itsecurity

Pittsburgh, PA Washington, D.C.

1 (412) 889 6870

Facebook-f Twitter Youtube
Menu

5 Reasons that your Business is at Serious Risk

What you may have inside your Businesses

Here are just a few of the situations IT Security Solutions has encountered when performing an assessment.

All of the comments are focused on organizations with more than 2 computers in their network, a Firewall and Virus protection on each computer.  If this describes your organization, then your business could be at serious risk

  1. If your organization has ever had a Virus or Malware in your computer or personal device.  Today’s intruders deliver more than one piece of malware.  In fact each piece of malware also includes the ability to scan your network, and find how many other computers, printers and other devices there as well. 

    Also, the malware only resides on your computer as long as it’s needed to update the computer to include a backdoor for the attackers to return.  That means that the chance for a Virus scanner to see the malware on the computer is seriously limited.

    More than likely, the Malware succeeds in the attack of your computer, and you will not ever know that your computer was effected, until it’s too late.
  • If your office has an internet connection which is used for business activities during the day, what else is permitted?

    This about the activities on Social networks like Facebook, Instagram, Snap Chat, here is a list of 65+ Social Networking Sites –

    https://makeawebsitehub.com/social-media-sites/

Attackers exploit the distribution of Social Media channels to connect and control tens of thousands daily. To the intruders, this is like shooting fish in a barrel.

  • If your organization uses a generous work policy, that includes any of the following.  Remote Access, Remote Offices, Laptops which are permitted outside of the office, remote workers.

    Each of these are issues which require additional care and security needs.  All of them introduce their own threats into your environment.

The above was written before the Pandemic put all of us in a Work from Home effort.  

Before Pandemic    
Business Security During the Pandemic    

Before the Pandemic, there was a definite definition of security protecting the organization. This was how the security of the organization looked. However, the security of organizations evaporated during the Pandemic, see the figure just below.

Even the VPNs that connect back to the Office, bypass the firewall and are permitted directly.  Think about the security at your employees’ homes.  Is there any wonder why the attacks are concentrating now at home?

VPN Connections proceed past the firewall.

 

The part that is missing above is the lack of screening from employees and the use of VPNs.  The VPN is intended to Mask the communications from one endpoint to the other while connecting over the Internet. VPNs do not protect the connection or the business. The Firewalls permit the VPNs to connect internally and do not filter any information. You may expect that the VPN protects your business, but this is not the case.

The VPN permits direct communications to the office and repeats the same situation that was exposed during the Target breach.  The Target breach permitted the infected computer of the HVAC Vendor to get access to the entire network, and the credit card information.  That was a recipe for disaster.

  • Does your organization permit personal devices to connect to your network, or have business email on them?  (this could be considered two different issues)

    Give this a moment to sink in.  On your personal devices (iPhones, Tablets …), where are the Firewalls or Virus Scanners?  You should realize that these devices do not have one unless you have installed something yourself.  Even if the device has a firewall or scanner on it, what level of protection do you expect that this provides?

  • How long ago was your last Security/Risk Assessment?  These activities are recommended at least annually, and normally within 30 days of making a change to the network.

    The important thing to remember here is that the Security Assessment is performed by certified individuals that are interested in protecting your business.  Ultimately you can choose not to perform the assessment, in which case the intruders will be performing the assessment, and they are constantly doing that. 

    When the Intruders perform the assessment, you won’t be told the results of the assessment.  You may not be aware of what they have discovered until they want you to.  That’s right, they don’t need to let you know, and you may not know just how much of the company that they have accessed.  Your current tools are not able to detect the intrusion or stop it. 

    In fact, today’s security tools can only partially detect the next attack.  Firewalls and Virus Scanners are reported to be only 4% effective.

How many of the above items can you relate to?  Do you have the tools we describe above?  Do you want to prevent the attacks on your computers, or allow the Intruders to continue to have access to your environment?  (prevention is the cure).

Bonus

Your network has likely evolved beyond the initial PCs, and Printers.  Many networks have added WiFi, personal Devices, and many other Internet of Things (IoT) devices which have no protects either.

Our personal devices (cell phones, tablets) are never off of the Internet, and we insure that they have sufficient power at all times.  We are now so dependent on these devices, that we also allow Business Communications on them as well.

This presents the opportunity for attackers to engage in our want for information, as well as the convenience of connecting to everyone (including high value targets), to get the access and information that they are seeking.

The critical problem here is that you cannot stop, what you cannot see.  We have the tools and experience to highlight the unseen activities, and stop the attackers before they can succeed.

_______________________________________

IT Security Solutions, Inc. is a Pittsburgh based technology company with 25+ years of cyber security domain expertise catering to businesses of all sizes. The solutions offered range from technology security audits and penetration testing to continuous network scanning. The company recently launched ITS Safe™, a proprietary managed security solution that blocks hackers from attacking networks – the largest IT security threat facing businesses today.

Year after the year, the Pittsburgh business community recognizes IT Security Solutions, Inc. for their domain expertise and thought leadership in the cyber security space.

Contact IT Security Solutions to discuss how you will benefit by reviewing your security today.

www.IT-Security-Solutions.comwww.ITS-Safe.com

412-889-6870 – info@IT-Security-Solutions.com

Tagged , , , , ,

2 Responses

  1. “Can I simply just say what a relief to uncover somebody who actually knows what they’re talking about online. You definitely know how to bring a problem to light and make it important. More and more people have to look at this and understand this side of the story. I can’t believe you aren’t more popular since you definitely have the gift.”

    Reply
  2. Pingback: SWAT Assessment for Cybersecurity - IT Security Solutions

Leave a Reply

Your email address will not be published. Required fields are marked *