When talking about cyber security solutions, there’s a ton of different acronyms and abbreviations. You’ve probably heard about EDR, MDR, MTR, and XDR. But what do all of these mean? Let’s dive in.

Managed service providers (MSPs) and managed security services providers (MSSPs) are two terms that are often used interchangeably in the IT industry, but they are not the same thing. While there may be some overlap in the services they provide, there are significant differences between the two.

In today's digital age, data security has become a top priority for organizations across industries. With the increasing frequency and sophistication of cyber-attacks, it's critical for businesses to have a dedicated professional responsible for their overall information security.

Business impact analysis (BIA) is an essential component of a company's risk management process. It involves assessing and analyzing potential risks that could disrupt the organization's operations and result in financial or reputational losses.

Windows end of life is a critical aspect that every individual and organization should be aware of to ensure the safety and security of their systems and sensitive data. In simple terms, Windows end of life refers to the point when Microsoft stops supporting a version of Windows.

Hope you all enjoyed our work this month as part of Cybersecurity Awareness Month. We wanted to take a second to recap the main ideas for this year, but since it’s Halloween – we’re going to put a spooky little twist on this.

We’ve all been there, going about our day and then we receive the notification ‘An update is available for your software, install now?’ This can be annoying, but it’s actually a critical item to maintain the security of your applications.

We’ve all seen the headlines, right? ‘Company ABC was impacted by a security incident. They’ve notified the appropriate authorities and are working with their 3rd party contractors to respond. Impacted individuals will be notified.’ But what does this look like for the every day person impacted by these incidents?

In today’s connected world we often have dozens of online accounts – whether it be for banking, shopping, work, or entertainment. But it often seems like every time we turn around another service was compromised or there’s an attempt to hack into accounts. So what can you do to keep your accounts safe and secure?

Social engineering is a method that threat actors can and will use to try to gain access to sensitive information. This could be passwords, sensitive documents, money, or access to locations they shouldn't have access to.

And what policies should you have for your organization? Short answer, it depends. This blog lists some common policies that are important for all companies to have. Without these policies, technology can't be aligned to any given standard. You set the policy, and then build out your standards.

Can I eliminate risk? Not really. There's always going to be some inherent risk in everything we do. But there are different responses that you can take to reduce that risk. For instance, you can mitigate the risk by putting appropriate controls and safeguards in place to decrease the impact of that risk.

The FBI's IC3 report for 2022 reported over 300,000 instances of phishing and almost 22k instances of business email compromise (compared to only 2,300 reported cases of ransomware.) Traditionally, security folks have been advocating for MFA as an effective control to reduce these risks.

Last weekend I had the opportunity to attend a small gathering of MSPs at the Music City Grand Prix in Nashville. Before we get into the business stuff, I have to talk about the fun side of this event.

Recently I had the opportunity to attend the Fantastic Forum Academy presented by Cyber QP. This event was focused on implementing and operationalizing the Center for Internet Security’s Critical controls. So, what did we go over?

SIEM, or Security Information and Event Management, is a platform that collects and stores all the logs from various sources, including firewalls, servers, endpoints, and cloud platforms, in one centralized location. This allows security teams to monitor and analyze all the logs in one place, making it easier to detect any anomalies or potential security breaches.

Artificial Intelligence has been a topic of conversation in the tech industry for a while now. There’s been a lot of conversation around AI taking people’s jobs, increasing security concerns, and much more. Not to mention, it seems like there’s a TON of new technology coming to the market touting their AI capabilities.

Recently Google announced that they’re adding several new ‘top level domains’ to the list of available top level domain registry. This has led to some concerns from the security industry. Let’s talk about why security professionals are concerned and what your organization can do about it.

CMMC stands for Cybersecurity Maturity Model Certification. CMMC requires buy-in from leadership and management, collaboration from all business leaders, and adoption from the overall staff.

IT Nation Secure 2023 brought together cybersecurity pros, MSPs, and industry leaders in an awesome event that left attendees equipped with valuable knowledge. From engaging speakers to meaningful conversations, the conference was a success, offering a lot of insights protecting ourselves as MSPs, supporting clients' compliance journeys, and combating AI-driven threats. Let's delve into the highlights and takeaways from this exciting event.