Author Archives: Victor Filoromo

The Value of Modern Digital Transformation as a Fractional Service

Companies of all sizes can benefit from applying digital transformation concepts to their organization. But too often these modern services are delivered via an outdated delivery model that doesn’t fit the realities of the business.

Not long ago, consultants would design a large-scale solution for a defined problem or need. The organization would be left with a hefty bill and heavily built solution that hopefully provided some value. If even marginal improvements were seen, everyone declared victory and went on to the next big project.

This was not always a path small- and medium-sized businesses could – or should – take. Often, these businesses would purchase off-the-shelf software and services, and hope for the best. Both larger and smaller organizations incurred technical “debt” in the form of maintenance, aging software, updates, migrations, and service packs. Ultimately, their state-of-the-art solution became an aging, unviable one faster than expected.

However, the world has changed, particularly when it comes to accessing technology. Opportunities exist for organizations to gain value through digital transformation as a fractional service.

A Manageable Way to Achieve Digital Transformation

Access to “billion dollar” software was unheard for SMBs of just a decade or so ago. Today, a mid-sized company can sign up for Microsoft Office 365 with a credit card. For a relatively low monthly cost per user, state-of-the-art email, document management, workflow platforms, data visualization tools, and top collaboration tools are available. Setting up and configuring SharePoint was once a lengthy IT project in and of itself. Now it’s accessible with a few clicks.

At Thrive, we strive to help businesses solve problems and inefficiencies, replace paper-based solutions, and achieve digital reporting, visualization, and collaboration transformation. With lessons learned from the days of big projects, we view digital transformation as an ongoing process — one that will continue as long as the technology, people, and businesses change. The best way to address change is to align with it. We believe strongly that the ideal approach is to align the rate of change an organization can absorb with organizational needs, and adapt resources and plans accordingly.

For example, a typical digital transformation journey may involve one day each month of strategic planning and guidance, two days of training, three days of workflow development, a day of architecture and design for the upcoming efforts, and three days of reactive support and changes to existing solutions. This adds up to about 10 days a month, or one-third of what would normally be a single, full-time employee. Some months may require more development, and others more reactive support. It’s important to engage with a service delivery model that accommodates the needed flexibility.

Several factors make digital transformation as a fractional service significantly more effective:

  • Adoption: A mid-sized business can only make, accept, absorb, and respond to a certain number of changes. Understanding that and building a cadence is key.
  • Cost: A full-time consultant or employee can be expensive. If utilizing a full-time resource is difficult to fit into the budget, it may not be the best use of resources.
  • Expertise: Assigning one person to a project can lead to a knowledge bottleneck. No matter how smart that person may be, they likely don’t have the breadth of experience that a whole team can deliver. Multiple people should be evaluating problems and collaborating on a solution.
  • Single Point of Failure: People come and go from organizations, but operational needs will continue. A one-person team leaving for a new job can completely derail entire projects, especially at smaller companies.

The most important takeaway is to get educated on the modern capabilities digital transformation platforms provide, and start working on a model to make use of them.

Larger organizations with sprawling IT departments have had the advantage of awareness and education, with access to higher quality resources for many years. Now that smaller organizations enjoy access to the same technical resources, they have an advantage in digital transformation through their agility and flexibility, but need the right partner to get the most of these resources. The message is clear, though – organizations of all sizes can modernize IT infrastructure through fractional digital transformation, and Thrive can assist with yours.

Maximizing Your Microsoft Investment

Digital transformation is not a one-time project, and does not occur overnight. It’s a continuous process that changes as technology evolves and organizational needs develop.

Thrive offers tailored solutions, with a focus on bringing end users into the equation, to drive long-term success for organizations. Our Office 365 Center of Excellence (CoE) is a managed services solution that understands moving targets and changing goals. When utilized properly, clients discover Office 365 improves productivity and maximizes their investment.

Leveraging the Digital Tools at Your Fingertips

A business assessment is the first step to understanding how to best leverage the power of Office 365. Is a basic business license enough, or should a more advanced license be used? How many employees use the products, and are they in the office or remote? Everything should be taken into consideration during the assessment workshop, as we gather key stakeholders and show opportunities for improvement on the road to digital transformation.

When devising a governance plan, guidelines, policies, and processes should always align with the vision and business roadmap. However, this roadmap alignment is not always carved into stone, and changes will occur. Opportunities arise to revisit the roadmap, implement feedback from end users, and make feature additions or software changes as new technology is released or business needs evolve. Your governance plan should account for this evolution.

A defined strategy and governance plan sets the stage for a proper architecture to be put in place. This architecture includes which Office 365 tools will be in use, aligning the necessary applications with strategy and governance, and ensuring the proper design and delivery with customization and configuration.

At Thrive, we seek to create a long-term, consultative partnership with clients, working in a manner that allows for roadmap revisions and reorganization when needed, while delivering value at every stage.

Best-in-Class End User Support Training

Targeted training prepares end users and gives them the ability to fully utilize Office 365 products. While generic training videos may explain general ideas and concepts, they don’t always meet the end user where they currently are. Thrive assembles training on common threads of how tools work based on governance policies, with custom materials designed around specific needs.

Thrive also supports multiple ways to complete the training. In the past, in-person training was a popular option (which will hopefully return in the future), along with Microsoft 365 learning pathways, a customizable training experience with step-by-step learning modules. If governance policies require revisions to the solution, training can be adjusted as needed, helping end users understand the full scope of new offerings.

Over the years, we have seen the bloat that comes with adopting new tools and programs from various providers, requiring administrators and IT staff to be experts on several platforms. This can, of course, also mean extra licensing fees and require further coordination among all users to achieve a desired end result. Thankfully, Office 365 centralizes many offerings for the user and the IT staff. For instance, OneDrive’s interface is similar to SharePoint, enabling users to become accustomed to a platform more rapidly, and to share documents and information more easily.

The Office 365 platform will continue to develop and evolve as time goes on. We will assist with integrating enhancements and new platform features as they become available, keeping your organization on a trajectory that ensures your digital transformation has ongoing impact. For more information about maximizing your Microsoft investment, get in touch with the Thrive team today!

How Thrive Ensures Client Success

A managed services provider should be both an innovator and an advisor, helping to set the stage for its clients’ business growth and success. Thrive’s best practices and proven engagement model ensure our clients’ IT infrastructure is well-managed, secure, and highly performant. By consistently delivering the best possible customer service experience, the Thrive team has become trusted partners for our emerging, mid-market, and enterprise clients.

To ensure client success, Thrive brings together the people, processes, and platforms that businesses need to succeed, making us valuable partners for our clients up and down the East Coast.

Our Customer Account Management Model

Our Customer Account Management, or “pod” model, includes virtual CIOs, Principal Consultants (PCs), Client Engagement Managers (CEMs), and Account Executives (AEs). When clients call, they speak to a well-versed team member assigned specifically to the account. There’s no need to wait around for a response, as we provide managed services coverage 24 hours a day, 7 days a week.

Industry-Specific Knowledge

We’re proud to assist organizations across the business spectrum, to strategically implement IT infrastructure that meets industry-specific demands.

We serve leaders in several sectors, including:

  • Financial services
  • Life sciences
  • Healthcare
  • Education
  • Retail
  • Legal

Most importantly, we track the latest government, security, and related regulations to ensure clients have comprehensive protection and a tailored cyber security plan.

The Thrive Platform

Powered by ServiceNow, the Thrive Platform is a comprehensive IT service management resource. Not only does this platform automate previously manual tasks, but it also informs decisions and educates an entire workforce. When logging in to the platform, clients can see the latest system news and status reports, access product sheets, and learn about the latest trends in IT through our blog posts.

The platform also includes a full training library, which helps align an entire organization’s IT and cybersecurity operations, limiting end user downtime and business disruption.

NextGen and Traditional IT Services

Thrive’s NextGen managed services accelerate any IT program, optimizing business performance and future-proofing digital infrastructure in the process. Managed Cloud, cyber security, and disaster recovery offerings bring clients into the 21st century and help them prepare for future growth.

Of course, our traditional IT services, which include hardware and software, server infrastructure, and office firewalls, also provide a level of customization for clients. With each service, we leverage the latest technology to deliver the most beneficial solution for each client’s needs.

Our Mission – Serving Clients Every Day

Over the years, we’ve built a corporate culture around client success, which drives us every day. We are constantly evaluating, building, and delivering the best IT solutions to our clients, and staying up to date with the latest trends in the marketplace.

The dedicated engineers and team members on our staff are committed to serving the needs of Thrive’s clients and have a passion for knowledge that informs their decision-making.

We strive to deliver an engaging and welcoming client experience every day. Get in touch with us to learn more about our services and see how we can transform your IT infrastructure.

Meet FinTech Compliance Mandates with Thrive’s Tailored IT Platform

Financial services firms have an abundance of responsibility and challenges when it comes to information technology. Thrive’s FinTech Platform helps organizations manage and solve those IT challenges while also maintaining industry compliance mandates.

Through decades of experience and knowledge of the industry, Thrive utilizes SEC, FINRA, and SIPC guidances, risk alerts, and observations when developing an actionable IT and cyber security plan. Furthermore, Thrive is the ideal partner to assist alternative investment firms to evolve beyond on-premise architectures and capitalize on the compliance-friendly Cloud.

The On-Premise Model Shifts

Historically, emerging Cloud architecture has given organizations pause. However, the on-premise model is becoming unsustainable and COVID-19 is exponentially accelerating that process. During the last year, I’ve talked to financial services organizations with a server cabinet in the office who had to spend support time on physical infrastructure and server issues. Others have required upgrades to VPN licenses or requested more bandwidth to ensure efficient remote access. That time and money would have been better spent developing a future-proof Cloud architecture.

Rather than investing in aging infrastructure, it makes much more business sense to leverage Thrive’s Hybrid Cloud Director to pivot workloads to a Cloud environment. For instance, an organization may have training applications or a portfolio system that need to be in the private Cloud, whether for cyber security reasons or performance reasons. However, there may be other applications housed with a Cloud Service Provider (CSP). The all-or-nothing approach does not apply to modern Cloud computing where everything must be in a public Cloud such as AWS or in a private Cloud. Thrive has built the FinTech Platform to move workloads between a public Cloud and Thrive’s private Cloud infrastructure, and it’s all done seamlessly in a frictionless, compliance-friendly manner.

Compliance Solutions Through the Thrive FinTech Platform

When new SEC and FINRA regulations are announced, Thrive’s Account Management team is in contact with clients to confirm they understand any compliance changes which are relevant to their business. Thrive’s Service Delivery Engineers specialize in financial services applications and are well aware of their critical impact to your business. Senior Principal Consultants, meanwhile, provide advisory services and consult clients on a regular basis to discuss potential risks while developing infrastructure recommendations.

With a steadfast commitment to maintaining customers’ compliance and cyber security postures, Thrive understands the need for ongoing communication and partnership. As such, we create an annual roadmap to inform customers of the following:

  • The state of their IT infrastructure
  • What peers in the industry are doing
  • Recommended investments in their IT infrastructure.

Thrive’s FinTech Platform manages the full investment lifecycle, while our private Cloud platform delivers enterprise-grade service from multiple SSAE 16 SOC 2 data centers. Learn more about our FinTech Platform and what we offer to alternative investment management and hedge fund communities.

Microsoft Exchange Server Attack: How Thrive Is Responding

The recent attack on Microsoft Exchange Server by Chinese hacking group, Hafnium, has affected thousands of organizations across the country in a brief period of time. Microsoft announced news of the attack on March 2nd, and immediately released urgent patches in an effort to defend against further attacks.

Microsoft detected zero-day exploits used to attack on-premise versions of Microsoft Exchange Server. These vulnerabilities allowed threat actors to access email accounts and install malware to gain long-term access to these environments.

Thrive has responded quickly to assist clients affected by this attack, and will continue to support them in the coming weeks and months ahead.

What Happened with the Hafnium Attack?

Chinese hackers, known as Hafnium, began exploiting Microsoft Exchange servers in early January. These hackers stayed in stealth mode until early March, when Microsoft urged Microsoft Exchange Server users to patch Exchange systems as quickly as possible.

After the announcement by Microsoft, Hafnium switched from stealth mode to a more aggressive scanning of servers across the globe, looking for vulnerabilities. Soon after, additional hacking groups (now believed to be upwards of 10) began exploiting vulnerabilities on servers in over 100 countries.

By accessing servers, hackers were able to:

  • Access other systems within an environment
  • Exfiltrate data
  • Install malware
  • View sensitive and proprietary information, including intellectual property (IP) and personal identifiable information (PII)
How Thrive Has Responded

Thrive has worked diligently to assist companies impacted by this recent attack, proactively deploying Thrive’s Endpoint Detection and Response into these environments. As a precaution, Thrive also used advanced endpoint detection to allow our teams to better analyze, diagnose, and prevent future malicious activity.

Meanwhile, our engineering team has worked around the clock to initiate recommended Microsoft and cyber security best practices. Engineers applied the latest patches and scripts to client environments, following Microsoft’s guidance.

Finally, Thrive has also hired a consulting firm to validate that all steps were taken to implement patches properly. We did so in a proactive manner to ensure all processes and precautions were followed.

Next Steps to Take

We highly recommend migrating off of dated legacy platforms and implementing Thrive’s End-User Cyber Security Bundle, which provides several layers of protection for your end users.

This bundle should include:

Endpoint Security & Response

  • Thrive’s Endpoint Security and Response service provides Next Generation malware detection & protection for servers and workstations.
  • With the advent of sophisticated malware such as file-less attacks and zero-day executables, a feature-rich signature-less endpoint solution is needed in many organizations.
  • Our solution offers all of the necessary features to combat advanced endpoint attacks while meeting multiple compliance guidelines that typically require traditional antivirus protection.

Advanced Email Threat Security

  • Email Gateway, Advanced Security, and Data Leak Prevention
    • Virus and spam protection
    • DNS authentication and advanced reputation checks
    • Multi-layered malware protection against known and zero-day threats
    • URL re-writing with on-click scans to block malicious URLs in email and attachments
    • Sophisticated protection against social engineering, homoglyph/homograph deception, and impersonation attacks
    • Analysis of internal and outbound URLs, attachments, and DLP checks
    • Continuous rechecking of files for malware
    • Threat dashboard showing cyberthreats relevant to your business
    • Remediation of malicious or undesirable mail controls
    • Signatures, disclaimers, watermarking, metadata scrubbing
    • Content Examination and Data Leak Prevention (DLP) for inbound and outbound mail
    • Easily detect sensitive and confidential information in emails
  • Mailbox Continuity and Data Recovery
    • Uninterrupted access to live and historic email
    • 365-day email retention period
    • 100% SLA on email availability
    • Comprehensive continuity event management through service monitors and alerts
    • Rapid recovery and restoration of mail, folder, calendar, and contact data

Secure Internet Gateway

  • Thrive’s Secure Internet Gateway (SIG) service is a Cloud-delivered security service that brings together essential functions that you can adopt incrementally, including:
    • Secure web gateway
    • DNS-layer security
    • Cloud-delivered firewall
    • Cloud access security broker functionality, and
    • Threat intelligence.
  • Deep inspection and control ensure compliance with acceptable-use web policies and protects against internet threats
  • Accelerated threat detection/response and centralized management makes it ideal for decentralized networks

Security & Awareness Training

  • Thrive Security Awareness Training (SAT) ensures your employees understand the mechanisms of spam, phishing, spear-phishing, malware, ransomware and social engineering using training materials and targeted user campaigns aimed at improving awareness of and response to security threats.
  • Integrates with Active Directory
  • Branded Phishing messages
  • Leverage a library of Standard and/or ‘build-your-own’ Custom email templates
  • Customize intervals and groupings of campaigns and target employees
  • Curriculum Builder

Lastly, strengthening the cyber security posture of Cloud and on-premises is crucial. Thrive can provide forward-thinking solutions to protect your important information, including intellectual property and other sensitive data that amount to your crown jewels.

The Push to Evolve: Why Law Firms Need Cloud Computing to Compete

Law firms have often had to bridge a digital divide in handling clients, cases, documents, employees, and more. Now, challenging IT issues like remote work, cyber security, application management, privacy regulations, and data governance have only made it more difficult to remain technologically sound. Yet there is a tremendous opportunity for firms to transform their operations by taking advantage of all that the Cloud has to offer.

At Thrive, we leverage advanced technology to help bring law firms into the 21st century, moving critical applications to the Cloud Workspace and modernizing their IT infrastructure without complicated employee retraining or upscaling. The Cloud also gives law firms the agility and flexibility to not only easily modernize technology, but gain a competitive advantage, because they can seamlessly transition to new practice management software or add cutting-edge collaboration tools that boost efficiency and improve service.

For law firms, the time is now to go all-in on Cloud computing.

Leveraging Thrive’s Robust Cloud Platform

In our experience, most law firms are operating with an IT infrastructure that requires better redundancy, higher levels of security, and remote access. On-premise servers, which require maintenance, a proactive approach, and backups, can lead to IT headaches.

On-premise servers also limit employee productivity to a single desktop or laptop. Without Cloud-enabled virtual desktops, firms can’t empower their teams to succeed in the fast-paced legal world, which largely requires courthouse trips, off-premise meetings, and on-the-go communication.

Deploying a Cloud environment also means debunking some myths perpetuated about access and security.

Myth #1: If I’m in court and the internet is lagging, I can’t get to data.

Reality: Access to applications is available 24/7 from compatible devices. Anyone can work from anywhere.

Myth #2: I don’t trust the cloud.

Reality: The Cloud is highly reputable. Thrive Cloud, our private Cloud service, is hosted in a SOC 2 Type II-certified data center. Building a Cloud platform from the ground up protects valuable client information, going well beyond the entry-level office firewall and providing the ability to encrypt data in transit or at rest.

Reducing Complexities While Gaining Workplace Flexibility

For firms with just one office or a small team, an on-premise server, while outdated, may get the job done. However, an on-premise server is not compatible when satellite offices or remote computing are introduced into the equation. Perhaps a firm has two locations and each has its own server – suddenly, the IT team must manage a disjointed environment, which acts as two separate firms. A clunky, legacy VPN only adds to the frustration.

With remote workforces increasing in prevalence, security is another critical topic of conversation. Recently, a client learned their insurance provider would not renew their cyber policy unless they upgraded endpoint detection and response solutions on each of the firm’s computers. Thrive’s Endpoint Detection and Response protects firms by offering real-time, automated security across all devices – in the office, at home, and on the move.

Thrive’s Cloud Desktop as a Service (DaaS) platform optimizes performance and cost, while providing access to multiple Hybrid Cloud platforms, all managed by our experienced team of engineers. Moving both SaaS-based and legacy applications to the Cloud keeps everything aligned, even when legacy applications aren’t yet ready for that next level of performance. When legacy applications do evolve or become SaaS-based, they can be removed, making way for the newest SaaS-based option.

Law firms can control costs while improving security and resiliency with a Cloud solution, and gain peace of mind knowing important legal applications will be available when they need them most. The knowledgeable team at Thrive is here to help your firm make the move to the Cloud.

How to Maximize the Benefits a Hybrid Cloud Solution Offers

Want the best of both worlds when managing the cloud? A multi-cloud approach allows for the strategic use of services from different Cloud providers to optimize performance and cost when running different workloads on different platforms. Thrive recently launched Hybrid Cloud Director to provide clients visibility and management capabilities across the private ThriveCloud, public clouds like Azure and AWS, and on-premise virtual server deployments.

Why the Multi-Cloud Approach Works

We’ll use the example of a thriving e-commerce company to help illustrate the value of the Hybrid Cloud Director. This hypothetical organization wants its resources secured and available 24/7/365, with a need for performance certainty, knowing the resources contracted for are performing at the level required when traffic spikes or seasonal events occur.

These environments will typically be placed in private Clouds. However, if a development team writes new software code for a temporary e-commerce site that is not in the private Cloud, it may lead to the IT team managing workloads in different locations. Plus, it can be a challenge to move the development workload on Azure or AWS to a production workload on the private Cloud without a lot of heavy lifting.

Thrive’s Hybrid Cloud Director does the hard work, and provides visibility into the state of virtual machines, resource usage, and any potential resource conflicts across each Cloud service to ensure smooth performance for users. The platform can work with all of the different environments an organization may have deployed, be it in ThriveCloud, Azure, or AWS, and not only manage workloads, but seamlessly move them between services. It takes only a few clicks to move workloads between clouds, while the platform facilitates everything on the back end.

Cutting-Edge Self-Management Solutions

Thrive has the capability to fully manage multi-cloud deployments, but self-service and direct control of environments may be preferred in many instances. We’ve heard the feedback from those who want that instant access to perform tasks such as virtual machine creation. The old way? Calling a sales representative to create an order for a new virtual machine can take days just to complete the contract. The new way? Within minutes, that machine can be up and running by using the Hybrid Cloud Director.

It’s easier than ever to create new virtual machines, remove machines, or add resources. It’s also easy to log in to the Hybrid Cloud Director and add more storage to machines on the fly if needed, too.

There are Cloud-related challenges, and retaining control over resources and knowing where they’re stored is one of them. Through this single platform, however, clients have visibility and control over their ThriveCloud, Azure, and AWS servers. It’s sort of like the air traffic control platform for diverse cloud environments.

To learn about Thrive’s NextGen Services and what we can do for your organization, get in touch with us today.

Thrive’s ServiceNow-Powered Platform Transforms IT Service Management

Over the past few years, we’ve worked hard to improve how we deliver managed IT services to clients. With the Thrive Platform, powered by ServiceNow, we eliminate many of the IT challenges organizations face on a daily basis.

The platform removes manual error from the equation, allowing tasks to be handled more efficiently, improving the day-to-day productivity of the IT team and saving valuable time. By building on the enterprise-class power of ServiceNow, the Thrive Platform gives clients better access to service and more accurate environment insights, while also transforming how IT is consumed through self-service.

The Power of Self-Service IT

When it comes to self-service, our goal is to streamline the process for employees and organizations. Whether utilizing a managed services provider or an IT help desk, employees may have to place a call or send an email to solve even the simplest of issues, such as changing a password. Gartner Group estimates at least 20% of help desk calls revolve around password resets. With the Thrive Platform, that once-tedious task is simplified by providing an employee a portal log-in, where a password reset takes just seconds.

Organizations can benefit from Thrive in a variety of ways. One example is in the legal profession. I’ve talked to a number of CIOs in the legal world, and it’s clear the top issue they face is maximizing billable hours. Attorneys need to be spending time on what they do best, not waiting for new passwords or finding time to handle application updates on their own time. And that’s just one quick example. There are so many organizations that can benefit from having a platform that:

  • Automates IT tasks
  • Enables self-service for employees
  • Delivers a 360-degree view of an organization’s technology
IT Service Management Drives Efficiency Gains

The Thrive Platform provides a number of benefits to users in SMB, mid-market, and enterprise organizations.

The platform automates the user creation process, so new hires enjoy a streamlined onboarding process that puts them in control. The outdated method of emails, spreadsheets, and manual entry leaves new hires waiting around for access to key applications and programs. The Thrive Platform brings them up to speed almost instantly.

Even when the onboarding process has come and gone, end users have access to helpful knowledge articles, too. These guides allow users to solve their own issues without contacting IT.

The IT team benefits, too, as the platform offers dashboards with reporting information, including service desk metrics and the ability to sort tasks by order of importance. Instead of manual calculations and outdated user issue reports, IT sees the latest trends and knows where to direct resources.

Want to Learn More?

The Thrive Platform offers several advantages, from increased end user productivity to faster support resolution to less IT time spent on tasks.

If you’re interested in learning more about our easy-to-use portal, get in touch with us to schedule a demo today. It’s the best way to experience the Thrive Platform for yourself!

How to Perform a Cyber Security Tabletop Exercise

Incident response planning is an important part of any organization’s cyber security program. Having a proper plan in place ensures smooth communications and quick decision-making in the event of a breach or attack.

To facilitate planning, the team at Thrive devises cyber security tabletop exercises to help organizations identify and prepare for various scenarios. The goal is to increase situational awareness and facilitate discussion of incident response.

This invaluable exercise clarifies an organization’s incident response plan, identifying what works and where improvements should be made.

Types of Cyber Security Incidents to Prepare For

An incident can occur at any time and include many variables, so it’s not always practical to write step-by-step instructions for each potential one. However, a tabletop exercise provides clarity on how to handle different types of incidents with an actionable strategy.

First, it’s important to understand the types of attacks that can occur.

  • External/removable media: An attack executed from a flash drive, CD, or other device
  • Attrition: A brute force attack meant to compromise or destroy systems, networks, or devices
  • Web: An attack from a website or web-based application
  • Email: An attack executed via an email or attachment (phishing)
  • Improper usage: An incident resulting from a violation of usage policies
  • Loss or theft: A computing device or media used by the organization, like a smartphone or laptop, is deemed lost or stolen

These categories can be used to define specific responses, as different incidents will require certain response plans.

As the tabletop exercise commences, Thrive runs through various scenarios, discussing proper course of action at each inflection point.

Preparation
Before any technology or business practice discussion begins, a risk assessment will be performed. The assessment can be formal or informal, and enables a full understanding of typical network activity while documenting network infrastructure.

Identification
The mock scenario seeks to detect the incident and determine its reach, while involving the appropriate parties. Information sources will be analyzed, including antivirus logs, server connection attempts, and suspicious network traffic.

Mitigation
The primary goal of mitigation is to lessen the impact of a security incident. It’s generally assumed that incidents will occur from time to time, so containing the incident and mitigating its effects are key. This portion of the exercise includes taking steps to disconnect an infected area from the internet, while understanding how to best throttle or block distributed denial of service (DDoS) traffic.

Remediation
Ensuring impacted services are once again reachable, the remediation stage involves discussing best practices for security patches, antivirus signature database updates, and restoring data from uninfected backups. If disclosed data cannot be recovered, a report must be provided to executive management, and applicable legal and customer teams must be made aware of the issue.

Recovery/Root Cause Analysis
Recovering from an incident is key to future success. The analysis exercise identifies what went right, what went wrong, and provides a timeline of important events. We will discuss the results of the incident, the lessons learned, and explain the steps to take to respond more effectively in case of a real attack.

The Benefits of Completing a Tabletop Exercise

A tabletop exercise raises security awareness within an organization, highlighting what could occur during a real cyberattack. It is meant to highlight deficiencies and weaknesses, so proper steps can be taken to prepare an efficient organizational response in advance.

The exercise determines whether an organization can coordinate communications, business operations, and external parties, with every scenario designed to focus on the likeliest threats.

Thrive provides enterprises with the tools to facilitate a tabletop scenario, but we also have the capability to run the exercise from beginning to end. To get better insights into the readiness of your organization’s cyber security incident response plan, contact our experts today.

How Thrive’s Layered Cyber Security Bundle Protects Your Data

Today, it’s hard to go more than a few days without hearing of some sort of cyber security issue or breach on the news. Cyber security isn’t just a “set it and forget it” type of endeavor — it’s something that requires planning, detail, and attention.

Thrive’s Cyber Security Bundle leverages best-in-class technologies to educate and ultimately protect end users. We’ve worked hard to protect businesses and organizations by preparing a multi-layered cyber security plan that mitigates the enormous consequences a data hack can have.

Protect Against a Potential Data Breach

Data breaches affect organizations in many ways, both monetarily and psychologically. It’s possible the issue may be smaller in nature; perhaps an employee’s laptop is infected with ransomware, causing a lost day of work or decrease in productivity. The employee may have had personal information on that laptop, even if it was a work-issued device.

If a large-scale database hack were to happen, that personal information exposure may be more widespread. The database could hold valuable client information, including usernames, e-mail addresses, and phone numbers, and the PR ramifications can be immense.

No solution provider can promise organizations they will never be breached. A company that stays in business long enough may deal with a cyber security issue at some point, but it’s imperative to create layers of security to protect the organization.

Just five years ago, it was widely believed antivirus software on a workstation and a firewall would do the job. Today, with many people working from home, the firewall idles in the office while antivirus protection only does so much. More specifically, signature-based antivirus protection may not catch a malicious file, which is why we look at anomaly-based antivirus protection while adding a cyber security bundle to deliver best-in-class endpoint security.

Targeted Cyber Security Training That Informs

Thrive’s Cyber Security Bundle offers protection for end users against:

  • Malware
  • Social engineering
  • Phishing
  • Ransomware

One of the top bundle benefits is the targeted training it provides for employees. It’s easy to tell someone not to click on a phishing email, but is that practice being followed? Thrive sends simulated phishing messages, changing the patterns and language to make each one a challenge. While we do inform organizations that these simulated phishing exercises exist, they are designed to mimic the real thing. This is all in the name of better informing end users so they can easily pick up on real phishing attacks.

We devise quarterly training for organizations through videos, too. These videos are short, typically around five to 15 minutes in length, and discuss important topics like what phishing emails look like, social engineering, and how to create strong passwords. Security and IT can have a negative connotation and imply a broken process that needs fixing, but these training videos open the lines of communication and provide end users with the information they need.

Educating and protecting end users mitigates data and productivity loss, which is why Thrive offers end user security solutions through our Cyber Security Bundles. Find the right fit and bring your cyber security practices up to speed today!