This is the view down my driveway today. I realize that my friends in the Midwest are either laughing or shaking their heads (or both) at the relatively miniscule amount of snow – but I live in one of the suburbs of Seattle, where the only people whom you can trust to know how to drive in the snow are the ones with ski racks on their cars, and where a lot of people don’t realize that having a 4WD SUV may help you go better, but it doesn’t always make you stop (or steer around that right-angle corner at the bottom of the hill) better. And speaking of hills, we have a lot of them. And our local government agencies – particularly out in the ‘burbs and the unincorporated areas of the counties – are notoriously ill-prepared for significant snowfall, because how do you cost-justify a big investment in the necessary equipment when you only need it once every couple of years? Read More
It’s that time again – time to prepare for the passing of workhorse products that served our enterprises well, but are now over a decade old and need to be retired before they become security risks to your organization. Read More
Not long ago, our Xiologix CTO was working with a new manufacturing client. They initially worked with a different partner and brought us in to work with them on their security posture because the other partner left them still needing more in the manner of configuration, support, and they found some serious deficiencies in their deployment. Happy to work with the client, we got their environment cleaned up, and it laid the foundation for more success that layered on after that. Read More
According to Phishme research, 91% of attack-related data breaches begin with a spear phishing email. Most of us have heard about phishing and know to stay away from unsafe sites but did you know that 80% of people polled by APWG believe that the HTTPS notation along with the padlock in the URL address means that the site is legitimate and/or safe to visit?
HTTPS (Hyper Text Transfer Protocol Secure) means that the communication between your browser and the website is encrypted. It does not imply that the site you are visiting is safe. If even one of your users believe HTTPS to mean that the site is safe to visit, your organization is susceptible to a data breach.
To mitigate this risk, we recommend multiple layers of protection including:
- FortiMail which recently received Top AAA Rating in SE Labs Email Security Test demonstrating 100 percent detection of phishing attacks with zero false positives.
- End-user testing and training which can start with a live phishing test, a custom phishing test template, a custom landing page, and a full report to give you a starting place in knowing your vulnerabilities.
Contact Xiologix to learn more.
We live and work in a mobile-first, cloud-first world. But the cloud revolution hasn’t happened the way many people expected it to happen. Instead of organizations moving everything wholesale to the cloud in a “lift and shift” approach, it’s happened just like the introduction of every other “big new thing” over the last several decades: cloud technology has ended up being layered on top of what we’re already doing. So now we have desktop apps and SaaS apps and Web apps and mobile apps and cloud apps, and apps that defy categorization. (What is Office 365? Is it a desktop app? A cloud app? A mobile app? The answer is “D. All of the above.”) Read More
While internet usage in the home continues to grow, so does our need to learn, exercise and share internet safety. From posting on social media to using the latest internet-connected toy, it is imperative that everyone from children through older adults learn to use the internet and internet-connected items safely.
Here are a few tips to get those conversations started based on StaySafeOnline recommendations:
Keep a Clean Machine: Those pesky “updates” on our cell phones, PCs and other Internet-connected devices, are designed in part to help keep your devices free of viruses, malware, and other online threats. Don’t ignore them – many times they include patches to recently discovered vulnerabilities.
Lock Down Your Login: One does not need to look hard to find recent examples of large-scale password exposures. Improve account security by enabling robust authentication tools such as bio-metrics or one-time access codes. Let’s Talk About Passwords.
Read Between the Lines: Would you put up a sign on your front door saying, “Nobody is Home?” Of course not but that could be how a bad actor reads your real-time check-in or vacation photo. If you want to share your adventures, lock down who can see your posts or consider posting once you have returned.
Share with Care: Think carefully about what you are saying about yourself or others before you post. Choices can hurt feelings, betray trust or even come back to bite you in the future.
Back it up: Having a recent copy of your important files and photos can spare you from the ill-effects of device failure and #ransomware.
Protect Personal Information: Personal information is an asset that can be sold for money. Information such as your locations and purchasing habits and even search history is deemed valuable by an array of retailers. Did you know that Medical Records are more valuable on the black market than your credit card numbers?
Be Aware of Incognito Mode: Browsing Incognito can be a great way to ensure that your cookies and site data are not saved. However, parents beware, browsing incognito can allow your home users to visit sites without you being able to track their activity by looking at the browser history.
Avoid Falling for Tricks: From Phishing to Spoofing, bad actors can be very creative in tricking unsuspecting internet users to click on malware. Knowledge is power so keep yourself and your household familiar with how to recognize potential fraudulent attempts to get you to click. Be wary of communications asking you to click or enter private information. When in doubt, contact the organization directly by phone to confirm that the communication is legitimate and to report it if it is not.
Secure Your WiFi Router: Change your WiFi router’s default name in a way that does not let people identify that it’s yours. No using “WoodwardHomeWiFi”. Set a very strong passphrase for your WIFi network. Have fun with it keeping it positive and easy to remember and consider throwing in some numbers to substitute as letters such as “IL0V3THEB3ACH”.
Follow Xiologix for more #cybersecurity information as we participate in the 15th Annual National Cybersecurity Awareness Month and work year-round to help businesses of all sizes protect their digital infrastructure and data. #cyberaware
The digital business model requires organizations to adopt a new approach to securing data and networks. At the same time, technology and networks are evolving, making security more complex.
One of the biggest challenges is the sheer number of security products and vendors inside an organization. According to our technology partner Fortinet, Some larger financial enterprises; for example, use products from as many as 40 or more vendors to secure their networks.
All these products — firewalls, intrusion protection systems, antivirus tools and so on — have their own management systems and generate their own alerts. Since they don’t typically integrate, these disparate products complicate security efforts even further.
The number of alerts generated by separate systems can overwhelm even the most robust security teams, with many alerts going uninvestigated. Read More
Ugh. Passwords. The concept has been around as long as civilization itself. But are they the best way to protect account access in the digital age? How do you insure that people use “strong” passwords? What is a “strong” password, anyway? And when is a password – regardless of its strength – not enough?
The difficulty from an administrative perspective is that the restrictions we impose on our users in an attempt to force them to create strong passwords are often counterproductive. If the password must be at least 8 characters long, must contain both upper- and lower-case characters and at least one numeric and one “special” character, and cannot be a word that’s in the dictionary and must be changed every 90 days and cannot be a password that you’ve used before, you’ve almost guaranteed that it’s going to be written down somewhere because it will be nearly impossible to remember.
So what’s an admin to do? Well, there are some guidelines that we can give users to help them create strong passwords that are easy to remember. Read More
I got an interesting email this morning. It was “from” one of the owners of Xiologix – but the return address was a bit odd: “firstname.lastname@example.org” As this unfolded, it became obvious that this was a classic “spear phishing” attack. I’ll run you through the email exchange for entertainment purposes, and then talk about the lessons to be learned here. The original message was short and sweet: Read More
Uila (pronounced wee-la) with its application-centric infrastructure monitoring and analytics identifies performance bottlenecks for business-critical services and plans workload migration strategies for private and hybrid cloud environments. Uila provides service dependency mapping, full stack correlation with one-click root cause analysis and patented deep packet inspection technology that understands over 3,000 application protocols for transactional meta data analysis. Businesses use Uila to align themselves with their IT operations team and cut time to resolution from days to minutes, keep their application at peak performance at all time and ensure end-user satisfaction to the fullest. Read More