I really hate hearing from customers and prospective customers that we were right and that they wish they had taken our advice to harden their systems and implement tighter security controls before their breach. Feedback from customers suggests the inconvenience of implementing additional controls is often what keeps them from taking action as opposed to the cost, which is negligible for some of the most effective controls like Multi-Factor Authentication (MFA). If you think the controls are inconvenient, you should spend some time visiting with someone who has been through a breach.

The most likely cyber-attack a small business will experience is an email breach which quickly lead to real payment fraud losses, reputational damage, and compliance risk. Once a criminal organization (yes, there are organizations attacking your small business) has success breaching one email account, you can expect the attacks to increase in volume and sophistication. Businesses can dramatically reduce email breach risk with relatively little cost and yes, some minor inconvenience.

Take the Next Steps

If you own a business or have are responsible for managing business risk, you need to take steps to protect your business, your shareholders, your employees, your vendors, and most importantly your customers. You must take action to implement additional controls. Start by asking your IT professionals to implement controls for yourself so you can understand first-hand how the controls protect your business and the level of inconvenience the controls may cause. This puts you in the best position possible to make informed decisions about how to protect your business and champion initiatives to tighten controls.

If you’ve done nothing to date, start with implementing MFA for your business email and then work with an IT professional to constantly review and improve security controls around all your systems and data.

I’m right and I hope I never have to tell you “I told you so”.

Your credentials can be phished, period.  If you think you’re above being phished, you’re wrong.  We all have weak moments and the criminals are really good at praying on our whims and emotions.  Trust me, you can be phished.  Don’t put so much pressure on yourself.  Implement multi-factor authentication (MFA) wherever possible to protect your accounts even if you are phished.  This is so important that we put together a video to show you how.  Watch this video.  Please just give us a call if you want help or want to discuss additional configuration options to ease implementation for your business.  We will be happy to help.

If you don’t know anything about Office 365 Multi-Factor Authentication please check out our blog and video from December 2017 for a complete overview https://www.gowestit.com/office-365-multi-factor-authentication.

 

 

Go West IT just completed our second annual SOC 2, Type 2 audit.   This is an expensive and time consuming process and it absolutely makes us better every single year.

SOC stands for Service Organization Controls and a Type 2 audit tests our use of and adherence to a defined set of controls over the course of a year.  We won’t receive our results in the form of a SOC audit report for another thirty days or so but I already know it was worth the expense and effort.  Go West IT learns something and improves each time we conduct an internal review, assessment, and our annual SOC audit.  These exercises make us better and in turn deliver greater value to our customers.

A SOC audit is a great way for your organization to get information about how your vendors and partners have designed controls for security, availability, confidentiality, processing integrity, and confidentiality or privacy.  The SOC report provides you with a list of the tested controls that are audited by a third party and lists out exceptions that were uncovered during the audit period.  It is a great way for you to validate the statements that most companies make about how they care for your information.

A SOC audit is no guarantee of security but it is a good indication that a business spends time and effort developing systems and controls to mitigate risk.

If you are a Go West IT customer and would like to see a copy of our SOC audit please just contact your Account Manager and we will make sure you get a copy of the report as soon as it is delivered.  Please contact me directly if you have questions about the SOC audit process or what controls Go West IT has implemented to protect our customers.

Last but not least, please spend a few minutes thinking about how your organization might improve by assessing risks and taking action to implement controls to mitigate risk.  Please just call Go West IT if you want help taking the first step.

Your business is vulnerable to cyber criminals, period.

The truth is that no business is fully “secure”. Rather, businesses assume various amounts of acceptable risk. Your responsibility is to figure out where your organization lies on the security spectrum, how much cyber risk you are willing to comfortably assume, and continually act to reduce your risk to those levels.

We understand that most businesses, especially SMB’s, can’t and won’t do everything their IT provider may recommend. This is true for a myriad of reasons including operational efficiency, timing, focus on your core business, and of course budget considerations. We also believe that most businesses do not realize the amount of risk which they current assume. If you did, you would likely already be doing more!

To this end, Go West IT has developed our “Top Ten Task to Mitigate Cyber Risk”

Review your security posture with your current IT provider and discuss how to implement the next best thing you can do to reduce your risk (HINT: If you’ve done nothing to date, start with backups, patching, and multi-factor authentication). If you need help please give us a shout, our experts will help you recognize, plan, and take the steps to mitigate your risk.

Understand where you are today… know where you want to be tomorrow… build the roadmap to get you there. You can reduce your risk, get started today!

David Lewien
President, Go West IT

Download the PDF: Top Ten Tasks to Mitigate Cyber Risk
303-795-2200
info@gowestit.com
www.gowestit.com

Go West is providing this security alert as a cautionary measure for users with a consumer grade router or network attached storage device at their home or small business.  Due to a recent malware attack known as VPNFilter, the FBI and US-CERT are encouraging users with home devices from Linksys, MikroTik, NetGear, TP-Link and QNAP to reboot the device.  Users should also ensure device firmware is up-to-date and change passwords on these devices.

What Is It
VPNFilter targets small home and office routers and network attached storage devices.  Once infected, the device allows criminals the ability to launch further attacks, collect personal website information, block network traffic, or they can render the device completely unusable.

Official US-CERT alert statement: https://www.us-cert.gov/ncas/alerts/TA18-145A

Manufacturers LinksysMikroTikNetgearQNAP and TP-Link have posted instructions for users to follow to update their device software.

How Does It Impact Me
There is very little risk associated with this malware attack for commercial organizations utilizing business grade devices.  However, it is vital that organizations be aware of the vulnerability for remote users connecting from a home office.  Those users are more likely to be using a consumer grade router and should follow the recommended procedures.

If you have concerns or questions regarding a potential consumer grade router at your business please reach out to Go West support at support@gowestit.com.

Go West IT is celebrating eight years in business this week.  We started with five employees and a handful of great customers.  Eight years later our team has grown to 27 team members and we are searching for the 28th.  Our customer base has grown into the hundreds and we still work with most of that original handful of customers.

Earlier this week I thanked our team members for their contributions to our continued growth and success.  We did not get here alone.  Our success to date results from countless relationships with vendors, consultants, mentors, and most of all a fantastic group of customers who value our services and routinely refer us to prospective customers.  Thank you all very, very much!

Our business, like those of our customers, has adapted quickly to the changing IT landscape.  Go West IT is a leading provider of Microsoft cloud offerings, cybersecurity solutions, and managed IT services to small and medium sized businesses.  We are one of the very few managed service providers of our size to obtain SOC 1-SSAE 18 Type II and SOC 2 audits that provide our regulated customers third party verification of the adequacy of and adherence to security and availability controls.  In 2017, Go West IT was recognized as the Microsoft US SMB West Region Azure Partner of the Year for our leadership in taking small businesses to the cloud.  Most importantly, our team members solve and prevent real problems for our business customers every single day.  We have been and will continue pushing forward to empower people, solve problems, and protect value.

Thank you all very much.  We are looking forward to the next eight years!

— David Lewien, President

I recall a time when IT professionals adopted the “if it’s not broken, don’t fix it” approach to patching. To be sure, there was a time when patching firmware and software might have introduced more problems. That time is long gone. Aggressive patching is the new normal. Gone too are the days when a diligent IT person might go around to all the computers, servers, firewalls, switches, and other network attached devices and get them patched. That manual approach is no longer feasible and adhering to a manual patching plan is foolish. The nature of the modern cybersecurity landscape requires a platform which identifies patches that are needed, facilitates automated patching, and provides reporting & alerting to uncover anomalies.

Look no further than the Intel chip security vulnerabilities (Meltdown & Spectre) publicized this first week of 2018 for evidence of this new norm. When Operating System patches are released to mitigate this newly divulged flaw it will be critical that the patches are applied as quickly as possible.

Go West IT offers managed service plans that utilize state of the art remote monitoring and management platforms designed to keep systems updated and rapidly apply patches when new vulnerabilities are divulged. Stand on our shoulders and use the systems we have already built to keep your business ahead of the curve. Please contact us today at 303.795.2200 or info@gowestit.com.

David Lewien – President

Something You Know + Something You Have

One of the easiest ways to increase your security profile is to utilize multi-factor authentication (MFA).  MFA is just like it sounds, more than one form of authentication is required to access a system.  In most cases this is your normal login credentials (username & password), as well as an additional form of authentication such as the use of a randomly generated passcode or hardware token.

This is a vital form of additional security for Office 365 users, as access to your O365 login credentials opens the door for someone to not only gain access to your email but also potentially your documents (OneDrive), file sharing (SharePoint) and perhaps your entire VOIP phone system (Skype for Business).  If MFA is enabled, despite the criminal having your login credentials, they would most likely not have access to the additional device containing the MFA passcode.

The best part?  It’s free!  Basic MFA is included with your Office 365 licensing at no extra charge but must be enabled.

Please watch the following presentation by David Lewien, President of Go West IT, to learn more about Office 365 MFA, view examples of how it works and additional considerations to keep in mind.  If you are interested in enabling MFA please contact us today at 303.795.2200 or info@gowestit.com.

Leveraging the Cloud – 

Many businesses today use cloud services of some kind, but not every business has committed to moving to the cloud or is leveraging cloud services to their advantage.  Cloud services aren’t right for every situation but it is important for businesses to consider cloud options whenever IT changes are at hand.  Go West IT can help cut through the buzzwords and show you when and how to leverage the cloud to benefit your business. This includes everything from SaaS solutions, such as hosted Exchange with Microsoft Office 365, to comprehensive IaaS (Infrastructure as a Service) solutions in the Microsoft Azure, private white-label or Go West IT cloud environments.

Leveraging our extensive experience and strong vendor relationships, Go West IT was uniquely positioned to be on the forefront of the cloud services movement.  As a Gold Microsoft Cloud Solution Provider, Go West IT provides end to end management of your Microsoft cloud services.  Go West IT was recognized as the 2017 US SMB Azure West Region Partner of the year at this year’s Microsoft Inspire event.  Click here to watch the video to hear more about Go West’s cloud adoption story.

Contact us today to begin charting a course to meet your cloud services objectives.  303.795.2200 or info@gowestit.com

Go West IT today announced it has been named 2017 US SMB Azure West Region Partner of the Year by Microsoft’s US Small and Mid-sized Business (SMB) Group. The award recognizes the US SMB partner that has demonstrated key competitive Azure wins achieved in the West Region. Members of the US SMB Partner Program have shown dedication to arming the small business community with the right technology and services they need to be successful.

Go West IT, founded in 2010, is a managed service provider and information technology leader servicing small and medium sized businesses that use technology to deliver products and services to their customers.  The majority of customers have 10-200 employees with information technology infrastructure housed on-premise, in the cloud, or both.  Offerings include managed service plans, cloud infrastructure, network administration and cybersecurity.  Go West IT has quickly grown to be one of the premier IT service firms in Colorado, supporting over 150 businesses and thousands of users on a daily basis.  The company adheres to a set of strong values and believes in the opportunity to facilitate excellence every day for both customers and team members.

“This award provides recognition of the hard work of our dedicated and talented team here at Go West.” – David Lewien, President

Go West IT along with winners in six other categories were recognized during the Microsoft US SMB Partner Award Reception in Washington, D.C. on July 10, 2017.