New Fathom IT - BlogNew Fathom IT - Bloghttps://www.newfathom.com/blogsThu, 02 Apr 2026 17:22:04 -0700http://zoho.com/sites/<![CDATA[They’re Not Breaking In. They’re Logging In.]]>https://www.newfathom.com/blogs/post/they-are-not-breaking-in-they-are-logging-in

They’re Not Breaking. They’re Logging In.

For years, business security has been built around a simple idea: keep attackers out. Firewalls, antivirus, and endpoint protection all serve that purpose, and for a long time, that approach made sense. Threats were largely external. If you could block the intrusion, you could protect the business.

That’s no longer how most attacks work.


Today, attackers aren’t forcing their way in. They’re logging in.


The shift is subtle, but significant. Instead of exploiting software vulnerabilities, attackers are targeting people. A well-crafted phishing email, a fake login page, or a compromised session token is often all it takes. Once credentials are captured, the attacker doesn’t look like an intruder anymore—they look like a legitimate user.


And that changes everything.


When access appears normal, traditional security tools have very little to act on. There’s no obvious malware, no blocked connection, and no clear alert that something is wrong. From the system’s perspective, a valid username and password were used successfully. From a business perspective, however, the risk is substantial.


Email accounts can be used to redirect payments or send fraudulent invoices. File systems can be accessed and sensitive information quietly exfiltrated. Internal communications can be monitored or impersonated. In many cases, the compromise isn’t discovered until after financial or operational damage has already occurred.


One of the biggest challenges is how long these incidents can go unnoticed. It’s not uncommon for account compromises to remain undetected for days or even weeks. During that time, an attacker can operate freely within the environment, often leaving very little trace that would trigger a traditional alert.

This is where we’re seeing a meaningful shift in how businesses approach security. Rather than focusing solely on protecting devices, organizations are beginning to focus on protecting identity.


Identity Threat Detection and Response (ITDR) is one example of this shift. Instead of looking for malware or suspicious files, it monitors how accounts are being used. Things like impossible travel, unusual login patterns, or access from unfamiliar locations can indicate that a legitimate account is being misused.


More importantly, these signals can be evaluated in real time. That changes the response window from days or weeks to minutes.


The goal isn’t to replace existing security tools, but to close a gap that many businesses don’t realize exists. If attackers are getting in through valid credentials, then visibility into how those credentials are being used becomes critical.


For small and mid-sized businesses especially, this shift is worth paying attention to. The question is no longer just whether your systems are protected from intrusion. It’s whether you would recognize if someone logged in who shouldn’t be there.


Because increasingly, that’s what an attack looks like.

Get Started Now
]]>Thu, 02 Apr 2026 14:52:00 -0700<![CDATA[You Didn’t Start a Tech Company. But You’re Running One.]]>https://www.newfathom.com/blogs/post/the-accidental-it-department-why-small-businesses-are-carrying-more-tech-risk-than-they-realize

You Didn’t Start a Tech Company. But You’re Running One.

If you run a small business in 2026, you are running a technology operation. Whether you intended to or not.

It rarely begins strategically. The tech savvy owner sets up Microsoft 365. A capable employee informally manages passwords. The office manager resets the Wi Fi when needed. Backups are assumed. Security is partial. Nothing appears broken.

Over time, however, technology shifts from convenience to infrastructure. It underpins payroll, invoicing, scheduling, client communication, vendor management, and financial reporting. It becomes embedded in revenue flow and operational continuity.

At that point, the issue is no longer technical. It is structural.

Most small businesses do not suffer from a lack of tools. They suffer from an informal accumulation of risk. Administrative access is concentrated in one individual. Backups are unverified. Security controls are inconsistent. Documentation is minimal. Knowledge is tribal.

This works until it doesn't.

When a credential is compromised, access to core systems is interrupted. When a key employee leaves, institutional knowledge leaves with them. When backups fail, recovery is uncertain. The technical event is rarely catastrophic on its own. The operational impact is.

Email downtime becomes workflow disruption. Financial system lockouts delay revenue. Access confusion slows teams. Leadership attention shifts from growth to containment.

In small businesses, disruption is not distributed. It concentrates at the top. Owners and senior leaders absorb the interruption personally. Strategic focus narrows. Reactive decision making increases.

Over time, this produces a culture of normalization around instability. Small interruptions become expected. Firefighting becomes routine. Leadership energy is fragmented across preventable events.

The cost is not primarily financial. It is strategic erosion.

There is no longer a meaningful distinction between “IT” and “operations.” Technology now functions as operational infrastructure. It deserves the same intentional design applied to finance, compliance, and hiring.

Operationally disciplined businesses do not eliminate technical issues. They reduce single points of failure. They clarify ownership. They verify resilience. They document access. They treat systems as assets rather than conveniences.

You may not have set out to build an IT department. But your business now depends on one.

The shift from informal management to structured oversight is not about becoming more technical. It is about protecting operational continuity.

That distinction defines whether technology remains a recurring disruption or becomes a stable foundation for growth.

Get Started Now
]]>Fri, 27 Mar 2026 14:48:51 -0700<![CDATA[Why Backups Alone Are Not a Ransomware Strategy]]>https://www.newfathom.com/blogs/post/why-backups-alone-are-not-a-ransomware-strategy

Why Backups Alone Are Not a Ransomware Strategy

For years, the go-to answer to ransomware has been simple: “We have backups.” While backups are a critical part of any cybersecurity program, relying on them as the primary ransomware defense is a dangerous oversimplification. In today’s threat landscape, backups alone are no longer enough.

Modern ransomware attacks are no longer smash-and-grab operations. Attackers are patient, deliberate, and strategic. Once inside a network, they often spend days or weeks performing reconnaissance—identifying critical systems, locating backup infrastructure, and escalating privileges. By the time ransomware is deployed, attackers frequently know exactly where backups live and how to disable or encrypt them first.

From a NIST Cybersecurity Framework (CSF) perspective, this is a failure of the Protect and Detect functions. If attackers can move freely, access backup systems, and operate undetected for extended periods, the organization is already operating at a disadvantage long before encryption begins.

Even when backups survive an attack, recovery is rarely quick or painless. Restoring large environments can take days or weeks, during which business operations may be severely disrupted. For many organizations, especially small and mid-sized businesses, extended downtime can be just as damaging as data loss itself. Missed revenue, lost customers, regulatory penalties, and reputational harm can far outweigh the cost of the ransom.

This is where Incident Response (IR) and Disaster Recovery (DR) planning intersect. Backups support recovery, but without a defined incident response process—who makes decisions, how systems are isolated, when recovery begins—organizations often lose valuable time. In NIST terms, the Respond and Recover functions are just as critical as prevention.

Another common misconception is that any backup is a good backup. Traditional backups that are writable, online, and accessible with standard administrative credentials are prime targets. If attackers compromise a domain admin account—and many do—those backups are often compromised right along with everything else. Without protections like immutability, offline copies, or strict access controls, backups may offer a false sense of security.

Testing is another overlooked weakness. Many organizations assume backups will work because they always have. But backups that are never tested may be incomplete, corrupted, or unusable when they’re needed most. From a DR standpoint, an untested restore is not a plan—it’s a hope. NIST’s Recover function explicitly emphasizes the importance of validated recovery processes and continuous improvement.

A resilient ransomware strategy focuses on survivability, not perfection. This includes layered defenses such as endpoint detection and response (EDR), least-privilege access, network segmentation, and continuous monitoring. It also requires tabletop exercises and incident response testing so teams are prepared before a real event occurs.

Backups remain essential, but they should be treated as a last line of defense, not the first. Organizations should invest in immutable or offline backups, restrict access to backup systems, monitor for suspicious activity, and regularly test recovery procedures. Just as importantly, leadership must understand that cybersecurity resilience is a business issue—not just an IT responsibility.

In ransomware incidents, the question is no longer “Can we recover our data?” It’s “Can we continue operating?” Backups help—but only as part of a broader strategy aligned with NIST CSF, Incident Response, and Disaster Recovery best practices.

Get Started Now
]]>Tue, 03 Feb 2026 13:18:44 -0800<![CDATA[Windows 10 End-of-Life: How to Stay Safe (and Why It’s Time to Move On)]]>https://www.newfathom.com/blogs/post/windows-10-end-of-life-how-to-stay-safe-and-why-it-s-time-to-move-on

Windows 10 Is Going Away

Windows 10 is officially reaching its end-of-life on October 14, 2025, which means Microsoft will stop providing free security updates and support to most users. But if you're not ready—or able—to upgrade your system to Windows 11, you're not entirely out of luck. Microsoft is offering Extended Security Updates (ESUs) for Windows 10 users, giving them more time to transition. Here's how you can stay secure on Windows 10 a little longer—and why upgrading still makes sense.

Extended Security Updates: Your Options

Microsoft's Extended Security Updates program was originally designed for enterprise customers, but for Windows 10, it’s being made available to individual users as well.

You now have two main options if you want to stay on Windows 10 past its official support end date:

  • Free Updates Through Microsoft Accounts (With Strings Attached): Microsoft is offering free ESUs for some Windows 10 users, particularly those who log in with a Microsoft account and allow telemetry and cloud integration features like OneDrive, Edge, and Microsoft 365 integration. While this is a generous offer, it does come with privacy trade-offs and may not be suitable for users with more restrictive security requirements.

  • Paid Updates ($30 per Year): For users who don’t want to enable Microsoft cloud features or who use Windows in a professional or disconnected environment, Microsoft is offering a more traditional paid ESU plan—starting at $30 per year per device. This provides peace of mind with minimal strings attached, ensuring you get critical security patches through at least October 2028.

Why Staying on Windows 10 Isn’t Ideal — But May Be Necessary If You’ve Delayed

Let’s be clear: Extended Security Updates for Windows 10 aren’t a long-term solution—they’re a safety net. If you’re still running Windows 10 in 2025, it likely means you've put off upgrading longer than you should have. Whether it's due to hardware limitations, budget constraints, or just procrastination, the reality is that this option exists to buy you a little more time, not to encourage you to keep using an outdated OS indefinitely.

Here’s why some users might need to rely on ESUs:

  • You’re Stuck with Legacy Hardware: If your current PC doesn’t meet Windows 11’s hardware requirements—like TPM 2.0 or newer CPUs—you might not be able to upgrade without replacing your device. That’s understandable, but still something you’ll need to address soon.
  • You Haven’t Budgeted for a Replacement: Organizations and individuals that didn’t plan ahead may find themselves scrambling to update systems or find room in the budget for new hardware.
  • You Need More Time to Migrate Critical Software or Workflows: If you’re relying on legacy software or workflows that haven’t been tested on Windows 11, the ESU program gives you a short grace period to adapt.

But make no mistake: continuing to use Windows 10—even with ESUs—is a compromise. You’re relying on limited updates, missing out on new features, and holding onto a platform that Microsoft is gradually leaving behind.
This is your final warning window. Don’t use ESUs as an excuse to stay complacent—use them to plan your transition as soon as possible.

But Let’s Be Honest: Windows 11 Is the Future

While ESUs buy you time, Windows 11 is clearly where Microsoft is investing its resources. Here’s why making the move is ultimately the better long-term choice:

  • Ongoing Support and Updates: Windows 11 gets regular feature and security updates without added cost or complexity.

  • Improved Security: Windows 11 requires modern hardware with built-in security features like TPM 2.0 and VBS (Virtualization-Based Security), which make it much more resilient to modern threats.

  • Modern User Interface and Features: From better window snapping to native Android app support and AI integration with Copilot, Windows 11 is designed for productivity and future compatibility.

Final Thoughts

If you're not ready to move to Windows 11 yet, Microsoft’s Extended Security Updates for Windows 10 are a valuable option—especially with the free tier now available to personal users. But ESUs are a short-term solution, not a permanent fix. Use the extra time wisely: assess your hardware, back up your data, and plan your move to Windows 11. The future of Windows—and your security—depends on it.

Get Started Now
]]>Tue, 15 Jul 2025 09:52:14 -0700<![CDATA[8 Things I'm Excited About in Windows 11]]>https://www.newfathom.com/blogs/post/8-things-i-m-excited-about-in-windows-11

8 Things I'm Excited About in Windows 11

Windows 11 has brought a wave of fresh updates, improved features, and exciting tools that make daily computing more efficient and enjoyable. From better multitasking to enhanced creativity tools, Microsoft has focused on making Windows 11 more user-friendly and productive. Here are eight things I’m excited about in Windows 11.

1. Snipping Tool

The Snipping Tool in Windows 11 has received a major upgrade, making it more than just a simple screenshot utility.

Why It's Helpful

The new Snipping Tool includes video recording functionality, eliminating the need for third-party applications for basic screen recordings. Whether you need to demonstrate a process, capture gameplay, or create a tutorial, this built-in tool makes it easy.

Additionally, users can set the Snipping Tool to activate when pressing the Print Screen button, making it even more convenient to take screenshots.

Recording Options for Images

Users can now annotate, crop, and edit screenshots directly within the Snipping Tool. The enhanced functionality saves time, as there’s no need to switch between different applications.

How to Use

  1. Press Windows + Shift + S to open the Snipping Tool.

  2. Select the area of the screen you want to capture.

  3. Edit, annotate, or save your screenshot directly.

  4. To record video, open the Snipping Tool, switch to the recording mode, select the area to record, and start capturing.

2. Clipboard History

Clipboard history is a simple but powerful feature that makes copying and pasting more efficient.

Why It's Helpful

Instead of being limited to a single copied item, Clipboard History allows users to store multiple copied texts and images, making it easier to retrieve previously copied content.

How to Turn On

  1. Open Settings > System > Clipboard.

  2. Toggle on Clipboard History.

How to Use

  1. Press Windows + V to open the Clipboard History.

  2. Select any previous item to paste it.

3. Focus Timers

Windows 11 introduces Focus Timers, designed to help users concentrate by minimizing distractions.

Why It's Helpful

With built-in timers and Do Not Disturb mode, Focus Timers encourage productivity by silencing notifications and reducing digital interruptions.

How to Use

  1. Open the Clock app and navigate to Focus Sessions.

  2. Set a timer for a work session.

  3. Integrate with Spotify or Microsoft To-Do for an enhanced focus experience.

4. Snap Layouts

Multitasking is easier with Snap Layouts, allowing users to organize open windows efficiently.

Why It's Helpful

Instead of manually resizing windows, Snap Layouts lets users arrange multiple apps in preset layouts with a simple hover action.

How to Use

  1. Hover over the maximize button of any window.

  2. Choose a layout and assign windows to different sections of the screen.

  3. Quickly switch between layouts using Windows + Z.

5. Virtual Desktops

Virtual Desktops in Windows 11 provide a way to separate workspaces for better organization.

Why It's Helpful

Users can create separate desktops for work, personal tasks, and entertainment, reducing clutter and improving focus.

How to Use

  1. Press Windows + Tab to open Task View.

  2. Click New Desktop to create a separate workspace.

  3. Switch between desktops using Windows + Ctrl + Left/Right Arrow.

New Desktops

Windows 11 enhances Virtual Desktops with customization options.

Naming Desktops

Users can name their desktops to distinguish between different workspaces, making it easier to navigate.

Shortcuts

Use Windows + Ctrl + D to create a new desktop quickly.

6. Sound Recorder

Windows 11 revamps the classic Sound Recorder, making it a more useful tool for recording and managing audio.

Why It's Helpful

The new Sound Recorder offers a modern interface with waveform visualization, improved playback controls, and enhanced audio quality settings. It’s a great tool for recording lectures, meetings, voice notes, and more.

How to Use

  1. Open Sound Recorder from the Start Menu.

  2. Click the record button to start capturing audio.

  3. Stop the recording and save the file in various formats.

  4. Use playback controls to review or edit the recording.

7. Visualize Battery Usage

Windows 11 allows users to see detailed battery usage statistics.

Why It's Helpful

Understanding which apps drain battery life helps in optimizing device performance and extending battery longevity.

How to See Usage

  1. Open Settings > System > Power & Battery.

  2. View a breakdown of battery usage by apps and system activity.

8. ClipChamp Free

ClipChamp is Microsoft’s new built-in video editor, replacing Windows Movie Maker.

Why It's Helpful

ClipChamp provides a free, intuitive video editing experience with professional features like trimming, transitions, and text overlays.

Reminiscent of Windows Movie Maker

For those who miss Windows Movie Maker, ClipChamp brings back simple yet effective video editing tools in a modern interface.

How to Use

  1. Open ClipChamp from the Start Menu.

  2. Import media and use drag-and-drop editing.

  3. Export the final video in different formats and resolutions.

Conclusion

Windows 11 is packed with features that enhance productivity, creativity, and usability. From improved multitasking tools like Snap Layouts to creative tools like ClipChamp, these updates make the operating system more efficient and user-friendly. With these eight features, Windows 11 is shaping up to be the best version of Windows yet.

Get Started Now
]]>Mon, 31 Mar 2025 15:53:37 -0700<![CDATA[Navigating the Future of Cybersecurity: Key Trends for 2025]]>https://www.newfathom.com/blogs/post/navigating-the-future-of-cybersecurity-key-trends-for-2025

As we step into 2025, the cybersecurity landscape is evolving at an unprecedented pace. The latest insights from the Google Cloud Cybersecurity Forecast 2025 highlight the challenges and opportunities that organizations face in combating cyber threats. This blog synthesizes the report’s key findings to equip businesses and security teams with the knowledge needed to stay ahead.

The Role of Artificial Intelligence (AI) in Cybersecurity

AI as a Double-Edged Sword: Malicious actors are increasingly leveraging AI and large language models (LLMs) to enhance their operations. These technologies enable the creation of convincing phishing campaigns, deepfake-based fraud, and sophisticated vulnerability research. Simultaneously, defenders are adopting AI to streamline threat detection and automate repetitive tasks, paving the way for semi-autonomous security operations.

Generative AI in Information Operations: Adversaries are utilizing generative AI tools to produce persuasive content and backstop inauthentic personas. This surge in AI-driven information operations underscores the need for enterprises to bolster their defenses against social engineering and misinformation campaigns.

Geopolitical Cyber Threats: The Big Four

Russia: The Ukraine conflict continues to dominate Russian cyber activity, with espionage and disruptive attacks targeting critical infrastructure. Pro-Russian information operations aim to influence global perceptions, particularly in Europe and NATO-aligned nations.

China: China’s cyber operations are marked by stealth and aggression. Their tactics include exploiting zero-day vulnerabilities and employing custom malware ecosystems to infiltrate embedded systems. Pro-Chinese information campaigns target elections and global audiences with disinformation.

Iran: Iran’s cyber activities focus on regional influence and monitoring dissidents. The Israel-Hamas conflict has intensified their operations, blending cyber espionage with disruptive attacks.

North Korea: Driven by economic necessity and geopolitical goals, North Korea continues to target cryptocurrency exchanges and supply chains. Their use of trojanized software to infiltrate networks underscores the need for enhanced supply chain security.

Emerging Threats and Trends

Ransomware and Multifaceted Extortion: Despite efforts to counter ransomware, it remains a pervasive threat. Attackers are employing multifaceted extortion tactics, including data theft and service disruption, with healthcare and critical infrastructure often in the crosshairs.

Infostealer Malware: The rise of infostealer malware presents a gateway to high-impact breaches. These tools enable attackers to harvest credentials, bypassing security measures in environments lacking multifactor authentication.

Faster Exploitation of Vulnerabilities: The average time-to-exploit (TTE) for disclosed vulnerabilities has dropped dramatically. Organizations must adopt proactive vulnerability management strategies to mitigate risks posed by this rapid exploitation.

Post-Quantum Cryptography: With the finalization of quantum-safe encryption standards, organizations must prepare for the post-quantum era. Inventorying cryptographic systems and transitioning to quantum-resistant solutions will be critical in safeguarding sensitive data.

Regional Insights

EMEA: The updated Network and Information Security Directive (NIS2) is reshaping cybersecurity practices across Europe, emphasizing risk management, supply chain security, and regulatory compliance. Geopolitical conflicts continue to drive threat activity in the region, underscoring the importance of cloud security.

JAPAC: North Korean actors are targeting cryptocurrency investments in JAPAC, while Southeast Asian cyber criminals innovate with AI and deepfake technologies. Additionally, Chinese-controlled websites posing as local news outlets are disseminating pro-Beijing content.

Preparing for 2025: Key Takeaways

  1. Leverage AI Responsibly: Integrate AI tools to enhance security operations while safeguarding against AI-driven threats.

  2. Strengthen Identity Management: Implement phishing-resistant multifactor authentication and robust access controls to mitigate identity-based risks.

  3. Adopt Cloud-Native Security Solutions: Enhance monitoring, automate incident response, and address cloud-specific vulnerabilities.

  4. Stay Ahead of Quantum Threats: Begin transitioning to quantum-safe cryptographic standards and inventorying cryptographic dependencies.

  5. Invest in Threat Intelligence: Proactively monitor geopolitical and technological trends to anticipate and counter emerging threats.

The cybersecurity challenges of 2025 demand a proactive and adaptive approach. By understanding these evolving trends, organizations can build resilience and ensure a secure future in an increasingly complex digital world.

Get Started Now
]]>Thu, 02 Jan 2025 08:15:39 -0800<![CDATA[Top Cyber Security Policies Every Organization Should Have]]>https://www.newfathom.com/blogs/post/top-cyber-security-policies-every-organization-should-have

Top Cyber Security Policies Every Organization Should Have

In today's digital age, cybersecurity is not just a technical issue to be solved by the IT department, but a business imperative that must be solved and enforced at the top. Deploying and enforcing essential IT policies will help ensure your organization is ready for the real challenges likely to face an organization. Effective cybersecurity policies serve as the foundation for a secure working environment, ensuring that all employees understand their roles and responsibilities in safeguarding the organization. Below are the top cybersecurity policies every organization should have, along with explanations of their importance. 

1. Acceptable Use Policy (AUP) 

Why It's Important:

An Acceptable Use Policy (AUP) sets clear guidelines for employees on the appropriate use of the organization's IT resources, including computers, networks, and internet access. It helps prevent misuse that could lead to security vulnerabilities or legal issues. 

Key Components: 

  • Permitted and Prohibited Activities: The policy should clearly define what constitutes acceptable and unacceptable use of the organization's IT resources. This includes prohibiting activities such as downloading unauthorized software, accessing inappropriate websites, or using company devices for personal gain. 
  • Monitoring and Enforcement: Employees should be aware that their use of IT resources may be monitored to ensure compliance with the AUP, and violations can result in disciplinary action. 
  • Security Protocols: The AUP should reinforce the importance of adhering to security protocols, such as not disabling antivirus software or bypassing firewalls. 
  • BYOD (Bring Your Own Device) Guidelines: If the organization allows employees to use their personal devices for work, the AUP should include specific guidelines on securing these devices and accessing corporate data. 

An Acceptable Use Policy helps create a secure and responsible IT environment by defining what is and isn’t allowed, reducing the risk of security breaches and legal liabilities. 

2. Asset Management Policy 

Why It’s Important:

An Asset Management Policy helps organizations track and manage their IT assets, including hardware, software, and data. Proper asset management ensures that all assets are accounted for, protected, and maintained, reducing the risk of security vulnerabilities and ensuring compliance with regulations. 

Key Components: 

  • Asset Inventory: The policy should require the creation and maintenance of an up-to-date inventory of all IT assets, including servers, computers, mobile devices, software licenses, and data repositories. 
  • Ownership and Responsibility: Each asset should have an assigned owner responsible for its security, maintenance, and compliance with organizational policies. 
  • Asset Classification: Assets should be classified according to their criticality and sensitivity, with corresponding security measures applied based on their classification. 
  • Lifecycle Management: The policy should cover the entire lifecycle of an asset, from acquisition and deployment to maintenance and disposal. Secure disposal practices, such as data wiping or physical destruction, should be mandated for retiring assets. 
  • Remote Monitoring and Management (RMM): RMM tools should be deployed to monitor the health, performance, and security of all IT assets continuously. These tools enable proactive maintenance, reducing the risk of asset failures and security incidents. 
  • Endpoint Detection and Response (EDR): EDR solutions should be implemented on all endpoints to detect, investigate, and respond to potential threats in real-time. This is crucial for preventing and mitigating cyber threats at the device level. 
  • Patch Management: The policy should mandate regular patching of all software and firmware to address vulnerabilities. Automated patch management solutions should be used to ensure that updates are applied promptly across all assets, reducing the risk of exploitation. 
  • Access Controls: Implement appropriate access controls to ensure that only authorized personnel have access to specific assets, reducing the risk of unauthorized access or misuse. 

3. Business Continuity Plan (BCP) 

Why It's Important:

No matter how robust an organization's cybersecurity defenses are, the possibility of a successful cyberattack or catastrophic event cannot be completely eliminated. A Disaster Recovery Plan (DRP) or Business Continuity Plan (BCP) ensures that the organization can quickly recover and resume operations in the event of a disaster, whether it's a cyberattack, natural disaster, or other significant disruption. 

Key Components:

  • Risk Assessment: The plan should begin with an assessment of the risks that could potentially disrupt the organization, including cyber threats, natural disasters, and hardware failures. 
  • Data Backup Procedures: Regular backups of critical data should be maintained and stored securely, preferably offsite or in the cloud, to ensure data can be restored if lost. 
  • Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs): The plan should define the maximum acceptable downtime (RTO) and the maximum amount of data loss (RPO) the organization can tolerate. 
  • Roles and Responsibilities: Clear roles and responsibilities should be assigned to ensure that the recovery process is efficient and coordinated. 
  • Testing and Updates: The plan should be regularly tested and updated to ensure its effectiveness in a real-world scenario. 
A well-developed DRP or BCP minimizes downtime and data loss, ensuring that the organization can quickly recover from unexpected events and maintain business continuity. 

You can edit text on your website by double clicking on a text box on your website. Alternatively, when you select a text box a settings menu will appear. your website by double clicking on a text box on your website. Alternatively, when you select a text box

4. Data Retention Policy 

Why It's Important: 

A Data Retention Policy outlines how long different types of data should be kept and when they should be securely deleted. This policy is crucial for ensuring compliance with legal requirements, reducing storage costs, and minimizing the risk of data breaches involving outdated or unnecessary data. 

Key Components: 

  • Classification of Data: Different types of data should be classified according to their importance and sensitivity. For example, financial records may need to be kept longer than marketing data. 
  • Retention Periods: The policy should specify retention periods for each type of data, based on legal, regulatory, and business requirements. 
  • Secure Deletion: When data is no longer needed, it should be securely deleted to prevent unauthorized access. This may involve overwriting data or physically destroying storage media. 
  • Compliance Considerations: The policy should ensure that data retention practices comply with relevant laws and regulations, such as GDPR or HIPAA. 
  • Regular Review: The policy should be regularly reviewed and updated to reflect changes in legal requirements, technology, and business needs. 

A Data Retention Policy helps organizations manage their data effectively, ensuring that they retain only what is necessary while reducing the risk of data breaches and non-compliance penalties. 

5. Password Construction Policy

Why It's Important:

Passwords are the first line of defense against unauthorized access to an organization's systems and data. A weak password can be easily guessed or cracked by cybercriminals, granting them access to sensitive information. A Password Construction Policy ensures that all employees create strong, complex passwords that are difficult to break.

Key Components:

  • Length Requirements: The policy should mandate the use long passwords. Longer is better and more important for password cracking than complexity! NIST does not recommend complexity be a requirement but recommends length as a key factor of a good password. Consider a length of 16 or more characters where possible.
  • Prohibition of Common Passwords: To avoid the use of easily guessable passwords, the policy should disallow commonly used passwords like "password123 Length " or "admin."
  • Unique Passwords: Employees should not reuse passwords across different accounts or systems to minimize the potential impact of a single password breach. To do this effectively you probably need to deploy a password manager, but the reason for that is uniqueness. 
A strong Password Construction Policy ensures that all employees create robust passwords, significantly reducing the risk of unauthorized access.

6. Password Protection Policy

Why It's Important:

Even the strongest password is vulnerable if it is not properly protected. A Password Protection Policy outlines how employees should handle and store their passwords to prevent unauthorized access.

Key Components:

  • Secure Storage: Employees should store passwords using a secure method, such as a password manager, rather than writing them down or saving them in an unencrypted file.
  • Avoiding Sharing: The policy should strictly prohibit the sharing of passwords with colleagues or third parties. Each employee should have their own unique credentials.
  • Multi-Factor Authentication (MFA): Implementing MFA adds an additional layer of security by requiring users to provide two or more verification factors, reducing the likelihood of a breach even if a password is compromised.
  • Suspicious Activity Reporting: Employees should be trained to recognize and report any suspicious activity related to their accounts, such as unexpected login attempts or changes in settings.
A Password Protection Policy ensures that passwords, the keys to accessing critical systems and data, are safeguarded against compromise.

Conclusion

In the face of ever-evolving cyber threats, having comprehensive cybersecurity policies is essential for protecting an organization's assets, data, and reputation. A Password Construction Policy and Password Protection Policy work hand in hand to ensure that passwords are both strong and securely managed. An Asset Management Policy ensures that all IT assets are properly tracked, managed, and secured throughout their lifecycle. A Disaster Recovery Plan or Business Continuity Plan prepares the organization for the worst-case scenario, ensuring a swift recovery. An Acceptable Use Policy establishes clear guidelines for the responsible use of IT resources, while a Data Retention Policy ensures that data is managed and disposed of securely and in compliance with legal requirements. By implementing these top cybersecurity policies, organizations can build a strong defense against cyber threats and create a secure environment for their operations.

Get Started Now
]]>Fri, 04 Oct 2024 16:23:07 -0700<![CDATA[Modern Data Security: Beyond Castle Walls]]>https://www.newfathom.com/blogs/post/Modern-Data-Security-Beyond-Castle-Walls

In the ever-evolving landscape of data security, the analogy of fortresses and moats, reminiscent of medieval times, has been a longstanding one. Traditionally, building a strong boundary around one's castle, akin to erecting firewalls and encryption protocols around data, was deemed the pinnacle of protection. However, as technology progresses and threats become more sophisticated, this old-school method of defense is proving insufficient in the face of modern cyber threats. In this blog, we delve into the shortcomings of the castle-and-moat approach and explore how modern data security strategies have evolved to address these challenges.

Perimeter-based Security: A False Sense of Safety

The castle-and-moat strategy relies heavily on perimeter-based security measures. Just as a medieval castle was fortified with thick walls and a surrounding moat to repel invaders, organizations would deploy firewalls and intrusion detection systems to guard their network perimeters. However, this approach operates under the assumption that threats will always come from outside the fortified boundary. In today's interconnected world, where employees access sensitive data remotely and cloud services blur the lines of traditional network perimeters, this assumption no longer holds true.

Vulnerabilities Within: The Trojan Horse of Data Breaches

One of the fundamental flaws of the castle-and-moat model is its failure to address insider threats. While medieval fortresses were designed to withstand external assaults, they were often infiltrated by spies or traitors who bypassed the defenses from within. Similarly, in the realm of data security, the greatest threats often come from within an organization. Whether through malicious insiders or unwitting employees falling victim to social engineering tactics, the castle walls do little to protect against these internal vulnerabilities.

Dynamic Threat Landscape: Adapting to the Changing Tides

In the digital age, cyber threats are constantly evolving, rendering static defenses ineffective. A medieval castle may have stood firm against conventional siege tactics, but it would have been defenseless against modern weaponry. Likewise, relying solely on static security measures such as firewalls and antivirus software leaves organizations vulnerable to sophisticated cyberattacks like zero-day exploits and advanced persistent threats. To combat these dynamic threats, modern data security strategies emphasize continuous monitoring, threat intelligence, and adaptive defenses that can quickly respond to emerging threats.

Data Accessibility vs. Fortified Isolation: Balancing Security and Usability

Another drawback of the castle-and-moat approach is its inherent trade-off between security and usability. Just as a medieval castle's thick walls and narrow drawbridges restricted movement in and out of the fortress, strict security measures can hinder productivity and collaboration within an organization because you need to be physically inside. In today's fast-paced business environment, where agility and accessibility are paramount, rigid security protocols can impede innovation and inhibit digital transformation efforts. Modern data security aims to strike a balance between protecting sensitive information and enabling seamless access for authorized users.

The Perils of Compliance: Meeting Regulatory Standards vs. True Security

For many organizations, compliance with regulatory standards such as GDPR, HIPAA, and PCI DSS is a top priority. However, the castle-and-moat approach often leads to a checkbox mentality, where organizations focus on meeting minimum compliance requirements without truly addressing underlying security risks. Just as a castle's defenses could be breached despite meeting regulatory standards, compliance alone does not guarantee protection against sophisticated cyber threats. Modern data security strategies emphasize a risk-based approach, focusing on identifying and mitigating actual security vulnerabilities rather than simply checking boxes on a compliance checklist.

Embracing a Zero Trust Mindset: Redefining Security for the Digital Age

In response to the limitations of the castle-and-moat model, a paradigm shift is underway in the field of data security. Known as Zero Trust Security, this approach challenges the notion of implicit trust within traditional network perimeters and adopts a "never trust, always verify" mindset. Zero Trust Security assumes that threats may already exist within the network and requires continuous authentication and authorization for every user and device attempting to access resources. By removing the assumption of trust and implementing granular access controls, organizations can better protect their data assets in today's dynamic threat landscape. This doesn’t have to be overly burdensome as companies have created easy biometric authentication and passwordless sign in. These strategies can also protect information at the data level wherever that data goes, whether at a coffee shop in Italy or a ski resort in Bend, whether on a sophisticated server or on a mobile phone in your pocket. 

Conclusion: Building Stronger Defenses for a Digital Future

While the castle-and-moat analogy served as a useful metaphor for data security in the past, it is no longer sufficient to protect against modern cyber threats. As technology evolves and the threat landscape continues to expand, organizations must adapt their security strategies accordingly. By embracing a holistic approach that goes beyond perimeter-based defenses, prioritizes insider threat detection, adapts to dynamic threats, balances security with usability, moves beyond compliance, and embraces a Zero Trust mindset, organizations can build stronger defenses for a digital future. Just as medieval fortresses evolved in response to changing warfare tactics, so too must our approach to data security evolve to meet the challenges of the 21st century.

Get Started Now
]]>Thu, 09 May 2024 16:52:11 -0700<![CDATA[The Cost of a Cheap (Slow) Computer]]>https://www.newfathom.com/blogs/post/the-cost-of-a-cheap-slow-computer

The Cost of a Cheap (Slow) Computer

Is it worth it to buy a better computer? It's time that business owners start thinking about the costs per hour of their employees and the cost of slow computers in their workplace. Many business owners don't realize the financial impacts they're creating simply by buying cheap tools (computers) for their workers. Most of them wouldn't dream of sending a wood cutter with a dull chainsaw blade, but they equip their entire team with crappy computers they are stuck using every day! 


For the below example, I'm going to assume we're buying workstations for a business for workers who use it for their main job function and they work 50 weeks per year. If that's not the case, you may still be able to learn something but you'll need to adapt the math to your situation. We're also assuming that computer will last 3-5 years, but the older they get the more likely they are to be slow and the slower they will become. Also, the cheaper computers will likely have a smaller lifespan. 

What Does It Cost If It's Slow?

Having a slow computer has a two main cost centers: time and frustration. If you're using a computer that's constantly slow to open tabs or programs then not only do you lost valuable time from your day, but it's also a frustrating experience especially the busier you get. 

Financial Cost

Let's say you decide to buy a cheaper computer and save $500 because you buy an I3 instead of an I5 and 8GB of RAM instead of 16GB and you get an HDD instead of a solid state drive (SSD). All of those upgrades could easily cost you a three minutes of slowness throughout the day. If this computer is for an employee that costs you $25/hour then you are wasting $1.25 per day ((3/60) x $25), that may not seem like a lot, but every year that will cost $312 and over the lifetime of the computer (5 years) you'll pay $1,562 for 3 minutes every day. That's the best case scenario. 


Let's say in a few years the computer is running REALLY slow and takes 30 minutes out of every day because of the lag in opening programs or slow restart times. That will cost you $12.50 per day and $3,125 every year you run a slow computer like that. 

Morale Cost

But there's more than just the financial cost. When you have employees working for you and you don't provide good tools to do their work that is a big hit to morale and will likely lead to higher turnover and less employee satisfaction. The cost of hiring and training a single employee is easily thousands and thousands of dollars. But let's say they don't quite and just spend their days complaining. Even that will have a negative impact on the business and every person that employee interacts with (I hope they're not doing customer service). 

A Nerdy Table

Below is a table calculating the costs per minute of slowness in your employees day. Of course, this assumes that this is time that could have been used on productive work, but it really doesn't take long to have slow computers costing you a lot of money!

Slowness Minutes Per DayHourly RateCost/DayCost/Year (50 Weeks of Work)Cost/3 YearsCost/5 Years
1$25$0.42$104.17$312.50$520.83
2$25$0.83$208.33$625.00$1,041.67
3$25$1.25$312.50$937.50$1,562.50
4$25$1.67$416.67$1,250.00$2,083.33
5$25$2.08$520.83$1,562.50$2,604.17
10$25$4.17$1,041.67$3,125.00$5,208.33
15$25$6.25$1,562.50$4,687.50$7,812.50
20$25$8.33$2,083.33$6,250.00$10,416.67
25$25$10.42$2,604.17$7,812.50$13,020.83
30$25$12.50$3,125.00$9,375.00$15,625.00   

What Should I Buy?

So what should you buy? At the least, check out our Workstation Specification Standards and buy in the Standard User column, but if you have some heavy hitters who are very expensive per hour, consider bumping it up! If you have users that are doing billable work for you, then add that into your calculation as well. If you're using a program that requires lots of graphics capabilities, consider upgrading to a dedicated graphics card. 


As a rule, stay away from the following:

- Pentium, Core Duo, I3, or Ryzen 3 processors. These are garbage for the most part. I wouldn't even want to check email with these. 

- HDDs. They just aren't worth it... ever.

- Refurbished computers. Yes you can save some money up front, but you're likely to run into issues later. Especially don't buy these if you pay for your IT support because that will get costly really quick. 

- Any computer that is under $500, it's almost always garbage.

Get Started Now
]]>Wed, 10 Jan 2024 22:33:56 -0800<![CDATA[Securing Your OT Network]]>https://www.newfathom.com/blogs/post/Securing-Your-OT-NetworkOperational technology network security. What is an OT network and what are the best practices for securing an OT network?]]>

Securing Your OT Network

An OT network, also known as Operational Technology network, is a type of computer network used to manage and control industrial processes and physical devices in various industries such as manufacturing, energy, transportation, and utilities. OT networks are distinct from traditional Information Technology (IT) networks, which primarily deal with data processing, business applications, and general-purpose computing.

Key characteristics of OT networks include:

  1. Industrial Control Systems (ICS): OT networks are designed to support Industrial Control Systems, which encompass technologies like Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), and Programmable Logic Controllers (PLCs). These systems help control and monitor physical processes like manufacturing, power generation, and infrastructure management.
  2. Real-Time Operations: OT networks operate in real-time or near-real-time, ensuring that processes are controlled and monitored with minimal latency. This is essential for maintaining the safety and efficiency of industrial processes.
  3. Specialized Protocols: OT networks often use specialized communication protocols, such as Modbus, PROFIBUS, and OPC, which are optimized for industrial automation and control.
  4. Critical Infrastructure: Many OT networks are associated with critical infrastructure, making them essential for the functioning of various industries and, in some cases, public safety.
  5. Isolation and Segmentation: OT networks are typically isolated or segmented from the broader IT networks to reduce the risk of cyber threats and maintain the integrity of industrial operations.
  6. Robustness: OT network devices and components are built to withstand harsh industrial environments, including extreme temperatures, humidity, and electromagnetic interference.
  7. Security Concerns: Security in OT networks is crucial due to the potential for cyberattacks that could disrupt operations, damage equipment, or compromise safety. Protecting against these threats is a primary focus in the field of OT cybersecurity.
  8. Legacy Systems: OT networks often incorporate legacy systems and equipment, which can pose challenges in terms of compatibility, security, and maintenance.

The convergence of IT and OT networks, often referred to as IT/OT convergence, is a growing trend as organizations seek to improve efficiency and gain insights from data collected from their industrial processes. However, it also introduces new challenges related to cybersecurity and interoperability between the two types of networks.

Security Best Practices for OT Networks

Securing an Operational Technology (OT) network is crucial to protect critical infrastructure and industrial processes from cyber threats. Here are some best practices for securing an OT network:

  1. Network Segmentation: Isolate the OT network from the broader corporate network and the internet. Implement network segmentation to create separate zones for different OT systems and control access between them with “default-deny” firewall rules.
  2. Access Control: Enforce strict access controls to limit who can access and make changes to the OT network. Use strong authentication methods, like multi-factor authentication (MFA), and follow the principle of least privilege. Don’t re-use logins for OT equipment.
  3. Patch and Update Management: Regularly update and patch all software and firmware in the OT network, including industrial control systems (ICS) components and network equipment. Be cautious when applying updates and thoroughly test them in a controlled environment prior to rolling them out to a production environment.
  4. Network Monitoring: Implement continuous monitoring to detect abnormal network behavior or security incidents. Use intrusion detection and prevention systems (IDPS) and security information and event management (SIEM) solutions to analyze network traffic and log data.
  5. Air-Gap Critical Systems: For the most critical OT systems, consider physically isolating them from the network by creating a true air gap. While this may not always be practical, it provides an additional layer of security. This is especially important for legacy equipment that does not get regular security updates.
  6. Security Policies and Procedures: Develop and enforce comprehensive security policies and procedures specific to the OT environment. These should cover topics like incident response, remote access, and configuration management.
  7. Application Whitelisting: Use application whitelisting to allow only authorized software and applications to run on OT devices and systems. This prevents the execution of unapproved software.
  8. Physical Security: Secure physical access to critical OT infrastructure, such as control rooms and industrial equipment. Install security cameras, access control systems, and alarms to monitor and control entry.
  9. Regular Backups: Implement regular backups of critical data and configurations to ensure rapid recovery in case of a cyber incident or system failure. Backups should be monitored, encrypted in transit and at rest, and have an offsite copy to protect from ransomware.
  10. Incident Response Plan: Develop a well-documented incident response plan specific to OT networks. The plan should outline the steps to be taken in case of a security breach and should be tested periodically. Other incidents to include would be extended power outages and any local relevant natural disasters that could hit your area.
  11. Vendor and Supply Chain Security: Evaluate the security practices of OT equipment and software vendors. Ensure that your supply chain is secure, and that vendors provide timely security updates. Require vendors working on site to use your own managed computers for accessing the systems instead of plugging in directly with their own devices. Require vendors to provide cyber security policies for their own operations.
  12. Regulatory Compliance: Understand and comply with relevant industry standards and regulations specific to your sector, such as NIST, ISA/IEC 62443, or other applicable guidelines.
  13. Security Assessment and Audits: Regularly engage in security assessments and audits to evaluate the effectiveness of your OT security measures and identify areas for improvement.

Securing an OT network is an ongoing process that requires continuous monitoring, assessment, and adaptation to evolving threats. The specific security measures you implement will depend on the unique characteristics and requirements of your OT environment. Collaboration between IT and OT teams is essential to ensure a holistic and effective security strategy.

If you need to have your OT network analyzed and secured, click on the button below to get started!

Get Started Now
]]>Wed, 25 Oct 2023 14:44:49 -0700