Hello, and welcome to today's webinar. Our speakers today are Chris Watkins, Matt Zaghi, and Steven Mykrit from Prescient Solutions. Before I turn it over to them, I'd like to let those of you who are live with us know that you may submit questions during the webinar via the chat box in the lower left side of your screen. The slide deck from today's presentation is available as a PDF in the handouts tab of the webinar homepage. This webinar will also be recorded so that you may watch or re-watch on demand at your convenience. And with that, I will turn it over to Chris, Matt, and Steven. Good morning, everybody. This is Matt Zaghi, Director of Sales with Prescient Solutions. You can see our pretty faces there. We have a bunch of handsome gentlemen presenting today. As Liz mentioned, with me today, we have Steven Mykrit, who's our Director of Managed Technology Services, our Managed Services Offering, as well as Chris Watkins, who's our Director of Professional Services, and will be doing a lot of the heavy lifting today, explaining a lot of best practices that we should be conducting during these unprecedented times. Next slide there, Chris. So again, just a brief high-level introduction. We are Prescient Solutions. We are a Schomburg-based strategic IT outsourcing firm and focus on infrastructure support. While security and cybersecurity is top of mind with everyone, there's a lot of fundamentals of blocking and tackling that needs to be done so that cyberbreaches do not happen. So today, we're going to be talking about, again, cybercrime. It's unfortunate that during this pandemic, a lot of organizations are being taken advantage of. And we need to be and continue to be top of mind and conscious of these phishing attacks and things that could ultimately breach and compromise an organization. So we're going to go through top cyber threats of 2020, as well as password reuse and phishing, IT attack service area, cloud computing, which is a huge buzzword today and continuing to be so, misconfigured and unpatched systems, the supply chain effect, as well as compliance fatigue. The key thing that we hope you guys take away from this in the manufacturing space and industrial space are the seven effective defense strategies that are recommended by the government and other IT industry governing bodies. And that's what we're going to get into today. From a question standpoint, we'd like to go through our presentation. And please, fire away questions, and we'll address those at the end of the presentation. Some solid propaganda that we'd like to give to the group here with the coronavirus cyber risks. All kinds of news publications out there talking about this. But yes, coronavirus now possibly the largest ever cybersecurity threat. And it's changing daily. Wired has mentioned coronavirus sets the stage for hacking mayhem. And all it takes is that weakest link with an organization, and items are breached. Trend Micro, coronavirus used in malicious campaigns. So, again, these are just hot topics today that we're fighting every day. All right. So, good morning, everybody. This is Chris Watkins, Director of Professional Services and the Director of IT for Procuressing Solutions. So, I'm going to get into the meat of the technical stuff. I'll try to keep it high level and not get too much into the weeds, and we'll go through all these things. As you can see here on the password reuse and phishing slide that's on your screens, 81% of data breaches are caused by weak passwords. And it's hard to say, but the average password in the United States is still password. It's unbelievable, but it is true. As with anything, credentials are the most important thing to allow or disallow access. Strong password processes are the utmost importance. Not using simple passwords, dictionary words, or passwords that can be social engineered. And what I mean by social engineered is your personal passwords. A lot of people default to their significant others' names, date of births, anniversaries, their child's, their pet's, things of this nature, things that can be found easily by looking at your social media account, seeing that you're talking about your dog Bowser. Well, let's try his password of Bowser. Hey, it works. It lets us in. Passwords should be, in today's age, at least 16 characters in length and contain upper and lower case or alphanumeric passwords. Even then, we still get into the words that look like they're real words, but they're using a number or an alphanumeric character. These things can still be cracked by password generators, given enough time and computing processing power. What we recommend is try using a password database for all of your passwords. Then just have one password to get into that database and use the auto-generation of a password from that that's secure. It doesn't look like a word. It's not something that can be guessed, not something socially engineered. We'll get into more password strength things later on, as we touch through some of the other security items, enabling things like multi-factor authentication or two-factor. These are the things that are really, should be the standard in today's age for anything that you do, especially if anything of importance. That does include things like your Facebook and LinkedIn, et cetera, et cetera. A very important piece of passwords, also, is never use the same password across multiple different platforms. If you have your LinkedIn password as X, you don't want to use that same password for your financials or for your credit card information or even for your Facebook or Instagram or any other social media. You don't want them to do that. If your password was breached at one place because of the platform you were using, you don't want that being able to be found and used and leveraged in other places. Once a password is breached, it should be changed immediately. You should even go further and change all of your passwords just in case they are, you're not following suit of keeping them dissimilar from each other. If you have any more questions about passwords, we'll get to that later on. We can answer those in the Q&A portion. We're going to get into some effective defense strategies. This is more the items we'll touch on here. Endpoint security, proper configuration, patch management, surface area attacks, managing authentication, secure remote access, and then monitoring and responding. This quote from John McAfee has probably been used more times than I can count. John McAfee, the inventor of the first generation of antivirus, really, is saying antivirus is dead. Even the best antivirus software currently can only detect 30% of the known viruses out there. There are so many variants and literally thousands of those variants are generated every day. As well, most people, or most hackers, I should say, are migrating to more anti-malware, I'm sorry, malware or other surface areas of attack to get better access. Antivirus is kind of old technology. Antivirus can't keep up. It's just a simple truth and it has been for several years. There are many different platforms for endpoint security or antivirus solutions. They go from the mild to wild. Some of them are listed down here on the bottom. You see Carbon Black, WebRoot, Sentinel-1. A lot of these products are either antivirus, anti-malware programs that have very good definition databases and they're updated frequently, sometimes on a daily basis. Others are even of a higher caliber. They're more of what they call machine learning, where they're actually not looking for antivirus or anti-malware or anything like that. They're actually looking for things that shouldn't be on the computer, things that are newly introduced, things that are doing things that are not recognized. They actually learn what your Excel does. If Excel is acting weird, it actually shuts it off proactively and alerts your IT staff or whoever is in charge of that department. What I would recommend is you speak with your IT staff, your IT professionals, and find out what product is best for you. Not everybody can afford a Carbon Black Endpoint product. Some of these products listed here and on other slides can go into the six figures over three to five-year lifespan. Not everybody can afford those things, as well as it's not also prudent for your business. So what you need to do is right-size it for the size of your business, as well as what risk mitigation you want to take. We're going to talk about Endpoint proper configuration and patch management. When I refer to Endpoints, everyone, Endpoints are anything that the end user is in control of, and that includes your mobile phones, your tablets, your computers, even Macintosh or Apple devices, anything that the end user is in front of in accessing your network or your data. There are many tools available that automatically patch and update firmware of your devices. One of those most important ones there on the screen is Windows Server Update Services. Most corporations use Windows Servers as their infrastructure, so their desktops, their servers, et cetera, et cetera. Windows Server Update Services is a free server from Microsoft that allows you to make sure that all of your devices are updated on a set schedule, as well as approved or disapproved updates, because if anybody's ever been in the IT field, you know that not every patch works. Sometimes they can be disrupted and cause problems with the other software. Kaseya is another product that's used for a lot of MSPs. It's what we also leverage here at Prescient for our MSP model. The clients like AED are one of those that have the VSA Kaseya agent on their machines that automatically provides those updates for them. And there are several other products down below, Microsoft System Center, Puppet, CFEngine. These products are a little bit higher caliber. Some of them are not free, some of them you have to pay for, but they also have the ability to update things that are not Microsoft-based, such as Adobe Reader and things that, you know, there's many patches and vulnerabilities in it, you know, on a daily to weekly basis. So having those updates patched and put in place are of huge importance. Something that's not on the slides is more of a mobile device management. We all leverage our phones today. Our phones connect to our corporate networks. They receive our emails. A lot of people use iPads and tablets. Those devices aren't patched by things like Windows Server or VSA. They need to be configured from a mobile device management, and that's getting the iOS updates from Apple or the Google Android platform updates, as well as making sure that the applications running on those devices are also updated to make sure that they're secure, up-to-date, and they have no issues. A lot of those products are not free, and they need to be purchased. Some can be implemented with very basic configuration options. These need to be looked at as well as the processes and policies that your company has to say what devices are allowed, what configuration and options can we talk to our network and access our data. And the last section down at the bottom, Qualys, the Rabbit7, and the Nessus, it is always recommended, no matter how big or small your business is, that you perform periodic assessments. And from a professional standpoint, I always recommend a third party perform this. It's good to be running some of these tools on your network and have your IT professionals look at this information and respond to it on a quarterly or yearly basis, but every year to three years, you should be going to an outside company and saying, the third party independent assessment of my environment, and make sure that everything is good. And I always call it, you don't want the chef tasting the food, because he's always going to tell you it's great. Have a company come in, do these assessments on your environment, and find out, are you really patching your systems up the way they're supposed to? Are they configured properly? And we'll get into it a little bit more as the slides progress. Reducing your tax surface area, this one's a very complicated, and we can literally spend weeks just discussing this, so I'm just going to keep it at a very high level. Again, talk to IT professionals, hire some consultants if you have some questions or if you're even considering that you might be at risk. A tax surface area is any way that a hacker can get into your environment, and that comes from multiple avenues. Currently today with coronavirus, a lot of our users are working from home. They're on their home networks. They may be on a Windows XP machine, which is no longer supported by Microsoft and has no patch management or updates available to it, and it is at high risk. You have no idea what is installed on that device. It may not even have antivirus, and it could be connecting to your corporate network. Their Wi-Fi may be unsecured. And we're going to get into some of the Internet of Things. You'll see the acronyms down at the bottom, the IOT or IIOT, that stands for Internet of Things. These are things like the Nest thermostats, your Ring doorbells, the security cameras, the baby monitors, all these different things that may be plugged in your network that make your house a smart home. These are great, useful, convenient things that make our lives easier and more enjoyable. However, they're built on technologies that originated in the 1950s that have very basic security controls. Basically, they're simple logic controllers or PLCs. Those things do not have any security built into them. And where the first slide, we were talking about passwords, where the majority of things are still using the word password, that's where a lot of those things come from, because out of the box, these devices have password or no password as the default configuration, and very few end users know to change that password or even the administrator username so people can't start guessing these things. These things are connected to the internet. They have very little controls or security built into them. If you're connected to the internet, they can find you and then they can get on your network and start doing things. Many people may have heard of people being talked to through their security cameras or their baby monitors, people being harassed. Those stories are true and that's because they weren't properly configured. That's where we're gonna talk about building a defendable environment, segmenting your network, and this goes from people's home networks to your corporate network. Segmenting the networks means physically having separate networks for different communications or different work functions. You don't wanna have your public Wi-Fi and your internal Wi-Fi on the same network. People that walk in your building as a vendor or a guest or even in your home, you want them to have a separate network so that if they were on your network, they can't see your internal things. They can't access your personal or business financial data. They can't access your computers. They can't do anything other than access the internet. Other things like this are these simple logic controllers, the Nest devices, the Ring doorbells, things like that. They should be air-gapped, meaning that they physically cannot touch any other piece of your network. The reason being is if somebody was to compromise those devices with the basic security protocols, that's as far as they can go. They can mess with your Ring doorbell, big deal. You would know something's up because you're no longer getting your alerts when the FedEx guy drops something off at your door. You want those devices, which are also used in a lot of manufacturing for counting something like a press or are we reaching the right temperature for yielding on a kneeling device, things of all that nature, you want those devices air-gapped and separate from your internal network. When you do have to talk to other parts of the network or say your home users that are working for home in today's age, you wanna make sure that they're connecting to that corporate network or that secure network via encryption with tools such as VPN. And there's many other tools that are out there. VPN is the most common practice and the most secure if you're using the right protocols and the right procedures. So doing these things in these proper order and doing things with air-gap and making sure that these certain devices are locked away and can only talk to these approved or authenticated parts of your network is very important. And this is where those independent assessments of your environment should be done, where your IT professionals should be building this out as they design your network and keep it updated and running throughout the years. These are the standard best practices. This does not just apply to your corporate networks. This is also for your home. Moving on to manage authentication and access. Again, unique and complex IDs and passwords. Implementing and utilizing multiple form factor authentication or two-factor authentication. Most of you probably have some mobile access to your bank or looking at your financial records from your credit card companies. Most of those places are required and pretty much the standard of you need to be using 2FA. They'll text you. They'll be sending you a code through email. What that is is to validate that you really are who you are even if your password is compromised. These are important things, and it should be used as the standard for just about anything in today's electronic world. Following the principles of least privilege is also important. If somebody is a intern in your business, you don't want them accessing your ERP or your financial spreadsheets. You want them just to be able to access the things that they need to do to perform their work. If somebody is in marketing, they should not have access to the financial section of your ERP or those spreadsheets I just referenced. But if somebody is in financials, you don't want them looking at your HR data unless, of course, they're cross-functional. If that is, then they need access to those things. But if they don't, then you should not allow them access because if their account was compromised, you only want them to be able to, that hacker or that person that compromised has access to that environment. You only want them to be able to stick in that side, that small bubble. It is full of breach, but it's a limited breach, and you want to contain it to that one area. Disable unused accounts, any ports or switches that you're not using, as well as employees that are no longer here. If you have a seasonal intern, when they leave, you shut off their access. If you have an employee that is part-time, you should have access for them set between certain hours for it to be enabled and disabled. Again, this is all based on the principles of least privilege or physical access controls. You don't want to leave your keys in your car and leave the doors unlocked. This is the type of thing where if your password's breached, it's the same concept. Using secure remote access is very important in today's age with coronavirus. There's so many users working from home. You don't want somebody just being able to plug in an IP address and connect directly to your network without any type of password, 2FA, or any encryption, because then that data is being transferred through the internet with basically full read access to anybody that can see it, which can be many people. There are many protocols that are in use. They have a lifespan of a few years, but that doesn't mean that when you buy a brand new secure firewall that has VPN controls that it doesn't have all those different older protocols that it's still active and enabled on it by default. You want to shut off all those older protocols and only use the latest and greatest protocol that's in today's use. This would be equivalent to, I have a Windows 10 computer that I just purchased, but it came with Windows ME still installed on it. I'm going to use the Windows ME version because I like that better. Windows ME is very unsecure. You don't want to access it. It has no patching. It's outdated. It's very easy to hack in today's world. It's the same concept. Turn off those older protocols and only use the latest and greatest that's in today's best practice controls. You want to also limit who has access to those VPN activities. There are many people that can do work by just simply emailing and make sure it's encrypted, emailing the data back and forth, or putting it on a cloud share that is secure, obviously. One thing that also can be done, and you want to talk to your IT professionals about this, is you can actually limit who has what access on a VPN network. If you are that same principles we discussed earlier with the HR person or the financial person or the marketing person, you can limit what areas of your network, if it's properly segmented and configured, when they VPN in, that they still have that small bubble of area where they need to do their work and only their work. This is especially important today in today's coronavirus because most people don't know how secure their home networks are. If your IT professional is doing a good job, your corporate network should be secure, but now you're allowing all of these people to work from home and they have no control, no visibility, no monitoring on their home network to say, yeah, they're riddled with viruses and now they're connecting my corporate network and transferring that into my corporate network. The very bottom piece here, and this is a spot that I'm gonna say 80% or better of the companies that I've worked with on a consulting basis have failed to meet, is define an incident response plan for when you are breached. Most companies that have a breach, and this is more of a when, not if. Every company will experience some type of security breach in its corporate lifetime. You should have a response plan put in place and communicated to all of the individuals that are responsible for it. These plans put in place will save you considerable amounts of money, time, and headache. Talking with your insurance company to make sure that you have cyber crime liabilities. Talking with your local FBI agents and regional networks so that if you were breached and the financial information was compromised, who you need to contact, what your state police contact information is. These are all things that should be built into that incident response plan, as well as the communication efforts that you need to do to your customers or clients in case any of their information was compromised as well. People that have credit card information secured in their ERP systems, people that have PII, which is personal identifiable information, that's social security numbers, name, address, date of birth, things of that information. If these things are compromised, how do you communicate it, who do you communicate it to, and when, right? Otherwise, you're opening yourself up for additional legal and liability issues. Very important to put these together. There are a lot of companies out there that specifically deal with just that piece of business planning. If you don't have the ability to do this, I recommend dealing with those outside consultants and or talking to your peers or network to find out what their incident response plan looks like, asking for a copy of it, and mimicking it to what you need it to do. This next piece is a little bit more for the IT professionals or people that are in control of your IT systems. This is important. Not every IT person can read the thousands of logs that are even in a small business, and when I mean small business, we're talking a handful, two to three servers. Those servers generate literally gigabytes of data and logs daily. People that have cloud computing, people that are using the Microsoft Office 365 suite and all of its functions like SharePoint Online and all the different things that may come with that package, there are thousands of logs and just literally tons of data that needs to be sifted through. No IT professional or team of professionals can read all of those logs, so what you need to do is have those logs set to be monitored as well as respond, sending out acknowledgements or alerts to the people in charge saying, hi, there's something fishy in this piece of the log. It needs to be looked at. There are firewalls out there that have IDS or IPS, and that stands for intrusion detection system or intrusion prevention systems. Those things, when turned on and configured properly, can do all of the work automated for you instead of manually so there are lots of hackers from Europe, Russia, China that try to get into business networks all day long. They're simply hacking what they can see from the internet. They don't care who you are, what information they're trying to get. They're just seeing what they can actually get access to. These devices are able to respond and shut off those access when they start seeing somebody try to brute force their way into your network or when they're trying to port trigger something that's open from your outside world to the inside of your corporate network. They are smart enough to do those things. These are things that are extremely important and protocols that are looked at automatically. They're looking to do this stuff on an automated basis. They don't want, you don't want them having to respond to these things literally on a minute by minute basis. No person can physically do these things. What you want is your mission critical devices to be monitored and then set to alert your IT professionals if there is an issue, right? Hardware fails. Software is not always reliable. Even IT people are not perfect and they have, you know, they'll miss things. Having these automated things set to monitor and respond will take a mountain of work. And the angel saying a ounce of prevention is worth a pound of the cure, this is it in its basic form. And this should be the basis of any IT industry from a best practice perspective. Everybody should be monitoring, alerting automatically for all mission critical devices. You should also know who is in those escalation procedures. So if your IT professional's getting text or email alerts at two in the morning, he doesn't wake up within the next 30 minutes or hour to respond to it, who does that go to? It should have an escalation chain, just like you would for any other piece of your business when there's something going on. And there's several products which you see here on the screen. There are dozens of these that are available to you. These are just a number of them that we've worked with. We know they've worked. They're relatively low cost. Again, if you have questions about these, you can ping us here in the Q&A. I'm gonna turn this over to Steven Miker who runs our MTS services. They're MSP for AD, so he'll go through some of the stuff for you. Steven. Hey, good morning everybody. As Chris said, I'm the director of the Managed Technical Services Division of Pressian Solutions. Wanna thank you again for participating in our webinar. Hopefully you've taken away some food for thought on IT security. I don't wanna make this real long, but if you guys have questions about your own environments or services that we may provide or we could help you with, please feel free to reach out to Matt or myself and get a basic security discovery or an in-depth audit. We do provide, as Chris mentioned, IT services, remote IT services and support for AED. And we have a broad spectrum of expertise, unified communications as a service, backup technology, both on-premise and in the cloud, project services and more. So we're here to answer any questions you may have that relate to IT security, so feel free to shoot away. Thank you. All right, guys, thank you. We'll give it maybe 30 seconds or so in case anybody wants to submit a question via that chat box in the lower left-hand screen. But if not, do you guys have, is there some contact information where we can reach you, where our members can reach you? Should they have any questions that might come up later? Hey, you can reach out to our, no, go ahead, Matt. The next slide, right? Sorry about that. There you go. No problem. Perfect, thank you. It's also missing our 800 numbers, so you can reach us at 888-343-6040. You can get in touch with me directly at option number one and then extension 101. You could also stand in line and reach Matt in sales. That's option number two. All right, well, it doesn't look like we have any questions now, which is fine. I'm sure our members will be contacting you. Thank you guys so much for the webinar this morning and for keeping our network safe. We really appreciate it. Not a problem, my pleasure. Thank you. Thank you, Liz.

cybersecurity threats

password management

data breaches

multi-factor authentication

endpoint security

network segmentation

incident response plans