Contact us to learn more about our breach security online training portal to strengthen your weakest link, increase your security posture and reduce your risk of ransomeware and other security breaches.

95% of Breaches are Caused by Human Error*

60% of SMBs Go Out of Businesses Within 6 Months of a Data Breach**

Employee Security Training is the Best Way to Prevent a Data Breach

There have been a lot of interesting developments in Password Management since NIST, National Institute of Standards and Technology (a division of US Dept. of Commerce), revised the 14-year-old guidelines last November with final updates issued in June 2017.  The now retired 72-year-old author of the original 2003 NIST, Bill Burr, was quoted  in The Wall Street Journal as saying “Much of what I did I now regret.”  Great Britain’s National Cyber Security Centre has also chimed in with similar updated recommendations on Password Security.

Many of the recommendations are targeted to IT system administrators regarding steps they should be taking.  However, all of us are “end-users” of password protected systems and for us there is relief!  What the latest recommendations bear out is something many users have been saying all along – there are too many passwords with complicated rules and they change too often.  This is exactly what NIST discovered in their research.

Password expiration was leading to weaker passwords and to people recording them in an unsecure manner to help them remember.  Research discovered that when a password is compromised, it is used within a week and frequent password expiration changes really offer no protection.  The new recommendations are that system administrators monitor failed password attempts as an indication of possible compromise and also that systems notify the end-user when their password is used in an unexpected manner.  Google does this, for example, when your login is detected from a new device.  These alerts may be indications that a user needs to change their password.  Some experts are suggesting an annual password change should still be part of good “password hygiene”.

Also, many users thought they were being clever by using number and special character substitutions to increase password complexity.  What has been uncovered is that they were being lulled into a false sense of security as we now know that hackers are using sophisticated password cracking software that allows them to account for common letter substitutions.  An example is my password might be H1gh3r$3cur1ty but password cracking tools account for common substitutions so they look for common substitutions like 1 for i and 3 for e, for example.

Password length is also a key to password security, however with a required complexity, users had less chance of having a memorable password.  The new recommendations relax the complexity but promote password length in the form of more memorable “passphrases”.  The goal is for users to remember passphrases without recording them in an insecure manner (writing them down; adding them to an electronic note).  The longer the password, the more difficult and longer it takes for automated password cracking tools to guess them.  The recommended minimum length of passwords is growing due to this correlation of length and compromise.  The 8-character limit is being expanded and recently 12 characters and even 16 characters have been suggested as new standards for minimum length.

What is a good “passphrase”?  Creating a passphrase of a few disconnected words that you can remember is the best practice, so an example might be “eagleflagstormjupiter”.   Notice that the character complexity has been relaxed.  Some common sense must still apply in avoiding the use of your name, address or other easily discovered personal details in your passphrase.  Also, the use of “common” passwords in your passphrase are to be discouraged and there are recommendations that system administrators blacklist these.  An example would be to never word “password” or “12345”.

Another tip for end-users is to not re-use passwords between systems or websites and especially between your work and personal life.  This way if one of your sites that you use has a compromise then all of your sites are not at risk.  To that end, since all of us still have a lot of things that require a password at work and in our personal lives, users should be encouraged to utilize secure password managers like LastPass, 1Password, MiniKeePass.  Some organizations, like Integrity IT, also have moved work passwords into an enterprise password management system which also offers a secure employee vault for both work and personal password storage.  Also, it is common sense that sharing passwords should not be done.

Guarding your password is still critical to protecting your work and personal data.

As the NIST guidelines move into adoption by vendors and other government agencies, these new guidelines will filter down into more end-user applications and web sites.  The recognition that users were drowning in a sea of passwords and that password compromise is still a key component for hacking has led to these revised password management best practices.  It is refreshing to see other tools like Two-Factor Authentication (2FA) and self-service password change capabilities increase in use and provide some relief for end users.  Username and Password is still a concept that most software and critical systems rely on for basic access and this will likely continue to be the case for several years to come.  It is important that System Administrators educate themselves on the new NIST Guidelines and begin to formulate an implementation a password management plan of their own.  Integrity IT has several tools that can make this implementation easier and also can provide guidance to help manage the other recommendations from NIST.  Contact us today and we will be glad to discuss those with you.

 – Joe Danaher, Chief Information Security Officer, Integrity IT

Your hardware is valuable, and so is the software and data running on it. Taken as a whole, your digital imprint is a valuable business asset, worthy of protection because of how much it means in all areas of your work.

Given its high importance, it makes sense to hire professionals who know how to ensure the safety of your data and machines. One of the constant IT menaces comes from viruses, and Integrity IT is especially well-equipped to help protect your business from these malicious threats.

Computers infected with viruses can cost big money from lost time, lost services, and lost data. Customers can be cut off from your business until service is restored, which can mean lost sales as well as a hit to your brand loyalty.

But when trustworthy system administrators keep up with the latest patches and software updates, business can proceed as normal. And when personal workstations, gateways, and web servers are all configured correctly, you have peace of mind against malevolent IT acts.

It’s not important for you to be an IT expert. But it is important for you to partner with one. Integrity IT has antivirus management solutions, as well as solutions for all of your other IT needs, also.

Choose Integrity IT and unleash your full IT potential to enhance your bottom line.

Compliance is a topic that can send shivers down the spines of business owners. Not only is it a sensitive subject, but some people are unsure whether they’re doing everything they need to do to stay up to date with it.

Why leave compliance issues to chance? And why not enlist experts to take this cumbersome challenge off your own “to-do” list? Integrity IT specializes in HIPAA compliance (and other compliance requirements), so our customers never have to worry about whether their compliance requirements are being handled appropriately.

Healthcare workers in particular are weighed down by tight schedules and other extraneous paperwork, so it’s positively essential to partner with the right IT company for compliance support. And Integrity IT can take you beyond compliance to the cutting-edge realm where company efficiency really soars.

Utilizing HIPAA compliance services from Integrity IT means access to the latest technology and digital data plans, which can minimize the various risks inherent with paper copies of documents. It also means access to compliance experts who can advise you on company best practices, as well.

Success in healthcare should be about helping patients become healthier. Partnering with Integrity IT for compliance services removes the burden and worry from healthcare professionals so that they can focus on the primary goal of helping people.

Cloud computing is a popular option for businesses of all sizes. The scalability of the cloud is attractive because your availability can grow as your needs grow, without wasting a lot of money on unused resources and in-house hardware that tends to age so fast.

Just as with all IT components, however, a lot depends on the ability to keep your cloud space secure. Do you know what cloud security entails? Do you have a plan for implementing cloud security measures? What about your staff’s awareness level?

These are all questions that business owners must ask themselves as they approach their cloud environment, and sometimes the task can feel overwhelming. That’s why so many companies depend on Integrity IT for cloud security assistance.

Our team will help educate your employees about cloud security strategies and how to minimize risk, in general. Each work duty you perform in the digital realm can pose a threat if not undertaken correctly. Integrity can help you establish protocols that take the guesswork out of each task.

At the end of the day, you want to know that your IT security is as tight as it can be and will continue working 24 hours a day. You also want to know that the security steps you’re taking are prudent. Integrity IT provides services that not only improve your security but also lend assurances that you’re implementing the best cloud security plan that you can.

And that’s valuable peace of mind.

Technology can render a positive effect on nearly every business type. As a business owner, it’s comforting to realize that you don’t have to be an expert yourself in order to reap the benefits of technological solutions.

In cases such as these, Integrity IT makes a fantastic partner as a sort of CIO that can offer helpful advice on all aspects of IT consulting. From the basics to the nitty-gritty details, Integrity IT has real-world experience to inform its advice.

One of the keys to effective IT outcomes is advance planning, which means getting Integrity IT involved as early in the process as possible. If you’re just starting your business or beginning to expand, it’s a perfect time to acquire IT consulting services.

For a majority of businesses, however, new IT plans evolve quickly as a reaction to a need or as a means to accomplish goals not yet achieved. Integrity IT has experts that can help you navigate these tricky situations so that you don’t accidentally forget some of the major considerations inherently involved with new IT initiatives.

You want your new IT project to be successful. Help make that a reality by allowing Integrity IT to advise you on strategies, budgeting, and best practices on how to overcome the various challenges that typically crop up during new development.

Make Integrity IT your IT consulting partner today.

Security starts at home. And in the business environment, that means it begins in the workplace. Everyone in the office, shop, or storefront needs to understand the importance that behavior plays in IT security.

That’s because all it takes is one mistake by an individual to compromise an entire organization’s network of machines. Integrity IT offers comprehensive security awareness development for just this reason.

With Integrity’s plan, your company will develop an internal culture that promotes healthy IT behavior. With improved awareness, focus, and communication, employees can turn into an IT security asset.

Integrity has specialized IT security expertise, which allows us to pass along industry news and trends so that your company gets the information it needs without having to spend the time and resources gathering it. With news, tips, and practical advice in hand, your staff will have the confidence to make full and safe use of its IT resources.

With so many hazards lurking out there threatening to upset your daily business, it pays to take preventative steps to avoid future trouble. Security awareness development is easy when you have a technology partner like Integrity IT.

Are you doing everything within your means to protect your company from a security breach?

Data Breaches are not just a large company problem anymore. Small and Midsize Business (SMB) are involved in 71% of data breaches.

Breaches are expensive. 60% of SMB involved in breaches go out of business.

We do not want this to be the fate of your business.

Integrity IT approaches security differently. Today’s IT security involves layers of technology hardware and software, and all those layers must be wrapped in training to successfully protect valuable business data.  Now is the time for everyone in the organization, not just the designated IT personnel, to understand cyber security.

On October 18, you can evaluate your readiness and take home a tool to raise your security posture.

This conference will walk you through the layers of data security, spotlight selected solutions and provide each business attending with an online employee cyber security training platform.

Threat Landscape:  Current Trends in Cyber Attacks

Who are the bad guys, what are they doing and what is their motivation?  An officer at the Department of Homeland Security Office of Intelligence & Analysis will discussion of current cyber threats directed at the United States. We will examine various types of malicious actors, their intent and possible capabilities, along with current trends in cyberattacks involving ransomware.

How vulnerable are you?

How much information is available to cyber criminals? The surprising facts on how easy it is to target your company. Learn about Open-Source Intelligence and how it is used by malicious actors. Get eye opening examples of how easy your personal data and company data is accessible online already! Get yourself on even footing with the cybercriminal so you are better prepared to spot an attack.

Cyber Security Controls: Why the basics are not enough anymore

Firewalls, Passwords, and Anti-Virus are not enough to battle today’s threats.  We will discuss how monitoring and early detection (SIEM, IPS), and Employee Awareness Training all play a role in adding key security controls to protect your business.

How to validate your Security Controls effectiveness

Do you know if your security controls (Administrative, Technical, Physical) are working?  This discussion will help guide you through verifying your security controls are working and identifying any gaps there may be in the controls you are using. Learn about Vulnerability Scanning, Penetration (PEN) Tests, and Security Risk Assessment (SRA).

We secure your network and help train your staff to always think “security first”.

CSTC2017
October 18
9 am – 5 pm
Distillery Square at the Grand Reserve
Lexington, KY

Details and Tickets

While this is still a developing story, the impact is massive.  We have received some questions from our customers about it, so we are posting information and links to helpful resources from our Chief Information Security Officer.

Presently 40 States are investigating and Equifax execs have been called to testify before Congress so this is still a developing story.

Basically, Equifax was breached because they had not addressed a security vulnerability that had been present for quite some time in their environment (patch released in March; aware of Breach in May).  We have heard many commentators refer to the fact that they had not addressed this known vulnerability as “severe negligence” on their part and that they had not done their “due diligence” to protect consumer information.  The number of records that were stolen equates to nearly half the population of the United States.  Equifax has setup a website where people can go to see if their information was part of what was stolen  https://www.equifaxsecurity2017.com/

There are excellent FAQ’s and links to resources here:  http://money.cnn.com/2017/09/11/pf/equifaxmyths/index.html

FTC recommendations: https://www.consumer.ftc.gov/blog/2017/09/equifax-data-breach-what-do

Kentucky (info on freezing your credit) https://ag.ky.gov/family/consumerprotection/freeze/Pages/default.aspx

Putting a freeze on your credit reports is done as a method to deter criminals who have your personal information from being able to apply for and receive credit in your name.  Generally speaking, when whomever you are applying for credit with sees that your reports are inaccessible, that usually ends the process.

Persons who are currently trying to get credit for something such as a car or home loan would want to be careful in deciding whether to freeze their credit reports as this may prevent them from being able to get the credit they are seeking, however freezing your credit does not negatively impact your credit score and to apply for credit you have to unfreeze it for that application process.

With the recent news about the breach at Equifax, we have received a lot of inquiries within our community about everything from general cyber security to specific software patches. These are conversations to have now.

Don’t fall into false security or complacency – empower yourself with knowledge. Small to medium sized businesses are prone to putting off certain aspects of IT safety until it’s too late.

Time is a factor. So is in-house expertise. Your network requires skilled attention. It is easy for a company that has no IT team to be busy with other aspects of business to address even the most basic IT vulnerabilities. That’s a perfect window of opportunity for hackers.

You see, when software patches are made available, it also exposes potential loopholes to any would-be criminals out there. That’s why proactive organizations partner with professional IT companies like Integrity IT.

We understand how hackers operate, and we know how they plan to attack. Our business depends on staying up-to-date on all the latest security threats and how to thwart them. That allows us to keep our customers protected, as well.

While there is certainly no need to panic about cyber security, it also cannot be ignored or kicked down the road. Let Integrity IT advise you. That way, you’ll have the utmost confidence in your IT security today, tomorrow, and well into the future.

Increase your business security posture by attending the Cyber Security & Technology Conference – October 18, 2017 (www.cstc2017.com).

We place our customers first because service is our primary core company value. When it comes to making sure that our customers get what they need in a polite, courteous manner, Integrity IT is completely committed.

Communication is key, and from the first point of contact, we begin to gather information that will help us provide the best services for each particular client. Needs are different for each organization, and information gathering helps us determine what offerings make the most sense.

Ensuring that the right IT services are in place allows companies to perform at their highest levels, maximizing internal efficiency and overall performance. And when our customers thrive, we thrive, too.

Knowing that we are available now and in the future helps us establish long-term relationships with customers. As IT goals change, we are ready to change, too, always up on the latest innovations and industry standards.

With Integrity IT as your IT company partner, your business is protected and ready for the next innovation. You have a proven IT company at the ready, prepared to help you address current challenges and achieve future goals.

In the continued aftermath of an enormous data breach, Equifax remains a target of criticism, not only because it exposed personal information from millions of Americans, but also because of a botched job at handling the subsequent customer service issues that have arisen.

This serves as a warning to all organizations that handle digital data, and Integrity IT wants to help everyone secure their data in an organized and reasonable manner. What we need is a better understanding surrounding the topic of cyber security across the board.

It all starts with communication. Here at Integrity IT, we are leading the way in our industry by presenting the Cyber Security & Technology Conference on October 18, 2017. Once you have good information, you will be better equipped to protect your business with the security it deserves.

Everyone knows about anti-virus software, firewalls, and strong passwords, but not as many understand the increasing importance of intrusion prevention systems, intrusion detection systems, and security incident and event management.

Ignoring the issue won’t make it go away, and failing to take action is a sure recipe for disaster. Let Integrity IT walk you through all the steps toward cyber security. Our plan is comprehensive, and our guidance will allow you to implement it easily across your entire entity.

Don’t delay. Contact Integrity IT for more details. And do yourself a favor and make plans to attend CSTC 2017.

With so much to gain from accessing personal and business data, it’s no wonder why cyber attacks are so prevalent. What is more difficult to understand is why so many organizations are slow to prepare themselves against the threats.

For some, it’s simply a matter of not knowing where to start. That’s another reason to attend the upcoming CSTC 2017 event being presented by Integrity IT. We will equip you with everything you need to know to cultivate your cyber attack prevention plan.

Many factors determine your risk level. For example, there is great variance between companies when it comes to cyber risk awareness. Some vulnerabilities come down to employee decision making, habits, and protocols. How educated is your team about the various risks out there?

In addition, risk is determined by what threats are active in the overall Internet landscape. At CSTC 2017, you’ll find out what the current hacking trends are and why they exist.

Integrity IT can examine all aspects of your organization’s IT security and make suggestions and plans that help you minimize your risk. Your profitability and brand identity both count on a strong IT defense. Integrity IT is your best resource for all levels of IT security.

Make an investment in your company’s future by attending CSTC 2017. It’s coming up on October 18, 2017, so don’t delay.

For business owners, it’s not unusual to find that it can be difficult to fit your business around the limitations of out-of-the-box software. Features clash. Important data goes unrecorded. Employees waste valuable time struggling to make business tasks work.

Fortunately, this doesn’t have to be your reality. Integrity IT offers customized software development solutions to help organizations achieve the goals they have in an efficient and straightforward manner.

Integrity’s team of software development experts are adept at taking customer requests and translating them into working realities. If you can dream up a solution, our team is ready to tackle the technical logistics.

And once you implement your custom software, you’ll quickly begin to see measurable results in saved time and better intel. Indeed, an investment in custom software can translate into real savings on a daily basis.

So if you’ve been considering how your existing software isn’t really meeting your company’s needs, then it’s likely time to do something about it. You can leave the technical details to Integrity IT. Simply contact us and we will develop a plan to help you work smarter, quicker, and better.

Technology can render a positive effect on nearly every business type. As a business owner, it’s comforting to realize that you don’t have to be an expert yourself in order to reap the benefits of technological solutions.

In cases such as these, Integrity IT makes a fantastic partner as a sort of CIO that can offer helpful advice on all aspects of IT consulting. From the basics to the nitty-gritty details, Integrity IT has real-world experience to inform its advice.

One of the keys to effective IT outcomes is advance planning, which means getting Integrity IT involved as early in the process as possible. If you’re just starting your business or beginning to expand, it’s a perfect time to acquire IT consulting services.

For a majority of businesses, however, new IT plans evolve quickly as a reaction to a need or as a means to accomplish goals not yet achieved. Integrity IT has experts that can help you navigate these tricky situations so that you don’t accidentally forget some of the major considerations inherently involved with new IT initiatives.

You want your new IT project to be successful. Help make that a reality by allowing Integrity IT to advise you on strategies, budgeting, and best practices on how to overcome the various challenges that typically crop up during new development.

Make Integrity IT your IT consulting partner today.

If you’re just starting a business (or looking to make an IT switch) it’s important to take advantage of all the opportunities available to you via the cloud. Integrity IT has the services and expertise to take care of all your cloud based needs.

Consider your options. For example, Integrity can set you up with your own private cloud. That allows you to forget about purchasing and maintaining your own servers, which eliminates a huge capital expense for your business.

Meanwhile, you can take your email hosting to the cloud as well. Communication is vital, and email needs to be reliable, safe, and efficient. Get the best in uptime, safety, and security without all the in-house, on-site fuss.

Another leading benefit of the cloud is the ability to take your files with you. File mobility is a snap with Integrity’s cloud based file share service named IntegriFile. Connect all your devices and share easily with fellow employees and new clients alike.

And since cloud security is one of Integrity IT’s greatest strengths, you will get all these cloud benefits, along with an integration strategy that emphasizes best practices and security. We’ll help you understand the impact of cloud services on your company and how to safeguard your data.

The cloud has a lot to offer. And with Integrity IT on your side, you can reap the rewards while minimizing the risks.

There are technical, physical and administrative vulnerabilities.

Equifax’s breach exploited the technical vulnerability of having a server that was not patched, opening the door to hackers who target devices with published updates.  What allowed them into their database was mainly administrative – either a lack of policy when it comes to passwords, or staff not following – the database user name and password that had not been changed from a very well-known default: admin  admin.

At CSTC2017, Maximo focused on the greatest vulnerability overall – us.  Human nature causes us to be susceptible to being snookered.  Social Engineering is the term for the Psychological or Situational Manipulation that hackers use so often to exploit human vulnerabilities to gain access and information.  Phishing, Vishing and Impersonation often involves distraction and urgency to create a better environment to trick us – remember, stay calm, the “keys to the kingdom” might be at risk.  Starting only with a photo, Maximo demonstrated how your Digital Footprint leaves behind all kinds of Open Source Intelligence (free personal information) for hackers to easily find that allows them to more easily target people through deception, impersonation and trickery.

Maximo’s take home message:

• THINK before you CLICK
  • Hackers love to download programs onto your computer.  Delivered through links and attachments.
• THINK before you DOWNLOAD
  • Antivirus and Security Software helps us by throwing up alerts – but you must read them instead of quickly clicking through them.
• Use a Password Manager:  Lastpass www.lastpass.com
  • alternative: 1password: www.1password.com
• Know if your email address been compromised: www.haveibeenpwned.com
• Use a good Antivirus: https://home.sophos.com/ (Free HOME version),
  • alternative: www.avast.com
• Periodically scan for and get rid of malware: www.malwarebytes.com
• Handy Key Combinations:
  • “windows+L” = Locks computer – LOCK your computer when you walk away and when not in use.
  • “alt+F4” = Closes window
• Sign up for Identity Theft Protection! We don’t have a recommendation, but Maximo and a few others here use AllClearID: https://www.allclearid.com/ It was used by Anthem when they had their breach a few years ago.  If you are offered it free, sign up and consider continuing it because, it’s not getting any better.
• Sign up for email/text alerts on Credit Cards and Bank Accounts, it makes monitoring much easier.
• Some interesting reads:
  • “Stuxnet”: https://www.lifewire.com/stuxnet-worm-computer-virus-153570
  • “RAT” (Remote access tool):  This type of tool is used legitimately all the time to help and support users – but hackers love to get this type of tool installed on your device so they can control it remotely.
    • Know what you download.  READ before you CLICK.
    • Beaware of P2P file-sharing (peer to peer), like the old Napster.  There are many more now popular for sharing movies and games.
    • Install security software and allow it to do its job
  • Awesome read! “Future Crimes” – by Mark Goodman

Do you check to make sure your smoke and carbon monoxide detectors are working?

Do you check to make sure doors are locked before turning in at night?

Do you have an outside agency perform a financial audit on your business?

Do you check to make sure your firewall is configured correctly?

I hope you answered YES to all of the above.  Just like any security measure, we must make sure it’s working – this is called VALIDATION.

At CSTC2017, Joe and Bob reminded us, as Ronald Reagan put it, “Trust, but verify“.  It is important that assumptions aren’t being made and that you regularly validate your security controls are doing their job.  Remember, Security Controls can fail and even with the automation and layers of defense, it only takes a single vulnerability to be exploited that can lead to a significant disruption in your business.  New threats emerge daily and patches come out quickly.  Computers, printers, software, network connections come and go on your network – nothing stays static anymore.  Security is not just the responsibility of security and IT staff, it must start with the CEO and involve the entire staff.

Joe and Bob’s Take Home Message

Security Controls Can Fail

• Mis-configured
• Missing critical updates
• Backups untested
• Human error

You Cannot Mitigate Unknown Risks

• Security Risk Assessments and Analysis must be done
  • Annually, if you are a HIPAA covered entity, regulated by PCI, or in a financial industry, like banking.
  • After significant changes in your system
  • Must be comprehensive: addressing Technical, Administrative and Physical Controls and Vulnerabilities
  • Includes Vulnerability Scanning, which most often detects issues you didn’t know you have.
  • Perhaps include a Penetration Test
  • Include Active Directory Auditing

Address Your Weakest Link – You and Your Staff

• Management Support Required – the entire business must be involved.
• Create a blame free risk- and security-aware culture
• Use a security training platform
• Provide ongoing security tips
• Test users understanding and security practices
  • ex. Phishing Tests

Don’t Forget Your Backups

• Your backup program is only as good as the ability to recover data if and when disaster strikes.
• First, is your important data being backed up?
• Second, can it be restored successfully?

Where do you want to be?

At #CSTC2017, Tom reminded us of the two points in time related to a security breach and the cost differential.

Left of Boom: Prevention and Preparation | Right of Boom: Mitigation and Recovery

                                                                               $ | $$$$$$$$$$$$$$$$$$$$ (20 – 50 Times)

Tom’s Take Home Message

There are effective ways to control cyber security threats and you must address security needs at every level.  It can be overwhelming so you should consider a security partner like Integrity IT to help you assess your current state, evaluate your needs and create a plan that best fits your business.   Below is a list of things to consider.

Foundation

• End User Training
• Multi-Factor Authentication
• User Privilege Management
• Security Risk Assessment
• Compliance Assessment
• Cyber Security Plan
• Get a new generation firewall

System Protection

• Next Generation Firewall
• Network Segmentation
• IDS/IPS/Monitoring & Management
• SIEM
• Ransomware Defense
• Identity Management
• Zero Trust Access Control with Multi-Factor Authentication
• Audit Logs
• Change Management
• Patches, Updates & Images
• Server Security Configurations

Data Protection

• Data Classification & Segmentation
• On-the-Fly, End-to-End Encryption
• Ransomware Defense
• Sandboxed Storage Access
• Isolated Long-Term Storage
• Date Recoverable Storage
• Data Life-Cycle Management
• Unsupported Software/Hardware Program

End Point Protection / Application Protection

• Anti-Malware Applications
• Software Firewall
• System Image
• Endpoint Encryption
• Unsupported Endpoint Security

Physical Protection

• Access Control
• Fire/Flood Protection
• Surveillance

Internet Protection

• Website Security / SSL
• Remote Access/VPN w/ Multi-Factor Authentication
• Secure Browsing
• Email Security
• DDoS Protection & Mitigation
• Malware Detection/Mitigation (including Ransomware)

You can learn more about Thomas Norman at https://www.linkedin.com/in/thomas-l-norman-cpp-psp-280a3a15/

You can learn more about Integrity IT’s Security Services – Click Here

The methodology that Integrity IT uses to perform the security risk assessment is based on risk assessment concepts and processes described in NIST[1] SP 800-30 Revision 1.

Overview of the Risk Assessment process:

• Identify and document all Personally Identifiable Information (PII) repositories
• Identify and document potential threats and vulnerabilities to each repository
• Assess current security measures
• Determine the likeliness of threat occurrence
• Determine the potential impact of threat occurrence
• Determine the level of risk
• Determine additional security measures needed to lower the level of risk
• Document the findings of the Risk Analysis

Interview and Data Gathering

Working with the Business Owner and key leadership (ex. Operation and IT Management), the Integrity IT Security Team identifies and documents existing IT configurations and security operations, along with a high-level review of Policy and Procedure.  Physical security and processes are observed during a site visit.  This initial interview and walk-through requires about 90 minutes of your time to identify Technical[2], Administrative[3] and Physical[4] aspects of Security.

Vulnerability Scan

Based on parameters defined by your business, Integrity IT performs a one-time Vulnerability Scan of your external (public-facing IP addresses) and your internal IP addresses.

Analysis of Findings

The Integrity IT Security Team will perform an analysis of the information gathered.

Deliverables

Present / Review findings with your team.

Reports

The output will include a series of actionable reports that identify gaps in your current IT Security Controls along with a prioritized list of specific recommendations based on the value of the IT asset and the level of risk identified.

Security Posture Improvement Roadmap

Based on the Analysis, we will create a detailed work plan to easily track your remediation / mitigation progress.  We work with your team to determine priorities based on the analysis, your risk tolerance, business priorities, and resources to create a roadmap that is the best investment for your business.

Policy and Procedures based on NIST Guidelines

Integrity IT provides security policy templates based on NIST guidelines which your business can customize and adopt into practice if desired. Examples include: Employee Termination Procedures, Data Backup Procedures and Disaster Recovery Procedures

PII-Protect Training Portal Roll-out to your staff (1yr subscription)

This web-based Security Training portal includes self-paced, up-to-date videos and slides.  There is also a testing component to help ensure participation and ongoing tips delivered by email.

Options Available

Mitigation Assistance 

Integrity IT has the solutions and expertise to address IT Security Risk.  Your IT team can leverage Integrity IT as a partner in a project or with a solution that may be a fit ongoing.

Beyond a one-time Security Risk Analysis

Integrity IT’s security division offers Managed Security Services that provide ongoing protection, monitoring, alerting and incident response.  These services can help you to continue your path to a more secure IT environment.

[1] The National Institute of Standards and Technology is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce.  With a world-class measurement and testing laboratory encompassing a wide range of areas of computer science, mathematics, statistics, and systems engineering, NIST’s cybersecurity program supports its overall mission to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and related technology through research and development in ways that enhance economic security and improve our quality of life.  https://www.nist.gov/topics/cybersecurity

[2] Technical Safeguards

• Access controls to restrict access to sensitive or protected data to authorized personnel only
• Audit controls to monitor activity on systems containing sensitive or protected data, such as an electronic health record systems and databases
• Integrity controls to prevent improper data alteration or destruction
• Transmission security measures to protect data when transmitted over an electronic network

[3] Administrative Safeguards

• Security management processes to identify and analyze risks to sensitive or protected data and implementing security measures to reduce risks
• Staff training to ensure knowledge of and compliance with your policies and procedures
• Information access management to limit access to sensitive or protected electronic data
• Contingency plan to respond to emergencies or restore lost data

[4] Physical Safeguards

• Facility access controls, such as locks and alarms, to ensure only authorized personnel have access into facilities that house systems and data
• Workstation security measures, such as cable locks and computer monitor privacy filters, to guard against theft and restrict access to authorized users
• Workstation use policies to ensure proper access to and use of workstations