The Next Level Network Blog

IT Management, Security, Compliance for Regulated Firms

Data Creep and Function Creep Are Challenging Online Privacy and Security

What to Consider When Trading Personal Info for Content and Convenience

Two growing phenomena of our Internet-connected world – data creep and function creep – are compromising online privacy and security for both companies and individuals. We’ll define these terms shortly, but first some preliminary context.

Self-Service Purchase Option for Microsoft Power Platform Apps Starts Jan. 14, 2020, Poses Compliance Risk

New PowerShell Module Can Block This Option, Prevent “Shadow IT;” Act Now

Around mid-October, 2019, Microsoft announced that as of November 19th it would make its Power Platform applications Power BI, Power Apps and Flow – available for self-service purchase by business users in the US. The announcement was met by solid pushback from both in-house and outsourced IT support pros who recognized that this move could cause what would amount to a “shadow IT” layer within companies and – of particular importance to our regulated customers – serious compliance problems.

A Complete Guide to Using Backupify to Help Ensure Business Continuity

Free eBook: Defending Your Office 365 Data: Five Threats That Microsoft Can’t Defend Against, But You Can

Recently, our business continuity and backup (via its Backupify) solutions partner Datto was a presenter at a cyber security conference where there was also a demo by Kevin Mitnick. Kevin is one of the world's best-known hackers – formerly a notorious and most-wanted hacker and now on the “white hat” side of the business as the “Chief Hacking Officer” at our cyber security solutions partner KnowBe4.

Get This Free eBook: “Financial Services Firm? Add Business Continuity to your Bottom Line”

Why Every Investment and Advisory Firm Must Have an Up-to-date Business Continuity Plan

We recently presented a webinar, “What You Need to Know About Backup and Continuity.” Now we’re offering an informative eBook that focuses on the “why” of business continuity planning – as it relates specifically to regulated firms. We’re presenting, “Financial Services Firm? Add Business Continuity to your Bottom Line” as a complimentary download in collaboration with our business continuity solutions partner, DATTO.

SIM Swapping: A New Cyber Attack via Your Mobile Phone

Don’t Use Your Cell for 2FA – And Other Precautions

We’re not kidding when we say that cyber threats are evolving at a crazy, rapid clip. In this post we’ll tell you about a relatively recent one called SIM Swapping that is quite troubling.

Recent NY SHIELD Act Beefs Up Cyber Security for State Citizens

What Businesses Everywhere Should Know About New NY Data Protection Law Compliance

New York state recently enacted a robust amendment to existing NY data protection law. Known as the NY SHIELD Security Act (Senate Bill S5575B), it applies to any company that has access to or stores personal or private customer or employee data of New York residents. By the way, SHIELD is an acronym for Stop Hacks and Improve Electronic Data.

Windows Autopilot Provides Improved Out-of-box Experience for Users

Automated Device Configuration Solution Also Creates IT Department Efficiencies

One-by-one. One-at-a-time. That’s how we as an IT support outsource, as well as in-house IT departments have always configured new devices for company employees – or reconfigured devices for re-use by another employee. The result of manual device configuration has been a delay in getting new technology into the hands of employees – thus a delay in the potential productivity it adds.

Disinformation Campaigns Not Limited to Politics; Businesses Beware

‘Fake News’ Sites, Troll and Other Attacks Can Trash Reputations, Manipulate Stock Prices, More

Lately, not a day goes by when we don’t hear or see a reference to ‘Fake News’ – generally related to politics. We read about Russian, Irani and Chinese bots, trolls and ‘fake news’ sites spreading disinformation in efforts to influence elections and otherwise disrupt nation states. As unsettling as this truth of modern life may be, it’s equally disturbing that the same disinformation campaign tactics are being applied to the business community.

Password Security: New Rules, New Threats

Is There Such a Thing as a Secure Password?

October is Cyber Security Awareness Month – and we're glad that the subject gets this type of notice. This post is part of our ongoing effort to keep cyber security top of mind year-round.

Is Your Company Prepared for Cyber Warfare? It’s Here and There Are No Rules!

Why Cyber Warfare Should Be on Your Security Radar Screen

Here on the Next Level Network Blog, we’ve talked about many and varied cyber threats from online crooks out to separate you from your money or to access data that can help them steal from others. When a cyber attack comes from a nation state actor, however, the motivation is far different. Then it’s cyber warfare, intended to disrupt political and other systems in order to weaken or destroy another government. Cyber warfare isn’t a thing of the future. It’s here now. The time is now to talk about cyber warfare and security for your business.

Announcing a New eBook: 16 Essential Tips for Successful Technology Relocation

Business Continuity Management When You Move Offices; Download for Free

Lately, we’ve been helping at least one company per week with technology relocation as they move offices. Most, in line with some recent studies, are moving to accommodate growth. In fact, we are one of the companies we moved just a couple of weeks ago to accommodate our own growth. So, office technology relocation is top of mind for us in more ways than one.

Crypto Mining Tools Are Overtaking Ransomware Attacks as a Cyber Threat

Longer-term Payoffs, Lower Tech Skill Requirements Motivating More Bad Actors

A new cyber threat – crypto mining – began in 2017, accelerated in 2018 and is exploding in 2019, overtaking ransomware attacks to become one of the most prolific threats out there. More correctly termed ‘crypto jacking’ when used for nefarious purposes, crypto mining, when used legally, is a part of the cryptocurrency ecosystem that helps to keep track of ‘blocks’ of cryptocurrency as they’re created. Legitimate crypto miners use crypto mining tools on their computers that may earn them a few pennies for their efforts to help maintain and/or increase the value of cryptocurrencies.

Announcing a Free Tool to Walk You Through the Steps to Business Continuity and Disaster Recovery

"The Ultimate Disaster Recovery Checklist" Offers a Rational Response to a Stressful Experience

We recently launched a free eBook on planning for business continuity and disaster recovery. Again in collaboration with our Disaster Recovery as a Service (DRaaS) solutions partner, DATTO, we’re announcing part two, "The Ultimate Disaster Recovery Checklist." Even if you have a plan in place, or are working on one, when disaster strikes, great stress is placed on the entire organization. It helps to have a handy tool like this checklist to help organize a rational response to what could be a chaotic and disarming experience.

Cyber Attacks on IoT Devices Are Rising

Why More Secure Smart Devices Are Critical to Network Security

In recent years, there’s been a lot of attention on the Internet of Things (IoT). The IoT is revolutionizing many aspects of modern life, but it is also enabling unprecedented cyberattacks on IoT devices. It’s critical for businesses to understand how and why these attacks work, as well as why they must seek more secure smart devices to protect office network security. This is especially true of regulated industries including financial services and healthcare that are adopting IoT technologies to better serve their clients and patients. They must also deal with the downside.

According to its Wikipedia definition, IoT is the extension of Internet connectivity into physical devices and everyday objects. These devices can then communicate and interact with others over the Internet, and they can be remotely monitored and controlled. It’s easy to imagine how bad actors could exploit these factors to breach a smart home security system or to spy on an office conference room via a smart TV.

The BYOD Dilemma: Corporate Security vs Employee Privacy

BYOD Issues Driving Changes to Device Management Strategy

Over a number of years, the practice of Bring Your Own Device (BYOD) has become commonplace in companies of all sizes. Employees have been granted permission to let their personal devices double for work – phones, tablets and laptops. BYOD evolved out of employee discontent with having to carry two phones or with finding themselves needing emails or files at home that were on an office computer. Companies began adopt BYOD policies. But those decisions are having unanticipated impacts. In today’s tense cyber security environment, pure and simple, BYOD makes it impossible to maintain a secure network. Mobile device management (MDM) software has been developed in an effort to secure company data on private devices. However, MDM can compromise user privacy. So, we end up needing ways to balance corporate security and employee privacy.

Announcing a Free eBook of Critical Importance to Your Company: 4 Business Continuity Planning Essentials

Disaster Can Strike Any Company. What to Consider for Your Disaster Recovery Plan

It blows us away how many companies totally ignore the need for a business continuity and disaster recovery plan. We all like to hope for the best and chances are our companies will never experience a disaster that impedes our operations, shuts down our ability to do business for days or weeks on end, or harms our employees and our customers. But these days, chances are better that they will.

Microsoft Security: How MS Is Beefing Up Its Cyber Security Technology Brand

According to Microsoft, there are more than 400 million active users of its Windows 10 operating system worldwide. Estimates have the number of MS Office 365 users at 180 million. In addition to the productivity features that have led to this success, Microsoft Security has put a strong focus on cyber security technology as threats have increased exponentially in recent years. Frequent software updates fix vulnerabilities and issues as they’re discovered. But the company is also looking forward and outward in an effort to prevent cyberattacks and minimize cyber security risk. This post focuses on some of the initiatives the company is involved in beyond actual product development and touches on some product security improvements.

Does the EU’s GDPR Affect US Data Privacy and Cyber Security Compliance Strategy?

Yes, Especially Regulated Industries. And US Regulations Are Coming. Prepare.

Penetration Testing Tools: In Hackers’ Hands New Modlishka Tool is a Cyber Security Threat

Can Overcome Multi-factor Authentication and Enable Phishing

As a basic element of cyber security programs, penetration testing is standard protocol for detecting possible IT network vulnerabilities. There are many penetration testing tools available that simulate hacker attacks to discover cracks in firewalls and other defenses. Developers are constantly building new tools to keep up with evolving threats and the measures put in place to avert them.

Standardized Multi-factor Authentication Just Became a Reality

Tech Group The FIDO Alliance Is Leading Us to a Password-free Internet, Greater Security

What Is It?

One of the greatest fears today is that hackers will steal the passwords we use to access social, banking and other sites where we must register to take advantage of their features and offerings and steal our data. The threat for businesses – especially regulated entities – is that employees will fall for password-centric schemes, like phishing, that can compromise a company’s entire IT network. Better days are here – and even better ones are ahead.

Cyber Security Services: Do You Need A Data Hostage Negotiator?

Get Our Complimentary Guide to Freeing Your Files in a Ransom Ware Attack – And Avoiding One

According to a recent report from Datto, a leading provider of cyber security services and solutions to managed service providers (MSPs) like us, ransomware attacks are continuing to grow like wildfire and are expected to continue increasing at a rapid clip. These costly cyber security attacks tie up your data until you pay a ransom to the hacker. It’s not just the ransom money, but also the downtime and loss of productivity that make this a threat to avoid or manage efficiently.

Spear Phishing: A Growing Cyber Threat in 2019

Learn About This Dangerous Type of Phishing and How to Prevent It

A survey of managed service providers and in-house IT professionals conducted by our cyber security partner KnowBe4 revealed that phishing/spear phishing is the number three cyber threat that “keeps them up at night.” Other studies show that spear phishing stands to be one of the fast-growing types of cyber-attack in 2019.

Contract Renewal Time: An Opportunity for Vendor Cyber Security Risk Assessment

How to Review Third Parties to Assure They Don’t Create Vulnerabilities for Your Regulated Firm

When OCIE comes knocking to learn whether your regulated firm has robust cyber security policies and plans in place, one critical area of inquiry will be third-party cyber security risk management. They want to know if you’re performing a cyber security risk assessment of the vendors who have access to your data or network – and taking action based on the results.

Building Cyber Security Training Programs for Employees

Critical for IT Network Security and Regulatory Compliance

This post will outline how to build effective cyber security training programs for employees. Here’s why it’s important for you to read on and then take action if you haven’t already done so:

Cyber Security Plan Step 1: IT Inventory Management

Identify and Manage All Hardware and Software on Your Network

As we’ve been discussing, protecting your IT network from online threats requires a cyber security plan. Arguably, the first step in that plan is to identify and inventory all of the hardware and software on the network. This is critical to IT inventory management -- an ongoing, multi-step effort to make sure every element of the network has up-to-date protection against vulnerabilities. It is considered a best practice for regulated entities. This post will outline key issues of inventory management beginning with why it’s so important.

A New Guide to Microsoft Office 365 Security and Compliance: Don’t Be Your Own Worst Enemy

End Unintended Consequences of Improper Set-up, Lacks in Monitoring and Cyber Security Training

We’re pleased to introduce our new – and complimentary – Guide to Microsoft Office 365 Security and Compliance.

As a Microsoft Office 365 partner, it was important to us to create this guide. Many of our clients are in regulated industries and have legal compliance concerns. We confidently provide many of them with Office 365. Not only is it a powerful productivity tool, but also Microsoft seriously addresses security in its products.

Software Patch Management Best Practices: A Key Part of Your Cyber Security Program

Security Updates Must Go Beyond Your Operating System to 3rd Party Software, Apps

Many of our clients are regulated entities in financial services and healthcare. In our ongoing concern for their cyber security in the face of increasing and evolving threats from individual and nation state bad actors, patching security vulnerabilities in software and applications is an integral part of every cyber security program we implement. Because many companies believe that their Microsoft and Apple security updates have them covered, this post shares some additional software patch management best practices.

Encrypted Email Services: Know What You're Getting

The ‘Encryption Myth’ May Open Regulated Businesses to Added Security and Compliance Risk

This post is motivated by the growing number of inquiries we’re receiving from clients about whether they should be using one of the cloud-based email encryption services available today from companies including Citrix, Sharefile, Smarsh, AppRiver and others. Many of our clients are in regulated industries -- financial services and healthcare.

Cyber Security Training: How to Phish-proof Your Employees

Drastically Reduce Vulnerabilities in Only 90 Days

Continuing our discussion of cyber security training for employees of regulated organizations, this post examines the growing threats from phishing schemes and suggests training that will reduce the possibility that your staff will inadvertently unleash a disastrous attack on your systems, data and client assets.

Cyber Security Training for Employees: Protecting New Personal Devices

Don't Let Their Holiday Technology Gifts Become 'Gifts' for Hackers

Our last post discussed the importance of cyber security training for employees. Along those lines, at holiday time we always make sure to alert our customers and their staffs to a particular concern: devices received as personal gifts that will also be used for business. If they’re not set up according to best practices by your network security team, they could represent a serious cyber security threat and compliance problem for your regulated business.

Is AI Snooping On Your Office Conversations? Cyber Security Training Can Keep Them Confidential

Take Action Before Letting Alexa, Siri and Bixby Into Your Private Meetings!

Are our artificial intelligence devices listening to us all the time and saving our conversations? The fact is, we just don’t know. Although most of the alarm has centered around home use of these devices, it’s time that we consider the potential negative implications on data security and privacy in the workplace – especially as regards regulated businesses. So what do we know?

Recent DOJ Hacker Charges a Reminder: Do Network Penetration Testing, Patching for Cyber Security

Earlier this month, the U.S. Department of Justice filed charges against a N. Korean hacker who they say was behind such infamous incidents as the WannaCry ransomware attack, the attack on SONY over its release of a film unfavorable to N. Korean leader Kim Jung Un, and the $81 million Bangladesh Bank heist.

The DOJ’s action is a reminder that businesses are vulnerable and must take proactive steps to assure cyber security – especially regulated companies. These steps include network penetration testing, ongoing identification and patching of software and network vulnerabilities and other measures.

Get Our Cyber Security Self-Assessment Checklist

Another Free Tool to Defend Against Hacker Threats

Here at Soundshore Technology Group we are increasingly focused on cyber security. We’ve just launched a second tool – a Cyber Security Self-Assessment Checklist -- that companies can download for free to help them look in the right places and ask the right questions to assure their networks and systems are defended. This follows a special offer for new and prospective customers that we launched a few weeks ago – a free external Cyber Security Vulnerability Assessment, a process that we perform.

Special Offer: Free Cyber Security Vulnerability Assessment Available to New STG Customers

External Scan Is First Step to Protecting Financial Firms’ Client Data/Assets, Enhancing Reputation

We’re introducing an important offer for new and prospective customers – a complimentary Cyber Security Network Vulnerability Assessment. This offer addresses the critical need for financial services companies to be able to demonstrate proactive efforts to assure the security of their technology networks. Read on to learn why we’ve decided to do this and to get more details about the offer.

What to expect from an SEC Audit of Your DR & BCP

SEC audits are never welcome, but with this blog entry you can at the very least know what to expect and what to prepare for with your Disaster Recovery and Business Continuity Plan

Soundshore Technology Group LLC Completes Acquisition of Westside Automation and Opens Los Angeles Office

Don't Sign That Office Lease Yet! 5 Tips for IT Relocation.

So you have finally decided on the big office move?  Lease terms are favorable now and you may want better, bigger/smaller, more convenient, less expensive office space?

Soundshore Technology Group Expands West Coast Presence with Addition of Three San Francisco Area Offices

Soundshore Technology Group Expands West Coast Presence with Addition of Three San Francisco Area Offices