Connect with us

Cyber Security

Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes

Avatar

Published

on

Cyber Security

Interview With Mike Schipper – InsITe Business Solutions

Avatar

Published

on

With many thanks to Mike Schipper, Founder & CEO of InsITe Business Solutions, Aviva Zacks of Safety Detective got a good understanding of how his company does to keep its customers’ data safe.

Safety Detective: What does your company do to keep your customers’ cloud, network, and server safe?

Mike Schipper: Everything begins with understanding and education. First, we work hard to have a great understanding of the threats out there. Combine that with a great understanding of our Clients, and focusing on educating them of the importance of security and compliance, making it simpler to digest and understand. Providing our clients with the right tools to educate their employees on security is highly critical. With better understanding comes more willingness to invest in security and compliance measures. The news cycle, with reporting of all the recent breaches, certainly doesn’t hurt either.

We also understand that security is not a single product, such as antivirus, and you are done. Nor is it a set it and forget it situation. To effectively protect our Clients we take a layered approach, and it is always a work in progress, improving all the time. As an example, we have developed our Systems Management & Security (SMS) Platform, which is a comprehensive bundle of layered services and systems management tools that we have developed through significant research, time investment, vendor negotiation, and overall security experience. The SMS Platform makes security and systems management affordable and enables co-management with our Clients as well. But it’s always moving.  In fact, at the time of this writing, we are negotiating with another vendor to add an additional layer to this bundle across our Client-base, as we have identified a new emerging threat category that should be addressed in the near term. The target is always moving, and it is our responsibility to stay ahead of it.

InsITe is also what I consider a “cloud-first” MSP. When we launched back in 2013, we recognized that, without some serious help, most organizations would not be able to keep up with the growing security threats. Many debates did cloud spark – among IT folks and business leadership. That aside, beyond all the other apparent advantages of cloud, for our client base we can enable new security measures, from the very simple to the extremely complex, with just a few clicks.  Before cloud, enabling the level of security, auditing, and control to maintain a safe environment was near impossible, and certainly less affordable. When it comes to security, cloud is nothing less than a lifesaver. MFA can be turned on system-wide in minutes, where before it required complex hardware and software. We can automatically shut down accounts that show suspicious login attempts based on geography. Those are just a few basic examples of what is possible today.

It is also worth noting that beginning by (and maintaining focus on) securing our own systems is critical. We advocate a “security mindset” within our Team. Nothing advocates and propagates that mentality better than practicing it ourselves every day. InsITe must maintain strict security compliance due to pass-through requirements within our client base. We live it every day, which makes it second nature for our team.

SD: What types of companies use your services?

MS: Our team partners with leading manufacturers, primarily in Michigan, but expanding nation-wide. While our primary vertical is manufacturing, we do often work with clients in other highly regulated industries such as healthcare and the financial space. As it relates to manufacturing, our clients are often those who have heavy compliance requirements, which is a growing trend across the industry due to pass-through compliance requirements (top-tier on down).

What we are finding as of recent is that even outside of the highly regulated industries, there is a new awareness and requirement for general security compliance. Business leadership is more aware of the threats, and the eventual consequences of doing nothing. They see it all around them, so security and compliance services are growing across the board as well, and we are well-positioned to help.

SD: How do you stay ahead of the competition?

MS: To be honest, we don’t focus too much on our competition, at least not as it relates to any threat to our business.  There are times we can learn from our competition, but spending too much time looking at the shadows behind you only serves to detract from looking forward, and keeping our eyes open to the true responsibility and challenge of today’s modern MSP. There is enough business in our industry for InsITe and 400 of our friends.

Instead, we place our focus and energy squarely on staying ahead of the present and coming threats, opportunities that can be influenced by technology, and ensuring that we partner with clients that share our philosophy and value our strategic approach. Technology is an investment that should keep us safe, make us more productive and efficient, and generate some level of tangible return.

As it relates to staying ahead of the present and coming threats, bad actors, it really is getting more challenging all the time. It takes a constant effort within our team to identify threats, educate our clients, manage and progress their environments, and at the same time research and keep eyes wide open to future trends.

For us, it began with a commitment to security across the board, then propagating a culture of security throughout our entire Team, top to bottom. Everyone on our team is expected to understand the threats and mitigation methods, as well as stay up to date on the latest. Taking this approach, combined with formal training, as well as a culture of coaching each other, staying ahead is possible.

SD: What are the worst cyberthreats out there today?

MS: As it relates to how attacks take place, social engineering is right there at the top. It’s really out of control. E-mail phishing attacks and bogus credential harvesting sites (that look very real), to bogus phone calls from IT attempting to gather critical information, almost no method for tricking people into giving up something relevant and valuable is off the table.

Most readers are probably aware that there is now an official underground network of organizations that help upstart attack groups. From lists of vulnerable accounts and employee names, phone numbers, to call scripts and call centers to make the calls for the attacking organization—the underground economy of bad actors is alive, well, and growing. It will only get worse.

We have received frantic calls from companies whose CFOs were spear-phished without their knowledge. Armed with stolen credentials, the attackers accessed their e-mail accounts, lay in wait—learned their language, tendencies, and other high-level company resources—then struck gold with a request for an emergency wire to an “updated” vendor bank account for a product they were ordering. In many situations, hundreds of thousands of dollars were lost. Why would the attackers stop? That’s easy money!

Beyond phishing and general social engineering, ransomware is next in line. Again, the delivery of ransomware is getting more sophisticated, and the ransoms are growing.  The data acquired by the bad actors is now being used as a phase 2 threat, with direct threats that the data will be released without an additional ransom being paid. It’s really sick honestly, I don’t know how to better describe it. Security is no longer an option.

SD: How will the COVID-19 pandemic affect cybersecurity for the future?

MS: With more employees working remotely, mobility to enable Work From Anywhere has exploded. Thanks to cloud services, the necessary mobility is made possible, but it also means security has moved from the space between four walls to… well, somewhere in the world. Again, cloud enables mobile productivity, and also enables simple ways to turn on the appropriate and necessary security—but only if those setting up the cloud services know what boxes to tick and settings to set.

Instead of thinking about how we secure our firewalls, networks, and servers, we need to look at it as how do we secure the data and assets of our organizations. Data that used to reside on a server inside a building protected by physical and virtual security now resides somewhere out there in the cloud. Businesses that take an active approach to enabling work from home will be far more successful at securing the data and assets than those who do not. We have to remember that human nature will drive us all to default to the path of least resistance. If not provided the tools to store, share and collaborate on data securely, in compliance with company guidelines, we will simply find their own way. No, everyone creating their own Dropbox account is NOT the way. IT/MSPs need to be the enablers of safe, productive, work from home.

As IT professionals and MSPs we must shift, and we must bring a new refreshed focus to security. Businesses that do not make this shift will find themselves in big trouble. It is our responsibility to protect our community and our economy, we cannot take this lightly.

Source: https://www.safetydetectives.com/blog/interview-mike-schipper-insite-business-solutions/

Continue Reading

Cyber Security

Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update

Avatar

Published

on

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Source: https://threatpost.com/apple-patches-zero-days-ios-emergency-update/163374/

Continue Reading

Cyber Security

Venminder’s Annual State of Third-Party Risk Management Whitepaper…

Avatar

Published

on

News Image

The survey results confirm that the maturity of third-party risk management practices has continued to evolve and, notably, improve.

Venminder, a leader in third-party risk management solutions, revealed the results of their now fifth annual “State of Third-Party Risk Management Survey”. The survey of third-party risk professionals provides valuable insight into how organizations are managing the risks associated with doing business with third parties.

Third-party risk management was very much tested as an operational risk mandate, rather than simply a regulatory requirement in 2020. The pandemic pushed organizations to be more innovative, work remotely and rely more heavily on outsourced practices. The (still ongoing) COVID-19 pandemic has validated for many that third-party risk management is not just a regulatory issue, but a practical real-world consideration.

Key findings from the survey include:

  • Having enough internal resources is currently the #1 vendor management challenge
  • Sixty-nine percent have updated their vendor management policy in the last 12 months
  • Forty-six percent have between 1 and 2 employees dedicated to third-party risk management
  • Eighty percent have a formal process in place to determine criticality for all new vendors pre-contract
  • Sixty-eight percent classify 10% or less of their current number of vendors as “business critical”
  • Seventy-six percent have formal risk assessment processes in place to determine inherent risk and residual risk for all new vendors pre-contract
  • Seventy-five percent review/analyze high-risk or critical vendor documentation at least annually
  • The number one way the pandemic impacted vendor management processes was third-party risk professionals ensuring their vendors had adequate pandemic plans in place
  • Seventy-seven percent confirmed that the majority of their vendors were prepared and implemented pandemic plans without issues
  • Forty-six percent say that they experienced third-party cyber incidents during 2020, with forty percent being limited impact incidents

“The survey results confirm that the maturity of third-party risk management practices has continued to evolve and, notably, improve,” said James Hyde, CEO of Venminder. “The COVID-19 pandemic certainly drove heightened awareness in the need for well-managed practices and the importance in ensuring that your data is protected, whether it’s in your hands or a vendor’s and wherever it is – whether in a remote or office environment. This year’s survey results will provide many with important insight into the current state of third-party risk management as well as the ability to compare and benchmark their organizations’ processes against their peers.”

The full survey findings are available to download now on Venminder’s website by clicking here.

—-

About Venminder
Venminder offers a world-class SaaS platform that guides and streamlines third-party risk management. Venminder’s platform helps users collaborate on all things vendor-related and guides through critical processes such as oversight management, contract management, risk assessments, due diligence requirements, questionnaires, SLA management, vendor onboarding and more. Robust and configurable reporting can be generated from the tool to give clear visibility into the management and ongoing monitoring of third parties. Completed vendor risk assessments can be found in the Venminder Exchange and include thorough assessments of a vendor’s information security, SOC reports, contracts, financials, business continuity/disaster recovery and more. Venminder also powers Third Party ThinkTank, an online free community dedicated to third-party risk professionals. For more information, visit http://www.venminder.com.

Share article on social media or email:

Source: https://www.prweb.com/releases/venminders_annual_state_of_third_party_risk_management_whitepaper_provides_insight_into_trends_and_best_practices_for_2021/prweb17688392.htm

Continue Reading

Cyber Security

TeamLogic IT Ranked #19 on the Franchise Times Fast and Serious List

Avatar

Published

on

News Image

“Our franchisees are the backbone of our success,” said Shapero. “We saw steady demand for the TeamLogic IT brand during 2020, and our franchise network continued to deliver essential IT services to the small- to medium-size businesses making us one of the most resilient businesses in our segment.”

TeamLogic IT Ranked #19 on the Franchise Times Fast and Serious List

Information technology franchise up six spots on 2020 list of smartest-growing franchises.

In its third year on the Franchise Times Fast & Serious list, TeamLogic IT, a franchise network of managed IT service providers, ranked #19, up six spots from 2019.

Providing information technology services on a subscription basis to small and medium-sized businesses, TeamLogic IT is well-positioned to capitalize on the popularity of outsourced IT. As TeamLogic, Inc. President and COO Dan Shapero stated in the magazine article, “Companies are relying on their IT more than ever before. The beauty of the subscription model is recurring revenue.”

TeamLogic IT grew sales and units 76% and 47.8%, respectively, from 2017 to 2019. The company continues to evolve its offerings as technology changes. Just two years ago, the company launched Cybersecurity Essentials, which is a bundle of services to counter the cyber security threat.

“Our franchisees are the backbone of our success,” said Shapero. “We saw steady demand for the TeamLogic IT brand during 2020, and our franchise network continued to deliver essential IT services to the small- to medium-size businesses making us one of the most resilient businesses in our segment.”

The company has also been recognized as the Channel Futures 2020 MSP of the Year and made the 2020 Inc. 5000 list of the fastest-growing private companies in America. This is the fourth year that TeamLogic, Inc. has made the Inc. 5000 list and the sixth year for the Channel Futures list.

TeamLogic IT experienced double-digit sales growth and expanded its footprint across the country to include more than 200 locations in 2020. The company was named a “recession proof” business by Franchise Business Review and continues to be attractive to entrepreneurs looking to start their own business even during the COVID-19 pandemic.

TeamLogic IT serves the technology needs of companies of all sizes, and is uniquely focused on proactive, preventative and responsive IT delivered with the highest commitment to quality customer service. The organization focuses on business first, then technology, so that its end-to-end solution fits the needs of any organization.

About TeamLogic IT
TeamLogic IT is a national provider of technology solutions that businesses rely on for best-in-class managed IT services. Local offices provide companies of all sizes with the IT support they need to minimize downtime and improve productivity. Services include proactive cybersecurity protection, cloud computing, backup and disaster recovery and business continuity. With 200 independently owned and operated locations across North America, TeamLogic IT fills the void in the marketplace for a trusted technology advisor.

The TeamLogic IT franchise opportunity appeals to entrepreneurial executives with experience in technology, business and sales management. Interested parties are encouraged to visit http://www.teamlogicfranchising.com.

Contact: Denise Denton, Vice President, Marketing (ddenton@teamlogicit.com) at 949-582-6300, or Dan Shapero, President (dshapero@teamlogicit.com) or visit http://www.TeamLogicIT.com, or http://www.teamlogicfranchising.com.

Share article on social media or email:

Source: https://www.prweb.com/releases/teamlogic_it_ranked_19_on_the_franchise_times_fast_and_serious_list/prweb17688435.htm

Continue Reading
Esports14 mins ago

Ashe attacks Malphite for nearly 30 seconds and then dies to him in League of Legends

Esports18 mins ago

How to watch the Call of Duty: Black Ops Cold War Nameless $10,000 Boomer Bash

Esports36 mins ago

Rocket League player scores impressive goal from inside opponents’ goal

Esports42 mins ago

Destruction AllStars, Control: Ultimate Edition, and Concrete Genie are February’s free PlayStation Plus games

Esports44 mins ago

League player turns seemingly certain death into a triple kill with Gnar

Europe
Esports56 mins ago

Evil Geniuses defeat FunPlus Phoenix in DreamHack Open January

Amb Crypto1 hour ago

How sustainable are DeFi projects?

Amb Crypto1 hour ago

When Bitcoin went below $30k, eToro and robinhood faced technical issues

Esports1 hour ago

Overwatch 2 Apparently Won’t Release in 2021 and New Heroes are ‘Unlikely’ at Release

Amb Crypto2 hours ago

Bitcoin Price Analysis: 27 January

Esports2 hours ago

Apex Legends King’s Canyon Map Changes Listed

Cyber Security2 hours ago

Interview With Mike Schipper – InsITe Business Solutions

Amb Crypto2 hours ago

What is Bitcoin’s biggest flaw? Here’s what Cardano’s Hoskinson says

Quantum3 hours ago

‘Unicorn’ Discovery Points to a New Population of Black Holes

Amb Crypto3 hours ago

Bitcoin: Did Grayscale fall for the bull trap?

AI3 hours ago

How US legal firms can and must compete with robo-lawyer services

AI3 hours ago

Language Translation with Transformers in PyTorch

Quantum3 hours ago

Gamma Knife® Image Distortion Analysis with the QUASAR GRID3D

Amb Crypto3 hours ago

Gocoworker announces largest liquidity mining program

AI3 hours ago

“Hello World”, chatbot version — Complete example

Quantum3 hours ago

Nanodiamonds measure thermal conductivity in living cells

Quantum4 hours ago

Quantum dots light up when fish have spoiled

Big Data4 hours ago

How to Improve Your Leads with Data Aggregation?

NEWATLAS5 hours ago

Sony reveals pro-focused Alpha 1 full-frame mirrorless flagship

NEWATLAS5 hours ago

Sony Xperia Pro smartphone shoots for the creative market

Amb Crypto5 hours ago

‘XRP’s price being artificially suppressed by lawsuit,’ claims lawyer

Cyber Security5 hours ago

Apple Patches Three Actively Exploited Zero-Days, Part of iOS Emergency Update

NEWATLAS6 hours ago

Heatherwick Studio plans pair of curvaceous Canadian towers

Gaming6 hours ago

How to buy PC games at crazy discounts?

Esports6 hours ago

BIG announced as BLAST Premier Member Team

Trending