Firewall management is a necessary, but tedious and time-consuming effort. It also requires industry-specific expertise in order to avoid costly security breaches which can jeopardize compliance requirements.
Meeting compliance requirements for your specific industry can occupy a significant amount of your IT professional’s time. Additionally, it can be difficult to find an IT expert with the appropriate industry experience to ensure all of your compliance requirements are met and your network is protected against unauthorized access. (more…)
Online Privacy and ProtectionWith election campaigns and candidate advertisements running rampant, it makes sense to go into some basic dos and don’ts when surfing the Internet. Once connected to the Internet, a majority of the sites are primarily free. Although, most of these websites are not there just to help you out, they are there to make money. A blogger, if they get enough viewers to their site, can sell ads that help pay them to write. Home Depot’s site is there to educate you on what they sell and get you to go to the store. Facebook and Google are there operate to make money off advertisements.
Distributed Denial of Service Attacks and Network Vulnerability
Distributed denial of service or (DDoS) attacks typically make news when they are large enough to bring down a website, and the affected website belongs to a well-known organization. In 2017, the total number of DDOS attacks that were observed and reported was 7.5 million, up from 6.8 million in 2016. On average, companies are faced with 237 DDoS attacks per month. Most DDoS attacks are not large, volumetric attacks, and DDoS hackers target all kinds of organizations. No organization is immune to a DDoS attack, and any size DDoS attack should be cause for alarm.
I still talk with people in the security industry that confuse a vulnerability scan with a penetration test. These are very different yet complimentary tools.
A vulnerability scan can be run against your external IP range, as well as your internal IP range. If you run it against your external IP range you will see what the hackers see when they look at your network from the outside. If there are any known vulnerabilities, the scanner should pick it up and report it to you. This would be the first step in getting your network more secure.
Applying Total Quality Management Principles to Cyber Security and IT ManagementIT executives and leaders are charged with building scalable, reliable, and secure environments. As more sensitive, regulated, and business-vital documents and transactions are digitized, even traditional businesses must embrace cybersecurity as a way of life. With this comes a mandate to develop and deploy a security program, which necessarily must include a component for continuous improvement. Security threats are constantly evolving, and threat or security fatigue can increase the pressure on security teams to keep up. Adding structure to the continuous improvement process can help relieve some of that pressure to “stay on top of everything” all the time.
Technology Will Not Save You From Hackers
I have discussions with clients all the time about technologies that we recommend that will help protect their companies from hackers. What most people do not understand is that technology itself will not protect a company. Someone who is attacking your company is using technology to try to get into your systems, but they are the brains behind the attack. If you put in a piece of equipment to stop the attack, but don’t have any “brains” that are orchestrating your defense, then you will fail. Technology can only take you so far. (more…)
For the Second Time, Thrive Appears on the Inc. 5000
Inc. magazine has revealed that Thrive is No. 3248th on its 37th annual Inc. 5000, the most prestigious ranking of the nation’s fastest-growing private companies. Thrive has jumped over 150 spots on the list since its last publication in 2017. Being recognized to the Inc. 5000 two years in a row is an extraordinary accomplishment as only 1 out of 3 companies make the list twice. (more…)
This three-part series will highlight areas that are easy for Thrive to implement to help keep your business protected from outside threats. If you missed Part One: Patch, Patch, Patch, we covered the importance of patching your environment to prevent potential disruption or even disaster. This installment, Part Two, will focus on advanced email security; how it developed and why you should ensure to use it in your businesses. Moving forward, Part Three will use this information and detail the proper measures to take when it comes to security awareness training. (more…)
4 Office 365 Apps You Can Utilize Today
Microsoft continues to gain market share with their core product set. This is mostly due to companies making the pilgrimage from on-premises Exchange to Exchange Online. The combination of Microsoft Exchange and Office licensing migrating to the cloud, the Microsoft rebirth in the cloud is exploding.
At the same time, many companies that have moved to Office365 may not have realized there are several features that MAY be included in their subscription which they could leverage. Unknown to many of you out there is this O365 resource, which provides a laundry list of included features. I recommend referring to this page to see which features Microsoft offers, that you can make use of. (more…)
Azure Logic Apps: Connectors and REST and SOAP, oh myWhen you start working with Logic apps, one of the things you’ll encounter is that there are hundreds of services presented as actions available to add easily to your integration workflows. Along with the numerous Azure services, there’s Dropbox, Slack, GitHub, Jira, Salesforce, and many, many more. As long as you have a license to access these services, and a way to authenticate, it is easy to begin interacting with them. However, what if you need to access an API that is not in the actions library? For instance, what if you have an on-premises application, or are connecting to a less-popular service such as openweathermap.org? Assuming the API is using REST, it would be possible to manually construct URLs and JSON documents and then use the HTTP actions in Azure to get, post, delete, etc. It is also possible, if your API has a correlating Swagger or OpenAPI document, to reference the document from an HTTP+Swagger action. However, Logic apps is not able to expose the returned data elements as easily consumable Dynamic content without further definition. Fortunately, there’s a relatively simple, more reusable way to add APIs, including those implementing SOAP, while also providing drag-and-drop access to the returned data elements. And you may be able to do it without writing any code, JSON, or other computer-readable syntax. (more…)