First Quarter 2017 Update on Cybersecurity

By April 18, 2017Security
Q1 2017 Cybersecurity Update from OXEN Technology

Bob Gentzler, President, OXEN Technology

I want to give you a short update on what OXEN Technology is doing on the cybersecurity front and the capabilities we have built to improve our security efforts.

It seems like every day we read about another cybersecurity breach. Lost credit card information, hacked emails, corporate or national security information stolen by insider or external actors. Cyber espionage and security attacks have become sophisticated and big business. We have reluctantly learned a new language: ransomware, “phishing”, malware, HIPAA (in healthcare), PCI (for credit card protection), and PII (personally identifiable information) to name a few. The challenge grows even faster as more and more devices get attached to our networks. New devices like thermostats, smart lights, cell phones, watches, and “smart” monitors of all types connect to our networks to share information. This Internet of Things (IOT) is creating brand new threats.

The ransomware business is now estimated at over $125 million per month in paid “ransoms” to unlock wrongfully encrypted computer systems. This does not account for the lost productivity, impact to reputations, and expense to recover from successful attacks. Much of this threat is aimed at small and mid-sized organizations that have fewer resources to defend themselves. OXEN Technology is a small organization. We serve small and mid-sized organizations. We are in this together. Cybersecurity is at the heart of each of our businesses for the foreseeable future.

The foundation of good cybersecurity remains the same:

  • Keep your hardware modern and software up to date with patches that the vendors provide, most notably Microsoft.
     
  • Use complex passwords and change them regularly (every 90 days).
     
  • Regularly review who has access to your applications and especially the IT administration functions.
    For example, vendors often ask for access when they install or maintain their software and their access needs to be removed when they are finished.
     
  • Train every user on how to recognize an email scam.
    Over 90% of ransomware gets in by someone opening a fraudulent email. Regular, ongoing training on how to recognize suspicious emails and activity can lower your risks.
     
  • Use the leading anti-virus and anti-malware software – and keep it updated.
    The traditional methods for protecting against viruses are no longer effective, but there are new providers using advanced analytics to provide better every-day protection.
     
  • Maintain an actively managed “next-generation” firewall.
    Static firewalls, like the kind we purchase at Best Buy or Walmart, are no longer enough. Firewalls need to be actively managed and updated to block the most current threats to networks. The newest even offer “deep packet inspection” which examines the data coming through the network in real time to stop threats.
     
  • Keep a current backup of your critical systems and information!
    If you do get ransomware that can’t be effectively remediated, you can still recover your data from a backup and not pay the ransom. There are many flavors of backup solutions. If you aren’t backing up, we can educate you on the choices.

We work with clients every day on these essential cybersecurity issues. More importantly, we continually invest in improving our understanding of the threats and finding the right partners to provide the level of security that we and our clients require. We negotiate the best rates possible for access to the latest technologies in this battle.

OXEN Technology currently offers:

  • Network Risk Assessment at no charge
    Our unique automated tool identifies potential risks associated with access control, passwords, patching, and other foundational security elements. We create a full report within 2 business days.
     
  • Industry-leading Anti-Virus and Anti-Malware protection
     
  • Free online Security Training annually to all employees of our managed IT services clients
     
  • Simulated Phishing Attacks to test employees’ vulnerability to email scams
    (Employees that open a bad email are redirected back to training)
     
  • Network Vulnerability and Penetration Testing, free to our managed IT services clients
     
  • Managed Firewall Service, using next-generation firewalls
    Deep Packet Inspection is available but remains expensive for our smaller clients. We expect to expand this managed firewall service to home offices in Summer 2017.
     
  • Leading Business Continuity and Disaster Recovery Solutions
    This is the fastest growing piece of our business. We have options for all requirements and budgets. We announced our own “OXEN BOX” appliance on April 1, 2017, which will allow clients to quickly recover a functioning system, applications, and their data in case of a failure on their production hardware or software systems. It is automatically backed up to a secure remote data center in case of a disaster affecting your entire facility.
     
  • Full Cybersecurity Audit and Policy Development
     
  • OXEN NetWatcher Appliance
    This appliance constantly scans your IT network for security threats and events that are then analyzed with sophisticated software and a 24/7 Security Operations Center. We notify you of the most dangerous threats and jointly determine how to eliminate them.

In conclusion, there is a lot going on in the industry around cybersecurity. The good guys are building tools as fast as they can to protect against the known and expected threats. I promise that we will stay on top of it so that we can provide Strong. Trusted. Simple. security solutions.

I welcome your feedback and ideas on how we can best help you manage the risks you see on this front.