New Fathom IT - Blog #SecurityNew Fathom IT - Blog #Securityhttps://www.newfathom.com/blogs/tag/securityWed, 08 Apr 2026 22:35:39 -0700http://zoho.com/sites/<![CDATA[Why Backups Alone Are Not a Ransomware Strategy]]>https://www.newfathom.com/blogs/post/why-backups-alone-are-not-a-ransomware-strategy

Why Backups Alone Are Not a Ransomware Strategy

For years, the go-to answer to ransomware has been simple: “We have backups.” While backups are a critical part of any cybersecurity program, relying on them as the primary ransomware defense is a dangerous oversimplification. In today’s threat landscape, backups alone are no longer enough.

Modern ransomware attacks are no longer smash-and-grab operations. Attackers are patient, deliberate, and strategic. Once inside a network, they often spend days or weeks performing reconnaissance—identifying critical systems, locating backup infrastructure, and escalating privileges. By the time ransomware is deployed, attackers frequently know exactly where backups live and how to disable or encrypt them first.

From a NIST Cybersecurity Framework (CSF) perspective, this is a failure of the Protect and Detect functions. If attackers can move freely, access backup systems, and operate undetected for extended periods, the organization is already operating at a disadvantage long before encryption begins.

Even when backups survive an attack, recovery is rarely quick or painless. Restoring large environments can take days or weeks, during which business operations may be severely disrupted. For many organizations, especially small and mid-sized businesses, extended downtime can be just as damaging as data loss itself. Missed revenue, lost customers, regulatory penalties, and reputational harm can far outweigh the cost of the ransom.

This is where Incident Response (IR) and Disaster Recovery (DR) planning intersect. Backups support recovery, but without a defined incident response process—who makes decisions, how systems are isolated, when recovery begins—organizations often lose valuable time. In NIST terms, the Respond and Recover functions are just as critical as prevention.

Another common misconception is that any backup is a good backup. Traditional backups that are writable, online, and accessible with standard administrative credentials are prime targets. If attackers compromise a domain admin account—and many do—those backups are often compromised right along with everything else. Without protections like immutability, offline copies, or strict access controls, backups may offer a false sense of security.

Testing is another overlooked weakness. Many organizations assume backups will work because they always have. But backups that are never tested may be incomplete, corrupted, or unusable when they’re needed most. From a DR standpoint, an untested restore is not a plan—it’s a hope. NIST’s Recover function explicitly emphasizes the importance of validated recovery processes and continuous improvement.

A resilient ransomware strategy focuses on survivability, not perfection. This includes layered defenses such as endpoint detection and response (EDR), least-privilege access, network segmentation, and continuous monitoring. It also requires tabletop exercises and incident response testing so teams are prepared before a real event occurs.

Backups remain essential, but they should be treated as a last line of defense, not the first. Organizations should invest in immutable or offline backups, restrict access to backup systems, monitor for suspicious activity, and regularly test recovery procedures. Just as importantly, leadership must understand that cybersecurity resilience is a business issue—not just an IT responsibility.

In ransomware incidents, the question is no longer “Can we recover our data?” It’s “Can we continue operating?” Backups help—but only as part of a broader strategy aligned with NIST CSF, Incident Response, and Disaster Recovery best practices.

Get Started Now
]]>Tue, 03 Feb 2026 13:18:44 -0800<![CDATA[Windows 10 End-of-Life: How to Stay Safe (and Why It’s Time to Move On)]]>https://www.newfathom.com/blogs/post/windows-10-end-of-life-how-to-stay-safe-and-why-it-s-time-to-move-on

Windows 10 Is Going Away

Windows 10 is officially reaching its end-of-life on October 14, 2025, which means Microsoft will stop providing free security updates and support to most users. But if you're not ready—or able—to upgrade your system to Windows 11, you're not entirely out of luck. Microsoft is offering Extended Security Updates (ESUs) for Windows 10 users, giving them more time to transition. Here's how you can stay secure on Windows 10 a little longer—and why upgrading still makes sense.

Extended Security Updates: Your Options

Microsoft's Extended Security Updates program was originally designed for enterprise customers, but for Windows 10, it’s being made available to individual users as well.

You now have two main options if you want to stay on Windows 10 past its official support end date:

  • Free Updates Through Microsoft Accounts (With Strings Attached): Microsoft is offering free ESUs for some Windows 10 users, particularly those who log in with a Microsoft account and allow telemetry and cloud integration features like OneDrive, Edge, and Microsoft 365 integration. While this is a generous offer, it does come with privacy trade-offs and may not be suitable for users with more restrictive security requirements.

  • Paid Updates ($30 per Year): For users who don’t want to enable Microsoft cloud features or who use Windows in a professional or disconnected environment, Microsoft is offering a more traditional paid ESU plan—starting at $30 per year per device. This provides peace of mind with minimal strings attached, ensuring you get critical security patches through at least October 2028.

Why Staying on Windows 10 Isn’t Ideal — But May Be Necessary If You’ve Delayed

Let’s be clear: Extended Security Updates for Windows 10 aren’t a long-term solution—they’re a safety net. If you’re still running Windows 10 in 2025, it likely means you've put off upgrading longer than you should have. Whether it's due to hardware limitations, budget constraints, or just procrastination, the reality is that this option exists to buy you a little more time, not to encourage you to keep using an outdated OS indefinitely.

Here’s why some users might need to rely on ESUs:

  • You’re Stuck with Legacy Hardware: If your current PC doesn’t meet Windows 11’s hardware requirements—like TPM 2.0 or newer CPUs—you might not be able to upgrade without replacing your device. That’s understandable, but still something you’ll need to address soon.
  • You Haven’t Budgeted for a Replacement: Organizations and individuals that didn’t plan ahead may find themselves scrambling to update systems or find room in the budget for new hardware.
  • You Need More Time to Migrate Critical Software or Workflows: If you’re relying on legacy software or workflows that haven’t been tested on Windows 11, the ESU program gives you a short grace period to adapt.

But make no mistake: continuing to use Windows 10—even with ESUs—is a compromise. You’re relying on limited updates, missing out on new features, and holding onto a platform that Microsoft is gradually leaving behind.
This is your final warning window. Don’t use ESUs as an excuse to stay complacent—use them to plan your transition as soon as possible.

But Let’s Be Honest: Windows 11 Is the Future

While ESUs buy you time, Windows 11 is clearly where Microsoft is investing its resources. Here’s why making the move is ultimately the better long-term choice:

  • Ongoing Support and Updates: Windows 11 gets regular feature and security updates without added cost or complexity.

  • Improved Security: Windows 11 requires modern hardware with built-in security features like TPM 2.0 and VBS (Virtualization-Based Security), which make it much more resilient to modern threats.

  • Modern User Interface and Features: From better window snapping to native Android app support and AI integration with Copilot, Windows 11 is designed for productivity and future compatibility.

Final Thoughts

If you're not ready to move to Windows 11 yet, Microsoft’s Extended Security Updates for Windows 10 are a valuable option—especially with the free tier now available to personal users. But ESUs are a short-term solution, not a permanent fix. Use the extra time wisely: assess your hardware, back up your data, and plan your move to Windows 11. The future of Windows—and your security—depends on it.

Get Started Now
]]>Tue, 15 Jul 2025 09:52:14 -0700<![CDATA[Top Cyber Security Policies Every Organization Should Have]]>https://www.newfathom.com/blogs/post/top-cyber-security-policies-every-organization-should-have

Top Cyber Security Policies Every Organization Should Have

In today's digital age, cybersecurity is not just a technical issue to be solved by the IT department, but a business imperative that must be solved and enforced at the top. Deploying and enforcing essential IT policies will help ensure your organization is ready for the real challenges likely to face an organization. Effective cybersecurity policies serve as the foundation for a secure working environment, ensuring that all employees understand their roles and responsibilities in safeguarding the organization. Below are the top cybersecurity policies every organization should have, along with explanations of their importance. 

1. Acceptable Use Policy (AUP) 

Why It's Important:

An Acceptable Use Policy (AUP) sets clear guidelines for employees on the appropriate use of the organization's IT resources, including computers, networks, and internet access. It helps prevent misuse that could lead to security vulnerabilities or legal issues. 

Key Components: 

  • Permitted and Prohibited Activities: The policy should clearly define what constitutes acceptable and unacceptable use of the organization's IT resources. This includes prohibiting activities such as downloading unauthorized software, accessing inappropriate websites, or using company devices for personal gain. 
  • Monitoring and Enforcement: Employees should be aware that their use of IT resources may be monitored to ensure compliance with the AUP, and violations can result in disciplinary action. 
  • Security Protocols: The AUP should reinforce the importance of adhering to security protocols, such as not disabling antivirus software or bypassing firewalls. 
  • BYOD (Bring Your Own Device) Guidelines: If the organization allows employees to use their personal devices for work, the AUP should include specific guidelines on securing these devices and accessing corporate data. 

An Acceptable Use Policy helps create a secure and responsible IT environment by defining what is and isn’t allowed, reducing the risk of security breaches and legal liabilities. 

2. Asset Management Policy 

Why It’s Important:

An Asset Management Policy helps organizations track and manage their IT assets, including hardware, software, and data. Proper asset management ensures that all assets are accounted for, protected, and maintained, reducing the risk of security vulnerabilities and ensuring compliance with regulations. 

Key Components: 

  • Asset Inventory: The policy should require the creation and maintenance of an up-to-date inventory of all IT assets, including servers, computers, mobile devices, software licenses, and data repositories. 
  • Ownership and Responsibility: Each asset should have an assigned owner responsible for its security, maintenance, and compliance with organizational policies. 
  • Asset Classification: Assets should be classified according to their criticality and sensitivity, with corresponding security measures applied based on their classification. 
  • Lifecycle Management: The policy should cover the entire lifecycle of an asset, from acquisition and deployment to maintenance and disposal. Secure disposal practices, such as data wiping or physical destruction, should be mandated for retiring assets. 
  • Remote Monitoring and Management (RMM): RMM tools should be deployed to monitor the health, performance, and security of all IT assets continuously. These tools enable proactive maintenance, reducing the risk of asset failures and security incidents. 
  • Endpoint Detection and Response (EDR): EDR solutions should be implemented on all endpoints to detect, investigate, and respond to potential threats in real-time. This is crucial for preventing and mitigating cyber threats at the device level. 
  • Patch Management: The policy should mandate regular patching of all software and firmware to address vulnerabilities. Automated patch management solutions should be used to ensure that updates are applied promptly across all assets, reducing the risk of exploitation. 
  • Access Controls: Implement appropriate access controls to ensure that only authorized personnel have access to specific assets, reducing the risk of unauthorized access or misuse. 

3. Business Continuity Plan (BCP) 

Why It's Important:

No matter how robust an organization's cybersecurity defenses are, the possibility of a successful cyberattack or catastrophic event cannot be completely eliminated. A Disaster Recovery Plan (DRP) or Business Continuity Plan (BCP) ensures that the organization can quickly recover and resume operations in the event of a disaster, whether it's a cyberattack, natural disaster, or other significant disruption. 

Key Components:

  • Risk Assessment: The plan should begin with an assessment of the risks that could potentially disrupt the organization, including cyber threats, natural disasters, and hardware failures. 
  • Data Backup Procedures: Regular backups of critical data should be maintained and stored securely, preferably offsite or in the cloud, to ensure data can be restored if lost. 
  • Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs): The plan should define the maximum acceptable downtime (RTO) and the maximum amount of data loss (RPO) the organization can tolerate. 
  • Roles and Responsibilities: Clear roles and responsibilities should be assigned to ensure that the recovery process is efficient and coordinated. 
  • Testing and Updates: The plan should be regularly tested and updated to ensure its effectiveness in a real-world scenario. 
A well-developed DRP or BCP minimizes downtime and data loss, ensuring that the organization can quickly recover from unexpected events and maintain business continuity. 

You can edit text on your website by double clicking on a text box on your website. Alternatively, when you select a text box a settings menu will appear. your website by double clicking on a text box on your website. Alternatively, when you select a text box

4. Data Retention Policy 

Why It's Important: 

A Data Retention Policy outlines how long different types of data should be kept and when they should be securely deleted. This policy is crucial for ensuring compliance with legal requirements, reducing storage costs, and minimizing the risk of data breaches involving outdated or unnecessary data. 

Key Components: 

  • Classification of Data: Different types of data should be classified according to their importance and sensitivity. For example, financial records may need to be kept longer than marketing data. 
  • Retention Periods: The policy should specify retention periods for each type of data, based on legal, regulatory, and business requirements. 
  • Secure Deletion: When data is no longer needed, it should be securely deleted to prevent unauthorized access. This may involve overwriting data or physically destroying storage media. 
  • Compliance Considerations: The policy should ensure that data retention practices comply with relevant laws and regulations, such as GDPR or HIPAA. 
  • Regular Review: The policy should be regularly reviewed and updated to reflect changes in legal requirements, technology, and business needs. 

A Data Retention Policy helps organizations manage their data effectively, ensuring that they retain only what is necessary while reducing the risk of data breaches and non-compliance penalties. 

5. Password Construction Policy

Why It's Important:

Passwords are the first line of defense against unauthorized access to an organization's systems and data. A weak password can be easily guessed or cracked by cybercriminals, granting them access to sensitive information. A Password Construction Policy ensures that all employees create strong, complex passwords that are difficult to break.

Key Components:

  • Length Requirements: The policy should mandate the use long passwords. Longer is better and more important for password cracking than complexity! NIST does not recommend complexity be a requirement but recommends length as a key factor of a good password. Consider a length of 16 or more characters where possible.
  • Prohibition of Common Passwords: To avoid the use of easily guessable passwords, the policy should disallow commonly used passwords like "password123 Length " or "admin."
  • Unique Passwords: Employees should not reuse passwords across different accounts or systems to minimize the potential impact of a single password breach. To do this effectively you probably need to deploy a password manager, but the reason for that is uniqueness. 
A strong Password Construction Policy ensures that all employees create robust passwords, significantly reducing the risk of unauthorized access.

6. Password Protection Policy

Why It's Important:

Even the strongest password is vulnerable if it is not properly protected. A Password Protection Policy outlines how employees should handle and store their passwords to prevent unauthorized access.

Key Components:

  • Secure Storage: Employees should store passwords using a secure method, such as a password manager, rather than writing them down or saving them in an unencrypted file.
  • Avoiding Sharing: The policy should strictly prohibit the sharing of passwords with colleagues or third parties. Each employee should have their own unique credentials.
  • Multi-Factor Authentication (MFA): Implementing MFA adds an additional layer of security by requiring users to provide two or more verification factors, reducing the likelihood of a breach even if a password is compromised.
  • Suspicious Activity Reporting: Employees should be trained to recognize and report any suspicious activity related to their accounts, such as unexpected login attempts or changes in settings.
A Password Protection Policy ensures that passwords, the keys to accessing critical systems and data, are safeguarded against compromise.

Conclusion

In the face of ever-evolving cyber threats, having comprehensive cybersecurity policies is essential for protecting an organization's assets, data, and reputation. A Password Construction Policy and Password Protection Policy work hand in hand to ensure that passwords are both strong and securely managed. An Asset Management Policy ensures that all IT assets are properly tracked, managed, and secured throughout their lifecycle. A Disaster Recovery Plan or Business Continuity Plan prepares the organization for the worst-case scenario, ensuring a swift recovery. An Acceptable Use Policy establishes clear guidelines for the responsible use of IT resources, while a Data Retention Policy ensures that data is managed and disposed of securely and in compliance with legal requirements. By implementing these top cybersecurity policies, organizations can build a strong defense against cyber threats and create a secure environment for their operations.

Get Started Now
]]>Fri, 04 Oct 2024 16:23:07 -0700<![CDATA[Modern Data Security: Beyond Castle Walls]]>https://www.newfathom.com/blogs/post/Modern-Data-Security-Beyond-Castle-Walls

In the ever-evolving landscape of data security, the analogy of fortresses and moats, reminiscent of medieval times, has been a longstanding one. Traditionally, building a strong boundary around one's castle, akin to erecting firewalls and encryption protocols around data, was deemed the pinnacle of protection. However, as technology progresses and threats become more sophisticated, this old-school method of defense is proving insufficient in the face of modern cyber threats. In this blog, we delve into the shortcomings of the castle-and-moat approach and explore how modern data security strategies have evolved to address these challenges.

Perimeter-based Security: A False Sense of Safety

The castle-and-moat strategy relies heavily on perimeter-based security measures. Just as a medieval castle was fortified with thick walls and a surrounding moat to repel invaders, organizations would deploy firewalls and intrusion detection systems to guard their network perimeters. However, this approach operates under the assumption that threats will always come from outside the fortified boundary. In today's interconnected world, where employees access sensitive data remotely and cloud services blur the lines of traditional network perimeters, this assumption no longer holds true.

Vulnerabilities Within: The Trojan Horse of Data Breaches

One of the fundamental flaws of the castle-and-moat model is its failure to address insider threats. While medieval fortresses were designed to withstand external assaults, they were often infiltrated by spies or traitors who bypassed the defenses from within. Similarly, in the realm of data security, the greatest threats often come from within an organization. Whether through malicious insiders or unwitting employees falling victim to social engineering tactics, the castle walls do little to protect against these internal vulnerabilities.

Dynamic Threat Landscape: Adapting to the Changing Tides

In the digital age, cyber threats are constantly evolving, rendering static defenses ineffective. A medieval castle may have stood firm against conventional siege tactics, but it would have been defenseless against modern weaponry. Likewise, relying solely on static security measures such as firewalls and antivirus software leaves organizations vulnerable to sophisticated cyberattacks like zero-day exploits and advanced persistent threats. To combat these dynamic threats, modern data security strategies emphasize continuous monitoring, threat intelligence, and adaptive defenses that can quickly respond to emerging threats.

Data Accessibility vs. Fortified Isolation: Balancing Security and Usability

Another drawback of the castle-and-moat approach is its inherent trade-off between security and usability. Just as a medieval castle's thick walls and narrow drawbridges restricted movement in and out of the fortress, strict security measures can hinder productivity and collaboration within an organization because you need to be physically inside. In today's fast-paced business environment, where agility and accessibility are paramount, rigid security protocols can impede innovation and inhibit digital transformation efforts. Modern data security aims to strike a balance between protecting sensitive information and enabling seamless access for authorized users.

The Perils of Compliance: Meeting Regulatory Standards vs. True Security

For many organizations, compliance with regulatory standards such as GDPR, HIPAA, and PCI DSS is a top priority. However, the castle-and-moat approach often leads to a checkbox mentality, where organizations focus on meeting minimum compliance requirements without truly addressing underlying security risks. Just as a castle's defenses could be breached despite meeting regulatory standards, compliance alone does not guarantee protection against sophisticated cyber threats. Modern data security strategies emphasize a risk-based approach, focusing on identifying and mitigating actual security vulnerabilities rather than simply checking boxes on a compliance checklist.

Embracing a Zero Trust Mindset: Redefining Security for the Digital Age

In response to the limitations of the castle-and-moat model, a paradigm shift is underway in the field of data security. Known as Zero Trust Security, this approach challenges the notion of implicit trust within traditional network perimeters and adopts a "never trust, always verify" mindset. Zero Trust Security assumes that threats may already exist within the network and requires continuous authentication and authorization for every user and device attempting to access resources. By removing the assumption of trust and implementing granular access controls, organizations can better protect their data assets in today's dynamic threat landscape. This doesn’t have to be overly burdensome as companies have created easy biometric authentication and passwordless sign in. These strategies can also protect information at the data level wherever that data goes, whether at a coffee shop in Italy or a ski resort in Bend, whether on a sophisticated server or on a mobile phone in your pocket. 

Conclusion: Building Stronger Defenses for a Digital Future

While the castle-and-moat analogy served as a useful metaphor for data security in the past, it is no longer sufficient to protect against modern cyber threats. As technology evolves and the threat landscape continues to expand, organizations must adapt their security strategies accordingly. By embracing a holistic approach that goes beyond perimeter-based defenses, prioritizes insider threat detection, adapts to dynamic threats, balances security with usability, moves beyond compliance, and embraces a Zero Trust mindset, organizations can build stronger defenses for a digital future. Just as medieval fortresses evolved in response to changing warfare tactics, so too must our approach to data security evolve to meet the challenges of the 21st century.

Get Started Now
]]>Thu, 09 May 2024 16:52:11 -0700<![CDATA[Securing Your OT Network]]>https://www.newfathom.com/blogs/post/Securing-Your-OT-NetworkOperational technology network security. What is an OT network and what are the best practices for securing an OT network?]]>

Securing Your OT Network

An OT network, also known as Operational Technology network, is a type of computer network used to manage and control industrial processes and physical devices in various industries such as manufacturing, energy, transportation, and utilities. OT networks are distinct from traditional Information Technology (IT) networks, which primarily deal with data processing, business applications, and general-purpose computing.

Key characteristics of OT networks include:

  1. Industrial Control Systems (ICS): OT networks are designed to support Industrial Control Systems, which encompass technologies like Supervisory Control and Data Acquisition (SCADA), Distributed Control Systems (DCS), and Programmable Logic Controllers (PLCs). These systems help control and monitor physical processes like manufacturing, power generation, and infrastructure management.
  2. Real-Time Operations: OT networks operate in real-time or near-real-time, ensuring that processes are controlled and monitored with minimal latency. This is essential for maintaining the safety and efficiency of industrial processes.
  3. Specialized Protocols: OT networks often use specialized communication protocols, such as Modbus, PROFIBUS, and OPC, which are optimized for industrial automation and control.
  4. Critical Infrastructure: Many OT networks are associated with critical infrastructure, making them essential for the functioning of various industries and, in some cases, public safety.
  5. Isolation and Segmentation: OT networks are typically isolated or segmented from the broader IT networks to reduce the risk of cyber threats and maintain the integrity of industrial operations.
  6. Robustness: OT network devices and components are built to withstand harsh industrial environments, including extreme temperatures, humidity, and electromagnetic interference.
  7. Security Concerns: Security in OT networks is crucial due to the potential for cyberattacks that could disrupt operations, damage equipment, or compromise safety. Protecting against these threats is a primary focus in the field of OT cybersecurity.
  8. Legacy Systems: OT networks often incorporate legacy systems and equipment, which can pose challenges in terms of compatibility, security, and maintenance.

The convergence of IT and OT networks, often referred to as IT/OT convergence, is a growing trend as organizations seek to improve efficiency and gain insights from data collected from their industrial processes. However, it also introduces new challenges related to cybersecurity and interoperability between the two types of networks.

Security Best Practices for OT Networks

Securing an Operational Technology (OT) network is crucial to protect critical infrastructure and industrial processes from cyber threats. Here are some best practices for securing an OT network:

  1. Network Segmentation: Isolate the OT network from the broader corporate network and the internet. Implement network segmentation to create separate zones for different OT systems and control access between them with “default-deny” firewall rules.
  2. Access Control: Enforce strict access controls to limit who can access and make changes to the OT network. Use strong authentication methods, like multi-factor authentication (MFA), and follow the principle of least privilege. Don’t re-use logins for OT equipment.
  3. Patch and Update Management: Regularly update and patch all software and firmware in the OT network, including industrial control systems (ICS) components and network equipment. Be cautious when applying updates and thoroughly test them in a controlled environment prior to rolling them out to a production environment.
  4. Network Monitoring: Implement continuous monitoring to detect abnormal network behavior or security incidents. Use intrusion detection and prevention systems (IDPS) and security information and event management (SIEM) solutions to analyze network traffic and log data.
  5. Air-Gap Critical Systems: For the most critical OT systems, consider physically isolating them from the network by creating a true air gap. While this may not always be practical, it provides an additional layer of security. This is especially important for legacy equipment that does not get regular security updates.
  6. Security Policies and Procedures: Develop and enforce comprehensive security policies and procedures specific to the OT environment. These should cover topics like incident response, remote access, and configuration management.
  7. Application Whitelisting: Use application whitelisting to allow only authorized software and applications to run on OT devices and systems. This prevents the execution of unapproved software.
  8. Physical Security: Secure physical access to critical OT infrastructure, such as control rooms and industrial equipment. Install security cameras, access control systems, and alarms to monitor and control entry.
  9. Regular Backups: Implement regular backups of critical data and configurations to ensure rapid recovery in case of a cyber incident or system failure. Backups should be monitored, encrypted in transit and at rest, and have an offsite copy to protect from ransomware.
  10. Incident Response Plan: Develop a well-documented incident response plan specific to OT networks. The plan should outline the steps to be taken in case of a security breach and should be tested periodically. Other incidents to include would be extended power outages and any local relevant natural disasters that could hit your area.
  11. Vendor and Supply Chain Security: Evaluate the security practices of OT equipment and software vendors. Ensure that your supply chain is secure, and that vendors provide timely security updates. Require vendors working on site to use your own managed computers for accessing the systems instead of plugging in directly with their own devices. Require vendors to provide cyber security policies for their own operations.
  12. Regulatory Compliance: Understand and comply with relevant industry standards and regulations specific to your sector, such as NIST, ISA/IEC 62443, or other applicable guidelines.
  13. Security Assessment and Audits: Regularly engage in security assessments and audits to evaluate the effectiveness of your OT security measures and identify areas for improvement.

Securing an OT network is an ongoing process that requires continuous monitoring, assessment, and adaptation to evolving threats. The specific security measures you implement will depend on the unique characteristics and requirements of your OT environment. Collaboration between IT and OT teams is essential to ensure a holistic and effective security strategy.

If you need to have your OT network analyzed and secured, click on the button below to get started!

Get Started Now
]]>Wed, 25 Oct 2023 14:44:49 -0700<![CDATA[What can happen when you click a link?]]>https://www.newfathom.com/blogs/post/what-can-happen-when-you-click-a-link

What are the things that can happen when you click a link in a malicious email?

Stage 1 (Just by clicking the link)

  1. Bad actor gets the indication that your email works
    1. Most links sent in an email will be unique to the email it's sent to. If you click the link the bad actor will know that your email address is up and working. Also, they'll know that you are the type of person that clicks links so they'll probably send you more spam!
  2. Bad actor gets your browser "fingerprint"
    1. Your browser session (and every browser session being used) has a footprint based on the information that's available from your session on that website. There are over 50 different data points that your browser gives to a web page just by visiting it. This information (although some is trivial) can disclose information about you and your company. So just clicking a link is giving bad actors 50 clues about you and your company. Here's a few of the things that can be part of your fingerprint: Public IP address, browser used, operating system (e.g. Windows, Mac), browser language, time zone, extensions, and much more! You can go to https://amiunique.org/fingerprint to see how unique your browser session is (the more unique the worse off you are, don't be snowflake!).
  3. Everything and anything
    1. It's also possible if your browser is not updated that bad guys could use a vulnerability in your browser to do lots more than just gather information. Here's a list of the vulnerabilities that Chrome has had: Reference. Some of these allow for someone to own your browser completely. But don't worry, Chrome does a great job of updating, but if you're using an outdated browser or turned off automatic updates you could be in trouble.
  4. Downloading a file
    1. Sometimes just clicking a link can begin the process of downloading a file onto your computer. Usually it will require you to open or run the file to do anything truly malicious, but just getting the file on your computer is a bad step!

Stage 2 (After you click the link)

  1. Web page asks you to enter login credentials
    1. This is call phishing or credential harvesting. These bad actors are trying to get your login information. Usually it's an attempt to get your business email login, but it could also be for other things like your Amazon account or bank account. See Brian Krebs great blog on the value of a compromised email account here: Reference.
  2. Web page installs a malicious extension
    1. If a malicious extension is added the bad actor will basically own your browser and be able to read information on web pages you visit including. Many times these extensions fall into "adware" where they will get paid to re-direct your website to a different web page or send you pop up notifications, but they could also be more malicious.
  3. You open or run a downloaded file
    1. This could be "game over" on your computer. Depending on the malware this could spring board to installing viruses on your system. Sometimes these files would be an office file with macros, or perhaps just an executable or a PDF that will exploit a vulnerability in Adobe or some other application.
    2. The reason bad actors may want to do this are many, see Brian Krebs blog on the value of a compromised PC: Reference.
Get Started Now
]]>Thu, 24 Aug 2023 09:44:02 -0700<![CDATA[Top 5 Cyber Security Threats to Small Business]]>https://www.newfathom.com/blogs/post/Top-5-Cyber-Security-Threats-to-Small-Business

Top 5 Cyber Security Threats to Small Business

Small businesses are becoming increasingly vulnerable to cyber attacks as more and more business operations are conducted while connected to the internet. Small businesses are often an attractive target for cyber criminals because they typically have weaker security measures than larger organizations, making them easier to breach. In this blog, we will discuss the top 5 cyber security threats small businesses face.

  1. Phishing Attacks

Phishing attacks are a common threat to small businesses. These attacks are designed to trick individuals into giving away sensitive information, such as passwords and credit card numbers. Phishing attacks often come in the form of emails that appear to be from a trusted source, such as a bank or a well-known business. Once the recipient clicks on a link or downloads an attachment, malware is downloaded onto their computer, which in turn could be used to distribute false emails from their account, or deploy ransomware onto their computer or network.

  1. Ransomware

Ransomware is a type of malware that extract or encrypts a victim's files and demands a ransom in exchange for the decryption key or not posting their data online. Small businesses are often targeted by ransomware because they typically have weaker security measures than larger organizations. If a small business does not have a robust backup system in place, they may be forced to pay the ransom to regain access to their files.

  1. Password Attacks

Password attacks are a common method used by cyber criminals to gain access to small business accounts. Password attacks can take many forms, such as brute force attacks, dictionary attacks, and social engineering attacks. Small businesses are often vulnerable to password attacks because they tend to use weak passwords and reuse them across multiple accounts, or they have have kept default passwords in place.

  1. Malware

Malware is a broad term used to describe any software that is designed to harm a computer system or network. Malware can take many forms, such as viruses, trojans, and worms. Small businesses are often targeted by malware because they typically have weaker security measures than larger organizations. 

  1. Insider Threats

Insider threats are a growing concern for small businesses. Insider threats refer to threats that come from within an organization, such as employees, contractors, or vendors. Insider threats can take many forms, such as theft of intellectual property, data breaches, and sabotage. Small businesses are often vulnerable to insider threats because they may not have the resources to conduct thorough background checks or monitor employee behavior.


Conclusion

In conclusion, small businesses face a range of cyber security threats that can lead to data theft, financial loss, and reputational damage. By implementing strong security measures, such as multi-factor authentication, regular software updates, and employee training, small businesses can reduce their risk of cyber attacks. It is important for small businesses to understand the threats they face and take proactive steps to protect themselves.

Get Started Now
]]>Mon, 03 Apr 2023 16:05:14 -0700<![CDATA[Why Should You Use MFA]]>https://www.newfathom.com/blogs/post/Why-Should-You-Use-MFAEnabling MFA may be the single most important thing you can do to protect against cyber attacks.]]>

What is MFA

MFA stands for multi-factor authentication and basically means that you are using two different types of authentication to log into your account. There are three primary types of authentication factors:

Knowledge Factor

Something only you know (e.g. password).

Possession Factor

Something only you have (e.g. mobile phone w/ MFA app).

Inference Factor

Something only you are (e.g. biometrics).

Find Out More

Why Should You Use It

Enabling MFA may be the single most important thing you can do to protect against cyber attacks.

Find Out More

Microsoft found that 99.9% of account breaches happened to accounts without MFA enabled.

]]>Wed, 31 Mar 2021 14:19:44 -0700<![CDATA[Manage Your Tech, Free Your Time]]>https://www.newfathom.com/blogs/post/why-managed-servicesDo you enjoy putting out fires in your business? I sure don't. What if there was a way to focus on what matters most and not live crisis to crisis?]]>

How Can I Free My Time?

Do you enjoy putting out fires in your business? I sure don't. It's the worst when my network goes down, my computer freezes, or that program simply doesn't do what it is supposed to do. What if there was a way to focus on what matters most and not live crisis to crisis?


You purchase internet, that special program that allows you to conduct business, and hopefully antivirus for your computers. Is that enough? Well, you don't purchase a car and just run it till it breaks down. You change the oil and perform preventative maintenance. Unfortunately, it doesn't stop at the computer purchase or initial network setup. You need to make sure you are doing the preventative maintenance to keep it working. This is where managed services come in to free up your time. They allow you to proactively manage your tech to keep it working in tip-top shape.

Here are a few of the things that managed services can do for you:

  • Keep your computers up-to-date, such as the following:
    • Operating system (OS)
    • Antivirus and device security
    • Software and drivers
    • Firmware and BIOS
  • Keep your network up-to-date
  • Monitor network performance and internet connectivity
  • Manage assets and their warranties
  • Provide remote access for rapid support and recovery when things inevitably do go wrong
  • Guarantee support response times so you are back up and running as quickly as possible in the event something does go wrong


As an alternative to managed services, you could try hiring an IT person at an on-demand or break-fix capacity. However, you might not find it worthwhile if you're constantly stuck in crisis mode or you have employees being paid to just sit there? Your time is valuable. It only takes one catastrophe - that could have been avoided by a little preventative maintenance - to payback the cost of years of managed services. In the same way you don't run your car into the ground, you don't want to run your tech into the ground. If nothing else, your tech gets you from point A to B.


You could also try the DIY approach to IT. If your business is very small and you're fairly tech savvy, then you might be able to handle your tech needs. However, if you're running a business larger than one or two people, the indirect costs associated with downtime and inefficiencies can quickly make it not worth the effort. More of your time means more opportunities to grow your business and more of doing what matters most to you.

"Tech is like a car that needs preventative maintenance."

Why Managed Services?

Do you hire a mechanic to change the oil, belts, seals, filters, etc. in your car? If so, you probably do it because its not worth your time to learn or purchase the tools to keep your car running. It's the same with IT. The tech in your business is like a car that will break down if you don't perform preventative maintenance. You could spend your valuable time learning how to do it yourself or hire the pros to help.


Additionally, the world is full of dirt, gravel, and other debris that are waiting for their chance to get into your car and wreck havoc. The world is also full of bots and cyber criminals that are trying to get into your tech. Without the proper proactive actions and protections you are a sitting target. Don't worry. Managed services greatly help to improve your cyber security posture. They ensure your systems are up-to-date and protected with antivirus and other critical safeguards.

Free Your Time

Start managing the tech of your business with managed services and it'll pay off in spades.

Get Started

Where Did Managed Services Come From?

Historically, companies hired in-house IT technicians or outsourced for break-fix IT support. Most of this support was reactive - when something broke, a technician came to fix it. As companies began to depend more and more on uninterrupted and reliable technology, proactive IT support became the standard. If you are still relying on reactive IT support, you are falling behind. If you want your business to grow and thrive in these modern times, it's time to consider moving from reactive break-fix support to proactive managed services.

What Can I Do?

Take the next step. Move away from the crisis-life to a rich and fulfilling one where you can focus on what matters most. Start managing the tech of your business with managed services.

Get Started
]]>Wed, 04 Nov 2020 16:55:27 -0800<![CDATA[Recognizing Malicious Emails]]>https://www.newfathom.com/blogs/post/recognizing-malicious-emails

How to Recognize and Avoid Malicious Emails

According to Britannica, 50% of email on the internet is spam. These emails range from selling Viagra knock-offs to trying to convince you to wire them money. Some of these emails are so obvious they need no introduction, but cyber-criminals are becoming more and more sophisticated. In this blog we're going to help you recognize a malicious email, respond appropriately, and recover if you've fallen for them. The last section is how to prevent these things happening in the first place.

Key Takeaways

  •   STOP! If you think an emails seems a little off, stop and investigate.
  • Check Links, Check the "From", Look for Grammar mistakes and misspelled words
  • Look out for urgency and manipulation. Aka, someone wants something fast or they have something you need.

Types, Detecting, and Responding

Business Email Compromise (BEC)

When someone takes over a legitimate email account and uses that account to send malicious emails, that's called Business Email Compromise. These emails are the hardest to stop and detect because they usually appear to be from someone you know and trust because they are, in fact, from their email account. These accounts get taken over when someone has gotten the login information for the compromised account, they've signed in, and are using that account for their own practices. 

Detecting BEC Emails

When you receive an email from a compromised account, it usually has a couple clear tell tale signs that it's a fake. Here's how to spot them:

  • There's almost always a link
  • The link almost always takes you to a page requesting login information
  • It seems off and non-typical
  • You didn't request it
  • Check for bad grammar and spelling errors. Many of these people use a translator app and English isn't their first language

Responding to BEC Emails

If you've gotten a BEC email, or one that you suspect is a BEC email, what should you do?

  1. Verify that it's not legitimate
    1. If you get an email from someone that just seems off, use out-of-band communication to contact them. Do NOT email them back and ask "Is this real?" or use the phone number on the signature. If their email is compromised then of course they will say "Of course it's legit," and the signature phone numbers are usually changed as well. 
      1. Call the phone number of the person if you have one on file, or call their company's main number
      2. Text them, fax them, or email someone else at their office. Use something other than that email address to contact the person. This is what we mean by "out-of-band" communication. 
    2. ​Examine links in the file. If it says it goes to a Word document, does the link go to OneDrive or SharePoint? Also, just because it does, doesn't mean you should go there, but that's a good way to tell if it's spam. 
      1. Here's a great site to see where a link actually goes: https://wheregoes.com/ 
  2. Find out who else in your company has also received the email and warn them, especially if it's really tricky. Warn your colleagues or contact your IT department about the scam. It just takes one person to give your company a really bad name. 
  3. Delete the email. Or if you're feeling like you want to have some fun, email the person back and see how long they'll talk with you. Maybe you can get them to wire you some money :-)

General Spam: Solicitations and Trickery

Sometimes the email isn't from someone you know, and they try to convince you to click a link, wire money, or the like anyway. Let's look at some types of these scams, why they happen, and how to respond. These are a different category because these usually are not legitimate accounts, but they appear legitimate. 

Types

Faking the "From"

A common trick out there is to change the "From" name of an email address. If your boss's name is Jane Smith and their email is jane@company.com, a spammer can change their name to be "Jane Smith" even though their email is jane@anotheremail.com. This is usually a good trick and most people don't pay attention to the whole email address. Here are the tell tale signs of these:

  • Check the actual email address
  • Eventually they will ask you to send gift cards or some strange financial request (think wiring money)
Blackmail and Heart Strings

There's really no limit to the ways scammers will try to blackmail you. My neighbor was scammed by a company she was trying to return something she'd purchased and they said they had to get on her computer and check her bank accounts to verify the purchase... well... that wasn't all they were doing. Here are some common ones:

  • I'm a destitute person in [name of third-world country] and I need help
  • I have your email and password and I have sensitive information about you i'm going to publish if you don't pay me
  • I have naughty pictures of you and I"ll release them if you don't pay me (sometimes this one is along with the one above)
  • We could run away together, I just need some money to come visit
Too Good to be True

This may come as a shock, but you probably aren't that lucky to win the lottery or that car, or whatever else they're selling. Don't fall for it and don't click the links!

Detecting

Besides the signs of scammers mentioned above, there are usually a lot of other signs you can look for too in scammers emails:

  • Poor use of the English language. English is usually not their native tongue and so an easy way to tell a scam is by how they handle the complex language:
    • Bad grammar
    • Bad spelling
    • Weird phrasing
  • ​Check for links. It's a good idea to check any link before you click on it. Does it actually go where it should? When it's asking for a login to Microsoft, are you actually on a Microsoft web page?

Recovering From Spam After You've Fallen for It

Sometimes we all make mistakes and sometimes we realize our mistake right after we make it. If you've fallen for a BEC scam here's what you do:

If you just replied to the email

  • Don't really need to do anything. You just sent them a message and engaged them. Just delete their future emails to you.

If you gave them your email and password

  • Reset your password immediately
  • Reset any other accounts that use that same password
  • Make sure your account isn't forwarding emails to an unknown email account. This is a common tactic if an email has been compromised, then they can map out your organization long-after you've changed your password
  • Make sure you don't have an auto-reply you don't recognize

If you've downloaded a program and run it

  • Disconnect your computer from any network connections (WiFi and/or Ethernet)
  • Reset your computer and start over or rollback your computer to a backup before you ran the program
  • If you downloaded a file but didn't open it. Delete the program/file and run a virus scan. You may still need to reset your computer, but you may also be fine.

If you did a remote session and they were on your computer

If you made it this far with someone, they're probably after your money and it's a simple scam to that extent. I would do the same thing as the program downloaded and run. 

An ounce of prevention is worth a pound of recovery

So, what if we just made some changes that stopped spammers in their tracks and made it much fore difficult to fall for these things in the first place? Here are some ideas that will help you be less impact if you fall for spam, and hopefully make you less likely to get it.

  • Use Multi-Factor Authentication for your email account
  • Disable Auto-Forwarding in your email account (You have to be an admin to do this, but it's a really good idea)
  • Deploy an advanced anti-virus on your computer. This advanced anti-virus should be doing active scanning of any downloads
  • Deploy a password manager for you and your team
  • Create alerts for emails that are "Faking the From" so people in your company can more easily recognize them
Get Started Now
]]>Thu, 01 Oct 2020 08:58:00 -0700