Managing Your Company’s IT Risks

Posted on

With the growing number of cyber-attacks around the world as of late, many businesses are realizing that implementing a proper cyber security plan is critical to succeeding in the business world. Everything from the emails your employees receive to the links they click can cause your systems to be compromised and your clients’ private information to be stolen. Today’s blog covers the steps that you should take to protect your company and your customers.


The first step in securing your infrastructure is educating your employees on the risks they face and how they can help with your company’s protection. The most obvious security measure team members can take is utilizing complex passwords. Employees should be encouraged to use long strings of unrelated words or combinations of capital letters, letters, numbers, and symbols and change them at least bi-annually. Additionally, employees should take precautions when clicking links in emails. Phishing scams are those where hackers create emails that emulate trusted sources that contain malicious links. These scams can be avoided by double-checking the email address to ensure it is correct. For example, can be secure while might be a hacker. If suspicious emails are detected, the IT team should be notified so they can block the sender and perform additional security scans. To ensure employees are following the proper procedures, their activity should be monitored and there should be blocks on certain types of websites.


No matter how safe your employees are, your company will face a plethora of security risks. It is critical to implement a security infrastructure that will help prevent hackers from compromising your entire system. Network management is the process of monitoring each user’s activity and the overall infrastructure’s performance. IT teams must also ensure that the software and network are constantly updated to ensure that they are defending against the latest threats. In order to ensure this management is effective, it is important to test it by performing a penetration test. This involves internal or outsourced teams trying to exploit vulnerabilities to see if they gain the ability to negatively affect the system.


As we’ve said, there is no way to fully protect your business against these types of attacks. That is why it is important to create a disaster recovery plan. Frequently making copies of your infrastructure is important so that the stored information is as up-to-date as possible and the infrastructure will be able to be recovered to the state it was in before it acquired the virus or hack. Storing these backups on the cloud will provide additional protection as it will prevent data loss in the occurrence of a natural disaster or theft. These backups should also be tested frequently to ensure they are taking a full snapshot of the system and able to be uploaded quickly. With the proper backups in place, your business will be able to upload your system in minutes once you can access an internet connected device.

These are just a few of the steps your company should take to manage the cybersecurity threats it faces each day. A proper plan involves a full risk assessment and will constantly change to accommodate new technology and threats. Our team members would be happy to help you protect your business and create a plan to ensure its sustainability and success. Contact us to learn more!

The WannaCry Virus

Recently, a cyber-attack known as WannaCry took hostage hundreds of thousands of public and private Microsoft computers around the world. Computers were affected in more than 150 countries, making this the largest recorded ransomware attack. This virus is a form of ransomware, which encrypts files until a monetary ransom is paid. Often, these ransoms will double after a certain period of time and if they are not paid within the set time, all of the files will remain encrypted. Once the ransom is paid, a key is provided that will unlock the files. In this case, the requested ransom was around $300.

Victims of these attacks include a healthcare company in Britain, where patients had to be turned away from more than 36 hospitals, doctor’s offices, and ambulance companies. Thankfully, patient data was not compromised during this attack. In Russia, the Interior Ministry’s computers were frozen. In the United States, FedEx became a target.

These types of attacks are usually triggered by malicious attachments in emails that are designed to mimic legitimate sources. Microsoft was aware of this vulnerability and had released software updates to protect customers from these types of attacks. However, many people have outdated software which allowed them to remain vulnerable. It has yet to be reported the total amount victims paid.

It is rumored that the strategy of this attack is rooted in the N.S.A. because of the comments made when the plans were posted online previous to the attack. A group who identifies itself as the “Shadow Brokers” claimed that the numerous hacking tools they posted online were stolen from the U.S. Government. These tools targeted firewalls, anti-virus programs, and Microsoft products. This is especially concerning because the N.S.A. is taxpayer funded. The N.S.A. has denied this allegation but some sources claim that former officials have suggested the content looks similar to other N.S.A. documents.

The United States has used cyber-attacks against other governments in the past and it is known that they have classified information on these types of vulnerabilities. Former President Obama’s administration developed a process to determine which of these vulnerabilities should be kept in a classified setting and which ones should be reported to the companies so they can be fixed.

Our team strives to provide prompt, cloud based updates to our customers so that their software is always up to date. We also employ both network security and email filtration measures in order to further reduce the risks of these types of attacks. If you are curious about how we have helped protect other companies or are ready to trust us with your technical security, contact us today to get started.