Is your IT staff out of their depth when it comes to certain aspects of your IT environment?
That’s understandable. If you have a team of four or five people, do you really think they can be experts in support, cybersecurity, engineering, infrastructure design and maintenance, and the many other types of work included in IT?
Your internal IT team can’t do everything, but that doesn’t mean you have to hire more people. Instead, you can augment their capabilities with Thrive managed IT services.
What Is Co-Managed IT?
Co-managed IT services allow businesses and their IT teams to take advantage of the expertise and skill of a team of outsourced IT specialists when needed, and without paying expensive salaries or benefits.
Co-managed IT does not replace your internal team—it adds to it. You’ll have the people and IT support you need when technology problems crop up that no one else can resolve or handle.
Why Should You Add Thrive To Your Internal IT Team’s Capabilities?
- Human Backup: With only internal IT staff, your organization is highly vulnerable to gaps in personnel continuity. This is a particular problem for smaller IT departments as the loss of a key engineer or manager on your internal IT team will almost certainly affect your maintenance and management processes. Without comprehensive documentation of your IT environment and how it is managed, your remaining staff members won’t be able to fill in until another engineer is hired. And that’s assuming that other members of your IT team don’t leave along with the departing employee — we see this happen quite often when the outgoing employee is a senior engineer or manager. However, if you have Thrive as a part of your IT team, you’re protected against these types of gaps in your staff. No matter who leaves your internal IT team, you can rely on Thrive to maintain a complete set of documentation and keep everything running smoothly while you recruit, hire and train new staff.
- Increased Capacity: As most IT directors will attest to, there is never any shortage of work in the IT department of a growing organization. At any given time, there are usually multiple IT projects going on that are key to the future operation and efficiency of the organization. Quite often, existing IT staff members are drafted to work on these projects as they know the most about the organization’s Line of Business applications and user base. This can create a conflict of interest for those staff members who may also have other IT maintenance and management responsibilities and potentially create burn-out of internal IT staff. However, if you have Thrive as a part of your IT team, our service staff can take over those maintenance and support tasks on-demand while internal IT staff members handle project work.
- Second Opinions: An external partner like Thrive provides you with an invaluable perspective of the state of your IT systems. The fact is that you don’t know what you don’t know. Your IT team may be so close to the systems and processes they oversee that they may not be able to spot a critical risk item or potential service issue. We help address this in two ways:
-
- We ensure that you properly document everything in terms of your IT in order to maintain continuity, no matter what type of employee turnover there is.
- We provide an expert second opinion on the state of your IT, helping you determine what is optimized and what isn’t. We will help you address the gaps in your management, maintenance, and continuity.
Thrive Offers Perspective, Resources, And Expertise
An internal person or team can only offer so much in terms of availability, time, and skill sets. You might have the most talented IT team in the world and they will still be limited in what they can do.
It’s not your fault and it’s not their fault; it’s just the reality of IT services in an increasingly complex and tech-dependent world—comprehensive and end-to-end internal support is extremely difficult to arrange.
The fact is that your IT team just handles your company. Thrive works with dozens of other organizations, which allows us to maintain the resources you need, which you can access with an economy of scale.
Get in touch with us to access the additional IT capabilities your internal IT team needs.
The Thrive Client ExperienceIt’s no secret that people are the most important resource in any organization. No matter the industry, one thing rings true: talented, dedicated people are what makes the true difference in our bottom lines. While other IT service providers offer a standard set of hardware, software, services, and support, we believe that Thrive’s NextGen services – and how we deliver them – truly differentiate us. That’s why the entire Thrive team – not just those working in account management – focuses on delivering the superior client experience. We make it our business to drive and support your success.
We’re able to consistently put the right people in the right places to succeed because of our proven Thrive5 methodology. Thrive5 creates a meaningful IT roadmap that capitalizes upon NextGen technologies and services, focusing on our shared customer – your users. Let’s take a look at that process and what makes it unique to the Thrive experience.
The Thrive5 Methodology
Strategy
Thrive’s account management team sits down with your organization to ensure that big picture issues are identified and included as remediation points alongside IT and security issues. During this first stage of the partnership, our goal is to understand your organization, your employees, your customers, and your goals.
Current Technology Assessment
Thrive’s technicians intensely analyze systems and processes to get a baseline of your current state. Typically a hands-off process for organizational leaders, Thrive will ensure you’re kept up to date and apprised during the process.
Comprehensive Solution Design
In this phase, Thrive’s Customer Experience team acts as a technical liaison between the IT teams and managerial teams to help outline strategy implementation with your larger business model in mind.
This usually includes a discussion around a governance plan for maintaining ease of use and organization of the new software tools to be launched.
They address issues like adding multi-factor authentication (MFA), endpoint detection and response (EDR), security incident and event management (SIEM), and more to your security stack while also ensuring it is deployed in such a way that it does not hinder employees from getting their jobs done.
Implementation and Optimization
This is where strategy comes to life. Throughout implementation, Thrive’s expert team ensures your existing data is safeguarded and that employees are up to date on any new practices put in place to improve security or to make their jobs easier.
At least once per year, Thrive revisits strategy in a Technology Business Review. In that review, we conduct a gap analysis comparing current technology against best practices to ensure your organization has the appropriate infrastructure to meet your business and security needs. The Thrive team then provides a plan to prioritize and remediate any gaps in coverage.
24 x 7 Managed Services
Enhancing your security stack with firewall protection is an effective step in safeguarding your important data. The next most important process is monitoring and maintaining said firewall to close any holes and stop attacks before they happen.
A Team You Can Trust
Thrive’s expert team of information security professionals is constantly identifying and mitigating potential breaches while also bolstering the frontlines to directly stop targeted attacks at our 24x7x365 Security Operations Center. At the same time, this team is always available to ensure your technology services are seamlessly transitioned and properly supported. In addition, we deliver hard-to-find CIO and CISO-level resources to provide high-quality oversight, regulatory, and compliance guidance through our vCISO service.
Enabling You to Take the Reigns
While not every organization needs a fully managed external team of IT professionals, the Thrive Platform enables you to be as hands-on or hands-off as you want. The Thrive Platform provides tailored experiences depending on the individual roles of your employees, streamlining the day-to-day tasks of IT while enabling users with self-service tools. Custom workflows and easy-to-follow instructions make day-to-day tasks a breeze, even automating some of the most common IT help desk ticket items like password resets and new hire onboarding.
It’s Our Business to Stay on Top of Yours
Thrive’s goal is to be your go-to partner for NextGen technology services. We understand that everyone has a choice when it comes to not only the hardware and software you choose to deploy, but also who you choose to help integrate and maintain those systems across your organization.
From discovery all the way through deploying and maintaining your new IT strategy, our account management team makes it their duty to fully understand all the challenges your business faces. As new problems or new initiatives arise, your tailored NextGen strategy is adjusted to support them.
Wherever you are in your IT journey – we’re here to help.
Return to the Office Part 3: How to Best Utilize IT Consulting ServicesIn Part Three of our series, we help organizations identify why IT consulting services are an important part of the return to the office.
Over the past few months, we have seen a significant increase in assessment-related work that helps organizations understand their current state and specific needs, while identifying critical issues and building a strategic roadmap for the future. Much of our assessment work is focused on cyber security, helping businesses maintain a strong security posture in direct response to the increase in breaches and attacks over the last year.
Now, as organizations help employees safely return to the office while bolstering security around hybrid work, it’s worth considering an external, independent review by Thrive’s consulting team to ensure end users can work securely no matter their location. All businesses should have a formal security program which includes a long-term strategic plan that the entire organization understands and can implement appropriately.
“What Is Your Organization’s Cyber Security Posture?”
This is a pivotal question that we pose to every organization. If it can’t be answered immediately, or at minimum in some general context, it is an indicator of risk and that assessment should likely be considered in the near future. When a formal security program has not been developed and is not backed by a recognized security framework, it is difficult to successfully protect the organization from the harmful impacts of cyber threats. In the assessment phase, we use automated tools combined with Thrive’s qualified consultants to understand your current assets, infrastructure, and environment, in an effort to provide specific, prioritized recommendations for the future.
Ongoing validation and review of your cyber security program is critical, particularly as employees return to the office and new cyber threats appear almost daily. If you have adjusted to remote work, was that strategic, or were temporary solutions used without consideration for the long term? As some workers return to the office, it will once again be time to update your security program with specific consideration for mobile devices, and remote management of company assets.
Written policies and procedures are the foundation of every formal security program. This document should be comprehensive and align with the organization’s goals as well as with a recognized security framework. The need for the continual validation and testing of policies and procedures, including disaster recovery and incident response plans, cannot be emphasized enough. This testing leads to predictable recovery and response plans and best positions the organization to minimize the impacts of a security or other business impacting event.
The Benefits of Outsourcing IT
With nearly every business we engage, we often find there are missing key components or applications. The return to the office requires a review of the current technology stack, because no single tool will provide a solution for end users. A comprehensive approach includes multiple tools and processes, from backup and disaster recovery, to endpoint protection and beyond.
Beyond the initial assessment, it’s suggested that additional third-party assessments are performed at least every 36 months in addition to internal security review meetings that should take place at least quarterly. This ensures the environment remains scalable, reliable, and secure. With constant cyber security threats and vulnerabilities, any issue that leaves the door open for a hacker or breach can cause problems.
Having conducted many assessments, it’s clear that outsourcing management of risk-mitigating platforms to an experienced team like Thrive can benefit your organization. We will identify any potential issues and create the necessary roadmap that can be used by board members, CIOs, CTOs, and other members of the IT team.
Whether it’s a short or long-term IT project, our experts will ensure all of your strategic objectives are met, addressing gaps and providing comprehensive solutions and consultative services based on your needs. Get in touch with Thrive to learn more about our IT consulting services!
3 Ways to Spot a Malicious WebsiteYou hear about malicious websites leading to big problems. You may have even visited one, and you knew (immediately or eventually) that something was wrong. Hopefully, by then, you closed the tab or browser before things got bad.
So, how can you tell if a website is malicious?
Well, the bad guys are certainly making it challenging. Whether it’s an email, file, or website, malicious content is becoming more and more genuine-looking.
Here are three things to keep in mind when trying to determine if a website is malicious:
1. Odd URL
Is there something fishy about that web address? Are there slight variations (or even outright misspellings) of popular websites and brands? Is the URL very long, with weird words that have no relation to the website’s subject? If so, play it safe and back off.
2. No HTTPS
If a website is asking for sensitive information AND you don’t see HTTPS, then something is probably wrong. Most sites now use encryption, so seeing HTTPS in the address bar doesn’t necessarily mean a website is safe, because the bad guys are actually using it for malicious sites.
3. Annoying downloads and alerts
If you visit a site and are suddenly bombarded with prompts to download things, something is not right. These can be links to download bogus updates to your system, or a fake warning that you have a virus on your computer. You could even have a message saying you’ve won a fabulous prize. Don’t click on anything.
The Golden Rule of staying safe online is “Think Before You Click.” It’s an easy thing to do. And if you combine that healthy habit with the above tips, you’re bound to be safer when traveling along the (mostly) wonderful World Wide Web.
Doing online shopping? Check out these three simple-to-follow steps to start safe while shopping online.
Office 365 – End of Life for Office/Outlook 2013 and 2016 on WindowsSoftware end of life.
It’s not something anyone really wants to think about. Especially time-strapped business owners and leaders.
But end of life is an important part of the product lifecycle. After all, a company can’t support a product forever, when new-and-improved versions are perpetually on the horizon. No new features will be added to end-of-life products, and official support will cease, allowing companies to focus on the newer offerings.
Continuing to use something that is no longer supported is risky, as vulnerabilities will no longer be patched. Sub-optimal performance and lack of compatibility are also expected consequences.
To meet performance expectations, Microsoft are updating the supported versions of Outlook for Windows that can connect to Microsoft 365 services.
Effective November 1, 2021, the following versions of Outlook for Windows, as part of Office and Microsoft 365 Apps, will not be able to connect with Office 365 and Microsoft 365 services.
| Office and Microsoft 365 Apps | Outlook for Windows Version |
| Office 2013 | 15.0.4970.9999 and older |
| Office 2016 | 16.0.4599.9999 and older |
| Microsoft 365 Apps for enterprise (formerly Office 365 ProPlus) | 1705 and older |
| Microsoft 365 Apps for business (formerly Office 365 Business) | 1705 and older |
We recommend that all users upgrade to the supported versions of Office and Microsoft 365 Apps.
The industry-recognized Thrive team is ready to assist you through the transition. As a longtime Microsoft partner, we have the experience to help you upgrade as smoothly as possible.
Your account rep will be a single point of contact with our team. No need to speak “Geek” – your rep will help you understand every facet of the upgrade. Our 24/7 help desk can also assist during and after the process.
Contact us today for an Office 365 consultation.
Stopping Ransomware – The U.S. Government Provides Valuable Resource for Ransomware AwarenessChances are, you’ve heard about Ransomware.
It’s been a menace to businesses the world over. Companies and organizations large and small have been affected.
The Thrive team has shared tips on staying safe from Ransomware over the years through our blog and social media channels. And, of course, we’ve helped our customers fight Ransomware on the front lines, and even recover their data after a ransomware attack.
There’s no question cyber attacks are continually on the rise. Even Warren Buffet chimed in, naming cyber threats the biggest problem with mankind.
The U.S. Government has certainly taken notice of Ransomware and other cyber threats. President Biden signed an executive order for strengthening the nation’s cybersecurity.
Anne Neuberger, deputy national security advisor for cyber and emerging technology, stated that no company is safe from the threats.
Location and size of business have no bearing on whether you’ll be targeted.
Now, it is true larger organizations may have more valuable data – but their defenses are usually more robust. Smaller companies may not have the most attractive data or the biggest budget for paying for a ransom, but they may not have the strongest cybersecurity.
Bottom line: make cybersecurity and threat awareness a priority.
Stopping Ransomware with a new ransomware awareness resource
Stop Ransomware is an official website from the United States government that provides resources, news, and alerts concerning cybersecurity and Ransomware. There are even links for reporting ransomware incidents.
So, what is exactly is Ransomware?
From the Stop Ransomware website:
“Ransomware is a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Malicious actors then demand ransom in exchange for decryption. StopRansomware.gov is the U.S. Government’s official one-stop location for resources to tackle Ransomware more effectively.”
Visit Stop Ransomware now at https://www.cisa.gov/stopransomware.
3 tips to keep safe from Ransomware
The Stop Ransomware website has plenty of tips and information to help you keep safe from Ransomware.
Here are three top tips to keep in mind:
1. Practice good cyber hygiene
Being vigilant and careful when online and in your inbox is a good foundation for keeping safe from Ransomware. Avoid risky emails and attachments, and don’t visit risky websites. Stay informed of the latest threats – and keep your staff in the loop, too! Human error can certainly be costly.
2. Keep it all patch
When your applications are updated, oftentimes, vulnerabilities are patched. This is the same for your operating systems. Thus, regular maintenance and updates are essential to your network and cybersecurity efforts.
3. Back it up!
Data backups are the ultimate last line in your network defenses. When all else fails, a good data backup can get you back to business. But, not all backups are the same. Off-site replication and image-based backups are two important considerations. Managed backups are also available.
Cybersecurity – it’s a big topic these days. Has been. And it’s not going to fade any time soon.
Cybercrime is rampant. You hear about it in the news. You may have a colleague or client who has been affected by it. You yourself may have been hit by a cyber attack.
Cybersecurity Awareness Month, which was started in October 2004, is an annual month dedicated to spreading awareness of cybercrime and cybersecurity. Knowing about the threats online and in your inbox can give you an advantage. Knowledge is certainly powerful.
Cybersecurity Awareness Month is dedicated to ensuring everyone has this knowledge and the appropriate safety resources.
To kick the month off right, check out some potent ways to keep safe.
5 easy-to-follow tips for keeping your network and data safe
Who says powerful ways to keep your network secure have to be hard? Here are easy things to keep in mind when online or in your inbox.
1. Pay close attention to URLs and email addresses.
Scam addresses may look legitimate, but a closer look can reveal slight differences. A word may be misspelled or have a minor variation.
2. Watch out for texts and calls.
Scammers don’t just use email and malicious sites. They will send scam texts and call you, too. Always be vigilant, no matter what device you’re using.
3. Be careful with attachments.
Be very careful about email attachments, especially when it comes via an email that’s unsolicited. If you’re concerned about the contents, reach out to the sender via a new email to a confirmed address. You can also call directly.
4. Don’t use outdated and unsupported software
Ensure all software is patched and up-to-date. Patch management and automatic updates can help keep you secure.
5. Don’t make rash decisions.
This is one of the easiest tips to follow. You’ve probably noticed that a lot of malicious emails are threatening (you’re account will be deactivated unless…) or they want you to think you’ve won something fabulous (you’re the lucky winner of an iPad). Before clicking on that hyperlink, take a moment to think through things.
The Benefits of Multi-Factor Authentication for the Remote Workforce
In this day and age, it’s more important than ever to ensure employees can access company resources in a timely manner. Meanwhile, businesses have a duty to protect every access point. By implementing Multi-Factor Authentication, organizations can put an authentication solution in place that only provides access to those who can verify their credentials.
If your organization is not currently using MFA, it’s time to consider the benefits of going beyond just a username and password.
Implementing Multi-Factor Authentication
With more employees than ever before working from home, increasingly unique issues are presenting themselves to IT teams everywhere. More applications and devices are in use, and the visibility into potential threats isn’t always clear, particularly when the end user may be on an unsecured home network.
When MFA is in place, even if an attacker gains access to credentials, they are unable to go any further without verification. Outdated hardware and manual authentication leaves employees frustrated and confused. Implementing MFA is easy, because users typically already have access to the tools needed to secure the access point.
Entering a username and password for an application or certain resource was, at one time, good enough. Now, with users logging in from anywhere, MFA can add that needed layer of extra security. Often when utilizing MFA, the username and password must be joined by a security code sent to a phone or e-mail address, or perhaps a fingerprint or scan of facial features. By verifying the user before providing access, organizations don’t have to rely solely on passwords, which can be susceptible to phishing, social engineering, and other related attacks.
Adding on MFA helps to protect access points, be it a VPN, SaaS app such as Office 365 or Salesforce, or other important business resource. There are even different MFA methods that can be implemented across the organization.
MFA: Finding the Best Fit for Your Organization
Multi-factor authentication provides flexibility for employees, whether in the office or working remotely.
With two-factor authentication (2FA), a password is combined with another step, such as a passcode or a fingerprint swipe. While 2FA is a great starting place for many organizations, it can be limited; it may not fill the needs of users in different locations while taking into account the various personal devices in use.
Contextual authentication is another form of MFA. It takes into account various factors such as IP address, time of day, location, and device. For IT teams, it provides a better idea of log-ins, when they occur, and why they occur, so stronger MFA requirements can be put in place when needed. This kind of authentication learns patterns over time, so when a suspicious log-in is detected, an employee must authenticate to gain access.
There’s even the possibility of password-free authentication. At least two factors of authentication are required, but no password is entered. For instance, a passcode and a fingerprint is required for log-in. It’s still MFA, but makes things easier for the end user; they don’t have to remember a password.
From applications to devices to workstations, enabling MFA allows you to secure any log-in from anywhere. Thrive will help design MFA solutions that work for your needs, so the entire organization benefits.
The Future of Password Security
Over the last few years, a big theme in technology has been, “this is the year that passwords die.” Then somehow, someway, they continue to be a part of our lives. Over time we have added in a few alternatives, and even added security on top of the password, but we haven’t killed the password outright. Below, you can learn why passwords are now considered weak, how password security has evolved, and why we’ve been holding on to the password for so long.
Why are Passwords Considered Weak?
Remember the good ole days when every password/code you used was a simple four-digit code or short word? As the years went on and hackers got more clever, password requirements increased too; more characters, upper and lowercase letters, and symbols. So, why did the original password end up failing? Simple, it was weak. Passwords like this were easily cracked by hackers looking to gain access to your personal or business information. Passwords rely on something the user knows, which in many cases means that hackers (given enough time) can know it too. Another reason passwords became a prime target is because once hackers got your password (and especially if you used that password across multiple applications), they had unfettered access to your account(s). Far too often, individuals use the same or similar password across dozens of accounts, making it easy for cybercriminals to gain access to sensitive information. Password reuse is common, though extremely risky. It’s so common because it’s easy, and because people tend to think that their information isn’t worth hacking (this is a fallacy, hackers will use or sell anyone’s passwords).
The Anti-Password Movement
The anti-password movement began once experts realized that the simple, everyday password just wasn’t working anymore. “They’re easy to steal, hard to remember, and managing them is tedious.” – Google. Passwords are inconvenient and create numerous ways for cybercriminals to acquire your data and begin profiting. The most common way hackers make money off this information is by selling it on the dark web for a quick buck. Before they do this, they attempt to drain every account of any monetary value by making purchases, stealing funds, liquidating gift cards, or taking personal info (Social Security Number, address, emails, etc.). There are even advanced attacks on logins that aim to shut down entire companies or initiate ransomware. The most known version of password hacking is credential stuffing, which takes advantage of reused credentials by automating login attempts against systems using known emails and password pairs. Once they have one login, they are guaranteed to get into other sites. At the root of all these problems lies a system that depends on authentication through a password which is why there are many experts part of the anti-password movement.
It’s Not Just a Password Anymore
We can’t rely solely on a 15-character password with a capitalized letter, special character, and a number anymore. No matter how “strong” you think your password is, it’s always vulnerable to attacks. So, what has been created in conjunction with, or instead of the password?
Multi-Factor Authentication:
A single password requirement to get into an account is called single-factor authentication. This form has been relied on for many years but is now outdated. A newly formed best practice is multi-factor authentication, where two or more of the following are required for account access:
- Something you know. This may be a password or PIN number.
- Something you have. This may be an HID card or a server-generated, one-time code given to a user (most of the time on their cellphone), that must be keyed into the device being accessed.
- Something you are. This consists of fingerprints, facial recognition, eye scans, and other biometrics.
It adds a second layer of complexity to log-in but provides another barrier of entry against ransomware and data thieves. This encourages them to move on to other, easier targets. While it’s not foolproof, it deters attackers to look for another option, potentially saving you from a disaster.
Passphrase:
A passphrase is a sentence-like thread of words used for authentication, instead of the traditional 8–16-character password. Its common characteristics include several random, common words, up to 100 characters in length. This may seem a bit intimidating, but passphrases are actually easier to remember since they don’t include character substitutions, capitalization, or numbers. A major benefit, aside from memorization, is actually the difficulty to hack. Since passphrases are several words long and could include an infinite amount of word combinations, it makes it extremely difficult for hackers to break into a system. Passphrases don’t have to be implemented throughout your whole organization; they can be used at any time if the account doesn’t have a password character limit. This is a cheaper and easier version to MFA, which could be helpful to smaller companies or individuals.
Is it Time to Retire the Password?
As popular as MFA and passphrases have become, neither are considered the perfect remedy for password security. The original computer password was invented back in 1960. It was doing great until the first known instances of “hacking” came about in the ’80s. Slowly but surely people began to realize that the password was not dependable by itself. Bill Gates said in 2004, “The password is dead.” So why is it that so many organizations are still using it even though we’ve created different options?
1. Scalable and affordable
Passwords require no charge because they only depend on a piece of information from the user. This is one of the main reasons many companies are holding on. Since it’s essentially free for both the user and company, it’s one of the only scalable authentication systems because it works for everyone.
2. User privacy
Privacy has been a major discussion the past couple of years, and different authentication systems have been part of the blame. From fingerprints to face IDs, users have been afraid that too much of their personally identifying information is getting out into the virtual world. Especially when biometric data is being held in data systems that could very well be hacked too. As long as the user doesn’t include their personal info, then passwords are one of the most private authenticators.
3. The first factor in MFA
Getting rid of the password all together may mean a reconfiguration of MFA as well. Since it is the first step in most MFAs, where you enter a password and then confirm again with something you have or something you are.
4. Replacement
Passwords are one of the only authenticators that can easily be replaced if a massive data breach occurs. For example, if an organization that uses biometrics gets hit, how is the user supposed to reset their face or fingerprint?
5. Change resistant users
One of the major factors are the organizations that fear the disruption and challenges that come with replacing the password completely. Since there isn’t a one-fix solution just yet, many leaders are skeptical to the idea that it will ever happen.
Even though the perfect solution hasn’t been created yet, doesn’t mean people aren’t trying. Very recently, companies have been taking on a new approach to MFA. They only use one factor, but it’s not a password. For example, Microsoft is now allowing users to log into accounts such as outlook with just a code sent to their device and no password. Maybe in the next few years with different methods continuing to be tested, we’ll finally say goodbye to our good friend, the password.
Tips to Keep Your Data Secure with Thrive
So, what do we do in the meantime while we’re waiting for the safest solution? For sites that still use SFA, be sure to choose a password with strength. It’s tempting to use one that you’ve used before in order to remember it, but in doing so you may release your sensitive information (you can see if your account information has already been compromised here). Other best practices include not allowing your computer to automatically save passwords, especially on work computers, and changing your password regularly.
Thrive has been a long-time advocate of organizations requiring frequent password changes and having a layered approach to security put in place. If you can, work with your service provider or technology team on setting up MFA for your organizations. This one step could mean the difference between getting hacked or not. Thrive partners with top security providers to bring our clients peace of mind. We can also help with managed threat detection and external vulnerability scans to stop cybercriminals before they can start. Contact us today for help with your data security needs.
The Zero Trust Security Model: What CISOs Should KnowWhile the idea of zero trust architecture has been present in our lives for over 10 years, the recent changes in how and where people work has increased the importance of the zero trust model.
With remote work, bring-your-own-device (BYOD) policies, and employers giving employees more flexibility, the modern workforce is always on the go. However, this can also bring new cyber security risks that organizations must pay attention to. The zero trust security model was meant for this moment, to support remote and hybrid work environments and minimize cyber security risk.
CISOs understand that intellectual property, customer data, and other valuable information should be protected, while avoiding business system downtime and protecting key applications. Traditional security approaches have evolved, making the zero trust model a must-have for all organizations, regardless of size and scope.
Updating an Outdated Approach
The traditional cyber security approach assumes any device, user, or infrastructure that falls under the corporate network umbrella is safe and trustworthy. This is no longer the case. Applications have come out from behind the firewall, and end users can access data and information from a personal device through their own home network.
A conventional security approach could be thought of as a perimeter-based model. The IT team created a security perimeter that surrounded the network, important assets were protected, and hackers had a difficult time accessing the network, applications, or data. This approach unfortunately presents some issues.
It requires trust that the security perimeter is actually secure, including the end users. It also assumed a centralized on-premises network that wasn’t focused on a digital workspace or Cloud-based architecture that may include SaaS applications and programs.
The zero trust security method makes no exceptions, summarized as, “never trust, always verify.” Any user or IT resource must be properly verified prior to authentication to prevent unauthorized users or malicious actors from reaching the environment.
Implementing the Zero Trust Architecture
While the idea of zero trust has been around for quite some time, it took a pandemic for many to understand the benefits. With a shift to Cloud computing and remote work, it has become clear that a zero trust architecture should be in place. Adoption can protect against top security issues – such as phishing attacks, malware, and data theft – by protecting users, their devices, and the applications they have access to.
With zero trust in place, a few important principles should be adhered to:
- All networks should be treated as untrusted. If the networks are untrusted, then the users should be, as well.
- End users should only have enough access to do their job, and access should be removed when it’s no longer required for the user.
- A verification method such as multi-factor authentication can ensure users are who they say they are.
- On the device front, access should only be granted to trusted devices, be it a personal or work laptop, desktop, mobile phone, or tablet. Devices must be checked at every access point, to ensure no risk is involved to the network.
- As for applications, with the rise of the Cloud, and the need to support in-house on physical infrastructure, access policies must be in place across the organization. These policies should consider the identity of the user, the location, and the device in use, so that access is only granted to those who need it.
With environments now mixing on-premise with multi-Cloud infrastructures and SaaS applications, it can leave entry points open for attackers to move easily within a network. Users are more susceptible than ever to phishing attacks and malware, something organizations must be aware of. Implementing a zero trust security model is a way forward in this new era of work. Contact Thrive to see how zero trust solutions provide flexibility and enhance the organizational cyber security posture.