September News:

On The Calendar Thursday, September 28th from 10:00 a.m. til 10:30 a.m., we'd like to invite you to join us for our September webinar on SPOT Shield Managed IT Security Services – There's no better time than now to learn how SPOT Shield can help reduce your IT security risk! Sign up today, right from our Events page. Quick links to our social media pages are accessible right from our website and in every monthly newsletter email you receive from us. If you're new to our newsletter and you'd like to subscribe, let us know.
SPOT Shield Helps Protect Your Business Against Cybersecurity Threats Recent cyber security research consistently shows regular cyber security targets are businesses with under 1,000 users. That means many Dallas/Fort Worth small businesses are likely targets. SPOT Shield Managed IT Security Services adds layers of on-going IT security services to your day to day IT operations.  We reduce the IT security risk for your organization so you can stay focused on doing what you do best – running your business. Our fixed price SPOT Shield Managed IT Security Services ensure that all of your IT security needs are covered, and you’ll know exactly how much it costs each month. What’s In It For You?  Continuous Security Training SPOT Shield Managed IT Security Services includes unlimited employee security awareness training.  Ongoing employee security awareness training keeps IT security top of mind for your employees. Simulated Phishing Attack Platform SPOT Shield Managed IT Security Services includes our simulated phishing attack platform so that you can test employees for IT security awareness.  You can track and report on employee actions, and if a simulated attack is successful, the employee is redirected immediately to additional training. Quarterly IT Security Assessments SPOT Shield Managed IT Security Services includes a quarter IT Security assessment utilizing our automated IT security assessment tools.  The results of these quarterly IT Security assessments will be delivered as part of your SPOT Managed IT Services Quarterly Business Review. Breach Protection Portal SPOT Shield Managed IT Security Services includes our Breach Protection Portal, which has a variety of tools available for your use.
  • On-demand employee security awareness training and tracking
  • IT Policies & Disaster Recovery Plan Tracking
  • Access to additional security document templates
  • Security Breach/Incident Tracking
  • Optional Breach Protection and Response ($100K financial protection, plus breach response services such as breach forensics and credit monitoring)
Reach out to us or contact your Fulcrum Group Account Manager to learn more about SPOT Shield Managed IT Security Services.
5 Best Network Security Things You Should Be Doing  5 Best Network Security Things You Should Be Doing By Steve Meek No one thinks they are a target, until they are. Verizon’s latest Data Breach Investigations Report (DBIR) shares some great analysis about security facts and figures that are helpful to protect our organizations. Their research showed 61% of the 2016 victims were businesses with under 1,000 users. The report also revealed that attackers were generally opportunistic, using broad based attacks against everyone, to find starting points to compromise businesses for passwords, access to systems and data. Think of it as checking houses for unlocked doors and hoping for easy scores. Twenty years ago, I would have told you buy a firewall and anti-virus. Ten years ago I would have pointed you towards next-generation firewalls, IDS/IPS, web filtering or other security tools. And while you probably have many of these today, the report shines a light on more “people” oriented avenues, which actually have a bigger impact on preventing compromise. 1. Secure the human Most employees genuinely want to use computers correctly and safely. In the midst of challenging people to hit production goals and MBOs, asking them to also be security-minded tends to come second. That is why providing ongoing security training is considered a top security tool. You can find resources on the Internet if you have an in-house trainer and expertise but the challenge has given birth to a variety of online resources for security awareness training. The training can be assigned, tracked and verified complete with a test. You can help your people stay safe with a little bit of training that goes a long way. The federal government reinforces education each October during National Cyber Security Awareness Month. Check out their Stop.Think.Connect. toolkit, if you are looking for free resources to engage with yourself. 2. Implement security policies and IT standards 62% of the breaches identified featured hacking of the network. These attacks might target open firewall configurations, default passwords, unpatched/old systems or even compromised passwords. 81% of these hacking attempts took advantage of stolen and/or compromised passwords. This fact practically screams for a good password policy! In other words, most of these breaches were avoidable. There is strategy and structure to securing a network and it is best done comprehensively. That means start with security in mind. IT policies help you figure out how you plan to build and maintain the network. When building a house, you don’t lay foundation, throw in plumbing, electrical and then decide to do blueprints. Structure and planning save you IT budget. There is also a reason these attacks are rarely done by basement kids any more, it’s because it results in big money. 51% of the breaches involved organized criminal groups. Fast Internet and cool devices are what we want but what a criminal desires is access. Imagine a criminal who can break into your house from anywhere in the world with a PC and Internet connection. The National Institute of Standards and Technology (NIST) was founded in 1901 and has been a government champion for protecting businesses. They offer comprehensive policies for everything at their site, though the challenge for smaller businesses is probably more about scaling the policies to an appropriate level. They recently revised their best practices for passwords but that is a long article for another time. 3. Test users with simulated phishing attacks Another important statistic Verizon estimates is that 1 in 14 users were tricked into opening an attachment and a quarter of those people were tricked more than once. All it takes is one person to click a bad link and compromise your business. There is a security saying that "there are two types of organizations, those that have been breached and those that don’t realize they’ve been breached.” Just like you might offer on-the-job training or role playing, you can simulate fake phishing attacks with emails to your users. Not to blast them, but to try get them to click on a fake link - something that wouldn’t stand out to the average user. The 1980s email protocol was never designed to be secure, so it is easy to send legit-looking (but fake) bank deposit questions, Facebook updates, NetFlix password issues, shipping updates or even emails that look like they are from a friend/coworker. Testing helps all employees learn what to watch for and not be a statistic. 4. Conduct periodic risk assessments Just like you reconcile your bank statements, audit your tax returns, review financial statements and go in for health checks (or not), it is important to periodically review your network design and layout a risk assessment. This is usually a separate function from normal network management that an IT team does. A good network person is great at making things work like users want and keeping things easy. General networking and security thinking, I feel, are opposite ends of a single slider. Making things more secure can introduce more user difficulty or complexity, without automated tools. The security mindset is more focused on the triad of confidentiality, integrity and availability. The risk assessment is a requirement for compliance-bound organizations under HIPAA or PCI. Sensitive organizations would complete one annual (or after major network changes) but smaller organizations would probably be able to edge that to every three years or so. NIST has released its Cybersecurity Framework, if you have experts at your disposal, and want to do it yourself. You’d probably want to make sure your expert had some sort of security background and certification such as (ISC)²s Certified Information Systems Security ProfessionalISACA’s Certified Information Systems Auditor (CISA) or others. 5. Stay abreast of trending threats In recent months, Internet speed reinforces that some attacks come on so quickly that security vendors take 2-3 days or longer to respond to emerging threats. Malware such as WannaCry and others wreaked havoc but the US was somewhat buffered by Europe getting hit first. Other threats like the business email compromise scams resulted in at least $2.3 in losses, according to the FBI last year. Before these items showed up in the news, they began showing up in threat intelligence feeds. If you want to protect your organization, you’ll arm yourself with information. As business owners, we can’t always afford to protect against everything. But, if there is an emerging threat, we can ask IT, “Am I protected against this?”  Subscribing to feeds helps accomplish the goal by prioritizing the items that are more clear and present dangers. Among the 20 or so I watch, I find the US government’s site a good less technical site, without too much traffic. So there you have it, big ways you can supercharge your security without depending on a huge budget to buy brand new, high dollar security tools. While the tools enhance your security posture, your people are your first line of defense. In security, you have the win 100% of the time, the villains only have to win once. Focus on your people if you want to dramatically reduce the probability of breach.
SPOTlight On: Dedric HillCyber Safety Tips From The Fulcrum Group This month, we have 3 fun facts about Dedric Hill, Fulcrum Group Level 1 Engineer:
  1. He's a new dad to new baby, Shayne!
2. He's currently proudly undefeated in Fulcrum's Fantasy Football league. 3. He's a "homebody," enjoying spending time with family playing games and watching movies. Welcome, Dedric!    
  More Than Tech Tips: Equifax Security Breach - How To Protect Yourselves Business Tips From The Fulcrum Group

Our blog has an informative briefing on how to keep yourself safe in light of the recent Equifax security breach and other recent malware attacks.

Do check this outSecurity alert from The Fulcrum Group! - and share with a colleague!

  Did You Know...SPOT Shield Managed IT Security Services The Fulcrum Group Dallas Fort Worth IT Outsourcing Managed Services Did you know… that Fulcrum Group offers SPOT Shield Managed IT Security Services as an add-on to any SPOT Managed IT Services agreement to help our clients reduce their risk related to potential IT Security breaches? Contact your Fulcrum Group Account Manager via email or at 817-337-0300 to find out more.