Tag Archive for: cybersecurity

As cybersecurity threats continue to evolve, so do the terms and tactics associated with them. In reviewing industry guidelines on effective cybersecurity practices, we noticed a common challenge: many cybersecurity terms are frequently misunderstood. These misunderstandings can lead to confusion about what we actually do to protect our clients. One area that stood out was a glossary of commonly misused or misunderstood cybersecurity terms. Let’s dive into a few key terms to help clarify what they mean and why they’re essential for your business.

Common Cybersecurity Misunderstandings: What You Need to Know

1. Antivirus

Misunderstanding: Many people think antivirus software can protect against all types of cyber threats.

Clarification: While antivirus detects and removes malware, it doesn’t defend against threats like phishing or zero-day exploits. Comprehensive protection requires a layered approach, beyond just antivirus software.


2. Regulatory Compliance

Misunderstanding: Compliance with regulations automatically means a business is secure.

Clarification: Regulatory Compliance is about meeting baseline standards and guidance put forth by regulatory agencies.  Meeting regulatory compliance reduces regulatory risk and may reduce some real risk.  The cyber threat landscape evolves much more quickly than regulatory agency guidance and reducing real risk often requires going well beyond regulatory standards.


3. Firewall

Misunderstanding: Some believe a firewall blocks all threats and is the only layer of defense needed.

Clarification: A firewall monitors and controls traffic transversing your local network to the public Internet and sometimes between multiple company locations or cloud environments.  While necessary, a firewall only mitigates a portion of cyber risk and should be part of a multi-layered strategy to effectively protect your network, systems, data, and people.


4. Incident Response Plan

Misunderstanding: Some think an incident response plan only comes into play after a cyberattack.

Clarification: An effective incident response plan is proactive, established, and tested before an attack occurs. This ensures that everyone knows what to do when an incident happens, minimizing impact, accelerating recovery, and reducing risk.


5. Encryption

Misunderstanding: Encryption is often thought of as an unbreakable solution for data security.

Clarification: Encryption helps secure data by converting it to a coded form for data at rest and data in transit, but weak encryption methods, compromised keys, and human error can expose encrypted data to threat actors and thereby increase risk.   Regular review of cybersecurity controls, data storage and transit methods, and encryption key management and efficacy are critical to reduce risk on a constantly changing threat landscape. 

Why Understanding Cybersecurity Terminology Matters

At Go West IT, we often hear, “Aren’t you already doing that?” from clients who may not fully grasp the breadth of cybersecurity risk and mitigation tactics. The reality is, each term above represents a piece of a much larger puzzle. Without understanding the threat landscape and these terms, clients might assume they’re fully protected when, in fact, they’re only partially covered.

Going Beyond Basic Protection

Misunderstanding terms like “phishing,” “malware,” or “two-factor authentication” can lead to an underestimation of the risks and necessary protections. Cybersecurity isn’t just a checkbox; it’s an ongoing process that requires proactive measures and constant adaptation to new threats.

At Go West IT, we’re committed to comprehensive protection, addressing every layer of cybersecurity. From incident response planning to advanced threat intelligence, our goal is to keep you informed and secure, so you can focus on what you do best.If you’re unsure about your current cybersecurity posture, let’s talk about how we can protect you on your journey.


Imagine you’re the head of a growing company. You’ve invested time and resources into securing your digital environment: firewalls are in place, staff have undergone cybersecurity training, and every software update has been meticulously applied. You feel prepared—until a new kind of threat emerges, one that operates faster, smarter, and more unpredictably. Attackers are now using artificial intelligence, leveraging the same technology you depend on for protection.

AI has revolutionized cybersecurity, enabling faster detection and response to threats. But it’s also giving cybercriminals powerful new tools to enhance their attacks, probe for vulnerabilities, and bypass traditional defenses. Understanding how AI can both empower and endanger your business is critical in today’s evolving threat landscape.

How Attackers Use AI

Cybercriminals are deploying AI in innovative ways, creating threats that are harder to detect and even harder to defend against. Here are some of the tactics they use:


Vishing and Deepfakes: AI can create convincing audio and video impersonations, making attacks like vishing (voice phishing) and identity impersonation more believable than ever.
Behavior Analysis: By analyzing user behavior, AI allows attackers to make social engineering attempts feel personal and authentic, increasing the likelihood that a targe will fall for the scam.
Automated Scanning and Targeting: Criminals use AI to automatically scan for vulnerabilities in systems and deploy attacks with unprecedented speed, targeting weaknesses as soon as they’re identified.

Defending Against AI-Enabled Threats with AI

To counter these AI-enhanced attacks, companies must leverage AI-powered defenses that adapt and respond in real time. This is where tools like Go West IT’s Go Secured | Advanced Endpoint (Endpoint Detection & Response, or EDR) come into play. By utilizing AI, these tools offer:


Real-Time Detection and Response: Go Secured | Advanced Endpoint monitors systems 24/7, using AI to detect unusual activity and respond immediately, minimizing the impact of potential breaches.
Enhanced Threat Analysis: With AI, EDR solutions can analyze patterns and learn from emerging threats, providing proactive protection against sophisticated cyber tactics.

Why AI-Enabled Security Matters for Businesses

The stakes are high. Traditional defenses alone can’t keep up with the pace and precision of today’s AI-driven attacks. Incorporating AI into cybersecurity strategy isn’t just a benefit; it’s a necessity. Here’s how AI-enabled security can strengthen your defenses:

Improved Accuracy: AI can process vast amounts of data, detecting threats that human analysts might miss and reducing false positives.
Speed and Efficiency: AI tools react instantly, analyzing and responding to threats in real time—essential in a world where every second counts.

Proactive Security for a Safer Future

Keeping up with attackers requires continuous adaptation. AI-powered solutions like those from Go West IT offer businesses a critical advantage, enabling them to anticipate and counter threats more effectively.

Are you ready to secure your systems with AI’s help? Contact Go West IT to learn more about how AI can serve as both your strongest defense and your competitive edge against AI-enhanced threats.

Cybersecurity is one of the most critical concerns for small business owners today. A single cyber-attack can bring down a business, causing financial losses, reputational damage, and even legal liabilities. Business owners increasingly turn to cyber insurance policies to help mitigate cyber risk. These policies transfer some risk by providing resources, such as money and services, to deal with data breaches, network outages, and cyber extortion. However, cyber insurance is rarely sufficient to deal with the havoc that can ensue when a small business experiences an incident or breach.

Cyber insurance applications can teach small business owners a lot about effective cybersecurity risk management. Cyber insurance applications have grown from a few questions to many pages of questions as carriers seek to better assess risks based on the cybersecurity posture of their customers. This blog post will explore the key lessons that small business owners can learn from the questions asked on a cyber insurance application.

Current cyber insurance applications focus on the following topics:

  1. Endpoint Management
    Endpoint management refers to the management of laptops, desktops, servers, and mobile devices. Cyber insurance applications focus on endpoint management because endpoints are often the entry point for cyber attackers. Implementing endpoint management practices such as vulnerability scanning, patch management, and device encryption.
  2. Phishing Prevention
    Phishing is a type of cyber-attack where attackers use social engineering techniques to trick users into divulging sensitive information such as login credentials or credit card details. Phishing attacks are widespread and can be devastating for small businesses. Cyber insurance applications focus on phishing prevention because it is one of the most common types of cyber attacks. Small business owners can implement phishing prevention measures such as employee training, email filtering, and multi-factor authentication.
  3. Identity Management
    Identity management refers to managing user identities, access rights, and privileges. Identity management is critical for ensuring that only authorized users can access business data and networks. Cyber insurance applications focus on identity management because compromised user credentials are a common entry point for cyber attackers. Small business owners can learn from this and implement identity management practices such as password policies, enterprise password managers, user access control, and single sign-on (SSO).
  4. Data Backup Solutions
    Data backup solutions refer to the process of creating copies of business data and storing them in a secure location. Data backup solutions are critical for ensuring business continuity during a cyber-attack or other disaster. Cyber insurance applications focus on data backup solutions because they are critical for mitigating the impact of a cyber-attack. Application questions center around the segregation of backups because insurance companies know that cybercriminals will delete or encrypt backups if they can access systems. Small business owners can learn from this and implement data backup solutions such as cloud backup, offsite backup, and developing disaster recovery plans.
  5. Endpoint Detection & Response
    Endpoint detection & response refers to the process of detecting and responding to security incidents on endpoints through software and monitoring services. Endpoint detection & response is critical for detecting and responding to cyber-attacks before they cause significant damage. Cyber insurance applications focus on endpoint detection & response because it is a critical component of effective cybersecurity risk management. Small business owners can learn from this and implement endpoint detection & response measures such as threat hunting, incident response planning, and security monitoring.

The good news is that most IT-managed service providers and managed security service providers offer services to cover 100% of the risks cyber insurance companies focus on. If you cannot mitigate your cyber on your own, fast-track your risk mitigation and insurance readiness by contacting a managed security service provider like Go West IT.

Tracie Wilcox, President of On Tap Credit Union talks about how On Tap came to be, staying connected in a digital world, and the importance of work place culture. Watch the full video podcast here.

Jamie Yancy. EVP, COO, and CTO of Native American Bank joins David to talk about the role technology plays in helping under served communities, trust, and his views on digital transformation. Watch the full video podcast here.

Amanda Moriuchi, the CEO of Appit Ventures, joins David Lewien, the CEO of Go West IT to talk about why she does not use the term digital transformation, why the entrepreneurial experience is so sacred, and why not knowing might be the best advantage you have as a young entrepreneur. Watch the full video here.

Choosing a Managed Service Provider (MSP) can be a critical decision for a business. MSPs provide essential IT services to help businesses manage their information systems and data effectively, and to provide protection from harm found in the digital frontier. To ensure that a business selects the right MSP, it is important to consider the MSP’s security posture, SOC 2 Type II audit, service offerings, and end user support capabilities. 

Here are 4 factors to consider when choosing an MSP: 

  1. Security Posture: A business should look for an MSP with a strong security posture. This means that the MSP has robust security protocols, systems, and processes in place to protect their own systems and their customers. A business can assess an MSP’s security posture by asking some simple questions.
    • First, ask if they use all the products and services they recommend to their customers. 
    • Second, ask them to describe how they manage security of their systems and look for indications that they have a process in place for continual review & improvement (i.e., assessments, policy review and updates).
    • Third, ask about how they are prepared to deal with a potential breach of their systems or a breach of a customer’s environment. If they can talk through the answers clearly with substantive examples, chances are, they spend time working on it internally. If the MSP stumbles and cannot provide substantive answers, ask to speak with someone further up the chain of command and if you can’t get good answers, look elsewhere. 
  2. SOC 2 Type II Audit: An MSP’s SOC 2 Type II audit provides assurance that the MSP has the necessary security controls and processes in place to secure the data and systems of their clients. This audit is conducted by an independent auditing firm and provides a thorough assessment of the MSP’s security posture. Not every MSP will have a SOC 2, Type II audit. Those that do have made significant investments in controls and are audited annually on the adequacy of their controls and how well they adhere to the controls throughout the one-year audit period. 
  3. Service Offerings: A business should consider the services offered by an MSP to determine if they meet the business’s needs. For example, the MSP should offer device patching, endpoint monitoring and management, and data backup and recovery services. Talk about what labor is “in-scope” and what labor is “out of scope”. Figure out if the bundle of service an MSP offers fits with the needs of the business. Can the MSP articulate what is included, or does the MSP struggle to justify the value of their services. An MSP with a higher price per device or higher price per person might have a more robust service offering (bundle) that includes things other MSPs might tack on after the sale.   
  4. End User Support Capabilities: A business should look for an MSP with strong end-user support capabilities. This means that the MSP should be able to provide fast, efficient, and effective support to the business’s employees. The MSP should also be able to effectively provide remote support to resolve issues quickly. Ask about how the deal with calls outside of normal business hours.  

By considering the MSP’s security posture, SOC 2 Type II audit, service offerings, and end-user support capabilities, a business can ensure that it selects an MSP that meets its needs and provides essential IT services, including security, to help manage its information systems and data effectively. 

Did you know that every business is at risk for a cyberattack? The only difference is how much risk and what impact it will have to your customers and employees.

No matter the extent to which your business is at risk, all organizations should be aware of the potential dangers and take measures to mitigate these dangers. Many business owners know they are at jeopardy but are unclear on what steps they should take. Refusing to act leaves the business, employees, and your customers vulnerable.

Even if the possibility that your business experiences a cybercrime is low, we encourage you to not take it lightly. Attacks are increasing in efficiency, sophistication and spread. Cyber criminals are rarely pursued or caught, due in part to both the sheer volume of crimes relative to criminal justice resources, and often the lack of awareness from businesses that they have even been attacked.

At Go West IT we help our customers mitigate these attacks every day and have firsthand knowledge of the fallout some organizations experience. Executives, managers, and even IT professionals often discount the risk, or decline to address it further.

This article identifies the top 5 reasons why businesses ignore their cyber risk, along with actions that your business can take despite these barriers.

Download the full article here.

Contact Go West IT today to learn more about how our team can assist your business tackle cyber risk.

It was not that long ago that cyber insurance was something only purchased by large companies with a heavy reliance on data processing. Today, cyber insurance is something that many small businesses carry, and every small business should consider. If a business has the support of a cyber insurance carrier it creates a safety net in the wake of a cybercrime incident.

Cyber insurance claims most often result from a business falling victim to cybercrime such as ransomware, data theft, or payment fraud. In these situations, the cyber insurance carriers should be brought to the table as soon as possible. Cyber insurance carriers create policies to include resources in the form of services to help minimize potential losses. These services include incident response, forensic investigation services, remediation, business resumption services, and even ransomware negotiation services. They do this because they understand that the manner in which a business responds to an incident can help minimize potential loss.

Cybercrime events can take a heavy toll on business operations, along with a substantial mental toll on business leaders, most of whom do not possess the skills and tools required to deal effectively with a cyber incident. Go West IT has experience dealing with cyber events both with the aid of an insurance carrier and without and have seen the difference that having an insurance company in your corner can make. It can turn a stressful and potentially costly event into a manageable business obstacle.

Check out Go West IT’s full article regarding cyber insurance.

Cyber Insurance article thumbnail

Contact Go West IT for more information.

Incident Response

What is an incident response plan?

Cyber incidents are on the rise.  This has been true and will continue to be true for the foreseeable future.   It is important to have a solid incident response plan, regardless of the size of your organization. 

An incident response plan includes six key components:

  1. Preparation
  2. Identification
  3. Containment
  4. Eradication/Remediation
  5. Recovery
  6. Lessons Learned – Review & Improve

An incident, in the context of Information Technology (IT) & data security, is any event that threatens the security and preservation of systems, data, people, and ultimately businesses.  An incident is most often thought of as event perpetrated by a threat actor (criminal) in an attempt to disrupt a system, gain  unauthorized access to systems and data, to change systems, to alter or destroy data, or to disrupt the legitimate intended use of systems and data.

Preparation for an incident requires that a business accept that an incident may occur and plan for how to deal with this eventuality.  The result of preparation is the incident response plan.  Preparation amounts to considering the various types of incidents that might occur and contemplating what resources, information, and planning might be necessary to deal with an incident, and then staging resources and planning so that you can call up the resources and refer to the plan in the event of a real incident.  Preparation saves valuable time and may mitigate the actual damage or cost incurred to recover from an incident.  

Identification is becoming aware of the fact that your business has experienced an incident.  Most cyberattacks start long before a business is aware of the incident.  Identification typically starts with an indication of breach (IoC) which can come from MANY sources.  An IoC might be:

An indication of compromise may lead to identification of an incident that will kick the incident response plan into action.  Businesses should seek to move from identification to containment as quickly as possible.

Containment is the effort and actions taken to keep the incident from getting worse.  This stage often requires the help of an IT expert to quickly gather details, determine the best course of action and taking action to neutralize the threat while preserving data and evidence.  Containment also requires a good communication plan that includes keeping key personnel informed while limiting dissemination of information to those who DO NOT have a need to know.  For example, an IT expert might determine that certain systems need to be disconnected from networks or that certain accounts or services should be disabled to contain a threat.  At the same time, leadership personnel may need to quickly establish who needs to know what is happening and perhaps as importantly, who should not be informed so that proper consideration may be given to the nature of the communication that should occur between the business, vendors, customers, and even the public or media.  Communication during the containment stage is typically limited to only those individuals who play a role in containment or in managing communications.  Disclosure of the incident to affected parties typically comes during the remediation or recovery phase.

The Eradication and remediation stage is when a business endeavors to eliminate the threat.  This stage often includes validating data integrity, validating access controls, restoring systems and data to a known good state, and preparing for the resumption of business operations.  The duration of eradication and remediation will vary based on the nature of and impact of the incident.  When the duration is prolonged, this stage may also require significant a communication component to keep stakeholders informed.  This is also the stage where insurance carriers are notified if the business has cyber insurance.  Cyber insurance carriers often bring significant resources to the table during this stage to include forensic investigations, remediation recommendations, legal support, and incident response resources.  This stage often includes frequent status meetings with stakeholders and IT professionals.   

It is important to consider preservation of evidence prior to eradication if the incident has the potential for data privacy, contractual, or other legal implications.  Forensic evidence most often requires full backups of effected systems and preservation of any log files.

Recovery is the process of resuming business operations.  Resumption of operations should not occur until eradication and remediation is complete.   Recovery duration will vary based on the nature and extent of the incident and additional monitoring and support is typically employed to prevent recurrence of the incident and/or early detection of unintended consequences that results from the original incident or the containment and eradication stages.

Recovery will also include notification and/or disclosure of the incident to affected parties.  Legal counsel is often involved if disclosure is required and insurance carriers play a key role in the recovery stage if cyber insurance coverage was in place at the time of the incident.

Lessons learned is the process of reviewing the incident with an eye to prevent reoccurrence and to improve the response process.  Eliminating 100% of the risk associated with cyber incidents is not possible.  The objective should be to continually mitigate risk when and where feasible.  Looking back at cyber incidents almost always reveals a control or action that may have prevented or at least mitigated the likelihood of the incident in the first place.  It is important to leverage the valuable and often expensive knowledge a business gains as a result of responding to an incident.