Our Blog

If your ability to function as a business depends on your I.T. infrastructure, it is essential to conduct regular reviews of your cybersecurity strategy and risks. A Cyber Security Risk Assessment is a comprehensive look at your I.T. infrastructure, identification of vulnerabilities, along with strategic planning of future I.T. needs. If you currently work with an I.T. service provider, don’t automatically assume that they are doing this. Check in with them to make sure.

Generally, a Cyber Security Risk Assessment looks at all of a company’s cybersecurity focuses on things like open ports on a firewall, missing software patches, weak passwords, and email security. Once a review is complete, your I.T. provider should furnish a report that provides an overall risk score, outlines what was reviewed, any discovered concerns and how those concerns should be addressed. ICC, for instance, provides their customers a comprehensive report with recommendations that align with best security practices.

How often your company conducts a Cyber Security Risk Assessments may depend on the type of business. ICC typically runs reviews every quarter. It is important to remember that security threats are constantly evolving and you need regular reviews to understand where you need to invest in order to protect your business.

ICC offers regular cyber reviews of your business in order to provide peace of mind knowing you will be prepared on how to react to a cybersecurity event.

For more information on ICC’s Cyber reviews check out our latest video here. To start putting an I.T. review plan in place for your business, or to see an I.T. review report sample, give us a call at 970-821-8592.

Data breaches are an unfortunate reality in the business world these days. Even with the best security measures in place, cybercrime can happen. As much effort as you put into trying to prevent it from happening, it’s smart to make the same efforts in preparing for when it happens. That includes understanding how long it will take to recover from the incident and be up and running again.

There are so many factors that can influence the amount of time it will take to recover from a breach.  How much data do you have? What is your current backup solution? What type of data is it? Where is your data being stored?  Has someone been monitoring the backups for completion and integrity?  Is your server virtualized?

There are two strategies devised to answer those questions and to help develop the best plan to regain system functionality and restore lost data in the event of a breach:

• Recovery Point Objective (RPO): This evaluates how often your backup is being done, what kind of data you are backing up and how much data you could potentially lose in the event of a disaster.

• Recovery Time Objective (RTO): With a backup restore test, you can assess how long it takes to get you back up and running in the event of a date breach, and how long the company can conduct business with the disruption.

Together, RPO and RTO help determine your system’s capacities and limitations to make your recovery plan as efficient as possible. The better the plan, the quicker the recovery will be, restoring data in minutes as opposed to days. However, data recovery plans are not one size fits all. The strategy for RPO is very different than RTO and it is important to design your backups and plans accordingly.

We get that this may be too much to assess on your own. You can rely on ICC to help you define the best strategy for data recovery. To learn more, visit our YouTube video (at https://www.youtube.com/watch?v=gHLn6xXgffk) or give us a call at 970-821-8592.

As a small business, it is important to have a plan in place that allows you to act strategically and swiftly when a cybersecurity incident occurs, like data loss or service outage that threatens daily work.  An Incident Response Plan is a written set of instructions to help your staff detect a security breach, know how to respond to it, and what protocols to follow. The plan should encompass different types of cybercrime that could happen and what to do in each scenario. The plan may also include a list of personnel with their respective responsibilities. In addition to IT staff, the list of personnel may include legal, human resources, and public relations members.

There are generally six factors that will impact an Incident Response Plan:

• Preparation: Performing a risk assessment to prepare for potential cybercrimes
• Identification: Identifying the significance of the problem
• Containment: Isolating the problem so it doesn’t affect anything else
• Eradication: Upgrades and replacements
• Recovery: Restoring data and normal services
• Review: Lessons learned on how to prevent the problem from happening again

By developing an Incident Response Plan, you are taking proactive steps to protect your company and your customers’ data, maintain a healthy reputation in the community, and avoid having to pay large amounts of money in the case of a ransomware attack.  With cyberattacks up over 300% since the onset of COVID-19, having a plan allows you to have peace of mind knowing that a strategy is in place for keeping the business running in the event of a breach.

Many small businesses often don’t have the staff and expertise to come up with and maintain an Incident Response Plan. ICC can help you understand and put a comprehensive plan together so you can rest assured knowing you are prepared. ICC can also play a critical role in the implementation of the plan, technology, and any future troubleshooting.

For more information, or to get started, call ICC at 970.821.8592 or visit our website at iccusa.net.

If you or one of your employees opens the wrong email or clicks on the wrong link, it has the potential to be catastrophic to your business. Unfortunately, phishing has become harder and harder to detect. Phishing is an attempt by cyber-criminals to obtain sensitive information by disguising themselves as a trusted source through an email or text.  It only takes one click of the mouse on the wrong email link or file to give a hacker the access they need to bring down an entire network or enable a virus.

ICC can help to properly educate your employees on what to look for to prevent anything like that from happening. ICC’s Phishing Tests are an effective training tool that helps employees know how to identify malicious emails before they click on anything. The fake tests provide hypothetical real-life situations so employees can become vigilant towards such attempts.

Here also are a few tips employees can use to detect hazardous communication:

• Check Sender’s Email Address: Does the sender’s email address match the company name? If not, do not proceed to click on anything in that piece of communication.
• Investigate Before Clicking: Hover the mouse over a suspicious link to see where the link leads to. If the web address looks to have nothing in common with the email, best not to click it.
• Be Suspicious of Urgent Requests: Bank or credit card companies may ask for immediate action in some situations, but most of the time, be wary of requests for personal information in a quick timeframe.

Employees are a major contributor in your overall cybersecurity strategy. If they do not know how to identify possible attacks, they may click on the wrong link which may result in a hack or breach. Be sure to enroll in ICC’s Phishing Tests. By arming employees with the knowledge of cybersecurity best practices, your business can significantly reduce its exposure to attacks.

To learn more about our fake phishing tests, check out our latest video https://www.youtube.com/watch?v=rONaMSSkUVY

You can also call us at 970.821.8592 with any questions.

The reminders you see pop up on your computer screen to update software and applications should never be ignored. Those updates – also known as patches – ultimately serve to enhance the computer’s security and improve its stability. Patches are corrections to programming vulnerabilities found in the computer’s operating system, applications, and firmware. Hackers and malware exploit any vulnerabilities to illegally gain access to the system. Ignoring update notifications can lead to identity theft, data loss or damaged software. When the security patches are applied, they become a part of your line of defense in cyber protection and hackers/malware are no longer able to exploit this particular method of entry.

How often updates need to be installed greatly depends on the application or operating system. Some patches are released monthly and others vary as needed.  It is important that the patches are applied in a proactive manner so security policies are kept up to date. So, as tempting as it is, even when you are in the middle of working on a project, try not to put off the updates by choosing “remind me later.” When you do that, think of it as leaving your computer in a vulnerable state. Make sure to read the notification before clicking “Yes” or Install.”

Keeping your computers and software updated is an essential piece of cyber security. If you are unsure how the security patches are being managed for your company, or you don’t have the manpower, or even time to stay on top of system updates and maintenance, give us a call. We’ll start with a risk assessment and come up with a plan to make sure your computers are stable and protected.

For more information call ICC at 970.821.8592 or visit our website at iccusa.net.

Many businesses think they are too small to be affected by a cybersecurity attack. The reality is 58% of such attacks are directed at small businesses, and of these, 60% go out of business within 6 months from financial losses resulting from theft of banking information or disruption in their business.

Small businesses are an appealing target for cyber criminals because they don’t usually have the security in place that a lot of larger companies do. Many don’t have the proper cyber protection in place because they either feel they don’t need it, are using outdated cybersecurity strategies or they don’t want to make the investment. But isn’t your business worth protecting?

With many company employees working remotely these days, it’s more important than ever to think about cybersecurity. When more employees are using devices like laptops and iPads there’s a greater risk, and there’s a false sense of security working from home.  An email may look like it’s coming from a legitimate source, but it could very well be a phishing scam and lead to serious malware/ransomware on your device.

Performing a cybersecurity risk assessment is the first step in developing an updated strategy.  This allows vulnerabilities to be identified and discussed in order to develop a strong plan moving forward. Educating employees on what constitutes a dangerous e-mail and reminding them not to share passwords always helps. Installing security software and keeping software up to date can be effective in preventing a cyberattack. It’s also important to regularly back up files. If a cyberattack should happen and your data is compromised, files can be restored from backup files.

With small businesses being a prime target to attackers, having a sound cybersecurity plan in place is critical. ICC can perform a cyber security risk assessment that shows your risk levels and recommend ways to drastically lower your exposure.

For more information or to help you get started protecting your business, call ICC at 970.821.8592 or visit our website at iccusa.net

From computers to cell phones, tablets, and more, we are constantly connected and sharing data with the world. With October being Cybersecurity Awareness Month, our team here at ICC have gathered some tips to make sure you stay on top of your cybersecurity measures to keep your data protected.

1. Think before you click

Hackers will send emails disguised as shipping confirmations, past due notices, or emails from your boss. Take a second to think before you click, check the email address, and make sure nothing looks out of the ordinary.

2. Use multi-factor authentication (MFA)

Multi-factor authentication is an extra layer of protection when accessing your data. Once you enter your password, a code is sent to confirm your identity. MFA makes it harder for hackers to access your account.

3. Keep up with updates

Make sure to stay on top of all updates so your system isn’t left vulnerable to hackers. Outdated security measures and technology can put your system at risk or may cause crashes or downtime. An assessment conducted by the ICC team will help to ensure that your business’ software is up to date and secure.

4. Back up your data

Anything could happen at any time and it is best to be prepared! Back up your system often to improve restore times and accuracy. Work with our IT professionals at ICC and they will help you set a plan for backing up your data that suits your needs.

5. Ensure you understand all policies and procedures

Joining unsafe networks from your personal device when accessing company information could put your data at risk. Speak with us about safe ways to access this information and how to manage your risk.

6. Don’t overshare on social media

The information you post on social media is easier to find than ever. Be careful what you share for hackers are always on the prowl for easy access to data.

7. Ensure your security awareness training is ongoing

ICC is here to help! We have training sessions that can teach your employees how to recognize suspicious emails or activities.

8. Use your mobile devices securely

Open or public Wi-Fi networks can expose you to cybersecurity threats. When possible, use your own personal hot spot for internet access or your cellular data.

9. Look out for phishing scams

Phishing emails are the number one-way malware/ ransomware is delivered. We can provide email phishing training to your employees to lower the risk of opening unwanted emails and attachments.

10. Properly dispose of electronic media

ICC can help dispose of electronic hardware and devices, so it doesn’t fall into the wrong hands.

11. Create a cybersecurity friendly culture

Our team at ICC is here to help your team navigate the world of cybersecurity. We value our relationships and want to create the best plan of action according to your budget and needs.

12. Monitor your credit and financial statements

Keep an eye out for any suspicious charges or activity on your credit card or financial statements. Make sure to follow up with your financial institution if anything looks suspicious and update your passwords.

13. Don’t underestimate a hacker’s interest in your data

58% of cybersecurity attack victims are small businesses. Let us help protect your data and create a personalized I.T. strategy today.

14. Virtually and physically secure sensitive information

In our 20+ years of business, we have come across unlocked server rooms, servers placed out in the open, and passwords written on sticky notes. Data breaches aren’t always online so it’s important to keep your data protected and secure.

The ICC team is available to assess your business’ security, technology, and overall IT plan. Contact us today to learn more 970.821.8592.

Technology is everchanging, and as businesses continue to evolve and adapt in the world, they must keep up. From the cloud to updated software and new applications, updating your technology is essential. If you do not update your technology, there are many risks that can affect your business such as security, system downtime, higher support costs, and trailing behind the competition.

Security

The most important risk factor for outdated technology is security. With the capabilities of the internet, and technology today, security is a number one priority in keeping your business safe. With new online scams popping up every day, outdated software and security tools can compromise your business operations. A proper assessment will ensure your systems are safe.

Crashes and system downtime

Nowadays, business takes place 24/7, 365 days a year. Computers and operating systems are important to your daily business and must always be working efficiently and effectively. If your security or software applications are not updated, you may experience crashes and system downtime. Software updates become outdated and may not be readily available if your system unexpectedly comes to a halt. That is why it is important to stay on top of security patches.

Higher support costs

A risk of using outdated technology is the cost you can incur maintaining and repairing it. Older technology is less energy-efficient than today’s technology and uses more power. It also takes more time to keep older systems up and running. In addition, updates may not be readily available with an older system. Although new technology may be more costly upfront, the cost will balance itself out with less need for maintenance and repair as time goes on.

Sets you behind your competition

Older technology may not produce results as quickly, leaving your business operating slower and not functioning at its full capacity. Time is money, and an updated system will help produce work faster and keep you in line with your competition. If your competitors continue to advance their technology and you trail behind, your business will be left trying to catch up.

If you have questions about your systems technology and would like the ICC team to assess your needs, contact us at 970.821.8592 or at info@iccusa.net.

We are proud to announce Josh Layton as our newest employee here at Integrated Computer Consulting (ICC). He will be working in the Business Development department to assist in growing our clientele here in northern Colorado.

Josh comes to us from Limon, Colorado. He studied Finance at the University of Denver and has held various positions in multiple industries before becoming an IT technician and then moving into sales. Josh has experience in healthcare IT solutions and with a background in finance can assist clients in understanding their system and cost analysis.

Josh will bring professionalism, attention to detail, and great communication to our clients to make the overall sales process an enjoyable experience.

When Josh is not selling IT solutions, he enjoys spending time with his fiancé, Jennifer, and his 9- year old daughter, Adilynn as well as going to the gym, golfing, hiking, and wake surfing. He also has four pets: a 2.5-year-old puggle named, Henri, a 7-month-old golden retriever named Dug, and two fish names Glowie and ‘Merica.

We are so happy to have Josh Layton on our ICC team!

With the majority of work being completed online with access to company information, assessing your cybersecurity risk is critically important for keeping your company’s private and valuable information safe.

What is a Cyber Security Risk Assessment?

A Cyber Security Risk Assessment is a service that ICC provides to assess the data that is at risk when a cyber breach occurs.

What does a Cyber Security Risk Assessment entail?

ICC uses leading assessment tools that run in your environment for a period of days to gather information. ICC will compile the results and present this information in an easy to understand format. ICC’s assessment includes:

Data Risk Assessment – Data such as PHI, payment info, health records, photos, addresses, names, SSNs, etc. will be assessed. If that data is not properly protected or destroyed if not needed, it can lead to serious financial implications.

Fake Phishing Test – Since 91% of attacks come though employees clicking on malicious links, phishing tests are important for assessing risk.

Patch Management Status – The status of an operating system and application patches is a huge factor in the overall strength of a network’s ability to ward off attacks.  If the operating system is outdated or the patches are not current, this is a huge vulnerability and can leave your business exposed to malware/ransomware.  Additionally, updates for applications like Java and Adobe are two avenues hackers will use to gain access.

Dark Web Scan – What data has been compromised from employees and the business.

Scanning Network Port and Service – Yes, if certain ports are left open, someone can gain access to your network simply by typing an IP address in their browser’s address bar.  ICC examines the vulnerable ports which can allow access to sensitive information.

Network Mapping – ICC will provide a network diagram for you to see how the network is connected and where the emphasis should be directed.

Reporting – ICC will compile a detailed report of all findings as well as any recommendations for a secure computing environment.

Incident Response Plan – This is an additional service ICC can provide to your cybersecurity assessment.  ICC will outline a very detailed set of instructions in case of a variety of scenarios such as a breach, physical theft, server crash, cyber-attack, or even natural disasters. This service is not included in the assessment.

The I.T. landscape has changed and a cybersecurity risk assessment is critical.  Cyber-attacks have increased by 72%, especially with COVID-19.  With technology being such a crucial component of any business’s ability to operate, proper management and security practices are important for the health of a business’s network and the safety of patient/client data.  Many businesses feel as though they are not a target or simply choose not to employ the resources to protect themselves against an attack. This will have a significant financial impact when data or the network are compromised. For more information on ICC’s cybersecurity risk assessment, give us a call at 970.821.8592 or contact us at info@iccusa.net.