This National Cyber-Security Awareness Month, Focus on Patch Management

 

Every day it seems like there is another cyber-attack impacting small businesses. Per the Ponemon Institute, 61% of small businesses have experienced a cyber-attack in the past 12 months (up from 55% the previous year)1. In fact, the U.S. Securities and Exchange Commission estimates that most targeted cyber-attacks are directed at small businesses2.

As this landscape is rapidly changing and October is national cyber-security awareness month, it’s more important than ever for IT and MSP professionals to take the time to understand their vulnerabilities and to learn how to proactively protect themselves.

A key area where IT professionals can improve their ability to proactively protect themselves is against ransomware attacks. 52% of small businesses reported experiencing a ransomware attack in the past year and this number is on the rise1.

Luckily, there are tools available to IT professionals to help them proactively combat ransomware attacks. These tools focus on patching known vulnerabilities, which is an extremely effective way to stay ahead of cyber-attacks. Per Fortinet, 90% of cyber-attacks in the last year could have been avoided if people updated and patched their systems3. In addition, the research found that, of companies who experienced a cyber-attack, 60% experienced a successful attack for which a patch had been available for over a decade3.

The importance of utilizing these patch management tools is shown through the recent WannaCry cyber-attack.

WannaCry was a destructive ransomware attack that impacted more than 100 countries4. For the vulnerability that was attacked, Windows had released a patch a month prior. All the companies that fell victim to the attack had not implemented the Windows patch which left most IT departments and MSPs scrambling the days after the attack to lock-down and ensure their systems were properly patched. If these organizations had been proactive with updating their patching, they would have prevented the attack from impacting their networks and daily business operations.

With national cyber-security awareness month upon us, we should all be thinking through the best practices we should implement to improve our security and minimize our risks – and patch management is one of the best places to start.

 

  1. Ponemon Institute, ‘2017 State of Cybersecurity in Small & Medium-Sized Businesses (SMB)’, 2017. ​
  2. U.S. Securities and Exchange Commission, ‘The Need for Greater Focus on the Cybersecurity Challenges Facing Small and Midsize Businesses’, 2015.
  3. Fortinet, ‘Report: Dissecting Our Q2 Threat Landscape Research’, 2017.
  4.  Smarter MSP, ‘The Most Telling Cyber-Attacks and Data Breaches of 2017’, 2017.

 

         

LogMeIn Central Named a Leader for Endpoint Management Software

Based on G2 Crowd’s unbiased user reviews, LogMeIn Central has been named a leader for Endpoint Management software! G2 Crowd pulls in customer satisfaction data from real user reviews to determine each vendor’s satisfaction score and more than 15 data points from G2 Crowd’s user reviews, publicly available information, and third-party sources to determine each vendor’s market presence score.

LogMeIn Central is proud to have the following accolades highlighted:

  • Leader for Endpoint Management software
  • Top Momentum Leader for Endpoint Management software
  • #1 Easiest To Use solution

To learn more, visit: https://www.g2crowd.com/categories/endpoint-management  

G2 Crowd, a real-time and unbiased user review site empowers business buying decisions by highlighting the voice of the customer.

Their review platform leverages more than 400,000 independent and authenticated user reviews read by more than 1.5 million buyers each month. G2 Crowd’s model brings transparency to B2B buying—changing the way decisions are made.

         

Evaluating Endpoint Management Solutions? This Buyer’s Guide Can Help

We know IT teams wear a lot of hats and that there are numerous solutions available to enhance endpoint infrastructure security and increase productivity. Researching and selecting the right endpoint management solution can be overwhelming, so we’ve put together a practical guide for the time and resource-constrained IT professional to facilitate the search.

Download this guide to uncover:

  • The critical need for comprehensive endpoint management
  • 10 key questions to shape your search
  • Must-have features and capabilities
  • The value your solution should deliver
  • How LogMeIn Central can help

Download Here

         

Upcoming Live Webinar with LogMeIn’s CTO

From our latest research report, Uncovering the Harsh Realities of Endpoint Management, we invite you to join our live webinar and Q&A session on August 1st at 11AM with LogMeIn’s Chief Technology Officer, Sandor Palfy, and Director of Product Marketing, Rachael Stockton. We’ll be diving into specific trends in the technology space and what it all means to you as an IT professional.                                                                                                                                                                                                                                                                    Attend this webinar to learn:
  • How endpoint management has evolved and why having a comprehensive endpoint management solution is no longer a nice-to-have but rather an absolute necessity.
  • Market trends and business threats driving the need to change our approach from reactive to proactive to keep our organizations secure.
  • How to implement proactive measures to manage and project your endpoint infrastructure from cyber-attacks.

Register here: https://attendee.gotowebinar.com/register/7459720592977017346?source=blog

Sandor has over 18 years of experience in the technology and development sector – if you have any questions for him about the endpoint management landscape, email them to us, and we’ll try to cover them during the session!
         

Uncovering the Harsh Realities of Endpoint Management

The workplace is evolving, and cybersecurity concerns and the risk of security breaches are higher than ever. According to the Ponemon Institute, 54% of companies experienced one or more successful attacks that compromised data and/or IT infrastructure in 2018, proving that the majority of today’s organizations are struggling to secure their endpoints. For many, endpoint security risk has become unmanageable, and companies are paying a prohibitive cost for each successful attack – $5 million for a large organization or an average of $301 per employee.

From the biggest ransomware attack in history (WannaCry) to two security vulnerabilities that put nearly all operating systems and computers at risk (Spectre and Meltdown), IT professionals are on high alert to improve their security measures, but many are struggling to determine how to implement proactive measures to manage and protect all endpoints from cyber-attacks.

In our latest research study, we surveyed 1,000 IT professionals across North America and Europe about the security landscape and uncovered market trends and business threats driving the need to make endpoint management a top priority. We revealed current tactics and proactive measures IT professionals can take to better protect their organizations from breaches.

To learn more, check out the infographic below, and download the full report here:

 

         

Solving for a Lack of IT Visibility & Control

Technology is a double-edged sword for IT. On one hand, it makes life easier with instant access to information, eliminates traditionally manual tasks, and allows us to better protect and manage the IT environment. On the other hand, it’s given a new life to rogue employees who can sign up for accounts and conduct business completely outside of IT’s line of sight and certainly out of their control.

You can’t protect what you can’t see. That is the elusive problem known as shadow IT. The challenge is gaining visibility into this hidden world, knowing the applications that are in use, and protecting company data without impacting the employee’s productivity.

This problem is largely based on the use of employee-introduced, non-sanctioned cloud apps. Last October, Ovum released research finding that 78% of IT executives say they do not control all the cloud apps their employees use for work, and a quarter say they only control half of the cloud apps being used through the organization.

With no oversight of these apps, there is little protection against the exposure of sensitive corporate data, with an unknown quantity of touch points and security behaviors outside the control of the IT team. Companies must put the right policies and technology in place to address password problems, without becoming the enemy of the employees.

Almost 68% of those surveyed by Ovum acknowledged that these open doors open the company to significant risk, whether that’s a phishing attack, ransomware, or social engineering attack. However, the challenge is how to address these risks without taking up even more time of the IT team’s already full plate.

How IT Can Take Back Control

While it can appear overwhelming to tackle the problem of shadow IT within your business, it doesn’t have to be. To help you approach this problem, we’ve provided three critical steps to get you started on taking back control of the apps and security of your organization:

  • Audit your employees’ cloud apps – As we said before, you can’t protect what you can’t see, and the first step to seeing all the apps in use is to ask. Do an audit of all the apps and tools that employees are using through a survey. Even if you don’t capture everything, you’ll learn about many of the tools in use and raise awareness with employees that IT needs to be in the loop as they bring in new apps. Once you have a clearer picture of your business’ app ecosystem, start to consider Single Sign-On and password management tools to give you management over those apps that give you visibility into usage and allow you to enforce policies that keep those accounts more secure.
  • Setup automated software updates – Don’t get caught with outdated software, which was the catalyst for the Equifax breach back in September 2017. This is an easy fix. Leverage endpoint management technology like LogMeIn Central, which enables you to pair the ability to push patch updates, with the ability to automate the process and setup alerts so a service is never outdated for long.
  • Require multi-factor authentication (MFA) – If you haven’t already, introduce your employees to multi-factor authentication. Start with your user directory, whether it’s Active Directory, Azure or G-Suite, and require employees to add this second layer of protection to the account. Once employees are comfortable with MFA on their email, they’ll be more comfortable adding it to other apps as well.
         

Customer Spotlight: Running a Live Performance with Chicago Symphony Orchestra

We at LogMeIn traveled to Chicago, Illinois to visit with Dan and co. at the Chicago Symphony Orchestra (CSO), where they’ve been using Central for nearly a decade.

What we love about Dan and the CSO (other than the fact that they’re long-time users of Central) is how they embody that behind every great company, organization, or even performance, is an IT team, working at all hours from wherever they might be to keep everything up and running. As outsiders, we usually don’t see all that goes on behind the scenes and the CSO is a great example of what goes into ensuring an entire orchestra is able to perform night after night.

Dan and his team use Central on a daily basis to ensure that all of their computers and servers around the orchestra are up and running. With Central, they’ve made impressive improvements to their IT processes, including cost savings on licensing and hardware, decreased IT time spent on support requests, and increased proactive identification of critical software updates and machine health.

Watch the whole story here:

         

Four Key Components of an Endpoint Management Solution

 

 

Endpoint management is increasingly becoming a top priority in the IT community. It’s defined as the ability to centrally discover, provision, deploy, update, and troubleshoot endpoint devices – including, but not limited to, laptops, desktops, or servers – within an organization. An endpoint management solution feature set is pretty extensive, but the typical features include asset management, patch management, mobile device management, operating system (OS) or application deployment, remote control, and anti-virus management. With so many features falling into the endpoint management bucket, I’m here to help you focus on the four key components of an endpoint management solution.

Patch Management

Patch Management has been a hot topic as of late given the first major cyber-threats of the new year – Spectre and Meltdown. A good endpoint management solution allows you to discover and apply patches to all devices within your endpoint infrastructure. The advantage of leveraging endpoint management technology is that by pairing the ability to patch with alerts and process automation, it enables you to be more productive and proactive securing your endpoints.

OS Deployment

Save time and resources by automatically deploying an operating system to your endpoint infrastructure. An endpoint management solution enables you to deploy an operating system to one or all your endpoints with little to no disruption to the end user. Operating systems have and continue to be a large target for cyber threats which is why having a patch management solution to compliment OS deployment is critical.

Application Deployment

It’s becoming more common for employees to bring their own applications into the workplace – Spotify and Slack just to name a few. Add that to other employee-shared applications like Adobe or Java and the difficulty of managing these applications skyrockets. An endpoint management solution not only lets you manage applications within your ecosystem, but also enables you to monitor your endpoints for software that is outdated or at risk, push software updates directly to one or multiple endpoints, manage and perform multiple updates silently without interruption to end users or remote endpoints, and automate software updates on endpoints to prevent future issues.

Asset Management

A good endpoint management solution collects all the important details about your assets regarding the hardware, software, operating system, and applications running on a given endpoint. It stores this information in a single location – usually in the form of a list view or dashboard – for easy reporting.

If you would like to take a look at an endpoint management solution, try LogMeIn Central Premier for free today.

         

What We Know About The Latest CPU Bugs Meltdown and Spectre and Steps You Can Take to Protect Your Organization

On Wednesday, January 3rd, two CPU bugs were discovered that could impact billions of devices worldwide. These two security flaws, known as Meltdown and Spectre, target most computer processing systems making it possible for attackers to steal sensitive data – including passwords, banking information, and encrypted communications.

Meltdown and Spectre: What Are These New Security Flaws?

Let’s start with Meltdown. Affecting Intel processors, Meltdown enables attackers to bypass the hardware barrier between applications that are being run and the computer’s memory – allowing for them to read a computer’s memory and steal passwords.

Spectre, on the other hand, breaks the isolation between different applications allowing attackers to essentially trick those applications into giving up valuable information. Spectre’s impact is larger given it affects Intel, AMD, and ARM processors. This expands its reach to include a multitude of devices, essentially anything with a chip in it.

Combined, these two bugs affect virtually every modern computer, including laptops, smartphones, tablets, and PCs from all vendors, running almost any operating system.

What steps can be taken to reduce the risk of being exposed to these two bugs?

Three steps your organization can take to reduce the risk of being impacted by these two security flaws are to patch your systems with the latest update, monitor CPU usage, and continue to keep an eye on this evolving threat.

  • Patch Your Systems

Patch Management is an essential part of securing your IT infrastructure. Meltdown and Spectre can impact devices running just about any operating system – including Windows, Mac, and Linux – or application leaving just about every organization at risk. Intel and ARM have issued patches that they deem will make your systems immune to these two bugs – but this requires users to download a patch and update their operating system to fix. If you have not already applied the necessary patches, make sure to do so as soon as possible.

  • Monitor CPU Usage

Because these two bugs target CPUs, be sure to continuously monitor CPU usage on all machines in your ecosystem. If you notice any unusual activity, be sure to raise a red flag to your IT leadership and explore the situation further.

  • Keep An Eye On This Evolving Threat

It has only been a few days since these security flaws were identified. More information is sure to surface over the coming days and weeks – including critical information from the security researchers who identified these flaws as well as the impacted providers Intel, AMD, and ARM.

         

5 tips to enjoy the holidays and stay on the ball at work

Woman holding Christmas gift at the desk

The holidays are in full swing, which means holiday parties, time off with the family, and sneaking away to finish up your shopping. However, it can be a challenge to balance holiday to-do’s with work to-do’s and the last thing we want to worry about during the holidays is work.

For most of us, knowing we’ve covered our bases allows us to flip the work switch off and relax. But that peace of mind can only be achieved if we set ourselves up correctly. And while business is inherently unpredictable, we’ve put together these five tips for factors that you can control before going away to set yourself up for a happy, stress-free holiday season!

  1. Pre-holidays prep

The biggest gift you can give yourself is peace of mind as we head into the holiday seaon, and that means preparation well ahead of time. Anticipating deadlines and prioritizing projects weeks ahead of when you’ll be out of the office can translate into a clear line between what needs to be done before you leave, and what can wait until after. Use apps like Trello to maintain your lists with this “before and after” perspective.

  1. Don’t be a bottleneck

Nobody wants to be the reason a project is being held up, and the key here is communication. Reach out early to all of your stakeholders and let your team know when you’re going to be out of the office – Connect with them in person, via e-mail or quick pings on Slack – so you can leave knowing you didn’t drop the ball.

  1. Notorious OOO message

Probably the simplest, yet most effective thing you can do is to set-up your Out of Office message. For anyone you might have missed before leaving, or that falls outside your usual team, it sets clear expectations while you’re away or unavailable. In many cases, after you let people know that you have limited access to email, they may even be pleasantly surprised to hear back from you while you are away.

  1. Schedule your work ‘check-ins’

If you do need to keep in touch while you’re off for the holidays, be sure to set specific times that won’t disrupt your time with family, and set a maximum on your communication. For example, an easy rule to follow is two email checks in your day: once in the morning, and once in the evening. Reply only to what is time-sensitive, and save everything else until you get back. Done. It’s important to respect the time you have allowed for time off, both for your well-being and for those around you. Switching your email notifications off or even turning your data off while you’re out enjoying yourself can help keep this in check.

  1. Enable your technology

Technology has made it possible for us to be equally or more productive when we are outside of the office. In fact, many leaders are beginning to embrace remote culture for its many productivity benefits. With LogMeIn Pro you can access files on your work computer from your personal laptop, even if you’re over the river and through the woods at Grandma’s house (assuming Grandma has wi-fi). Once you retrieve that document from your work computer, you may need to collaborate on it with a colleague or update a client in a quick meeting. Simple start up join.me from your laptop or your mobile app. You can easily screen share with a colleague or meet face-to-face with a client, maintaining strong relationships even with your time off.