4IT Inc. Recognized on 2017 CRN Next-Gen 250 List

4IT Inc. Recognized on 2017 CRN Next-Gen 250 List

Miami, FL – November 13, 2017: Leading technology firm, 4IT Inc., announced today that CRN®, a brand of The Channel Company, has named 4IT to its 2017 Next-Gen 250 list. The annual list recognizes standout IT solution providers who have successfully transformed their businesses to meet the demands of emerging technologies such as cloud computing, IoT, virtualization, mobility, business analytics and business intelligence. These solution providers, all in business for fewer than 20 years, have adapted to an evolving marketplace with a notable penchant for bringing key technologies to their clients before they become mainstream.

NEXT GEN CRN 2017

4IT is a South Florida based IT consulting company that specializes in the secure management of Information Technology Infrastructure.

“4IT is truly honored to have been selected by CRN as a Next-Gen 250 solutions provider.  This recognition is not about deploying today’s technology, but about helping our customers win big by strategically leveraging key emerging technologies.  So much of what we do is highly technical that it’s easy to miss the importance of recognizing and applying the next wave of tech to our client’s business goals.  We are of course, thrilled to get this kind of recognition.”
– Alexander Freund, CIO and President, 4IT

“This group of solution providers is leading the way when it comes to emerging technologies, bravely stepping into the uncharted territory of next-generation IT solutions ahead of their peers,” said Robert Faletra, CEO of The Channel Company. “Our 2017 Next-Gen 250 list is comprised of relatively new companies as well as established ones, all sharing the common thread of successful, trailblazing solutions designed to meet an unprecedented set of customer needs. We congratulate each team on its vision and contribution to the overall advancement of the IT channel.”

A sampling of the Next-Gen 250 list will be featured in the December issue of CRN. The complete list will be available online at www.crn.com/nextgen250.

About 4IT Inc.
4IT is a leading technology services company providing premise and cloud infrastructure management, cybersecurity tools, strategic IT consulting, engineering, help-desk support, and telecommunications systems. Since 2003, 4IT has delivered award-winning enterprise-level IT practices, technology solutions and support for mid-market clients that have complex IT environments and high cybersecurity risk.

Press Contact
COI Access
GROWTH@COIaccess.com

About the Channel Company
The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

Melanie Turpin
The Channel Company
(508) 416-1195
mturpin@thechannelco.com

###

  • Subscribe To Our Newsletter

Subscribe to our newsletter to be notified about technology updates and tips.

Miami
12595 SW 137th Ave Suite 301
Miami, Florida 33186
(305) 278-7100

Fort Lauderdale
6301 NW 5th Way Suite 5001
Fort Lauderdale, FL 33309
(954) 341-6000

Stay Connected
Join our mailing list to stay up to date and get monthly IT tips!

©2017 4it Inc. | All Rights Reserved | Privacy Policy | Sitemap

What happens when trusted software is the virus?

hack on keyboard

What happens when trusted software is the virus?

Hackers have ingeniously struck again by adding a hidden backdoor into a popular maintenance and file clean-up tool, CCleaner for Windows. The hacked version of the tool allows for the malicious download of additional malware, meaning the hackers could do anything with those affected systems. According to Avast, the company that owns CCleaner, approximately 2.27 million systems ran the affected software.

On Sept. 18th, Forbes reported the hack.

It would be fair to assume that this type of hack is going to become more popular as time goes on. Adding backdoors to existing trusted software is a highly efficient way to rapidly distribute malware to millions of systems without detection, and only requires a hack in one place (the software manufacturer) to succeed. This type of hack is a good example of a potential data breach that is almost impossible to prevent or detect until some kind of public announcement has been made. At that point, from a cybersecurity perspective, it becomes a race against time, and the assumption has to be that any system with the hacked software might already be compromised with additional malware, and should be treated as a potentially hacked system.  This, by definition, is a mediation event.

The first step is to establish the scope of the potential breach by identifying every system that has the hacked software installed. The next step is to remove the offending software as quickly as possible from the entire environment. The final step requires that each of the identified systems be carefully scanned to confirm whether any additional malware was already downloaded and installed.  Another option for those environments that have imaging capabilities is simply to re-image all of the machines that had the hacked software installed. These three steps can be a daunting task for a busy IT department in a mid-market or larger organization, especially if the right IT management tools are not already in place.  This is where an integrated network management platform really helps in both reducing the amount of labor required to get these steps completed, but even more importantly, reducing the amount of time it takes to get it done.

Within 24 hours of the announcement, our Network Operations team was able to get all three of these steps completed on approximately 2600 managed nodes. The integration between the desktop/server management platform, the automated scripting engine, and the combination of anti-malware products that are completely integrated into the platform made all the difference.

The challenge with purchasing, installing, maintaining, and utilizing these types of tools is substantial, as they require a continuous investment in engineering labor to maintain them, and specialized expertise in software engineering to take maximum advantage of the automation built into the platform. As new IT management products are added the environment, ( i.e., malware detectors, threat intelligence engines, firewall, etc.) they need to be integrated into the management platform so that alerting and reporting are automated and workflow rules can be added to that the right people see the right alerts.

Effectively mediating a cyberattack (securing the environment after a breach) is going to increasingly become a more important component of the cybersecurity arsenal.

  • Subscribe To Our Newsletter

Subscribe to our newsletter to be notified about technology updates and tips.

Miami
12595 SW 137th Ave Suite 301
Miami, Florida 33186
(305) 278-7100

Fort Lauderdale
6301 NW 5th Way Suite 5001
Fort Lauderdale, FL 33309
(954) 341-6000

Stay Connected
Join our mailing list to stay up to date and get monthly IT tips!

©2017 4it Inc. | All Rights Reserved | Privacy Policy | Sitemap

4IT Partners with Miami Dade College on National Science Foundation Grant Effort

4IT Partners with Miami Dade College on National Science Foundation Grant Effort

Miami, FL – September 1, 2017: Miami Dade College has submitted a grant proposal titled Cybersecurity Opportunities and Methods that Promote Access and Student Success (COMPASS) for funding by the National Science Foundation NSF, with the full support and collaboration of 4IT, which will be the entity committing the resources to MDC, should the grant be awarded.

“4IT is proud to support Miami Dade College with this very important initiative and looks forward to supporting the COMPASS project, and the college’s faculty, staff, and students, should this grant be awarded,” stated Raymond Mobayed, 4IT CEO.

students learning with laptops

Photo by rawpixel.com on Unsplash

In relation to this project, 4IT will support Miami Dade College by:

  • Contributing resources to support the education and career training program strategies.
  • Assisting in curriculum development to ensure alignment with local industry needs.
  • Providing mentors and speakers that can guide and advise future students.
  • Providing internship opportunities for future students to gain real job experience while they finish their degrees.

4IT is a South Florida based IT consulting company that specializes in the secure management of Information Technology infrastructure.

###

About 4IT
4IT is a leading technology services company providing premise and cloud infrastructure management, cybersecurity tools, strategic IT consulting, engineering, help-desk support, and telecommunications systems.  Since 2003, 4IT has delivered award-winning enterprise-level IT practices, technology solutions and support for mid-market clients that have complex IT environments and high cybersecurity risk.

Press Contact
COI Access
Email: GROWTH@COIaccess.com 

  • Subscribe To Our Newsletter

Subscribe to our newsletter to be notified about technology updates and tips.

Miami
12595 SW 137th Ave Suite 301
Miami, Florida 33186
(305) 278-7100

Fort Lauderdale
6301 NW 5th Way Suite 5001
Fort Lauderdale, FL 33309
(954) 341-6000

Stay Connected
Join our mailing list to stay up to date and get monthly IT tips!

©2017 4it Inc. | All Rights Reserved | Privacy Policy | Sitemap

Welcome to the New Normal

ransomware skull and files

Welcome to the New Normal

Welcome to the new normal, as we usher in another massive worldwide fear inspiring ransomware attack.  I will spare you the technical details of this specific malware, but I do feel it is important to understand the common elements of this latest attack, and the ongoing preferred methodology being used in ransomware attacks.

In April of this year, we witnessed a harmless but embarrassing email phishing campaign that was focused on Dropbox users.  The phishing campaign involved an email that looked like it came from someone you knew with a download link that pointed to a Dropbox file for you to download.  Since people send Dropbox links all the time, this is a very effective phishing technique.   I had a funny feeling at the time that this was a dress rehearsal for a much larger phishing campaign using Dropbox download links.

Not even two months later, say hello to Petya.  This ransomware virus differs from traditional ransomware in two key ways:

  1. The virus is distributed via the Dropbox network.
  2. The virus will actually overwrite boot files required to load Windows, thus completely locking the user out of his ability to use his computer.

The victim usually first receives a business-related email from an applicant that is supposedly applying for a job. The victims are lured into opening a Dropbox storage location, which contains the CV and other details of the applicant. When the user tries to open the relevant files a self-extracting executable file will be run on their PC, which contains a Trojan horse virus. The virus will then blind any anti-virus programs installed and remotely download the Petya ransomware.

The most important question now is how we effectively protect ourselves from these types of attacks going forward.  First, over the past couple of months, 4IT has been evaluating end-user phish testing and education services with two different vendors.  Essentially, these services conduct continuous phishing email campaigns against your company and then provide you with campaign reports showing who opened the emails, and who clicked on the links.  Those users are then provided additional training and evaluated again during the next campaign.  This provides a measurable reduction in the potential risk associated with Phishing and is much more effective than a one-time training session.  4IT will be adding this service shortly to our managed service enhanced security suite.  Second, building multiple layers of detection and prevention significantly increases the chance that one of the layers will recognize the malware.  Our preferred combination of anti-virus (Webroot), anti-malware (Malwarebytes), OpenDNS (Content Filtering), and the Sonicwall Comprehensive Security Gateway creates four separate layers of possible detection.  In fact, the good news for SonicWall customers that are using the full suite of security services is that Sonicwall had signatures for certain variants of Petya since March 2016. In April 2017, Capture Labs analyzed and released protection for the Eternal Blue exploit that Shadow Brokers leaked from the NSA.

Realistically, this constant wave of attacks is probably the new normal for cybersecurity, and will only serve to reinforce the value of ongoing investments in technology and training to prevent, detect, and remediate cyberattacks.

  • Subscribe To Our Newsletter

Subscribe to our newsletter to be notified about technology updates and tips.

Miami
12595 SW 137th Ave Suite 301
Miami, Florida 33186
(305) 278-7100

Fort Lauderdale
6301 NW 5th Way Suite 5001
Fort Lauderdale, FL 33309
(954) 341-6000

Stay Connected
Join our mailing list to stay up to date and get monthly IT tips!

©2017 4it Inc. | All Rights Reserved | Privacy Policy | Sitemap

4IT Sponsors Team at Strike Against Child Abuse Bowling Tournament

4IT Sponsors Team at Strike Against Child Abuse Bowling Tournament

4IT Inc. sponsored the 21st Strike Against Child Abuse Bowling Tournament, which benefitted the Family Resource Center of South Florida, Inc. This is the sixth year in which 4IT has sponsored and participated in the tournament. In addition to the bowling tournament, there was also a silent auction and the Miami Heat Dancers were in attendance. According to Melissa Chiu of the Family Resource Center, “The event was a great turnout because of how interactive and exciting everything was.”  The 4IT Team placed third overall in the tournament.

4IT Strike Against Child Abuse Bowling Tournament
The 4IT Inc. Team at the Strike Against Child Abuse Bowling Tournament
4IT Bowling Tournament
The 4IT Inc. Team with Third Place Trophy at Strike Against Child Abuse

The Strike Against Child Abuse Bowling Tournament took place at the Bird Bowl Bowling Center in Miami on Saturday, June 10th, 2017 from 12:00 pm – 4:00 pm.

4IT Bowling Tournament Heat Dancers
The 4IT Inc. Team with Miami Heat Dancers

The tournament is critical in raising the funds necessary for the Family Resource Center to support critically important programs for treating and preventing child abuse and neglect. Of the company’s sponsorship, CIO and Co-Founder of 4IT Alex Freund said, “Strike Against Child Abuse continues to be one of our favorite fundraising events for a most worthy nonprofit.”

4IT Inc. will continue to impact the South Florida community through the support of programs and charities much like the Family Resource Center of South Florida, Inc. Through community involvement and sponsorship, a safer environment for abused children can be achieved.

###

About 4IT
4IT is a leading technology services company providing premise and cloud infrastructure management, cybersecurity tools, strategic IT consulting, engineering, help-desk support, and telecommunications systems.  Since 2003, 4IT has delivered award-winning enterprise-level IT practices, technology solutions and support for mid-market clients that have complex IT environments and high cybersecurity risk.

Press Contact
COI Access
Email: GROWTH@COIaccess.com 

  • Subscribe To Our Newsletter

Subscribe to our newsletter to be notified about technology updates and tips.

Miami
12595 SW 137th Ave Suite 301
Miami, Florida 33186
(305) 278-7100

Fort Lauderdale
6301 NW 5th Way Suite 5001
Fort Lauderdale, FL 33309
(954) 341-6000

Stay Connected
Join our mailing list to stay up to date and get monthly IT tips!

©2017 4it Inc. | All Rights Reserved | Privacy Policy | Sitemap

Dynamic Duo Partnership Creates Data Backup Solution in Boston

Dynamic Duo Partnership Creates Data Backup Solution in Boston

Boston, MA – May 31, 2017: 4IT, one of South Florida’s leading IT firms, has finalized a partnership with Cogent Communications, Veeam, and Dell to launch a disaster recovery and business continuity solution in Boston, MA.  Utilizing a Cogent managed datacenter, Veeam backup and recovery software, and Dell storage and computing resources; 4IT can now provide an aggressively priced geo-diverse disaster recovery and business continuity solution to domestic and international customers that need 24x7x365 premise and cloud IT infrastructure.

Cogent Communications, a Tier 1 multinational Internet Service Provider, ranks as one of the top five network providers in the world. Cogent services more than 200 major markets and interconnects with 5,940 other networks, and operates 53 data centers worldwide.  Veeam, a leading IT software company has 242,000 customers and 13.9 million virtual machines under protection with its backup and recovery software.

Of the company’s’ recent partnership, CIO and Co-Founder Alex Freund said, “Because of the integration we have completed with our monitoring system and the unique way that Veeam operates with standby virtual servers, we can now offer a very affordable business continuity solution as a viable recovery option for smaller customers.  In the mid-market space, the price has been the major barrier to business continuity adoption, and our partnership with Cogent, Veeam, and Dell will give us the leverage to significantly reduce the recurring cost.”

4IT Boston Data Center
Collage of the 4IT’s Data Center in Boston

About 4IT
4IT is a leading technology services company providing premise and cloud infrastructure management, cybersecurity tools, strategic IT consulting, engineering, help-desk support, and telecommunications systems.  Since 2003, 4IT has delivered award-winning enterprise-level IT practices, technology solutions and support for mid-market clients that have complex IT environments and high cybersecurity risk.

Media Contact
COI Access
GROWTH@COIaccess.com

  • Subscribe To Our Newsletter

Subscribe to our newsletter to be notified about technology updates and tips.

Miami
12595 SW 137th Ave Suite 301
Miami, Florida 33186
(305) 278-7100

Fort Lauderdale
6301 NW 5th Way Suite 5001
Fort Lauderdale, FL 33309
(954) 341-6000

Stay Connected
Join our mailing list to stay up to date and get monthly IT tips!

©2017 4it Inc. | All Rights Reserved | Privacy Policy | Sitemap

Top 10 Things We Can Learn from the Target Breach

cyber-security

Top 10 Things We Can Learn from the Target Breach

For those of you not familiar with the SANS Institute http://www.sans.org, the SANS Institute was established in 1989 as a cooperative IT security research and education organization that today reaches more than 165,000 security professionals around the world.  It is a tremendous resource for everything related to IT security, and I highly encourage any organization or individual serious about IT security to visit the website and examine all that SANS has to offer.

I am giving well-deserved props to SANS because my article today is going to discuss a case study authored by Tedi Radichel from radicalsoftware.com and accepted by SANS regarding the 2013 breach of Target retail stores.  To review the full case study, please visit the following URL:

https://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-prevented-target-breach-35412

Much of the information in my article is based on this case study, so my goal is to provide a more summarized version of the key elements of the breach, and what we should all learn about critical controls that might have prevented this type of cyberattack.

Lesson #1: Be very careful what you publish online about your infrastructure

It appears that attackers may have used a Google search that could have revealed a great deal of information about how Target interacts with vendors, the URL for the Target vendor portal, a list of HVAC and refrigeration vendor companies, and a detailed case study on the Microsoft web site that included details of key components of Target’s technical infrastructure, including POS system information.

Recommendation: Details regarding IT infrastructure should be considered highly confidential and treated accordingly.

Lesson #2: You cannot control the security of your vendors

An email containing password stealing malware was sent to a refrigeration vendor which yielded usable credentials to the online vendor portal.

Recommendation: Assume that any one of your vendors can get penetrated.  Setup your vendor access and monitoring accordingly.

Recommendation: Require dual factor authentication (2FA) for access to any publically facing system.  Had 2FA been implemented for access to the vendor portal, the entire breach might have been prevented. 2FA and other identity security can be easily achieved on almost any system using the right Single Sign On (SSO) package.

Lesson #3: Spear phishing works.

Recommendation: Contract with a vendor that will run ongoing spear campaigns against your employees that provides feedback and training.  Require your vendors to do the same.

Lesson #4: Publically facing systems should be highly restricted when initiating two-way communications to an internal system

Internet facing systems often require some level of communications back to other internal systems.  These can include SQL queries, A/D or radius authentication, etc.  These connections should be very carefully examined and restricted to the maximum extent possible to eliminate pivot points.

Recommendation: Every public facing system should be examined by penetration testing from an administrative account on the external facing system to see where it can lead.

Lesson #5: Systems that provide authentication services are an obvious attack point

A vulnerable domain controller can be used in a variety of ways to access other systems, domains, etc.  When acting as a Radius or LDAP server, any unsecured authentication packets can be easily captured from any network connection.

Recommendation: Run recurring penetration testing to confirm that unsecured authentication traffic is not traversing the network and that your authentication servers are not vulnerable.

Lesson #6: If you think Anti-Malware and Anti-Virus software will save you, think again

The malware that was used on the POS systems was custom software, undetectable by virus or malware scanners.

Recommendation: The trick here is detecting that a change was made.  For certain highly sensitive systems, monitoring and alerting should be configured to generate critical alerts based on ANY modification of the system, change of file permissions, etc.

Lesson #7:Default usernames and passwords are risky

Reports indicate data was retrieved using the default username and password for a server performance management platform.

Recommendation: Start using service templates for all change management.  This includes the installation of new hardware, software, platforms, etc.  That template should include changing or disabling all default usernames and passwords, a requirement for PCI and most compliance standards.

Lesson #8: Monitoring systems that no one pays attention to are useless

While the attack was in progress, monitoring software alerted a vendor that notified Target staff of the incident.  No action was taken by Target.

Recommendation: The team that is responsible for reviewing every security incident should include a staff member who is seriously paranoid and not part of the IT group.

Lesson #9: Don’t try to limit the scope of a PCI audit to save money

Because PCI compliance auditing can be expensive, most organizations try to exclude as many systems as possible from PCI scope to reduce the cost of the audit.  Worse than that, PCI compliance is not a risk mitigation strategy.

Recommendation: Organizations should institute risk management activities on a recurring basis, and they should include the entire organization, including staff and infrastructure that would normally not be considered in scope for PCI compliance.

Lesson #10: No matter how good your systems are, if IT is understaffed and undertrained, you are at serious risk

Too many organizations still look at IT strictly as a cost center where executives and staff are rewarded for reducing budgets and “saving” money.

Recommendation: IT and security budgets should not be considered fixed costs, but variable costs tied to the revenue and/or size of the organization.  IT budgets should AUTOMATICALLY grow alongside the organization.

There is a lot of additional security information in the case study, and if you have the time and interest, I highly recommend reviewing it in its entirety.  If you don’t, make sure your IT security people do.  Learning from our collective mistakes is the most powerful IT security product that will ever be available, and it’s generally free.

Curious as to how your current IT solution stacks up against a potential breach? Check out our free IT Assessment to get a handle on your company’s security today.

  • Subscribe To Our Newsletter

Subscribe to our newsletter to be notified about technology updates and tips.

Miami
12595 SW 137th Ave Suite 301
Miami, Florida 33186
(305) 278-7100

Fort Lauderdale
6301 NW 5th Way Suite 5001
Fort Lauderdale, FL 33309
(954) 341-6000

Stay Connected
Join our mailing list to stay up to date and get monthly IT tips!

©2017 4it Inc. | All Rights Reserved | Privacy Policy | Sitemap

The Real Magic Behind Best-in-Class Managed Service Providers

man with tools

The Real Magic Behind Best-in-Class Managed Service Providers

One of the shortcomings we see constantly in emerging mid-market and mid-market organizations is the lack of IT management tools.   During our contracted annual IT audits, we often discover ticketing systems that are doing nothing more than providing a rudimentary database for open issue tracking, monitoring and alerting tools that are barely configured, no time tracking for IT employees, no project management tools other than excel, no automation tools, and little or no integration between whatever tools are being used to manage the people, the processes, and the infrastructure.  Although there are very good technical arguments for investing in these tools regardless of the size of the IT environment, paying for the tools and the engineering labor to deploy and manage them correctly can provide a shortsighted business argument against them.  With the right manager, and a small group of very talented and disciplined technical engineers, you can gamble with this lack of tools for a period of time without causing major problems.  Make no mistake; this lack of visibility into the IT operation is a major technical problem, one that anyone who has managed IT operations for a high growth organization will acknowledge.  What is generally less clear is this operational blindness is also a major business problem.

Every time I get the chance to meet with other IT directors and CIO’s, they remind me how difficult it is for them to convince business stake holders to continue making the necessary investments in IT infrastructure, software, and engineering talent to address the needs of a growing business.  The two questions I always ask next are what business information is being provided to the stakeholder to justify more budget dollars for IT, and how often is that information being communicated.  More often than not, the answer I get is a sheepish look.  Many don’t even have a formal annual budgeting process for handling licensing and renewals.

So how does this apply to best-in-class MSP’s?  One characteristic that accurately predicts profitability in the MSP space is the investment the MSP makes in tools to measure and maximize engineering productivity. One of the biggest contributors to that productivity increase is the extensive use of automation to eliminate repetitive tasks, proactive monitoring and alerting to minimize manual auditing, and utilization reporting to measure how and where engineering labor is being allocated. Best-in-class MSP’s try to automate everything, focus their engineers on engineering work, not manual monitoring, and measure every ticket, time entry, and engineering task.  For larger MSPs, this level of visibility is critical to business success and the difference between making a 10% net profit or a 10% net loss on their managed service agreements.  It was a revelation to discover how valuable these tools were in our MSP practice to those customers that wanted visibility into their IT departments to see the “business” side. We now have clients that have added their own internal IT departments, but continue to use our toolset to manage their people and their infrastructure.

One ultimate truth to remember is that the business stakeholders care not about technology for the sake of technology; they care about how IT will improve the bottom line, increase customer and employee retention, and provide insight into their critical business numbers.  What they care about is the money, and the really good ones are particularly sensitive to waste.  I always try to emphasize the value of implementing business measurement tools for IT by explaining how much easier it is to justify an IT budget increase by showing the KPI’s that will be at risk when IT labor utilization exceeds 90%.  Even more convincing are previous quarterly reports showing the steady growth of utilization closely mirroring growth in the business. 

No one, least of all business owners, enjoys throwing money into a black hole.

  • Subscribe To Our Newsletter

Subscribe to our newsletter to be notified about technology updates and tips.

Miami
12595 SW 137th Ave Suite 301
Miami, Florida 33186
(305) 278-7100

Fort Lauderdale
6301 NW 5th Way Suite 5001
Fort Lauderdale, FL 33309
(954) 341-6000

Stay Connected
Join our mailing list to stay up to date and get monthly IT tips!

©2017 4it Inc. | All Rights Reserved | Privacy Policy | Sitemap

The Blindside Of: Data Breaches

data breach

The Blindside Of: Data Breaches

Over the course of the last couple of years as the number of data breaches has become much more frequent, and the public awareness surrounding those breaches has heightened, many of our customers have come to appreciate our record on data breaches.  To date, none of our managed service customers have had to manage or remediate a breach, which as many of you may not be aware, can be expensive and painful.  Just how expensive and painful is the topic that I would like to address today.

We have recently worked with a number of companies that were referred to us after a data breach, and the effort involved in locking down a poorly managed environment, isolating the extent of the breach in terms of the data that was exposed, and communicating with the parties whose data was exposed will likely be a huge business interruption, cost a lot of money, and create some very negative publicity for the breached entity.

For those of you that are not familiar with Florida law regarding data breaches, Florida Gov. Rick Scott signed the Florida Information Protection Act (SB 1524) into law, amending Florida’s breach notification status effective July 1, 2014.  According to Karen Booth of Law360.com, “the act replaces Florida’s current breach notification statute (Fla. Stat. § 817.5681) with a new statute (Fla. Stat. § 501.171), which, among other changes: (1) expands the definition of “personal information” triggering breach notification obligations to include an individual’s online account credentials (following California’s recent amendments, and also to include an individual’s name in connection with his or her health care or health insurance information; (2) expands the definition of “breach” from “unlawful and unauthorized acquisition” of personal information to “unauthorized access,” of such information; (3) reduces the deadline for notifying affected individuals from 45 to 30 days after discovery; (4) requires notification to the Florida attorney general regarding breaches affecting more than 500 individuals “in Florida”; (5) imposes unique requirements to provide copies of forensic reports, “policies regarding breaches,” and other documentation to the attorney general upon request; (6) requires reasonable data protection and secure disposal of personal information; and (7) retains relatively unique provisions of Florida’s current statute imposing daily monetary fines for late notice and requiring vendors to notify data owners of breaches within 10 days of discovery, while maintaining that the statute creates no private right of action.”

To adhere to these new state requirements for identifying and reporting to the affected users and the Florida AG once a breach has occurred, proactively preparing for a breach becomes almost mandatory.  What does this kind of preparation look like?

First, there are a number of IT infrastructure changes and specific software tools that should be added to the environment to assist in identifying the scope of breach.  These include enabling more extensive logging on all internet exposed devices, access permissions and authentication logging on the internal network and on any external websites where the entity might be storing PI (Personal Information) data, and identification and isolation of any PI data within the IT infrastructure.  Once these changes have been made, a separate program to collect and permanently store all of these logs is critical to being able to rapidly scan these logs to establish when the breach occurred, what data was exposed to the breach, and when the breach was closed.  If none of these can be established, then by default, the breached entity would have to presume that all data was exposed to the breach, significantly widening the impact of the breach.

Second, it is clear from the new requirement that the Florida AG can request lots of information to establish whether the breached entity was negligent.  That the Florida AG can request documentation that includes corporate policies for data breaches, forensic reports, incident response plans and reports, and other documentation should be a clear indication that the state plans on assessing how well prepared the entity was to react appropriately to the breach.

As we have assisted more referral customers in working through the difficulties of a data breach, what has become quite clear is that being able to rapidly close the breach, identify the scope of a breach, and having well documented and published corporate policies regarding breaches is imperative to reducing the liability, cost, and business interruption a breach will create.

For more information on IT security best practices, or to schedule an audit of your company’s IT infrastructure, call us at 305-278-7100.

  • Subscribe To Our Newsletter

Subscribe to our newsletter to be notified about technology updates and tips.

Miami
12595 SW 137th Ave Suite 301
Miami, Florida 33186
(305) 278-7100

Fort Lauderdale
6301 NW 5th Way Suite 5001
Fort Lauderdale, FL 33309
(954) 341-6000

Stay Connected
Join our mailing list to stay up to date and get monthly IT tips!

©2017 4it Inc. | All Rights Reserved | Privacy Policy | Sitemap

4IT Co-Founder Presents at CUNA Technology Council Conference

4IT Co-Founder Presents at CUNA Technology Council Conference

Miami – October 21, 2016 – Alexander Freund, Co-Founder of 4IT, one of South Florida’s leading IT firms, was invited to speak at the 2016 CUNA Technology Council Conference, in Las Vegas September 28 – October 1st. Mr. Freund presented to more than 80 guests during a premier break out session that addressed the cybersecurity challenges facing the credit union industry.

The Credit Union National Association (CUNA) is the largest national trade association in the United States serving America’s credit unions.  With its network of affiliated state credit union associations, CUNA serves America’s nearly 7,000 credit unions, and more than 100 million consumer members.

Mr. Freund’s presentation focused on specific recommendations for IT infrastructure, tools, and policies that significantly reduce cybersecurity risk and increase compliance with the FFIEC Cybersecurity assessment.  Specific topics covered in the presentation included email, corporate wireless, services exposed to the internet, third-party IT audits, portable and workstation security, password policies, and disaster recovery.  In addition to the presentation, Co-Founder and CEO Raymond Mobayed and Mr. Freund were available throughout the conference to answer cybersecurity questions from attendees.

“Cybersecurity will continue to be the primary focus for CIOs and IT managers as the volume and sophistication of cybersecurity threats facing our businesses every day continues to increase,” said Raymond Mobayed, CEO.  “The CUNA Technology Conference and our breakout session fostered a valuable discussion of the cybersecurity and compliance challenges faced by the credit union industry today and affordable easily implemented IT management solutions to address these challenges.”

4it at CUNA 2016

Co-Founder and CEO Raymond Mobayed, Joanna Uhl, and Co-Founder and CIO Alex Freund.

For a summary of the session, and more information on services provided by 4IT for the credit union industry, please visit http://www.4it-inc.com/cu

About 4IT
4IT is a leading technology services company providing premise and cloud infrastructure management, cybersecurity tools, strategic IT consulting, engineering, helpdesk support, and telecommunications systems.  Since 2003, 4IT has delivered award winning enterprise-level IT practices, technology solutions and support for mid-market clients that have complex IT environments and high cybersecurity risk.

MEDIA CONTACT:
Hanna Thornton/Jorge Martinez
The Conroy Martinez Group
Ph. (305) 445-7550

  • Subscribe To Our Newsletter

Subscribe to our newsletter to be notified about technology updates and tips.

Miami
12595 SW 137th Ave Suite 301
Miami, Florida 33186
(305) 278-7100

Fort Lauderdale
6301 NW 5th Way Suite 5001
Fort Lauderdale, FL 33309
(954) 341-6000

Stay Connected
Join our mailing list to stay up to date and get monthly IT tips!

©2017 4it Inc. | All Rights Reserved | Privacy Policy | Sitemap