Category: Security

Posted on

Why update?

Why should I install the updates?

Software updates -otherwise known as patches- perform many tasks. There are updates to the operating system and individual programs and such updates are fundamental for a computer to work correctly. For example, they add new functionality, eliminate outdated features, they update drivers, provide bug fixes and, what is even more important, they repair newly found software vulnerabilities.

The dangers of software vulnerabilities

In general, a software vulnerability is a security weakness detected in an operating system or computer program. Hackers take advantage of such weakness in the sense that they write code to attack it specifically and can package such malicious code inside benign looking files or websites. These vulnerable spots allow a determined attacker to potentially infect your computer without you doing anything other than viewing a website, opening a compromised email or playing infected media.

Once a piece of malware (Malicious Software) infects a computer, the attacker is usually able to steal data, allow him/herself to take control of the victim’s computer, and even set a backdoor in order to be able to regain access on demand.

But not all potential security breaches can be solved with software updates. Some times a company requires a dedicated “guard” to monitor the behavior of users and their data to find and stop attackers in their tracks. Recently there were two serious vulnerabilities found in Office 365 for which an update is not yet available.

For the specific Office 365 case above, IronOak IT is able to offer “Office Protect for Office 365” to its customers, which is a tool that enforces industry standard security policies to minimize the risk of sensitive company data being exfiltrated to the internet and to prevent user account breaches.

So, even though software updates may seem like a nuisance, think of them as a preventive measure to ensure your security on the Internet. The next time a message appears asking you to perform an update, do not hesitate and click on the “Install now” button to remain protected.

Posted on

March, fraud prevention month

IronOak IT Fraud Prevention

Cyber fraud is a huge threat to our economy. It is estimated that this type of crime will result in losses of more than $ 2 billion globally in 2019 alone. The National Cyber Security Alliance investigated and found that identity theft is one of the main security concerns in North America. Below are the top six tips that consumers and businesses can follow to prevent cyberattacks from affecting them.

1 – Make a backup of your data. Having regular copies of all your personal and business information can prove to be a life-saver when/if disaster strikes. Ask about IronOak’s remote backup solution and never again worry about backing up your data.

IronOak IT stands with any Canadian business that has been affected by Cybercrime.  We’ll continue to defend and protect our client’s personal and business data and encourage all Canadian IT firms to raise awareness through Fraud Prevention Month in 2019 and in the future.

2 – Keep your software updated. Installing software updates for your devices and programs is essential. Always install the latest security updates for your devices and allow automatic updates for your operating system. Preferably use web browsers such as Chrome or Firefox that receive frequent and automatic security updates.

3 – Be on the lookout for phishing scams. Be aware of suspicious emails and phone calls. Cybercriminals will try to trick you and your employees into disclosing information such as passwords, banking information or company credit card information.

4 – Exercise good password management. Passwords that are 20 characters long, or 10 at least, are strongly recommended. Use a combination of upper and lower case, numbers and special characters (plus, minus, star, etc).; Don’t use the exact same password for multiple sites. Don’t share your passwords with outside parties. If you write them down – lock that paper up, seriously. Change your passwords frequently, at least every 6 months. Using a commercial password manager, like KeePass or LastPass, makes it easier to use strong passwords to access your favorite websites/programs.

5 – Watch where you click. Don’t be quick to trust unknown websites or download just any software. Many professional looking sites and software come bundled with malware that is made just to compromise your computer.

6 – Install antivirus protection. Make sure all your computer systems have a known and reliable antivirus program. IronOak IT offers its own antivirus solution to ensure your business computers are always protected against the latest threats.

 
Posted on

6 tips to protect from data breaches

IronOak IT data security

Recent reports of large data breaches are alarming for everyone. Companies worry about the implications of having their financial and personal information leaked. Well-known and established organizations worry about the short and long term effects on their businesses. And smaller organizations worry about when they’ll be next. Two things we know for sure: the cost of a data breach is high and many companies don’t recover from them.

A question commonly heard in boardrooms around the world today is: what can organizations do right now to ensure they don’t fall victim to a data breach? Though many companies have security protocols in place, these don’t necessarily provide an Ironclad solution to defend them against the large variety of modern digital attacks. IronOak IT encourages six critical strategies that all organizations should consider:

1. Patch soon, patch often

A good number of successful attacks simply target vulnerabilities for which patches were already available. While new attacks are a real risk to keep in mind, most intrusions are caused by threats that have existed for weeks, months or even years. It is imperative that companies apply patches to each inventoried device and establish a formal patching and updating protocol. Ideally, the process needs to be automated, tracked and measured.

2. Combine local and global threat intelligence

Advanced threat intelligence allows organizations to reduce the time to detect threats and close the gap between detection and response. This begins by taking advantage of the threat intelligence that is already running on your network inside your firewall. For example, it is recommended that your IT firm install security tools designed to share, correlate information and take coordinated action. This means that when a new attack is discovered in a different continent such as Europe, your technology systems update their protection automatically –  before the attack even reaches Canada.

3. Implement signature-based security tools

The use of an enterprise level firewall takes advantage of security features for you. Most of the vulnerabilities that are typically exploited are already known. Attacks targeting those vulnerabilities can be detected using signatures. Signature-based detection tools allow your IT team to quickly search and block any infiltration attempts, or the execution of an exploit targeting known vulnerabilities.

4. Add behavior-based analysis

Attackers also use advanced techniques such as learning and imitating legitimate traffic patterns to evade detection. Security tools not only need to verify and inspect data and applications that look for malware, but they must also provide insight and in-depth analysis by looking for patterns over a period of time in order to detect malicious intent. Where possible, intelligent security systems must be able to intervene proactively and automatically to neutralize an attack before it has even impacted your technology. For peace of mind, IronOak IT recommends that you confirm with your IT firm that your security systems include behavior analysis.

5. Close web-based attack vectors with web application firewalls

Many threats no longer enter the network through traditional channels. Web-based attacks take advantage of the exponential growth of applications, especially those designed to query and extract information directly in the data center. An effective way to close that gap is through the implementation of a WAF which is specifically designed to provide deep and high-performance inspection of web application traffic far beyond what traditional firewall technology provides.

6. Segment your network

Due to the fluid nature of networked ecosystems and the wide range of applications that use today’s networks and data that flows through them, it is imperative to establish an effective and secure network segmentation that avoids the lateral propagation of threats. The objective is to create a coherent policy that ensures that if a section of your network falls victim to an attack, the rest of your organization can continue normal operations.

Summary

The need for a dedicated IT Support team becomes evident when you consider these 6 tips to protect your company from data breaches. Professionals that know the ins and outs of your technology systems are critical in the ever changing world of IT. A dedicated team of experts that plan and deploy security solutions will keep your data secure.

Contact IronOak IT today to ensure your business is protected.

Let us build your next website!

    What is VOIP?

    VOIP stands for Voice Over IP. This is a new communication technology that allows you to make and receive phone calls through the use of the internet.

    VOIP phones do not use the regular twisted-pair copper cable. An IP phone, as they are commonly called, only requires an internet connection in the same way that a computer does.

    Due to the fact that IP phones work digitally, as opposed to analogously, VOIP service providers can offer a wider range of features that allow businesses and their employees to be more productive and efficient in their communications.

    A business that is looking forward to make the move to VOIP must first have a reliable and fast internet connection. Before making the transition to VOIP, companies need to ensure their internet service meets the minimum requirements requested by their VOIP provider.

      WordPress Appliance - Powered by TurnKey Linux