fbpx
info@techframework.com | Fort Collins, Loveland, Greeley

Following is a list of our current baseline cybersecurity recommendations.

Your organization may need additional protection depending on your industry’s regulations, such as HIPAA, PCI-DSS, SOX, GLBA, or ITAR. Initial consultation is complimentary.

Asset Management
Asset management involves systematically tracking, maintaining, and overseeing digital devices and resources within an organization. It’s vital for cybersecurity as it ensures all devices are accounted for, properly configured, and updated with the latest security patches. Effective asset management helps prevent unauthorized access, minimizes the risk of vulnerabilities, and ensures compliance with security policies. By maintaining a clear inventory of assets, organizations can quickly identify and address potential security threats, enhance incident response, and maintain overall network security integrity.

For more information about this item, please contact us today.

Comprehensive Cybersecurity Scans
Comprehensive cybersecurity scans of home and corporate networks are essential for identifying and securing vulnerable devices. These scans detect weaknesses such as outdated software, unsecured devices, and open ports that hackers can exploit. By regularly performing these scans, organizations can proactively address potential threats, ensuring that all devices are properly secured and up to date. This practice helps prevent data breaches, malware infections, and unauthorized access, maintaining the overall integrity and security of the network. Regular cybersecurity scans are a critical component of a robust security strategy, safeguarding both personal and corporate information from evolving cyber threats.

For more information about this item, please contact us today.

Computers To Remain Online Overnight
Leaving computers on overnight ensures they receive timely cybersecurity updates and patches. This practice is vital for preventing hacks, allowing systems to automatically install critical security fixes without interrupting daily operations. Timely updates address vulnerabilities cybercriminals could exploit, strengthening the defense against malware, ransomware, and other threats. By ensuring all devices are consistently updated, organizations reduce the risk of security breaches, maintain the integrity of their networks, and protect sensitive data from unauthorized access.

For more information about this item, please contact us today.

Content Filtering
Content filtering prevents hacking by blocking access to malicious websites and harmful content. It analyzes incoming data and restricts access to sites known for phishing, malware, and other cyber threats. Content filtering reduces the risk of malware infections and data breaches by preventing users from visiting compromised or dangerous sites. This proactive measure helps maintain network security, protect sensitive information, and ensure that users only access safe and appropriate content. Implementing content filtering is an effective way to mitigate the risk of cyberattacks and enhance overall cybersecurity.

For more information about this item, please contact us today.

Cyber Incident Response Plan
A cyber incident response plan is essential for protecting a company by providing a structured approach to handling security breaches. It ensures quick detection, containment, and mitigation of threats, minimizing damage and downtime. The plan outlines roles, responsibilities, and procedures, enabling a coordinated and efficient response. This preparedness helps preserve customer trust, safeguard sensitive data, and maintain regulatory compliance. By proactively managing incidents, companies can reduce the impact of cyberattacks and recover more swiftly, ensuring business continuity.

Read More

Cyber Insurance
Also known as, cybersecurity insurance. Your policy should be comprehensive. Below are some of the questions on a typical cyber insurance application:

  • Revenue (expected over the 12 months)
  • Does the organization assign a person responsible for information security?
  • Does the organization hold mandatory cybersecurity training with all employees at least annually?
  • Does the organization encrypt all external communications containing sensitive information?
  • Does the organization encrypt sensitive information stored on the cloud?
  • How often does the organization perform backups of business-critical data?
  • How often does the organization apply updates to critical IT-systems and applications (“security patching”)?
  • Do you enforce Multi-Factor Authentication (MFA) for all employees, contractors, and partners on the following?
  • Does the organization have an incident response plan – tested and in-effect – setting forth specific action items and responsibilities for relevant parties in the event of a cyber incident or data breach matter?
  • Has the organization filed any claims due to a cyber event in last five years? If yes, attach loss detail herewith.
  • Has the organization ever been a party to any of the following:
    1. Civil or criminal action or administrative proceeding alleging violation of any federal, state, local or common law?
    2. Is there currently any pending litigation, administrative proceeding or claim against the named applicant, organization and/or any of the prospective insureds?
  • During the last three years, has the organization suffered loss of business income as a result of unscheduled system downtime?
  • During the last three years, has the organization suffered a security breach requiring customer or third-party notification according to state or federal regulations?
  • Does the organization verify vendor/supplier bank accounts before adding to their accounts payable systems?
  • Does the organization authenticate funds transfer requests (e.g. by calling a customer to verify the request at a predetermined phone number)?
  • Does the organization prevent unauthorized employees from initiating wire transfers?
  • Are all internet-accessible systems (e.g. web-, email-servers) segregated from the organization’s trusted network (e.g. within a demilitarized zone (DMZ) or at a third-party service provider)?
  • Do agreements with third-party service providers require levels of security commensurate with the organization’s information security standard?
  • How often does the organization perform backups of business-critical data?

Cybersecurity Essential Control Checklist:

  • Firewall:
    • Perimeter and Internal required
  • Antivirus
  • Backups:
    • Must be encrypted
    • Must have a backup/copy stored off network
    • Periodic testing to restore from backups required (At least annually)
  • Encryption:
    • Encryption at rest for laptops/Desktops/Mobile devices required
  • Multi-Factor Authentication:
    • Required for:
      • All Remote Access
      • All Privileged Access
      • Desktop/Laptop Login
        • Incident Response Plan:
          • Must be tested
          • Must contemplate response to vendor/3rd party outage, data breach, and/or cyber-attack where applicable
        • Vendor/3rd Party Management:
          • Vendor/3rd party vetting process which contemplates the following:
            • Cyber security maturity of vendors against either an accepted applicable cyber security standard (Ex: ISO 27001/2, NIST CSF, HIPPA, etc)
            • Criticality of systems, products, and services provided by vendor/3rd party to operations
          • Vendor/3rd party incident response planning which contemplates the following:
            • Vendor’s RTO for provided systems, products, and services the insured is reliant on for operation following a cyber security incident
            • Communication and notification timeframes, responsibilities, and process in the event of vendor/3rd party outage, data breach, and/or cyber-attack where applicable
        • Training:
          • Must have cyber security training for employees at least annually
          • For applicable employees, must have Data Privacy Training at least annually
        • Vulnerability scanning & Patch Management:
          • Mean Time to Patch (MTTP) for critical patches of at most 30 days required
        • If SCADA/OT in use:
          • SCADA/OT systems and applications must be segmented from systems and applications unrelated to those operations (Ie: Segment network by business function)
          • SCADA/OT systems and applications reliant on EOL or legacy hardware/software must be segmented from Non-EOL/legacy systems and applications
        • If software/application provider/developer:
          • Must have process to track use of 3rd party components in software which contemplates response to vulnerabilities/bugs in those components
          • Must have product incident response process in place to respond to vulnerabilities and/or security issues discovered in their products both during the development process and after production release.
          • Vetting process for tools used in the development lifecycle
          • Must perform product security testing, which may include:
            • Penetration testing of products
            • Static Analysis Security Testing
            • Dynamic Analysis Security Testing

    For more information about this item, please contact us today.

    Cyber Security Awareness Training
    Cybersecurity Awareness Training educates employees about recognizing and responding to cyber threats. It covers best practices for handling sensitive information, identifying phishing attempts, using strong passwords, and maintaining device security. This training is crucial for protecting companies as it empowers staff to act as the first line of defense against cyberattacks. By fostering a culture of security awareness, organizations reduce the risk of breaches caused by human error, enhance their overall security posture, and safeguard critical data from cybercriminals.

    For more information about this item, please contact us today.

    Cyber Squatting Protection
    Domain squatting, or cybersquatting, involves registering domain names similar to well-known brands to profit from their reputation. For example, registering “amzon.com” to mimic “amazon.com” can mislead users and damage the legitimate brand’s trust. Risks include brand damage, loss of customer trust, and legal costs. Squatters may create fake websites to deceive customers or sell the domain at an inflated price. Companies should register multiple domain variations, such as common misspellings, monitor new registrations, and use trademark protection services to prevent domain squatting. Securing relevant domain names helps protect a company’s brand and online presence.

    For more information about this item, please contact us today.

    Dark Web Monitoring
    Small and medium-sized businesses are just as vulnerable to cybercrime as large companies. We recommend monitoring cybercrime web sites and data for your specific credentials (email addresses, passwords, etc.) Once the presence of your personal information is detected, you will be notified so you can change your password(s).

    For more information about this item, please contact us today.

    DNS Security (DMARC, DKIM, SPF)
    DNS security is crucial for a company’s cybersecurity as it protects the Domain Name System (DNS) infrastructure from attacks that could redirect traffic, disrupt services, or steal data. Secure DNS practices prevent unauthorized access and ensure reliable internet communication. Key components include:

    • SPF (Sender Policy Framework): Prevents email spoofing by verifying sender IP addresses against authorized IPs.
    • DKIM (DomainKeys Identified Mail): Adds a digital signature to emails, ensuring the message hasn’t been altered and verifying the sender’s domain.
    • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Builds on SPF and DKIM, specifying how to handle emails failing authentication and providing reports on fraudulent activity.
      These measures collectively safeguard against phishing, spoofing, and other email-based attacks, maintaining the integrity and trustworthiness of company communications.

    For more information about this item, please contact us today.

    Email Filtering
    Filtering email phishing and attachments is crucial for cybersecurity. It involves using tools and protocols to identify and block malicious emails and harmful attachments before they reach users. Effective filtering reduces the risk of phishing attacks, which aim to steal sensitive information through deceptive emails. It also prevents the spread of malware and ransomware hidden in attachments. By implementing robust email filtering, companies protect their data, maintain operational integrity, and avoid security breaches, ensuring a safer digital environment for all users. Both Microsoft 365 and Google Workspace include the tools above.

    Read More

    Endpoint Detection and Response
    Endpoint Detection and Response (EDR) is the advanced successor to traditional anti-malware solutions. Unlike legacy anti-malware, which primarily scans for known threats, EDR continuously monitors devices for suspicious activity and patterns. It detects new and sophisticated threats in real-time and responds by isolating affected devices to prevent the spread of malware. EDR provides deeper visibility and analysis, allowing for quicker identification and remediation of security incidents. This proactive approach enhances overall protection, ensuring that organizations can effectively combat evolving cyber threats.

    For more information about this item, please contact us today.

    Full Disk Encryption
    Full disk encryption (FDE) secures all data on a hard drive, making it unreadable without proper authorization. It protects sensitive information in scenarios like theft, loss, or unauthorized access. On Mac OS, enable FDE using FileVault: go to System Preferences > Security & Privacy > FileVault tab, and click “Turn On FileVault”. On Windows Pro Editions, use BitLocker: go to Control Panel > System and Security > BitLocker Drive Encryption, and select “Turn on BitLocker”.

    Warning: Ensure your computer has a full and ongoing backup regimen before enabling FDE to avoid data loss in case of encryption issues or system failures.” You must also back up your decryption key and have it available in case your computer prompts you for it, which will inevitably happen.

    For more information about this item, please contact us today.

    Geo-Filtering (a.k.a Geo-Blocking, Geo-Fencing)
    Geo IP filtering, also known as Geo-blocking or Geo-fencing, restricts network access based on geographic location determined by the user’s IP address. Allowing or denying access from specific countries or regions protects IT systems from cyberattacks originating in high-risk or irrelevant locations. This technique mitigates risks by blocking regions known for malicious activity, reducing the attack surface. Geo IP filtering is particularly effective against automated attacks, such as brute force attempts or distributed denial-of-service (DDoS) attacks, often originating from specific geographic areas. Implementing this measure enhances network security and protects sensitive data by limiting access to trusted regions.

    For more information about this item, please contact us today.

    Immutable, Ransomware-proof Backups
    Immutable, ransomware-proof backups are critical for ensuring data integrity and recovery in the event of a cyberattack. Immutable backups are designed to be unchangeable once they are created, preventing any modifications, deletions, or encryptions by ransomware or other malicious actors. These backups use technologies such as write-once-read-many (WORM) storage, which ensures that data cannot be altered after it is written.

    Implementing immutable backups involves setting up secure, isolated storage systems that can only be accessed by authorized personnel. Regularly scheduled backups are automatically protected, creating a reliable restore point in case of an attack. This strategy is vital for minimizing downtime and data loss, as it allows organizations to quickly recover clean, uninfected data without paying ransoms or suffering prolonged disruptions.

    Ransomware-proof backups enhance overall cybersecurity by providing a robust safety net, ensuring business continuity, and maintaining customer trust despite sophisticated cyber threats.

    For more information about this item, please contact us today.

    Internal Cybersecurity Audits
    Periodic internal cybersecurity audits are crucial for identifying and addressing vulnerabilities within an organization’s IT infrastructure. These audits assess the effectiveness of security policies, procedures, and controls, ensuring compliance with industry standards and regulations. Regular audits help detect potential threats, prevent data breaches, and improve overall security posture. They should be conducted at least annually, though more frequent audits, such as quarterly or biannually, are recommended for high-risk environments. Consistent internal audits enhance an organization’s ability to respond to evolving cyber threats and maintain robust security measures.

    For more information about this item, please contact us today.

    IoT Security
    The Internet of Things (IoT) refers to interconnected devices communicating over the Internet, such as smart home appliances, wearable tech, and industrial sensors. IoT security protects these devices from cyber threats through solid authentication, regular software updates, and network segmentation. By securing each device, IoT security prevents hackers from exploiting vulnerabilities to launch attacks, steal data, or disrupt operations. Effective practices, such as encryption and secure communication protocols, safeguard sensitive information and maintain the integrity of the entire network. This reduces the risk of hacks, enhances overall cybersecurity, and ensures the reliable functioning of IoT ecosystems.

    For more information about this item, please contact us today.

    IT Disaster Recovery Plan
    An IT disaster recovery plan is essential for protecting a company by ensuring business continuity during and after a disruptive event. It provides a clear roadmap for restoring critical systems, data, and operations, minimizing downtime and financial loss. This plan includes strategies for data backup, system recovery, and communication, enabling a swift and organized response. By preparing for potential disasters, companies can quickly recover, maintain customer trust, and comply with regulatory requirements, safeguarding their long-term viability and reputation.

    Read More

    Mobile Device Security Policy
    A mobile device security policy is crucial for cybersecurity as it outlines the protocols for securing smartphones and tablets within an organization. This policy ensures devices are equipped with encryption, strong passwords, and regular software updates to protect sensitive data. By enforcing guidelines on app installations and usage, it minimizes the risk of malware and unauthorized access. This proactive approach prevents hacks by reducing vulnerabilities, ensuring that mobile devices do not become entry points for cyberattacks, and safeguarding the organization’s overall security posture.

    For more information about this item, please contact us today.

    Multi-Factor Authentication
    Multi-factor authentication (MFA) enhances security by requiring multiple verification methods before granting access. Typically, it combines something you know (password), something you have (smartphone or hardware token), and something you are (biometric data). When logging in, users enter their password and verify their identity through an additional factor, like a code sent to their phone or a fingerprint scan. This layered approach significantly reduces the risk of unauthorized access, as even if a password is compromised, hackers cannot easily bypass the second authentication step, thereby preventing potential hacks and enhancing overall security.

    Multi-factor authentication (MFA) has evolved significantly to enhance security. Initially, SMS-based MFA sent codes to users’ phones, adding a layer of protection beyond passwords. However, SMS proved vulnerable to interception and SIM swapping. The next step was authentication apps like Google Authenticator, which generate time-based one-time passwords (TOTPs) for improved security. Recently, passkeys—biometric methods like fingerprints or facial recognition—have been adopted for convenience and security. Hardware keys, such as YubiKeys, provide the highest level of protection by requiring a physical device for authentication, ensuring robust defense against phishing and unauthorized access.

    For more information about this item, please contact us today.

    Network Firewall
    A network firewall is essential for cybersecurity, acting as a barrier between an internal network and external threats. It monitors and controls incoming and outgoing traffic based on predetermined security rules, blocking malicious access and potential attacks. By filtering unauthorized users and harmful data packets, firewalls prevent hacking attempts, data breaches, and malware infections. They ensure that only trusted and necessary traffic is allowed, maintaining the integrity and security of the network. This protective measure is vital for safeguarding sensitive information and ensuring the overall security of an organization’s digital infrastructure.

    Read More

    Password Manager
    Password managers securely store and manage passwords, generating strong, unique passwords for each account. They use encryption to protect stored data and autofill credentials for user convenience. Key functions include password generation, storage, and synchronization across devices. Benefits include enhanced security, reduced risk of password reuse, and ease of managing numerous accounts. Top brands like LastPass, 1Password, and Dashlane offer advanced features such as biometric logins and secure sharing. By ensuring strong, unique passwords and protecting them with encryption, password managers prevent hacks, phishing attacks, and unauthorized access, significantly improving overall cybersecurity.

    For more information about this item, please contact us today.

    Password Policies
    Password policies are crucial for cybersecurity as they enforce strong, unique, and regularly updated passwords. These policies minimize the risk of unauthorized access by ensuring passwords are complex and contain a mix of characters, numbers, and symbols. Regular password changes reduce the likelihood of long-term exploitation of compromised accounts. Unique passwords for different accounts also prevent a single breach from affecting multiple systems. By implementing stringent password policies, organizations protect sensitive data, reduce cyberattack vulnerability, and enhance overall security posture.

    For more information about this item, please contact us today.

    Patch Management
    Patch management is the process of regularly updating software to fix vulnerabilities, enhance functionality, and improve security. This involves identifying, acquiring, testing, and installing patches or updates for operating systems, applications, and other software components. Effective patch management ensures that all software is up-to-date with the latest security fixes, reducing the risk of exploitation by cybercriminals.

    By addressing known vulnerabilities, patch management prevents hackers from exploiting these weaknesses to gain unauthorized access, execute malicious code, or disrupt services. It helps maintain system stability and performance while protecting sensitive data. Organizations implement patch management strategies to systematically manage the deployment of updates, often using automated tools to streamline the process and ensure timely application. Regularly patching software is crucial for maintaining a solid security posture, complying with industry regulations, and safeguarding against emerging threats in an ever-evolving cybersecurity landscape.

    For more information about this item, please contact us today.

    Personal Information Privacy
    Removing personal information from data broker websites is crucial for protecting privacy and enhancing cybersecurity. Data brokers collect and sell personal information, making it easily accessible to hackers. This information, which includes addresses, phone numbers, and other personal details, can be used for reconnaissance—the first step in a hacking attempt. Hackers use this data to craft targeted phishing attacks, social engineering schemes, and identity theft.

    By removing personal information from these sites, individuals reduce the risk of becoming targets for cyberattacks. It limits the amount of publicly available information that can be exploited by malicious actors.
    Four reputable services that help remove personal information from data broker websites include:

    • DeleteMe: A comprehensive service that removes personal information from numerous data broker websites.
    • PrivacyDuck: Offers personalized removal from data brokers and ongoing monitoring.
    • OneRep: Provides automated removal from data broker sites and continuous monitoring to ensure data stays private.
    • Optery: Specializes in identifying and removing personal information from a wide range of data broker websites, offering robust privacy protection.

    For more information about this item, please contact us today.

    Personal VPNs
    Corporate and personal VPNs serve different purposes and offer distinct features. Corporate VPNs are designed to provide secure access to a company’s internal network and resources for remote employees, ensuring that data transmitted between the employee and the corporate server is encrypted and protected from external threats. Personal VPNs, on the other hand, protect individual users’ online privacy and security by encrypting their internet traffic and masking their IP addresses.

    Personal VPNs should be used when accessing public Wi-Fi, browsing the Internet privately, or bypassing geo-restrictions on content. They protect your data by creating an encrypted tunnel between your device and the VPN server, preventing hackers and third parties from intercepting your online activities and personal information.

    Five reputable personal VPN services include:

    • NordVPN
    • ExpressVPN
    • CyberGhost
    • Surfshark
    • Private Internet Access (PIA)

    These services offer strong encryption, various server locations, and user-friendly interfaces, ensuring your online activities remain private and secure.

    For more information about this item, please contact us today.

    Principle of Least Privilege
    The principle of least privilege involves granting users and systems the minimum access rights necessary to perform their tasks. This approach limits the potential damage from accidental or malicious actions, as users can’t access areas or data beyond their specific needs. Restricting permissions reduces the attack surface, making it harder for hackers to exploit vulnerabilities or escalate privileges within a network. Implementing least privilege helps prevent unauthorized access, data breaches, and the spread of malware, enhancing overall security and protecting sensitive information.

    For more information about this item, please contact us today.

    Review Breach Notification Laws
    We recommend staying apprised of breach reporting laws in your state. Colorado revised statutes for breach notification can be found here:

    https://codes.findlaw.com/co/title-6-consumer-and-commercial-affairs/co-rev-st-sect-6-1-716.html

    Colorado Attorney General FAQ page:

    https://coag.gov/resources/data-protection-laws/.

    For more information about this item, please contact us today.

    Role-Based Data Access
    Role-based access control (RBAC) restricts data access based on a user’s role within an organization. By assigning permissions aligned with job responsibilities, RBAC ensures users only access information necessary for their tasks. This minimizes the risk of unauthorized data exposure, reducing the potential attack surface for hackers. Implementing RBAC prevents insider threats and limits the impact of compromised accounts, as hackers gain access to only a subset of data. RBAC enhances security by enforcing the principle of least privilege, ensuring sensitive information is accessible only to those with explicit authorization, thereby preventing data breaches and maintaining data integrity.

    For more information about this item, please contact us today.

    Secure Hardware Disposal
    Secure hardware disposal is critical for preventing data breaches and cyberattacks. When devices like computers, smartphones, and storage media are discarded without proper sanitization, sensitive data can be recovered by malicious actors. This data may include personal information, corporate secrets, and financial records. Secure disposal methods, such as data wiping, degaussing, and physical destruction, ensure that data is irretrievably erased or the hardware is rendered unusable. Implementing secure disposal practices protects against identity theft, corporate espionage, and compliance violations, thereby maintaining the integrity and confidentiality of information even after the hardware has been retired.

    For more information about this item, please contact us today.

    Secure Remote Access to Corporate Systems
    Securing remote access connections is vital for maintaining corporate data security. Users should always use corporate VPNs to ensure that their online activities are encrypted and protected, making it difficult for hackers to intercept sensitive information. Avoiding public Wi-Fi is crucial, as these networks are often unsecured and can be easily exploited by cybercriminals to launch attacks or steal data.

    Protecting home networks with robust network firewalls adds an extra layer of security, monitoring incoming and outgoing traffic to block malicious activities. Additionally, segregating protected Wi-Fi from guest Wi-Fi at home is essential. This separation ensures that guests and IoT devices do not have access to the main network, which contains sensitive devices and information. By creating a separate guest network, users minimize the risk of unauthorized access and potential breaches.

    Implementing these practices helps maintain the security and integrity of corporate data, even when users are working remotely, ensuring a safer and more secure digital environment.

    Read More

    Secure Work-From-Home Practices
    When working from home, it’s crucial to follow best practices in securing your home network to protect both personal and corporate data. Start by segmenting your home Wi-Fi into trusted and guest networks. This ensures devices on one network cannot communicate with those on the other. Connect all IoT and personal devices, such as smart home gadgets, to the guest network. Reserve the trusted network exclusively for critical corporate devices to minimize the risk of unauthorized access.

    Ensure all home devices, including routers, are regularly updated with the latest firmware or software. This helps close security vulnerabilities that hackers could exploit. PCs, Macs, tablets, phones, and home servers should all have strong antivirus protection installed and frequently updated to detect and prevent malware.

    For devices that are used only occasionally, disconnect them from the Internet when not in use. This reduces their exposure to potential cyber threats. Additionally, security lockdowns for digital assistants should be implemented to prevent them from being exploited by malicious actors. This may include disabling features that are not in use, using strong, unique passwords, and regularly reviewing the device’s privacy settings.

    By following these best practices, you can create a more secure work-from-home environment, protecting both your personal and corporate data from cyber threats.

    For more information about this item, please contact us today.

    REQUEST HELP
    ?
    For time-sensitive issues, please call our main number.
    Main: 970.372.4940
    Quotes: quotes@techframework.com
    Tech Support: help@TechFramework.com