Enable your business to thrive in a disruptive world

/0 Comments/in , , , , , , , /by

Digital Trust is a make or break for your business

In today’s digital world where most business is done online and data breaches are becoming more common, digital trust has become a valuable commodity for those companies that earn it. This phenomenon – where trust has become the currency of which businesses differentiate themselves from others – is starting to change the way businesses look at security. A report by CA Technologies, says that 86% surveyed said that security is more important to them than convenience when choosing a product or service online. What does Digital Trust mean? We do business with those whom we trust, but we do more business with those whom we trust more.

Digital trust is under attack

Unfortunately, digital trust is under attack more than ever before:

  • 300% spike in cybercrime during the COVID-19 pandemic
  • 57% of attacks are missed by traditional antivirus solutions
  • 69% of businesses spend more time managing tools than defending against the threats

Only the cyber resilient will survive and thrive. Digital transformation has not only brought new business models and opportunities, but also new vulnerabilities. Advanced threats and attacks push the security of most companies to their limits. More remote workers increase the exposure to security risks, and most organizations lack the expertise to deal with increasingly complex threats. So while businesses are becoming aware of the importance of cybersecurity, most have no idea whether they are sufficiently protected or not.

How protected is your business?

While cybercriminals can destroy your business and all you built, 83% of business owners don’t have a contingency plan for dealing with security threats. As a result, when attacks happen – even small ones – they can be incredibly costly and time-consuming.

When thinking about your cyber protection strategy, there are important questions that need to be asked. Foremost among them: Are the critical assets that power your business safeguarded? Those assets include your data, devices, and, just as important, your reputation.

Why your business should outsource your security strategy

Like most business owners, you want to focus on your core business – your drive and area of expertise likely isn’t cybersecurity.

Outsourcing your cybersecurity strategy makes sense because, if chosen properly, a managed service provider (MSP) can ensure the unique cybersecurity needs of your organization are met, enabling you and your employees to focus on the business. If they truly understand your business’s unique priorities and risk tolerances, the right MSP can keep your cybersecurity effective and as simple as possible – becoming a trusted advisor and an extension of your team. 

So, one of the most important skills of any technology partner is excellent listening skills. A managed service provider should be your trusted advisor and fit into your environment (not the other way around) to become a true partner and part of your team. By focusing on your point of view and aligning with your business goals, an MSP can build a security program specific to your business’s needs. Ensuring your organization’s cyber resilience makes it a safe, thriving environment that welcomes innovation, maximizes productivity, and is able to cultivate the digital trust of your customers.

A sound cybersecurity practice is not just technology: it’s people

Enabling cyber resilience means ensuring your business uses best-in-class technology, but it also is reinforced with people. A trusted technology partner should be an expert in providing cyber leadership. Comprehensive endpoint detection, protection, and response plans enable an MSP to help you monitor and manage all of your business’s data, applications, and systems – regardless of location. Balancing that technology with human intelligence is critical. Security awareness, training, and processes that enable your team as the first line of defense are key to thriving in today’s disruptive world.

Its time to make digital trust a top priority

Over the past year, people around the world have moved online and now conduct most of their lives digitally – whether personal or professional. For most, this shift has required increased trust from all of us. The shift to a digital world impacts your business, its brand, and the trust of your customers. Trust is a big business; loss of consumer trust can wreak havoc on your business’s brand reputation and finances.

Keeping cybersecurity as simple as possible and instilling a relationship with a trusted IT technology partner who understands your unique business requirements are key to a successful outcome in today’s disruptive world.

Microsoft’s New Commerce Experience

/0 Comments/in /by

Microsoft’s New Commerce Experience is now available for all per-user subscriptions.

Unfamiliar with New Commerce Experience (NCE)? It was initially announced back in 2019 with Azure as a simplified journey for both the customer and the partner to transact a consistent and standardized purchase motion. This time around, New Commerce Experience is transitioning subscriptions like Office 365, Microsoft 365, Windows 365, Power Platform and more to the same purchase motion.

What is the impact to my business?

New platform updates will be adjusted to align with Microsoft New Commerce Experience. For example:

  • New subscription term options: Monthly, Annual (Paid Monthly or Upfront), 36-Month Subscriptions (Paid Monthly, Annual, Upfront)
  • New monthly-term offers with a 20% price premium for customers who need term and seat-count flexibility
  • Consistent cancellation policies: Seat-based offer terms in new commerce (limited to the first 72 hours* of the term with prorated refund)
  • Easier Subscription Management: Option to blend short- and long-term offers for customers with seasonal or business-volume fluctuations
  • Subscription ownership enforcement that prevents multiple purchases of free trials and small-to-medium business (SMB) offers from different partners
  • Eased transition to New Commerce: Tooling that streamlines the transition of existing subscription in CSP legacy to NCE
  • Easier adoption of new products, including streamlined trial conversions and add-ons available separately in the CSP catalog

*72 hours is based on UTC and includes weekends and bank holidays

How does the New Commerce Experience differ from CSP today?

There will be some changes in customers’ subscriptions from the existing CSP experience. With additional flexibility through subscription types and ability to mix-and-match through NCE, the customer should be prepared to commit to the full term of the subscription. If not, to cancel within the 72-hour grace period* for a prorated refund.

Please find some of the changes that can impact your business.

Subscription Management

Questions around NCE?

Our Account Managers are here to help you navigate the changes. Please send them an email or reach out to us at info@cit-net.com or call 651.255.5780.

CIT Achieves Blue Diamond Partner Status with Datto

/0 Comments/in /by

Computer Integration Technologies, Inc. (CIT) Achieves Blue Diamond Partner Status with Datto

CIT has achieved exclusive Blue Diamond partner status with Datto, the leading global provider of cloud-based software and technology solutions purpose-built for delivery by managed service providers (MSPs). Datto Blue Diamond status represents the top 2 percent of the company’s partners, worldwide. 

CIT has exceeded high standards of performance to qualify for Blue Diamond status within Datto’s Global Partner Program, the highest classification provided by Datto.  Blue Diamond’s status includes many exclusive programs and benefits designed to support further enablement and business growth.

CIT has been a Strategic Partner with Datto since May 11, 2011. Datto provides us with the training, education, and resources necessary to accelerate our business growth. It’s an honor to be acknowledged for putting these products and tools to use and demonstrating success.

“We are thrilled to recognize CIT as a Blue Diamond Partner,” said Rob Rae, senior vice president of business development, Datto. “We are committed to providing CIT and all of our partners with the necessary capabilities to develop deep relationships with their customers and keep growing their brands and businesses. We look forward to more success from CIT in future years, as we continue to roll out new partner services.”

Learn more about CIT

Comparing Zix Layered Protection With a Recent Breach

/0 Comments/in , , /by

Reflecting on the recent SolarWinds breach and exploitation of the Microsoft Exchange 0-day, the associated threat actors started from the beginning of the Cyber Threat Cycle. They needed to run reconnaissance to identify the right target and instigate the initial attack.

This is key to the first part of Zix Layered Protection. Preventing the initial attack takes the least amount of resources and can save the organization the biggest headache. Further, many fail to realize that the majority of successful attacks are rooted in well-established techniques. Similar to the principles of their security counterparts, threat actors balance sophisticated techniques with ease of use. If there is an easy way to infiltrate a target, they will always go that route. The SolarWinds breach was years in the making, as sophisticated as the technique was to drop malware into the SolarWinds Orion system, the breach was almost certainly started with an email. We can make this assumption given the evidence that has been discovered.

Inside the SolarWinds breach

Reconnaissance and attacking the target

There are numerous ways to collect reconnaissance from a target to determine the right attack, and in the SolarWinds case it would appear that email was a primary research tool and ultimately the attack vector.

Points of evidence:

  • According to the SEC filing, email was a primary attack vector during the initial SolarWinds attack and APT29 are known to launch phishing attack campaigns as a tactical strategy.
  • During the Malwarebytes breach, their investigation uncovered that the, “attackers leveraged a dormant email protection product within their own O365 tenant.”
  • Microsoft reported to Crowdstrike that a reseller account was being used to read emails that were linked to Crowdstrike.

Infiltrating the target and evading detection

With a spear phishing attack the technique most likely to have been used to initially compromise SolarWinds, there was still no guarantee that the threat actors would be able to move within the environment without the right privileges and ensuring that their activities were going undetected.

Yet according to published details:

  • Hackers gained privileged access to restricted systems
  • Hackers were communicating via Command and Control infrastructure
  • Hackers were altering file systems to prevent detection

Considering these key points, an effective advanced email threat prevention and encryption solution must be part of the layered security framework.

Read more about the cyber threat cycle

Break the Cyber Threat Cycle Part II

/in , , /by
The cyber threat cycle

Start out with Part I of this series

Prevent the initial reconnaissance and attack with an effective advanced threat protection and email encryption solution coupled with enforcing multi-factor authentication for user logins.

97% of users are still not able to detect a sophisticated phishing attack. SolarWinds is just another reminder that email continues to be core to the Cyber Threat Cycle. It is the most difficult to secure and the easiest to exploit. While security organizations validly discuss new attack techniques and the potential of these being used, there is a never-ending list of evidence that:

  • Email is a treasure trove of reconnaissance information
  • Email attacks are very cheap for the threat actor to execute
  • Employees are no more effective at detecting a phishing attack intended to steal their credentials or malware intended to compromise their endpoint today than they were years ago.

Detect the presence of a threat actor with a security audit or monitoring solution

Highly effective email defense with a better than 99.9% effectiveness rating against phishing and malware will close 95% of your prevention gap. We are aware that threat actors will figure out other ways to get into your network, so developing approaches to protect other vectors will be necessary. However, you can quickly close this gap while evaluating other tools by leveraging a security auditing service. Particularly a solution that focuses on:

  • Identifying weaknesses in user login and authentication
  • Identifying suspicious behavior related to mailbox rules and email communication

As the SolarWinds breach proved, the threat actors needed to gain access to secured development environments. In that context, monitoring for weaknesses in simple policies like regularly changing passwords, or where a user may be logging into a system from a remote location, can be a clear indication that someone not employed by the organization has made it into your network.

Furthermore, we know in every case of a major breach, when the threat actor has infiltrated the business, they must communicate to something on the outside to retrieve further instructions, files, or exfiltrate internal intelligence. Monitoring for email forwarding rules or activity such as immediately deleting sent messages on an automated basis should set off a red alert.

Therefore a security audit or monitoring tool to detect internal suspicious behavior is a must for the layered protection strategy.

Zix Layered Protection

Act on any suspicious behavior through containment and remediation to prevent attacker success.

As you put in place the two main components to prevent and detect malicious behavior, the third motion must be in response to what may have failed. As we’ve indicated, businesses can implement every security solution pitched to them by the hundreds of security vendors available, but Zix Layered Protection is intended to keeping your security as simple as possible while maximizing your time and investment. To complete this goal, the response to the potential breach must be immediate. The goal should be to maintain business productivity even in the face of an attack. Most growing businesses may not have the time or expertise to immediately triage the incident, but they can begin their response and remediation process at no risk. Those tasks at a minimum should be:

  • Immediately remove any malicious email that may have landed within the targeted employee’s inbox.
  • Scan the targeted employee’s login activity and require any vulnerable passwords to be changed immediately (enforce MFA if disabled).
  • Immediately clear their file systems and provide the targeted employee with a clean working copy of their data.

Zix Layered Protection enables organizations to maintain productivity through Zix Backup and Recovery services. Coupled with message retraction and account lock-down, latent threats can be rapidly eliminated.

How does Zix Layered Protection break the Cyber Threat Cycle?

Zix Secure Cloud turns a complex plan into a simple operational model.

Zix Secure Cloud turns a complex plan into a simple operational model

Protect

Advanced Email Encryption

The gold standard of encryption secures the email channel so that threat actors cannot hijack the SMTP conversation via a man-in-the-middle attack. With Zix’s Best Method of Delivery regardless of who the organization communicates with, business insights are fully protected from inbox to inbox.

Advanced Email Threat Protection

Today’s top attack technique continues to be advanced phishing and malware-based attacks. Zix Advanced Email Threat Protection is rated one of the most effective solution in 3rd party testing:

  • Phishing Detection Rate: 99.9%
  • Threat (Malware, ransomware, etc.) Detection Rate: 100%
  • Accuracy Rate: 99.994%

With Zix acting as the first layer of defense the initial compromise is mitigated exponentially.

Azure AD Multi-factor Authentication

Relying on users to detect a phishing URL is a recipe for allowing cybercriminal access to their endpoint. By enforcing multi-factor authentication that is built into every M365 bundle, security teams can close this gap and solve the protection need.

Detect

Security Audit (Detect & Alert)

While the protection components exponentially reduce the attack surface, the risk for internal negligence does exist. Continuous monitoring and detection within Zix Security Audit adds a layer of scanning that quickly identifies suspicious activity that bypassed the security gateway. With compromised credentials being the key to establishing a foothold, being able to detect suspicious user activity such as low-end employees having administrative access, or Finance employees suspiciously forwarding work email to a personal email address becomes essential to containing the threat.

Advanced Email Threat Protection Threat Analyst Support

Combined with insights from the Zix Security Audit, customers can work directly with Zix Phenomenal Care and Threat Analyst to immediately develop and implement a mitigation strategy to stop subsequent attacks. This is a unique value-add that is essential to making Zix Layered Protection effective.

Respond

Security Audit (Detect & Alert)

Integrated within the Security Audit are actionable response steps to stop threat actors in their tracks such as locking the user out of the environment.

Advanced Email Threat Protection (Message Retraction)

An additional response step to take once a threat is discovered is to remove any existence of malicious email that may have been launched internally from the compromised account. Message retraction provides the ability to immediately reduce the risk to anyone else that may have been targeted.

Backup & Recovery

Any response goal must keep employee productivity in mind. With Zix Backup and Recovery services, even if the attacker’s goal was to corrupt corporate data or hold the data for ransom, the business has peace of mind knowing that they have a clean copy of their data to keep their business going.

Advanced Email Encryption (DLP)

Insight into what the attacker may have been after can provide an advantage to keeping this data secure. With Data Loss Prevention policies within Zix Advanced Email Encryption, security personnel are notified if key information is attempted to be extracted via email.

Enabled by Zix Secure Cloud

Enabled by Zix Secure Cloud

Zix Secure Cloud plus Azure AD Multi-factor Authentication encompasses layered protection. With these foundational pieces in place, growing businesses can focus on their productivity without being exposed to significant gaps. We recognize that the threat landscape is constantly changing and no growing business should stand still, as their business matures so will the threats targeting them. With assistance from our security partners, we can help guide you through your maturity path while keeping the strategy simple and straightforward.

Break the Cyber Threat Cycle Part I

/in , , /by

Break the Cyber Threat Cycle with Zix Layered Protection Part I

Achieving robust security does not have to be hard work. However, with the multitude of ways organizations are targeted, coupled with the hundreds of security companies pitching different approaches, choosing and implementing the right security solution can be daunting.

Endpoint security vendors will highlight the many risks of bring your own device (BYOD) and the need to install security directly on the endpoint. Security awareness vendors will tell you that your people are the weakest link. Web or email gateway security vendors will recommend that securing the gateway is your best bet. Finally, a threat hunting expert will tell you it is too late because you’ve already been compromised!

What can you do?

If you evaluate your security strategy through the lens of the security vendor, they all make valid points and the need for every single solution makes sense. Unfortunately, most growing organizations neither have the money, expertise, or time to implement and integrate such a complex strategy. Therefore, what is the most straight forward yet robust security strategy? To answer this question, let’s first review the Cyber Threat Cycle.

The Cyber Threat Cycle

The cyber threat cycle

The Cyber Threat Kill Chain or Cyber Threat Cycle was first articulated by Lockheed-Martin. Many security organizations have developed their own interpretation of this kill chain but, at its simplest form cyber threat actors commence in 5 major activities:

Activity 1: Identify a target

Threat actors will use a variety of methods for reconnaissance based on their mission goals to identify a target. Tactics can range from company and user profiling via LinkedIn or other social media platforms, through to conducting internet-wide vulnerability scans or snooping communication traffic via man-in-the-middle attacks. Yet, the most widely and easily accessible method has always been email. By sending a seemingly innocent email, threat actors can collect a lot of information, from the type of security gateway in place to whether the user actually exists and willing to engage.

Activity 2: Attack the target

Once a target has been identified, the threat actors will launch their initial attack. The attack can spawn multiple steps but the end goal is the same – gain access to an endpoint or internal server. From analysis of hundreds of thousands of breaches over recent years, email has been the easiest way to gain initial entry in the majority of instances.

Activity 3: Infiltrate the target

Gaining access to a single system does not automatically result in a completed mission. Often the compromised system doesn’t have the right access to move within the organization. Threat actors will attempt to establish a foothold through a number of steps including:

  • creation of a back door
  • set-up a connection to a command
  • and control (C&C) server
  • download an exploit
  • launch phishing attacks internally
  • infiltrate communication channels to establish their reconnaissance.

It’s often increasing or elevating the credentials they already have that helps establish a foothold. often increasing or elevating the credentials they already have that helps establish a foothold.

Activity 4: Evade and move

Once a threat actor has infiltrated their target, they can act methodically to gain more information and evade detection. At this point, it is important to remember that the breaches that make headlines are often years in the making. The threat actor often laid dormant, closely researching their victim, and waiting for the perfect time to execute the mission goal. Compromising a user’s inbox is a common technique to gaining more information about the business processes and personnel within an organization. Yet, threat actors are cunning enough to augment mailbox rules so that their presence is never detected.

Activity 5: Complete mission

The last activity is execution of the mission goal. Is the goal to exfiltrate sensitive data? Is it to force the victim to execute a wire transfer due to ransomware or carefully crafted Business Email Compromise (BEC) attack? Is the goal to wreak havoc by corrupting or making the victim’s data inaccessible? At this point, it is a matter of mitigating or containing the execution before the breach makes headlines.

Alignment with industry-known security frameworks ultimately should be the right approach, but to reach that point takes a heavy investment of money, personnel, and time. Further, the deeper the organization finds itself within the cycle the more business interruption will occur. With that in mind, we can begin to formulate a tactical, simple layered protection strategy that initiates a move towards a security-mature goal.

Check out part II of this blog series

Can HIPAA Information Be Emailed?

/in , /by
Women standing with a laptop near a server room.

Can HIPAA Information Be Emailed?

According to the CDC: “while the HIPAA Privacy Rule safeguards protected health information (PHI), the Security Rule protects a subset of information covered by the Privacy Rule. This subset is all individually identifiable health information a covered entity creates, receives, maintains, or transmits in electronic form. This information is called ‘electronic protected health information (e-PHI).”

In order to comply with the HIPAA Security Rule you must:

  • Ensure the confidentiality, integrity, and availability of all electronic protected health information
  • Detect and safeguard against anticipated threats to the security of the information
  • Protect against anticipated impermissible uses or disclosures
  • Certify compliance

But what does this mean for those working in the healthcare industry emailing HIPAA information? Let’s start with why email communications should be secure first:

Understanding how cybersecurity and email are connected begins with a breakdown of the path that an email follows. Email follows the following path:

  1. Created by sender on their workstation
  2. Sent from workstation to sender’s email server
  3. Sender’s email server sends email to recipient’s email server
  4. Recipient’s workstation pulls the message from their server

Every time the email is sent it could be at risk for malicious interference. In addition, a copy of the email is stored on each workstation it travels through. Breaking that down, that means there’s a copy on:

  • The sender’s workstation
  • The sender’s email server
  • The recipient’s email server
  • The recipient’s workstation 1

This path alone illustrates the risk a single email can pose – both in transit and at rest. So can emails be HIPAA compliant?

Emails can be HIPAA compliant, but requires IT resources and a monitoring process to ensure that authorized users are communicating PHI in adherence with policies for HIPAA compliance for email.2

What IT resources and monitoring processes are available? Beyond our in-house security solution, we also recommend email encryption.

Encrypted Email

Encryption is a way to make data unreadable at rest and during transmission. CIT partners with Zix for email encryption and they partner with more than 1,200 U.S. hospitals to help maintain HIPAA compliance. As cyberattacks continue to grow exponentially, Zix provides you with efficient methods to optimize your IT security effectiveness while better securing PHI in and out of their organization.

To learn more check out A Case for Email Encryption.

So now that we’ve talked about the path of an email, HIPAA compliance, and our recommended solutions we want to make sure all types of emails are secure.

What different kinds of emails need to be secure?

In the healthcare industry, it is important to avoid security risks, meet compliance standards, and secure multiple types of emails. Cybersecurity and compliance solutions should include securing:

  • In-office emails
  • Doctor-to-doctor emails
  • Personal emails
  • Mass emails 
  • Reply emails
  • Patient emails

Additional email security considerations

Start with a HIPAA Compliance Checklist or learn more about a Cybersecurity Gap Analysis for your business. Want to chat with one of our experts? Contact us here. 

  1. https://www.securitymetrics.com/blog/how-send-hipaa-compliant-emai
  2. https://www.hipaajournal.com/hipaa-compliance-for-email/

How Can I Recover Lost Data? Your Guide to Data Recovery

/in , , /by

How Can I Recover Lost Data? Your Guide to Data Recovery

We’ve all been there – the moment you hit delete and the panic sets in. Data protection is a key component of IT and can be simple with the right solution. Many times the focus of the protection is to just have a backup but the real focus should be on the ability to recover. Having a copy of your data without the ability to restore it in the time required is often not discovered until it is too late. 

Your data recovery plan should start with a solution that includes:

  1. Your recovery time (how fast do I need to back up and running).
  2. Your recovery point (how far back in time can the business afford to lose data).
  3. The ability and is tested on an annual basis.  
  4. The solution should also take into account different types of recovery from a single file recovery, entire system recovery, or entire site recovery.  

Solutions are available that can provide reliable backups that also include offsite replication and resources that allow for recovery both locally and remotely. 

CIT is Blue Diamond Partner Status with Datto

/in , /by

Providing Business Computer Backup for Minnesota and Wisconsin

WHY DOES CIT PARTNER WITH DATTO?

Together with Datto, we provide Total Data Protection from IT disasters, human error, and malicious activity — making your business invincible, secure, and instantly restorable at any time.

Datto gives you complete backup, recovery, and business continuity solutions that are built for businesses of every size, regardless of infrastructure. Datto products are built specifically for the Channel with scalable storage options, predictable cloud pricing, and 24/7/365 support.

Datto products feature award-winning technology, includingDatto’s purpose-built cloud, Instant Virtualization, Inverse Chain Technology™, Screenshot Backup Verification™, and End-to-End Encryption.

Datto defines innovation, once again.

WHAT ARE THE BENEFITS OF CIT BEING A DATTO BLUE DIAMOND PARTNER FOR YOUR BUSINESS?

You can expect:

  • Priority handling of support cases
  • Opportunity for more efficient ticket resolution
  • Advanced customer experience with CIT connected to a dedicated Datto Blue Diamond Support Team

Darktrace Partner of the Year 2020

/in , , /by
darktrace and cit security solutions

Darktrace Partner of the Year 2020

Why Does CIT Partner with Darktrace as a Cybersecurity Solution?

“Darktrace provides us peace of mind, allowing us to better sleep at night because we know that our customers and our own internal systems are protected. With Darktrace Antigena constantly running in the background—on nights, weekends, and holidays—we are secured against even the nastiest zero day exploits.”

– Todd Sorg, CISO & vCIO, CIT

What is Darktrace?

World leaders in Autonomous Cyber AI

The Darktrace Immune System is the world’s leading autonomous cyber defense platform. Its award-winning Cyber AI protects your workforce and data from sophisticated attackers, by detecting, investigating, and responding to cyber-threats in real-time — wherever they strike

Click here to learn more about Cybersecurity Solutions!