Migrate to the Cloud Securely: An HBK Risk Advisory Services Webinar

Date October 19, 2021
Article Authors

Cloud computing is one of the most compelling of recent innovations. Your organization can enjoy multiple benefits by adopting or migrating to the cloud, including giving your over-worked IT Department a well-deserved break.

But how secure is the cloud application you are using? What risks does it pose to your computing environment? What is the role of your IT Department given your commitment to the cloud? Get the answers from HBK’s Vertilocity team of digital technology experts and learn how to better protect your organization in the cloud.

Our October 27 Risk Advisory Services webinar, “Migrate to the Cloud Securely,” will feature a discussion of how a secure migration can reduce your risk exposure. We will cover:

  1. Key cloud migration terms and definitions
  2. Characteristics to consider when evaluating the security posture of a cloud security provider (CSP)
  3. How to protect your cloud workloads from cyber threats
  4. Discovering and properly controlling cloud apps in use at your organization
  5. Practices to secure your end users and connectivity to the cloud

Speak to one of our professionals about your organizational needs

"*" indicates required fields



Watch: A Managed Service Provider Can Help You Secure Your Network

Date August 27, 2021
Article Authors

Highlights from the August 25, 2021 webinar in the HBK Risk Advisory series hosted by William J. Heaven, CPA/CITP, CISA, CSCP, Senior Manager, HBK Risk Advisory Services; and Pawel Pikul, Senior Manager, HBK IT

A managed service provider (MSP) is a company that remotely manages customers’ IT infrastructures and/or end-user systems, typically on a proactive basis and under a subscription model. Think of an MSP as an outsourced IT department.

• The MSP concept emerged in the early 2000s, Prior to that the business was primarily IT consultants and tech support, most of it onsite, and often accompanied by long system interruptions. Then in the late 1990s applications allowed for remote access and help desk services. Over the years tech support moved to remotely ensuring networks are operating and running without downtime and in a secure environment.

• MSPs provide a wide range of services, and have access to a great diversity of tools and technologies. Different MSPs offer different services, including cloud technology, a fully managed IT department, strategic technology advisors, around-the-clock help desk, data security, business continuity and backup, change management, and hardware procurement.

• You can fully outsource your IT department to an MSP or use particular services, including using their expertise to support and monitor your networks. Bigger organizations often adopt a co-managed model, where they keep their IT team and use an MSP to fill skill gaps and free up their IT team’s time.

• Most MSPs price their service packages based on the number of users or number of devices in the network. Your service level agreement should include key aspects of the service, including response times.

Types of Managed Service Providers

• MSP service can be defined as any continuous, regular management, maintenance, and support, including:

– Networks and infrastructure

– Security services: Some MSPs, known as MSSPs, are focused on security services.

– Support services

– Print Services

– Cloud infrastructure

– Software as a Service (SaaS)

– Wireless and mobile computing

– Communications services

– Data analytics

• A standard MSP package will have to some degree cloud storage, managed backup, hardware procurement, change management, business continuity/disaster recovery, system security, system management, system monitoring, and a help desk. The MSP will ensure your IT systems are operational—usability and performance are primary concerns. They will provide some level of security but having an MSP does not guarantee 100 percent network or data security. You can add additional layers of security to mitigate risk, which you are advised to do, but companies are always vulnerable.

• Basic security provided by an MSP includes a managed firewall, virtual private network, anti-virus and anti- malware, windows and third-party patching, vulnerability scanning at least on a quarterly basis, and backup and disaster recovery. MSSPs, which are more focused on security, provide additional levels of security and services, including a security operation center, security information and event management, endpoint detect and response, user behavior analytics, ongoing vulnerability scanning as a new users or devices are added to the network, and cybersecurity risk assessment. Other services that can provide additional security include a password manager, security awareness training, dark web monitoring, disk encryption, and single sign-on and multi-factor authentication.

• To ensure the most security possible you need to communicate with your MSP to determine who is covering what.

• The benefits of an engaging an MSP include access to an entire team of IT experts which translates to substantial IT cost savings, predictable costs, data recovery services provided quickly following a disaster, and 24/7 support for all end users.

• It is important to understand your company’s needs and the benefits you expect from your MSP and communicate that to your MSP, then review your contract to stay current with your needs. Also:

– Study and understand the MSP’s reports on your network and services.

– Ask your MSP security-related questions.

– Undergo a cybersecurity risk assessment at least once every two years.

Cybersecruity Statistics

• Ninety-vie percent of data breaches are caused by human error.

• The average cost of a data breach is $3.86 million.

• The average time to identify a breach in 2020 was 207 days.

• Data breaches exposed 36 billion records in first half of 2020.

• Sixty-eight percent of business leaders feel cyber risks are increasing.

• The FBI reported a 300 percent increase in cybercrimes since the beginning of the pandemic

• Remote work increased average cost of a data breach by $137,000.

Cybercrime Trends

• Remote workers are being targeted.

• Cloud breaches are increasing.

• Cybersecurity skills gap remains an issue.

• IOT (Internet of Things) devices will become more vulnerable

• Cyber insurance will increase in cost especially for organizations that don’t take appropriate measures for risk mitigation.

• The most common cyber attacks include:

– Malware, which can perform malicious tasks, obtain data, or disrupt

– Phishing for credit card information or intellectual property

– Zero-day exploiting vulnerability to get access to the network

– Password attacks: what’s important is not necessarily the length or complexity of a password. Most often attackers gain access to passwords via a compromised website. An organization should have unique passwords for every website. Multi-factor identification is one important way to prevent access.

Tips on security your network

• Ensure systems are being patched.

• Ensure vulnerability scans are being performed.

• Segregate networks.

• Train end users.

• Implement internal security policies.

• Require multi-factor authentications for all systems and applications.

• Use unique passwords and implement single sign-on.

• Test backup and disaster recovery.

• Create an incident response plan.

Speak to one of our professionals about your organizational needs

"*" indicates required fields



Watch: Managed Service Providers Can Help Secure Your Network

Date August 13, 2021
Article Authors

Information technology (IT) and cybersecurity are complex subjects, and can be confusing to business owners. But cybersecurity attacks continue to threaten businesses large and small so understanding the related issues and their impact is critical. What steps can you take to protect your computer network?

A Managed Service Provider (MSP) is an outsourced organization that can deliver IT services in a secure manner. Services offered by MSPs include infrastructure management, end-user device management, employee support, and overall IT Management including disaster recovery and security services.

Our webinar will cover:

1.The services MSPs typically provide

2.Differentiation among MSPs and their service offerings

3.Advantages of working with an MSP

4.Current cybersecurity statistics and trends and their potential impact on your business

5.Security tips and suggestions from our MSP team to improve your network security

Watch here.

Speak to one of our professionals about your organizational needs

"*" indicates required fields



Is Your Anti-Virus Software Functioning as Intended?

Date June 4, 2019
Article Authors

Most people know basic information about anti-virus software and that it is crucial for cybersecurity. However, it’s often mistakenly believed that anti-virus software is the only cybersecurity defense component required to protect your computer system.

Anti-virus does play a very important role within a multi-layered cybersecurity strategy. However, we are providing this overview to underscore and verify that this component is merely one part of protecting your computer environment.

From a 50,000-foot view, anti-virus software operates in the following manner: it checks a table of known virus definitions with all the files stored on a computer system, in order to flag a potential virus. The flagging of viruses is achieved either through signature-based or heuristic-based analysis.

A file signature is a unique identifying number located in the file’s header that identifies the type of file and data contained within that file. Heuristics refers to an algorithm that is used to find previously unknown viruses (i.e. those not yet listed on the virus definition table).

There are two main anti-virus operational modes currently in use to check files on a computer system:

  1. Full System Scan. This mode also includes a “quick scan” or a check of files within which the file signature has changed since the previous Full System Scan, which runs on an automatic schedule or is manually enacted.
  2. Background Processing. This is the process that occurs (as its name indicates) and functions in the background on your computer by checking every file as it is opened. It is often referred to as “Real-Time Protection”.

There are many anti-virus options available to consumers, including both free and paid products. Virus detection rates vary among these choices and can fluctuate over time. Therefore, do not expect there to be only one solution that is consistently proven as the ultimate anti-virus product available. A consistent “Number One” has not yet materialized.

There are numerous anti-virus comparison sites searchable on the web. Also, it’s important to remember that if your anti-virus definition files are not updated regularly, or if the anti-virus function is disabled by users of your computer system, you may not be receiving the protection you assume.

Action Items:

  1. If you do not already use anti-virus software, research options within your price range and choose a solution that fits your needs.
  2. Implement the anti-virus software system on your network.
  3. Periodically ensure that your anti-virus software is running as intended. This means the virus definition table will be updated frequently and that it will be consistently used on all computers within your network.
  4. HBK Risk Advisory Services can assist you with your data backup or Cybersecurity questions and needs. Please contact Bill Heaven at WHeaven@hbkcpa.com

Speak to one of our professionals about your organizational needs

"*" indicates required fields