Category: IT Weapons Security Blog

Mississauga, ON (February 13, 2024) – IT Weapons, the Canadian IT Services division of Konica Minolta Business Solutions (Canada) Ltd. (Konica Minolta) proudly announces its recognition as one of Canada’s 50 Best Managed IT Companies for the eighth consecutive year.

Technoplanet Productions, a leading channel marketing, news media and events company that specializes in the technology industry, once again recognized IT Weapons as one of Canada’s 50 Best Managed IT Companies at their annual awards gala.

The prestigious recognition was awarded to IT Weapons as a testament to its unwavering dedication to industry best practices, cutting-edge technologies, and exemplary management strategies. Achieving a position among Canada’s top 50 best-managed IT companies reflects the company’s consistent pursuit of excellence and its ability to adapt to the rapidly evolving IT landscape.

“We are thrilled to be acknowledged for another consecutive year among Canada’s best-managed IT companies. This achievement underscores our team’s hard work, dedication, and our unwavering commitment to delivering exceptional IT solutions to our clients,” said Mark DeFreitas, Regional Vice President, Managed IT.

For the full press release, please click here.

The post We’ve done it again! IT Weapons is once again named one of Canada’s 50 Best Managed IT Companies appeared first on IT Weapons.

It is no longer a question of ‘if’ you can be hacked, but ‘when’.

Click the button below to access a thought-provoking webcast with cybersecurity expert and host of the Smashing Security podcast, Graham Cluley.

As the hacker economy booms and most cybersecurity breaches occur due to human error, your business is a prime target for cybercriminals looking to profit, gain attention, or simply disrupt your business. Graham will share anecdotes from his thirty-year career fighting cybercrime from the frontline and will explain how data can fall into the wrong hands, intentionally or unintentionally.
Join us for this exciting session to learn more about:
• What makes companies vulnerable
• How to protect yourself and your customers from attack
• The dark side of the internet and the incredible stories it holds

Understand your risks and prepare for the unpredictable today!

To Watch Now, please click here.

The post Cybercrime Pays: Don’t Let Hackers Drive You Out of Business appeared first on IT Weapons | Toronto | ON.

In so many industries, privacy and confidentiality are the currency of success.  Law offices, financial firms, and healthcare providers cannot operate effectively without guaranteeing the privacy and security of their client and patient data.  But what about the consumer world and the growing Internet of Things? We live in a world with millions of connected devices and billions more coming online.  Cameras, glasses, drones, fridges, autonomous cars, HVAC units, smart homes, Smart TVs … Almost everything that is powered on has the capacity to connect to the world-wide information ecosystems and communicate details of your behavior, likes, and habits. Will privacy exist anywhere outside of our regulated industries and institutions?  Do we care?

One upside of this growing lack of privacy is an increase in transparency and access to information.  With every smartphone live tweeting and every camera recording, it’s getting harder to hide and easier to find out what’s going on around the world and in your city.  Given that most bad stuff happens in the dark, it stands to reason that increasing transparency means we could see a decrease in criminal behavior.  If only the world were that simple.  Cybercrime is on the rise and with every new device we have a new attack surface that needs to be secured.  Under the auspices of “improving services and customizing your experience” more and more online services and connected devices are recording your behavior and analyzing your habits.  How much “sharing” are you comfortable with?  Is the transparency we get worth the loss of privacy?

Do you worry about information security in your home life the same way you do in business?  Let’s talk.

The post Transparency and the Internet of Things: Is Privacy Dying? appeared first on IT Weapons | Toronto | ON.

As an IT professional, there comes a time when you have reached your limits, exhausted your current repository of knowledge and simply said, “We have a problem.” Good for you! After all, acceptance is the first step. When you realize a problem exists, there are generally three options to remediate your woes:

Hire a new employee
Buy software (i.e. backup solution, security monitoring tool, etc.)
Partner up with a managed services company

Hiring an employee isn’t a bad idea, but it can be expensive. Also, your new employee will probably be an expert in only one key area (i.e. Microsoft server technologies, Networking, etc.), which means that your dollars with be focused on just one area of your IT ecosystem. Check out this article that covers the pros and cons between Staff Augmentation vs. Managed Services for more information. Software can work, depending on your issue. This typically helps for backups (like Veeam or eVault), however, you will still need to manage and maintain it yourself, which ultimately means more time and responsibility.

If you are on the fence when it comes to using a managed services provider or a hosted solution, here are a few points to consider.

Efficiency and Reliability. In a recent study, 56% of companies said that added efficiency and reliability were key drivers for moving to a Managed Services provider (MSP). Efficient and reliable systems are two of the top demands on IT professionals, so this is a pretty good reason to start considering a managed services provider. Managed services providers employ a Network Operations Centre (NOC) that will monitor your systems 24 hours a day with a combination of manual and automated procedures. With a NOC in place, system issues are often detected and resolved before your IT staff even knows they happened.  Also, the increased security provided by a managed services organization will help fend off hackers and viruses, which will ultimately boost the overall reliability of your systems.

Flexibility and Scalability. As your business grows and evolves, your systems need the ability to grow as well. With a managed provider, you have the ability to scale up and down as required, which can be a big cost saver as well. Managed Services providers also can help by solving an immediate problem, and then helping you build up to improve your overall IT strategy. This cannot really be said about the software or new employee options that were mentioned above. Along with this, flexibility is another benefit that MSP’s have. For example, an MSP can take on a variety of your IT services including managing your servers, data backups, and cloud services (among others), giving you flexibility in service provision. Hiring a new employee in such a case would require a new individual for each technology. Additionally, they can take on more or less of your IT support based on changes in your business. An example of this is if you are acquired by a new company, you might need an MSP to take on less than your initial requirements because your new parent company has an IT division. MSP’s are flexible to relinquish some of these duties, whereas an employee might have to be let go.

Expertise and Experience. Added experience and personnel is a big reason you should consider Managed Services over hiring a new employee. With a managed services partner, you are essentially adding 100+ IT experts to your team. This gives you access to IT experts in many different technical areas, and also to an entire team of help desk analysts who will monitor your systems and handle day to day IT tasks so you don’t have to. Additionally, because MSP’s hire individuals who are specialists in their fields, you have the support of IT professionals with years of experience who work as a part of your team.

Overall, Managed Services can support your business in many different ways, but it’s important to focus on your needs and finding a provider that can properly fulfill them. Now that you know what a managed service provider can do for your day to day IT needs, here’s an article to help you figure out if you are ready to take on an MSP as part of your support team:

Is your business ready for Managed Services?

Thinking about making the jump into Managed Services? Check out this quick infographic on the 6 Tests for Choosing the right Provider?

The post Why go Managed? 3 Reasons to Consider Managed Services appeared first on IT Weapons | Toronto | ON.

We all know the conventional wisdom around the creation of debt: avoid it wherever possible.  Not paying the bills and carrying a balance on your credit card are dangerous.  Debt is a like hole that becomes increasingly difficult to escape from.  Think about why credit and reference checks are so important when establishing a new business relationship (or hiring a new employee).  We all want to know we are doing business with responsible organizations and people who are committed to good management and ethical stewardship.

Think about the landlord who fails to invest in proper upkeep of his or her properties; risking future catastrophe to save money or to avoid any short term effort.  Putting off necessary (if not urgent) investments and delaying work is a kind of debt accumulation.  Eventually it will have to get paid – either when it gets forced upon the crummy landlord by the authorities or when a disaster strikes and they become legally liable.

The same phenomenon is true when it comes to IT leadership and investment in information security.  Whether due to a lack of executive sponsorship, or a state of denial on the part of the IT professionals managing your systems, today’s realities are stark and getting worse.  The analysts and experts all agree; too many Canadian organizations are chronically underfunding and neglecting the importance of an information security strategy.

Leaders in the cyber security field are not mincing words; their concern about Canadian executives not taking security as seriously as they should is clear. At the 2016 SC Congress in Toronto, Jason Murray, senior manager for cyber security at MNP LLP characterized the situation like this: “They’re accumulating technical debt. Every year they don’t spend enough on information security they’re adding to the debt and hoping that when the debt comes due they’re not around to take the fall … The market should punish these people, just like they were accumulating financial debt… and they would go out of business.” (Source)

Is your business investing enough resources into security?  Are you confident you can identify your current risk areas?  What would you do if you found out about an information breach at your company?  These are tough questions that Canadian IT professionals need to get a handle on with growing urgency.  Every month that goes by and you maintain an immature security posture, you are accumulating technical debt and increasing the odds of a disaster.  The stakes are getting higher too, with new federal regulations coming into effect in 2017.

The laws are changing here in Canada.  In accordance with the Federal government’s national Cyber Security Strategy, mandatory disclosure laws are coming into force within the next year. These laws are going to mandate full disclosure for any organization that has an information security breach.  Not only must you notify your customers and partners about a breach, your business will be obliged to report any major incident to the Federal Privacy Commissioner as well.

The first step toward a mature cyber security strategy is understanding your current state and articulating where your business needs to be.  Let us help you conduct a vulnerability assessment. Invest in the right tools.  Don’t let your business become an example.  We can help.

The post Cyber Security & Technical Debt: Don’t Let Your Business Suffer appeared first on IT Weapons | Toronto | ON.

When you think of print, you’re usually thinking in terms of price, quantity, and turnaround time. From single-page handouts to the largest production print billboards, there’s a good chance that security isn’t at the top of your mind when you hit print or send that email. As we’ve discovered this week, however, maybe it should be.

Recently, researchers discovered a Windows vulnerability called “Print Nightmare” that exploits the print spooler service in every Windows system. For those that don‘t know, the spooler is a Windows system component that does its job by holding on to documents and other computer files until the printer is ready to accept them for printing.

Existing in all versions of Windows, the vulnerability allows attackers to run code that would enable them to install programs, view and change data, or create new accounts. Microsoft has stated that, while severe, this vulnerability is less dangerous than the zero-day Microsoft Exchange vulnerabilities. That’s because exploit the vulnerability, an attacker would have to be a previously authenticated user already on the corporate network.

For business owners, this is an important reminder to regularly inspect your security. Whether it’s through regular security assessments, dark web monitoring, or hiring a managed IT service provider, you need to take a holistic view of your entire environment through the lens of security. As any penetration test will tell you, danger often lurks where you least expect it.

 

The post Print Nightmare: Why You Always Need To Be Prepared  appeared first on IT Weapons | Toronto | ON.

Managed IT Services is certainly not a new invention. Managed Service Providers began making an impact in the late 1990s and continued to change the way organizations monitor their systems, provide IT support for their employees, manage mobile devices, and the ever increasing need to secure their critical business information. The jump to Managed Security Services has picked up steam in recent years, and today, outsourced security services such as a Security Operations Centre (SOC) are becoming a viable and important consideration for the modern business.

As hackers and data thieves step up their game, IT leaders need to meet these evolving threats head on or risk financial loss and damage to their reputation. Antivirus and basic firewalls are no longer enough, and IT leaders require the advanced security presence afforded by a SOC, Security Information and Event Monitoring (SIEM) platform, and the added protection of a Unified Threat Management (UTM) device.   Below is a basic outline of the evolution of information security and where Managed Security Services fit in today.

The Developing Security Model

Once upon a time, a firewall and antivirus on your local PCs was about the best you could do for securing your business. Add a proper patching cycle for your servers and everything was locked up tighter than Fort Knox. Today, as employees have multiple devices such as phones, tablets, and laptops for work, there are more vulnerabilities and ways to attack your network. Up-to-date software and a basic level of compliance are a great start, but it leaves a lot to be desired.

The Experienced Security Model

The next steps towards an airtight front are increased security procedures, more advance security appliances and a dedicated Security expert on your team. Most large companies today realize that security is indeed a full time job, and having employees and systems monitoring your systems 24/7 is a necessity and not just a nice-to-have.

The Advanced Security Model

Advanced Security or Managed Security Services provide around the clock protection and monitoring for your systems. Backed by enhanced reporting capabilities, Managed Security Services can help you continuously improve your security footprint by analyzing data and making decisions in real time.

How Secure is your organization? Download out IT Security Checklist to find out.

The post The Evolution of Managed Security Services appeared first on IT Weapons | Toronto | ON.

For the past several years, protecting company data has been one of the top concerns for IT leaders. Phishing scams, ransomware attacks and other data breaches are constantly becoming more and more sophisticated, which has added to the already heavy burden that IT professionals contend with every day. Given the increased importance of information security, new methods for analyzing potential security issues have grown in popularity, including Security Information and Event Management (SEIM) platforms.

According to Forbes, it is estimated that cyber-attacks cost businesses globally $400 billion a year.

What is Security Information and Event Management (SIEM)?

At its most basic element, Security Information and Event Management provides you with a “Birds eye view” of your entire defense system. Designed to provide you with security related information from multiple sources (i.e. your firewall, malware platform, endpoint devices, switches, etc.), SIEM platforms review and analyze security devices and systems that are generally not connected with one another to produce alerts on potential issues. These alerts come from combined analysis on several devices and systems, which would typically not be picked up by one system on its own.

How does a SIEM Tool Work?

As mentioned above, a SIEM tool monitors multiple security related systems, such as your firewalls, antivirus, end user devices, and Active Directory login attempts. A SIEM tool provides security alerts by combining data from these systems. For example, while 2-3 unsuccessful user login attempts may not generate an alert on its own, these unsuccessful login attempts followed by a perimeter attack on your firewall and another unsuccessful login attempt on one of your critical servers would generate a SIEM alert.

More than 4,000 ransomware attacks have occurred every day since the beginning of 2016. 

SIEM platforms are designed to prevent attacks from sophisticated data thieves, while simultaneously providing you with a litany of security related data and reports that were once unavailable. This information can be used both reactively and proactively, as it can help stop security breaches that are currently in progress and make important security improvements moving forward.

What does a SIEM Tool Review?

A SIEM tool generally will review and collect information from the following core systems:

Active Directory logs (successful and unsuccessful logins)
Antivirus (end user devices and servers)
Endpoint Protection devices
Firewalls
Malware and Spam platforms
Network Devices (switches, access points, routers, etc.)

This information will be collected and correlated from all of these devices, which will then be analyzed for emerging trends and patterns.

Why do I need SIEM?

The average cost to recover from a successful cyber attack is $36K

SIEM is considered the next generation in information security as it can discover potential issues that today’s security systems simply cannot detect. Security breaches come with substantial financial loses, and the reputational hit can be even worse. Investing in advanced security systems now will significantly lower your chance of experiencing a security issue, while also giving you the peace of mind in knowing that all of your security systems are in sync, monitored, and functioning properly.

What to learn more?

The post The What and Why Behind Security Information and Event Management (SIEM) appeared first on IT Weapons | Toronto | ON.

The post 5 Tips to Protect Your Business from the WannaCry Virus and Other Ransomware appeared first on IT Weapons | Toronto | ON.

While still scary, ransomware and other forms of malware are starting to sound like old news. It seems like almost every month, a new, terrifying form of ransomware emerges, only to fall back into the shadows a few days later. While malware, ransomware, viruses, and phishing should still be taken seriously, don’t forget to keep your eyes and ears open for different types of security threats that may affect you at home or at work. Below are 6 scary security threats that you should be thinking about…but most likely aren’t.

Bluetooth

With Fitbits, car connections, and portable speakers, most people leave the Bluetooth connection on the phones permanently on without even thinking about it. One new scary Bluetooth security threat is BlueBorne, a vulnerability that could allow hackers to easily gather your personal information through smart home devices such as Amazon Alexa or Google Home.

Your Computer Monitor

Monitors and TVs are getting cooler and more advanced, however, they are also becoming another attack vector that can be exploited by hackers. It was recently discovered that security experts could hack into a popular Dell monitor and manipulate what you see on screen. Even more scary, hackers could use this vulnerability to make you think you are seeing things that you are not, such as fake bank account pages. Because this exploit involves your monitor, most antivirus software and other forms of cyber protection will have no way of detecting it.

Mobile Apps

A new threat known as Eavesdropper was discovered last month that affected hundreds of Android apps. This vulnerability exposes tons of personal data…including personal text messages and call records.

Pacemakers

Yes, even lifesaving equipment can be hacked and used against you. This one is super scary so we’ll move on…

 Your MacBook Battery

How the heck do you hack a battery? Well, pretty simply it turns out. All laptop batteries contain microcontrollers that are designed to monitor voltage and keep your battery safe. While safety is key, this also can lead to hacking. One security researcher went as far as saying that with this vulnerability, you could essentially cause the battery to overheat or even explode, essentially turning your fancy MacBook into a bomb…yikes.

Your Car

Similar to Smart TVs and Monitors, the new tech in cars seems to be the way of the future, but it also gives attackers another target. In the most recent installment of the Fast and Furious franchise, there was a scene where cars were hacked and essentially turned into driving missiles. While this seems farfetched, this isn’t actually that impossible. A few years ago, hackers demonstrated that they could remotely hijack a Jeep over the internet, causing it to come to a complete stop mid-drive on a highway. Even scarier, the hackers could also disable the brakes or turn the steering wheel. While Chrysler recalled thousands of vehicles and spend millions fixing the issue, this still shows that this once seemingly implausible scenario is very real.

So….What Do We Do?

The point of these stories isn’t to give up hope, but rather to remember that as the world gets smarter, there are more security threats to think about. Remember to follow security best practices, like keeping your devices and apps updated, change your passwords often, and be on the lookout for any suspicious activity with your devices. So if your car starts driving away without you in it…give the dealership a ring and let them know.

The post 6 Security Threats That Will Keep You Up at Night appeared first on IT Weapons | Toronto | ON.