Visionary 360 Blog

Lesson’s from the Kaseya Cryptolocker situation | Are you ready for a disaster?

For some, this will be heart felt from revisiting the hell that they went through.  Those involved, directly or indirectly understand this more than any, yet they never wish this to happen to anyone.  Here are a few tips to help YOU from a future breach, and it’s not IF it will happen, it’s WHEN!


Backups, encryption, MFA, 2FA, multiple tools, and password encryptions.  Covered correct?

Well, in short the answer ended up being NO.

Backups:  Any type of direct connection between onsite and offsite = possible encryption.  Make sure there are no direct connections, and the credentials are separate from any type of domain structure.  Restore keys, are there offline copies available?

Disk encryption:  Disks are still able to be cypto encrypted.  Do you have keys stored offline?

Passwords:  Most use some form of password storage.  These systems are encrypted for obvious reasons.  Are there offline copies available?  

Cloud services can be awesome for anywhere access, but if databases become unavailable, local databases become encrypted, how will you be able to access any system?

Most commercial grade password and document management systems allow for a “run book” or exporting of information.  Take a look at options, develop an internal policy with strict guidelines in handling.  Export on a consistent basis with it being documented.  Don’t forget to document the destruction as well.

CompTIA, an non-profit industry trade association and considered one of the IT industry’s top trade associations.

A story from the trench,  the Kaesya Cyberattack Experience as told by a fellow IT professional whom experienced this first hand.

Press release CompTIA issued during the attack, an example of how CompTIA helps the community.  Read Press Release.

More information about the ISAO membership here.

Log4j vulnerability information from ISAO

While I originally wrote this before the Log4j vulnerability became known, I would be remiss not to address it here. Log4j has all the makings of the next drop of the hat. This is a widespread vulnerability that impacts nearly everyone and everything. I’m sure you are all well aware of the issue and its impact. Here again, I’d like to direct you to the CompTIA ISAO as an excellent resource for anyone in the IT Channel, especially MSPs and your customers. As they did during the Kaseya attack, the CompTIA ISAO is making their threat intelligence and active discussions on the issue available to everyone, as service to the industry for the greater good. Head over to http://forum.comptiaisao.org and click on the link to access these important resources, which are being continually updated as more details come to light. The warnings have been out there for a very long time. The timing of the release of this vulnerability is no coincidence. This might not be the quiet relaxing holiday season we all hoped for, but it’s imperative we remain on heightened alert and readiness in the face of hackers determined to harm our businesses. Stay safe this holiday season!

Regards,

MJ

MJ Shoer | SVP, Executive Director, CompTIA ISAO
Office: 630.678.8556 | connect.CompTIA.org

Get the latest IT business and career advice from CompTIA.

 

 

 

Advancing the Cybersecurity Resilience of the Tech Industry. Become a member today

About Visionary 360

Visionary 360 is a team of veteran coaches focused on the technology sector, mainly IT Service Providers, helping to successfully implement their tools more effectively with a financial focus.

We are problem solvers who love helping people, doing the impossible while having fun doing it.  We engage with our clients like they are family.  We love working with them, watching their companies grow.  There is no greater reward than seeing our clients prosper.   To learn more about Visionary 360, visit our website at www.visionary360.com or setup an introductory meeting to discuss your needs.

Have an idea?

Tell us about it!

Sign Up for Notifications

Want notifications for new blog posts?