Search Results

Cyber Security Solution for Small Business Integrated Cyber, has a unique patent-pending cloud-based SaaS platform that uses AI and human intelligence to integrate best-of-breed security solutions in a small business bundle that can help you in these turbulent times. It can’t get any easier for small businesses to be protected for the important cyber security issues that are not covered in the ‘normal’ set of tools you may have deployed. You’ll get a simple and sophisticated monitoring device placed on your company’s data network that continuously monitors your assets for anomalous behavior, this includes networking devices, servers, and end-user devices (desktops, laptops, smartphones). Your systems will be watched through a combination of AI and human intelligence 24x7 and when we detect an intrusion, we’ll respond quickly to contain the threat while working with your staff to remediate permanently. Your employees' cyber activity will be monitored and captured to ensure you’re protected from those moments when they accidentally create cyber risk by clicking on a dangerous email or going to a risky site. You’ll get clear metrics about employee-generated incidents while your employees receive personalized security coaching and tips about how they can avoid such traps in the future. You’ll know if your company’s data is on the Dark Web through a unique monitoring platform that specifically looks for any reference to your company’s domain. You’ll get a clear report for everything that’s discovered and we’ll provide targeted remediation advice when we find your company’s compromised data. You can also get Cyber Insurance as an optional add-on to your Small Business Bundle. In the event of a cyber breach that causes a loss for your business (data held to ransom or faculty productivity loss or cost of recovery), you’ll have strong insurance coverage with very few exceptions or deductions. Rates vary based on your company’s risk profile, general revenue range (for coverage), and desired insurance limit. Your IC360 Small Business Cyber Security Bundle is provided on a monthly recurring subscription based on the number of employees, end-point devices, and infrastructure devices (servers, networking) in your business. For example, a business of 25 employees with 10 infrastructure devices would expect to pay roughly $80 per user per month. Call us today to learn how you can expand the cyber protection for your business. Americas & APAC +1 212 634 9534 EMEA +44 (0) 203 727 0615 info@Integrated-Cyber.com

Welcome to working from home Cyber Security While Working From Home: Your office at work has a lot of behind-the-scenes security that keeps you and the company safer than when you are at home. Thus, employees need to be more aware and vigilant about cyber security when they are at home than when they are at work, especially if they are using a personal computer instead of a company-issued laptop. You should make sure that you follow company best practices for security:

Welcome to working from home Positioning Your Workspace Facing a wall or window will minimize the distractions within the room and allow you to focus on the task at hand. It will also allow you to post things on the wall that you may need, like post-it reminders, goals, etc. Your workspace: Should not be used for other purposes when you’re not working, such as watching TV, recreational web surfing, game playing, etc. It should not be where others in the house spend time during the day. Again, you want to minimize distractions and having someone coming in and out and engaging in conversation takes you off task. It should not be a place that must be “dismantled” at the end of the day, like the dining room or kitchen table, or the center of the living room. It should not be a place that you spend your evening. Just as you need to go to work, you need to come home from work as well. Get creative on what you can use to construct your home office workspace. The main goal is to create a workspace that you can go to daily, do your work, and “come home from” with the same routine you had previously. Set-up a card table in a quiet room and grab a comfortable chair where you work items are permanently set-up until you head back into the office. Communication is Key When working from home, you don’t have the same ease of communication as in an office environment, thus it is important to “overcommunicate” with team members. Use regular channels of communication that your company provides, do not use unauthorized channels. For security purposes, make sure that you have disabled any personal home assistants (Alexa, Google) as their microphones are always on and listening.

Welcome to working from home This may be the first time you are working from home for an extended time, which is quite different than working from home for a day or two. Being productive at home requires the proper workspace that eliminates distractions and enables you to be as focused as if you were in the office. I have personally spent the better part of the last 7-years working from home and the steps you take to establish your environment plays an important role in your performance and focus. Your Work Environment For many people, working from the kitchen or dining room table, setting themselves up in the morning and cleaning up their workspace when they’re done is the norm, and for a day or two, this can work, but you should avoid this if possible. When you work in the office, you have a dedicated space that you go to each day that is immediately ready for you to do your work. You should try and emulate this familiar structure and create a dedicated workspace that offers a comfortable place to work, free from the many distractions that can accompany working from home. The best home workspaces are places where you can shut yourself off from the world, however, not everyone has this option. You need to dedicate some space in an existing room to set up your office, knowing that it is important that you configure your workspace to minimize distractions. Equip your workspace with the following: Our next post will focus on your workspace and the importance it plays on staying focused.

The media headlines demonstrate every week that fine companies with well-funded cyber security operations are now regularly losing valuable sensitive information. “Encrypting” data has often been heralded as the panacea for protecting against these data loss scenarios. But is this really your greatest asset in the war against cyber crime? When you lose something in the physical world, like your smartphone, you incur the cost and inconvenience of replacing it. However, if an attacker takes your data, nothing goes physically missing. Somehow, if you could only render the stolen data useless, then the problem goes away. How Does Encryption Work? For hundreds of years, mankind has been able to make data secure by applying cryptographic codes only known to those with the “Key” to read the contents. In the computer age, this has been the territory of geeks – technically challenging, expensive, and requiring special know-how. Few companies have found an affordable and easy-to-use way of encrypting data end-to-end. Effective encryption appears to be an elusive proposition. There are several types of encryption, but they all share the application of a secret mathematical algorithm “key” to the data. Encryption is analogous to locking data in a secure safe. With modern encryption methods, decrypting data without the key (breaking into the safe) is very unlikely. It would take thousands of computer-years to brute force the encryption algorithms (pick the lock). Encryption is not free. There is a cost to encrypt and decrypt the data. There is the cost of securing and managing the keys. There is the inevitable cost of replacing lost or compromised keys. Managing keys and access to information by authorized users is also very labor intensive. Encrypting data makes everything about working with the data more difficult, for both the bad guys and the good guys! The implications for recent data breaches Sony and others might have avoided the damage from leaked emails, spreadsheets, credit cards, and medical information that had the data been encrypted. Encryption does not stop access to the information. The attackers would still have the stolen data files, but encryption would have rendered that stolen data unusable without the “key” to decrypt it. Encryption is necessary but not sufficient Encryption is an important tool in protecting information assets. However, encryption by itself does not go far enough. Encryption reduces the risk of data breaches by outsiders, but it does not deal with other important risks including insider threat, supply chain/data sharing, mobile/remote cloud computing, coordination with existing infrastructure, or appropriate data retention and security policies. The Solution -- Digital Rights Management (DRM) DRM has its origins in the era of illegal file-sharing (e.g. Napster) of music and movies. The media industry worked with IT companies like Microsoft to protect the copyright of their digital intellectual property, by using encryption and an associated ecosystem of key management, metadata and watermarking. Numerous proprietary solutions emerged, and of course, they didn’t interoperate. For businesses today, the common factor is Microsoft Active Directory – in the Enterprise or in the Cloud. Microsoft’s Rights Management Service (RMS) is bundled with Active Directory. This allows businesses to interoperate in a secure environment, and when an attacker steals your data, it is rendered unreadable for all practical purposes. Products like Watchful Software’s RightsWATCH works with AD RMS augmenting its effectiveness and making it easier to both to use and administrate. A key concept is the addition of automatic classification of data whenever it is saved by an end-user so that only the sensitive data incurs the additional overhead of encryption. So what’s the bottom line? Encryption would have certainly saved Sony, Anthem, Target, Home Depot etc. a lot of embarrassment and negative publicity. But they didn’t routinely encrypt their data because traditional tools are difficult to implement, costly to administer and compromise the features of some of their other digital security controls. A new breed of Digital Rights Management tool is now available to overcome these disadvantages. As these gradually get adopted by businesses, we should see a progressive reduction in this sort of compromise by the bad guys. Integrated Cyber can help you with an independent view from years of experience, and not based on the software in our stack. Contact us today to discuss your options.

Typically, companies will spend around 2.5% of their IT budget on very basic defenses When we talk to Boards of Directors and Audit Committee chairs, this is the most frequent question we hear. Money spent in preventing a cyber security breach is hard to justify. After all, you don’t want to spend more than necessary on something that is not going to help your business grow and prosper. Typically, companies will spend around 2.5% of their IT budget on very basic defenses. Smarter companies will realize that detection (during or after the attack) is just as important. And sophisticated companies will spend the same again on reaction preparedness. So 7.5% of the IT budget is considered to be best practice. What is your Value At Risk? But the real criterion should be “Value at Risk” (VAR). This is a well-established measure that businesses use in mitigating conventional business risks, such as physical security (locks, fences, safes, guards) or fire security (sensors, sprinklers). For digital assets, some companies have a small VAR (e.g. businesses in the services sector) and some have very significant VAR (banking, energy). So a bank or an Oil & Gas company might spend over 10% of their IT budget on digital security. VAR has jumped recently because of the increase in attacks that paralyze your company’s servers and demand a ransom to release the compromise. This sort of blackmail can bring an entire company to a halt, and you can imagine the cost of losing a day’s productivity, or (worse still) having important data deleted forever. In one recent case, the ransom demanded was $200 million. Furthermore, companies that are low on the maturity curve and have to invest in catching up, will experience a peak that can be double these typical numbers. Establishing your position on the Capability Maturity Model Index (CMMI) is an important step. A CMMI of 1 represents a company with many gaps in their defenses, and a CMMI of 5 represents a company with extremely low vulnerability (for example, maybe they encrypt all their data). “Attacks that paralyze your company’s servers and demand a ransom to release the compromise.” The Equation So one way of answering the question “How much is enough” is the equation: Digital security annual spend = VAR / CMMI An average company may have a VAR of $30 million and a CMMI of 3, so they should be spending $10 million annually on digital security. Please don’t take the formula too literally, because of course, things are nowhere near as scientific as this in the real world, but the principles are sound. Ask the Experts As independent security experts, let us help you determine what are the best options to protect your business. Contacts us

The Integrated Cyber team has done due diligence with many companies and we've found these are the two biggest mistakes we continually see organizations making. 1. "Technology Creates the Problem, Thus it MUST be the solution" Most companies look to their IT department to prevent breaches and detect compromises by using an array of hardware, software, and appliances. In reality, most of the problems are caused by human behavior – innocent mistakes like sending files to the wrong person, or sharing your password, or loaning your laptop; malicious actions like a fraud; and naïve response to social engineering attacks like impersonation and identity theft. IT departments mistakenly believe that they can block these behavioral characteristics by installing digital security products. Of course we humans are clever enough to circumvent many of these controls, especially if they get in the way of us doing our job. So while an audit of the technical architecture can make the IT team look really smart, the same audit of the actual workflows and processes can highlight lots of workarounds and security shortcuts. That’s why a number of companies have changed their governance model to have the Chief Information Security Officer report to the CFO or the COO, rather than to the CIO. Technology may have caused the problem, but technology alone will not solve it. 2. "Our goal is to achieve compliance" This is the measure of success most used by the company executive committee because they lack a deeper understanding of the real risks. They simply want to be convinced that the company is meeting its statutory and regulatory needs so that they cannot be accused of neglecting their duty of care. It’s the same mindset as buying insurance just to make sure the financial results don’t suffer any nasty surprises. Compliance tends to consist of a checklist of mitigating actions, with the inference that if you can tick the box then you are secure. This is a dangerous “illusion of precision”, because mere compliance with an arbitrary set of regulations is totally different from security sufficiency, and many compliant companies have big gaps in coverage elsewhere and so fall woefully short of meeting a lot of common sense criteria. Bottom Line: Our advice is to use a third party to perform an audit of the current state of your policies, architecture, processes, and behaviors; then design a holistic set of corrective actions; and then implement these actions by prioritizing the protection of “the vital few” – your family jewels. Let Integrated Cyber Teach you what we've learned from years in the industry and through our independent work with organizations just like your. Let's talk, contact us today.