Published March 02, 2023
That may not be a fair question…can any business really be ready for a cyberattack? Let’s think about it this way: Your business may not be ready, but it can take steps to be prepared and limit damage from these attacks.
If your company is not already prepared for a cyberattack, first understand the dangers and risks of an attack. When you think about how many millions of attacks happen each day, how much that threat could cost you, you start to feel the importance of having a quality cybersecurity posture. Bad actors are attacking from all angles, ready to take corporate and personal information Your business needs to be ready and we strongly encourage you to make necessary adjustments as soon as possible.
A cyberattack can be disastrous for a company, resulting in financial losses, damages to reputation, and legal responsibilities. Therefore, it is imperative for businesses to be ready for an attack by implementing strong cybersecurity measures. Here are a few key steps to get your company moving in the right direction.
Having a comprehensive cybersecurity plan in place is the first step in being prepared for a cyberattack. The plan should outline policies and procedures for preventing cyberattacks, identify potential threats and vulnerabilities, and define roles and responsibilities for employees. A good cybersecurity plan also includes regular training for employees to help them identify and respond to possible threats. Topics such as password security, email phishing, and social engineering tactics should be covered in the training.
Did you know that one of the most common ways cybercriminals gain access to a company’s systems is via weak or short passwords? Companies should implement strong, long password policies and require employees to use complex and unique passwords. New River Computing strongly recommends use of multi-factor authentication, which requires a second form of identification to access systems or data.
Vulnerabilities in software is another common way cybercriminals gain access to a business’s systems. Therefore, it is crucial for companies to regularly update and patch their software to address known vulnerabilities. Using antivirus and anti-malware software to protect systems from potential threats is also recommended.
Having regular reliable backups of data can be critical to recover should a cyberattack occur. It is suggested that data is backed up regularly to a secure, off-site location to ensure systems can be quickly restored if necessary.
Despite the best efforts to prevent a cyberattack, it is still possible that a company may be successfully targeted. Therefore, having a response plan in place that outlines the steps to take in the event of an attack is important. The response plan should include steps for identifying and containing the attack, notifying appropriate parties, and recovering data and systems.
Regular security audits can help companies identify potential vulnerabilities in their systems and policies. These audits should include testing for potential cyber threats and vulnerabilities and reviewing access controls and user permissions.
In conclusion, companies must be prepared for a cyberattack by implementing strong cybersecurity measures. By developing a comprehensive cybersecurity plan, implementing strong password policies, regularly updating and patching software, backing up data regularly, developing a response plan, and conducting regular security audits, companies can significantly reduce the risk of a successful cyberattack. In today's digital age, being prepared for a cyberattack is not an option but a necessity for businesses of all sizes.
Published January 20, 2023
New River Computing recently hosted a panel discussion on security and cyber liability featuring the following panelists:
The panel was moderated by Jeff Nosenzo - Vice President of Brown Insurance.
If you missed out on the panel or want to revisit it, you can check it out in the video above!
Published December 15, 2022
As of November 28, 2022, PHP 7.4 is now past EOL (end of life) and is no longer receiving security support. So, what does this mean to you?
If you're a client whose website is hosted directly through New River Computing, no action is needed. All of NRC's hosted websites were updated to PHP 8.1 prior to the EOL date for PHP 7.4.
If your website is hosted through a 3rd party, New River Computing recommends reaching out to your hosting provider to confirm that your PHP version has been updated to a supported version (8.0 or higher).
If you are an NRC client and don't know whether your website is hosted through NRC or a third party, or you have any other questions about PHP 7.4 reaching EOL, feel free to reach out to us.
Published November 10, 2022
Even the smallest businesses are finding that online threats such as cybercriminals and data brokers are a real threat, making infrastructure security something businesses must invest in if they want to minimize their material risk. Infrastructure security refers to the layers of defense on your computers, network, and cloud services. It is also important to note that ongoing cybersecurity training is as important, if not more so, than the technical safeguards such as antivirus.
If your business hasn’t invested in cybersecurity yet, you’re putting your reputation at risk. Here are three ways you can make cybersecurity a priority to keep your business safe from online threats.
One of the main reasons online threats are able to penetrate a business’s security system is because of unrestricted access to computers on internal networks. Cybercriminals take advantage of these poorly secured computer networks to steal data, create persistent threats, and extort cash. Research by Kaspersky Labs found that average cost of a single breach thanks to ransomware, poor password hygiene and other factors is around $101,000 for small and mid-sized businesses.
The best way to avoid a breach is by making sure that each employee uses their own account and unique, complex passwords. Your company should also set up appropriate levels of access for employees so that only employees that need access to more important financial records, client information, or intellectual property can access that information. Also critical: Use multifactor authentication wherever possible.
Just like schools run fire drills, IT service providers should run simulated phishing and cyberattacks to keep companies and employees on their toes. Your business should engage with cybersecurity companies for vulnerability testing, in which professionals will attempt to find ways to access to your networks, computers, and cloud services.
It's important to keep software up to date so that it effectively defends against new threats. If you fail to keep your operating systems and applications updated, you’re running a huge risk. It’s like leaving your home or car unlocked: someone can walk in at any moment. There are new vulnerabilities being discovered every day, and your systems need to be up to date to fight against emerging threats.
Taking the time and effort to make cybersecurity a priority is the best way to ensure your businesses' online security. New River Computing offers an advanced security solution, Guardian Fortress to help reduce your company's material risk. Please contact us if you want to take the next step in your cybersecurity endeavors.
Published February 05, 2021
Many recent news reports have come out regarding a massive hack of the Solarwinds Orion IT asset management system. This compromise is unprecedented in scale and reach, and the fallout from it will reverberate throughout the IT industry for years.
Solarwinds Orion is one of many IT asset management systems (New River Computing uses one called Connectwise Automate). This software is great for managing a large number of IT systems, with the ability to provide security updates, monitoring, and many other functions from a single console, with the click of a mouse. These abilities make it an ideal target for a malicious actor – By owning a software system such as this, the bad actor in turn owns every company or agency that uses the software.
Solarwinds Orion was hacked from the inside, most likely because of poor security practices at the Solarwinds company. Once the hackers had the ability to change the Orion software, they added backdoor code to it that was then distributed to Orion customers, allowing the bad actors access to every network that uses this management tool.
Starting in March, as many as 18,000 companies and government agencies downloaded the malicious software – 425 of the Fortune 500 companies, 10 top US telecoms, the Pentagon, Departments of State and Treasury, and many others. This malicious backdoor software remained undetected for months, allowing the bad actors access to the infected network resources, data, and almost anything on a network that you can imagine. The backdoor code is so stealthy that many organizations may not ever know that they were compromised.
The attack was almost certainly perpetrated by a government – Russia, China, and the US all have the capabilities to achieve an attack like this, as well as many other state actors. This attack will have long lasting impacts, taking years to clean up, and changing IT management behavior.
Luckily, New River Computing did not use any Solarwinds software, and so we and our clients were not affected by this attack. Early in 2020, however, New River Computing looked around and realized that security was the top priority for our internal resources. The IT industry as a whole has spent the last few years improving efficiency of and driving down costs for rigorous asset management. But Security has been lagging behind, as evidenced by this attack. New River Computing will be spending 2021 and beyond improving access to top-notch security tools and techniques.
Please feel free to reach out if you have any questions.