Loss Prevention

Helpful Hackers- They Do Exist

Hacker.png

Business IT systems are complicated, you know that. You've invested in security for your systems, but you're worried that there are still holes in your defense, weak spots between all the bits and pieces that make up your total networking and computing infrastructure. How can you feel confident in your security? You have to welcome a hacker into your midst.

It sounds counter-intuitive, welcoming a hacker (or team of hackers) to come and break into your network and your most sensitive data stores. But that's exactly what pen-testers (short for penetration testers) do—launch non-harmful, sophisticated attacks and probe to see if your network can handle the worst the world has to throw against it. Pen tests are almost always valuable, but to get the most from the exercise there are several things you can do.

1. Turn Them Loose

Too many pen tests are hampered because the client places significant limits on what the pen testers can do. One frequent example involves spear-phishing and social engineering. Will you let the pen testers send email messages to employees trying to tempt them into giving up network credentials or privileged information?

Some companies say they do not want to risk embarrassing employees, so they forego testing the human element of the network. If you do not run these tests, you lose valuable opportunities to see how well corporate training has been put to use by employees. The key is to not single out employees and treat any successful spear-phishing attacks as opportunities for education, not punishment.

2. Define Goals Before You Start

Is the purpose of the test to inform regulatory compliance efforts? Are you trying to see where weaknesses lie before starting a new security purchase cycle? Do you want to give your InfoSec team information before they begin revisions to the corporate security policy? Is this just part of your regular cycle of testing the effectiveness of your security?

Being clear about what you want to achieve from the test, and communicating that information clearly to the pen testing team, will help make sure the pen testers are working with you to be most effective.

3. Do Not Hire Them

Some executives resist pen testing because they worry that the results of the test could become subject to the discovery process in the event of a lawsuit. That is a legitimate concern, but there's a way around it.

Let your law firm hire them. If outside counsel hires them and delivers the report to you, then it is privileged communication and is immune from legal discovery. You get the results, everyone gets protection, and everyone (on your team) is happy.

“Hiring” a team of hackers can be the best thing you do to strengthen your network security. Do your homework on the firm you hire and follow the tips above, and you'll end up with a sound picture of where your security is doing its job—and where you should start immediately patching the holes. Our team at Current Technologies specializes in building state of the art security systems to your specification. If you already know where the holes are from a pen-test, it will be a breeze to have us patch them up for you.

Need Help Passing Your Pen-Test?

Name *
Name

We Value Your Feedback

Was this information helpful?
Was this information helpful?
CurrentTech_Horizontal.jpg

10 Essential Steps To Protect Your Data

computer data.jpeg

How Much is Your Data Worth?

There are various ways to calculate the cost of losing work stored on computers. Perhaps the easiest way to get a gut feel for the cost is to think for a moment about how long it would take to replace lost work. How many people would have to spend how many days to create everything from scratch?

Here is a simple 10-step plan for making sure they do not have to.

1. Have a Strategy

You will not know what approach is right for you until you have answered these questions:

  1. How long can you go without the lost data?
  2. Will you be making full backups or incremental or differential backups?
  3. How quickly will you need data restored?
  4. What solutions will you use?
  5. How secure do your backups need to be?
  6. How long do you need to keep the data for?

2. Prepare for the Worst

If the building burns down, your onsite backups might go the same way as your primary systems. You should think about offsite or cloud backups as part of your plan. At Current Technologies, we help our clients find the best ways to leverage the cloud for a positive return on investment.  We can help you choose the best path forward to the cloud using proven solutions. 

3. Get Help

You might not have all the answers or even all the questions, contacting experts is never a bad idea. Our team at Current Technologies has been helping organizations secure data for over 20 years. Our knowledgeable and experienced employees will work with you to reach the mutual goal of defending your data.

4. How much can you Afford to lose?

Catalog which data would have the biggest impact if you were to lose it. Break data into tiers and work out how long data from each tier needs to be backed up.

5. How long can you go Before your Data is Restored?

The answer to this question will be different for each of the tiers of data you identified. And it will inform your decision about what backup systems you need.

6. Consider your Applications

Not only does your solution need to fit your business needs, but it also needs to suit the applications you run.

7. Choose your Device

What will you backup onto? This is another area where it is worth taking more expert advice.

8. Set up your File Backups

If you are working with someone, you should be able to borrow their expertise to make sure you set up correctly. If not, look for vendor tutorials that walk you through the process.

9. Take a Picture

Do not just set up to backup data. Image backups capture your whole system so that you can restore everything. That includes your operating system, applications, settings, bookmarks, and file states right before disaster struck. Current Technologies is partnered with Barracuda Networks and VMware to maximize ease and minimize cost of image backups.

10. Check and Double Check

Your system is no good to you if it is not working. Check and check again that you are capturing usable backups in the format you are expecting.

We can Help Each Step of the Way

Name *
Name
Our customers love the piece of mind knowing they can be alerted to issues so outages can either be prevented or responded to very quickly because of the visibility our tools provide
— Mark Rhodes,VP - IT Soluions

We Value Your Feedback!

Was this information helpful?
Was this an interesting read?
CurrentTech_Horizontal.jpg