Our Blog

There’s a place on the Internet called the dark web, but there’s a good chance you’ve never heard of it. The dark web is a collection of websites on the Internet that is not visible to search engines or the general user. It can only be accessed using special software. Even if you never plan to visit the dark web, you need to be aware of its existence. The dark web is where cybercriminals go to buy and sell illegally obtained materials such as compromised passwords, identity information, payment information, and much more.  

Think of the Internet as having three layers. The top layer, which is what we know as the world wide web and where normal webpages reside.  This top layer only accounts for 4% of all Internet content.

The next layer is the “deep web.” This would pertain to web pages like healthcare records, payment information, and subscription services – web pages that would contain confidential consumer information and have strong security protocols to access.  

The deepest layer–and the one we’re focusing on here–is the dark web. The dark web hosts 6% of all Internet content. That is a scary number when you consider that the dark web serves as a clearinghouse for buying and selling stolen and illegal information.  It utilizes specific software and payment methods to ensure anonymity.  

If you’re just learning about the dark web, you may be feeling a bit defenseless against it. Luckily, there are ways to protect your business from the dark web. As part of its comprehensive cybersecurity plan, ICC monitors the dark web for your credentials.

It is important to remember that scanning the dark web is just a small piece of the cybersecurity pie.  ICC puts several cybersecurity tactics in place to significantly reduce the possibility of an attack and protect your data. At a minimum, a comprehensive cybersecurity strategy should include email security, network security, monitored backups, test restoring, employee education, and Quarterly Cybersecurity Reviews to boost your defenses against cybercriminals. If you are missing one piece of the pie, you may be exposed to cyber-attacks and could be faced with significant business disruption.

If you’d like us to do a little digging into the dark web on your behalf and put a full defense plan in place, give ICC a call at (970) 821-8592. You can also check out our latest video about the dark web on YouTube (https://www.youtube.com/watch?v=831BBl6pfEU).

The number of data breaches is increasing at an alarming rate and can happen when you least expect them.  Your business’s backup strategy is a very important piece of the cybersecurity pie. If a data breach occurs, it is important to remember that time is of the essence. There are many factors to consider when designing your backup and disaster recovery plan.

Some business owners believe their data is being backed up, but that is not always the case. Many times, while onboarding a new client, we discover that their backups have not been working for weeks. If your I.T. provider is not monitoring your backups for completion and/or corruption, you may be exposed to cyber-attacks and could be faced with significant business disruption.

Additionally, when considering your backup needs ICC will review two main factors: RTO and RPO.

• RTO (Recovery Time Objective): This refers to the amount of time it will take to restore data.
• RPO (Recovery Point Objective): This refers to how much data is at risk if a total failure occurs, which is often related to how often the data is backed up.

If you’re unsure that your system is being properly backed up give ICC a call at (970) 821-8592. ICC will work to give you the best defense strategy against a data breach.

No doubt we are living in a fast-paced, high-tech world. What we can accomplish on a computer is getting faster and more efficient, and updates to computer operating systems are coming out quicker than ever. Every month, developers like Microsoft and Apple release updates and patches to their operating systems. This is because they have identified a vulnerability in the code that needs to be fixed before a hacker can exploit the issue.

When an operating system has run its course and can no longer meet the demands of new hardware/software, the developer will introduce a new version and set a date that the old version will no longer be supported. This is known as “End of Life.”  When the old version becomes End of Life, this means the developer will no longer issue security updates and patches. Outdated operating systems can present major cybersecurity risks because now the hackers can easily exploit flaws in the code to gain access.

In addition to cybersecurity, there are reasons to patch and upgrade your operating system. As time goes by, an old operating system’s performance will get slower. Employees may look for new features that won’t be available to them because of an outdated system. Additionally, in industries such as finance and healthcare, the operating systems must be current in order to be in compliance with regulatory standards.

Many small companies likely postpone upgrading their systems due to the interruption it may cause, potential software compatibility issues, or a lack of understanding to the severity of an outdated system. That is why ICC takes a systematic approach to the upgrade process and develops a strategy to deal with any problems that may occur.  It is critical to proactively manage security tactics to protect your systems from malicious attacks.

It is important to remember that proactive Patch Management is only one small piece of the cybersecurity pie.  ICC puts a number of cybersecurity tactics in place to minimize your exposure and significantly reduce the possibility of an attack. At a minimum, a cybersecurity strategy should include patches and updates, email security, network security, monitored backups, employee education, and Quarterly Cybersecurity Reviews. If you are missing one piece of the pie, you may be exposed to cyber-attacks and could be faced with significant business disruption.

If you’re unsure about which operating system you are using or how to transition to a supported platform, give ICC a call at (970) 821-8592. We can come up with a plan that is a cost-efficient solution for your business.

Learn more about ICC at iccusa.net.

‍

Hacking has become pretty common in the business world. Small businesses especially are frequent targets. Hackers assume small businesses don’t have the expertise or budget to put the proper security in place. Additionally, with more and more employees working from home there is a greater chance of weak links and insecure platforms being used, making it easier for hackers to get into a company’s system. It’s important to stay on top of the many ways hackers are accessing proprietary data. Read on to see ten common tactics hackers are using and how they make your company cyber-vulnerable.  

1)      Deep Fakes: This term refers to the use of artificial intelligence to manipulate the images of a video. People are lured into watching the video because they think it’s legitimate. They are often used in phishing scams, identity theft and financial fraud.

2)      Rampant Ransomware: Ransomware is becoming more complex. It is often spread through phishing emails that contain corrupt attachments or links.

3)      Tech Threats: Smartphones and handheld devices are aggressively becoming bigger targets. A cybercriminal can access an entire network through an unprotected mobile device.

4)      WiFi Compromises: There is an increased chance that remote employees could inadvertently work on an open or unsecure platform.  

5)      Website Hacking: This involves the insertion of code into websites to access sensitive data including credit card information.  

6)      Cloud Attacks: Cyber criminals are aware that the cloud can be a less secure place for sensitive data and will undoubtedly use that to their advantage. Once hackers have access to a cloud service provider, they can use the cloud infrastructure to navigate from one target to another.

7)      Spear Phishing: Phishing will continue to be an effective mode of security-breaching.  

8)      Unsupported Windows 7: Windows recently ended support for Windows 7, meaning its security measures are no longer being updated by Microsoft.  Make sure your company’s systems are running on the current operating systems.  

9)      Untrained Employees: It is important for employers to be aware of the human factor in cyber security. Train employees on how to be cyber-vigilant.

10)   Internal Vulnerabilities: Companies tend to grant sensitive data access to too many employees. Plus, companies tend to use the same passwords for multiple platforms, which is never a safe idea.  

ICC takes strategic steps to mitigate these security risks and help prevent your company from being attacked. We implement the best tech practices, use new cyber technologies, conduct staff training and testing to identify a cyber adversary, and even come up with an Incidence Response Plan so your company knows how to react to potential threats. To learn more give us a call at 970-821-8592.

If your ability to function as a business depends on your I.T. infrastructure, it is essential to conduct regular reviews of your cybersecurity strategy and risks. A Cyber Security Risk Assessment is a comprehensive look at your I.T. infrastructure, identification of vulnerabilities, along with strategic planning of future I.T. needs. If you currently work with an I.T. service provider, don’t automatically assume that they are doing this. Check in with them to make sure.

Generally, a Cyber Security Risk Assessment looks at all of a company’s cybersecurity focuses on things like open ports on a firewall, missing software patches, weak passwords, and email security. Once a review is complete, your I.T. provider should furnish a report that provides an overall risk score, outlines what was reviewed, any discovered concerns and how those concerns should be addressed. ICC, for instance, provides their customers a comprehensive report with recommendations that align with best security practices.

How often your company conducts a Cyber Security Risk Assessments may depend on the type of business. ICC typically runs reviews every quarter. It is important to remember that security threats are constantly evolving and you need regular reviews to understand where you need to invest in order to protect your business.

ICC offers regular cyber reviews of your business in order to provide peace of mind knowing you will be prepared on how to react to a cybersecurity event.

For more information on ICC’s Cyber reviews check out our latest video here. To start putting an I.T. review plan in place for your business, or to see an I.T. review report sample, give us a call at 970-821-8592.

Data breaches are an unfortunate reality in the business world these days. Even with the best security measures in place, cybercrime can happen. As much effort as you put into trying to prevent it from happening, it’s smart to make the same efforts in preparing for when it happens. That includes understanding how long it will take to recover from the incident and be up and running again.

There are so many factors that can influence the amount of time it will take to recover from a breach.  How much data do you have? What is your current backup solution? What type of data is it? Where is your data being stored?  Has someone been monitoring the backups for completion and integrity?  Is your server virtualized?

There are two strategies devised to answer those questions and to help develop the best plan to regain system functionality and restore lost data in the event of a breach:

• Recovery Point Objective (RPO): This evaluates how often your backup is being done, what kind of data you are backing up and how much data you could potentially lose in the event of a disaster.

• Recovery Time Objective (RTO): With a backup restore test, you can assess how long it takes to get you back up and running in the event of a date breach, and how long the company can conduct business with the disruption.

Together, RPO and RTO help determine your system’s capacities and limitations to make your recovery plan as efficient as possible. The better the plan, the quicker the recovery will be, restoring data in minutes as opposed to days. However, data recovery plans are not one size fits all. The strategy for RPO is very different than RTO and it is important to design your backups and plans accordingly.

We get that this may be too much to assess on your own. You can rely on ICC to help you define the best strategy for data recovery. To learn more, visit our YouTube video (at https://www.youtube.com/watch?v=gHLn6xXgffk) or give us a call at 970-821-8592.

As a small business, it is important to have a plan in place that allows you to act strategically and swiftly when a cybersecurity incident occurs, like data loss or service outage that threatens daily work.  An Incident Response Plan is a written set of instructions to help your staff detect a security breach, know how to respond to it, and what protocols to follow. The plan should encompass different types of cybercrime that could happen and what to do in each scenario. The plan may also include a list of personnel with their respective responsibilities. In addition to IT staff, the list of personnel may include legal, human resources, and public relations members.

There are generally six factors that will impact an Incident Response Plan:

• Preparation: Performing a risk assessment to prepare for potential cybercrimes
• Identification: Identifying the significance of the problem
• Containment: Isolating the problem so it doesn’t affect anything else
• Eradication: Upgrades and replacements
• Recovery: Restoring data and normal services
• Review: Lessons learned on how to prevent the problem from happening again

By developing an Incident Response Plan, you are taking proactive steps to protect your company and your customers’ data, maintain a healthy reputation in the community, and avoid having to pay large amounts of money in the case of a ransomware attack.  With cyberattacks up over 300% since the onset of COVID-19, having a plan allows you to have peace of mind knowing that a strategy is in place for keeping the business running in the event of a breach.

Many small businesses often don’t have the staff and expertise to come up with and maintain an Incident Response Plan. ICC can help you understand and put a comprehensive plan together so you can rest assured knowing you are prepared. ICC can also play a critical role in the implementation of the plan, technology, and any future troubleshooting.

For more information, or to get started, call ICC at 970.821.8592 or visit our website at iccusa.net.

If you or one of your employees opens the wrong email or clicks on the wrong link, it has the potential to be catastrophic to your business. Unfortunately, phishing has become harder and harder to detect. Phishing is an attempt by cyber-criminals to obtain sensitive information by disguising themselves as a trusted source through an email or text.  It only takes one click of the mouse on the wrong email link or file to give a hacker the access they need to bring down an entire network or enable a virus.

ICC can help to properly educate your employees on what to look for to prevent anything like that from happening. ICC’s Phishing Tests are an effective training tool that helps employees know how to identify malicious emails before they click on anything. The fake tests provide hypothetical real-life situations so employees can become vigilant towards such attempts.

Here also are a few tips employees can use to detect hazardous communication:

• Check Sender’s Email Address: Does the sender’s email address match the company name? If not, do not proceed to click on anything in that piece of communication.
• Investigate Before Clicking: Hover the mouse over a suspicious link to see where the link leads to. If the web address looks to have nothing in common with the email, best not to click it.
• Be Suspicious of Urgent Requests: Bank or credit card companies may ask for immediate action in some situations, but most of the time, be wary of requests for personal information in a quick timeframe.

Employees are a major contributor in your overall cybersecurity strategy. If they do not know how to identify possible attacks, they may click on the wrong link which may result in a hack or breach. Be sure to enroll in ICC’s Phishing Tests. By arming employees with the knowledge of cybersecurity best practices, your business can significantly reduce its exposure to attacks.

To learn more about our fake phishing tests, check out our latest video https://www.youtube.com/watch?v=rONaMSSkUVY

You can also call us at 970.821.8592 with any questions.

The reminders you see pop up on your computer screen to update software and applications should never be ignored. Those updates – also known as patches – ultimately serve to enhance the computer’s security and improve its stability. Patches are corrections to programming vulnerabilities found in the computer’s operating system, applications, and firmware. Hackers and malware exploit any vulnerabilities to illegally gain access to the system. Ignoring update notifications can lead to identity theft, data loss or damaged software. When the security patches are applied, they become a part of your line of defense in cyber protection and hackers/malware are no longer able to exploit this particular method of entry.

How often updates need to be installed greatly depends on the application or operating system. Some patches are released monthly and others vary as needed.  It is important that the patches are applied in a proactive manner so security policies are kept up to date. So, as tempting as it is, even when you are in the middle of working on a project, try not to put off the updates by choosing “remind me later.” When you do that, think of it as leaving your computer in a vulnerable state. Make sure to read the notification before clicking “Yes” or Install.”

Keeping your computers and software updated is an essential piece of cyber security. If you are unsure how the security patches are being managed for your company, or you don’t have the manpower, or even time to stay on top of system updates and maintenance, give us a call. We’ll start with a risk assessment and come up with a plan to make sure your computers are stable and protected.

For more information call ICC at 970.821.8592 or visit our website at iccusa.net.

Many businesses think they are too small to be affected by a cybersecurity attack. The reality is 58% of such attacks are directed at small businesses, and of these, 60% go out of business within 6 months from financial losses resulting from theft of banking information or disruption in their business.

Small businesses are an appealing target for cyber criminals because they don’t usually have the security in place that a lot of larger companies do. Many don’t have the proper cyber protection in place because they either feel they don’t need it, are using outdated cybersecurity strategies or they don’t want to make the investment. But isn’t your business worth protecting?

With many company employees working remotely these days, it’s more important than ever to think about cybersecurity. When more employees are using devices like laptops and iPads there’s a greater risk, and there’s a false sense of security working from home.  An email may look like it’s coming from a legitimate source, but it could very well be a phishing scam and lead to serious malware/ransomware on your device.

Performing a cybersecurity risk assessment is the first step in developing an updated strategy.  This allows vulnerabilities to be identified and discussed in order to develop a strong plan moving forward. Educating employees on what constitutes a dangerous e-mail and reminding them not to share passwords always helps. Installing security software and keeping software up to date can be effective in preventing a cyberattack. It’s also important to regularly back up files. If a cyberattack should happen and your data is compromised, files can be restored from backup files.

With small businesses being a prime target to attackers, having a sound cybersecurity plan in place is critical. ICC can perform a cyber security risk assessment that shows your risk levels and recommend ways to drastically lower your exposure.

For more information or to help you get started protecting your business, call ICC at 970.821.8592 or visit our website at iccusa.net