Contact Us Today! (626) 606-8594

Vista Computing Blog

Category Archives: Best Practices

Tip of the Week: Use Google Like a Pro

Google Search is the most visited website on the Internet. It’s so popular the company’s name has turned into a verb. Most users just type their query in the Google text box and try to navigate the first page. Typically, there is something of use on that first page, but sometimes there isn’t. Today, we’d thought we’d give everyone a few tips on how to get the results you are looking for with your Google search queries. 

Read more ...

Tip of the Week: How to Best Organize Your Computer Files

Have you ever opened a file on your PC only to not be able to find what you are looking for because it’s an absolute mess? It has numerous file types, folders, and applications just sitting there providing absolutely no continuity. Well, today we’re going to help you out by giving you some tips on how to organize your files so that you can easily find what you are looking for and maneuver around your OS or cloud-based file storage efficiently.

Read more ...

If You Aren’t Patching Your Systems, Any Breaches are On You

Everyone in a business has set responsibilities that they need to fulfill, one major one being proper security maintenance. A failure to uphold this responsibility could have serious consequences, including the very real potential of a security breach. It could be argued, in fact, that if you aren’t patching your systems, you’re inviting cybercriminals in.

Read more ...

Tip of the Week: Simple Changes You Can Make to Make Work Easier

Waking up and going to work is the inevitable reality for billions of people, and sometimes people have a hard time acclimating to a new job. If that job is an office, there are some particular issues you will have to confront in order to get the most out of your time at work. Today, we look at five simple things you can do to make your life easier inside your office.

Read more ...

Tip of the Week: Overcoming the Hurdles of New Solutions

As you have likely realized, the technology solutions that power your business today aren’t going to be effective forever. This means that you will at some point need to upgrade this technology – but this isn’t always as easy as it sounds. Here, we offer a few tips to help you make it over some of the hurdles that a change to your technology can bring.

Read more ...

How to Restore Data You Didn’t Mean to Delete

Whoops! Didn’t mean to delete that, did you? We’ve all found ourselves having accidentally deleted something important. Below, we’ll review how – with any luck – you might be able to restore this data.

Read more ...

Tip of the Week: 5 Handy OneNote Features

On the surface, Microsoft OneNote seems to be a pretty basic program – it’s just a quick place to jot notes, right? In actuality, OneNote offers functions far beyond that of a digital scratchpad. For this week’s tip, we’ll review some of these functions.

Read more ...

Tip of the Week: How to Keep Your Files Properly Organized

Now that we have access to better file storage and management than the file cabinets that we’ve historically utilized, our capabilities have increased exponentially… assuming, of course, that our better file storage and management solutions are kept organized. As this organization is so crucial to successfully undergoing your operations, we’re offering a few tips to help you keep your files in order.

Read more ...

Vulnerability Assessments are Required as part of your Cybersecurity Program

Vulnerability Assessments are required as part of your Cybersecurity Program.  Vulnerability Assessments are similar to regular checkups when you visit your doctor on a periodic basis and are part of the upkeep of a good Cybersecurity Program.  At Vista Computing LLC we call this Cybersecurity Hygiene.

Read more ...

Build a Comprehensive Bring Your Own Device Policy

Bring Your Own Device, or BYOD, is a wonderful alternative to a business investing in high-end workstations. On one hand, it can save your business thousands of dollars by having your employees bring their own devices to the workplace. On the other, it could expose your network to untold risks. How can you strike a balance between the two and help your business prosper?

Read more ...

Benefits of a virtual Chief Information Security Officer (vCISO)

Benefits of a virtual Chief Information Security Officer (vCISO)

vCISO Vista Computing LLCA Chief Information Security Officer (CISO), is a vital component of an organization’s business strategy. These personnel help the enterprise formulate their cybersecurity strategies. A CISO ensures that all necessary measures have been taken, monitors cybersecurity awareness throughout the enterprise, and proactively creates defensive plans for when, or if an attack or an incident takes place.  If an attack or an incident has already taken place then the CISO would handle the necessary responsibilities in addressing the incident.

The role of the CISO in large organizations is usually occupied by a senior-level executive. These enterprises have large resources to accommodate these roles, however, many companies don’t have the kind of resources required to employ someone with enough expertise to fill the CISO role. This is as a result of the fact that any individual that will assume the role should have enough expertise in information security and also business operations, therefore, having such an individual at that senior position could be very expensive.  This is true for small and medium-sized businesses where they do not have the budget to employ a full-time cybersecurity leader.  Small and medium-sized businesses are the largest targets for hackers because the hackers know that these businesses do not have the necessary cybersecurity measure in place which makes it much easier to hack.

To solve the problem of not being able to employ a full-time CISO Vista Computing LLC has created a service offering to address the gap.  An alternative to having an internal full-time CISO is acquiring the services of a virtual Cybersecurity Information Security Officer (vCISO).  A virtual CISO (vCISO) performs the same function as an internal full-time CISO, however, they are not employed permanently by the organization but acquired as a service from an external cybersecurity team or organization such as Vista Computing LLC.

The following key areas are the benefits of having a vCISO as part of team within small and medium-sized businesses:

  • vCISO Provides Access to a Team of Experts

In the traditional method, where the Chief Information Security Officer is employed by the organization, a majority of the time this rests only on the knowledge and expertise of the internal CISO which is then applied in running the cybersecurity strategies.  This lends itself to limitations.  A vCISO on the other hand as part of a vCISO-as-a-service has access to a team of other virtual security experts that specialize in different aspects of information security. This ensures there is a wide knowledge base to draw from, which makes a vCISO a valuable and viable asset at handling the enterprise’s cybersecurity needs.

  • vCISO ensures the organization is “Up-to-Date” on Information Security Threats

In the Cybersecurity world, threats are constantly evolving.  According to various industry studies, there are over 100,000+ new threats that evolve everyday as attackers always try to find new ways to exploit system vulnerabilities.  With a vCISO where you have a team of information security experts, it is likely to find someone with the expertise that is required to identify and counter a specific type of zero-day threat.

  • vCISO offers Extensive Monitoring of the Organization’s Cybersecurity Needs

Virtual CISO services involves a team of expert. This means they can spend more time and resources monitoring the organization than an internal CISO could ever do.  Also, having more individuals with a wide range of expertise is invaluable as it they can easily spot information security incidents that would otherwise go undetected.

  • vCISO Costs Less compared to Hiring Internally

When an individual is hired as a full-time CISO internally, the organization has to pay a large salary, benefits, insurance, training, bonuses and so forth.  Let’s face it, small and medium-sized companies cannot afford an expensive full-time permanent CISO as part of the organization.  These costs are generally much higher when compared to the cost of acquiring the services of a vCISO.  Using the services of a vCISO, the small and medium-sized organizations only pay the cybersecurity service provider a set fee that covers the whole package. This keeps costs low while still benefiting from the services of a wider range of cybersecurity experts.

The vCISO service offerings at Vista Computing LLC is based on different blocks of hours purchased by an organization needing this valuable service.  We will consult with you to come up with a fair, sensible, and practical solution for your cybersecurity needs.

A Simple Methodology for Conducting Network Vulnerability Assessments

There are various methodologies out there when it comes to conducting a network vulnerability assessment.  But in all fairness they’re all pretty much similar in the fact that they contain various steps in the process and these steps may consist more or less of 7 main phases and can be used in conducting assessments for small and medium sized businesses (SMBs).  We follow the following methodology within our practice at https://www.vistacomputing.com.  For SMBs you can follow these simple steps: 

1.  Kick-off engagement meeting

2.  Discovery

3.  Investigation

4.  Verification

5.  Exploitation

6.  Reporting

7.  Remediation

Detailed Information regarding the above steps:

1.  Kick-off engagement meeting

The kick-off engagement meeting is for initial meet and greet with the client to find out more about what the client is trying to accomplish and deals with administrative tasks.

    a.  Identify the business drivers

    b.  Identify and engage the stake-holders

    c.  Set expectations and priorities

    d.  Acquire authorizations from the client

    e.  Validate and verify client subnets and host IPs

2.  Discovery

The discovery phase consists of technical tasks associated with finding out information about the client through the IP Addresses given by the client.  This is the scope of the engagement.  Typically the discovery phase includes finding out which hosts respond to ICMP echo requests, basic TCP Port Probes, DNS lookups and reverse-lookups.

3.  Investigation

The investigation phase is a deeper inspection of the hosts that are within scope for the engagement.  This is a technical task using various products to conduct vulnerability scans against the IPs.  We use a combination of open-source and commercial tools to carry on these tasks.

4.  Verification

The verification phase is a manual task where the reports of the investigation reports are manually verified for false-positives.  This is a phase for conducting clean-up tasks of the investigation report.  We usually call this the quality assurance phase where we make sure we’re delivering something that’s valid.

5.  Exploitation

The exploitation phase is a technical task to try and break into a system through the vulnerabilities found in the investigation report and/or the discovery phase.  If it is discovered that a critical and/or high risk vulnerability is found, seek approval from the stake-holders to conduct exploitation.  Not all engagements require the exploitation phase.  This is always optional.

6.  Reporting

Reporting is an important key factor when conducting the simple network vulnerability assessment for a client.  It is a common best practice to keep records of each step of the process through screen shots, notes, and various documentation efforts.  The report is primarily for the client to have a representation of where they are in terms of network security and how vulnerable they are.  The report will also include all vulnerabilities discovered as well as the remediation steps.  The final report is a PDF.

7.  Remediation

The remediation phase is for plugging the holes in the client’s network.  The remediation phase is a list of tasks to be completed in order to get rid of the vulnerabilities and to mitigate the risks.  This is also an optional task and we would need to discuss it with the client.

A VERY IMPORTANT DISCLAIMER:

All vulnerability assessments and penetration testing efforts are point in time tests.  So while we are conducting a vulnerability assessment you have to remember that it is a point in time test because a few minutes after a test is completed there could be a change to the system that we just scanned.  

4 Ways a Managed Service Provider Can Help Your Business

msps_help_businesses

How much does your business rely on technology to keep your organization running forward? As business technology becomes more complex, it’s becoming increasingly popular for organizations to have their own internal IT departments to manage and maintain it. Yet, small businesses don’t often have the necessary funds for such a feat. How can your company afford quality IT service? You can start by pursuing managed IT solutions from a managed service provider.

Read more ...

How to Avoid Becoming the Next Data Security Cautionary Tale

security_cautionary_tale

Data security isn’t a matter to be taken lightly, as too many businesses have found out the hard way. Unfortunately, there are far too many simple ways to correct common security issues – enough that it’s foolish not to do so. We’ll review a few ways to fix security issues, after discussing one of, if not the, most egregious security failings in modern history.

Read more ...