Contact Us Today! (626) 606-8594

Vista Computing Blog

Category Archives: Blog

“Paying the Ransom” Isn’t a Ransomware Defense

Ransomware has become a favorite attack vector for hackers – after all, for them, it’s pretty much a no loss game. They either get paid, or they move on to their next target. Unfortunately, cyberattackers that dispatch ransomware often do get paid, and these payments can sometimes come from a surprising source: cybersecurity firms.

Read more ...

NSA-Developed Malware Used in Third-Party Hack

Have you ever wondered what happens when hackers gain access to state-developed malware tools? Well, now you don’t have to; a type of malware called Double Pulsar, that has been utilized in the past by the NSA, was bundled with a Chinese hacking tool and used to carry out attacks on Hong Kong and Belgium in 2016. Needless to say, this threat is unnerving.

Read more ...

Tip of the Week: Simple Changes You Can Make to Make Work Easier

Waking up and going to work is the inevitable reality for billions of people, and sometimes people have a hard time acclimating to a new job. If that job is an office, there are some particular issues you will have to confront in order to get the most out of your time at work. Today, we look at five simple things you can do to make your life easier inside your office.

Read more ...

Google Docs Working on Office Support

Businesses are expected to make a choice regarding which solutions they will utilize. Typically they choose between Google’s or Microsoft’s productivity solutions. The unfortunate side of the choice is that they are often used exclusively, meaning there was little interoperability between the two. Nowadays, however, Google is moving to allow users to edit Microsoft Office files in Google Docs.

Read more ...

Even Cities Aren’t Immune to Ransomware

Ransomware hasn’t let up. It is important to understand that any organization, of any kind, is a potential target of a ransomware attack – and yes, this includes municipalities. In fact, since 2013, over 170 government systems at the county, city, or state levels have been attacked.

Read more ...

Tip of the Week: Overcoming the Hurdles of New Solutions

As you have likely realized, the technology solutions that power your business today aren’t going to be effective forever. This means that you will at some point need to upgrade this technology – but this isn’t always as easy as it sounds. Here, we offer a few tips to help you make it over some of the hurdles that a change to your technology can bring.

Read more ...

Protect Your Data Using These Three Methods

With so much on the line for businesses that deal with sensitive information, security needs to be considered a top priority. Unfortunately, one solution that works for every threat out there doesn’t exist. The right combination of enterprise-level security solutions can help your business secure its important data.

Read more ...

How to Restore Data You Didn’t Mean to Delete

Whoops! Didn’t mean to delete that, did you? We’ve all found ourselves having accidentally deleted something important. Below, we’ll review how – with any luck – you might be able to restore this data.

Read more ...

Tip of the Week: 4 Gmail-Connected Apps

Gmail is a widely used email client for both individuals and businesses, and as such, it’s a valuable tool that helps them get the most out of the workday. Gmail provides an incredible amount of space to store, archive, and sync messages with other email providers, but the biggest draw by far is its third-party integration tools. Today we’ll take a look at four of the best Gmail integrations that your organization can take advantage of.

Read more ...

Managing Your Cloud Costs

Cloud computing has taken the business world by storm. It wasn’t so long ago that businesses had to pay in-house technicians good money to design, research, and purchase all the hardware needed to run an onsite server. This is an expensive endeavor, and for a small business may not always be at the top of a list of priorities. Today, cloud computing can solve that problem (and many more), but if you don’t closely manage your cloud costs, it can end up wasting capital. Today, we will look at cloud computing’s tendency for organizations to go overboard on their cloud offerings.

Read more ...

Many Businesses Are Moving to a Hybrid System

Cloud computing provides a great deal of benefits for many businesses due to its constant availability, pricing structure, and its penchant for being the most easily scalable computing platform. It offers a lot of options that can help an organization control its computing costs when they are constantly fluctuating the amount of resources they need.

Read more ...

Tip of the Week: 5 Handy OneNote Features

On the surface, Microsoft OneNote seems to be a pretty basic program – it’s just a quick place to jot notes, right? In actuality, OneNote offers functions far beyond that of a digital scratchpad. For this week’s tip, we’ll review some of these functions.

Read more ...

Who Should Regulate Wearables?

Wearable technology, or “wearables”, have been around for decades, technically first becoming popular with Pulsar’s Calculator Wristwatch in the 1970s. Since then, our wearables have become much more capable, accumulating detailed profiles on us as we use them. This begs the question… who is in charge of regulating them?

Read more ...

Looking Back at 2019 Data Breaches

Data is more of a commodity than it has ever been, and more often than not, companies spend a considerable sum on data security. Unfortunately, even the most well-defended organizations still have trouble keeping data safe. 2018 saw 446.5 million records exposed due to data breaches, even though the overall number of breaches dropped by 23 percent to 1,244 total. We’ll discuss some of the most notable breaches that have happened over the first four months of 2019.

Read more ...

Would One of These Social Media Scams Bamboozle You?

Social media plays an increasing role in both the professional and personal sides of our lives. Unfortunately, this means that we all experience an increase in exposure to the many scam attempts that will appear on our screens. Like any kind of scam, the best defense against those that appear on social media is good, old-fashioned awareness and vigilance.

Read more ...

Tip of the Week: How to Keep Your Files Properly Organized

Now that we have access to better file storage and management than the file cabinets that we’ve historically utilized, our capabilities have increased exponentially… assuming, of course, that our better file storage and management solutions are kept organized. As this organization is so crucial to successfully undergoing your operations, we’re offering a few tips to help you keep your files in order.

Read more ...

USB Killer Caused $58,000 in Damage to The College of Saint Rose

For the modern business a lot of time is spent focusing on network security. The theory behind this action is that there are all types of threats that could be trying to get into your computer network. At a college, you’d expect that, since so much sensitive data, including personal, medical, and financial information–as well as intellectual property–is stored on college computers/servers, that the diligence of IT administrators would be even more conspicuous.

Read more ...

Vulnerability Assessments are Required as part of your Cybersecurity Program

Vulnerability Assessments are required as part of your Cybersecurity Program.  Vulnerability Assessments are similar to regular checkups when you visit your doctor on a periodic basis and are part of the upkeep of a good Cybersecurity Program.  At Vista Computing LLC we call this Cybersecurity Hygiene.

Read more ...

The Limitless Future of Virtual Reality

Virtual reality (VR) is a technology that a lot of people don’t know what to make of. Most people’s experiences with VR have either been from a third-party perspective or seen through their smartphones with the help of a $20 headset you can get about anywhere. In fact, in a study done by Statistica, it was pretty evident that first-person experience with VR is very limited. Of the 3,000 people polled, only 16 percent of men and six percent of women admitted to trying a “real” VR headset. Today, we will take you through modern VR technology and see what the future potentially holds for virtual reality.

Read more ...

Tip of the Week: How to Keep Your Facebook Clean

Facebook has become a highly effective networking tool in both our professional and personal lives. As I’m sure I don’t need to tell you, a business page on Facebook can bring a lot of attention to your company. Unfortunately, if someone were to use the wrong kind of language on your page, this attention likely wouldn’t be the kind you want your business to get. For this week’s tip, we’ll go over how you can get rid of this kind of content to protect your business’ reputation.

Read more ...

Build a Comprehensive Bring Your Own Device Policy

Bring Your Own Device, or BYOD, is a wonderful alternative to a business investing in high-end workstations. On one hand, it can save your business thousands of dollars by having your employees bring their own devices to the workplace. On the other, it could expose your network to untold risks. How can you strike a balance between the two and help your business prosper?

Read more ...

Benefits of a virtual Chief Information Security Officer (vCISO)

Benefits of a virtual Chief Information Security Officer (vCISO)

vCISO Vista Computing LLCA Chief Information Security Officer (CISO), is a vital component of an organization’s business strategy. These personnel help the enterprise formulate their cybersecurity strategies. A CISO ensures that all necessary measures have been taken, monitors cybersecurity awareness throughout the enterprise, and proactively creates defensive plans for when, or if an attack or an incident takes place.  If an attack or an incident has already taken place then the CISO would handle the necessary responsibilities in addressing the incident.

The role of the CISO in large organizations is usually occupied by a senior-level executive. These enterprises have large resources to accommodate these roles, however, many companies don’t have the kind of resources required to employ someone with enough expertise to fill the CISO role. This is as a result of the fact that any individual that will assume the role should have enough expertise in information security and also business operations, therefore, having such an individual at that senior position could be very expensive.  This is true for small and medium-sized businesses where they do not have the budget to employ a full-time cybersecurity leader.  Small and medium-sized businesses are the largest targets for hackers because the hackers know that these businesses do not have the necessary cybersecurity measure in place which makes it much easier to hack.

To solve the problem of not being able to employ a full-time CISO Vista Computing LLC has created a service offering to address the gap.  An alternative to having an internal full-time CISO is acquiring the services of a virtual Cybersecurity Information Security Officer (vCISO).  A virtual CISO (vCISO) performs the same function as an internal full-time CISO, however, they are not employed permanently by the organization but acquired as a service from an external cybersecurity team or organization such as Vista Computing LLC.

The following key areas are the benefits of having a vCISO as part of team within small and medium-sized businesses:

  • vCISO Provides Access to a Team of Experts

In the traditional method, where the Chief Information Security Officer is employed by the organization, a majority of the time this rests only on the knowledge and expertise of the internal CISO which is then applied in running the cybersecurity strategies.  This lends itself to limitations.  A vCISO on the other hand as part of a vCISO-as-a-service has access to a team of other virtual security experts that specialize in different aspects of information security. This ensures there is a wide knowledge base to draw from, which makes a vCISO a valuable and viable asset at handling the enterprise’s cybersecurity needs.

  • vCISO ensures the organization is “Up-to-Date” on Information Security Threats

In the Cybersecurity world, threats are constantly evolving.  According to various industry studies, there are over 100,000+ new threats that evolve everyday as attackers always try to find new ways to exploit system vulnerabilities.  With a vCISO where you have a team of information security experts, it is likely to find someone with the expertise that is required to identify and counter a specific type of zero-day threat.

  • vCISO offers Extensive Monitoring of the Organization’s Cybersecurity Needs

Virtual CISO services involves a team of expert. This means they can spend more time and resources monitoring the organization than an internal CISO could ever do.  Also, having more individuals with a wide range of expertise is invaluable as it they can easily spot information security incidents that would otherwise go undetected.

  • vCISO Costs Less compared to Hiring Internally

When an individual is hired as a full-time CISO internally, the organization has to pay a large salary, benefits, insurance, training, bonuses and so forth.  Let’s face it, small and medium-sized companies cannot afford an expensive full-time permanent CISO as part of the organization.  These costs are generally much higher when compared to the cost of acquiring the services of a vCISO.  Using the services of a vCISO, the small and medium-sized organizations only pay the cybersecurity service provider a set fee that covers the whole package. This keeps costs low while still benefiting from the services of a wider range of cybersecurity experts.

The vCISO service offerings at Vista Computing LLC is based on different blocks of hours purchased by an organization needing this valuable service.  We will consult with you to come up with a fair, sensible, and practical solution for your cybersecurity needs.

The Premier Cybersecurity Event in Southern California is the ISSA-LA Summit XI

Annenberg Community Beach House

May 2019 will be an exciting time for IT and Information Security Professionals as they will be gathering at the Annenberg Community Beach House.  The ISSA-LA Summit XI will begin on Tuesday, May 14th and end on Friday, May 17th of 2019.

So who’s going to be there?  Attendees will be from all over the place and will be comprised of so many different IT and Information Security Practitioners, Executives, Leaders, Analysts, and Hobbyists.

Why should you attend?  This is a great opportunity to learn from the experts!  It is a great opportunity to meet and greet and exchange ideas and solutions with the community.

Annenberg ISSA LA Summit XI Beach View

What should I expect to see?  You will have the option to attend various informational talks.  You will have a chance to learn by attending workshops.  You will also have the chance to just walk around take in the sun and hang out at the beach with nice people discussing all types of topics.

So where is the ISSA-LA Summit XI being held?  It is being held at the Annenberg Community Beach House.  For more information about the ISSA-LA Summit XI, pricing information, logistics, and to register then please visit the ISSA-LA Summit XI Website.

Vista Computing LLC will be visiting the ISSA-LA Summit to meet up with friends and colleagues and to discuss some business strategies.

Thank you kindly and see all of of you there!

Regards,

The Team at Vista Computing LLC

A Simple Methodology for Conducting Network Vulnerability Assessments

There are various methodologies out there when it comes to conducting a network vulnerability assessment.  But in all fairness they’re all pretty much similar in the fact that they contain various steps in the process and these steps may consist more or less of 7 main phases and can be used in conducting assessments for small and medium sized businesses (SMBs).  We follow the following methodology within our practice at https://www.vistacomputing.com.  For SMBs you can follow these simple steps: 

1.  Kick-off engagement meeting

2.  Discovery

3.  Investigation

4.  Verification

5.  Exploitation

6.  Reporting

7.  Remediation

Detailed Information regarding the above steps:

1.  Kick-off engagement meeting

The kick-off engagement meeting is for initial meet and greet with the client to find out more about what the client is trying to accomplish and deals with administrative tasks.

    a.  Identify the business drivers

    b.  Identify and engage the stake-holders

    c.  Set expectations and priorities

    d.  Acquire authorizations from the client

    e.  Validate and verify client subnets and host IPs

2.  Discovery

The discovery phase consists of technical tasks associated with finding out information about the client through the IP Addresses given by the client.  This is the scope of the engagement.  Typically the discovery phase includes finding out which hosts respond to ICMP echo requests, basic TCP Port Probes, DNS lookups and reverse-lookups.

3.  Investigation

The investigation phase is a deeper inspection of the hosts that are within scope for the engagement.  This is a technical task using various products to conduct vulnerability scans against the IPs.  We use a combination of open-source and commercial tools to carry on these tasks.

4.  Verification

The verification phase is a manual task where the reports of the investigation reports are manually verified for false-positives.  This is a phase for conducting clean-up tasks of the investigation report.  We usually call this the quality assurance phase where we make sure we’re delivering something that’s valid.

5.  Exploitation

The exploitation phase is a technical task to try and break into a system through the vulnerabilities found in the investigation report and/or the discovery phase.  If it is discovered that a critical and/or high risk vulnerability is found, seek approval from the stake-holders to conduct exploitation.  Not all engagements require the exploitation phase.  This is always optional.

6.  Reporting

Reporting is an important key factor when conducting the simple network vulnerability assessment for a client.  It is a common best practice to keep records of each step of the process through screen shots, notes, and various documentation efforts.  The report is primarily for the client to have a representation of where they are in terms of network security and how vulnerable they are.  The report will also include all vulnerabilities discovered as well as the remediation steps.  The final report is a PDF.

7.  Remediation

The remediation phase is for plugging the holes in the client’s network.  The remediation phase is a list of tasks to be completed in order to get rid of the vulnerabilities and to mitigate the risks.  This is also an optional task and we would need to discuss it with the client.

A VERY IMPORTANT DISCLAIMER:

All vulnerability assessments and penetration testing efforts are point in time tests.  So while we are conducting a vulnerability assessment you have to remember that it is a point in time test because a few minutes after a test is completed there could be a change to the system that we just scanned.  

4 Ways a Managed Service Provider Can Help Your Business

msps_help_businesses

How much does your business rely on technology to keep your organization running forward? As business technology becomes more complex, it’s becoming increasingly popular for organizations to have their own internal IT departments to manage and maintain it. Yet, small businesses don’t often have the necessary funds for such a feat. How can your company afford quality IT service? You can start by pursuing managed IT solutions from a managed service provider.

Read more ...

When it Comes to Security, Two Factors are Better Than One

step_authentication

The password isn’t nearly as secure as it used to be. Hackers have begun to take advantage of extremely powerful solutions designed to brute force their way into accounts by using software to rapidly guessing thousands of passwords per second, making it extraordinarily difficult to prepare yourself for them.

What’s the best way to guarantee that passwords aren’t going to be the downfall of your company? A great start is by taking a close look at password best practices and two-factor authentication.

Read more ...

How to Avoid Becoming the Next Data Security Cautionary Tale

security_cautionary_tale

Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues – enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.

Read more ...

Is Your Cloud Solution Actually a Money Pit?

cloud_money_costing_you

The cloud has proven to be an extremely useful tool for the modern business. Not only does it provide anywhere-anytime access to applications, processing, storage, et al; it also delivers those products as a service, allowing you to budget for recurring costs rather than major upfront ones. This provides your organization with functional, supported, and secure computing environments that eliminate a lot of the support costs that traditional computing environments require. It sounds like a perfect scenario for small and large businesses alike, but things aren’t always what they seem, as a lot of cloud users have found that they have incurred several hidden costs by using cloud platforms. Today, we take a look at these hidden costs.

Read more ...

Why (and How) SMBs Should Strategically Adopt Technology

adopt_technology

There is no question that a small business can benefit from technology, as has been proven time and time again. However, an issue can arise if a business bites off more than it can chew, so to speak, and ultimately creates a spike in costs. A responsible business owner will resist this temptation and prioritize the solutions they need over the ones they want – building profitability and generating capital needed to make other improvements.

In this blog, we’ll examine some of the implementations that can deliver a good return on investment to a small business.

Read more ...