Cyber Security Measures

[et_pb_section fb_built=”1″ _builder_version=”4.3.2″ global_colors_info=”{}”][et_pb_row _builder_version=”4.3.2″ global_colors_info=”{}”][et_pb_column type=”4_4″ _builder_version=”4.3.2″ global_colors_info=”{}”][et_pb_text _builder_version=”4.3.2″ global_colors_info=”{}”]

Jeramy Kopacko, security consultant and solutions architect at Sophos, weighs in on proactive cyber security strategies that businesses can leverage in 2021 to combat evolving threats.

It’s only March and we’re already seeing major cyber security breaches and vulnerabilities greet us in 2021. SolarWinds has led the headlines with a breach that has now impacted almost 100 private sectors and 9 federal agencies, according to Deputy National Security Advisor Anne Neuberger in a recent White House Press Brief.

In the most recent joint hearing, SolarWinds has shifted to scapegoating a recent intern for leaving the password ‘solarwinds123’ on a file server that had been exposed to the internet—previously warned by an independent security researcher.

This is not to dump on SolarWinds but rather than use the event to explain how we can use this to improve your operations. Let’s use the metaphor for cybersecurity with the phrase “firefighting.”

When a home catches fire, you dial 911 and seek your local fire department to relinquish the flames. Just the same as when you encounter a breach, you dial your MSP to respond to the event. But why wait until something happens?

Around the interior of a home, smoke detectors alert you of potential danger—where there’s smoke, there’s fire. So how do we find “smoke” in your environment?

Principle of Least Privilege

[/et_pb_text][et_pb_image src=”https://pghnetworks.com/wp-content/uploads/2021/03/Least-Privilege.jpg” force_fullwidth=”on” _builder_version=”4.3.2″ global_colors_info=”{}”][/et_pb_image][et_pb_text _builder_version=”4.3.2″ global_colors_info=”{}”]

Start by auditing domain admin or local admin accounts and reviewing what permissions they need to do their role. Limiting the power of these accounts can go a long way in minimizing the impact of a breach.

Public Facing Email Accounts
Identity Sync Services
Backup Services
Line of Business Service Accounts

A Microsoft employee Steve Syfuh wrote this blog on how to use managed service accounts in place for your traditional service admin accounts.

This goes to IT Professionals as well. Your email account should not have super admin credentials. Plan as if your account will be compromised. MFA is a tool—not a silver bullet.

Password Auditing

[/et_pb_text][et_pb_image src=”https://pghnetworks.com/wp-content/uploads/2021/03/Password-Auditing.jpg” force_fullwidth=”on” _builder_version=”4.3.2″ global_colors_info=”{}”][/et_pb_image][et_pb_text _builder_version=”4.3.2″ global_colors_info=”{}”]

It’s no secret that the IT space is a highly competitive field. In fact, the average tenure of an employee is around three years. How do you handle this turnover? Do they just “blame the intern?”

You can find reports from major vendors like Verizon and LastPass that passwords are consistently reused and recycled. Start by using tools, both free and paid, to audit what passwords are used across your systems.

Benefits include:

Expose any reused passwords
Provide metrics on how easily they can be cracked
Check active passwords against leaked databases

Account Auditing

[/et_pb_text][et_pb_image src=”https://pghnetworks.com/wp-content/uploads/2021/03/Account-Auditing.jpg” force_fullwidth=”on” _builder_version=”4.3.2″ hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″][/et_pb_image][et_pb_text _builder_version=”4.14.7″ hover_enabled=”0″ global_colors_info=”{}” sticky_enabled=”0″]

If you are using out of the box domain policies in your environment, then you are not currently taking advantage of invaluable logs for your organization. A quick search on “Auditing User Accounts in Active Directory” will provide countless tutorials.

If you have a SIEM or (shameless plug) are using Sophos Intercept-X with EDR, you can quickly audit your systems with a few clicks for the following event IDs:

Event ID 4720: a new account created
Event ID 4722: a user account was enabled
Event ID 4740: a user account was locked
Event ID 4725: a user account was disabled
Event ID 4726: a user account was deleted
Event ID 4738: a user account was changed
Event ID 4781: a user account name was changed
Event ID 4625: an account failed to log on
- There are several failed login types

By monitoring and routinely looking at these events, this can give you an early indication that a hack is being attempted or has been successful.

Apply these tactics to your existing processes and increase the chance of catching the smoke before it turns to flame. Simple security strategies can save you countless hours and dollars.

[/et_pb_text][/et_pb_column][/et_pb_row][/et_pb_section]

Aaron Gates

15:21 12 Sep 23

My company has been working with PGH for a few years now and our operations are far more streamlined now. The PGH team does very well to point out where we can improve our technology needs and is able to put things in laymen's terms for us. Their techs are also very helpful when one of our employees need tech support.

Samantha Dvorchak

15:17 12 Sep 23

My company has been working with PGH Networks since 2019 and without them, we would still be in the '90s when it comes to technology! Because of their proactive approach with us, we were able to smoothly transition to a more WFH environment through the 2020 pandemic. Today, we are constantly reviewing and ensuring that our technology is meeting our needs and keeping our company and client data safe, as security is a huge priority for us! I would recommend PGH Networks to ANYONE in need of managed services!

Tracy

14:33 12 Sep 23

Our company has worked with PGH for about four years, and they are always professional and responsive. I appreciate that they consider our specific needs and provide solutions geared to us. They're easy to work with, take time to explain things in a way that a non-technical person can understand, and help to keep our network running smoothly. They are genuine and personable people, which is also a plus!

Jessica Haluska

18:03 11 Sep 23

PGH is a reputable IT company and very professional. My company works with them and every time I put in a ticket the response is timely and efficient. Can't recommend them enough to others that struggle with their support. PGH is the way to go. Keep up the great work!

jamie lindeman

00:09 25 Aug 23

I began working with PGH Networks back in May. I can't. say enough good things about how they've supported my small business logistics and any troubleshooting that has come along the way; they're my righthand tech assistant! Timely, efficient, and take the burden(s) off of me!

Chuck Cooper III

16:46 16 Aug 23

I'm genuinely impressed with PGH Network’s dedication and prowess in the IT sector. As a Pittsburgh native, it's exhilarating to watch a local company expand at such a swift pace, especially in the fast-evolving world of tech. Their MSP fully managed services are second to none, ensuring our systems run smoothly and efficiently.Their team is always on the ball, anticipating issues before they arise and addressing concerns with lightning speed. They maintain a professional yet personal touch, reminding us that behind the screens are real people who genuinely care about our success.Kudos to PGH Networks for elevating Pittsburgh's IT scene! If you're in search of a reliable and proficient IT partner, look no further👍🏾👍🏾

Thomas Fry

17:08 31 Jul 23

My company has worked with PGH Networks over the past ten years on many successful projects. They have a great leadership team that works diligently on the customer's behalf. Their staff is knowledgeable and responsive. They have the expertise to tailor an IT solution specific to your company's needs. I highly recommend PGH Networks. You will enjoy working with them.

Matthew Gaus

12:42 20 Jul 23

We have just recently started working with PGH Networks and are 100% satisfied with the switch. Whether it’s tech support, sales rep or help desk, the entire team has been great to work with.

Pro Core

14:23 20 Aug 21

My name is Andy and I work for a small law firm as the sole IT mngr. Our company has worked with PGH for almost 2 years now and the service has been excellent. In my opinion, PGH is the model IT company that other IT companies should mimic as far as the nature of everything goes. Keep up the great work PGH!

Advanced Home Health

19:27 20 Feb 20

Our company has worked with PGH Networks for the past 5 years. As we have grown, PGH has been there every step of the way ensuring all IT is in place. From setting up new employees and trainings to installing the tech in our new offices, PGH provides (and excels at) a multitude of services. They also have quick response times, offer excellent suggestions and feedback, "dummy proof" complicated processes, and are genuinely great to work with. We appreciate our partnership with the PGH team and know we are a valued customer. I would highly recommend their services to any company looking for exceptional service for their IT.

Clark Hoopes

14:46 18 Feb 20

PGH has been a excellent partner with us for several years now. Our two organizations have grown alongside one another for about 5 years and it has helped open up several avenues for our operations. Partnering with PGH and using their IT consulting expertise has given us advancements in our IT that has allowed us to streamline processes without the burden of maintaining up to date IT systems. On several occasions we have been able to us their IT consulting skills to better technologies across multiple offices with ease. Their customer services and response to any issues has be excellent with very knowledgeable staff and great workflow. PGH comes highly recommended in both IT consulting!

Aj Pinter

23:50 21 Nov 19

I usually don’t write reviews but truthfully the best business decision I’ve made was enlisting the expertise of PGH Networks. We started with them upgrading our phone system in my optometric office making my staff very happy and more efficient. PGH Networks upgraded our server and they are gradually replacing old computers to be more secure and HIPAA compliant. I have found every employee from sales staff to technicians to be very polite, honest and knowledgeable. They are “tech geeks” who realize they work to help ensure their client’s livelihood. The PGH Networks team, on numerous occasions in the past two years have quickly and efficiently intervened when we’ve had difficulties with our wireless internet connections, and networking our diagnostic instruments. They have saved my office from many days of what would have been lost revenues and disgruntled patients. Thank you Derrick, Mike, Dillon, Jeremy, Gabby, Tony and everybody at PGH Networks for helping me succeed, and for relieving this Boomer’s anxiety about keeping up with technology.

Proactive Cyber Security Measures

Principle of Least Privilege

Password Auditing

Account Auditing

CONTACT US

SOLUTIONS

ABOUT

SERVICES