OFM Computer Systems

The Business Approach to Computer Solutions

News

The latest News from OFM Computer Systems
The latest news and updates from OFM.

7 Elements of an Effective Defense in Depth (DiD) Security Strategy

by

How to Strengthen Your IT Environment With Layers of Protection

In simple terms, DiD is a cybersecurity approach in which multiple defensive methods are layered to protect an organization. Since no individual security measure is guaranteed to endure every attack, combining several layers of security is more effective. This layering approach was first conceived by the National Security Agency (NSA) and is inspired by a military tactic of the same name. But in IT, the approach is intended to prevent an incident and not delay it as in the military.

Download the Full Article here

OFM BCDR Checklist

by

OFM recommends and implements a backup solution that addresses the risks presented by data loss associated with hardware malfunctions, human error, cyber events and adverse events resulting from natural processes.

Our solution is Air Gapped and offers an aspect often overlooked or unknown.  Immutability.

Immutable backups protect data by making it fixed and unchangeable, and maintain the desired number of recovery points while preventing any source from tampering with existing data storage blocks.

When implemented properly, businesses enjoy the benefit of having a collection of backups that guarantee recovery by finding and recovering the last clean backup you have on record.

Immutable backups significantly lower the risk related to accidental and intentional deletion of data, as well as ransomware attacks or other cyber events.

Immutable backups are one component OFM’s Security Stack we recommend to cost effectively address the risks which confront small businesses.

OFM BCDR Checklist

7 Common Security Risks That Can Expose IT Vulnerabilities

by

Lack of Regular Patches and Updates
While an IT device may be secure at the time of purchase, hackers eventually detect new bugs and vulnerabilities. Only regular updates and patches can save a vulnerable device. However, many IT device manufacturers deploy security patches irregularly. Therefore, cybercriminals get sufficient time to crack the security protocols and access business-sensitive data.

Insufficient Password Protection
Hard-coded and embedded credentials — such as pre-configured passwords set by manufacturers — provide an easy passageway for cybercriminals to enter business networks if they’re not reset on a regular basis. When an entire product line has the same credentials (such as username: admin and password: admin), it creates a golden opportunity for hackers to exploit your network.

Unsecure Interfaces
Just securing your IT device is not enough. Securing the web, application API, cloud and mobile interfaces is also important. Unsecured interfaces lacking strict authentication and authorization protocols play right into the hands of cybercriminals.

Usage of Vulnerable Third-Party Applications
There are multiple third-party software applications available on the internet that you can integrate into the IT ecosystem. However, verifying their authenticity can be difficult. Installing such applications without caution could result in threat agents entering the system and corrupting the embedded database.

Improper Device Tracking
IT manufacturers usually configure unique device identifiers to monitor and track devices. However, some manufacturers do not follow a standard security policy. In such cases, detecting suspicious online activity becomes difficult.

Inadequate Data Protection
There is a significant chance for data compromise when data collected by an IT device moves across a network and gets stored in a new location. Lack of encryption or access control of business-sensitive data within the ecosystem (both at rest and in transit) invites hackers.

Skills Gap
If end users do not have sufficient knowledge about the IT device, it can lead to a cyberattack. An untrained employee may be unaware that even connecting to an unsecured Wi-Fi network could turn into a security threat.

Get the best out of IT by following these best practices and strategies:
Conduct thorough and routine IT risk assessments within your organization. Frequency — daily, monthly, annually — will depend on your unique business needs and risks.

• Automate routine patch management.

• Include third-party systems in security policy management.

• Assume that no device or network is 100% secure. At any stage, a hacker could successfully attack a connected device or system.

• Use only trusted device IDs.

• Make it a policy requirement to store and lock IDs and credentials for IT applications (especially extra sensitive ones) in secured (tamper-resistant) hardware with digital controls.

• Ensure only encrypted data is present within the IT ecosystem (at rest and in transit).

• Deploy strict identity and access management policies.

[Read more…] about 7 Common Security Risks That Can Expose IT Vulnerabilities

Passwords leaked online from past data breaches

by

For now, users concerned about leaked passwords and other sensitive information are urged to take a few actions, as advised by CyberNews.

  • Use a reputable data leak checker where you can enter your email address to find out if your account may have been caught in a breach. Sites worth trying include Have I Been Pwned, Firefox Monitor, and Avast Hack Check.
  • If you know or even suspect that one of your accounts was caught in a data breach, change your password immediately.
  • Consider using a password manager to create, store and apply strong and secure passwords for your online accounts.
  • Enable multi-factor authentication on any accounts where this method is offered.
  • Look out for an increase in spam and phishing emails through which attackers try to use your leaked email address to scam you.

And though passwords continue to seem like a necessary evil, other more secure authentication methods are available, especially for organizations.

“Companies and users need to treat these developments as a wake-up call to end their overblown reliance on passwords,” said Veridium’s chief revenue officer, Rajiv Pimplaskar. “Passwordless authentication methods such as phone as a token and/or FIDO2 (Fast Identity Online) security keys are now commonly available. Such solutions create an un-phishable connection between the user and the IT system and eliminate the need for a password, thereby reducing the attack surface and making the environment more resilient against cyberattacks.”

Contact OFM for strategies to help secure your environment.
Read the full original article here.