IV Newsletter – Summer 2023

News Flash: Limited Time Managed IT Inflation-Buster Offer!
The fine print: Between June and Dec. 2023, those purchasing a new Managed IT plan will receive 20 percent off the normal monthly rate (minimum 12-month term required). For more information, email sales@infinitelyvirtual.com.

As FTC Safeguards Rule Takes Effect, IV Protect Aims to Deliver Compliance – And Peace of Mind

The industry today finds itself responding to the seemingly endless parade of threat actors, which is why we at IV remain in the vanguard of providers dedicated to delivering actionable services and solutions – in this instance, that means compliance with the new FTC Safeguards Rule, which took effect earlier this month. The rule requires non-banking financial institutions (e.g., accounting firms) to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe. To bring those provisions to life for your business, IV recently announced two umbrella offerings under IV Protect that make compliance both manageable and affordable.

The first offering under IV Protect is our White Glove FTC Service, under which we will develop your tailored WISP (Written Information Security Program, as mandated by NIST) and provide an in–depth Risk Assessment for your firm. This is an all-inclusive, end-to-end managed service that, when combined with a number complementary offerings, will enable your business to become FTC compliant quickly and cost effectively. Among the available services: MDR (Managed Detection and Response); Disk Encryption; Multifactor Authentication; Security Operations Software; SIEM Solution (Central log repository and event correlation with 24/7 Security Operations Center); Email Security; Security Awareness Training; and Managed IT/Device Management.

Under the second option, IV can supply your business the tools and guidance needed to achieve FTC Compliance with your own IT personnel or IT provider; IV offers a Risk Assessment/WISP Blueprint, along with an array of solutions and required services, some of which are also available under the first option. If you have any questions, please email support@infinitelyvirtual.com.

With Holistic View of Layered Security Technologies, IV Rolls Out Integrated Service Lineup

Recognizing that no company is too small to be a target of cyberattacks, we at IV recently introduced a series of layered security tools and technologies. Newly packaged from IV are three integrated components: IV Host, IV Manage, and the ostensible flagship in the lineup, IV Protect.

IV Protect goes beyond the built-in security within E.V.E., our Cloud Platform, to provide additional protection against established and emerging cyberthreats. These solutions help address various threat vectors — from weak passwords and phishing to malicious websites and uninformed users — to keep systems and data as safe as possible. IV Protect strengthens security with targeted solutions to meet any SMB’s specific cybersecurity requirements.

“Where alien code is concerned, the science of acting, reacting, anticipating, eradicating and managing has evolved,” say IV CEO Adam Stern. “The world that anti-virus/anti-malware products inhabit has morphed as well, transformed by nefarious external forces and broader, smarter responses — digital signatures, heuristics, memory management, etc.” In concept, the products are organized like a Venn diagram, with overlapping ala carte offerings, pegged to an organization’s discrete needs. Collectively, the various elements combine technology and human experience to perform highly accurate threat hunting, monitoring, and response at scale, among other capabilities. The IV Protect suite helps rapidly identify threats — and limit their impact — without the need for additional staffing.

Given the length of time traditional solutions have been available, bad actors have learned how to evade them, Stern says. With the number and intensity of high-value cyberattacks growing, technology is increasingly scrutinizing behaviors, sketching on a wider canvas and examining more variables. “IV Protect, which integrates MDR with capabilities like DNS filtering, is both an advance and a throwback: automated and high touch,” he says, noting that security awareness training and compliance are central to the offering.

Preparing and Responding to Cyber Sabotage: 5 Things Small Businesses Need to Do

By Scott McDonald, in Startup Nation

To death and taxes, it’s time to add a third inevitability to modern life, circa 2023: Cyber sabotage.

“Cyberattack” doesn’t do the phenomenon justice. “Attack” suggests threats that seemingly come from on high, leaving victims feeling powerless to redirect or dodge the vectors that potentially threaten the viability of their business. In my view, “sabotage” reshuffles the deck, folding in culpability and moving away from a more passive business-as-usual mindset.

Cyber assaults are infernal but cybersecurity doesn’t have to be inscrutable. Just as any disciplined athlete works his or her way into fighting trim, smart organizations need to lean into the challenge and emerge intact, if not stronger, by implementing policies and procedures that comprise an effective cyber-sabotage strategy. This isn’t a case of sighing and saying “nothing can be done.” Whatever transpired, every SMB can do more before, during and after the sabotage than the company may realize.At the risk of oversimplifying, that strategy comes down to five words: Identify. Isolate. Communicate. Analyze. Fix.

SMBs can benefit from an experience-based template that both leverages behaviors/learnings and extrapolates for that inevitable “next time.” The template should focus on these kinds of actions and attitudes:

  • Identify both the problem and its source. What actually happened, where and how did it arise, who was most affected, etc.
  • In the wake of an incident, retrace your steps — internally, with an eye toward identifying points of vulnerability, seen and unseen; and over time, externally as well.
  • Communicate. immediately, clearly, consistently and with humility. Understand the various audiences, plural, then identify and deploy multiple channels of communication (Twitter, DM, email, etc.) to reach them effectively in realtime.
  • Be ruthless about fixing anything that may have been (or still be) broken – including established and ostensibly “proven” procedures and processes.
  • Gather actionable data: audit security procedures thoroughly. Codify your learnings; enlist appropriate third parties, as necessary, all in service of preventing or averting future incidents.
  • Make no mistake: calamities happen. With a “security-is-a-process” frame of mind, it’s far easier to react without overreacting. Businesses get blindsided from time to time; living to tell about it is less a matter of luck than of situational awareness, which is never an accident.

So what’s the best way, the institutional way, to bake situational awareness into the pie? One underappreciated facet of this dynamic involves getting help — all-hands-on-deck type help (aiming at things like root cause analysis and even forensic analysis), if that’s what it takes. For businesses committed to shutting down sabotage, inviting third parties into the conversation isn’t entirely risk-free, whatever their level of expertise.

“Not invented here” thinking really is a thing, potentially complicating matters within organizations that may be wary of perspectives that didn’t emerge internally. Looking outside is most effective once the organization has retraced its steps repeatedly and has obtained a thorough, data-driven understanding of what just happened — and then shares that with its chosen third party. Hardening security at that point not only makes sense — it can actually work.

By definition, post-mortems examine what went wrong, where the source(s) was, what key elements and processes were compromised — but they also need to be forward-looking. What did remediation look like this time and how can actions you take now avert a possible recurrence? Are management and monitoring changes warranted, and if so, how significant do they need to be? Is there a risk of over-correcting? How’s the data itself (has anything been accessed, encrypted, copied, exfiltrated, deleted)?

The M.O. for every small business ought to be embracing triage in a way that uninvites drama and replaces it with control. Just internalize the mantra: Identify. Isolate. Communicate. Analyze. Fix.

Industry Insights from IV…

13 Expert Strategies to Help Secure Remote Work Environments

Layered security serves as shorthand for a strategy that combines multiple technologies and principles, including multifactor authentication, managed detection and response, zero trust, DNS filtering, security awareness training, and password-aware email tools aimed at defanging business email compromise. When deployed, the strategy enhances security in both distributed and on-premises environments.

Why Anti-Malware and Antivirus Ran Out of Gas

With the number and intensity of high-value cyberattacks growing, technology is increasingly scrutinizing behaviors, sketching on a wider canvas and examining more variables. It’s past time for a changing of the guard because the guard has long lacked reinforcements.

How Would a System Outage Impact Your Business and Customers?

Major system outages have been all over the headlines — from Southwest Airlines and the FAA to Microsoft and Twitter. Operational downtime is a huge problem for companies of any size, potentially impacting customer satisfaction, compliance adherence, brand reputation, and financial performance. Smaller companies, however, can find it especially difficult to weather such disruptions. According to one survey, the IT systems of nearly 25% of SMBs went offline in the previous 12 months. Of those SMBs surveyed, 37% said they lost customers and 17% said they lost revenue.

How to Manage Your Technology in a Volatile Economic Climate

The economy is top-of-mind for everyone these days — and small and medium-size businesses (SMBs) are no exception. Inflation hit a 40-year high, interest rates continue to climb, supply chain issues and the looming risk of a recession is forcing businesses to proceed with caution.