<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=381391698926062&amp;ev=PageView&amp;noscript=1">
//mega nav ctas

OneNeck Blog

Topic: Security

September 17, 2020

Is Your Citrix StoreFront Vulnerable to Exploit?

On September 14, Citrix pushed out an announcement around a high-severity security vulnerability Citrix StoreFront customers should be aware of. An issue has been discovered in Citrix StoreFront (before 2006) that, if exploited, would allow an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.

Continue Reading

August 31, 2020

Are You Doing What You Can to Protect Your Backups from Ransomware?

Ransomware is at our doorstep. We cannot ignore it any longer or think we are not a target. In recent years at OneNeck, we have seen a significant upward trend of ransomware attacks. And even more troubling is in the last year, we have seen bad actors getting smarter, and they are now targeting your backup server and backup data to prevent you from recovering from the attack. As ZDNet stated, "The number of ransomware strains targeting NAS and backup storage devices is growing, with users ...

Continue Reading

August 18, 2020

Digging Deep into the Dark Web for User Credentials

We’ve all heard of the dark web, but most law-abiding people don’t give it much thought, as we chalk it up to the place shady people go to do shady things. But the truth is that today’s data-driven organizations can no longer ignore the dark web and the possibility that their customer and employee data could be out there with a for-sale sign.

Continue Reading

July 28, 2020

Anatomy of Ransomware

Ransomware is a type of malware that threat actors use to infect computers and encrypt computer files until a ransom is paid. After the initial infection, ransomware will attempt to spread to as many connected systems as possible, including  file systems and other accessible systems on a business’s network.

Continue Reading

July 8, 2020

The New Normal Makes Work an Activity, Not a Place

Recent months have seen a massive shift towards supporting remote workers, which in turn has created a series of security challenges. IT teams are now not only tasked with quickly providing support for a never-before-seen number of offsite workers and their devices, but they must do it without compromising security – no small task.

Continue Reading

March 31, 2020

Considerations when Securing a Remote Workforce

As today’s IT teams are scrambling to figure out the logistics of helping their coworkers be productive from their home offices, it’s important to remember that security can’t be an afterthought. Enabling employees to work remote has only broadened the landscape for attackers, giving them even more opportunity to find a way into your organization.

Continue Reading

December 23, 2019

Alas, the perimeter is gone. Is it time for an updated firewall?

Long ago, in a land far away, there used to be a network perimeter. Those were the good old days where the network perimeter was the all-encompassing traffic control point, and where traffic was all funneled through a single point, no matter where it came from. But the cloud changed everything by decentralizing the network, making the perimeter vaporize, and giving IT many a sleepless night.

Continue Reading

November 6, 2019

How Much Risk is Too Much?

For a long time, security initiatives have been driven by compliance mandates and a healthy dose of fear. But as threats continue to become more sophisticated, so must our efforts in thwarting them. This is why aligning with best practices is a great place to start, specifically the Center for Internet Security (CIS) Top 20 Critical Security Controls which was developed by a global group of security experts who continue to finetune them every year.

Continue Reading

October 23, 2019

When it comes to avoiding risk, what is OneNeck doing?

Security is intrinsic to our services (for all customers) and organization (all the way to the president and CEO of our parent company TDS Inc.). It’s part of every service we develop—from start to finish. Additionally, we leverage the Critical Security Controls (CSC), outlined by the Center for Internet Security (CIS), to complete our annual security assessments and third party audits. The Critical Security Controls provide a series of cybersecurity actions prioritized by their criticality in ...

Continue Reading

October 1, 2019

Containers 101 – Here’s What You Need to Know

Although containers aren’t new (been built into Linux for 10+ years and been available in FreeBSD, AIX and Solaris), containers seem to be all the rage, and for good reason. The agility containers can bring to an IT team alone make them appealing, but add in the security benefits that the self-contained nature of containers brings, they seem like a no brainer. But even with numerous benefits, there is also a lot of confusion about what they really are and what is the best-fit scenario. So, we ...

Continue Reading

August 27, 2019

Components of a Successful Security Practice

In its simplest form, compliance is about setting rules and following them, every time. No wavering, no audible—everyone simply follows the rules—every time. Seems easy, but it’s not always.

Continue Reading

August 14, 2019

6 Ways to Relieve "Security Fatigue"

Do you ever feel that your non-IT co-workers are trying to thwart your security protocols – ignoring software update alerts, opening suspicious emails or not following password best practices? If it seems that way, it might be “security fatigue.”

Continue Reading

July 30, 2019

Office 365 Backup

I need backup for Office 365? Isn’t it already included?  In short, no. The misconception that Microsoft fully backs up your data on your behalf is all too common.  To the contrary, Microsoft is primarily focused on managing the infrastructure and ensuring uptime; you are responsible for your data.

Continue Reading

June 6, 2019

Enhance Security with an Analytics-Driven SIEM

 Finding a mechanism to collect, store and analyze security only data is relatively simple. There is no shortage of options for storing data. Collecting all security relevant data and turning all that data into actionable intelligence, however, is a whole other matter.

Continue Reading

June 4, 2019

Creating a strong external security posture is critical

Creating a strong external security posture is critical. But what can businesses do to protect their data and environments?

Continue Reading

May 16, 2019

Older Windows Systems Beware of New Vulnerability

Are you running an older version of Windows and not current with your patch management? If so, you need to be aware of a recent exploitable vulnerability that just hit the news this week. Here's what you need to know...

Continue Reading

May 16, 2019

Security vs Compliance ... is there truly a difference?

It’s no secret... security attacks are the rise:

Continue Reading

May 9, 2019

Multi-Factor Authentication Explained

TeleSign research indicates that the majority of users use five or fewer passwords for all of their accounts. While it may seem efficient for password memory on your end, you could actually create a “domino effect” that allows hackers to take down multiple accounts by cracking one password.

Continue Reading

April 18, 2019

Disaster Recovery, A Primer for CIO's

How can a CIO be confident that IT will perform 24/7/365?  According to Zerto, in today’s always-on, information-driven organizations, IT resilience depends completely on IT infrastructures that are up and running 24/7. The costs of downtime are huge and data loss can put a company out of business. Data loss is not only caused by natural disasters, power outages, hardware failure and user errors, but more and more by software problems and cybersecurity related disasters.

Continue Reading

March 26, 2019

Credential Stuffing - What it is and How to Protect the Enterprise

Credential stuffing is a type of cyber-attack where hackers take combinations of usernames and passwords leaked from other sites and use them to gain access to accounts on another site.  F5 states that there’s typically a 1 to 2 percent success rate, which means that if a cybercriminal purchases 1 million stolen credential records (for sale on the dark web for fractions of a cent each), they can generally gain access to 10,000 to 20,000 accounts.

Continue Reading

March 5, 2019

Anticipate 2019's Cybersecurity Threats Without a Crystal Ball

In Cisco’s February 2019 Threat Report, their cybersecurity experts analyzed prominent threats of the past year for clues to new attack strategies and targets. As they put it, “It's as close as we can get to anticipating future trends without a crystal ball.”

Continue Reading

February 26, 2019

Blockchain: A Revolution in the Cloud for IT Security

Antiquated is not a word commonly associated with the advanced worldwide network of client-server configurations that make up modern data transmission. However, advances in data storage, file sharing and security protocols have struggled to keep pace with demands on infrastructure, cybersecurity threats and the ever-evolving competition that drives the industry.   

Continue Reading

January 29, 2019

Advances in Cybercrime Demand Greater Protection

A look at retrospective security versus point-in-time solutions With cybercrime predicted to reach $6 trillion annually by 2021 and to be more profitable—and therefore, more attractive to criminal organizations—than the global combined trade of all major illegal drugs, businesses can no longer rely on traditional network security tools and expect to achieve protection.

Continue Reading

January 22, 2019

Prepare for Windows Server 2008 and 2008 R2 End of Support

Extended support for Windows Server 2008 and 2008 R2 is coming to an end respectively on January 14, 2020 What does end of support mean for Windows Server 2008 & 2008 R2?

Continue Reading

January 15, 2019

What can a vCISO do for your organization?

Organizations, big or small, are all grappling with combating the onslaught of security attacks, making security a top priority for today’s IT teams in every vertical. As Forbes so broadly states, “Cybersecurity is applicable to every business operation, whether it’s in the military, corporations or entrepreneurs.” And while cybersecurity decisions used to be contained to the boardroom or high-level government agencies, now the average employee is hyper aware of the potential risks a breach can ...

Continue Reading

January 10, 2019

What’s Driving IT Budgets in 2019?

Many IT leaders expect to see their budgets to increase or remain unchanged.  This is driven largely by the need to upgrade aging infrastructure, accelerate digital transformation via a shift to the cloud and enhance their overall IT security posture.

Continue Reading

December 11, 2018

Who Owns Cloud Security?

 Organizations are rapidly embracing cloud services to gain agility and thrive in today’s digital economy. This has created a strategic imperative to better manage cybersecurity risk while keeping pace at scale as firms move critical apps to the cloud.

Continue Reading

December 4, 2018

It’s the Happiest/Scariest Season of All!

It’s that time of year, where twinkling lights and Santa’s sleigh full of toys are everywhere. But with all of the holiday bustle comes additional risk, the risk of mounting security threats as shoppers are eagerly swiping their credit cards while checking gifts off their lists. What does this mean for today’s organization, where the line between corporate and personal devices is blurrier than ever before?

Continue Reading

November 7, 2018

Everyone Has a Role in Cloud Security

Outsourcing is becoming an increasingly popular business strategy. By carving off business processes and giving them to outside vendors companies save money and resources. Outsourcing enterprise computing processes using cloud services, for example, allows you to hand off the cost and responsibility of maintaining on-premise hardware and software. However, just because you outsource your enterprise infrastructure does that mean your cloud service provider assumes total responsibility for your ...

Continue Reading

October 9, 2018

The Big Chinese Hack – What do we know, and what should we do?

There has been a lot of chatter the past several days around a POTENTIAL hack via a China-based manufacture chip.  Yet, despite all the clamor, there are mixed reports about how real this is.

Continue Reading

October 2, 2018

Using SIEM to Combat Alert Fatigue

Early detection, rapid response, collaboration to mitigate advanced threats imposes significant demands on today’s enterprise security teams.

Continue Reading

September 13, 2018

Choosing a Security Framework

 Running a security program can be an overwhelming task. There are so many factors to consider including: encryption, application security, disaster recovery and let’s not forget adherence to compliance mandates such  HIPAA and PCI DSS .  How then do security professionals prioritize and maintain their efforts to build the most effective security program for their business?

Continue Reading

July 31, 2018

It’s Time to Get Back to the Security Basics

If there’s any constant in today’s technology landscape, it’s change. And when it comes to security, there’s no rest for the weary. Advancing technology, savvier-than-ever users and the onslaught of attacks are making today’s IT teams scramble to keep up. Now more than ever, it’s critical to make sure the basics are covered so that you have the ability to respond and keep your business safe.

Continue Reading

March 29, 2018

Is Your Multi-Vendor Security Environment Putting You at Risk?

One of the big challenges organizations face today is complexity, and security is no exception. According to the 2018 Cisco Annual Cybersecurity Report, in 2017, 25% of security professionals said they used products from 11 to 20 vendors, compared with 18% of security professionals in 2016. Also, in 2017, 16% said they use anywhere from 21 to 50 vendors, compared to 7% of respondents in 2016 (refer to figure below).

Continue Reading

March 22, 2018

Ransomware… it’s a Big Business

Ransomware has quickly become the most profitable form malware ever seen, on its way to becoming a $1 billion annual market. Last year, the FBI reported more than 4,000 ransomware attacks occurred daily between January and June of 2016 — a 300% increase from 2015. In 2017, nearly 10% of organizations worldwide recorded some sort of ransomware activity during Q1. 

Continue Reading

March 13, 2018

5 Reasons Smart Companies Outsource Cybersecurity

Today’s consumers demand their private information remains secure. But as we learned from the 2017 breach at Equifax that exposed the personal information of 145 million, even what should be the most secure companies fall under attack.

Continue Reading

February 22, 2018

Is your data living on the edge? Let's talk Edge Computing.

There’s a new buzzword making the rounds (like we needed another one). Move over Digital Transformation, and welcome Edge Computing. While it’s being credited with the power to deliver speed, security and cost-savings to organizations, is it really all that? Let’s break it down…

Continue Reading

January 30, 2018

4 IoT Security Challenges That Will Dominate 2018

How many IoT (Internet of Things) devices is your company planning to install in 2018? Perhaps a plan for smart TVs in the conference room, webcams, smart locks or connected printers are in the works.

Continue Reading

January 2, 2018

Top Cybersecurity Threats That Will Dominate 2018

 Who’s ready to fight cybercrime in 2018? Don’t all raise your hands at once. If you’re a CIO or CISO, you’re expected to protect the network and sensitive data.   

Continue Reading

October 31, 2017

Threats to your users outside of your network got you scared?

Long gone are the days of yore, when IT administrators slept like babies, content that their company desktops, business apps and critical infrastructure were all tucked in safe, securely located behind a firewall. Today, an enterprise user is spending more time outside the safe haven of the network’s security and roaming on other networks in the big, terrifying world.

Continue Reading

October 3, 2017

Challenges & Strategies when Upgrading Cisco ISE

As a longtime Cisco partner, we’ve been a part of many Cisco Identity Services Engine (ISE) implementations and upgrades, giving us first-hand knowledge of not only how ISE helps our customers meet enterprise mobility challenges, but also gleaned some insider tips and tricks on how best to execute upgrades.

Continue Reading

September 7, 2017

"AMP" Your Endpoint Protection

Malware is a broad term that encompasses any form of software designed to damage, steal or corrupt data. Ransomware, trojans, worms and rootkits are common malware examples, but the list is far more exhaustive, making fighting malware a normal part of operations for SMBs and corporations alike.

Continue Reading

August 17, 2017

Rethinking IT Security in an Age of Digital Disruption

Digital transformation is disrupting the old ways of doing business by introducing digital technologies into the workplace and enabling employees to perform tasks in more efficient and productive ways, which in turn brings exponential new opportunity for business growth.

Continue Reading

August 10, 2017

4-Step Approach to Mitigating DDoS Attacks

Distributed Denial of Service (DDoS) attacks aren’t like other types of cyber-attacks. They don’t spread malware into your network, and they don’t directly hijack sensitive data or steal from bank accounts. However, the financial and reputational damage caused by DDoS can be devastating to your business. They are also one of the most difficult types of cyber-attacks to defend against.

Continue Reading

July 18, 2017

Protect Your Business from Ransomware with this 8-Point Checklist

Ransomware was big business last year, estimated to have grossed cybercriminals $1 billion. More than half of US companies experienced a ransomware attack in 2016, and the threat continues to be a major concern for organizations.

Continue Reading

June 29, 2017

Understanding a CIO’s Role in Cybersecurity

Today’s CIOs must achieve a delicate balance between meeting business objectives and providing security for their most critical data and systems. As more organizations migrate operations to the cloud, cybersecurity is a critical consideration, but there are many other components to consider as well. If your business needs to meet compliance regulations such as PCI DSS, CERT, FINRA and HIPAA, you must have the structure in place to ensure you can pass audits. So, while security needs to be a ...

Continue Reading

June 13, 2017

10 Data Security Tips to Safeguard Your Business

Loss Prevention and Protection As a result of a digital economy, the IT landscape is changing before our eyes. Cloud, big data, social and mobile have accelerated the pace of business like we have never seen. We see the Internet of Things (IoT) expanding at a prolific pace — with the expected market to reach $1.7 trillion by 2020. Advanced robotics, automation and artificial intelligence (AI) are quickly adding to the mix, and regulations for governing all this growth haven’t really caught up.

Continue Reading

June 6, 2017

Keeping Your Healthcare Data Secure – What You Need to Consider

The healthcare IT market is expected to double — reaching a projected $280 billion by 2020. The federal portion of national healthcare spending, according to the Federal government, will grow 86%, from $920 billion in 2015 to $1.7 trillion by 2025. Deltek's Federal Health Information Technology Market report states that as the need for improvements in healthcare quality, interoperability and privacy grows, federal agencies acting as payers, promoters and providers will continue to invest in ...

Continue Reading

May 16, 2017

Secure Enterprise Mobility 101

The growing mobile workforce is bringing with it two of the fastest growing operational and security concerns — Enterprise Mobility and Bring Your Own Device (BYOD).

Continue Reading

April 13, 2017

Q&A with a Security Executive, OneNeck’s Katie McCullough Vice President, Information Security & Business Applications

Q.  Many experts maintain that the total cost of ransomware in 2016 was over a billion dollars – that’s a staggering number. With the rate of sophisticated security attacks increasing at an alarming rate, how can an organization protect themselves from data leaks and/or malicious security attacks?

Continue Reading

April 11, 2017

Do You DARE? Protect Your Corporate Data at Rest with Encryption

Sensitive business data at rest in the cloud is more vulnerable than ever before.  Ensuring that this critical corporate data is secure against unauthorized access and meets any organizational policies, industry or government regulations, is of critical importance to many CIOs.

Continue Reading

March 23, 2017

How Safe Are You from Rising Ransomware Threats?

From hospitals and government agencies, to enterprise organizations and everyday business owners, to private citizens— it seemed like no one was immune from ransomware in 2016. As we are now well into 2017, we’re continuing to see alarming rates of ransomware attacks that encrypt data or lock digital files until a ransom is paid.

Continue Reading

January 3, 2017

Securing Your Azure Deployment

As organizations embrace the cloud’s flexibility and agility, Microsoft’s cloud platform, Azure, has become a top choice as a cost-effective solution that scales for any organization, no matter the size, to meet agility and flexibility needs.

Continue Reading

November 10, 2016

Navigating Today’s Cybersecurity Landscape Is Tricky

Cisco’s 2016 Midyear Cybersecurity Report provides an unfiltered look into the current cybersecurity landscape. It’s not a rosy picture, as the report reveals the growing threat of cyberattacks, and most notably, ransomware. The report, though, isn’t all doom and gloom and reveals the latest measures organizations can implement to protect themselves.

Continue Reading

August 18, 2016

Cisco Adaptive Security Appliance (ASA) SNMP Remote Code Execution Vulnerability

Vulnerability Description A vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code.

Continue Reading

May 18, 2016

Enterprise Mobility vs. User Privacy and IT Security

As mobility and the Internet of Things (IoT) converge, and cyber threats continue to loom large, the need to focus on balancing data security with employee and customer privacy is top of mind for IT departments around the world. At the same time, IT departments are struggling with how to meet user demand in the age of everything connected, from devices to wearables. In addition, IT must find ways to meet compliance regulations and assure senior leadership that the company’s sensitive data is ...

Continue Reading