Small and medium-sized businesses (SMBs) are the backbone of the economy, but they are often the primary targets for cyberattacks. In fact, according to recent reports, nearly half of all cyberattacks are aimed at SMBs. To protect themselves from these threats and ensure the security of their critical assets, SMBs should consider following the guidelines provided by the National Institute of Standards and Technology (NIST) in their Special Publication 800 series.
Comprehensive Cybersecurity Framework
NIST 800 series provides a comprehensive framework that helps SMBs establish and maintain effective cybersecurity measures. By implementing the NIST guidelines, SMBs can enhance their cybersecurity posture and reduce the risk of potential data breaches, financial losses, and reputational damage.
Improved Risk Management
NIST 800 guidelines focus on risk management, helping SMBs identify and mitigate potential vulnerabilities and threats. Following the guidelines allows SMBs to proactively assess their cybersecurity risks and develop effective strategies to safeguard their sensitive data, intellectual property, and customer information.
Industry-Recognized Standards
NIST 800 series is widely recognized and adopted by both the public and private sectors. By adhering to these guidelines, SMBs demonstrate their commitment to meeting industry standards and best practices. This not only helps build trust with customers and partners but also increases their chances of securing lucrative business contracts and partnerships.
Cost-Effective Approach
Implementing NIST 800 guidelines can be a cost-effective approach for SMBs. These guidelines offer scalable solutions that can be tailored according to the organization’s size, budget, and specific requirements. SMBs can leverage the NIST framework to prioritize their cybersecurity investments, ensuring that they maximize their security efforts within their available resources.
In today’s digitally connected world, SMBs cannot afford to neglect cybersecurity. Following the NIST 800 guidelines provides SMBs with a comprehensive framework to enhance their cybersecurity posture, improve risk management, establish industry-recognized standards, and reduce costs, By working with a managed IT service provider to implementing these guidelines, SMBs can protect their assets, maintain their reputation, and thrive in an increasingly cyber-threatened landscape.
If your company is looking to implement stronger security through an standards based framework, then contact us for assistance.
PwC study: MSP strategic users gain 43-point performance premium over cost-focused peers.
A report from PricewaterhouseCoopers based on a survey of over 2,000 business leaders and took it as confirmation of our recent blog post about Why SMBs Need Managed Service Providers (MSPs). Here are some takeaways from the article:
Takeaways:
“Companies that use MSPs for strategic advantage are 1.6 times and 2.4 times more likely to be faster to market as well as more innovative than those focused solely on cost savings, according to the report.”
“Organizations utilizing managed services at a mature level use them to respond more adroitly to changing conditions and potential threats.”
“Most business and IT leaders recognize the pace of innovation is occurring faster than their internal IT teams can absorb. There is always going to be some type of skills shortage. Those skill shortages are ones that MSPs are in the best position to fill.”
If your company is looking to outperform in the marketplace, then contact us to start a partnership.
MSP console managing SMB BYOD smartphones and laptops with centralized MDM and security policies.
Small and medium-sized businesses (SMBs) face numerous challenges when it comes to managing their IT. Limited resources (both human and money), lack of expertise, and the need to focus on core business operations often make it difficult for SMBs to understand and manage technology needs. This is where Managed Service Providers (MSPs) come in. In this blog article, we will explore the reasons why SMBs should consider partnering with MSPs to enhance their IT capabilities and drive business growth.
Cost-Effective IT Solutions:
One of the primary reasons why SMBs need MSPs is the cost-effectiveness they offer. By outsourcing their IT needs to MSPs, SMBs can avoid the high costs associated with hiring and training an in-house IT team. MSPs provide a range of services, including network monitoring, data backup and recovery, cybersecurity, and software updates, all at a predictable monthly cost. This allows SMBs to allocate their resources more efficiently and focus on their core business.
Access to Expertise and Advanced Technology:
MSPs are experts in providing IT services and have a team of highly skilled professionals with expertise in variety of technology. By partnering with MSPs, SMBs gain access to the depth of knowledge and experience from IT experts who can handle complex tasks and provide strategic guidance. Additionally, MSPs stay up-to-date with the latest technology trends and can recommend and implement solutions that can help SMBs stay competitive in the market and safe from hackers.
Proactive IT Support and Maintenance:
MSPs offer proactive IT support and maintenance, which is crucial for SMBs. They monitor networks, identify potential issues, and take preventive measures to avoid downtime and disruptions. MSPs also provide regular software updates, security patches, and system maintenance, ensuring that SMBs’ IT remains secure and up-to-date. This proactive approach helps SMBs minimize the risk of costly IT failures and ensures smooth business operations.
Enhanced Data Security:
Data breaches and cyberattacks pose a significant threat to SMBs. MSPs play a vital role in safeguarding SMBs’ sensitive data and protecting them from potential security breaches. They implement robust cybersecurity measures, such as firewalls, antivirus software, and encryption, to ensure data confidentiality and integrity. MSPs can also conduct regular security audits and vulnerability assessments to identify and address any potential weaknesses in the IT infrastructure.
Scalability and Flexibility:
As SMBs grow, their IT needs evolve. MSPs offer scalable solutions that can adapt to changing business requirements. Whether it’s adding new users, expanding storage capacity, or integrating new software, MSPs can quickly and efficiently accommodate these changes. This scalability and flexibility allow SMBs to focus on their growth without worrying about the limitations of their IT infrastructure.
If your company could use the cost-effective solutions, access to expertise, proactive support, enhanced data security, and scalability that come from using a MSP, then contact us for assistance.
2FA dashboard displaying account protection compliance metrics and phishing defenses.
Businesses are face an increasing number of cyber threats. To protect sensitive data and prevent hackers from gaining access, implementing stronger security measures is crucial. One such measure is 2-factor authentication (2FA). Let’s look at the importance and security benefits of 2FA for businesses.
Enhanced Account Security:
2FA adds an extra layer of security to the traditional username and password login process. By requiring users to provide a second form of authentication, such as a unique code sent to their mobile device, it significantly reduces the risk of hackers from gaining access. Even if a hacker manages to obtain a user’s password, they would still need the second factor to gain access.
Mitigation of Password-related Risks:
Passwords are often the weakest link in security systems. Many users tend to reuse passwords across multiple accounts or choose weak and easily guessable ones or re-use the same password while incrementally changing a digit or two. With 2FA, even if a password is compromised, the additional authentication factor acts as a safeguard, making it significantly harder for attackers to gain access.
Protection Against Phishing Attacks:
Phishing attacks, where attackers trick users into revealing their login credentials, are a common threat to businesses. 2FA provides an additional layer of defense against such attacks. Even if a user unknowingly falls victim to a phishing attempt and enters their credentials on a fake website, the second authentication factor would prevent the attacker from accessing the account.
Compliance with Industry Regulations:
Many industries, such as finance, healthcare, government contractors, and e-commerce, are subject to strict data protection regulations. Implementing 2FA helps businesses meet compliance requirements and avoid potential penalties. It demonstrates a commitment to safeguarding sensitive customer information and builds trust with clients.
Cost-Effective Security Measure:
Implementing 2FA does not require significant financial investment. Many 2FA solutions are readily available and can be easily integrated into existing systems. Considering the potential financial and brand reputation damage caused by a security breach, the cost of implementing 2FA is minimal compared to the benefits it provides.
In an era where cyber threats are constantly evolving, businesses must prioritize security measures to protect their valuable data. 2-factor authentication offers a simple yet effective way to do so.
If your company is interested in implementing 2FA across the entire organization, then contact us for assistance.
In today’s digital age, where technology has become an essential part of our lives, ensuring the security of our online information has become more crucial than ever before. With cyber threats and attacks on the rise, it is vital for individuals and organizations to invest in comprehensive cyber security training. In this blog article, we will explore the importance of cyber security training and why it should be a top priority for everyone.
Protecting Confidential Information
One of the main reasons why cyber security training is essential is to protect confidential information. In our increasingly connected world, we store sensitive data, such as financial information, personal details, and business data, online. Without proper training, individuals become vulnerable to malicious attacks, such as phishing scams, data breaches, and identity theft. Cyber security training equips individuals with the knowledge and skills necessary to identify and prevent such threats, ensuring the protection of confidential information.
Mitigating Financial Losses
Cyber attacks can have devastating financial consequences for individuals and organizations. The cost of recovering from a cyber attack, including restoring compromised systems, investigating the breach, and compensating affected parties, can be significant. By investing in cyber security training, individuals and organizations can minimize the risk of falling victim to cyber attacks, thereby avoiding potentially crippling financial losses.
Safeguarding Reputations
In today’s hyper-connected world, reputation is everything. A cyber attack not only compromises the security of your information but also tarnishes your reputation. News of a data breach or cyber attack can spread like wildfire, damaging the trust that customers, clients, and partners have in you. By taking proactive measures and investing in cyber security training, individuals and organizations can safeguard their reputations and maintain the trust of those they interact with.
Staying Ahead of Evolving Threats
Cyber threats are constantly evolving, with hackers employing new techniques and strategies to breach systems and access sensitive information. Cyber security training ensures that individuals and organizations stay up to date with the latest cyber security practices, emerging trends, and new vulnerabilities. By staying ahead of evolving threats, individuals can better defend themselves against attacks and organizations can maintain a robust cyber security posture.
Building a Culture of Cyber Awareness
Cyber security is not just the responsibility of IT professionals; it is everyone’s responsibility. By promoting cyber security training, organizations can build a culture of cyber awareness among their employees. Ensuring that employees are equipped with the necessary knowledge and skills to identify and report potential threats reduces the attack surface and strengthens the overall security posture of the organization.
Conclusion
In a world increasingly reliant on technology and interconnectedness, the importance of cyber security training cannot be overstated. From protecting confidential information to mitigating financial losses and safeguarding reputations, cyber security training is crucial for individuals and organizations alike. By investing in comprehensive training programs, we can enhance our ability to identify and prevent cyber threats, ultimately creating a safer digital environment for all.
If your company is one of the 47% of companies that plan to add or change their cybersecurity solution this year, then contact us for assistance.
Mimecast KnowBe4 phishing simulation risk scoring employee training dashboard
As you know, we take cybersecurity and the protection of your accounts and data very seriously. That’s why we are always striving to provide you with tools and resources to help keep you and your employees safe from cybercrime.
The most common threat we are seeing is phishing messages delivering malware or stealing credentials. Even though your company might be protected with spam filtering, there are instances where these malicious messages could still appear in your employee’s inboxes. And it’s important we both arm them with as much education and resources as possible to understand and identify these phishes.
We have a new tool that we’d love to demonstrate for your or talk more about. It’s called Catch Phish, and it’s an email analysis and training tool. It connects right to your employee’s Outlook as a clickable application on every message. When clicked, the tool quickly, but safely, scans the important details of the message to find potential threats such as suspicious links or attachments, sender details, or message details such as threatening language or deactivation scares.
This tool is included in our cybersecurity training packages and can help provide the much needed cybersecurity education to all levels of staff.
Do you have 30 minutes to talk about reducing your risks with Catch Phish and our other cybersecurity awareness training tools, then contact us for assistance.
Compliance penetration test report mapping findings to HIPAA SOC 2 PCI DSS controls.
Compliance is and always has been a complicated matter. Here are the quotes from the three types of compliance – CMMC, HIPAA, and PCI:
“CMMC – Risk AssessmentL2-3.11.2 – VULNERABILITY SCAN: Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.”
“HIPAA – § 164.308 Administrative safeguards. (a)(1)(ii)(A) –Risk analysis (Required). Conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity or business associate.”
“PCI – 11.3: External and internal vulnerabilities are regularly identified, prioritized, and addressed”
To summarize what this all mean – compliance requires penetration testing and vulnerability scanning. Networks have to be tested regularly to make sure that there has been nothing missed which would allow a hacker to breach the network and steal the treasure of information. Our recommendation is to scan at least quarterly, if not monthly, to find these vulnerabilities and address them before the hackers find them.
If your company has compliance requirements that you need consulting for, then contact us for assistance.
Today we tell the story of a medical office’s journey to the cloud. This particular client was facing their server operating system reaching end of support (a HIPAA violation) in the near future. They had begun by looking at their electronic medical records software company’s online offering, which didn’t have all the functionality of their on-premises software and was very expensive (this is typical).
They next decided to look into moving their current on-premises software into the cloud and we were asked to help with the testing. We determined that it would be best to move the file portion of the server to SharePoint / OneDrive to increase their mobility and flexibility. We also determined that it would be best to move them away from on premises Active Directory into Azure Active Directory / Intune to allow authentication and security policies. Finally we began testing the on-premises software hosted on a server in Azure with a VPN connection to their office.
The SharePoint / OneDrive and Azure Active Directory portions went through with little issues. The server, however, was not as we had hoped. The Azure VPN connection was expensive due to it always being on and no way of turning it off outside of business hours. The performance of the SQL database that the on-premises software used was basically unusable. The other option would be to create virtual desktops on Azure for this purpose but the cost and functionality was not what the customer was hoping for.
This has lead them back to searching for an online EMR software that will meet all their requirements. This will be tough because most companies are good at some things, but not all things and compromises usually have to be made. Our hope is that this story is a lesson to other companies. The cloud may sound like the newest and best way to work, but the costs and functionality are often worse than expected.
If your company is going to use full disk encryption or has compliance requirements that you need consulting for, then contact us for assistance.
Farmhouse Networking calculates ransomware, server failure, and cyber insurance costs protecting Oregon SMB digital employees from downtime.
We were discussing the price customers paid for their monthly maintenance of computers and the comparison was brought up about insurance costs. As a business owner with employees, it is necessary these days to offer health insurance as part of their compensation package. If the company has vehicles that are used for business, then the government mandates that they be covered by minimum amounts of insurance. These costs are then built into the price the business owner then charges their clients for products or services.
Insurance Statistics:
According to Business.com, the average cost of health insurance for a single employee was $645 per month and $1,850 per month for a family.
According to NerdWallet.com, the average cost of car insurance was $179 per vehicle per month.
Questions:
So what about the “digital” employees of the company, aka the computers and network equipment that make business possible. How much are business owners paying to “insure” these assets? What are businesses willing to pay to make sure that their computers and network don’t have a sick day? Does the cost of insuring them include preventative care? Who does the business call in case of an accident or breakdown in the middle of the day? Does the cost of insuring include on-site service or transport to a service center?
If your company wants to keep their digital employees healthy and insure them from accidents, then contact us for assistance.
As our business continues to grow our focus is on providing white labeled Tier 3 IT support services, RMM as a service, and co-managed IT services. This blog will be highlighting tips for using Powershell to get an Export List of AD Users Last Login was more than 90 Days Ago.
Research
You need to find out what the Organizational Unit (OU) path that you are trying to get the count from. The following command will list all OUs in the domain.
Get-ADOrganizationalUnit -Filter 'Name -like "*"' | Format-Table Name, DistinguishedName -A
If you want the entire organization then you will need the top level information which looks like DC=[DomainName],DC=local
Variables
$SearchOU = This is the full DistinguishedName from the above output.
The script will take several seconds to run based on the number of users in the OU being searched. The output is saved to the local c:\support directory and you can modify this script to include the FTP upload based on our previous article – https://www.farmhousenetworking.com/rmm/automation/rmm-automation-export-log-files-to-ftp/ The script can also be easily modified to change the number of days since last login.
If your company is a MSP or wants to become one and automation just seems out of reach, then contact usto run your RMM for you.
And God will generously provide all you need. Then you will always have everything you need and plenty left over to share with others. As the Scriptures say,
“They share freely and give generously to the poor. Their good deeds will be remembered forever.”
For God is the one who provides seed for the farmer and then bread to eat. In the same way, he will provide and increase your resources and then produce a great harvest of generosity in you. - 2 Corinthians 9:8-10
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
