Aware and Alert

Employee Awareness - Are Your Employees Trained to Spot a Threat?

Employees are the core of any business – they are also the main target for cyber criminals and malicious activity. Social engineering deceives a user into taking an action through psychological manipulation. As employers, it is imperative that your staff understand the tactics cyber criminals use as their standard practice to defraud. Security awareness training is a key component of everyday business that is often overlooked or forgotten completely.

Securing your physical access to your company door is multi-layered with locks, keys, alarms, badges, etc. – shouldn’t your network deserve the same amount of attention regarding its potential risk of breach? It’s no longer just about securing cyber criminals from outside your organization, it’s also about the inside. With layered security, the likelihood of a breach becomes low by segmenting access – both outside and inside your network – paired with authentication tools, DNS and endpoint protection – all creating a zero-trust environment that doesn’t allow anyone in your network just because they happen to work there by default.

Then, training your staff to know what to look for, how to spot a hustle, and awareness of the latest threats keeps the lines of defense strong and steady. Training and ongoing continuing education must be part of your human resources regimen for a healthy company to succeed. Human error is the #1 factor that causes data breaches to occur – making sure your employees are educated on potential risks will pivot your greatest company vulnerability into your company’s greatest asset! The threat landscape is constantly evolving, in turn so should your approach be to defense.


One-Two Punch

Data Backups - Crucial to Winning the Fight Against Disaster Recovery Pitfalls

Have you ever stopped to think about the catastrophic circumstances you might find yourself in if you lost your company data to cyber activity, power outages or a natural disaster? The value of your individual business data is critical for everyday operations, making it impossible to attach a price tag, until you find yourself in this situation – then the insurance companies will decide for you.

What about taking the strategic route – have you developed an emergency disaster plan? Backups are often overlooked when putting together the details when only focusing on physical loss. Data loss can become a devastating part of your business if there is no way for retrieval in the event of an emergency.

At TimbukTech, our goal is to prevent ANY disruption of service, no matter what the crisis. Our team has assisted many organizations in the creation and development of emergency disaster plans that allow for quick access to company resources even after the interruption. Good insurance policies allow for business interruption coverage, however that means nothing if you have not allocated the time and resources to recover business operations in a swift manner. Time spent doing this AFTER the event, is time wasted and revenue lost on picking up the pieces when everyone is looking to you for direction.
Preparedness is always the right answer – ALWAYS! Your backup plan will have you up and running even when the physical building is gone.


Time-saving Tips and Tricks

Helpful Tips and Tricks—Here are a few helpful keyboard shortcuts that can be utilized to make everyday tasks a little quicker and easier…or just for a fun change of pace away from your mouse:

Windows Key + L- This will lock your system when away from the computer

Multiple Browser Tabs- If you have multiple internet browser tabs open you can hit Ctrl + 1 to jump to the first tab, Ctrl + 9 will jump to the last tab.  You can also hit Ctrl + Tab to move thru all open browser tabs.

Ctrl + Shift +T – Recall the last closed browser tab closed without having to look up the page in browser history.

Ctrl + Z will undo any action

Ctrl + Y will redo any undo action

Ctrl + E jump to the end of a document

Ctrl + Home return to the beginning of a document

Need a quick calculator? Simply use your browser search bar to input your equation and hit Enter, this will open an in-browser calculator.


Password Management - Due Diligence for Continual Protection

Password Management—Passwords are an ever-growing necessity in both your personal and professional life. Unique passwords are user specific and are the “key” to accessing information from your Email account to your bank account. Nobody enjoys changing and remembering passwords, but we all need to stop and think of the purpose. Passwords are often given the least thought but can carry the biggest security implications without knowledge to the user. Do not make the bad guys life any easier. Avoid using the same password for multiple sites, think in terms of a hacker for a minute… If this password works on their Gmail account, what are the chances it works on this bank account??   Change passwords frequently, utilize industry best practices (at least 8 characters in length, utilize Upper case and lower-case letters, numbers, special characters).  Passwords also do not always need to be a single word, multiple words or phrases are sometimes easier to remember. Passwords are created specifically by you; help keep them that way by utilizing good password management practices. Remember it is much easier for intruders to enter if you leave the front door wide open.


Microsoft Licensing Compliance - TimbukTech Takes You There

Are you ready for a Microsoft licensing audit? Do you have an inventory system of how many machines have a certain software package that has been copied too many times without the proper licensing attached? Fines and penalties can make non-adherence a financial nightmare for those who choose to ignore the rules. The question is not, if you will have an audit, but when. TimbukTech can review all your devices and prepare a report outlining your compliance to date and move you toward reconciliation. Microsoft tends to look favorably on those who realize they have a problem and are working on rectification versus those who simply do not care.

Open licensing can be a great resource because it saves you money and offers the ability for software to be used for a certain number of users or machines, providing flexibility versus the off-the-shelf or OEM (original equipment manufacturer) versions. Open licensing is generally available for larger institutions such as government/healthcare/education and some non-profits. Volume licensing for commercial enterprises also offers the same flexibility with discounted pricing offering uniformity in platforms across your company along with the adaptability of a three-year support agreement.

Office 365 is a good example of the flexibility afforded in choosing the components of an employee workload and the software needed to do their job. Office 365 is customizable and provides support and tools available to assist the user in task completion. It also comes with the latest live updates and formatting changes that keep your team viable with modern equipment and resources. Windows is also available as a per user SAAS (software as a service) that will keep you in compliance.

The days of buying one software license and sharing it around the office are over. Microsoft is making it easier and more affordable everyday to have access to their product offering and services. Get on board and get your licensing ducks-in-a-row! We can help!


Windows Server DNS Vulnerability Bug - Our Managed Services Clients Received Same-day Protection

In the recent past, a Microsoft Windows Server DNS vulnerability bug was discovered that left millions vulnerable to a security breach.  That same day, our managed services team created a script and pushed it to our clients to manage the open exposure.

Our team has the experience to solve problems, not just patch them and pretend the problem will go away. Having an IT tech that only patches bugs for today in hopes that maybe your network won’t cross the path of an online intruder – is simply a dangerous endeavor.  Our team of IT professionals are very talented, smart people who can create code that dives deep into the jeopardous terrain, to resurface with a solution ready to be deployed.

Obviously, businesses without any proactive IT support are left vulnerable as Microsoft has yet to release a patch, only a workaround exists for remediation. Workarounds are just that, a reactionary measure that only skirts around the problem, without solving it. Your business deserves more than a band-aid approach to your IT needs; understanding your network and all the working parts is necessary to providing the best solution.

With managed services, our team can apply the knowledge gained from the last vulnerability and apply that deep-learning component to the next liability. Recurring updates ensure that wherever the latest wormholes arise, proactive managed services will apply the latest software to protect your network. Counter-response behavior is not foresight behavior, your network cannot survive a mom-and-pop, static update. You need live, dynamic updates and a team of solution providers who work with threats daily and know what they are looking for.

You just want your computer and network to work – absolutely – we do too! However, setting the foundation is 100% necessary to the success of making that happen. Just like building a house, if you don’t get the foundation right, you’ll always be susceptible to shifting ground with costly workarounds instead of doing it right the first time. In 2020 and beyond, robust IT networks demand an automated managed services platform with dedicated IT professionals to remediate the complexities – join our list of valuable clients who understand the best defense is a great offense!


join-the-defense-team-site

ProofPoint Email Security Suite

Your people are your greatest business asset—and your weakest security and compliance link. With Proofpoint, you can build a defense that starts with them. BEC scams – Business Email Compromise – look for prey and groom their victims in order to misappropriate money and business intelligence.  Criminals spend time creating scenarios that spoof their identity, creating emails that look like emails you’ve seen in the past, emboldening a sense of familiarity and trust. After your confidence is gained, they zero in on gathering your data by making you think it is safe to click, afterwards it is too late to undo the open door that they walked through.

As more employees are working from home, Proofpoint protection offers remote connection security through cloud-based communication between your archives and active content sources, as well as on-premesis network devices. ProofPoint can set up provisions, allowing team members access to those resources specific to their needs, creating streamlined work-flow rules that organize your business. Data Loss Prevention (DLP) is monitored in an active, ongoing fashion while at use, in motion and at rest, offering a more expansive protection definition.

ProofPoint offers a turn-key approach to protection through spam filtering and phishing protection through its prevention tactics. This software has the capability to prioritize threats and act in accordance, focusing remediation to the most damaging items first. This threat intelligence learns as it is employed in your network and develops its own sort of immunity, creating barriers to cyber threats. Then as it continues to learn, it is enhanced each time a new update or new threat is detected, providing URL defense protection in links inside spoofed emails – assisting in catching the corrupt link before you have a chance to click. Encryption capability is also a major resource of Proofpoint that your business needs to incorporate into everyday activity, especially for regulatory and compliance-driven businesses. Your clients will notice the difference when they see these defensive tactics being utilized as protection for their identity and your business security policies. Many regulatory agencies are demanding these software-as-a-service (SAAS) protocols to enhance cybersecurity.

Proofpoint also offers social media monitoring to track and protect the content of your social media, across all platforms. Proofpoint can apply your specific industry’s regulatory policy and alert you to errors and non-compliance. This intelligent software can be vital to assisting you in accurate advertising policies and shape your compliance patterns in the future. Call TimbukTech today to get started, 309-647-7269.


Sophos - Rugged Business Security Essentials

Sophos is the world’s largest privately held security company offering anti-virus protection like none other before. The software created by Sophos employs the philosophy of heuristic monitoring - evaluating current threats as well as unknown vulnerabilities yet to be discovered. The machine-learning necessary to mediate these threats builds upon a history of traditional anti-virus and known technologies as well as intuitive protocols that seek out modern-day solutions that zero in on encryption detection, live hacking, and exploit prevention. This deep learning technology taps into a realm where the human mind and machine meet – creating algorithms that are buoyed by the thought processes of the brain, along with the intelligence of machines, creating a bulwark line of defense.

Hackers are not just writing assault code as a one-and-done launch of attack. They are sophisticated in that the threats are made to be ongoing and constant, with updates made in real-time to counter any anti-virus that may be pumping out protection. Once the wall has been breached, the hacker can set the stage for a blended attack, from deleting your organizations backups and installing malware/spyware, to installing ransomware  and demanding high dollars for the safe return of your company’s information.

Sophos also offers a centralized dashboard that provides a snapshot review of all active parameters you want to measure and summarizes usage, statistics and many other categories for alerts in real-time. You can test your staff to see where your vulnerabilities lie and receive reports outlining the areas needing remediation and training. Real-time scanning for ransomware, malware, adware, spyware, rootkits, etc. offers capabilities beyond other out-dated, static anti-virus solutions; your business cannot afford to be stuck in the past when malicious threats are lurking, ready to attack and take advantage of old solutions.

TimbukTech can walk you through the capabilities of Sophos and provide a demo to outline all the reporting features available. This is a great way to get a snapshot of where you are now with your vulnerability monitoring and where you could be. You don’t know what you are missing until you do – TimbukTech can prevent you from being surprised by an attack you didn’t see coming. Utilizing deep learning and heuristic monitoring does just that – you need advanced threat protection in this modern age of cybersecurity susceptibility.