The Importance of Network Vulnerability and Penetration Tests

an open laptop computer sitting on top of a bed

A company’s network system is of paramount importance to its ability to conduct daily business operations.  If a network goes down, whether from a security breach or for another reason, the cost to individual organizations can be significant.  This is just one of the reasons why it is important to select an IT organization that can provide proactive support in order to prevent problems before they even occur.  In this post, we will define what network penetration and vulnerability tests are, the differences between the two, and why both are essential.

Network Vulnerability Tests

A network vulnerability test scans an entire network, looking for all the vulnerabilities across the entire system.  This type of automated test should be conducted on a regular basis. Typically every quarter and when any new equipment is added to the network.  A baseline report for each new piece of equipment should be included as part of the vulnerability test. Including any subsequent changes investigated such as added services or open ports. Both of which could mean unauthorized changes occurred on the network.

Network Penetration Tests

A network penetration test, also known as a pen-test, is more specialized than a vulnerability test. A vulnerability test is designed to alert network administrators to any and all weaknesses. Whereas a penetration test will report on the severity of any weaknesses found in vulnerability testing.  Unlike an automated vulnerability test, a penetration test is conducted by a tester looking for specific ways in which to exploit a network.  In short, they are acting as if they are a real hacker.

Some industries are mandated by government regulations as to how often their network should be pen-tested.  For others, at a minimum, a professional network support team will recommend their clients have penetration testing when any of the following occurs:

  • changes in end-user policies,
  • new office location(s),
  • significant upgrades,
  • applications, infrastructure modifications, additions
  • after the application of security patches.

If you would like to know more about network vulnerabilities, network testing, or our professional support services, please contact us.

How to Keep Your Business’s Mobile Devices More Secure

a laptop computer with a blue shield on top of it

Security is both an online and physical concern, even for mobile devices. More and more employees have laptops, tablets, and phones for their business tasks, and this is even truer for small businesses. If you’re worried about how secure your company’s devices are, here’s how to cover both angles.

What’s the physical threat to mobile devices’ security?

Phones get stolen. They also get lost. No matter how vigilant your employees you are, eventually a phone or tablet will go missing; up to 95% of security attacks are through stolen mobile devices or proximity-based phishing, which makes the devices themselves the weakest point in any defense.  This means you have to protect more than your business’s network: you have to protect what’s tapping into the network, too.

How can you protect your data from physical break-ins?

One option is to use a mobile device as a connection point only. Keep all of your files in a cloud that doesn’t require any downloading. Additionally, make sure all work is done through online portals. If your employees can comfortably get their work done through a browser or a protected app without turning to local storage or offline programs, then there’s nothing on the phone to steal.

Another option is to use security as a service program. Using sign-in systems that use devices in tandem makes a single stolen device useless. You can also use programs that allow you to remotely wipe lost devices once they’ve been reported. Thus, any cookies, caches, and data are out-of-reach.

Physical security of technology used to be easier when you had a single office with a privately owned server and desktop computers.

Mobile devices and working on the go are all but required to keep up with your competitors. So go to Bluwater Technologies to get started on closing gaps in your security.

Best Security Practices for Good Password Protection

a computer screen with the word security on it

Best security practices: Computer security is crucial. Depending on your business, you may have security measures that are required by law for the protection of personally identifiable information, but you need to ensure your information’s protection regardless of the surrounding statutes. Get antivirus programs, secure your building physically, and have good password management. Here’s how to securely take care of the latter:

Train your employees on good password strategies. 

Most people know not to use Password123, but after that, there’s not a lot of education about best practices. Require a full range of alphanumerical and special characters, and make sure the characters are randomized instead of individual words. A general strategy is to pick three random words from a book or article that have no significant meaning: the words are linked together in the user’s mind to make them easier to remember but make no sense to potential hackers. Even then, it can be difficult to remember these passwords, so have your employees combine them with two-step logins or a secure keylogger.

Set a mandated schedule for updated passwords. 

Even employees with the best of intentions won’t stay up-to-date on a self-regulated schedule for replacing passwords. Instead, link the profiles together and require password changes every 30-90 days. This works even better if you add a setting to prevent recycled passwords.

If your network has mobile access or a two-step sign-on involves using a phone, use software that makes employees password-protect their phones. 

Most people already have passwords on their phones, especially since they have credit card information. But make it a requirement so no one can steal an employee’s phone and get access to your system.

Passwords are the most universal form of security in business but they can also be the weakest. Make sure your employees use strong passwords and choose new ones regularly. For more computer tips and IT support, go to Bluwater Technologies here.

Back Up Your Data to Secure Your Business

a laptop computer sitting on top of a wooden table

A common paradox in technology security is the trade-off between convenience and security. The best password is a random 40-digit alphanumeric string, but no one’s going to remember it. The more locks on your front door, the more secure it may be, but chances are most people won’t lock all of them every time they leave. Instead, the best compromise between convenience and security is automation: making every step to secure information automatic so it’s safe 24/7 without you having to manually do so. One of the best ways to automate your stored information is through cloud backup. Learn how to back up your data.

Back Up Your Data

What is cloud backup for servers?

Typically, small to medium businesses would store information on local hardware. An office would store a server or two in an office closet near the IT department. Or you store your business’s information on a work computer. That would typically mean depending on one copy of the information. But this could spell disaster due to a hardware failure, a power outage that damages the device, a virus, or even just an inexplicable case of data corruption. You want to securely but conveniently store an up-to-date backup of your business’s information. Instead, use an online backup that sends your information to an off-site server. There it is secured and maintained by a third party.

What are the benefits of using Bluwater Technologies’ cloud backup?

The best type of data backup is automatic. Whether you schedule it to be daily, weekly, or monthly, knowing that your business data is being saved whether you remember to save it or not can be a huge weight off your mind. Losing customer contact information, financial records, and working project files can be a huge blow to your business. The risk of having them taken from you through a virus or malware is even worse. Bluwater works to make sure your data, both onsite and offsite, is secured.

Cloud backup for servers isn’t the only benefit of using Bluwater Technologies for IT support. If you want to learn more about our services and the elements of the best cloud backup for servers, browse our site here.

Why Your Company Needs Data Encryption

a yellow padlock on top of a computer screen

Data Encryption

Are you doing enough to safeguard your company’s data from cyber threats? According to a report published by Panda Labs, approximately 18 million new malware threats were identified in Q3 2016, which translates into roughly 200,000 threats per day.

Of course, you can protect your data from hacking and other cyber threats with encryption services. It’s often viewed as the single most effective way to protect data. So, what is it and how does it work?

What is Data Encryption?

Encryption is the process of encoding information so that it’s only “readable” by the intended user or users. This doesn’t prevent unauthorized users from accessing the data — nor is that the intention. Rather, it prevents users from reading the data unless they have the corresponding key.

Encryption works by using an algorithm to convert the data into a special code. Once encrypted, only users with the associated key can decrypt and read it.

Benefits

The single most common reason cited for data encryption is protected from cyber threats. Firewalls, spam blockers, and anti-malware/virus software are all effective safeguards to protect data from unauthorized use, but encrypting it adds another layer that companies can use to further strengthen their internal security.

While there’s no law specifically requiring you to encrypt data, it’s often used to reinforce compliance, such as in the case of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. HIPAA Security Rules require doctors and other covered entities to implement technical safeguards to protect their data from disclosure — and there’s no stronger technical safeguard than encryption.

To learn more about data encryption and how it can safeguard your business from disaster, contact us today.