Technology

Article Dean Dorton

By: Jason Miller

“Cybersecurity” has become a buzzword over the last couple of years, especially with more cybersecurity attacks against large companies or corporations that are recognizable by name, but have you really taken the time to sit down and assess your organization’s IT security position?

Many organizations quickly punt the topic of cybersecurity to the IT department. While IT plays a huge role in cybersecurity, it is the responsibility of those charged with organization governance to ensure compliance. Board members and senior leadership should be asking the questions and confirming that the organization is devoting the proper resources and attention to cybersecurity.

“One and done” doesn’t work here

It is critical to understand that cybersecurity is not a one-time project. It is a continual evolution and initiative.

Leadership needs to also recognize there can be substantial costs associated with cybersecurity activities and for some organizations such as colleges and universities, they are not optional. Across the public and private sectors, it is imperative that organizations continue to enhance cybersecurity in order to meet evolving threats to controlled unclassified information and challenges to the security of such organizations.

With the ongoing focus on your organization’s bottom line, it might be tempting to defer projects related to cybersecurity to reduce budgets. However, doing so could put your organization in a position where you are not prepared, or even worse, in noncompliance with certain regulations specific to your industry. Cutting corners on cybersecurity compliance could wind up costing your business more in the end.

The “I’m covered already” approach

When evaluating your cybersecurity preparedness, there are several factors to consider. Let’s take a step back – right now, your priority is your business. You’re buying new technology, investing in new infrastructure and most likely trying to adapt to changing business models like cloud. It’s all good work but it takes time and effort.

Hackers desperately want access to your customer data, employee data, or intellectual property because it’s worth a lot. A single theft could cost your company severe financial damage. And sometimes, in the case of ransomware, all they have to do is lock it down and force you to pay to get it back as you’ve heard about in some of the latest attacks.

Why do you hear terms like “dynamic threat landscape” these days? Because you aren’t facing a group of hacktivists in a basement anymore – you are now facing professionals with a lot to gain.

Your business and the threat landscape around you are ever changing.  It is imperative that your organization conducts an annual cyber risk assessment. This allows the entire organization to consider current and future risks and put forth a plan to mitigate the identified risks.

Some businesses will run out and acquire every new solution they hear about for protecting their organization against cyber risks. While having a multi-layered approach to cybersecurity is important, it is also equally important to have an organized approach and to use tools that are designed to work together.  If your solution is designed properly, you could end up with what we call the security effectiveness gap. As you add more solutions that don’t work together, the complexity exponentially increases. So, every time you add another solution or another vendor, you add another gap – another vulnerability.

A robust cybersecurity solution will:

  1. Stop threats at the edge
  2. Protect users where they work (especially when team members are working remotely or on a personal device)
  3. Find and contain problems fast
  4. Control who gets on your network and from where
  5. Simplify network segmentation
  6. Provide compressive monitoring and detection

…But I have cyber security insurance

That insurance probably doesn’t cover anywhere near what you think it does. Should you invest in cybersecurity insurance? That’s a topic for a different day.

Your business, no matter what size or type, needs to be prepared to handle a cyberattack at a moment’s notice. It is important to work with credentialed professionals with cybersecurity expertise and experience to help you maximize your investment and make sure you have all the appropriate measures in place to keep hackers at bay.

Learn more about Dean Dorton’s cyber security services and solutions for your organization.

As originally featured in Louisville’s Business First

Article Dean Dorton

Are you one of 143 million people (the equivalent of approximately 1 in 2 Americans) who have potentially been impacted by the Equifax cyber breach? Equifax, one of three major credit reporting agencies, announced yesterday that personal information, including but not limited to social security numbers, driver’s license numbers, and credit card numbers, has potentially been compromised for up to 143 million people.

Was your personal information compromised? Click the button below to access Equifax’s website to determine if you are at risk:

Check Potential Risk

If you were potentially impacted, Equifax will enroll you in a one-year credit monitoring and identity theft protection plan. Be sure to read the legal disclaimer before completing the enrollment.

In the coming weeks and months, be extra skeptical of any emails you receive regarding this matter. Scammers will try to capitalize on this situation and launch many phishing attacks.

UPDATE, 9/11/17

We have received many follow-up questions and comments from concerned individuals. We have also continued to monitor critical news and updates. We want to provide our clients and contacts with some additional follow-up items.

  1. A number of people have raised concerns about using the Equifax free one-year monitoring service. Some indicate that the legal disclaimer states that you will be waiving your rights to any legal action. Others have expressed concerns about their ability to protect your information.
    • Equifax has clarified the concern about their standard legal language in their terms of use, indicating that those limitations do not apply to the cyber incident. However, if you are still concerned, you have the option of mailing in a letter with an opt-out notice for the arbitration clause.
    • If you are concerned about providing Equifax with your information for the free monitoring, you can consider using another trusted source for credit and identity theft monitoring service. There may be fees associated with these services.
  2. Many people have asked what else they can or should do. The Federal Trade Commission offers some additional steps to consider, such as:
    • Monitor your credit reports from all three service bureaus
    • Consider placing a credit freeze on your files
    • Monitor your banks accounts and credit cards closely
    • Consider placing a fraud alert on your files
    • File your taxes early
  3. Be VERY cautious and skeptical of any emails or phone calls you receive regarding this. Confirm that any communication is from a trusted source and review any links before clicking them to be sure they are routing you to the intended location and not rerouting you to a false site to steal more information.

For any questions or concerns related to cybersecurity and user awareness, please contact Jason Miller, Director of Business Consulting Services at jmiller@ddaftech.com or 859-425-7626.

Article Dean Dorton

There seems to never be an end to the stream of new cyber threats being thrown at us and our user base. Most people are starting to be more aware of phishing scams, but are your users up to speed on “smishing”? Smishing is a term used in reference cyber scams delivered through SMS (text) messaging to smartphones. Please share the following with your corporate users:Bad guys are increasingly targeting you through your smartphone. They send texts that trick you into doing something against your own best interests. At the moment, there is a mystery shopping scam going on, starting out with a text invitation, asking you to send an email for more info which then gets you roped into the scam.

Always, when you get a text, remember to “Think Before You Tap”, because more and more, texts are being used for identity theft, bank account take-overs and to pressure you into giving out personal or company confidential information.User awareness is one of the most important parts to a company’s cybersecurity defense plan. Contact your Dean Dorton team to learn more about our tools and services to enhance your user awareness strategy and cybersecurity defense tools.

Article Dean Dorton

Cisco Systems named Dean Dorton Technology, a premier provider of technology solutions for companies throughout the region, to the Cisco Winner’s Circle. Of the more than 50,000 Cisco partners world-wide, only 350 top performing Cisco commercial partners received the Winner’s Circle honor, signifying the top level of success (double-digit growth) in the midmarket with Cisco. Dean Dorton Technology is the only Cisco partner in Kentucky to achieve this distinguished honor.

Information technology is growing at an unprecedented pace and the world is becoming more connected and innovative than ever before. Companies striving to achieve high levels of success must be committed to regularly assessing their software, security, and collaborative solutions. Most companies have a strategic technology partner like Dean Dorton Technology, who can help modernize networks, maintain security, and offer unified communication systems through the latest state-of-the-art solutions.

“Companies are seeking ways to respond faster, empower their workforce, and personalize their customers’ experiences,” says Jason Miller, Director of Business Consulting Services. “In short, the digital transformation is creating boundless opportunities, but in order to reap the benefits companies need trusted technology advisors that understand their business, goals, and keys to success. We are truly honored to partner with Cisco, the industry leader, and provide meaningful technological advancements to our clients.”

“This is certainly a great achievement in working with Cisco, representing the value we bring to clients far beyond the basics. I am thrilled to have a direct impact on the technological advancements of companies throughout Kentucky and the Ohio Valley and look forward to keeping Kentucky’s companies competitive through the use of innovative technology,” says David Rice, a Senior Infrastructure Engineer at Dean Dorton and member of Cisco’s Small Midmarket Business (SMB) Partner Advisory Board.

Article Dean Dorton

Today your business relies on email and web more than ever. As the use of email and web increases, so does the number of advanced threats targeted at infecting users through these critical channels. An advanced email and web security strategy is critical to maintain business operations and protect your organization’s business-sensitive data.Watch this short video on Cisco email and web security solutions to learn about:

  • The current email and web threat landscape
  • Why traditional security solutions are falling short
  • What you need to protect your organization
  • How Cisco email and web security can help

Watch NowUpcoming Events

Join us this spring as we discuss comprehensive business network security topics including Cisco’s Advanced Malware Protection suite of products that provides a solution to secure your infrastructure before, during, and after a malware attack. We highly encourage company chief financial officers, chief operating officers, and chief information officers in the industry to attend this event.3:00 – 5:00 p.m.

Crank & Boom Craft Ice Cream
1210 Manchester Street
Lexington, KY 40504

Registration Closes April 193:00 – 5:00 p.m.

Against the Grain Brewery
401 East Main Street
Louisville, KY 40202Register NowContact Jason Miller at jmiller@ddaftech.com or David Rice at drice@ddaftech.com if you have any questions.View Jason Miller’s Bio

Article Dean Dorton

What controls does your business have in place to manage electronic fund transfers? How easy would it be for your Accounting Department to unknowingly participate in a fraudulent request to complete a wire transfer? Without adequate controls in place, your company could easily become the next victim of a common email phishing scheme. It is easy to think that your employees wouldn’t fall for something like this, but it happens more often than you think.

A local company recently lost over $85,000 because an employee in the Accounting Department received an email that appeared to come from one of the executives. Proper controls were not in place and funds were transferred. By the time anyone realized what had happened and the FBI could be contacted, the funds were gone and could not be recovered.

These types of scams have been around for a long time. However, the thieves are getting more sophisticated and actually put a great deal of effort into the process. It only takes a few vulnerable victims to make their effort pay off. There has been a large upswing in the number of attempts to defraud businesses – yes, even here in Kentucky!

Some attacks use a method called spoofing. Spoofing allows a sender to disguise their address and make it appear as though it came from someone else. For example, I could send an email and make it look like it came from your CEO. With the proper email security and SPAM filtering in place, most of these attempts do not make it through the filters. Properly managed email systems can recognize the spoof and block the message. More recent attempts involve the thieves actually registering a new domain name that is very similar to yours and setting up an email address that comes very close to that of your CEO or management. So close, it is very easy for your employees to not recognize the difference. Generally the email address is only one character off (e.g., jmiller@deanndorton.com instead of jmiller@deandortonstg.wpenginepowered.com.

The best defense against these attacks is to ensure there are strong controls around your electronic fund transfer processes that require more than an email request to process the transaction. For example, it is a good idea to require written sign-off. Note that an email does not equal written sign-off. If situations arise where you do need to use email, the recipient should always start a new email message to the requester (never reply to the request email). A text message to the requester would also add an additional layer of confirmation. However, completion of a company request form would be best. A strong control would require dual sign-off for transfers, especially those over a certain dollar amount and for new vendors (or new transfers). The key point here is having a two-step process to help minimize any opportunity for fraud.

Don’t put your business at risk by not having internal controls. For help evaluating and improving your information security and internal controls, please contact your Dean Dorton advisor or Jason Miller, Director of Business Consulting Services, at 859-425-7626 or jmiller@deandortonstg.wpenginepowered.com.


View Jason Miller’s Bio