5 Common Misconceptions About Cyber Security

As cybercrime continues to rise, so does the growing list of misconceptions. The pandemic drove internet usage up by 50% compared to last year, and experts say until businesses prioritize Cyber Security, the number of cyberattacks will keep climbing.

Thrive’s CISO, Chip Gibbons, reviews the most common misconceptions about Cyber Security and debunks the myths.

Cyber Security – Misconception #1
When your system is compromised, you will notice the breach immediately.

Gibbons: A majority of the compromises are from issues that have been lingering for a while. A company could have a server on the internet that they didn’t either realize or know about or it hasn’t been patched in a long time. Those are the areas where you want to strengthen your Cyber Security. Its crucial businesses know where all their assets are, that they’re patched and they’re secure.

Cyber Security – Misconception #2
The bigger the company, the better the security.

Gibbons: Not necessarily. The size of the business doesn’t mean they’re better or worse at security. I’ve gone into enterprise businesses where I am frankly frightened and I’ve gone into small businesses where I am thinking, wow, they’re really good. It depends on at what level that company has prioritized security. It’s difficult because businesses don’t want to spend money right now but, in this instance, but they have to.

Cyber Security – Misconception #3
Cyber Security is not worth a huge investment.

Gibbons: A lot of businesses aren’t keeping up with their Cyber Security because perhaps years ago when they got an initial quote, they couldn’t afford it. But that’s not the case anymore. It is affordable and companies just need to do some research. A breach at a large company can cost millions of dollars and suddenly the two thousand dollars a month it would have cost to just update and monitor their Cyber Security does not seem so outrageous.

Cyber Security – Misconception 4
Viruses are the biggest cyber threat.

Gibbons:  Right now, in Cyber Security, we’re seeing a huge increase in account compromised types of attacks. Phishing, where cybercriminals attempt to collect confidential data through emails and websites, has always been somewhat of a big area for cybercriminals and it’s growing rapidly. Phishing was the number one cause of data breaches in 2019, and in 2020 phishing attacks have become even more sophisticated and highly targeted.

Cyber Security – Misconception 5
Company information can’t be as easily compromised with employees working from home.

Gibbons: It was a big change to move employees from the office to a remote setting and when it happened, it happened very quickly. But just because you send your employees home doesn’t mean they are secure. Cybercriminals are banking on a lack of security for remote workers so employers need to make sure employees have antivirus and all the standard security precautions they would in the office. During the COVID-19, a great deal of our time at Thrive has been spent working with clients to make sure that their end-users are safe, and they are connecting securely into their network.

Whether your company is in the office or remote, Thrive provides IT security solutions that deliver proven comprehensive protection for your business.

Click here to learn more about how our comprehensive cyber security plan can protect your vital data, SaaS applications, end-users, and critical infrastructure.
Phish Out of Water — Remote Workers Email Security

The last few weeks have been a big change for everyone.  Many people are working from home, and some of those people have children at home with them.  Right now, my kids are wandering the house looking for breakfast and prepping for Zoom meetings with their teachers.  While I have seen many acts of kindness and compassion during this time, I have also seen attackers take advantage of distracted workers who are trying to balance home and work life.

We have seen an increase in phishing emails that are shockingly good.  They are playing on the fears of people working from home.  For example, a receptionist who gets an email from the CEO asking to buy gift cards for everyone as a morale booster, might think this sounds great.  In the past they would walk down to the CEO’s office and probably ask a question or two.  But in today’s climate, without the easy access to the CEO, they might just buy the gift cards and send the information back via email, never realizing this was a phishing scam.

In this time of change, communication via Teams, Slack, etc. is essential to keep the ability to “pop” into someone’s office to ask a question.  It is also imperative to implement or continue security awareness training — provide people the tools to be able to spot malicious emails and routinely phish your employees.  If someone fails, that is a good thing.  You can help that person before a hacker gets them to click on a link.  Make it mandatory that they make time to take the trainings. Phishing and training together can really improve your security.

People are the weakest link in the security chain. Thrive’s Anti-Phishing and Security Awareness Training ensures your employees understand the mechanisms of spam, phishing, spear phishing, malware, ransomware and social engineering.

For more information, CONTACT US today!

Remote IT & Security. Is your business and corporate data at risk?

Overnight, the COVID-19 pandemic has permanently changed our approach to remote IT and security. We went from offices full of collaboration and activity to at home offices now exposing businesses and corporate data to increased risk.  At Thrive, we hold a daily management meeting to review and discuss the implications of a remote workforce during this experience. Many organizations are following a similar protocol as well, and although it has taken some getting used to, it has shined a light on how well we are able to collaborate remotely.

Our president, Marc Pantoni, mentioned the other day on one of these calls that the focus at the beginning of the Work From Home period was stability but as it matures, many organizations will start to focus on risk management as they were during prior to this unplanned event.

Over the years, we’ve seen disaster recovery tests become quite commonplace but now we’ll start to see pandemic tests or WFH tests become much more prevalent.  This isn’t fear mongering, it’s prudent risk management.  I surmise that like many of you, my work from home plan was my laptop sitting on a home office desk or perhaps a kitchen table.  My home office did not have all the trappings of my branch office. Over the last couple of weeks, I’ve gotten quite efficient at WFH and for many end users that environment is here to stay even once we all return to the office semi-full time.

Securing that location will now become a higher priority.  For many senior leaders and high-tech workers, we will look to high value yet low effort solutions to protect the household.  For years network security companies have added a feature to their devices that is not very widely used that can provide “clean” network connections.  This function, usually called transparent mode, introduces unified threat management appliances into home networks without changing the overall topology of the environment.  This means that we can add intrusion prevention and malware protection at the network level without the needing to swap out the consumer wifi solutions, which are very popular.  Fact is, having malware on a home network is as big of a problem as it is on an office network regardless of where it resides.

To understand this concept a little easier, here’s a simple network diagram:

Home Network

These solutions are extremely straightforward to setup and maintain as opposed to creating a branch office inside a home office.  It allows for added protection of all devices on the network without the headache of redesigning the entire home network.

If you have questions or concerns about remote IT and security, Thrive is here to help. CONTACT US TODAY!

Should we Ban Crypto?

With the recent terror attacks in the UK and the very real chance of more terror attacks to come, everyone is looking for a way to make this stop.  One of the ways to do this is the ban cryptography.  Another, is to allow cryptography, but give the government a special key to unlock it.  Both of these methods would allow all communication to be seen by the government, stopping the terrorists from communicating secretly. Many people see this as the software solution to the terrorist problem.

(more…)