The post C1 Unveils Advanced Technology Solutions to Benefit Business Outcomes appeared first on Digital IT News.

Let’s talk about the cause of the CrowdStrike issue, what unscathed companies did right, and what professionals have to say about preventing this from happening again.

What Caused the Software Issue: Lax Software Testing Processes or More?

Many believe adequate software testing would have prevented this catastrophe. However, others have concluded that multiple layers of bugs caused the issue, which is more difficult to catch in a fully automated testing system. 

Even testing for one minute would have discovered these issues …In my mind, that one minute of testing would have been acceptable. – Kyler Middleton, senior principal software engineer at Veradigm

Testing continues to be a significant point of friction [in application development]…Software quality governance requires automation with agile, continuous quality initiatives in the face of constrained QA staff and increasing software complexity…Software testing, both for security and quality, appears to be among the most promising uses for generative AI in other IDC surveys…I am hopeful that the next few years will see improvements in these statistics…However, AI can’t fix the lack of or failure to follow policy and procedures. – IDC analyst Katie Norton

The CrowdStrike flaw was caused by multiple layers of bugs. That includes a content validator software testing tool that should have detected the flaw in the Rapid Release Content configuration template — an indirect method that, in theory, poses less of a risk of causing a system crash than updates to system files themselves …This is a challenge in fully automated systems because they, too, rely on software to progress releases from development through delivery … If there’s a bug in the software somewhere in that CI/CD pipeline … it can lead to a situation like this. So to discover the testing bug in an automated way, you’d have to test the tests. But that’s software, too, so you’d have to test the test that tests the tests and so on. – Gabe Knuth, analyst at TechTarget’s Enterprise Strategy Group.

How Some Companies Went Unscathed

Not every company that got the blue screen of death had to shut down. Some had procedures in place that helped them recover relatively quickly.  

We’ve really focused on business continuity, redundancies, safety nets, and understanding of the difference between cybersecurity as a task and cybersecurity as a cultural commitment of your organization…It’s a validation of our investments while so many of our peers were languishing…The redundancies are numerous…They’re not necessarily terribly sophisticated, but we have literally gone through and said, ‘What are the critical systems of our organization? What is the interplay between them? And if it comes crashing down, what is the plan?’…The reality for cybersecurity and business continuity is the work [must be]done well ahead of the disaster. It has to be part of the fabric of your company, like compliances, like customer service…It’s hard to celebrate cybersecurity—except for the days when you’re the only ones not sweating it. – Andrew Molosky, president and CEO of Tampa-based Chapters Health System

Professionals Input on Preventing A Repeat 

Everyone wants to avoid a repeat. Below is some advice from professionals on preventing this from happening again. 

Phased Check-ins on Endpoint Health

I’m incredibly surprised, even though they call it ‘Rapid Response,’ that [CrowdStrike] doesn’t have some phased approach that allows them to check in on the health of the endpoints that have been deployed … Even with some logical order of customer criticality, they could have circuit breakers to stop a deployment early that they see causes health issues. For example, don’t [update]airlines until your confidence level is higher from seeing the health of endpoints from other customers. –  Andy Domeier, senior director of technology at SPS Commerce

Move Away from Auto-deploying Kernel Module Updates

It is absolutely irresponsible to auto-deploy a kernel module update globally without a health-mediated process or, at least, a recovery path at a lower level of the control plane … Something that remains functional even if the OS deployed on top crashes. – David Strauss, co-founder and CTO at Pantheon

Eliminate Unmanageable Endpoint Complexity

The Windows endpoint environment has reached the point of unmanageable complexity. A steady stream of updates and layering of security features has created a web of complexity that is difficult to manage or fix and therefore promotes risk. Moving Windows to the cloud and replacing the endpoint with a secure by design operating system, such as IGEL OS, can simplify management through centralization and aid in recovery should an outage or breach occur saving millions of dollars in lost productivity. We have grown somewhat numb to the steady stream of data breaches. This latest incident of the shepherd turning on the metaphorical sheep it was protecting highlights that we must consider approaching this problem differently. The move to Windows 11 and the opportunity for cloud transformation, along with the proliferation of SaaS, are proven technologies that can enable a much more secure endpoint strategy. – Jason Mafera, Field CTO at IGEL

Platform, People and Process in Software Testing

It’s not sufficient to just have a great software platform. It’s not sufficient to have highly enabled developers. It’s also not sufficient to just have predefined workflows and governance. All three of those have to come together – Dan Rogers, CEO at LaunchDarkly

Balance Security With Tight Deadlines 

What you don’t want to have happen now is that you’re so worried about making software changes that you have a very long and protracted testing cycle and you end up stifling software innovation  – Dan Rogers, CEO at LaunchDarkly

Security News

The post How to Prevent a CrowdStrike IT Outage Repeat appeared first on Digital IT News.

In a radical move, Praetorian also announced plans to open source all Chariot capability modules. This approach reflects their belief that software is a commodity, and the real value lies in support, solutions, and services that accompany it, along with the continuous threat exposure management platform.

“Our goal is to provide all foundational capabilities for free, while simultaneously betting that the true differentiation lies in our team of offensive security experts standing side by side with our customers’ defensive teams every day, at a price point that makes sense” said Nathan Sportsman, CEO and founder of Praetorian. “While working at Sun Microsystems, RedHat taught us the hard way that software is a commodity. I want to apply those lessons to cybersecurity and rid this industry of overpriced and non-functional security products.

Chariot’s Attack Surface Management (ASM) module will be the first module to roll out into a freemium tier.

Key Features within Chariot’s ASM Module:

• Comprehensive Asset Visibility: Monitor dynamic cloud environments, discover shadow IT and reduce technology sprawl
• Proactive Risk Assessment: Understand business impact and risk of interconnected assets
• Prioritization of Critical Risks: Eliminate the noise, remove false positives and ensure resources are directed at the issues that truly matters
• Continuous Monitoring: Immediately scan for 0-days and attack techniques reported by cyber threat intelligence
• Public and Private Repository Monitoring: Detect exposed secrets, public repositories, and CI/CD misconfigurations

These features empower organizations to maintain strong security postures without the financial burden typically associated with asset discovery. But Praetorian isn’t stopping there. As a fast follow to Chariot’s Free ASM release, Praetorian will release a Breach and Attack Simulation module in the coming weeks. To top this, Praetorian will also release free modules for Vulnerability Management, Cyber Threat Intelligence, and Continuous Penetration Testing, further enhancing Chariot’s free tier capabilities.

Praetorian’s core value proposition is industry-leading offensive security experts supercharged by world-class software and proprietary data. “We believe software is just enablement technology,” said Sportsman. “Enterprises are seeking solutions, support, and services. CISOs don’t have enough budget, they don’t have enough people, and the business does not listen to them enough. We solve all three of those problems by consolidating tech spend, eliminating noise, standing side-by-side with their teams, leveraging our 3^rd party assessor status to provide customers the ammo they need to get things fixed. – all at a price point less than a fully burdened senior FTE hire.”

Modern security teams are drowning in noisy alerts and spread thinly across too many security products. Chariot enables organizations to cut through the noise and consolidate five core security solutions into a single unified platform. Its combination of software plus experts empowers customers to focus on exploitable risks instead of superficial alerts. For more information about Praetorian’s free ASM offering and the Chariot platform, visit praetorian.com  or contact info@praetorian.com. 

Related News:

IT and Security Professionals Think Non‑IT Leaders Don’t Grasp Vulnerability Management

Top Ways to Enhance Your Cybersecurity Defenses

The post Praetorian Offering a Free Version of the Attack Surface Management Platform appeared first on Digital IT News.

Jon Clay, VP of threat intelligence at Trend Micro: “The criminal underground is rapidly professionalizing – with groups beginning to mimic legitimate businesses that grow in complexity as their membership and revenue increases. However, larger cybercrime organizations can be harder to manage and have more ‘office politics,’ poor performers, and trust issues. This report highlights to investigators the importance of understanding the size of the criminal entities they’re dealing with.”

A typical large organization allocates 80% of its operating expenses to wages, with the figure similarly high (78%) for small criminal organizations and cybercrime groups, according to the report. Other common expenses include infrastructure (servers/routers/VPNs), virtual machines, and software.

The study outlined three types of organizations based on size, using examples where Trend Micro collected the most data from law enforcement and insider information.

• Typically, one management layer, 1-5 staff members, and under $500K in annual turnover.
• Their members often handle multiple tasks within the group and also have a day job on top of this work.
• Comprise the majority of criminal businesses, often partnering with other criminal entities.

• Typically have two management layers, 6-49 employees, and up to $50m in annual turnover.
• They usually have a pyramid-style hierarchical structure with a single person in charge.

• Typically have three management layers, 50+ staff, and $50m+ in annual turnover.
• Feature relatively large numbers of lower management and supervisors.
• Implement effective OPSEC and partner with other criminal organizations.
• Those in charge are seasoned cyber-criminals and hire multiple developers, administrators, and penetration testers – including short-term contractors.
• They may have corporate-like departments (e.g., IT, HR) and even run employee programs, such as performance reviews.

According to the report, knowing the size and complexity of a criminal organization and cybercrime groups can provide critical clues to investigators, such as what types of data to hunt for.

For example, larger criminal entities may store employee lists, financial statements, company guides/tutorials, M&A documents, employee crypto wallet details, and even shared calendars to probe.

Understanding the size of targeted criminal organizations can also allow law enforcers to prioritize better which groups should be pursued for maximum impact.

To read a full copy of the report, Inside the Halls of a Cybercrime Business, please visit: https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/inside-the-halls-of-a-cybercrime-business

Related News: 

Sophos Introduces New Endpoint Security Advancements

Netwrix Launches a New SaaS-based Solution for MSPs and Upgrades Product Portfolio

The post Trend Micro Report Shows Cybercrime Groups Resemble Legitimate Businesses appeared first on Digital IT News.

“I applaud that this consummate consortium of nonprofits has formed to actively protect us against security threats to our digital infrastructure and uphold our open internet, combining their knowledge, skills, and tools for the greatest effect,” said Govind Shivkumar, director of responsible technology at Omidyar Network.

Nonprofit Cyber will initially focus on two priorities: building awareness of the work of cybersecurity nonprofits globally and aligning their work to achieve the greatest effect. Envisioned as a “collaboration-of-equals,” each member organization has committed to work in coordination to better serve Internet users globally. Coalition members must be a 501(c)(3) or 501(c)(6) nonprofit if organized under U.S. law or hold an equivalent status if organized under the laws of another country. More information is available at the coalition’s website NonprofitCyber.org and on Twitter at @NonprofitCyber.

The twenty-two founding members of Nonprofit Cyber are the Anti-Phishing Working Group, the Center for Internet Security, the Center for Threat-Informed Defense, the Cloud Security Alliance, Consumer Reports, CREST International, the Cyber Defence Alliance, the CyberPeace Institute, the Cyber Readiness Institute, the Cyber Threat Alliance, the Cybercrime Support Network, the CyberGreen Institute, the FIDO Alliance, the Forum of Incident Response and Security Teams, the Global Cyber Alliance, the National Cyber Forensics and Training Alliance, the National Cybersecurity Alliance, the Open Web Application Security Project, SAFECode, the Shadowserver Foundation, Sightline Security, and #ShareTheMicInCyber. Tony Sager of CIS and Philip Reitinger of GCA will serve as co-chairs as the organization begins operations.

Nonprofit Cyber welcomes applications for new members that work to implement best practices and solutions at scale. Nonprofit Cyber is focused on these organizations, rather than lobbying or policy development and advocacy organizations, or industry associations.

Information on joining Nonprofit Cyber can be found at its website.

About the Nonprofit Cyber Founding Members

The Anti-Phishing Working Group (APWG) is the international coalition unifying the global response to cybercrime across industry, government and law-enforcement sectors and NGO communities. Learn more at https://apwg.org.

The Center for Internet Security (CIS) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation. Learn more at https://cisecurity.org.

The Center for Threat-Informed Defense (CTID) is a non-profit, privately funded research and development organization whose mission is to advance the state of the art and the state of the practice in threat-informed defense globally. Learn more at https://ctid.mitre-engenuity.org/.

The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment. Learn more at https://cloudsecurityalliance.org.

Consumer Reports (CR) is an independent, nonprofit member organization that works side by side with consumers for truth, transparency, and fairness in the marketplace. Learn more at https://www.consumerreports.org.

CREST International is an international not-for-profit accreditation and certification body that represents and supports the technical information security market. Learn more at https://crest-approved.org.

The Cyber Defence Alliance (CDA) is a not for profit members organization based in London working on behalf of financial institutions to proactively share threat intelligence and expertise to prevent and disrupt cyber attacks, liaise with Law enforcement agencies to target cybercriminal networks and apprehend the most prolific offenders. The CDA works on a cross sector basis and with like minded organizations on an international basis to address the global threat from cybercrime. The CDA also provides a 24/7 incident response capability to support the member organizations and the UK Financial Services Cybercrime Collaboration Centre (FSCCC) during major cyber incidents.

The Cyber Readiness Institute (CRI) mission is to empower small and medium-sized enterprises with free tools and resources to help them become more secure and resilient. Learn more at https://cyberreadinessinstitute.org.

The Cyber Threat Alliance (CTA) is working to improve the cybersecurity of our global digital ecosystem by enabling near real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field. Learn more at https://www.cyberthreatalliance.org.

The Cybercrime Support Network’s (CSN) mission is to serve individuals and small businesses impacted by cybercrime. Learn more at https://cybercrimesupport.org. ‘

The CyberGreen Institute (CyberGreen) is dedicated to mobilizing a global community of experts, business leaders, and policymakers to revolutionize cybersecurity through the development of a science of Internet Public Health. Learn more at https://www.cybergreen.net.

The CyberPeace Institute is a nongovernmental organization whose mission is to reduce the harms from cyberattacks on people’s lives worldwide, provide assistance to vulnerable communities and call for responsible cyber behaviour, accountability and cyberpeace. At the heart of the CyberPeace Institute’s efforts is the recognition that cyberspace is about people. Learn more at https://cyberpeaceinstitute.org

The FIDO Alliance is an open industry association with a focused mission: authentication standards to help reduce the world’s over-reliance on passwords. The FIDO Alliance promotes the development of, use of, and compliance with standards for authentication and device attestation. Learn more at https://fidoalliance.org/.

The Forum of Incident Response and Security Teams (FIRST) aspires to bring together incident response and security teams from every country across the world to ensure a safe internet for all. Learn more at https://www.first.org.

The Global Cyber Alliance (GCA) builds practical, measurable solutions and tools that are easy to use, and works with partners to accelerate adoption around the world. Learn more at www.globalcyberalliance.org.

The National Cyber Forensics and Training Alliance (NCFTA) was established in 2002 as a nonprofit partnership between private industry, government, and academia. The NCFTA provides a neutral environment for operational collaboration in the ongoing effort to identify, mitigate, and disrupt cyber crime. Learn more at https://www.ncfta.net.

The National Cybersecurity Alliance (NCA) advocates for the safe use of all technology and educates everyone on how best to protect ourselves, our families, and our organizations from cybercrime. Learn more at www.staysafeonline.org.

The Open Web Application Security Project® (OWASP) is a nonprofit foundation that works to improve the security of software. Through community-led open-source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web. Learn more at https://owasp.org.

SAFECode is a global industry forum where business leaders and technical experts come together to exchange insights and ideas on creating, improving, and promoting scalable and effective software security programs. Learn more at https://safecode.org.

The Shadowserver Foundation’s (Shadowserver) mission is to make the Internet more secure by bringing to light vulnerabilities, malicious activity and emerging threats. Learn more at https://shadowserver.org.

#ShareTheMicInCyber (#STMIC) is an online movement to address issues stemming from systemic racism in cybersecurity. The social media campaign highlights the experiences of Black practitioners in this field, catalyzes a critical conversation on race in the industry, and shines a light on Black practitioners’ accomplishments to showcase them as experts in their fields all while creating professional opportunities and bringing the cyber community together. Learn more at www.sharethemicincyber.com.

Sightline Security is a nonprofit security organization whose mission is to equip, empower, and support global nonprofits to navigate and embed cybersecurity into their organizations with confidence—founded to address the lack of cybersecurity adoption in the nonprofit sector by offering a holistic, business, and community-centric approach designed to embrace cybersecurity best practices. At Sightline, there is a world where nonprofits have the confidence, knowledge, and business acumen to stay protected in a digital world. Learn more at https://sightlinesecurity.org.

The post Cybersecurity Nonprofits Team Up to Form “Nonprofit Cyber” Coalition appeared first on Digital IT News.

With cyberattacks — especially ransomware — on the rise, IT teams and security professionals must be on the alert as never before. Here are six specific predictions from Ilia Sotnikov, cybersecurity expert and VP of User Experience & Security Strategist at Netwrix:

1. Legislation will increase as security incidents at private companies affect national security. The impact of ransomware and other cyberattacks is no longer limited to just the victim company anymore; attacks are now affecting entire regions. For instance, attacks on companies that supply food or fuel have led to empty shelves in supermarkets and long queues at gas stations. Therefore, we can expect that security requirements for private organizations in critical sectors to become tougher. In particular, notification rules will be affected, as governments need more visibility into the specifics of cyberattacks in order to improve legislation. In some cases, governments may opt to use proverbial carrots as well as sticks, such as tax breaks that reward organizations for investing in cyber defenses.
2. Cyber insurance costs will increase and policies will mandate higher security standards. With insurance payouts becoming both more frequent and more costly, the cost of cyber insurance has already skyrocketed: Prices rose 96% in the US and 73% in the UK for the third quarter of 2021 compared to the same quarter last year. We expect continued increases in 2022. Moreover, insurance policies will require implementation of critical controls that reduce the risk of cybersecurity incidents. With attacks becoming increasingly common, insurance companies will pay in exceptional cases only.
3. More attacks will target MSPs as a path to infiltrate large enterprises or government agencies. Attackers have seized upon a very effective strategy for getting access to large organizations — through the relatively weaker IT infrastructures of SMBs that provide them with services. Accordingly, managed service providers (MSPs) will need to increase both the breadth and depth of their security measures, since many SMBs rely upon them on their security.
4. Quantum computing will begin to disrupt encryption. Most cryptographic algorithms today rely on the premise that there’s no processor sufficiently powerful to crack them in a reasonable timeframe — but quantum computing will allow such a processor to exist. While this technology is still far from any practical application, concern is growing. For example, the U.S. has announced export controls on eight Chinese quantum computing companies because of worries about China’s ability to break encryption. As the technology matures, we can expect more widespread adoption of post-quantum encryption standards.
5. Companies will need to address challenges in machine learning. Well over half (59%) of large enterprises today are already using data science (DS) and machine learning (ML). However, these techniques bring risks as well as benefits. ML algorithms are especially vulnerable in the learning phase because bad actors can poison the input in order to subvert the results, which can break critical processes and even put lives in danger in cases such as healthcare or traffic lights in a smart city. Organizations using ML must understand these threats and redouble their efforts to defend against them.
6. Attackers will use residential home networks as their infrastructure. A home network is much easier to infect with malicious software than a professionally secured enterprise IT environment. With processing power and bandwidth connectivity in residences increasing, home networks will become more attractive to bad actors. For example, by infecting many devices, they will be able to change IP addresses or even domain names dynamically during malware campaigns, thwarting common defenses like IP blocking and DNS filtering. IT teams should keep this new threat vector in mind when reviewing their security strategies and incident response plans. Moreover, the IT industry should seek to increase user awareness and best practices adoption to reduce the number of easy victims.

“Prioritization is the only way for organizations to manage the risk of cyberattacks in this new era of advanced technologies that can be used for both good and evil,” says Ilia Sotnikov, VP of User Experience & Security Strategist at Netwrix. “Simply put, organizations need to focus on securing their most important and valuable assets from the most likely incidents, and update their policies regularly. It is increasingly obvious that cyber insurance is not a lifebuoy. Risk assessment is first and foremost our own responsibility.”

Related News:

Netwrix SbPAM Continues to Minimize Privileged Access Security Risks

Cybersecurity Predictions for 2022 Unveiled by Query.AI

The post Be Aware of These Six Cybersecurity Trends in 2022 appeared first on Digital IT News.

With the key new capabilities in Netwrix SbPAM 3.5, organizations can:

• Protect their cloud environment by eliminating standing privileged accounts in Azure AD, thereby improving control over admin activity and reducing administrative burden.  
  
  
• Reduce network attack surface with on-demand privileged accounts for Cisco devices, which minimize the risk of privilege abuse and enable easier management of privilege.
  
  
• Secure critical data that resides in AD-integrated web applications and take control of shared access to web resources.
  
  
• Minimize security and business risks by removing superusers and instead with providing task-based, temporary privileged access for Linux.

Other enhancements enable organizations to:

• Disable remote desktop protocol (RDP) after each admin session to block ransomware and other cyberattacks and avoid unauthorized RDP connections.
  
  
• Detect security threats resulting from changes to critical files during privileged sessions to strengthen threat detection and investigation and minimize the chance of business disruptions.  
  
  
• Detect threats, streamline investigations and prove compliance by sending logs of privileged activity to SIEM solutions.

“Netwrix SbPAM is so simple to install and get running that we could not have solved our privileged account management problem without it. With Netwrix SbPAM we implemented privileged access management for our critical systems in days instead of months and it seamlessly integrated with our current systems and security controls,” said Craig Larsen, Information Systems Administrator at Eastern Carver County Schools.

“Compromise or misuse of admin accounts remains one of the top causes of data breaches and business disruptions today. Organizations, regardless of vertical or size, need to improve privileged access management to minimize these risks — but they are often concerned by the high cost and complexity of deployment,” said Steve Dickson, CEO at Netwrix. “Netwrix SbPAM solves this dilemma. Its simple and efficient design helps organizations dramatically improve security, yet it is easy to implement and offers a remarkably fast time to value.”

Netwrix SbPAM enables organizations to minimize their attack surface by eliminating standing privileged accounts. By granting admins just enough privilege to complete a given task and removing that privilege immediately afterwards, organizations can dramatically reduce the risk of data breaches, business disruptions and compliance failures. Plus, easy deployment and implementation means faster time to value than traditional solutions. Customers can even keep using their current tools, such as Remote Desktop Connection Manager or a password vault, but make them more secure by integrating them with Netwrix SbPAM.

Netwrix SbPAM 3.5 is globally available now. Download a free trial and get more information by visiting www.netwrix.com/sbpam3.5.html

Image licensed by pixabay.com

Related News:

Netwrix Enhances Cloud Security with New Version of StealthAUDIT

Speed the Detection of Threats to Sensitive Data and Enhance the Security of Cloud Environments with Netwrix Auditor X

The post Netwrix SbPAM Continues to Minimize Privileged Access Security Risks appeared first on Digital IT News.

The post Netwrix Enhances Cloud Security with New Version of StealthAUDIT appeared first on Digital IT News.

In 2009, there were an estimated 12.4 million malware-related cyber attacks that took place around the world. Flash forward to 2018 and that number had ballooned to an alarming 812.67 million instances. The still ongoing COVID-19 pandemic has only made matters worse, as these types of events have rapidly increased in volume thanks to the large number of employees that suddenly found themselves working remotely on inherently insecure systems. 

But while it’s absolutely true that the vast majority of these attacks happen via email and techniques like phishing, that doesn’t mean other elements of your business are immune. Case in point: your business cloud phone system. Without the right, proactive approach to cybersecurity, this is absolutely a vulnerability just waiting to be exploited by someone who knows what they’re doing. Therefore, to truly keep yourself, your employees and your business as safe as possible, there are a number of important things you’ll need to keep in mind.

Secure Your Phone System, Secure Your Business

By far, the most important best practice to follow when securing your cloud-based business phone system involves making sure that all of your endpoints and phones are NOT using the default login information. This is true even if they’re situated behind a firewall on your local area network.

The issue with the default login information is that it’s the same for all devices purchased from the same manufacturer. The standard username/password combination is typically something akin to “admin/password.” If someone attempts to infiltrate your system, this is absolutely the first combination that they’ll try and if you haven’t changed it yet, you’ve essentially invited them into your system – and thus the network behind it all.

For the best results, always use a unique username and a password with a strong combination of numbers, letters and special characters. Longer passwords are always better than shorter ones and if you have a hard time remembering complicated passwords, use a password manager to make it all easier.

Likewise, you’ll always want to make sure that your endpoints and phones area always running the latest firmware that is supported. Many don’t realize that firmware updates do more than just add new features – they also patch vulnerabilities and include security fixes to prevent people from entering your system undetected.

On an ongoing basis, you should also monitor your call logs for suspicious calls – particularly from callers that you’re totally unfamiliar with. You should also put a policy in place to control your international calling with PIN codes – or disable it entirely if it’s not relevant to your business. 

Along the same lines, you’ll want to strictly control admin access to the system and keep your logins regularly updated. Only the people who need access to administrative functions to do their jobs should have it and all employees should have to change their passwords on a regular basis for maximum security.

Beyond that, you also need to make an effort to instruct your staff, your customers and your clients to never leave sensitive information in voice mail messages – dong so is only asking for trouble. This is especially true if those voice mails can be easily duplicated, emailed or texted back out in other formats. If someone leaves sensitive information in a voicemail that can easily be exported as a .WAV mile or a text transcription, there’s no telling where it could possibly end up. Always wait to deliver sensitive information until someone is actually on the line.

In the end, it’s important to understand that this level of cybersecurity is not something you “do once and forget about.” Hackers and other people with malicious intentions are always working to stay one step ahead of you, so you need to do the exact same thing. By following the best practices outlined above when it comes to your business cloud phone system, you’ll go a long way towards protecting you – and everything you’ve already worked so hard to build – from those who wish to do you harm. 

Richard Hill is the President of SafeCall, Inc., a provider of cloud based business telephone systems, carrier services, and telecom consulting. 

Image licensed by: Unsplash.com

Related News:

Passwords Are Being Phased Out as a Result of Hybrid Work

CPowered Performance Solutions for Data Centers

The post Security Tips for a Business Cloud Phone System appeared first on Digital IT News.

The remote workforce and third-party access are elevating the security risk for business. Moving network protection to endpoints, RevBits ZTN isolates and protects internal assets, without implementing complicated network segmentation. Supporting a default no-trust security posture, RevBits ZTN provides in-transit data security through encryption, secure access to applications and services, and network security through user and device authentication.

“As enterprise threat levels rise, rethinking cybersecurity and perimeter control is paramount,” said David Schiffer, CEO at RevBits. “It is no longer a matter of ensuring data encryption for remote users through a VPN as a complement for network security; organizations must adopt a default no-trust posture.”

Building upon its technological innovation in the access management marketplace, through the award-winning RevBits Privileged Access Management (PAM), RevBits ZTN expands access management and control to the individual user level, with unified visibility and analytics, from a single vendor.

Virtual Private Networks (VPNs) have been the main security tool for remote access. However, VPN protection stops at the network perimeter, leaving the internal network vulnerable. VPN provides a level of protection by encrypting data in transit and a layer of obfuscation. However, it doesn’t authenticate users or their devices, leaving the network open to attackers if VPN credentials are stolen.

RevBits ZTN provides data security with encryption and granular access control to digital assets, by authenticating all users and devices. “Based on our unique architecture and patent-pending technologies, RevBits ZTN provides best in class protection,” said Mucteba Celik, CTO at RevBits. “By combining the principles from our PAM solution, RevBits ZTN delivers data encryption, comprehensive obfuscation, granular user and machine access control, and monitoring to protect digital infrastructure.”

RevBits ZTN feature highlights

• Proxy servers located in 24 globally distributed cloud regions for fast, secure connections and automatic scaling.
• Multiple options for user authentication, including fingerprint, facial recognition, YubiKey, SAML, MFA and others.
• Control every aspect of a remote session, including monitoring, reviewing, recording and killing sessions with one click.

Image licensed by pixabay.com

Related News:

PC Matic Selected by NIST’s National Cybersecurity Center of Excellence to Demonstrate Zero Trust Architectures

The Availability of the IGEL OS Integrations Help Businesses Solve for Work-from-Anywhere Businesses

The post RevBits Zero Trust Network Strengthens Network Security and Protects Digital Assets appeared first on Digital IT News.