5 Point Security Checklist for the New Year

5 Point Security Checklist for the New Year

By | Security | No Comments

The New Year is always a time to reflect and start anew. We look back at the highs and lows of the year with either a heavy heart or an elated one (maybe a little of both)—and apply the lessons learned from these observations going forward.

When it comes to 2016’s cyber threat developments – from breaches at the IRS to the most expansive hack of all time at Yahoo! – the postscript is dire: Protect your data or risk a breach in the year ahead. Here’s 5-point cybersecurity checklist to help guide you in the right direction:

1. Patch Now, Patch Often

As cybersecurity experts emphasize, being timely about updating and patching software is critical. Criminals are always inventing new ways to steal data, and they constantly look for vulnerabilities. What this means is that an optimized security network is only up-to-date for so long. The attack on POS systems at Home Depot last summer is a prime example. At the time, Home Depot was in the process of installing a security patch that would have protected them; but the hackers were too fast.

2. School Your People

You may very well hire the best and brightest, but even brainiacs need schooling. And when it comes to cybersecurity, your users will always be your weakest link. This is why regularly educating your users on cyber security best practices is so important. Training should include how to spot phishing emails, creating strong passwords, steering clear of dangerous applications, and understanding the risks associated with taking data out of the company.

3. Build It

An advanced, adaptive technology platform will take your cybersecurity efforts from an F to an A. The key is extending it beyond the firewall and creating a collaborative ecosystem of security tools across your network that work together as a cohesive, fluid defense— monitoring on premise, mobile and IoT devices, segmenting your network, sharing and correlating local and global threat intelligence — all to quell threats wherever they are in the attack chain.

4. Boost Security With The Best Technology

Studies indicate that many companies are planning to increase their cybersecurity spending. If this applies to your organization, we recommend considering the Advanced Threat Protection Framework (ATP) from our partner, Fortinet.

A multi-pronged approach to preventing, detecting and mitigating known and unknown threats, the ATP integrates security solutions that leverage dynamically generated threat intelligence from FortiGuard Labs as well as Fortinet’s advanced sandbox solution. The ATP can be deployed as part of the Fortinet Security fabric, an open architecture that enables multiple security components to work together to provide end-to-end protection across all endpoints, data centers and the cloud.

5. Test

Another critical component is testing your own network for security weaknesses. Network vulnerability scans, application vulnerability scans and penetration tests are all recommended.

Resolve To Assess Your Cybersecurity Posture

Xiologix has the expertise and best-in-class technology solutions to help organizations meet their cybersecurity challenges head on. A great way to start is by contacting us for a complimentary online cyber threat assessment. Get a jumpstart on your New Year’s resolution to keep your data safe in 2017.

Cyber-Security

Hacked Hall of Fame: Lessons Learned From the Biggest Cyber Breaches of 2016

By | Security | No Comments

2016 brought cybersecurity to the forefront. One can’t turn on the nightly news without hearing about some massive data breach.  Presently, the news is dominated by the alleged Russian hack—which has called into question our democratic process.

The cyber criminals keep upping the ante, with increasingly sophisticated tactics leading to larger spoils. To get an idea of the 2016 threat landscape, check out these stats:

Ransomware and other hacking schemes affect everyone. Organizations have a responsibility to take measures to ensure that sensitive data is kept safe.

Highlights of Biggest Cyber Attacks

Here are some of the larger cyber attacks of the past year:

  • SWIFT. No surprise that financial institutions are prime targets, and SWIFT, the system banks use to send payment messages, is no exception.  In February, hackers stole $81 million from member, Bangladesh’s Central Bank. The criminals used SWIFT credentials swiped from a bank employee to transfer funds to accounts throughout Asia.
  • Hollywood Presbyterian Medical Center. The hospital’s computer system was infected with ransomware, with criminals demanding 3.6 million in bitcoins.  This attack had real-life ramifications for patients, as computers are used for documenting patient care, transmitting lab work, sharing x-rays, and more. The hospital ponied up $17,000 for a decryption key to restore the systems.
  • Yahoo. In September, Yahoo announced that over 500 million accounts were compromised.  Names, email addresses, telephone numbers, dates of birth, passwords and even answers to security questions were stolen.
  • LinkedIn had 117 million accounts hacked.  Part of the problem was embarrassingly easy passwords to crack, such as 123456 and linkedin.
  • San Francisco Public Railway (MUNI). MUNI’s system was infected with malware, locking kiosks and computers.  Apparently, an IT admin clicked on a link that downloaded the malware files. Hackers claim they have 30GB of stolen data, including information about employees and riders.

Lessons Learned

Cyber breaches won’t magically disappear, but organizations can take steps to protect assets and sensitive information.

  • Ransomware will continue to be a real threat. But simple measures can counteract its effectiveness. While over 40% report paying ransom, 71% address the problem by backing up data.
  • Educate users on avoiding phishing and social engineering scams.  Make sure employees know not to click on suspicious links. A study by Verizon found that 30% of phishing emails were opened and 12% of people tested clicked on the suspect attachment.
  • Make sure everyone is aware of password best practices. 123456 doesn’t cut it.
  • Use a layered security platform that includes firewalls, email security, data encryption, user authentication, Antivirus software and patch management.

Xiologix, offers the expertise and best-in-class technology you need to keep you out of the hacked hall of fame. A Fortinet Cyber Threat Assessment can help determine your organization’s vulnerabilities and biggest threats so you can be prepared in this ever-changing threat landscape. Contact us to learn more.

SIEM

SIEM Intelligence: The Gift That Keeps On Giving

By | SIEM | No Comments

Tis the season! In the spirit of holiday giving, Xiologix would like to provide you with something more magical than mistletoe — especially for those in corporate IT. We would like to speak to the advantages of SIEM (security information event management); and an approach to integrating it into your security toolbelt.

A better approach to security management.

As threats and regulatory requirements increase, organizations are scrambling for more efficient ways to monitor, analyze and respond to threat intelligence. The need for advanced, scalable solutions that provide holistic event management capabilities has become greater than ever.   Read More

Filing for E-Rate? Let Us Help

By | K-12, Wireless | No Comments


It’s that time of year again. The federal government offers billions of dollars in E-rate discounts to US schools for in-building network infrastructure. But how do you unlock these hidden funds?

Maximize the benefits of E-rate with Ruckus’ high performing access points and centrally managed Wi-Fi platforms, including cloud-managed Wi-Fi, and Brocade switches that scale with increasing demand at a disruptively low cost. To enable digital learning, E-rate’s critical funding and Ruckus can empower your teachers to impart life-long learning to students, preparing them for both the modern world and the future.

To get started, we have outlined the 6 steps you need to take to apply and file for E-rate.

To learn more about E-rate, join us on December 8th for a live webinar, Why Choose Ruckus for E-rate Networks, to hear about our E-rate eligible solutions.

Read More…