//mega nav ctas

OneNeck Blog

Topic: Security

April 26, 2022

Cyber insurance prices are soaring. What should you do?

Cyber insurance is getting harder for companies to find — and it’s likely going to get harder. While cyber insurance is becoming more of a must-have for businesses, the explosion of ransomware and cyberattacks mean it’s also becoming a less enticing business for insurers. (Source: Harvard Business Review)

Continue Reading

April 18, 2022

Leverage Managed Detection and Response to Stay Ahead of Threats

We live in an age when passive security isn’t enough to protect company infrastructure. Security solutions must seek out and respond to unknown threats. Managed detection and response (MDR) provides companies with the security capabilities they need for the modern era. 

Continue Reading

March 31, 2022

Why Your Company Should Care About Endpoint Security

Businesses are increasingly dependent on technology. And data is essential to the efficiency of that technology as well as future business decisions. With its increased use in business operations comes a larger attack surface. So, shouldn’t companies that prioritize technology also prioritize security?

Continue Reading

March 11, 2022

The Importance of an Upfront Cybersecurity Policy Framework

Organizations are in a hurry to mature their cybersecurity programs. Whether it is world events, prior incidents, or just the desire to be security conscious that is driving these efforts, there is one thing that makes these efforts less complicated along the journey – develop your cybersecurity policy framework first.

Continue Reading

February 24, 2022

Conflict over Ukraine is raising cyber risk for US organizations. What should you do to prepare?

As the world watches Russia's conflict with Ukraine, US services providers, like OneNeck, operating critical infrastructure are watching closely as cyberattacks could accompany any physical conflict. The FBI, CISA and the National Security Agency put out a joint advisory in January about potential cyberthreats against US critical infrastructure. CISA also warned US companies to protect their IT systems against destructive wiper malware, which has been used against targets in Ukraine. 

Continue Reading

February 22, 2022

Ransomware is still topping the security threat list, especially in healthcare.

Ransomware continues to be the top threat to today's organizations, with healthcare topping the list of verticals most at risk, putting millions of patient's personal and financial data at risk, according to a recent threat summary report from Cisco Talos. Additionally, healthcare facilities are uniquely affected when breached, as it's not just dollars lost as with manufacturing or enterprise - lives are potentially at stake.

Continue Reading

February 14, 2022

Benefits of a 30-day Patching Cycle

Maintaining your organization's security is an ongoing process that never ends. With security threat constantly evolving, your defenses have to evolve too. That’s why many organizations choose to work with a managed service provider like OneNeck, which offers technology expertise at a scalable cost and built-in security processes that keep customers safe from attack.

Continue Reading

January 6, 2022

How to Mitigate the Negative Effects of Shadow IT

Your company may fear shadow IT because it limits its visibility into the applications on your network. Many organizations take the easiest path, which is to ban the use of any unapproved applications. However, this strategy may prove ineffective and even limit the productivity of your people.

Continue Reading

November 24, 2021

Stay Safe from Cyberattacks this Holiday Season

It’s that time of year, where twinkling lights and Santa’s sleigh full of toys are everywhere. But with all the holiday bustle comes additional risk, the risk of mounting security threats as shoppers are eagerly swiping their credit cards while checking gifts off their lists. What does this mean for today’s organization, where the line between corporate and personal devices is blurrier than ever before?

Continue Reading

October 25, 2021

NOBELIUM is Targeting IT Service Providers. Here’s What You Need to Know.

Today the Microsoft Threat Intelligence Center (MSTIC) released a statement regarding the threat actor, NOBELIUM, who launched a campaign against cloud service providers (CSPs), managed service providers (MSPs) and other IT services organizations. By targeting IT providers, they are attempting to gain access to privileged customer accounts so they may move laterally throughout the cloud environment and gain access to downstream customers and systems.

Continue Reading

October 7, 2021

Apache HTTP Server 2.4.49 Vulnerability

Two days ago, The Apache Foundation disclosed a path traversal and file disclosure flaw in Apache HTTP Server 2.4.49 (an open-source web server for Unix and Windows that is among the most widely used web servers), tracked as CVE-2021-41773, as actively being exploited in the wild. The advisory does not indicate when exploitation of CVE-2021-41773 was detected, but the exploitation drove the expedited release of a patch by Apache.

Continue Reading

June 17, 2021

Managing Shadow IT

No doubt about it — if your company has employees, you have shadow IT. According to a survey conducted by Stratecast and Frost & Sullivan, 80% of employees say they use applications on the job that aren’t approved by IT.

Continue Reading

March 4, 2021

CVE-2021-26855 - Microsoft Exchange Server Remote Code Execution Vulnerability

Over the last couple of days, Microsoft released out-of-band security updates to address multiple vulnerabilities in Microsoft Exchange that could allow an unauthenticated, remote attacker to exploit an Exchange Server by sending a specially crafted HTTP request over port 443 allowing the attacker to authenticate.

Continue Reading

December 17, 2020

FireEye Red Team Tools Breach – Yet Another Example that No One’s Safe.

Data breaches are everywhere, and everyone is susceptible – even the security experts. This was recently put front and center by the state-sponsored adversary that stole FireEye’s Red Team tools.

Continue Reading

December 16, 2020

OneNeck's Response to the FireEye Breach

Specific to the FireEye breach which identified a widespread compromise of Solarwinds software, OneNeck continues to ensure we are following security industry and vendor recommendations for securing our environment specific to any of the Common Vulnerabilities and Exposures (CVE) and any Indicators of Compromise’s (IoC) that become known to be associated with these breaches.  The CVEs specifically associated with these breaches have documented solutions from the appropriate vendors that have ...

Continue Reading

November 16, 2020

Microsoft Combines and Renames Products Under Microsoft Defender Brand

“What's in a name? That which we call a rose by any other name would smell as sweet.” True, Juliet, but a name does matter, especially when it’s simply arbitrary versus describing what it actually is. And this seems to be a truth that Microsoft has taken to heart…

Continue Reading

September 24, 2020

Patch Now... Your Windows version of Cisco Jabber could be a security risk

On September 2nd, 2020, Cisco issued a Critical Security Advisory announcement regarding Cisco’s Jabber for Windows that customers should be aware of. A vulnerability in Cisco Jabber for Windows could allow an authenticated, remote attackers to execute arbitrary code. Attackers could achieve remote code execution by sending specially crafted chat messages.

Continue Reading

September 17, 2020

Is Your Citrix StoreFront Vulnerable to Exploit?

On September 14, Citrix pushed out an announcement around a high-severity security vulnerability Citrix StoreFront customers should be aware of. An issue has been discovered in Citrix StoreFront (before 2006) that, if exploited, would allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.

Continue Reading

August 31, 2020

Are You Doing What You Can to Protect Your Backups from Ransomware?

Ransomware is at our doorstep. We cannot ignore it any longer or think we are not a target. In recent years at OneNeck, we have seen a significant upward trend of ransomware attacks. And even more troubling is in the last year, we have seen bad actors getting smarter, and they are now targeting your backup server and backup data to prevent you from recovering from the attack. As ZDNet stated, "The number of ransomware strains targeting NAS and backup storage devices is growing, with users ...

Continue Reading

August 18, 2020

Digging Deep into the Dark Web for User Credentials

We’ve all heard of the dark web, but most law-abiding people don’t give it much thought, as we chalk it up to the place shady people go to do shady things. But the truth is that today’s data-driven organizations can no longer ignore the dark web and the possibility that their customer and employee data could be out there with a for-sale sign.

Continue Reading

July 28, 2020

Anatomy of Ransomware

Ransomware is a type of malware that threat actors use to infect computers and encrypt computer files until a ransom is paid. After the initial infection, ransomware will attempt to spread to as many connected systems as possible, including  file systems and other accessible systems on a business’s network.

Continue Reading

July 8, 2020

The New Normal Makes Work an Activity, Not a Place

Recent months have seen a massive shift towards supporting remote workers, which in turn has created a series of security challenges. IT teams are now not only tasked with quickly providing support for a never-before-seen number of offsite workers and their devices, but they must do it without compromising security – no small task.

Continue Reading

March 31, 2020

Considerations when Securing a Remote Workforce

As today’s IT teams are scrambling to figure out the logistics of helping their coworkers be productive from their home offices, it’s important to remember that security can’t be an afterthought. Enabling employees to work remote has only broadened the landscape for attackers, giving them even more opportunity to find a way into your organization.

Continue Reading

December 23, 2019

Alas, the perimeter is gone. Is it time for an updated firewall?

Long ago, in a land far away, there used to be a network perimeter. Those were the good old days where the network perimeter was the all-encompassing traffic control point, and where traffic was all funneled through a single point, no matter where it came from. But the cloud changed everything by decentralizing the network, making the perimeter vaporize, and giving IT many a sleepless night.

Continue Reading

November 6, 2019

How Much Risk is Too Much?

For a long time, security initiatives have been driven by compliance mandates and a healthy dose of fear. But as threats continue to become more sophisticated, so must our efforts in thwarting them. This is why aligning with best practices is a great place to start, specifically the Center for Internet Security (CIS) Top 20 Critical Security Controls which was developed by a global group of security experts who continue to finetune them every year.

Continue Reading

October 23, 2019

When it comes to avoiding risk, what is OneNeck doing?

Security is intrinsic to our services (for all customers) and organization (all the way to the president and CEO of our parent company TDS Inc.). It’s part of every service we develop—from start to finish. Additionally, we leverage the Critical Security Controls (CSC), outlined by the Center for Internet Security (CIS), to complete our annual security assessments and third party audits. The Critical Security Controls provide a series of cybersecurity actions prioritized by their criticality in ...

Continue Reading

October 1, 2019

Containers 101 – Here’s What You Need to Know

Although containers aren’t new (been built into Linux for 10+ years and been available in FreeBSD, AIX and Solaris), containers seem to be all the rage, and for good reason. The agility containers can bring to an IT team alone make them appealing, but add in the security benefits that the self-contained nature of containers brings, they seem like a no brainer. But even with numerous benefits, there is also a lot of confusion about what they really are and what is the best-fit scenario. So, we ...

Continue Reading

August 27, 2019

Components of a Successful Security Practice

In its simplest form, compliance is about setting rules and following them, every time. No wavering, no audible—everyone simply follows the rules—every time. Seems easy, but it’s not always.

Continue Reading

August 14, 2019

6 Ways to Relieve "Security Fatigue"

Do you ever feel that your non-IT co-workers are trying to thwart your security protocols – ignoring software update alerts, opening suspicious emails or not following password best practices? If it seems that way, it might be “security fatigue.”

Continue Reading

July 30, 2019

Office 365 Backup

I need backup for Office 365? Isn’t it already included?  In short, no. The misconception that Microsoft fully backs up your data on your behalf is all too common.  To the contrary, Microsoft is primarily focused on managing the infrastructure and ensuring uptime; you are responsible for your data.

Continue Reading

June 6, 2019

Enhance Security with an Analytics-Driven SIEM

 Finding a mechanism to collect, store and analyze security only data is relatively simple. There is no shortage of options for storing data. Collecting all security relevant data and turning all that data into actionable intelligence, however, is a whole other matter.

Continue Reading

June 4, 2019

Creating a strong external security posture is critical

Creating a strong external security posture is critical. But what can businesses do to protect their data and environments?

Continue Reading

May 16, 2019

Older Windows Systems Beware of New Vulnerability

Are you running an older version of Windows and not current with your patch management? If so, you need to be aware of a recent exploitable vulnerability that just hit the news this week. Here's what you need to know...

Continue Reading

May 16, 2019

Security vs Compliance ... is there truly a difference?

It’s no secret... security attacks are the rise:

Continue Reading

May 9, 2019

Multi-Factor Authentication Explained

TeleSign research indicates that the majority of users use five or fewer passwords for all of their accounts. While it may seem efficient for password memory on your end, you could actually create a “domino effect” that allows hackers to take down multiple accounts by cracking one password.

Continue Reading

April 18, 2019

Disaster Recovery, A Primer for CIO's

How can a CIO be confident that IT will perform 24/7/365?  According to Zerto, in today’s always-on, information-driven organizations, IT resilience depends completely on IT infrastructures that are up and running 24/7. The costs of downtime are huge and data loss can put a company out of business. Data loss is not only caused by natural disasters, power outages, hardware failure and user errors, but more and more by software problems and cybersecurity related disasters.

Continue Reading

March 26, 2019

Credential Stuffing - What it is and How to Protect the Enterprise

Credential stuffing is a type of cyber-attack where hackers take combinations of usernames and passwords leaked from other sites and use them to gain access to accounts on another site.  F5 states that there’s typically a 1 to 2 percent success rate, which means that if a cybercriminal purchases 1 million stolen credential records (for sale on the dark web for fractions of a cent each), they can generally gain access to 10,000 to 20,000 accounts.

Continue Reading

March 5, 2019

Anticipate 2019's Cybersecurity Threats Without a Crystal Ball

In Cisco’s February 2019 Threat Report, their cybersecurity experts analyzed prominent threats of the past year for clues to new attack strategies and targets. As they put it, “It's as close as we can get to anticipating future trends without a crystal ball.”

Continue Reading

February 26, 2019

Blockchain: A Revolution in the Cloud for IT Security

Antiquated is not a word commonly associated with the advanced worldwide network of client-server configurations that make up modern data transmission. However, advances in data storage, file sharing and security protocols have struggled to keep pace with demands on infrastructure, cybersecurity threats and the ever-evolving competition that drives the industry.   

Continue Reading

January 29, 2019

Advances in Cybercrime Demand Greater Protection

A look at retrospective security versus point-in-time solutions With cybercrime predicted to reach $6 trillion annually by 2021 and to be more profitable—and therefore, more attractive to criminal organizations—than the global combined trade of all major illegal drugs, businesses can no longer rely on traditional network security tools and expect to achieve protection.

Continue Reading

January 22, 2019

Prepare for Windows Server 2008 and 2008 R2 End of Support

Extended support for Windows Server 2008 and 2008 R2 is coming to an end respectively on January 14, 2020 What does end of support mean for Windows Server 2008 & 2008 R2?

Continue Reading

January 15, 2019

What can a vCISO do for your organization?

Organizations, big or small, are all grappling with combating the onslaught of security attacks, making security a top priority for today’s IT teams in every vertical. As Forbes so broadly states, “Cybersecurity is applicable to every business operation, whether it’s in the military, corporations or entrepreneurs.” And while cybersecurity decisions used to be contained to the boardroom or high-level government agencies, now the average employee is hyper aware of the potential risks a breach can ...

Continue Reading

January 10, 2019

What’s Driving IT Budgets in 2019?

Many IT leaders expect to see their budgets to increase or remain unchanged.  This is driven largely by the need to upgrade aging infrastructure, accelerate digital transformation via a shift to the cloud and enhance their overall IT security posture.

Continue Reading

January 3, 2019

Securing Your Azure Deployment

As organizations embrace the cloud’s flexibility and agility, Microsoft’s cloud platform, Azure, has become a top choice as a cost-effective solution that scales for any organization, no matter the size, to meet agility and flexibility needs.

Continue Reading

December 11, 2018

Who Owns Cloud Security?

 Organizations are rapidly embracing cloud services to gain agility and thrive in today’s digital economy. This has created a strategic imperative to better manage cybersecurity risk while keeping pace at scale as firms move critical apps to the cloud.

Continue Reading

November 7, 2018

Everyone Has a Role in Cloud Security

Outsourcing is becoming an increasingly popular business strategy. By carving off business processes and giving them to outside vendors companies save money and resources. Outsourcing enterprise computing processes using cloud services, for example, allows you to hand off the cost and responsibility of maintaining on-premise hardware and software. However, just because you outsource your enterprise infrastructure does that mean your cloud service provider assumes total responsibility for your ...

Continue Reading

October 9, 2018

The Big Chinese Hack – What do we know, and what should we do?

There has been a lot of chatter the past several days around a POTENTIAL hack via a China-based manufacture chip.  Yet, despite all the clamor, there are mixed reports about how real this is.

Continue Reading

October 2, 2018

Using SIEM to Combat Alert Fatigue

Early detection, rapid response, collaboration to mitigate advanced threats imposes significant demands on today’s enterprise security teams.

Continue Reading

September 13, 2018

Choosing a Security Framework

 Running a security program can be an overwhelming task. There are so many factors to consider including: encryption, application security, disaster recovery and let’s not forget adherence to compliance mandates such  HIPAA and PCI DSS .  How then do security professionals prioritize and maintain their efforts to build the most effective security program for their business?

Continue Reading

July 31, 2018

It’s Time to Get Back to the Security Basics

If there’s any constant in today’s technology landscape, it’s change. And when it comes to security, there’s no rest for the weary. Advancing technology, savvier-than-ever users and the onslaught of attacks are making today’s IT teams scramble to keep up. Now more than ever, it’s critical to make sure the basics are covered so that you have the ability to respond and keep your business safe.

Continue Reading

March 29, 2018

Is Your Multi-Vendor Security Environment Putting You at Risk?

One of the big challenges organizations face today is complexity, and security is no exception. According to the 2018 Cisco Annual Cybersecurity Report, in 2017, 25% of security professionals said they used products from 11 to 20 vendors, compared with 18% of security professionals in 2016. Also, in 2017, 16% said they use anywhere from 21 to 50 vendors, compared to 7% of respondents in 2016 (refer to figure below).

Continue Reading

March 22, 2018

Ransomware… it’s a Big Business

Ransomware has quickly become the most profitable form malware ever seen, on its way to becoming a $1 billion annual market. Last year, the FBI reported more than 4,000 ransomware attacks occurred daily between January and June of 2016 — a 300% increase from 2015. In 2017, nearly 10% of organizations worldwide recorded some sort of ransomware activity during Q1. 

Continue Reading

March 13, 2018

5 Reasons Smart Companies Outsource Cybersecurity

Today’s consumers demand their private information remains secure. But as we learned from the 2017 breach at Equifax that exposed the personal information of 145 million, even what should be the most secure companies fall under attack.

Continue Reading

February 22, 2018

Is your data living on the edge? Let's talk Edge Computing.

There’s a new buzzword making the rounds (like we needed another one). Move over Digital Transformation, and welcome Edge Computing. While it’s being credited with the power to deliver speed, security and cost-savings to organizations, is it really all that? Let’s break it down…

Continue Reading

January 30, 2018

4 IoT Security Challenges That Will Dominate 2018

How many IoT (Internet of Things) devices is your company planning to install in 2018? Perhaps a plan for smart TVs in the conference room, webcams, smart locks or connected printers are in the works.

Continue Reading

January 2, 2018

Top Cybersecurity Threats That Will Dominate 2018

 Who’s ready to fight cybercrime in 2018? Don’t all raise your hands at once. If you’re a CIO or CISO, you’re expected to protect the network and sensitive data.   

Continue Reading

October 31, 2017

Threats to your users outside of your network got you scared?

Long gone are the days of yore, when IT administrators slept like babies, content that their company desktops, business apps and critical infrastructure were all tucked in safe, securely located behind a firewall. Today, an enterprise user is spending more time outside the safe haven of the network’s security and roaming on other networks in the big, terrifying world.

Continue Reading

October 3, 2017

Challenges & Strategies when Upgrading Cisco ISE

As a longtime Cisco partner, we’ve been a part of many Cisco Identity Services Engine (ISE) implementations and upgrades, giving us first-hand knowledge of not only how ISE helps our customers meet enterprise mobility challenges, but also gleaned some insider tips and tricks on how best to execute upgrades.

Continue Reading

September 7, 2017

"AMP" Your Endpoint Protection

Malware is a broad term that encompasses any form of software designed to damage, steal or corrupt data. Ransomware, trojans, worms and rootkits are common malware examples, but the list is far more exhaustive, making fighting malware a normal part of operations for SMBs and corporations alike.

Continue Reading

August 17, 2017

Rethinking IT Security in an Age of Digital Disruption

Digital transformation is disrupting the old ways of doing business by introducing digital technologies into the workplace and enabling employees to perform tasks in more efficient and productive ways, which in turn brings exponential new opportunity for business growth.

Continue Reading

August 10, 2017

4-Step Approach to Mitigating DDoS Attacks

Distributed Denial of Service (DDoS) attacks aren’t like other types of cyber-attacks. They don’t spread malware into your network, and they don’t directly hijack sensitive data or steal from bank accounts. However, the financial and reputational damage caused by DDoS can be devastating to your business. They are also one of the most difficult types of cyber-attacks to defend against.

Continue Reading

July 18, 2017

Protect Your Business from Ransomware with this 8-Point Checklist

Ransomware was big business last year, estimated to have grossed cybercriminals $1 billion. More than half of US companies experienced a ransomware attack in 2016, and the threat continues to be a major concern for organizations.

Continue Reading

June 29, 2017

Understanding a CIO’s Role in Cybersecurity

Today’s CIOs must achieve a delicate balance between meeting business objectives and providing security for their most critical data and systems. As more organizations migrate operations to the cloud, cybersecurity is a critical consideration, but there are many other components to consider as well. If your business needs to meet compliance regulations such as PCI DSS, CERT, FINRA and HIPAA, you must have the structure in place to ensure you can pass audits. So, while security needs to be a ...

Continue Reading

June 13, 2017

10 Data Security Tips to Safeguard Your Business

Loss Prevention and Protection As a result of a digital economy, the IT landscape is changing before our eyes. Cloud, big data, social and mobile have accelerated the pace of business like we have never seen. We see the Internet of Things (IoT) expanding at a prolific pace — with the expected market to reach $1.7 trillion by 2020. Advanced robotics, automation and artificial intelligence (AI) are quickly adding to the mix, and regulations for governing all this growth haven’t really caught up.

Continue Reading

June 6, 2017

Keeping Your Healthcare Data Secure – What You Need to Consider

The healthcare IT market is expected to double — reaching a projected $280 billion by 2020. The federal portion of national healthcare spending, according to the Federal government, will grow 86%, from $920 billion in 2015 to $1.7 trillion by 2025. Deltek's Federal Health Information Technology Market report states that as the need for improvements in healthcare quality, interoperability and privacy grows, federal agencies acting as payers, promoters and providers will continue to invest in ...

Continue Reading

May 16, 2017

Secure Enterprise Mobility 101

The growing mobile workforce is bringing with it two of the fastest growing operational and security concerns — Enterprise Mobility and Bring Your Own Device (BYOD).

Continue Reading

April 13, 2017

Q&A with a Security Executive, OneNeck’s Katie McCullough Vice President, Information Security & Business Applications

Q.  Many experts maintain that the total cost of ransomware in 2016 was over a billion dollars – that’s a staggering number. With the rate of sophisticated security attacks increasing at an alarming rate, how can an organization protect themselves from data leaks and/or malicious security attacks?

Continue Reading

April 11, 2017

Do You DARE? Protect Your Corporate Data at Rest with Encryption

Sensitive business data at rest in the cloud is more vulnerable than ever before.  Ensuring that this critical corporate data is secure against unauthorized access and meets any organizational policies, industry or government regulations, is of critical importance to many CIOs.

Continue Reading

March 23, 2017

How Safe Are You from Rising Ransomware Threats?

From hospitals and government agencies, to enterprise organizations and everyday business owners, to private citizens— it seemed like no one was immune from ransomware in 2016. As we are now well into 2017, we’re continuing to see alarming rates of ransomware attacks that encrypt data or lock digital files until a ransom is paid.

Continue Reading

November 10, 2016

Navigating Today’s Cybersecurity Landscape Is Tricky

Cisco’s 2016 Midyear Cybersecurity Report provides an unfiltered look into the current cybersecurity landscape. It’s not a rosy picture, as the report reveals the growing threat of cyberattacks, and most notably, ransomware. The report, though, isn’t all doom and gloom and reveals the latest measures organizations can implement to protect themselves.

Continue Reading

August 18, 2016

Cisco Adaptive Security Appliance (ASA) SNMP Remote Code Execution Vulnerability

Vulnerability Description A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

Continue Reading

May 18, 2016

Enterprise Mobility vs. User Privacy and IT Security

As mobility and the Internet of Things (IoT) converge, and cyber threats continue to loom large, the need to focus on balancing data security with employee and customer privacy is top of mind for IT departments around the world. At the same time, IT departments are struggling with how to meet user demand in the age of everything connected, from devices to wearables. In addition, IT must find ways to meet compliance regulations and assure senior leadership that the company’s sensitive data is ...

Continue Reading