In June News:

 
On The Calendar & What's New With Us If you're new to our newsletter and you'd like to subscribe, let us know.June happenings at The Fulcrum Group
  • RSVP today for our upcoming Summer 2015 Movie Event on Thursday, June 25th! Beat the heat with us and come talk security, enjoy a great lunch and a cool afternoon showing of Jurassic World!
  • Coming up in July...if you're a business owner and considering selling your organization in the near future, you'll want to come with us to Globe Life Park in Arlington for some great information (and an exciting night of baseball) at B2BCFO's "Optimizing The Value of Your Business" Event - Tuesday afternoon, July 28th. Let us know if you are interested.
Subscribing to our blog and following us on social media is a great way to stay aware of events that pop up, best security practices, new alerts and other information for business owners and IT Managers. Quick links to our social media pages are accessible right from our website and in every monthly newsletter email you receive from us!  
Watch out for these 5 Signs Your Network Might Be Being Compromised!Is Your Network Being Compromised?  5 Signs Not To Ignore How can you stay one step ahead of the kind of malicious activity that uses insiders to steal corporate secrets or personal identifiable information? Check out these common scenarios and ways to approach them. As simple as it may sound, creating visibility to the status of user credentials in a network is a sure, safe first step for mitigating user-related threats, such as the “insider threat.” Here are five basic scenarios we advise organizations to monitor, in order to identify when trusted insider credentials may have been compromised: Scenario 1: The sudden change in office hours Working hours are not only a strong indicator of an efficient employee, but also an indicator for a compromised user credentials. Over time, employees tend to adopt a consistent work hour routine. This could manifest in both the specific hours workers arrive and checkout, but also with the durations of morning working sessions, behaviors on “depressing Mondays,” on holidays, etc. Using a baseline behavior pattern, identifying subtle changes in work hours could be the key to identifying whether a user’s credentials have been compromised. Scenario 2. The Impossible Journey If there is one benchmark even the most competitive sales department can’t achieve, it is crossing the Atlantic in under 6 seconds. That’s why, when you see an employee accessing internal databases from two different continents in a very short time frame, you have another strong indicator of compromised credentials. Pinpointing a user’s location based on network data can be very unreliable. Geo-locations gathered from multiple data sources and representing various kinds of interactions can potentially result in a high rate of false-positives. This requires profiling engines to be both selective and reliable in the data they take into account. Scenario 3: The implausible remote access Why would someone who is currently in the office be connected to another internal asset using a remote protocol or application? Obviously, there is no need for this since all allowed assets should be accessible from an employee’s original domestic station. That’s why scenario 3 asks the question: “Why would you use that remote connection anyway?” This is extremely important, since remote protocols are often used by an external attacker seeking to manipulate data from a distant location, or by a trusted insider as a way to mask an action he doesn’t want on record from his own trusted credentials. Scenario 4: The unusual resource usage Uncommon use of organizational tools and department-dedicated resources is another great way to detect when an insider’s trusted credentials are actually being abused. Identifying a user using either a file-share or a CRM his colleagues don’t typically access, could help detect when he himself, or someone using his own rights, is trying to reach a sensitive company resource. Scenario 5: The password reset Password reset protocols vary from service-to-service, but to all extent provide a golden opportunity for an attacker to take control of unused trusted credentials. For example, an account used routinely to conduct automated processes is due a password change. An attacker, with some kind of insider access, can target this account and use the mandatory password policy to force a password change and abduct this account for his own purposes. Now in the hands of a malicious attacker, this account could now mask any future action. As always, if you have any questions related to your business technology, we want you to feel comfortable picking up the phone (or shooting us an email) and giving us a shout.  We're right here for you!  
 
Employee Appreciation Tips Employee Appreciation Tips From The Fulcrum GroupIts always a good time to let the folks you spend a majority of the day with know they're appreciated! Here at The Fulcrum Group, we make it a conscious habit of offering various "employee appreciation" opportunities throughout the year, such as acknowledging employee birthdays each month, "Fulcrum Friday" casual, after 5 get-togethers in the summertime (sometimes a cookout, other times it may be a fun place to go and have a good time with our families), employee Lunch & Learns where we offer various tutorials on business systems and processes along with a great lunch, and more. We're always on the lookout for simple, fun ideas we can implement around the office. From time to time, we come across some great ideas (from no cost, to low or moderate cost) - we thought we'd share a few: University of Washington Human Resources Employee Recognition Ideas 20 Fast Fun and (Almost) Free Employee Recognition Ideas  We hope you enjoy some of these - let us know what you try, or do on a routine basis, at your organization.  
SPOTlight On: John MartinezThe Fulcrum Group - Dallas Fort Worth IT Experts Its a good thing The Fulcrum Group's newest Level III VoIP (Voiceover Internet Protocol) Engineer, John Martinez, is determined, resourceful and enjoys turning negative situations into positive ones...Our building's temperamental a/c system hasn't really been all that welcoming to our newest team members, so it's been helpful that everybody seems to stay "chill" about it (and always seems up for Sonic).  John says he's enjoyed the 'open door' atmosphere with all of the Fulcrum team, and the camaraderie that exists here. A relative "newlywed" who enjoys fun pursuits like soccer and baseball/softball, fishing, boating, shooting hoops with his youngest and entertaining guests while perfecting his brisket smoking skills, John also enjoys the feeling of support for continued learning here, and is currently working on further Cisco (voice) certifications.  
 
Tech TipTech Tips from The Fulcrum Group, Dallas Fort Worth IT Managed Services Providers: Staying Safe On Social Media Sites Summer's here and more and more connected people will be posting their vacation plans and pictures on their social media of choice.  With that, comes more possibility for making not-so-safe social media choices.  The US Department of Homeland Security provides some great tips for staying safe on Social Media Sites.  Run these tips by your teen, and remember to refresh yourself on good social media safety behavior, too:
  • Limit the amount of personal information you post - Do not post information that would make you vulnerable, such as your address or information about your schedule or routine. If your connections post information about you, make sure the combined information is not more than you would be comfortable with strangers knowing. Also be considerate when posting information, including photos, about your connections.
  • Remember that the internet is a public resource - Only post information you are comfortable with anyone seeing. This includes information and photos in your profile (and "cover photo" in the case of Facebook) and in blogs and other forums. Also, once you post information online, you can't retract it. Even if you remove the information from a site, saved or cached versions may still exist on other people's machines (see Guidelines for Publishing Information Online for more information).
  • Be wary of strangers - The internet makes it easy for people to misrepresent their identities and motives (see Using Instant Messaging and Chat Rooms Safely for more information). Consider limiting the people who are allowed to contact you on these sites. If you interact with people you do not know, be cautious about the amount of information you reveal or agreeing to meet them in person.
  • Be skeptical - Don't believe everything you read online. People may post false or misleading information about various topics, including their own identities. This is not necessarily done with malicious intent; it could be unintentional, an exaggeration, or a joke. Take appropriate precautions, though, and try to verify the authenticity of any information before taking any action.
  • Evaluate your settings - Take advantage of a site's privacy settings. The default settings for some sites may allow anyone to see your profile, but you can customize your settings to restrict access to only certain people. There is still a risk that private information could be exposed despite these restrictions, so don't post anything that you wouldn't want the public to see. Sites may change their options periodically, so review your security and privacy settings regularly to make sure that your choices are still appropriate.
  • Be wary of third-party applications - Third-party applications may provide entertainment or functionality, but use caution when deciding which applications to enable. Avoid applications that seem suspicious, and modify your settings to limit the amount of information the applications can access.
  • Use strong passwords - Protect your account with passwords that cannot easily be guessed (see Choosing and Protecting Passwords for more information). If your password is compromised, someone else may be able to access your account and pretend to be you.
  • Check privacy policies - Some sites may share information such as email addresses or user preferences with other companies. This may lead to an increase in spam (see Reducing Spam for more information). Also, try to locate the policy for handling referrals to make sure that you do not unintentionally sign your friends up for spam. Some sites will continue to send email messages to anyone you refer until they join.
  • Keep software, particularly your web browser, up to date - Install software updates so that attackers cannot take advantage of known problems or vulnerabilities (see Understanding Patches for more information). Many operating systems offer automatic updates. If this option is available, you should enable it.
  • Use and maintain anti-virus software - Anti-virus software helps protect your computer against known viruses, so you may be able to detect and remove the virus before it can do any damage (see Understanding Anti-Virus Software for more information). Because attackers are continually writing new viruses, it is important to keep your definitions up to date.
More details in the rest of this document can be found here.  
 
Did You Know...Fulcrum FunThe Fulcrum Group Dallas Fort Worth IT Experts Did you know that partnering up with the Fulcrum Group often means plenty of opportunity for FUN?! From meetups at the ballpark to upscale Customer Appreciation Nights, to informative Lunch & Learns at neat venues around the metroplex (which always include awesome views, steller info, yummy food and great giveaways) to just rolling out some great entertainment for our clients, such as our upcoming Summer 2015 Movie Event later this month. Reserve your spot today if you'd like to be added to the guest list, and be on the lookout for your official invite!