Submit a Support Ticket
Managed Services
Managed Services
Enterprise-level processes, technology and strategy for small and medium businesses. Outsourced services, all supported by members of the Impact team.
See Our Approach
IT & Cloud
IT & Cloud
Security-focused network infrastructure management
Cybersecurity
Cybersecurity
Proactive network alerting and monitoring
Digital Innovation
Digital Innovation
Process efficiency and modern business applications development
Marketing & Branding
Marketing & Branding
Full-service marketing strategy, creation and development
Print & Documents
Print & Documents
Cost-effective equipment, support and document management
Solutions
IT & Cloud
vCIO Consulting
Designated, strategic account management services
Backup, Disaster Recovery & Business Continuity
Proactive security and prevention of data loss
Cloud Hosting Platforms
Digital storage environments for company data
Workspace as a Service
Remote work access and collaboration tools
Infrastructure and Network Management
Network monitoring tools managed by Impact
Productivity Suites
Cloud-based tools to communicate and collaborate
Mobile Device Management
Visualization and controls for all company devices
View More Solutions
Cybersecurity
Edge Security
Protection for networks closest to the internet
Endpoint Protection
Detection and protection for all company devices
Secure Data Protection
Tools to secure company data
Identity & Access Management
Authentication and secure portals to control access
Network Security Monitoring
Vulnerability monitoring, threat detection and risk mitigation
Compliance Services
Expertise focused on industry regulations and standards
Cybersecurity Consulting
Security awareness training and professional cybersecurity consulting
View More Solutions
Digital Innovation
Enterprise Resource Planning
Centralized management of business processes and applications
Business Process Automation
Multichannel platform to streamline workplace activities
Business Intelligence
In-depth analytics to inform business strategy
Robotic Process Automation
Software robots designed to support everyday processes
Enterprise Content Management
Platform for streamlining data-driven processes
Rapid App Development
Low-code platform for custom applications
Project Management Solution
Empower collaboration using the Smartsheet platform
View More Solutions
Marketing & Branding
Website Design & Development
Web and mobile SEO, coding and design
Content Marketing
Tailored copy for website, social and email
Video & Photography Production
Professionally-shot, high-quality visuals
Brand & Design
Graphic and content presentation for brand identity
Research & Insights
Competitive research to inform marketing strategy
Paid Media Services
Digital strategies for search, social and ads
Custom App Development
Low-code applications for customers and employees
View More Solutions
Print & Documents
Digital Office Equipment
The latest office technology and ongoing support
Production Print
Specialty, affordable technology for quality print materials
Paper
One-source office supply services
View More Solutions
Company
20 Years in the Making
Learn more about Impact Networking, our team and history.
Learn More About Impact
News
News
Press releases and company announcements
Locations
Locations
Information about Impact's branches
Leadership
Leadership
Impact executives and department heads
Company Videos
Company Videos
Events, partnerships and community engagement
Partners
Partners
Impact's technology and equipment providers
Events
Events
Online and in-person events
Careers Resources
Support Inquiries Get in Touch
Support Get in Touch
Managed Services
Managed Services
Managed Services
Enterprise-level processes, technology and strategy for small and medium businesses. Outsourced services, all supported by members of the Impact team.
See Our Approach
IT & Cloud Cybersecurity Digital Innovation Marketing & Branding Print & Documents
Company
Company
20 Years in the Making
Learn more about Impact Networking, our team and history.
Learn More About Impact
News Locations Leadership Company Videos Partners Events
Resources Support Inquiries Get in Touch
Request Support Customer Portal
Blog Post
Jun 03, 2021

Cybersecurity Monthly: Tips Roundup for May 2021

Welcome back to our series, Cybersecurity Monthly, where we’ll be presenting you a round-up of updates from one of Impact’s cybersecurity experts.

You’ll learn about trends and strategies for SMB security and how you can improve your organization’s approach to ensuring the best cybersecurity practices.

If you’d like to learn more, check out the previous entries into the Cybersecurity Monthly series from February, March, and April.

Take a look!

Slow and Steady Wins the Race

Everything we do has to be processed with two goals: service availability and deliver secure products.

We are moving at the speed of Moore’s Law. We have the “need” to implement new technology and services as a first to market.

How about we are first to market in a secure manner? Are we exercising due diligence? Checked everything we can and correctly the first time?

I always told my charges, if you have time to do things over, you had time to do them right. I understand the whole model of getting it out the door, make money, then make improvements. With the risk profiles that are out there, this method should no longer be acceptable in cybersecurity.

Don’t get me wrong, I enjoy the job security I have. Most of my time is spent making sure the basic foundations in security are implemented first, crawl phase.

Then move to the walk phase, which would be documenting and measuring.

The run phase is where the true experts come to play, improving based on needs, automation, advanced testing, and bliss (Note: this is a personal view and results may differ on an individual basis).

If you are making, due diligence is our best friend. If you are implementing, slow and steady wins the race.

Learning to Prioritize

What are you protecting? Have you defined the level of protection you need? Have you conducted a risk assessment to help prioritize your resources?

These are things that are necessary to build a business case for an adequate level of security.

Not all things need Fort Knox-level security; some require presidential-level security, while others require a combination lock (three disks). Using risk management maximizes resources where required while still identifying risks, processes, and gaps.

Learning from ISACA really reset my focus on risk assessments, frameworks, measuring risk, and communicating the value of risk mitigation.

There is one component I am guilty of omitting—the third axis. Most risk assessments focus on the level of consequence and probability. What was missing from my previous risk assessments, the occurrences per year, and the value of each occurrence.

Two things that we should focus on reducing, the level of consequence and the occurrence.

Think About Your Passwords

May is home to many special days, like Cinco de Mayo and of course Star Wars Day! Most importantly for us in cybersecurity, however, is Password Day.

What is Password Day? It is a reminder not only for all internet users to check and change their passwords, but it is also a reminder for admins to go and check their global password policy on their enterprise.

Let’s also change the use from password to passphrase! Even the Cave of Wonders required the use of a passphrase.

Using a passphrase would be easier to create a 16-character string that contains UPPER and lowercase letters, numbers, and special characters.

Let’s also consider the lifecycle of the passphrase, 90 days seems to be the standard to have users change their passwords, or passphrase, which causes fatigue since they need one for a dozen or more platforms. That is a lot of credentials to maintain.

Help your end-users out, get them a password or credential manager to help them manage those passphrases and not reuse them across different platforms.

One of the leading factors of account compromise is password reuse. Help stop that practice.

Organizations need to create a list of forbidden words to be used in passphrases. This list should include seasons, organizational names, project names, and years!

That’s all for this month’s cybersecurity monthly. To learn more about cybersecurity, check out this video with an actionable cybersecurity tip, What Is the Definition of Multi-Factor Authentication? | Buzzwords

Recommended

Blog Post
May 24, 2023

How to Reduce Printing Costs for Paper-Heavy Industries

Technology and digital document management can be revolutionary, but sometimes […]
Blog Post
May 17, 2023

10 Benefits of Process Automation

Process automation comes with many benefits for businesses who choose […]
Blog Post
May 10, 2023

Impact’s Most Helpful Resources for Small Businesses

Running a business means being pulled in a million different […]