Trusted Tips and Resources

Trusted Tips & Resources

Trusted Saskatoon IT Pro's at Burnt Orange Discuss the Purpose of a Cybersecurity Audit

Gareth McKee and his Trusted Saskatoon IT team at Burnt Orange Solutions promise to have a one-hour response time for all your IT support needs. Honesty and respect are important to them. They pride themselves on ensuring their clients understand IT concerns by providing a straightforward and reliable solution with exceptional service. Burnt Orange Solutions are your Trusted Saskatoon IT Experts. In their latest Saskatoon IT expert tip, Gareth shares the purpose of a cybersecurity audit. 

WHAT IS A CYBERSECURITY AUDIT?


If you were hit by a cyber attack tomorrow, is your business ready? Ensuring the appropriate cybersecurity measures are in place is vital in protecting your business. A cybersecurity audit is a helpful tool in assessing the cyber security strength of your business and ensuring important information remains secure.

What Is A Cybersecurity Audit?

A cybersecurity audit is a comprehensive review of your business’s IT infrastructure. Cybersecurity audits are helpful as they detect vulnerabilities, recognize threats, and reveal high-risk practices in relation to IT security. Cybersecurity audits are all about data security and protecting information to ensure cybercriminals are unsuccessful in their hacking attempts.

What Does It Cover?

A cybersecurity audit involves a full audit of your business’s cybersecurity measures in order to assess risk, detect vulnerabilities, and recognize threats across all areas. These areas include but are not limited to:
  • Data Security – Involves a review of network access control, encryption use, data security at rest, and transmissions. 
  • Network Security – Involves a review of network and security controls, antivirus, and security monitoring capabilities. 
  • System Security – Involves a review of hardening processes, patching processes, privileged account management, and role-based access.
  • Physical Security – Involves a review of disk encryption, role-based access controls, biometric data, and multifactor authentication.
If it has been a while since you revisited your business’s cybersecurity measures, they are likely out of date and may no longer be effective. A cybersecurity audit will help ensure your business is prepared in the event of a cyber attack. 

If you have any questions regarding cyber security and how we can help secure your data, contact the IT experts at Burnt Orange IT Solutions. We can help your business mitigate risk, and be prepared for any IT-related emergency.


Burnt Orange IT Solutions Products & Services:

"IT Support You Can Trust and Understand"

Burnt Orange Solutions are your Trusted Saskatoon IT Experts

Trusted Saskatoon IT Pro's at Burnt Orange Explain Antivirus Mechanisms and Attacks

Gareth McKee and his Trusted Saskatoon IT team at Burnt Orange Solutions promise to have a one-hour response time for all your IT support needs. Honesty and respect are important to them. They pride themselves on ensuring their clients understand IT concerns by providing a straightforward and reliable solution with exceptional service. 

Burnt Orange Solutions are your Trusted Saskatoon IT Experts.  In their latest Saskatoon IT expert tip, Gareth shares why antivirus is useless against modern attacks. Antivirus software identifies malware and detects threats. However, now that attacks have evolved, today’s threats are able to get around Antivirus mechanisms.

WHY ANTIVIRUS IS USELESS AGAINST MODERN ATTACKS

Antivirus Software (AV): Signature-Based Approach

Antivirus software identifies malware based on signatures. These signatures are like fingerprints, and each malware has a unique pattern. Antivirus software contains the memory of each signature that it uses to identify malicious threats. Each time antivirus software recognizes new malware, antivirus companies add the signature to their blacklist. These blacklists contain the signatures that are denied access to your system. Thus, Antivirus protects your system by blocking these specific signatures from attacking.

Why Antivirus Software is Not Sufficient

This signature-based approach worked for detecting older malware that had already been identified and labelled. In the past, provided the malware was known, and your antivirus company’s signatures were up to date, you were protected. Unfortunately, threats have evolved and malware is not the only concern. Specifically, today’s threats include targeted attacks using unknown malware variants, file-less malware attacks, and exploits that leverage unknown software vulnerabilities. As a result, these persistent threats and ransomware attacks can all bypass antivirus detection. 

Another concern is that malware development has shifted. Attackers now test their malware against antivirus programs to ensure it can bypass them. In addition, attackers invent new malware at a faster rate. Thus, antivirus companies are unable to keep up with blacklisting all the signatures. Also, new types of malware can now go undetected by signature. New malware is hard to detect because it is polymorphic, meaning it changes as it spreads. Overall, as threats grow, Antivirus is no longer sufficient. 

Why Keep Using Antivirus If It Is Useless Against Modern Attacks?

The bottom line is antivirus software is necessary for legal and compliance purposes. For example, the Payment Card Industry Data Security Standard (PCI DSS) requires up-to-date antivirus software for organizations that store, process, or send credit card information. Not to mention, a lack of antivirus protection makes companies appear irresponsible. This jeopardizes a company’s ability to collect insurance if a breach or lawsuit should occur. 

Though antivirus cannot detect modern threats, it does provide a certain degree of protection. As long as your current antivirus program can identify and block even half of the malware signatures, it is worth using. However, it must not be the only line of defence. 

Overall, as threats grow more advanced, an antivirus alone is not enough to protect your company. A more comprehensive IT strategy is a necessity. Contact the IT experts at Burnt Orange IT Solutions. We can help your business mitigate risk, and be prepared for any IT-related emergency. 

We hope this article gave you some insight. If you want to ensure your business’s IT security, contact the Trusted Saskatoon IT professionals at Burnt Orange Solutions and we can take IT worries off your plate.


Trusted Saskatoon IT Pro’s at Burnt Orange Solutions Owner Shares 5 Tips To Secure Data

Gareth McKee and his Trusted Saskatoon IT team at Burnt Orange, promise to have a one-hour response time for all your IT support needs. Honesty and respect are important to them. They pride themselves on ensuring their clients understand IT concerns by providing a straightforward and reliable solution with exceptional service. Burnt Orange Solutions are your Trusted Saskatoon IT Experts and in their latest Saskatoon IT tip, Gareth provides 5 tips on how to safely secure data at your company. 


GARETH'S 5 TIPS TO SECURE DATA AT YOUR COMPANY

Secure Data with Gareth’s 5 Tips for Your Company

Owner of Burnt Orange IT Solutions, Gareth McKee, provides his top 5 tips on how to secure data safely and improve the security of your data at your company. Watch the video below or read on.

1. Secure Data with the Use of Strong Passwords

According to Forbes, in the last 6 months of 2019 over 4 billion records were exposed by data breaches. Included in these records were over 1 billion passwords retrieved.

The top 5 easiest passwords to hack are:

#1 – 12345

#2 – 123456

#3 – 123456789

#4 – Test1

#5 – Password

But they are not always the easy ones to crack by hackers, as shown here:

#21 – princess

#30 – monkey

#48 – chocolate

#97 – babygirl

So, what do we learn from this? There are ‘bots’ and phishing scams active every day on the internet, looking to gain access to your network, steal your data or encrypt it to extort money from you.

What Does a Strong Password Look Like?

Strong passwords need 2 things: length and complexity. Both are really easy to achieve with a little imagination. Let’s firstly achieve the length. Rather than think of a passWORD, think of passwords (plural) or a passPHRASE.

One solution is to think of 4 unrelated words such as:

#Potato plastiC either strong!

The above is 30 characters and notice I have added the # and ! to make it a little more complex.

Or, you can use a phrase such as:

!Theres a m00se 0n the 100se#

The above is 29 characters. Replacing letters with numbers can be a good way to achieve complexity (for example, changing O’s to zero’s).

The best solution is to use a password manager, which is a secure app that remembers all your complex and long passwords for you so all you have to remember is the 1 password to the manager.

2. Secure Data by Locking Your Computer

How easy would it be for someone to walk past an office, walk-in and steal data from an unlocked PC? This happens more often than you think, and whether it is a disgruntled employee or a stranger who has walked into your building, it is so easy to steal data in this way.

The solution is to have your PC lock itself after a certain amount of inactivity. This is easy to achieve, simply decide the length of inactivity before allowing your PC to lock. I recommend 5 minutes.

Looking after a network properly can be a difficult and time-consuming job so to make your life easy, engage with a local, professional IT Security company such as Burnt Orange IT Solutions. You will find that the money spent on network security is easily recovered by staff efficiencies.

3. Receive a Suspicious Email? Call the Sender Before You Click

Email spoofing costs businesses millions of dollars every year. I am sure you can remember Saskatoon City Council being duped in 2019 to the price of $1 million.

If even a known client emails you asking to transfer money, providing you with new banking details, large orders, or asking you to click anywhere, call the client to ensure the information has come from them directly. A quick phone call can save a lot of money, embarrassment, and is a way to secure data. This should be a standard practice in your office. If you don’t have an Acceptable Use Policy or User Best Practice Policy in your organization, contact your best local IT company. They can help you achieve the best practices in your business.

4. Take a Breath

We all have 10 hours of work to complete in an 8 hour day, but just by taking 1 second to look at an email can save a lot of heartache. Hovering over an email address or a web link can show you where it is actually directing the click. Just because the link reads www.rbc.com, this does not mean it will direct you there.

Also, hackers often send a link which looks real, but is slightly misspelt, for example:

https://www.saskatoononliinetrucks.com/saskatoon/cheapestdeals/buytoday

if you look closely there are two ‘i’s in online. In a busy day that may be easy to miss, you navigate to a website with a virus, allowing it to download, the virus waits a day and ultimately encrypts all the data on your server. Not a good day for you or your company.

The accepted solution here is to put DNS protection in place. This service scours the internet all day, looking for dangerous websites, whether they are legit or not, and if a dangerous website is found, the service will stop you from accessing the website. If you can’t access the website, you cannot download the virus. Simple as that! Professional IT companies offer this service for a fraction of the cost of the downtime experienced should a virus be download by accident. Contact your local IT company for help.

5. Back Up Your Data

Even in a small office where there is no ‘real’ server, it is always a good idea to treat one of the PCs as a file server. Have all the data held there, back up that PC, and only that PC. This makes the backup and recovery activity simple and easy. Impose a rule that all data must be held on that PC. Configure each PC to share to that PC. Complete this task and you have just saved yourself days of non-productivity in a recovery situation.

The best backup solutions today backup to the cloud. They will:

Encrypt your data before it leaves your PC,

Be password protected,

Be automated,

and YOU will test it, at least once per month to ensure the data can be recovered.


A backup that does not work when you need it is as much use as a chocolate fireguard. Test it before you need it. As with all the problems discussed, your local professional IT security firm can help you with all these tasks, and for much less than you think.

If you have any questions, please do not hesitate to reach out to Burnt Orange IT Solutions.

We hope this article gave you some insight. If you want to ensure your business’s IT security, contact the Trusted Saskatoon IT professionals at Burnt Orange Solutions and we can take IT worries off your plate.

Burnt Orange IT Solutions Products & Services:

  1. Managed Networks

  2. Backup and Recovery

  3. Data and Network Security

  4. Hosted Services

  5. Telephone Systems

  6. Secure WiFi Networks

"IT Support You Can Trust and Understand"

Burnt Orange Solutions are your Trusted Saskatoon IT Experts

Categories

Previous Posts

ADDRESS

S & E Trusted Online Directories Inc
TrustedSaskatoon.com
310 Wall St #209
Saskatoon, SK   S7K 1N7
Ph: 306.244.4150

GET THE APP

App Store Google Play
Follow us on Facebook Instagram Linked In Twitter YouTube RSS Feed
Abex
Abex
Stevies
Sabex
NEYA
Website hosting by Insight Hosting