Posts

Simple Cybersecurity Tips from CISA to Protect Your Business

The Cybersecurity and Infrastructure Security Agency (CISA) recommends businesses keep it simple and focus on these four critical actions now:

  • Teach Employees to Avoid Phishing – Phishing happens when criminals trick employees into opening malicious attachments or sharing personal info. Implement training to teach employees how to identify and report suspicious activity.
  • Require Strong Passwords – This is one of the easiest ways to protect your business from criminals who might otherwise access your accounts by guessing or using automated hacking programs.
  • Require Multifactor Authentication – Use more than a password when signing into accounts, such as a texted code, authenticator app or biometrics – to make them much safer than a password alone! MFA protects accounts by requiring additional authentication to prevent access by others.
  • Update Business Software – Defects in software, routers, VPNs and apps can give criminals an opening to your accounts. Software manufacturers publish patches, but you must install them to be protected! Don’t use outdated software. Keep business software up to date.

Need help with your UC or Voice communications security? Contact TCI today at (703) 321-3030 or info@tcicomm.com.

 

6 Best Practices for a Stronger Cybersecurity Posture

How to Fortify Your Digital Fortress

Effective cybersecurity is not a “set it and forget it” panacea but an active, ongoing process. To establish a robust security foundation, your IT team must diligently implement and maintain these critical best practices:

1. Restrict Administrator Privileges

Limit administrator access on user devices. This simple step can thwart many attacks that rely on users inadvertently running malicious software. Without admin rights, users can’t install unauthorized programs, significantly reducing your attack surface.

2. Stay Current with Patches

Keeping software up to date is one of the most cost-effective security measures. Enable auto-updates where possible and prioritize vulnerabilities listed in CISA’s Known Exploited Vulnerabilities Catalog. Remember, many successful attacks exploit known vulnerabilities that have not yet been patched.

3. Implement and Verify Backup Systems

Don’t fall victim to ransomware due to inadequate backups. Regularly schedule backups for all critical systems and, crucially, test both partial and full restorations. Develop a comprehensive backup strategy, including frequency (continuous, hourly, weekly) and a detailed restoration plan.

4. Encrypt Laptop Drives

While smartphones and Chromebooks typically come with built-in encryption, Windows and Mac laptops often require manual configuration. Given the frequency of laptop theft or loss, ensuring your entire fleet has encrypted drives is essential for data protection.

5. Enforce Multi-Factor Authentication (MFA)

Don’t rely on user compliance alone. Implement technical controls to mandate MFA across your organization. Regularly audit for non-compliant accounts, paying special attention to new hires and staff who’ve recently changed devices.

6. Prioritize MFA for Admin Accounts

System administrators are prime targets for cybercriminals. Surprisingly, Microsoft reports that only about half of Azure Active Directory global admins use MFA. Make it a non-negotiable policy for all admin accounts to use MFA, as compromised admin credentials can lead to catastrophic breaches.

By consistently applying these practices, you’ll significantly enhance your organization’s cybersecurity posture, making it far more resilient against common attack vectors.

Your organization’s Voice Communications need to be protected too. Make sure your systems are secure. Contact TCI at (703) 321-3030 or GetHelp@tcicomm.com.
 

Shields Up in 2024 – Recommended Cybersecurity Guidance for DC Region Organizations

As the nation’s cyber defense agency, CISA helps organizations prepare for, respond to, and mitigate the impact of cyberattacks.

CISA’s Shields Up campaign is a heads-up to every organization—large and small— to adopt a heightened posture when it comes to cybersecurity and protect your most critical assets against disruptive cyber incidents. Important recommended actions to protect your organization include:

Reduce the likelihood of a damaging cyber intrusion

  • Validate that all remote access to your organization’s network and privileged or administrative access requires multi-factor authentication.
  • Ensure that software is up to date, prioritizing updates that address known exploited vulnerabilities identified by CISA. Details: https://www.cisa.gov/known-exploited-vulnerabilities-catalog/
  • Confirm that your IT personnel have disabled all ports and protocols that are not essential for business purposes.
  • If you’re using cloud services, ensure that IT personnel have reviewed and implemented strong controls outlined in CISA’s guidance.
  • Sign up for CISA’s free cyber hygiene services, including vulnerability scanning, to help reduce exposure to threats.
  • Leverage CISA resources at https://www.cisa.gov/resources-tools

Take steps to quickly detect a potential intrusion

  • Ensure that cybersecurity/IT personnel are focused on identifying and quickly assessing any unexpected or unusual network behavior. Enable logging to better investigate issues or events.
  • Confirm your entire network is protected by antivirus/antimalware software and that signatures in these tools are updated.
  • If working with Ukrainian organizations, take extra care to monitor, inspect, and isolate traffic from those organizations; closely review access controls for that traffic.

Ensure you’re prepared to respond if an intrusion occurs

  • Designate a crisis-response team with main points of contact for a suspected cybersecurity incident and roles/responsibilities within your organization, including technology, communications, legal and business continuity.
  • Assure availability of key personnel; identify means to provide surge support for responding to an incident.
  • Conduct a tabletop exercise to ensure that all participants understand their roles during an incident.

Maximize your organization’s resilience to a destructive cyber incident

  • Test backup procedures to ensure that critical data can be rapidly restored if the organization is impacted by ransomware or a destructive cyberattack; ensure that backups are isolated from network connections.
  • If using industrial control systems or operational technology, conduct a test of manual controls to ensure that critical functions remain operable if the organization’s network is unavailable or untrusted.

By implementing this guidance, you can make near-term progress toward improving cybersecurity and resilience.

We also recommend a visit to www.StopRansomware.gov – a centralized CISA webpage providing ransomware resources and alerts.

If you’re not confident about how secure or compliant your Voice communications are, TCI can help. Call us today at (703) 321-3030 or GetHelp@tcicomm.com.
 

Stay Safe and Keep it Simple… 4 Essential Actions to Take During Cybersecurity Awareness Month

The theme of CISA’s, the Cybersecurity and Infrastructure Security Agency, Cybersecurity Awareness Month is “Secure Our World.” They are asking all of us to do our part.

CISA offers helpful tips, videos and resources to protect yourself, your family, and your business from online threats here:

https://www.cisa.gov/secure-our-world

CISA recommends all of us – individuals, families and businesses – to keep it simple and focus on these four critical actions this month – and all year long.

  • Use Strong Passwords – Strong passwords are long, random, unique, and include all four character types (uppercase, lowercase, numbers and symbols). Password managers are a powerful tool to help you create strong passwords for each of your accounts.
  • Turn On MFA – You need more than a password to protect your online accounts and enabling MFA makes you significantly less likely to get hacked. Enable MFA on all your online accounts that offer it, especially email, social media and financial accounts.
  • Recognize & Report Phishing – Be cautious of unsolicited messages asking for personal information. Avoid sharing sensitive information or credentials with unknown sources. Report phishing attempts and delete the message.
  • Update Software – Ensuring your software is up to date is the best way to make sure you have the latest security patches and updates on your devices. Regularly check for updates if automatic updates are not available.

Your UC and Voice Communications need to be protected too. Need help with your UC or Voice communications security?

Contact TCI today at (703) 321-3030 or GetHelp@tcicomm.com.