system you implement should be compatible with your company’s Active Directory. Whether you use Okta, Azure AD, or another service, enabling unified user access control is vital for a secure, auditable environment.

Configurable metadata: Data is just as valuable as the metadata that defines it. Make sure your replacement can accommodate customizable fields, like drug program, partner, and creator. In terms of compliance, metadata can help ensure that data maintains a ‘chain of custody’.

Hybrid: Modern drug development produces large data sets that need to be processed in high-performance local and cloud environments. Hybrid clouds – a combination of public cloud computing and on-premise computing – are essential to the life sciences industry. Make sure your solution has options for supporting cloud and on-premise deployments and can easily synchronize across both environments.

Data security: Cyberattacks have been on the rise with no sign of slowing down. Having an integrated platform that combines data collection/transfer and data security helps protect against common data protection issues.

Robust Compliance Posture

For some legacy infrastructure, validation costs outweigh the cost of purchasing the hardware/software itself. Many companies want to eliminate their overhead in validating software and ensure compliance with 21 CFR Part 11. Confirm that replacements for your SFTP/file servers have key features required for speedy validation and defensible compliance with regulations.

In terms of GxP requirements, modern solutions with the most robust compliance posture include user & file-based audit trails that allow administrators to track the behavior of files and individuals. Also look for data infrastructure that provides tools to track file checksums. If you were to experience an audit, inspectors consider the checksum as the best-of-breed indicator of file integrity. As regional data-related governance requirements are growing, like GDPR and CCPA, companies need to ensure that their secure data platforms afford the tracking of sensitive data.

Evaluating the Options

As you evaluate your options for replacing legacy systems, make sure they include:

  • Fast implementation – Solution can be set up rapidly (in minutes for cloud, > 2 weeks for hybrid)
  • Integration ecosystem – Solution integrates with life sciences applications present in my environment (e.g. ELN, LIMS, CTMS, etc.)
  • Ease of validation – Solution offers a validation package and technical support for implementation in a GxP environment
  • Systems compatibility – Solution is compatible with our compute, SSO, and other infrastructure

Replacing legacy infrastructure can be challenging but it shouldn’t prevent you from focusing on digital transformation and using advanced technologies. Upgrading to modern GxP solutions gives your organization the competitive advantage across critical vectors. Improved cost profiles, enhanced security, and automated compliance are needed in the rapidly evolving world of data-driven drug development. The right choice today can empower you to deliver new value to scientific, manufacturing, and regulatory stakeholders tomorrow, all the while future-proofing your data infrastructure.

Ready to upgrade your legacy GxP systems? Cortelligent will work with you to develop a strategic IT roadmap for your life sciences organization. Call us at 855-841-5888 or contact us to learn how our experience and solutions can help your organization grow while remaining secure and compliant.

Watch our webcast on GxP Data Compliance to learn how we can successfully address challenges in the life sciences industry.

by
Coretelligent logo & professional using a tablet

Endpoint Security: EPP vs. EDR

Cybersecurity is complicated and can be overwhelming for many organizations. COVID-19 has only made things more complicated by forcing businesses into a remote work environment. With bring your own device (BYOD) becoming one facet of the new normal, endpoint security is necessary now more than ever. Each mobile device, laptop, and tablet that connects to your company’s network presents an opportunity for attackers to breach your systems and access data.

With so many devices remotely connecting to your organization’s network, how do you maintain security and compliance? Endpoint Protection Platforms (EPP) and Endpoint Detection and Response (EDR) platforms are tools that help your business gain total visibility of the network and control of endpoints.

Let’s compare endpoint security to the defense in gridiron football. EPPs act as your defensive line. Its goal is to stop known and some unknown threats from accessing your company’s network. EDR platforms act as your safeties. It has more visibility into your network, so it can identify and respond to incidents that bypassed your EPP.

What is an Endpoint Protection Platform (EPP)?

Endpoint security is critical to your organization’s overall security. An Endpoint Protection Platform’s goal, like your defensive line, is to detect and stop threats at the device level, so they don’t get through to your network. EPPs are preventative and can identify known and some unknown threats. EPPs typically include Next-Generation Antivirus (NGA), personal firewalls, anti-malware, data encryption, and intrusion prevention. So, if EPPs offer this much protection, why do you need an EDR?

What is Endpoint Detection and Response (EDR)?

EPPs have upped their game by adding capabilities to stay current with today’s dynamic work environment. Even with these improvements, they can still lack many of the features included with an Endpoint Detection and Response (EDR) platform. Suppose your defensive line fails to stop the offensive team. In that case, your safeties have the visibility to analyze the situation and respond. EDRs work in a similar way. EDRs are looking for incidents that occur across your network, and they can react automatically to prevent further damage. EDRs include features like anomaly detection, real-time log reporting, file integrity monitoring, forensic analysis, isolation, and remediation.

Better Together

Gaining a holistic view of your network is even more challenging with a decentralized work environment. EPPs provide the first line of defense, identifying and blocking many threats from gaining access to your network. EDRs have better visibility. They are ready to stop attacks that penetrated your EPP, preventing attackers from reaching their goal. EDRs can even remediate endpoints to a pre-infected state, rendering the attacker’s play as no good.

EPPs provide critical threat prevention at your endpoints. EDR platforms provide valuable incident response tools that offer context for security events. This quick response and insight can lessen the time between identifying a breach and responding to it. Together, EPP and EDR platforms make an excellent team for securing your endpoints.

Maximizing the Benefits

Although endpoint protection and endpoint response platforms can have advanced security features, you still need a knowledgeable IT security team to achieve the full benefits. EPPs and EDR platforms need someone to manage them, provide human analysis, and comprehensive response. Forensic analysis data is only useful if your company has the experts to interpret it. It’s not reasonable for many organizations to have in-house security analysts monitoring their systems around the clock. Consider adding an MSSP like Coretelligent to your team. Our in-house Security Operations Center (SOC) provides 24x7x365 intrusion detection and monitoring.

Is your organization looking to maximize the benefits of your endpoint protection and prevent attackers from scoring your data? Coretelligent has helped many organizations navigate the new normal that is remote work. Give us a call at 855-841-5888 or contact us to learn how we can partner with your in-house IT team or provide fully managed support and security solutions.

Read our case study to learn how we helped an investment banking firm stay productive remotely.

by
Coretelligent Ranked on Channel Futures MSP 501

5 Areas to Consider When Selecting an MSP

All managed service providers (MSPs) are not created equal. MSPs can range from one or two engineers up to large organizations with hundred-person call centers. Some provide cybersecurity solutions, also known as managed security services providers (MSSP), but some do not. How do you identify a quality MSP? Are they equipped to provide you with strategic guidance on the unique needs of your business, future growth, or compliance standards? You should consider these five areas when looking for an MSP partner.

Quality of Service

Whether you need fully outsourced or co-managed IT, a quality MSP provides you with a team of dedicated industry experts. There should be clearly defined protocols for who to contact when issues arise. Response time should be fast. When you experience a problem, an engineer should reach out to you the same day, if not within a half hour. An engineer should clearly articulate the remediation plan and timeline. Has it been over a week since you requested an update to your email signature? Time to look for a new MSP.

Here are some signs that an MSP won’t live up to your business standards:

Low Expertise

Some issues require more advanced knowledge and experience. Mid-sized businesses and those who are affected by regulatory agencies need experts that can help them strategically plan their IT solutions.

Protracted Response & Remediation

If you are experiencing delays in response time and remediation, your MSP might be too small for your organization or not appropriately staffed. It’s essential to find an IT partner that can grow with your organization.

Frequent Onsite Engineer Changes

It can be frustrating to tell your issues to one engineer on a Friday only to have to repeat the problem to a new engineer on Monday. If an MSP has a high turnover rate, internal troubles might be making it difficult to retain experienced engineers.

MSP Caused or Allowed a Breach

One of the most significant warning signs is an MSP that experienced a breach themselves or did not take the necessary steps to prevent a breach for their clients. Do your research and ask about breaches on day one.

Strategic Planning

As your organization grows, resolving day-to-day tech issues isn’t going to be enough. You will need an MSP that acts as a strategic IT partner. Your IT solutions should proactively align with business goals and initiatives. Experienced MSPs should make IT recommendations that increase efficiency and reduce costs.

Some questions to ask around strategic planning:

  • Do you offer Virtual CIO sessions?
  • Do you provide recommendations on new technologies?
  • Do you understand how IT solutions affect our business?
  • Do you understand our industry needs?
  • How many clients like us do you support?
  • Do you know which compliance regulations affect us?

Cybersecurity

The costs of a breach go beyond financial. A breach can cause permanent data loss, loss of reputation, and even closure of your business. According to Inc.com, who cites data from the National Cyber Security Alliance, 60 percent of companies that experience a breach will go under in less than six months.

Experiencing a breach is terrible, but letting it go undetected for months is worse. In the case of American Medical Collection Agency (AMCA), a breach went undetected for more than eight months. If going undetected for months wasn’t bad enough, not notifying patients within 60 days of a data breach violates HIPPA’s compliance standards. Violations lead to legal action, among other negative consequences.

Comprehensive cybersecurity providers should have the following:

Vulnerability Assessments & Penetration Tests

Regular vulnerability assessments and penetrations tests allow you to proactively address your weak points, whether it be systems, updates, or human behavior.

Managed Detection & Response

Cybersecurity professionals actively watching your IT infrastructure around the clock can prevent attacks from becoming successful and reduce the response time to active breaches.

Security Awareness Training

Comprehensive security includes education. Security awareness training empowers employees to work safely and notify your IT team if they notice any suspicious activity.

If you are unfortunate enough to experience a breach, your MSP should be familiar with the compliance standards that affect you. They should also have a clear remediation plan, which is often a component of compliance.

Compliance

Compliance regulations are complex and can be overwhelming when you try to address them with a small or inexperienced IT team. It’s vital for highly regulated industries like life sciences and financial services to have an MSP who is familiar with the compliance standards affecting their industry.

Some questions to ask around compliance:

  • Do you assist with developing a strategic IT plan?
  • Do you assist with reporting (compliance reports and due diligence requests)?
  • Are you familiar with the compliance regulations that affect our business e.g., FINRA, SOX, HIPPA, or HITECH?

Growth

Not all MSPs can grow with their clients. Industries like Life Sciences need to find an MSP that can support them through their whole lifecycle. Maybe an MSP can support you as five people, but can they continue to support you as you become five-hundred people and subject to federal regulations such as SOX?

Cybersecurity also becomes more complicated as your business grows. Adding more users to a dynamic work environment increases vulnerabilities. By not addressing vulnerabilities, you risk experiencing a data breach and becoming non-compliant.

Here are some questions to ask around growth:

  • What solutions do you offer that support scalability?
  • Are you able to support hundreds of users?
  • How will you maintain security as our landscape changes?
  • How will you keep us compliant as our environment becomes more dynamic?

Is your company looking for an MSP partner to co-manage or fully manage your organization’s IT? Coretelligent has years of experience working with organizations in industries such as financial services, life sciences, technology, legal, among others. Give us a call at 855-841-5888 or contact us to schedule your complimentary initial consultation.

Read our case study to learn how we helped a company with over 500 employees transition to a scalable stand-alone fully managed IT environment.

by
Coretelligent logo & Man typing on desktop computer keyboard

The Importance of Access Rights and Controls to Cybersecurity

Earlier this year, SEC’s Office of Compliance Inspections and Examinations (OCIE) generated a report on Cybersecurity and Resilience Observations. The report addresses seven critical areas for planning your cybersecurity and resiliency strategies, one of those areas being access rights and controls.

Access rights refer to the information and resources that a user has access to and how they can interact with that information– such as viewing or modifying content. Access controls look to verify a person’s identity (authentication) and if they have permissions to do a specific activity (authorization). If your ID card gives you access to particular rooms in a building, those are your access rights. If a security panel requires facial recognition to enter a room, it’s verifying your identity and level of access to that room. This is an example of access control. Imagine what would happen if you lost your ID card which had access to an entire building. What would happen if someone used your ID card to impersonate you? These are the types of vulnerabilities that attackers prey on digitally.

Defining Rights and Reducing Damage

Human error can be costly when it relates to cybersecurity. According to Verizon’s 2019 Data Breach Investigations Report, popular methods used for causing a breach were stolen credentials at 29% and phishing at 32%. Phishing is when an attacker uses social engineering to obtain information about someone. An example would be sending you an email impersonating your bank. The email may ask for you to confirm data like your social security number or date of birth. Attackers are becoming more sophisticated, so these emails often seem authentic. Once attackers have a user’s personal information, their goal is to get as much data as they can, as quickly as possible.

It’s best practice for user rights to follow the rule of least privilege. Having minimal access means a user can only access the data and resources required to do their job. By minimizing user rights, an attacker with stolen credentials has access to a limited amount of information. For users who need access to many databases, create separate accounts to segment access.

When defining access rights, you should ask the following questions:

  • What rights do users need to perform their job?
  • Who is granting and approving these rights?

Systems and Procedures

It’s not enough to minimize user access. Controls need to be in place to verify user identity and prevent unauthorized users from accomplishing tasks. Configuring access controls should start with policy that is backed by leadership. Policies need to be dynamic and reviewed often. With working from home becoming the new normal, there are more devices and new types of technology connecting to your business. If technology changes, so should your policies.

Implement access management procedures that minimize risk:

  • Periodically recertify users. Maybe their access needs have changed.
  • Enforce scheduled password updates. Require passwords to be strong.
  • Use multi-factor authentication (MFA), such as sending a code via text message.
  • Be aware of personnel changes and revoke credentials immediately.

Monitoring and Prevention

It’s essential to have a monitoring system in place to detect unusual activity. With advancements in technology, content governance solutions can use artificial intelligence and machine learning to monitor user behavior and learn from it. If a user doesn’t typically try to access information from Boston, the system can flag this activity and notify your IT team.

Compliance

In the event of a breach, you will need to prove what measures were in place to prevent the attack. Auditors will want to know each step that was taken before, during, and after the breach. No solution can guarantee a breach won’t happen, but having the right combination of policies, access rights and controls, technology, and industry experts can reduce the amount of damage.

At Coretelligent, we provide comprehensive solutions to mitigate cybersecurity and compliance risk. See how our CoreArmor solution can help lower your cybersecurity risk and increase your peace of mind. Contact us at 855-841-5888 or via email to info@coretelligent.com for a complimentary initial consultation.

by
Woman smiling with laptop and Coretelligent Logo

BYOD: Supporting Home Devices

Whether we like it or not, remote working is here to stay. During the last few months, many organizations struggled to get up and running. Still, those who had policies and technology focused on mobility and flexibility experienced a smoother transition to a remote environment. Companies like Twitter even decided to make working from home a permanent option for employees. Unfortunately, not every organization prioritized this model. For many, there were more questions than answers. Where do we begin? How long will it take to get 200 employees up and running? Are we still protected?

Making things more complicated, most employees will be using personal devices for business activities, otherwise known as BYOD – Bring Your Own Device. This concept can cause fear for the organization and its employees. Both are wondering what vulnerabilities exist for their data and property. The foundation for addressing these concerns is policy. Merely writing a policy isn’t enough. Policies need to be actively communicated, not just in a pdf on the company intranet. Once everyone is on the same page about security and access, they can start enjoying the benefits of BYOD.

Establish Policies that Maintain Balance

You should know the risks of having employees use home devices, but don’t let it stop forward progress. According to Dell, 45% of workers believe that using a personal device for work activities would increase their productivity. Since users are already familiar with the technology on their personal devices, there is a low learning curve, which increases efficiency. In some cases, BYOD can reduce costs. Your policies should address the following to minimize the risk of BYOD:

  • Updating Technology & Software | We don’t like to admit it, but many of us are guilty of not updating our personal devices. Sometimes we have gigabytes of photos of our kids, pets, and food and so we just don’t run that update. Running legacy platforms puts users more at risk for cyber-attacks. It’s essential only to allow access to users whose technology and software meet the minimum criteria. Still, running the previous operating system? No access.
  • Endpoint Detection and Response Platforms | A home device becomes a new endpoint for attackers to target. An EDR allows IT teams to monitor what is happening on the network and at the endpoint, a personal device. The IT team gets notified if there is any suspicious activity, which allows them to investigate a potential threat proactively.
  • MDM Solutions | Mobile Device Management solutions allow organizations to have control over personal devices. IT teams can monitor and secure sensitive information, run software updates, administer compliance, and even locate a lost device. MDM solutions can create anxiety for employees because IT will have the ability to wipe their personal devices. Being upfront and explaining how employee data is being monitored and protected will reduce anxiety.
  • Employee Termination | When an employee leaves, they should no longer have access to company resources. Be clear about when access will stop and what data they need to delete. If you have an MDM solution in place, let employees know what they can expect and when.

Despite taking the appropriate precautions, there is no guarantee that you won’t become a victim of a successful cyber-attack. All organizations should consider cyber liability insurance. Dedicated cybersecurity insurance can reduce some of the costs associated with a breach. Make sure the level of coverage you choose works for your organization.

Communication and Training is Key

Policies are only useful if people understand them. Have multiple opportunities for training like during onboarding and every few months. Leave room for questions so that you can address concerns, and verify that the information presented was understood.
Communicate clearly and often. Technology changes constantly, so you should make employees aware of any changes to processes, upcoming software updates, or potential risks. Awareness will empower them to work with you for a more secure and efficient remote work environment.

Using Technology to Implement Policy

Once your policies are in place, you will need the right technology to implement them. Working with an IT partner like a managed services provider can decrease some of the stress associated with BYOD and remote work. MSPs offer managed or co-managed IT solutions that ensure your employees’ personal devices are secure and up to date. They can advise you on solutions like:

  • Cybersecurity | Working from home and BYOD bring additional vulnerabilities to your business assets. Having cybersecurity solutions in place is imperative. These solutions allow your IT team to monitor activity on your network and at endpoints. Empowered with information, they can respond to potential threats before they turn into a breach.
  • Cloud Management | Cloud-based solutions provide mobility and flexibility for businesses. Companies can access their data, files, and applications from anywhere and, in some cases, on any device. The cloud offers scalability so it can continuously meet business needs as you grow.
  • Backup and Disaster Recovery | Having backups is not only smart but also a requirement from most regulating agencies. BDR solutions ensure business continuity and resiliency through retention and replication.

Need help getting started? At Coretelligent, we have years of experience with highly regulated organizations in financial services, life sciences, among others. Our focus is on providing you with a strategic IT roadmap and industry-leading IT solutions that keep your business mobile, flexible, secure, and in compliance. Contact our team at 855-841-5888 or via email to info@coretelligent.com to learn more about how our IT solutions can protect your business and employees as you adjust to BYOD and working from home.

by