Our Blog

The number of data breaches is increasing at an alarming rate and can happen when you least expect them.  Your business’s backup strategy is a very important piece of the cybersecurity pie. If a data breach occurs, it is important to remember that time is of the essence. There are many factors to consider when designing your backup and disaster recovery plan.

Some business owners believe their data is being backed up, but that is not always the case. Many times, while onboarding a new client, we discover that their backups have not been working for weeks. If your I.T. provider is not monitoring your backups for completion and/or corruption, you may be exposed to cyber-attacks and could be faced with significant business disruption.

Additionally, when considering your backup needs ICC will review two main factors: RTO and RPO.

• RTO (Recovery Time Objective): This refers to the amount of time it will take to restore data.
• RPO (Recovery Point Objective): This refers to how much data is at risk if a total failure occurs, which is often related to how often the data is backed up.

If you’re unsure that your system is being properly backed up give ICC a call at (970) 821-8592. ICC will work to give you the best defense strategy against a data breach.

No doubt we are living in a fast-paced, high-tech world. What we can accomplish on a computer is getting faster and more efficient, and updates to computer operating systems are coming out quicker than ever. Every month, developers like Microsoft and Apple release updates and patches to their operating systems. This is because they have identified a vulnerability in the code that needs to be fixed before a hacker can exploit the issue.

When an operating system has run its course and can no longer meet the demands of new hardware/software, the developer will introduce a new version and set a date that the old version will no longer be supported. This is known as “End of Life.”  When the old version becomes End of Life, this means the developer will no longer issue security updates and patches. Outdated operating systems can present major cybersecurity risks because now the hackers can easily exploit flaws in the code to gain access.

In addition to cybersecurity, there are reasons to patch and upgrade your operating system. As time goes by, an old operating system’s performance will get slower. Employees may look for new features that won’t be available to them because of an outdated system. Additionally, in industries such as finance and healthcare, the operating systems must be current in order to be in compliance with regulatory standards.

Many small companies likely postpone upgrading their systems due to the interruption it may cause, potential software compatibility issues, or a lack of understanding to the severity of an outdated system. That is why ICC takes a systematic approach to the upgrade process and develops a strategy to deal with any problems that may occur.  It is critical to proactively manage security tactics to protect your systems from malicious attacks.

It is important to remember that proactive Patch Management is only one small piece of the cybersecurity pie.  ICC puts a number of cybersecurity tactics in place to minimize your exposure and significantly reduce the possibility of an attack. At a minimum, a cybersecurity strategy should include patches and updates, email security, network security, monitored backups, employee education, and Quarterly Cybersecurity Reviews. If you are missing one piece of the pie, you may be exposed to cyber-attacks and could be faced with significant business disruption.

If you’re unsure about which operating system you are using or how to transition to a supported platform, give ICC a call at (970) 821-8592. We can come up with a plan that is a cost-efficient solution for your business.

Learn more about ICC at iccusa.net.

‍

Hacking has become pretty common in the business world. Small businesses especially are frequent targets. Hackers assume small businesses don’t have the expertise or budget to put the proper security in place. Additionally, with more and more employees working from home there is a greater chance of weak links and insecure platforms being used, making it easier for hackers to get into a company’s system. It’s important to stay on top of the many ways hackers are accessing proprietary data. Read on to see ten common tactics hackers are using and how they make your company cyber-vulnerable.  

1)      Deep Fakes: This term refers to the use of artificial intelligence to manipulate the images of a video. People are lured into watching the video because they think it’s legitimate. They are often used in phishing scams, identity theft and financial fraud.

2)      Rampant Ransomware: Ransomware is becoming more complex. It is often spread through phishing emails that contain corrupt attachments or links.

3)      Tech Threats: Smartphones and handheld devices are aggressively becoming bigger targets. A cybercriminal can access an entire network through an unprotected mobile device.

4)      WiFi Compromises: There is an increased chance that remote employees could inadvertently work on an open or unsecure platform.  

5)      Website Hacking: This involves the insertion of code into websites to access sensitive data including credit card information.  

6)      Cloud Attacks: Cyber criminals are aware that the cloud can be a less secure place for sensitive data and will undoubtedly use that to their advantage. Once hackers have access to a cloud service provider, they can use the cloud infrastructure to navigate from one target to another.

7)      Spear Phishing: Phishing will continue to be an effective mode of security-breaching.  

8)      Unsupported Windows 7: Windows recently ended support for Windows 7, meaning its security measures are no longer being updated by Microsoft.  Make sure your company’s systems are running on the current operating systems.  

9)      Untrained Employees: It is important for employers to be aware of the human factor in cyber security. Train employees on how to be cyber-vigilant.

10)   Internal Vulnerabilities: Companies tend to grant sensitive data access to too many employees. Plus, companies tend to use the same passwords for multiple platforms, which is never a safe idea.  

ICC takes strategic steps to mitigate these security risks and help prevent your company from being attacked. We implement the best tech practices, use new cyber technologies, conduct staff training and testing to identify a cyber adversary, and even come up with an Incidence Response Plan so your company knows how to react to potential threats. To learn more give us a call at 970-821-8592.

If your ability to function as a business depends on your I.T. infrastructure, it is essential to conduct regular reviews of your cybersecurity strategy and risks. A Cyber Security Risk Assessment is a comprehensive look at your I.T. infrastructure, identification of vulnerabilities, along with strategic planning of future I.T. needs. If you currently work with an I.T. service provider, don’t automatically assume that they are doing this. Check in with them to make sure.

Generally, a Cyber Security Risk Assessment looks at all of a company’s cybersecurity focuses on things like open ports on a firewall, missing software patches, weak passwords, and email security. Once a review is complete, your I.T. provider should furnish a report that provides an overall risk score, outlines what was reviewed, any discovered concerns and how those concerns should be addressed. ICC, for instance, provides their customers a comprehensive report with recommendations that align with best security practices.

How often your company conducts a Cyber Security Risk Assessments may depend on the type of business. ICC typically runs reviews every quarter. It is important to remember that security threats are constantly evolving and you need regular reviews to understand where you need to invest in order to protect your business.

ICC offers regular cyber reviews of your business in order to provide peace of mind knowing you will be prepared on how to react to a cybersecurity event.

For more information on ICC’s Cyber reviews check out our latest video here. To start putting an I.T. review plan in place for your business, or to see an I.T. review report sample, give us a call at 970-821-8592.

Data breaches are an unfortunate reality in the business world these days. Even with the best security measures in place, cybercrime can happen. As much effort as you put into trying to prevent it from happening, it’s smart to make the same efforts in preparing for when it happens. That includes understanding how long it will take to recover from the incident and be up and running again.

There are so many factors that can influence the amount of time it will take to recover from a breach.  How much data do you have? What is your current backup solution? What type of data is it? Where is your data being stored?  Has someone been monitoring the backups for completion and integrity?  Is your server virtualized?

There are two strategies devised to answer those questions and to help develop the best plan to regain system functionality and restore lost data in the event of a breach:

• Recovery Point Objective (RPO): This evaluates how often your backup is being done, what kind of data you are backing up and how much data you could potentially lose in the event of a disaster.

• Recovery Time Objective (RTO): With a backup restore test, you can assess how long it takes to get you back up and running in the event of a date breach, and how long the company can conduct business with the disruption.

Together, RPO and RTO help determine your system’s capacities and limitations to make your recovery plan as efficient as possible. The better the plan, the quicker the recovery will be, restoring data in minutes as opposed to days. However, data recovery plans are not one size fits all. The strategy for RPO is very different than RTO and it is important to design your backups and plans accordingly.

We get that this may be too much to assess on your own. You can rely on ICC to help you define the best strategy for data recovery. To learn more, visit our YouTube video (at https://www.youtube.com/watch?v=gHLn6xXgffk) or give us a call at 970-821-8592.

As a small business, it is important to have a plan in place that allows you to act strategically and swiftly when a cybersecurity incident occurs, like data loss or service outage that threatens daily work.  An Incident Response Plan is a written set of instructions to help your staff detect a security breach, know how to respond to it, and what protocols to follow. The plan should encompass different types of cybercrime that could happen and what to do in each scenario. The plan may also include a list of personnel with their respective responsibilities. In addition to IT staff, the list of personnel may include legal, human resources, and public relations members.

There are generally six factors that will impact an Incident Response Plan:

• Preparation: Performing a risk assessment to prepare for potential cybercrimes
• Identification: Identifying the significance of the problem
• Containment: Isolating the problem so it doesn’t affect anything else
• Eradication: Upgrades and replacements
• Recovery: Restoring data and normal services
• Review: Lessons learned on how to prevent the problem from happening again

By developing an Incident Response Plan, you are taking proactive steps to protect your company and your customers’ data, maintain a healthy reputation in the community, and avoid having to pay large amounts of money in the case of a ransomware attack.  With cyberattacks up over 300% since the onset of COVID-19, having a plan allows you to have peace of mind knowing that a strategy is in place for keeping the business running in the event of a breach.

Many small businesses often don’t have the staff and expertise to come up with and maintain an Incident Response Plan. ICC can help you understand and put a comprehensive plan together so you can rest assured knowing you are prepared. ICC can also play a critical role in the implementation of the plan, technology, and any future troubleshooting.

For more information, or to get started, call ICC at 970.821.8592 or visit our website at iccusa.net.

If you or one of your employees opens the wrong email or clicks on the wrong link, it has the potential to be catastrophic to your business. Unfortunately, phishing has become harder and harder to detect. Phishing is an attempt by cyber-criminals to obtain sensitive information by disguising themselves as a trusted source through an email or text.  It only takes one click of the mouse on the wrong email link or file to give a hacker the access they need to bring down an entire network or enable a virus.

ICC can help to properly educate your employees on what to look for to prevent anything like that from happening. ICC’s Phishing Tests are an effective training tool that helps employees know how to identify malicious emails before they click on anything. The fake tests provide hypothetical real-life situations so employees can become vigilant towards such attempts.

Here also are a few tips employees can use to detect hazardous communication:

• Check Sender’s Email Address: Does the sender’s email address match the company name? If not, do not proceed to click on anything in that piece of communication.
• Investigate Before Clicking: Hover the mouse over a suspicious link to see where the link leads to. If the web address looks to have nothing in common with the email, best not to click it.
• Be Suspicious of Urgent Requests: Bank or credit card companies may ask for immediate action in some situations, but most of the time, be wary of requests for personal information in a quick timeframe.

Employees are a major contributor in your overall cybersecurity strategy. If they do not know how to identify possible attacks, they may click on the wrong link which may result in a hack or breach. Be sure to enroll in ICC’s Phishing Tests. By arming employees with the knowledge of cybersecurity best practices, your business can significantly reduce its exposure to attacks.

To learn more about our fake phishing tests, check out our latest video https://www.youtube.com/watch?v=rONaMSSkUVY

You can also call us at 970.821.8592 with any questions.

The reminders you see pop up on your computer screen to update software and applications should never be ignored. Those updates – also known as patches – ultimately serve to enhance the computer’s security and improve its stability. Patches are corrections to programming vulnerabilities found in the computer’s operating system, applications, and firmware. Hackers and malware exploit any vulnerabilities to illegally gain access to the system. Ignoring update notifications can lead to identity theft, data loss or damaged software. When the security patches are applied, they become a part of your line of defense in cyber protection and hackers/malware are no longer able to exploit this particular method of entry.

How often updates need to be installed greatly depends on the application or operating system. Some patches are released monthly and others vary as needed.  It is important that the patches are applied in a proactive manner so security policies are kept up to date. So, as tempting as it is, even when you are in the middle of working on a project, try not to put off the updates by choosing “remind me later.” When you do that, think of it as leaving your computer in a vulnerable state. Make sure to read the notification before clicking “Yes” or Install.”

Keeping your computers and software updated is an essential piece of cyber security. If you are unsure how the security patches are being managed for your company, or you don’t have the manpower, or even time to stay on top of system updates and maintenance, give us a call. We’ll start with a risk assessment and come up with a plan to make sure your computers are stable and protected.

For more information call ICC at 970.821.8592 or visit our website at iccusa.net.

Many businesses think they are too small to be affected by a cybersecurity attack. The reality is 58% of such attacks are directed at small businesses, and of these, 60% go out of business within 6 months from financial losses resulting from theft of banking information or disruption in their business.

Small businesses are an appealing target for cyber criminals because they don’t usually have the security in place that a lot of larger companies do. Many don’t have the proper cyber protection in place because they either feel they don’t need it, are using outdated cybersecurity strategies or they don’t want to make the investment. But isn’t your business worth protecting?

With many company employees working remotely these days, it’s more important than ever to think about cybersecurity. When more employees are using devices like laptops and iPads there’s a greater risk, and there’s a false sense of security working from home.  An email may look like it’s coming from a legitimate source, but it could very well be a phishing scam and lead to serious malware/ransomware on your device.

Performing a cybersecurity risk assessment is the first step in developing an updated strategy.  This allows vulnerabilities to be identified and discussed in order to develop a strong plan moving forward. Educating employees on what constitutes a dangerous e-mail and reminding them not to share passwords always helps. Installing security software and keeping software up to date can be effective in preventing a cyberattack. It’s also important to regularly back up files. If a cyberattack should happen and your data is compromised, files can be restored from backup files.

With small businesses being a prime target to attackers, having a sound cybersecurity plan in place is critical. ICC can perform a cyber security risk assessment that shows your risk levels and recommend ways to drastically lower your exposure.

For more information or to help you get started protecting your business, call ICC at 970.821.8592 or visit our website at iccusa.net

From computers to cell phones, tablets, and more, we are constantly connected and sharing data with the world. With October being Cybersecurity Awareness Month, our team here at ICC have gathered some tips to make sure you stay on top of your cybersecurity measures to keep your data protected.

1. Think before you click

Hackers will send emails disguised as shipping confirmations, past due notices, or emails from your boss. Take a second to think before you click, check the email address, and make sure nothing looks out of the ordinary.

2. Use multi-factor authentication (MFA)

Multi-factor authentication is an extra layer of protection when accessing your data. Once you enter your password, a code is sent to confirm your identity. MFA makes it harder for hackers to access your account.

3. Keep up with updates

Make sure to stay on top of all updates so your system isn’t left vulnerable to hackers. Outdated security measures and technology can put your system at risk or may cause crashes or downtime. An assessment conducted by the ICC team will help to ensure that your business’ software is up to date and secure.

4. Back up your data

Anything could happen at any time and it is best to be prepared! Back up your system often to improve restore times and accuracy. Work with our IT professionals at ICC and they will help you set a plan for backing up your data that suits your needs.

5. Ensure you understand all policies and procedures

Joining unsafe networks from your personal device when accessing company information could put your data at risk. Speak with us about safe ways to access this information and how to manage your risk.

6. Don’t overshare on social media

The information you post on social media is easier to find than ever. Be careful what you share for hackers are always on the prowl for easy access to data.

7. Ensure your security awareness training is ongoing

ICC is here to help! We have training sessions that can teach your employees how to recognize suspicious emails or activities.

8. Use your mobile devices securely

Open or public Wi-Fi networks can expose you to cybersecurity threats. When possible, use your own personal hot spot for internet access or your cellular data.

9. Look out for phishing scams

Phishing emails are the number one-way malware/ ransomware is delivered. We can provide email phishing training to your employees to lower the risk of opening unwanted emails and attachments.

10. Properly dispose of electronic media

ICC can help dispose of electronic hardware and devices, so it doesn’t fall into the wrong hands.

11. Create a cybersecurity friendly culture

Our team at ICC is here to help your team navigate the world of cybersecurity. We value our relationships and want to create the best plan of action according to your budget and needs.

12. Monitor your credit and financial statements

Keep an eye out for any suspicious charges or activity on your credit card or financial statements. Make sure to follow up with your financial institution if anything looks suspicious and update your passwords.

13. Don’t underestimate a hacker’s interest in your data

58% of cybersecurity attack victims are small businesses. Let us help protect your data and create a personalized I.T. strategy today.

14. Virtually and physically secure sensitive information

In our 20+ years of business, we have come across unlocked server rooms, servers placed out in the open, and passwords written on sticky notes. Data breaches aren’t always online so it’s important to keep your data protected and secure.

The ICC team is available to assess your business’ security, technology, and overall IT plan. Contact us today to learn more 970.821.8592.