Client Area

This section can be repurposed a number of ways.

Operations

Verify.

How do you protect your company from business email compromise (BEC)?

Here’s a tactic we call #Human2FA

Verify financial requests

Ever get an email asking for financial or banking information? Ever fall for it?
Today’s social engineering tactics are pretty good and more than a few corporate executives have fallen prey.


But there’s an easy way to stay a step ahead of the criminal and we call it Human Two Factor Authentication. 

 

Watch the video, share it with your team and make verifying finical requests policy at your organization. 

Hybrid Office

The push towards the Hybrid Office has been wreaking havoc on small and mid-market businesses since before the pandemic.

To address the growing complexities and meet the needs of employees and employers, we’ve developed a secure virtual-workplace solution that leverages Azzure Virtual Desktop (AVD) and accommodates the performance and security needs of your business. 

Improve mobility
Virtualize employee access in the cloud, making it scalable, up-to-date, and available on any device

Ramp up security
Advanced security solutions help you control and manage identities, access, and prevent threats

Reduce costs

Simplify IT management and move away from and investment heavy CAPEX model to scalable OPEX 

Boost productivity

Leverage a suite of collaboration and communication tools to improve productivity

 

Google Reviews

As a distinguished IT services firm, we pride ourselves on great tech support!

Have you ever submitted a help desk ticket only to never hear back, or hear back and not have a solution to your problem? 

A strong IT services desk increases productivity and sets up your business for success. 

Don’t take our word for it…check out what our partners have to say:

Zero-Trust-Cybersecurity

As the business community faces down cyber threats, one medical office is defending itself with a Zero Trust approach to cybersecurity

Physicians have always been at the front of the line when it came to technology integration. Among the first to realize the benefits wearing a pager, having a cell phone, using a tablet, and essentially digitizing their business, doctors and researchers are typical early adopters of mobile, Cloud and IOT systems. 

As attacks on the healthcare industry make weekly news, personal information (PII) floods the black market, and steep fines take their toll,doctors and practice administrators wonder what they can do differently. 

A holistic strategy, a Zero Trust approach to cybersecurity means that you:

     1) Verify Explicitly
     2) Use Least Privilege
     3) Assume Breach

Want to learn more? Complete the form and download the business case.

Zero Trust

As cyberattacks on midsize firms prove inevitable, are you ready to be hit?

A strong defensive posture minimizes exposure, limits collateral damage and protects client privacy. ‍

We’ve been providing IT consulting and technology services to the mid-size business community since 1999, and from basic firewalls to advanced breach detection systems we absolutely guarantee there’s no shortage of security products designed to protect the enterprise. 

 

But third party/supply chain attacks have changed this game. Drastically. And, from the most basic user training videos, to a 24×7 monitored security and information management (SEIM) system, there’s not one thing a business can do to protect data when its business management system, ERP or CRM is breached. Bottom line – every business on the planet relies on third-party software and there’s simply no safe place to hide. Boo!

Since shutting down shop isn’t an option, we must, as always, take up this threat and face it head on!

 

As we wrote in an post about Zero Trust Cybersecurity, you can only worry about what’s within your control. Since fully defending against this attack isn’t possible, we can only protect our organizations and prepare to be attacked.

1. Deploy a multi-layered detection and response approach. Multisyllable marketing jargon aside – as quickly as possible, you need to know you’ve been breached, and you need a post-attack response plan (or plans). “Honeytokens” or virtual trip wires setup to alert organizations of suspicious activity in their network are a great tool. If a being breached is bad, not learning about it till days or weeks after it happens is worse and not knowing what to do next can be catastrophic. www.upguard.com/blog/how-to-prevent-supply-chain-attacks

2. Include threat hunting as regularly scheduled IT maintenance. As described by our partners at SentinolneOne, threat hunting is quite a different activity from incident response (IR). While IR methodologies aim to determine what happened after a data breach, a threat hunting team searches for attacks that have slipped through your defensive layers to help you find adversaries hiding in your network before they can execute an attack or fulfill their goals.

 

3. Work with a SIEM solution that offers automated remediation actions. A security information and event management (or SIEM) is a cybersecurity solution that collects and converges data from different parts of your IT environment with the intent of monitoring your firm’s security levels. Providing advanced visibility and insight into your users, endpoints, traffic, activity, and more, a SIEM enables you to maintain oversight into your network and beyond the perimeter as your company scales.

4. Log capture and file retention for critical infrastructure. As detailed in this whitepaper from the National Institute for Standards & Technology (NIST) nvlpubs.nist, log management is essential to ensuring that computer security records are stored in sufficient detail for an appropriate period of time. Routine log analysis is beneficial for identifying security incidents, policy violations, fraudulent activity, and operational problems. 

5. Encryption for all data. In cryptography, encryption is the process of encoding information or sensitive data so only authorized parties can access it. While encryption can’t prevent criminal activity or third-party attacks, it does deny intelligible content to the interceptor. For more on encryption, we recommend this article published by UpGuard www.upguard.com/blog/encryption.

6. Use two-factor/multi-factor authentication. With two-factor authentication enabled, criminals who do gain access to user login credentials aren’t automatically granted entry. A key element to a Zero-Trust Security framework, multi-factor authentication requires users validate their identity to provide that extra layer of security.

Above all, at OWG we believe cybersecurity will always come down to your corporate culture and your posture – on your toes, knees bent, arms ready. Stay sharp, be prepared and have your plan in place and you’ll have an advantage and typically able to weather the storm. The complacent or unprepared will get swallowed.  

 

For more information, or to set a time to speak, drop your name and email below and we’ll reach out.

 

 #StaySafeOnline‍