Blog

top feature image

COVID-19 What Can We Learn?

We are still a long way away from understanding the full impact that COVID-19 will have on the world. It’s touched every aspect of society and continues to generate more aggressive and unprecedented responses from world leaders. We all know this so why am I writing this blog? Because the scope and impact of this deadly virus could have been significantly reduced or avoided if we had just listened to the experts and acted swiftly. Information trickles in daily and it feels like we are building our response plan on the fly and to make matters worse, people are choosing how they want to respond.

Highly infectious viruses and diseases have been spreading uncontrollably across the human population for thousands of years. It’s even got an official definition in Websters dictionary!

Pandemic noun pan·dem·ic | \ pan-ˈde-mik  \

Definition of pandemic : an outbreak of a disease that occurs over a wide geographic area and affects an exceptionally high proportion of the population : a pandemic outbreak of a disease

So why, in 2020, do we find ourselves at the mercy of one of the deadliest and widest spread viruses in modern history? Experts such as Dr. Michael Osterholm wrote a book in 2017 titled “Deadliest Enemy” that predicted that something like this was imminent. We should have learned from recent outbreaks like SARS (2002-4), MERS (2012), and Ebola(2014) to create an effective and robust incident response plan that could be called upon to address an outbreak like COVID-19. An incident response plan should address: Preparation, Identification, Containment, Eradication, Recovery and Lesson’s Learned.

Preparation – Do we have a team ready to deal with an outbreak (pandemic)? Can we provide enough access to proper medical facilities? Can we quickly mobilize a team of experts that are properly trained to deal with such situations?

Identification – Can we recognize early enough that we have a really bad situation brewing and is there a clear escalation path? Can we properly preserve evidence and artifacts, so the experts have appropriate information to work with as soon as they are called to action?

Containment – Once the expert recognize that we have a serious situation on our hands (which can be done quite quickly if steps 1 and 2 are well defined), do we have processes and procedures in place to contain the virus and prevent the spread?

Eradication – Can we treat the virus and keep people healthy? As we’ve seen, finding medical cures can take months or years to develop and people that are predisposed to certain health conditions like lung infections may not be treatable but performing the first 3 steps of the response plan properly will limit the number of people impacted.  

Recovery – What steps are necessary to ensure the outbreak is 100% controlled and when can we start taking steps to restore everything back to the way it was before this all happened? If you control the impact and severity, you reduce the recovery implications.

Lessons Learned – No plan is perfect, and no 2 incidents are the same. There are always learning lessons that can be applied to any situation to get better and improve. I’m sure that once we get this COVID-19 virus under control, we go back to life as it was and don’t invest enough time and effort on how we can do better next time. This would explain why, despite going through this several times in the past decade, we find ourselves glued to the new feeds to find out what decisions the WHO and world leaders are coming up with on a daily and hourly basis.

Does it sound like these steps would work to help us address an outbreak like COVID-19? It should, it’s been working for computer viruses since the early 70’s. So why aren’t we using this pragmatic and common-sense approach to human viruses? People! Not because COVID-19 is a human virus, but because people tend to think that something like this won’t happen to them and are reluctant to take appropriate actions. I’m sure the WHO is doing all of this and more, but they can’t execute properly if people aren’t listening to their instructions and cooperating. You see it all over the news and social media; people in North America stating they are glad not to be in Italy or China. Well guess what folks, I’m sure Italians were saying they were glad not to be in China at one point too!!!

As I sit at home in isolation writing this blog, I get passionate about this topic because I see it all the time in my line of work. Cybersecurity has all the same human hindrances as this pandemic. I don’t want to make this about cyber, but I do want to get the word out that people need to step up and be part of the solution. This isn’t a Chinese, Italian or Iranian problem to fix. This pandemic is our problem to fix. We all need to listen to the experts, act swiftly and do what’s right for the greater good.

Advice from the WHO (https://www.who.int/emergencies/diseases/novel-coronavirus-2019/advice-for-public):

  • Wash your hands,
  • Maintain social distancing
  • Avoid touching eyes, nose and mouth,
  • Seek medical advice early if you display the symptoms

We need to “flatten the curve” and get this situation under control. Then we can start talking about why you need to protect your business data. 😊

Dream Technology Solutions

top feature image

Protect Your Business from Coronavirus (Covid-19)

Cybersecurity Risk Planning

First and foremost, Dream Technology Solutions recognizes the impact this ruthless virus is having on people around the world and we would like to send sincere condolences to the friends and families of those that have succumbed to Covid-19.  This article is not intended to overshadow the struggles, in any way, that are going on in every community. Our intention is to educate the business community about the learning lessons that can come from such a terrible situation.

Could a good cybersecurity program help to protect your business from a pandemic like Covid-19? Having a well thought out Disaster Recovery (DR) and Business Continuity Plan (BCP) can help your business survive almost anything, including a global pandemic. Businesses are being advised to allow their staff to work from home to prevent the spread of the virus. Unfortunately, many businesses are not designed to support this mode of operation. Their only option is to suspend work until the lockdown is over. This will have a huge impact to the business community and financial ramifications that will go on for months and perhaps years to come. If every business has a proper cybersecurity and risk management program in place, this ask would be much easier to accommodate and far less impactful.  

If we look at the basic concepts of cybersecurity, we need to break it down into its 3 primary components: Confidentiality, Integrity and Availability.

By definition (in simplified form):

Confidentiality – Limit access to information

Integrity – Assure that the information is trustworthy and accurate

Availability – Guarantee reliable access to the information by authorized people

While all of these are important and core to a good cybersecurity program, this article will focus on the concept of Availability. Availability isn’t just keeping your business systems up and running; they need to be accessible to authorized users under any circumstances. We all know the havoc ransomware is posing by taking down business systems by encrypting critical files but who would have thought that the spread of a human virus would create an unprecedented system accessibility problem that IT staff would have to overcome? A good cybersecurity plan should consider all scenarios no matter how unlikely it may seem at the time – Northeast Blackout 2003, 9/11, numerous natural disasters and now Covid-19.

Many companies are turning to cloud solutions to address this accessibility challenge. Typically, if you have a computer that has internet access, you are good to go and can work from anywhere (well almost). If you are one of the lucky businesses that have all your critical systems in the cloud, staff can work seamlessly from home and you are probably going to survive this pandemic without missing a beat (if not for the dependencies on others). For the companies that have a more traditional IT environment, the lockdown brought on by Covid-19 could be disastrous to your business!

Moving systems to the cloud isn’t the answer for every company and there may be good reasons that this isn’t an appropriate option for your business. So, what should you do? Your Disaster Recovery (DR) and Business Continuity Plan (BCP) will be a little more complicated but must contain provisions for scenarios like the current pandemic. Any good plan must start with a worst-case scenario, and it needs to be WORST CASE. I often read DR and BCP plans that assume a server goes down or a system becomes unavailable for an extended period but that simply isn’t good enough. That may suffice to prevent minor disruptions, but I bet those companies wish they took a broader look at their planning now! Expect the worst and plan for it because you can’t adjust your plan after the disaster hits!

What would you have done if there was a gas leak in your building and people were denied access? What about an earthquake that took out the infrastructure preventing people from coming in to work or school? These seem like much easier scenarios to build a plan around, but we’ve had plenty of warning signs that something big like this pandemic was coming –  SARS, MERS, Ebola, the Zika virus, swine flu… So why are so many people caught off guard and trying to figure it out now?

If you have a good Business Continuity Plan, now would be a good time to break it out and focus on your provisions for working from remote locations. If you don’t have this in place, there are options available that are easy to implement and can help provide secure remote access for the time being. Be careful, pragmatic and always continue to practice good cyber hygiene.

I do not endorse any of these products, but I feel like leaving you hanging may cause more damage than good. If you need to let your staff work remotely and don’t have the capabilities to do this today, investigate the following, or similar solutions:

TeamViewer

LogMeIn

Zoho Assist

Connectwise Control

RemotePC

Again, I do not sell or endorse any of these products but the last thing we need happening is to have people unknowingly exposing remote access using unprotected methods that would create gaping security holes. Something like this pandemic does not provide an excuse for anyone to get compromised because they felt they had to let their guard down to keep their business running. You have a responsibility under all circumstances to protect your company data. Don’t forget, the bad actors know what’s going on and see this as an opportunity to strike while companies are at their most vulnerable.

The experts at Dream Technology Solutions are here to help in any way we can. This article is about the importance of a good cybersecurity program and if we all make this a priority, we can keep our staff healthy, happy and support our vital business community.

Contact us:

info@dream-techs.com

top feature image

Cybersecurity – Tools, Process or People?

I’m in the cybersecurity business and I get overwhelmed with my daily feed of the advertisements all boasting to have the “must have” security tool. I can only imagine how difficult it is for IT directors or business owners to navigate through this marketing war. Truth be known, you probably have most of what you need already. We get fixated on thinking we can address our security concerns with a bolt on solution instead of focusing our attention on our critical security assets: people and processes. You need all 3 but history shows that under investing in people and process is by far the biggest risk and the most common cause of system compromise.

Most data breaches are caused by something someone did or something someone should have done. We can look at some of the high-profile breaches to learn from them and figure out how we can do better. Here are some of the most common methods hackers use to compromise systems and gain access to sensitive data:

  • Weak or Stolen Credentials (poor usernames and passwords)
  • Application Vulnerability (unpatched systems)
  • Malware (ransomware or any other malicious software typically distributed via email)
  • Social Engineering (methods like phising or vishing that exploit human psychology)
  • Too Many Permissions (system complexity or lack of security controls can allow for easy access to hackers)
  • Insider Threats (malicious insiders, contractors, 3rd party service providers, disgruntled employees etc.)
  • Improper Configurations (user error)

There is no such thing as a “silver bullet’ when it comes to cybersecurity but if you are looking for a great place to start you should look at your people and processes. Make sure you have the right people in the right positions and ensure they receive the proper training. Work with them to build effective processes and procedures and you are well on your way to developing a solid cybersecurity program. This will also help you identify which tools are necessary to supplement your team (not the other way around). Don’t waste money on tools until you understand what you already have, starting with your people.

I hope this was helpful and as always, feel free to reach out to us to find out more about how to build an effective cybersecurity program or if you just want to learn more about what people are doing to protect their company’s digital assets and customer data.

top feature image

Work from home security

Working from home is foreign to many people and can be very difficult. It is also an infrastructure nightmare for your IT manager. We have a vast amount of experience helping companies setup teleworkers and can help you make sure that you have a secure solution in place. It looks like this isn’t just a quick fix to get through a couple of weeks of isolation. This could be the new norm for quite a while. Contact us to find out more about making sure you keep your business and staff secure during these challenging times.

top feature image

Tips to Stay Secure During COVID-19 ….and Beyond.

4 tips to help you and your co-workers to stay secure during this unfamiliar work-from-home physical distancing that is going on. It’s tough enough when you’re in a business environment to remember the security tips that your IT team keeps talking about but, when you’re at home with kids running around and dogs barking, it’s probably the last thing on your mind. The hackers know this too which is why we’ve seen a been a big increase in ransomware attacks and very clever phishing emails going around. Now more than ever you need to be vigilant about cybersecurity and team up with your co-workers to figure out creative ways to securely communicate.

  • Don’t trust anyone

If you receive an unexpected email, text or social media request from someone, treat it as suspicious unless you can validate it through known good methods. Now is the time to be overly cautious and take a zero-trust approach to everything. If you get an email from someone that you haven’t heard from in a while, reach out to them on Facebook messenger or text to make sure they did send you the email. Don’t assume that just because you know the “sender” or an email at first glance looks OK that it is good. The phishing emails are getting very difficult to detect so start out assuming its bad until you prove it’s good.

  • Don’t click on links

Malware typically needs you to execute something to trigger the bad stuff. Sometimes it’s just an email with a malicious attachment disguised as a document or picture that they want you to open. Other times it is an emailed link to an infected or bad website that will trick you into disclosing information or downloading “updated drivers’ for your computer.  These emails will also use time sensitivity to get you to rush your decision and perhaps bypass your verification process because you “must act now!”. If your bank sends you an email asking you to update your security information immediately or risk getting locked out of your bank account, phoning them would be an appropriate response NOT clicking the link and filling in the form!

  • Get creative to stay in touch

Most people are used to being near the people they interact with daily. With everyone working from home, they can’t lean over and tap them on the shoulder or see when they are off the phone. Technology that has been around for a while that is getting close to offering that in-person experience while being physically distant. Zoom has become very popular lately for video web conferences as well as Microsoft Teams (and many others). We’ve seen full classrooms going online, professional sports teams doing group workout sessions and bands practicing online from different cities. It can be a lot of fun and helps to bring people much closer together than just emails or daily conference calls. There are several Chat tools available as well to replace some of the watercooler talk and if you are collaborating on documents start getting familiar with SharePoint Online. With any new technology there is a new protocol on how and when to use them so be courteous and have fun exploring new ways of working together.

  • Secure your home network

Typically, your home network isn’t as secure as it should be. After all, it was only designed to surf the internet, watch movies and play Fortnite. Now you have work information being transmitted to and from your home network and you don’t have your IT team monitoring and protecting it. You probably share home computers with other family members that really don’t care much about what is going on in the office. What should you do? That’s a whole article on its own but you should at a minimum: patch all your computers, firewalls, printers and wireless access points. The owner’s manuals will help you with this (they can usually be found online). Make sure you have a good antivirus/end-point protection software that is updated automatically. Something like Sophos is great for both Mac and Windows. If in doubt, ask your IT team or a cybersecurity expert (not your neighbor – unless they happen to be a certified cyber expert! 😊).

Working from home has always been a desirable option for employees but a nightmare for IT managers. The days of the IT team securing your corporate network by locking down access to keep the bad guys out are over. Cybersecurity these days has no borders and requires everyone to own the responsibility of keeping your business safe. IT managers must adjust to a new way of securing company data and employees/contractors need to be active members of the cybersecurity team. This COVID-19 Pandemic has accelerated this shift to a flexible workforce, and I’d be very surprised if it doesn’t stick around after life returns to “normal”. You might as well get used to it and start doing your part as an active member of the cybersecurity team if you want to keep it this way.

top feature image

Make Lemonade out of Lemons

While it’s true that the provincial and federal governments are stepping up to help those in need by offering some generous relief funding, we all know that it isn’t going to cover much. Everyone is going to feel the financial effects of COVID-19 for weeks and months ahead. For the small business owner, it can be a real concern trying to figure out how to pay the bills when you’ve been asked to close your doors indefinitely. Now is not the time to sit on your hands and panic. It’s the time to get creative and build new capabilities into your business.

Many of us are stuck in our old school ways, and why not, it’s worked so far. But has it? Have we been missing out on opportunities by being complacent in our ability to adapt? The lockdown being mandated to prevent the spread of COVID-19 is just forcing us to look at our business in new ways. Those that sit back and wait for this to end will fall behind those that look at this as a new opportunity. We need to look at our business through a new lens and figure out a new way to deliver our services.

We know that we can’t do anything about social distancing and people must be able to work from home. We also know the same constraints apply to the consumer so how can we overcome these challenges? Technology is likely going to play a big factor and budget constraints are clearly top of mind for everyone. Here are some cheap ideas and consideration that might help you think about new ways of delivering your services and building new capabilities into your business that you can leverage beyond COVID-19.

Work from Anywhere – This is almost an expectation of the modern workforce. Certainly, it is for those jobs that don’t require you to be physically present to perform your duties. There are several solutions that are available for free on small scale or have extended trials available to accommodate remote workers during the current lockdown. This is a capability that should be part of any business and if nothing else should be something that you’ve invested in to help you through the current crisis and will benefit from after this is all over. Look into simple and secure solutions like TeamViewer, RemotePC or ConnectWise to get connected right away.

Collaboration Tools – Online collaboration tools are not meant to replace face to face meetings, they supplement them. Video conferences are the next best thing when people can’t get together in the same room. Solutions like Teams, Hangouts, Zoom, Slack, and Webex are meant to solve specific problems like time, distance and communications.  You no longer need to find a time in everyone’s calendar where they are free, in the office and you have a room available. Using a video collaboration tool lets you start a meeting on short notice, add users on the fly and they can join from anywhere on any device. Most of these tools also include virtual meeting rooms and chat so you can continue to collaborate well after the meeting has ended.

File Sharing – SharePoint Online or Google Drives are a good way share information. These tools also allow multiple people to collaborate on the same doc at the same time. This is a great way to share ideas and collaborate on group presentations. The best part of this is you can always maintain access controls over your information. People still email around documents to multiple people and then have the onerous task of trying to merge them together in the end. As well, once you send your document via email, you lose control over who can see it or share it. Keep it in your SharePoint or Google Drives and only allow people access that need access. You’ll love this once you get the hang of it.

Modernized Website – Your website is your virtual access to your business. There are some simple solutions that add functionality to your website that can dramatically improve your online customer experience. What are the common things that people walk into your business for and I bet you can replicate most of it online? I remember when realtors thought that open houses and scheduled walk-throughs were the only way to sell a house. Now people can do virtual walk-throughs from the comfort of their own home and get most of the experience of the open house and its far more efficient. Get creative and talk to the experts at SVICE and Shopify to convert your old website into your new online store front.

I do not endorse any of these products and there are many more that I didn’t mention. The point of this blog is to emphasize that now is the time to look and ways to modernize your business and leverage technology to deliver your services in new ways. If you do this now, you will create new business capabilities that will help you through the difficult times and they will propel you past your competition once things get back to “normal”.

Please don’t forget that any time you introduce new technology you introduce new risks so stay on top of your cybersecurity program to safely and securely adopt these new technologies.

When life hits you with a basket full of lemons, you might as well start making some lemonade!… or something like that! 🙂

Dream Technology Solutions

top feature image

Working from Home

 Things to consider…

I’ve been getting quite a few requests about setting companies up to support the “Work from Home” program that most companies are doing to reduce the spread of Covid-19. This is a fantastic way for all of us to help the cause and stop the spread of this nasty virus. While we do this, lets make sure that we understand the new risks being introduced and don’t let good intentions turn into a big problem.

Top 6 things to consider when implementing a work from home policy:

  1. End Point Protection on home machines

You probably have corporate standard end point protection on all company machines but now you may be opening the door to unprotected devices. Depending on the type of access that you are allowing will dictate what you need to consider. If you are setting up your users with direct VPN access, you will have to be more vigilant over what protection these home computers have. If you are using a 3rd party remote desktop solution like TeamViewer, your exposure is far less. In this case, the home computer does not have direct access to your corporate network and therefore presents low risk of introducing malware or unauthorized access.

2. Remind people of your Acceptable Use Policy

People may not be used to working from home and it does introduce a few distractions that aren’t around at the office. It’s a good idea to remind everyone about your Acceptable Use Policy and to ensure they are accessing systems and working in the same manner as they would at the office. Don’t forget, people are often the weakest link in your cyber defense and the distraction of working from home could lead to human error and this is the #1 cause of data breaches!

3. Make sure providing remote access does not increase risk

Assuming the people factor has been addressed, make sure your technical solutions for remote access meet your cybersecurity standards. There are many ways to allow a user to access your network from remote locations but not all are secure. I have seen IT staff open remote desktop ports to allow users easy access to their network. This is also an easy way for bad actors to access your network. Ransomware attackers are constantly scanning for open RDP ports and targeting anything listening on well-known port numbers like 3389. Changing ports doesn’t fool them so keep your guard up and your network secure.

4. Add security with 2 Factor Authentication

Many remote access solution offer and additional layer of security by including 2 factors authentication. This improves your access security by doing a double check on your authentication. You require at least 2 of 3 things to gain authorization: Something you know (password), Something you have (a token such as SMS to your phone), or Something you are (biometrics like a fingerprint). Adding security is always a good thing and many of the remote solutions have this included as part of their service offering. If it’s available, use it!

5. Use up to date VPN solutions

Using a VPN client to encrypt traffic to and from your corporate network is always advised. If this is something that hasn’t been used in a while, make sure the software is up to date. There have been many vulnerabilities identified in VPN software so dusting off an old VPN client still may work but may not be your best option. Make sure any VPN software/solutions being used are fully supported and up to date with their security patches.

6. Shut things down and clean up when this is all over

I think we all hope that this is going to be a short-term solution to a bad problem. Remote access should only be enabled as needed and where possible set remote accounts to expire after a given period. No doubt there will be some cleanup to do once things return to normal so be diligent about making sure you leave things better and more secure than before. I’m sure everyone is practicing good cyber practices and part of that would be to disable remote access once it is no longer needed.

In general, everyone should be reminded that while we go through this difficult time, the criminals are using this as an opportunity. Ransomware and phishing emails being masked as critical Covid-19 information have been flooding the internet. The bad actors manipulate human behavior and emotions to trick you into getting what they want. Do not fall for any of this and delete any unsolicited emails and texts. If you want information on Covid-19, do your own research and only go to reputable web sites. Be safe and continue to be diligent about practicing good cyber hygiene.

If you need help, contact Dream Technology Solutions:

support@dream-techs.com

top feature image

SMBs Losing the Cyber Battle

Small and Medium Businesses are face a growing cybersecurity problem that isn’t going away on its own!

We live in a difficult time for business owners. With the added complexity of IT systems and the increase in criminal activity, it can be difficult to know how to secure your business or even where to start. Large enterprises are way ahead and have been taking proactive measures to upgrade their cyber defense for many years (likely because they were the primary target from the onset of cyber-crime). Due the rapid increase in malicious activity, SMBs are lagging way behind on their cybersecurity capabilities and quickly becoming the popular target for bad actors.

People that know me, know that I love stats, facts and figures. While some may say that stats can be made up or biased, they still tell a story and start the right conversations. With that in mind, I’d like to share some stats that I hope will get you thinking about how you are protecting your business today and asking the right questions about whether or not you are doing enough to protect your company data from breaches or damage.

Did you know:

You can, and should, fact check this information but the one that really seems out of place is the last one. If the above information is correct, then shouldn’t this indicate that small and medium sized businesses are being targeted? This is probably the number one response I get when speaking with SMB owners that haven’t engaged in building a cybersecurity program – “we are too small to worry about it” or “we don’t have anything they (the bad actors) would want”. The other common response is “my MSP (or IT staff) take care of my computers and have my security covered”… but do they? This is exactly what the criminals want you to believe and why the target has shifted from large enterprises to SMBs.

Hopefully by the time you get to this part of the blog, you’ve already checked a few of my facts and did a little more fact finding of your own. SMBs are the target for cyber-crime and you need to take steps to avoid contributing to the 43% that fall victim. Clearly the methods being used to protect SMBs today are not adequate to protect against the complexities of the current IT environment and the sophistication of the attacks being launched by the cyber criminals. We are losing the battle resulting in a growing number of business owners losing their dream and innocent victims having their private information stolen and sold on the dark web for malicious and fraudulent purposes.

What can you do about it?

Consult a cybersecurity expert.

This shouldn’t be viewed as a trust issue with your current IT staff or MSP. They are doing a great job of what they were employed to do. Cybersecurity has evolved so rapidly that traditional IT methods are no longer effective in keeping the bad guys at bay. Traditional IT is still great at keeping day to day operations up and running but it falls well short of effectively detecting and safeguarding against modern attacks. A cybersecurity consultant can work with you and your team to identify where you are doing a good job and where you may have gaps and how to address them.

For many SMBs, the elephant in the room is the perceived costs of cybersecurity. The truth of the matter is that it is far less expensive to prevent a breach than it is to recover from one. In many cases, there is an opportunity to streamline processes and technology to the point that you can achieve savings. Simplicity is the partner of cybersecurity so reducing risks while reducing costs is a realistic goal of a good cybersecurity program.

Contact Dream Technology Solutions today for a free consultation and find out more about the current trends in cyber and what you can do about it.

top feature image

Cyber Insurance Readiness Assessment

What is Cyber Insurance?

Like Auto or Home Insurance, cyber insurance protects a business against damage caused by cyber-attacks. A security breach can become very costly and Cyber Insurance is a way to mitigate this risk by transferring the liability to a 3rd party.

Do I need Cyber Insurance?

If you process payments online, store customer or employee data, or use cloud systems to store company information, you need Cyber Insurance.

Do I Qualify for Cyber Insurance?

The bigger question is are you doing enough to protect your business against a cyber-attack? If you take this very real threat to heart and implement processes and technology to protect your business, then you will most likely qualify for Cyber Insurance.   Dream Technology Solutions can help you determine if you qualify for Insurance with our Cyber Insurance Readiness Assessment. 

What is a Cyber Insurance Readiness Assessment?

A Cyber Insurance Readiness Assessment is an in-depth review of your ability to protect your information assets against relevant threats.

Cyber Insurance doesn’t eliminate the need to have a good cybersecurity program in place, it supplements it. Insurance companies will determine your eligibility, coverage and rates based on several factors such as:

  • Existing Business Continuity and Disaster Recovery Plan
  • Effective firewalls, access controls and security procedures
  • Use of encryption to protect sensitive information
  • Secure use of cloud services

How does it work?

Dream Technology Solutions will work with your key stakeholders to evaluate your current cybersecurity posture. We compare your current practices to industry best practices and Cyber Insurance requirements to provide an informative and detailed report that you own.  It’s a quick and cost-effective way to help you protect your business and save you money by securing the best insurance rates and coverage possible for your company.

What do you get?

You will get a professionally prepared document that will report our findings. The document will include:

  • Where you meet Cyber Insurance requirements
  • Where there are gaps that need to be addressed in order to get Cyber Insurance
  • Recommendations to help you address any Cybersecurity gaps that need to be addressed beyond obtaining Cyber Insurance

Dream Technology Solutions is a local, experienced, knowledgeable and professional service provider that can help you qualify for the Cyber Insurance coverage you need at the best rates.

All of this for a fixed rate of $1,500

Contact us today to find out how we can help with your cyber insurance needs.

top feature image

Cybersecurity Risk Management

Modern businesses tend to rely heavily on technology to support their day to day activities and provide competitive advantages. Leveraging technology to gain the upper hand can be a great decision but it can create some additional risks that must be properly managed. Adopting a good cybersecurity risk management program will help you methodically identify and model risks so you can safely and securely exploit digital technologies.

There are 3 main principles of a cybersecurity risk management program: Risk Analysis, Risk Assessment and Risk Mitigation. Risk Analysis is the process by which you identify and analyze all the potential threats and analysing how vulnerable your organization is to these threats. Once you identify which risks are relevant to your business, a Risk Assessment focuses on the risks that both internal and external threats pose to your data availability, confidentiality, and integrity. Once you’ve analyzed your risks and assessed their potential impact, you can then build a Risk Mitigation strategy to prepare for and lessen the effects of these threats to your business. There are 4 strategies to mitigate risks: Avoid, Reduce, Transfer and Assume.

Avoid

Some risks just aren’t worth taking on at all. There are many situations that could have associated risks that far outweigh the potential gain. In these cases, it makes the most sense to change your plans completely and avoid taking on such activities. Suppose you were starting up a white-water rafting company and couldn’t afford enough lifejackets for all your explorers. Would you selectively hand out the lifejackets to just the clumsy ones because they are the most likely to go for a swim? In the cyber world, this would be equivalent to starting an online store without a proper web application firewall. Although you may get away with it for a while, you just shouldn’t do it!

Reduce/Minimize

To reduce the risk does not necessarily mean to eliminate the risk. When asked, many people view all risks as bad and you should avoid taking on any risk. However, not taking any risk may mean losing out on opportunities and preventing you from maximizing your gains. You don’t want to eliminate all risk; you want to reduce the risk to a level that is acceptable to senior management and aligned you’re your company goals. This is considered residual risk and exists in every business. For example, if you are in the lending business, you wouldn’t lend money to people without first doing a credit check. Again, to draw a parallel to the cyber world, this would be like allowing any computer on your network without first validating patch levels and end point protection. This would expose you to all kinds of unwanted threats and increasing your risk to unacceptable levels.

Transfer

A growing trend in risk mitigation is to transfer the risk to a 3rd party via contract or policy. As companies rely more and more on contractors and vendors, transferring the risk and liability is becoming a more common scenario. Examples are outsourcing your cyber security program to a Managed Security Service Provider (MSSP) and purchasing Cyber Insurance from an insurance company. With all the breaches hitting the news on a regular basis and countless others that aren’t getting reported to the media, purchasing Cyber Insurance is becoming a necessary part of life like purchasing home or auto insurance. You can’t predict and mitigate every threat so purchasing insurance is a great way to protect your business against the cost of recovery from a cyber attack. Stats say it will happen so its best to be prepared!

Assume/Accept

There are some circumstances that the risks are well known and the cost or effort to protect, mitigate or insure far outweigh the cost and impact of any remediation. In these cases, accepting the risk may be your best option. This option comes with a very large caveat, you’d better have a good understanding of the risk and the potential impact if it gets exploited. This isn’t the residual risks that we talked about in prior sections. This is the choice to forgo any efforts to address a particular risk and senior management has decided that the risk can be documented and assumed. As a cybersecurity manager you will want to document the heck out of this one and make sure you get clear signoff. All too often, the cost to react to a critical situation is far more expensive and impactful than anticipated. This could be the riskiest of the options and could end up being the most expensive if you aren’t careful.

Every business has risk. Building a proper Cyber Risk Management program doesn’t have to be difficult or expensive. A good program will take into consideration your business goals, objective and budgets. If you would like more information about protecting your business, please contact Dream Technologies Solutions. We’re here to help!

https://dream-techs.com/contact

info@dream-techs.com

250-744-7973