So you think your passwords are safe?

When it comes to network security, it is easy for small to medium sized businesses to say “not me”, “they are only after the big guys.” The reality is that attacks on all networks have been increasing year after year as hackers have become more sophisticated, and small businesses are being affected every day by relaxed or non-existent security policies.

A 2013 study showed that 1 in every 5 small businesses networks would be compromised. With the ever-increasing technological advances, it is likely that since then, these numbers have climbed, posing a significant risk for a potential breach, lost or stolen data, or some type of malicious threat.

There are a number of ways IT Support LA in Los Angeles helps to ensure that you are at minimum risk:

  • Updates - Keeping computers and network equipment updated is one of the most effective steps to preventing a possible network security issue.
  • Firewall - A common mistake in small to medium business networks is the lack of a business grade firewall solution. Often business owners are unaware of the difference between having a network router and having a network firewall in place.
  • Passwords - Password and password protection are proving to be an area that needs attention when discussing network security. Using sophisticated software and tools, hackers are easily gaining access to small business networks through simple or default passwords
  • Antivirus/Antispam - Most people know that antivirus and antispam software are necessary components of network security, but many people don’t realize why its so important until their computer or network is infected with a virus, malware, spyware, or a host of other potentially dangerous issues.

No matter the size of your business, network security is a definite requirement for every business in the digital age. If you are worried or unsure of where to start with an internal security audit, our team can help get you on track.

Cybersecurity Q & A

Q: What do Cyber Security Services do?

A:  In the most basic of terms, simple Cyber Security guards against attacks in Cyberspace. Cyber Security services are one part of standard IT support and services – generally not split into a separate category with a different vendor than an IT support company or Managed IT Services provider. Simply put, it consists of planning and implementation of security measures designed to give a network infrastructure the greatest degree of security against threats both external and internal, through the application of firewalls, anti-virus (AV), and encryption tools, among others. The security analyst is the member of an IT services team who will monitor the network for weakness, keep abreast of current trends and methodologies used by cyber criminals, educate both the rest of the IT support team and the clients on ‘Cyber Security Dos & Don’ts’, and carry out simulated attacks to test the defenses.

If you currently without reliable and proficient IT Support, and concerned with how secure your network is, it is better to Google ‘IT Support Los Angeles’ rather than ‘Cyber Security Los Angeles’. The former will provide a much wider range of services than the latter.

Q: Is Cyber Security one word?

A: Six of one, a half dozen of the other. Both are correct. In the Managed IT Services world, it doesn’t matter what you call it as long as it gets done correctly. American IT support tends to use it as one word, whereas British IT service providers generally use it as two. Some separate the two words with a hyphen.

Q: What are Cyber Security threats?

A: A threat is any attempt by a cyber crook to breach a network. What the criminals seek is either money or data. Malware is the component of many of these attack styles – injecting itself into your system for a number of nefarious reasons. Data theft is where the crooks just copy the client’s data and steal it. It doesn’t disappear, so the client won’t know it was stolen – but the IT support and services company should. The FBI regularly publishes updates to the official government overview of the Threat-Matrix, and recommended Best Practices.

For threat methodologies, there are quite a few - below are the most common manifestations that IT support teams look for:

1) Phishing/Spear Phishing: This is a form of click-bait, but with bad intent. Malware is hidden behind links and attachments in emails from seemingly legitimate sources. Spear Phishing is more targeted – usually towards high level executives. Again, clients should be advised how to spot these as part of a greater ‘Cyber Security Dos & Don’ts’ training.

2) Ransomware: The criminal looks to trick an end-user into opening an attachment or clicking a link in a Phishing email that allows the malware into the system, where it encrypts all the data, not allowing the client to access it until they pay a ransom for a decryption key, paid in Crypto-currency. Any decent IT provider or Managed Services Provider should have protections, early breach notifications, AND remedies (secure local and cloud backup systems) in place, because sooner or later, it WILL happen – one bad click from an end-user on a Phishing email lets the malware into the system. The Federal Cybersecurity & Infrastructure Security Agency publishes ongoing updates on the specific threat of Ransomware.

3) Denial of Service (DoS): This aims at overwhelming the network with a barrage of requests that flood the system, making it unusable. Using infected devices for a more targeted attack is known as Distributed Denial of Service (DDoS).

4) Zero-day Exploit: This attack occurs when network vulnerabilities in hardware or software is announced (such as Microsoft’s end date for security support for Windows 7 last year). Cyber crooks wait for these dates, and any companies who have not upgraded become the slow-running antelopes at the back of the herd. Not a good place to be. Your IT services team should be on top of these dates.

5) SQL Injection: The crooks gain access by uploading malicious Structured Query Language (SQL) scripts into the system, allowing the hackers to wreak havoc on your data.

6) Man in the Middle: Typically, the crook gets in between two users, pretending to be the persons both are communicating with, but in effect, they are gleaning sensitive information to use in a larger attack.

7) DNS Attack: Criminals exploit weaknesses in the Domain Name System (DNS) to redirect website visitors to malicious sites (DNS Hijacking) and steal data from the compromised networks involved (DNS Tunneling). This can be hard to catch by your IT support and services team, as it happens outside of the network – they will catch it when the crooks use the info from the website attack to enter the network.

8) APT Attack: Advanced Persistent Threats occur when a cyber-criminal gains access to a network system and ‘homesteads there – simply sets up shop and filters data out over time. Many can remain undetected for a while – this is where a top-notch IT support company is worth every penny the client pays for it. Many lesser IT providers won’t catch this threat.

Q: What is enterprise cyber security?

A: ‘Enterprise’ simply indicates a higher level of proactive monitoring, protection, and disaster recovery for businesses. It is more all-inclusive than the basic Cyber Security used by consumers who have no need for actual IT support. Enterprise level security is the standard in use by the IT Support Los Angeles community.

Q: What’s the difference between cyber security and information security?

A: Information security is practically synonymous with Enterprise Cyber Security, as they both protect data on a more complete level, however Information Security is ONLY concerned with the data itself. Enterprise Cyber Security is concerned with the data, but with the network infrastructure in its entirety.
A business would do well to choose an IT Services company that incorporates Enterprise Security over a company that advertises itself as a simple Cyber Security Service.

Q: How does digital forensic science intertwine with cybersecurity?

A: Forensics of any type deals with an issue or crime after it has been committed, by tracing the steps of the breach and amassing evidence for legal proceedings. Cyber Security Services deal with the prevention of the attack, and the disaster recovery if an attack occurs. Simply put, Cyber Security fixes the problem while digital forensic science supports those (the legal system) that fixes the blame.

Your New and Redefined IT Experience Begins with a FREE Consultation.
Give us a call or schedule online today!