NEED SUPPORT? CALL (855) 422-8283

What is Cybersecurity Insurance (& Does Your Business Need It?)

What is Cybersecurity Insurance (& Does Your Business Need It?)

An unfortunate reality of the modern, connected business world is that it is no longer a question of if your organization will experience a cybersecurity incident, but when. In 2020, there was one new ransomware victim every ten seconds, while the average cost of a data breach the same year was $3.86 million.

Those eye-watering numbers have many organizations of all sizes and in all verticals, justifiably concerned. Improving your cybersecurity posture and ensuring you have an effective incident response plan in place can significantly reduce the amount of downtime your organization experiences should an incident occur, as well as minimize or even eliminate damages. However, to help offset the costs associated with cybersecurity incident recovery, more organizations than ever before are turning to cybersecurity insurance.

man calculating cost or cybersecurity risks and breaches

What is Cybersecurity Insurance?

Cybersecurity insurance (also called cyber liability insurance) is designed to cover the costs associated with cybercrime should your technological systems or customer data be targeted as part of a cybersecurity incident. While your exact coverage will vary depending on your insurance provider and other factors, cyber liability insurance typically covers legal costs and damages such as:

Cyber Liability Insurance vs Cybercrime Insurance: What is the Difference?

Some insurance providers also offer cybercrime insurance in addition to cyber liability insurance. This additional insurance is designed to help compensate your organization for funds lost during a cybersecurity incident such as a hack or social engineering attack, including notification costs, data restoration costs, and associated legal expenses.

What Typically Isn’t Covered

Like all forms of insurance, there are a few things cyber liability insurance typically doesn’t cover. While what is and is not covered will vary depending on your insurance provider and policy, typical exclusions include:

  • Potential future lost profits
  • Loss of value due to intellectual property theft
  • Betterment, which is the cost to improve your internal technology systems, including software or security upgrades, after an attack has occurred

Common Types of Cyber Liability Claims

When it comes to insurance claims, most cyberattacks fall into one of three categories: hacking, social engineering, and malware (including ransomware).

Hacking

Hacking (gaining unauthorized access to a computer system, usually by exploiting existing security vulnerabilities) is the most common type of attack that leads to an insurance claim. This is because if an attacker compromises your system or network, your company could be liable for a wide variety of costs related to the attack, including:

  • Third-party lawsuits
  • The costs associated with notifying affected parties and other stakeholders
  • Public relations and reputation management costs
  • Regulatory fines

Social Engineering

Social engineering attacks (including phishing scams) depend on an attacker tricking someone inside your company into helping them. Attackers trick unknowing individuals with access to your system into essentially opening the door for them, usually by impersonating a trusted individual (such as their boss or another superior or someone from accounting or the bank) and asking them to click a link, hand over their login credentials, or grant access to restricted areas of the network. The employee then unwittingly either lets the attacker into the network or downloads malware, which grants access or otherwise allows the attacker to wreak havoc.

Malware

Malware, short for malicious software, comes in a variety of forms and is an incredibly common type of cyberattack. Malware can be difficult to defend against because every program is different and uses different strategies to infiltrate your network. Ransomware is a very common form of malware designed to hijack your system and lock you and your employees out of the network. The attacker then demands a ransom in exchange for releasing or unlocking the system. However, not all attackers follow through on their end and may simply take the ransom money and leave the network locked.

photo of hooded man hacking with his computer

First-Party vs Third-Party Insurance

What type of cyber liability insurance your organization decides to purchase should be based on a variety of factors, including your needs as an organization and what entities you need to protect. Unfortunately, when it comes to cyberattacks, the business originally targeted is not the only party that may be impacted. As such, there are two different types of cyber liability insurance: first-party and third-party.

First-party insurance protects your company or organization and will cover the costs outlined in your policy associated with an attack. Any organization that handles electronic data should purchase a first-party policy to cover the various expenses that organizations face in the wake of a cybersecurity incident.

Third-party insurance is designed to protect organizations that offer professional services to other businesses that could be impacted in the event of an attack. This type of coverage is often compared to professional liability insurance in the sense that the third-party insurance can help safeguard your business in the event you are sued by another organization for errors you may have made that resulted in damages or losses to the company suing you.

For example, let’s say your organization is a law firm. Your law firm’s data security is compromised, and as a result, several of your clients have accused you of failing to prevent the data breach. In this instance, the third-party cyber-liability insurance would cover your legal fees, government penalties and fines, and any settlements or judgments related to these claims.

What is the Average Cost of Cybersecurity Insurance?

How much your cyber liability insurance plan costs will depend on a variety of factors, including the type of business you run and the level of cyber risk you are exposed to. However, a recent study by AdvisorSmith Solution Inc found that the average cost of a cyber liability policy in 2019 was $1500 per year for $1 million in coverage, as well as a $10,000 deductible.

How much your policy costs will also depend on:

  1. Your size and industry: The more employees you have, the greater your chances of falling for a successful phishing or other social engineering attack, which will drive up your insurance premiums. However, a larger factor is your industry. Different industries are classified as low, medium, or high risk, depending on the type and amount of data your organization stores.
  1. How much data you store, and how sensitive it is: Low-risk organizations, such as small local businesses with limited customer bases, will pay less for their coverage than higher-risk organizations such as retail stores that collect and store customer credit card numbers both instore and online through their website or eCommerce store. Organizations that store large amounts of highly sensitive personal data (such as social security numbers or dates of birth), such as hospitals or other healthcare facilities, will pay higher premiums.
  1. Your annual revenue: In the eyes of most insurance companies, the more money your business makes, the more likely a cybercriminal will target your organization. As such, organizations with higher revenue streams are more likely to pay higher premiums for cyber liability insurance.
  1. How robust your cybersecurity posture is: Most insurance companies reward organizations that take cybersecurity seriously and dedicate significant resources and people hours to safeguarding their digital assets. To help keep your insurance costs low, all organizations (particularly high-risk ones) should invest in robust cybersecurity measures, have sufficient security measures in place, and ensure their employees receive appropriate cybersecurity training.
  1. The terms of your policy: Your coverage limits and deductible also play a significant role in determining your insurance premiums. The more coverage you want, the higher your monthly insurance premiums will be. Your deductible refers to the amount of loss your business is responsible for in the event of an incident that is covered by your policy. Organizations that opt for a higher deductible (absorbing more of the initial costs themselves) typically pay lower premiums but are on the hook for more of the damages in the event of an incident. On the other hand, organizations that opt for a lower deductible will pay higher monthly premiums but will have more of their losses covered in the event of an incident. Organizations with robust security measures in place may opt for lower premiums and a higher deductible, while high-risk organizations that store lots of sensitive data may opt for higher premiums in exchange for a lower deductible.

Does My Business Need Cybersecurity Insurance?

If your organization handles electronic data, you should have at least a basic cyber liability insurance plan in place. Like all forms of insurance, cyber liability insurance is there to cover worst-case, what-if scenarios.

Handing over funds for cyber liability insurance every month may seem like an unnecessary expense, but a large-scale cybersecurity incident can be enough to bankrupt a small or even medium-sized organization and destroy your reputation. Having access to emergency funds to defray costs such as hiring an expert team to help you fend off an attack in progress and limit damages, replacing damaged equipment, paying fines, covering your legal costs, and managing your reputation after an incident could be the difference between your organization weathering the storm relatively unscathed or folding under the pressure.

Take a Proactive Approach

Investing in a robust yet flexible cybersecurity posture will do more than just help keep your premiums low; it can also help your organization fend off attacks in real-time and limit or even eliminate permanent damage to your infrastructure.

Investments such as employee cybersecurity training (both as ongoing training and part of your employee onboarding process) can also help safeguard your organization by giving your team the tools they need to spot suspicious activities (such as phishing scams) and sound the alarm before any damage can be done.

Selecting the Best Insurance Provider for Your Organization

With cybercrime on the rise, more insurance companies than ever are offering cyber liability insurance. As with any insurance policy, it often pays to shop around. Start by finding out if your existing insurance provider offers cyber liability insurance. If they do, you might be able to negotiate a break on your premiums or a better deductible in light of your existing relationship.

However, it also helps to shop around and see what other providers and policies are available. Since the cost of your insurance plan is typically determined in part by your industry or vertical, it can help to reach out to other organizations like yours for recommendations and advice. You may also want to consider consulting with your MSSP (Managed Security Services Provider) to see if they have any recommendations. MSSPs have extensive cybersecurity experience and work with a variety of organizations, so they may be able to help you determine what sort of policy is best for your organization’s unique needs.

For more information about the importance of cyber liability insurance, and cybersecurity in general, please contact our team today.

Guide to Creating an Effective Incident Response Plan

Guide to Creating an Effective Incident Response Plan

It’s always best to take a proactive, rather than a reactive, approach to almost any problem or potential problem. In a world where breaches and other cybersecurity threats and incidents have become commonplace, it is no longer a question of if your organization will be targeted, but when.

To best safeguard your organization’s digital assets and reputation, you need to develop a robust yet flexible incident response plan tailored to your company’s unique needs. A comprehensive plan allows you to respond to incidents quickly and effectively and is crucial for minimizing damage and recovering from an incident.

If you have experienced or are currently experiencing a security incident, please contact our team right away by calling (855) 422-8283 anytime 24/7/365. You should also consider reviewing our guide: Hacked? Here’s What to Know (and What to Do Next).

What is an Incident Response Plan?

At its core, an incident response plan is a set of instructions developed by your team (and likely with assistance from your managed security services provider) that tells your team how to detect, respond to, and recover from a security incident. Though most incident response plans tend to be technologically centered and focus on detecting and addressing problems such as malware, data theft, and service outages, a security incident can have a widespread impact on all of your organization’s usual activities. As such, a good incident response plan will not only provide instructions for your IT department but will also provide guidance and critical information to other departments and stakeholders, such as:

  • Human resources
  • Finance
  • Customer service
  • Employees
  • Your legal team
  • Your insurance provider
  • Regulators
  • Suppliers
  • Partners
  • Local Authorities

If not handled correctly, a security incident can also tarnish your reputation and damage your relationship with your clients, sometimes irreparably.

Create a strong response plan in order to keep downtime to a minimum

The 5 Phases of an Incident Response Plan

While NIST has drafted a guide outlining how to handle computer security incidents, these general guidelines only offer a starting point. For maximum efficacy, your organization’s incident response plan needs to be both specific and actionable and clearly specify who needs to do what and when. All key stakeholders need to be involved in the plan development process and kept up to date on any changes made to the plan. 

Though your plan will need to be tailored to meet your organization’s unique cybersecurity needs, all VirtualArmour Cybersecurity Incident Response Plans follow the same basic phase format: Hunt, Alert, Investigate, Remediate, Review, and Repeat.

Phase 1: Hunt & Alert

The only way you can respond to a threat is if you know it is there. All organizations should take a proactive, rather than a reactive, approach to their cybersecurity. This includes actively hunting for potential security threats and reviewing your security protocols frequently to ensure they are continuing to meet your organization’s needs. 

To hunt for security threats, you should be internally monitoring all company email addresses to look for signs of trouble such as phishing scams and invest in security tools that will alert you to any potentially suspicious activities. 

Should any suspicious activities be detected, you need to have a process in place to ensure your internal security team or MSSP is made aware of the issue so they can help you determine if the threat is credible. Should you discover a threat during this preliminary phase, you also need protocols in place to: 

  • Assess how serious the threat is
  • Determine whether a breach is imminent
  • Activate your security incident response plan (including alerting all internal and external stakeholders)
  • Allocate resources (including pulling employees away from regular tasks to deal with the threat)
  • Address the threat (ideally before any significant damage has been done)

Why You Should Consider Pen Testing

An excellent way to identify gaps in your security before they can be used against you is pen (penetration) testing. Pen testing involves hiring an ethical hacker to attack your network and other IT infrastructure and look for gaps in your defenses that could be exploited. 

As the hacker stress tests your cybersecurity, the hacker notes any flaws they managed to exploit to gain entry to your system so that you can address these shortcomings and shore up your defenses. Once the test is complete, the ethical hacker reviews their findings with you and offers recommendations to improve your security. Essentially, by hiring a good guy to look for deficiencies in your current security posture, you can address those issues before the bad guys discover and exploit them.

Phase 2: Investigate

During an incident, your top priority needs to be containing the threat and minimizing damage. Once the threat has been dealt with, you should review both the threat and your response to help ensure the same threat cannot be used against you again.

Phase 3: Remediate

Once you have contained and eliminated the threat, it is time to begin cleaning up the mess. Your recovery and remediation process should include notifying all appropriate external entities (including your customers, relevant regulators, and potentially impacted third parties such as suppliers). Impacted external entities should be told the nature of the incident (ransomware attack, DDoS attack, etc.) and the extent of the damage.

The remediation process also needs to involve gathering evidence so that it can be reviewed by your security team, your MSSP, and regulators, as well as law enforcement (if appropriate). Once you have all the evidence, you will need to perform a root cause analysis to determine the primordial problem and determine what steps need to be taken to address the primordial problem and ensure a similar incident can’t happen again. 

The remediation process may also involve:

  • Replacing damaged or compromised equipment
  • Restoring systems from backups
  • Addressing any vulnerabilities the attacker was able to exploit
  • Updating your security controls (changing passwords, installing security patches, etc.)

Phase 4: Review

If you are targeted, one of the best things you can do to best safeguard your organization going forward is to learn from what transpired. As part of your review process, make sure you gather all internal and external team members involved and discuss your response to the incident and identify any shortcomings or oversights that need to be addressed.

As part of this phase of the incident response plan, the VirtualArmour team will help you assess your current incident response plan and offer suggestions for improvements. 

Practice Makes Perfect: The Benefits of Tabletop Exercises

As part of your ongoing security training, you should consider running tabletop exercises with your security team as well as all internal and external team members that are involved in responding to security incidents. 

Tabletop exercises work like fire drills, presenting your team with a hypothetical security incident and allowing them to practice responding in a no-stakes environment. Not only do tabletop exercises give your team valuable practice before an incident occurs, but they also allow your organization to assess the efficacy of your current incident response plan so that any shortcomings or other problems can be addressed before an incident occurs.

Phase 5: Repeat

Just because your team managed to identify and effectively respond to a security incident doesn’t mean your organization is safe forever. Constant vigilance is required to ensure your team is always ready to respond to threats, regardless of what attackers throw at you.

Does My Organization Need an Incident Response Plan?

All organizations, regardless of size or vertical, need to have an incident response plan in place. 

When Should My Organization Begin Developing Our Incident Response Plan?

Because you will never know when disaster will strike, you should begin developing your incident response plan as soon as possible. If you aren’t sure where to begin, we suggest you get started by:

  1. Reviewing the NIST guidelines
  2. Create the living document your plan will reside in and meet with stakeholders to begin fleshing it out. This document should include:
    1. Your incident response mission statement: The job of this section is to outline why you need an incident response plan.
    2. Roles and responsibilities: Explicitly name who is involved in the incident response plan, why they are involved, and their role should an incident occur.
    3. Incidents you are likely to encounter: This section will outline what types of incidents your organization is likely to encounter (ransomware attacks, DDoS attacks, etc.) and how you will respond to them.
    4. Emergency contact details for all relevant parties: This includes both members of the incident response team and regulators. You may also want to consider including contact information for local law enforcement here as well. 

Assembling Your Team: Who Needs to Be Involved While Developing & Actioning Your Incident Response Plan

Who is involved in developing and actioning your incident response plan will vary depending on your organization’s specific needs. However, all organizations should include at least one person from each of the following stakeholder groups.

Your Executive Team

At least one C-suite executive (ideally your CTO) or a similarly ranked decision-maker should be included. This is not only vital to ensure your executive team is kept in the loop but can make it easier to secure resources quickly should an incident occur. 

Your IT Department

Your internal IT department will be integrally involved in any response, so it is vital that they are given a seat at the table. You need to make sure you have a good relationship with your networking team, database team, and developers, though whether you wish to include representatives from these sub-groups will depend on the size and structure of your organization. You should also strongly consider working with your MSSP during the development phase since they will be able to offer valuable insights and approaches you may not have considered.

You should also consider engaging with your hosting providers and service providers, though this may simply involve sharing your finalized plan with them and informing them of any changes, so they are up to date if an incident occurs.

Your Legal Team

Security incidents can become a legal nightmare, so your legal team or company lawyer must be included. During the incident response plan development process, you will need to make decisions regarding what is reported and to whom. Your incident responders should be chosen for their technical skills, not their legal skills, so your legal team must be intimately involved in the development process.

Human Resources

Many security incidents occur because of users (such as an employee falling for a phishing scam), so having a member of your human resources team at the table is critical. Your incident response team needs to be able to handle user-caused incidents delicately and respectfully and ensure your response plan complies with all relevant laws from a human resource perspective. HR can help ensure compliance and should be involved in the incident response plan development process. If an incident occurs, they should also be pulled in on an as-needed basis. 

Your Public Relations Team

Security incidents can quickly become public knowledge, whether you are ready to share the details or not. Like your HR team, your PR team should be kept in the loop during an incident, but their expertise is particularly invaluable during the remediation phase.

Looking for Guidance or Advice? VirtualArmour is Here to Help

Creating an incident response plan from scratch may seem like a daunting task. So much rides on having a robust plan in place that is flexible enough to be quickly updated to ensure your organizations’ evolving needs are met. Many small and medium-sized organizations do not have the bandwidth or expertise to develop a good incident response plan on their own. That is where MSSPs like VirtualArmour come in. 

Our team of security experts has extensive experience working with organizations of all sizes in a variety of verticals, including healthcare, financial services, retail, energy, and service providers. For more information about the importance of having a security incident response plan, or to being work on your own plan, please contact our team today.

search your hardware and processes to make sure your prepared for an incident

Suggested Reading

Cybersecurity is a complex and continually evolving field. To help keep your knowledge up to date, please visit our blog and consider reviewing these suggested educational articles and resources.

Knowledge is Power: Our Cybersecurity Predictions for 2021

Our Predictions for the 2021 Cybersecurity Environment

The Risks of Public WiFi (& How to Protect Yourself)

The Risks of Public WiFi (& How to Protect Yourself)

In a constantly connected world, free WiFi can seem like an oasis in the desert, allowing you to ration your data and safeguarding you from eye-watering overage fees.

Unfortunately, public WiFi is inherently less safe than personal, private networks such as your home internet or the office network. 

Public WiFi Leaves You Vulnerable 

Public WiFi is inherently risky: after all, you have no idea who else is on this network and what they are up to. While businesses such as stores and organizations like your municipality or public library may think they are offering a helpful public service or a valued customer perk, you can’t be sure that they take security as seriously as you do. 

Person using public wifi securely

Common Public WiFi Cyberattacks

If you are the victim of a cyberattack, please contact our team immediately and consider reading our educational article Hacked? Here’s What to Know (& What to Do Next).

Man-in-the-Middle Attacks

Man-in-the-Middle (MitM) attacks are one of the most common public WiFi cyberattacks and are, at their core, a form of digital eavesdropping. Essentially, when a device such as your phone, tablet, or laptop connects to the internet via a public WiFi network, data is sent between point A (your device) and point B (the website you are visiting or the server that hosts the app you are using). Man-in-the-Middle attacks allow cybercriminals to camp out between these two points and intercept your traffic, which they can then either read or manipulate. 

Man-in-the-Middle attacks take a number of forms, including interfering with legitimate networks, creating fake networks that the attacker controls, or rerouting internet traffic to phishing or other malicious sites. Compromised traffic is stripped of any encryption protections, which allows the attacker to steal information or change the information you are transmitting. 

Attackers don’t want you to realize they are manipulating your traffic, so it can be difficult to realize an attack has occurred until you discover your email address is being used to send spam, your bank account is empty, or you uncover other evidence of nefarious activity. As such, users must take steps to avoid falling victim to these attacks. 

While using multi-factor authentication can make it more difficult for attackers to gain unauthorized access to your accounts, your username and password can still be compromised. As such, if you absolutely cannot wait to log in to your bank account or conduct other sensitive business, opting for a cellular connection or using your phone as a personal hotspot for your laptop is a better option.

Malware & Malicious Hotspots

While most developers do their best to ensure the programs they create are secure, sometimes mistakes happen, and programs, apps, and websites can inadvertently be left with security holes or other weaknesses. Attackers use these vulnerabilities to sneak malware (malicious software) onto your device. 

Another common technique involves setting up fake hotspots full of malware and making them look like legitimate networks; an attack sometimes referred to as a honeypot. These networks usually adopt reputable names in order to trick victims into connecting. 

For example, let’s say you decide to visit a coffee shop called Kim’s Cafe. You open your phone and, without thinking, select the “Kim’s Cafe” WiFi network. How do you know that network is actually owned by Kim’s Cafe? While some businesses that offer complementary public WiFi post the network name prominently (to help ensure visitors aren’t connecting to suspicious networks), not all businesses do. You can ask a staff member for the name and password for the guest network, but that doesn’t guarantee their network is secure. When in doubt, go without or use your cellular data, don’t just select a network that appears legitimate and hope for the best. 

Person using phone and laptop on public wifi

Tips for Staying Safe on Public WiFi

When it comes to public WiFi, caution is the name of the game. The best way to stay safe on a public WiFi network is to not use the public WiFi network. However, we also understand that this can be easier said than done. 

If you do have to use public WiFi, you should start by asking yourself a single question: If someone was reading over my shoulder right now, how would I feel about it? If the thought of some stranger reading your screen makes you anxious or angry, you should probably hold off until you can connect to a secure network. 

To help you get started, here are links to guides on how to manage your security settings on these commonly used web browsers:

Leave Your PII At Home

If you need to use public WiFi, limit your activities as much as possible and avoid visiting any sites or using Apps that involve handing over your personally identifying information (PII), such as banking details, usernames, and passwords, or medical information. You wouldn’t carry a sign around with your personal information splashed all over it, so why would you risk revealing this highly sensitive data on a public WiFi network?

If you have to use a public network, stay clear of apps and websites that require you to log in. Some websites and apps require you to enter things like your full name, phone number, and other identifying information when you create an account, so even if you don’t remember providing that information when you registered, you may inadvertently be exposing that information if an attacker intercepts your internet traffic. 

Consider a VPN

If you spend a lot of time away from your desk and absolutely need to stay connected (say you are traveling for work and don’t have unlimited data), you might want to consider a VPN. A VPN allows you to create a secure connection between your device and another network (such as your work network) over the internet, shielding your browsing activity and keeping you off of public WiFi networks. 

To help safeguard sensitive company data and other digital assets, many employers provide their employees with VPNs to ensure they are always using a secure connection while accessing company data. After all, you have no idea if your employee’s home network, local cafe WiFi, or complimentary hotel network meet your security standards. 

No VPN? Look for the Lock

If you don’t have a VPN, there are still steps you can take to help safeguard your data while using public WiFi. SSL connections add a layer of encryption to your network traffic, which can help keep you safe on public WiFi. When using the internet, make sure you enable the “Always Use HTTPS” option on your browser or any websites you frequently visit that require you to enter any credentials and never enter credentials into unsecured websites. 

Disable AirDrop & File Sharing

If you absolutely have to use a public WiFi network, you should turn off any features on your device that enable frictionless file sharing.

Learn how to manage your file-sharing settings on Windows 10 and on a Mac.

Leave WiFi & Bluetooth Turned Off

Leaving your WiFi and Bluetooth settings turned off when not in use can help prevent your device from connecting to unknown networks or other devices without your explicit consent. 

Actually Read the Terms & Conditions

We know that no one actually likes wading through pages of dry technical text, but before you connect to any public WiFi network, make sure you know what you are signing up for. Look for information on what data the network collects, how it is used, and how it is stored, and keep an eye out for any red flags before you click the Accept button. 

Avoid Nosey Networks

Be wary of any public WiFi networks that require you to enter personal information, such as your email address or phone number. If you absolutely have to connect to a network that requires a lot of personal information, make sure you trust the organization that owns the network and consider creating a separate email account specifically for situations like this. 

While asking for some personal information doesn’t automatically mean that the network owner is untrustworthy, stores and restaurants in particular tend to gather this information so they can better track you across multiple WiFi hotspots and tailor their marketing efforts, not to improve security or benefit users. As such, it is up to you to decide if you are willing to give up your private information in exchange for some free WiFi. 

Find Out if Your Cable or Cell Phone Company Offers Complimentary Public WiFi

Some cell phone providers and cable companies manage complimentary WiFi hotspots for their customers, so if you spend a lot of time searching for free WiFi you may want to see if your service provider offers this perk. If you are connecting to free public WiFi through a service you are already signed up for, then you don’t have to hand over any more personal information than you already have. 

Log Out When You Are Finished (Even At Home)

Logging out of all your accounts when you are done may seem like a pain, but it can help safeguard your personal data when your device leaves your home or office. By logging out when you are finished, you can rest assured that you aren’t inadvertently exposing your sensitive data when you grab a coffee or head to the mall.

Look for Password Protected Networks

When it comes to public WiFi networks, passwords are your friend. While adding a password won’t guarantee airtight security, it does help limit who has access to the network and for how long (assuming the organization that owns the network rotates their password frequently). This bare minimum level of security does help, but you should still avoid visiting websites or using apps that contain sensitive information such as PII or private work files. 

Invest in an Unlimited Data Plan

At the end of the day, the best way to stay safe on public WiFi is simply to avoid connecting to public WiFi networks in the first place. If you anticipate having to do a lot of browsing away from your home or work network, you may want to consider investing in an unlimited data plan.

Though the best course of action is to avoid public WiFi networks altogether, there are steps you can take to safeguard your device and personal data if you need to connect. For more information on keeping yourself, your business, or your remote employees safe, please contact our team today.

Identifying a Breach: Finding Indicators of Compromise (IOC)

Identifying a Breach: Finding Indicators of Compromise (IOC)

Cybersecurity is more important than ever before: According to Government Technology, though 2020 saw an overall decline in the number of breach events, the number of breached records grew dramatically, and the number of ransomware attacks doubled between 2019 and 2020.

These troubling trends demonstrate why a robust yet adaptable cybersecurity stance is critical for all organizations, regardless of size or vertical. But how do you know if your organization has experienced a breach? In this article, we will discuss common types of cybersecurity breaches, and red flags you should look for that may indicate a breach has occurred.

If you have experienced, or are currently experiencing, a cybersecurity breach, please call our team immediately and consider reviewing our guide: Hacked? Here’s What to Know (& What to Do Next).

What Constitutes a Breach?

A security breach is like a break-in, but instead of breaking into your house or business, they break into your digital systems to steal personal information or sensitive documents or damage your network. However, there are steps you can take to best safeguard your digital assets, which include:

  1. Creating a cybersecurity incident response plan, reviewing it regularly, and updating it as necessary. Having a plan in place is critical because it allows you to respond quickly and lays out, in advance, who needs to do what should an incident occur.
  2. Investing in employee cybersecurity training. Even the best cybersecurity incident response plan is effectively useless if your team doesn’t understand why security is important, what role they play in it, and how to respond should an incident occur. All new hires should undergo training, and all employees from the CEO down should receive regular refresher training. 
  3. Regularly monitoring your network for suspicious activities. These suspicious activities, called IOCs or indicators of compromise, will be discussed in depth later in this article. 

Breaches Have Wide Reaching Consequences

Breaches cause more than headaches: to address the situation, you will likely need to pull critical personnel from other projects, hindering productivity and severely impacting your daily business activities. Depending on what data is stolen or what systems are compromised, you may also suffer financial damages in the form of regulatory fines or even lawsuits.

A poorly handled breach can cause permanent damage to your organization’s reputation, damaging consumer trust. 

Recent large-scale breaches include the Yahoo breach of 2014, the Equifax breach of 2017, and the Facebook security breach of 2019. Facebook is currently facing a class-action lawsuit, while the FTC and Equifax reached a global settlement that includes as much as $425 million to help individuals impacted by the breach. Yahoo faces paying for a settlement fund of $117,500,000 to affected individuals in the form of two years of credit monitoring, or in the case of individuals who already have credit monitoring in place, a cash payment. 

Common Types of Cybersecurity Breaches

Malware (Including Ransomware, Viruses, & Spyware)

Many cybercriminals rely on malware (malicious software) to infiltrate protected networks. The malware is often delivered via email or by tricking unsuspecting employees into downloading corrupted files from compromised or malicious websites. 

For example, an employee receives an email with an attachment, which infects your network when the attached file is opened or visits a compromised site and downloads the file directly. Once one computer is infected, the malware will likely spread to other areas of your network, sending sensitive data back to the attacker, laying the groundwork for a larger attack, or damaging your digital infrastructure. 

Phishing Attacks

Phishing attacks are designed to trick potential victims into believing they are talking with someone they trust (such as a colleague, their bank, or another trusted individual or institution) in order to hand over sensitive information (such as credit card numbers, usernames, passwords, etc.), grant the sender access to restricted areas of the network, or trick the target into downloading malware. 

For example, an employee might receive an email from someone pretending to work in your IT department asking them to reset their username and password, or from “their boss” requesting confidential files, or from “your company’s bank” warning that they have detected suspicious activity on a company credit card or in a company bank account, and requesting the recipient click on a link in the email to login and review the flagged transactions.

 In all three scenarios, criminals are acting as trusted individuals or individuals working on behalf of trusted institutions in order to trick unsuspecting email recipients. 

We discuss phishing attacks, and what you can do to avoid them, in our in-depth article: Don’t Let Phishing Scams Catch You Unaware

DDoS (Distributed Denial of Service) Attacks

DDoS attacks are designed to crash websites, preventing legitimate users from visiting them. Attackers do this by flooding websites with traffic, either by working with other attackers or by programming bots (software programs programmed to perform repetitive tasks) to hammer the server hosting the website with requests. 

DDoS attacks are considered security breaches because they can overwhelm your organization’s security defenses and severely curtail your ability to conduct business. Common targets include financial institutions or government bodies, and motivations range from activism to revenge to extortion. 

To learn more about hackers, who they are, and why they do what they do, please consider reading our article: The Modern Hacker: Who They Are, Where They Live, & What They’re After.

What are Indicators of Compromise (IOC)?

IOCs are pieces of forensic data, such as system log entries or files, that identify potentially malicious activity on a network or system. Like suspicious ink-stained fingers or an errant muddy footprint in a Sherlock Holmes book, IOCs are clues that help security and IT professionals detect data breaches, malware infections, or other suspicious activities. 

By looking for IOCs regularly, organizations can detect breaches as soon as possible and respond swiftly, limiting or even preventing damages by stopping attacks during their earliest stages. 

However, IOCs are not always obvious or easy to detect: they can be as obvious as an unexpected login or as complex as snippets of malicious code. Cybersecurity and IT analysts often look at a range of IOCs when trying to determine if a breach occurred, looking at how different IOCs fit together to reveal the whole picture. 

IOCs vs IOAs

IOAs (indicators of attack) are similar to IOCS, but instead of focusing on the forensic analysis side of a compromise that has already occurred, these clues aim to identify attacker activity while the breach is in progress. 

A proactive approach to security relies on both IOCs and IOAs to uncover threats or potential threats in as close to real-time as possible.

Common IOCs and IOAs

There are many IOCs and IOAs that IT and security analysts look for, but some of the most common include:

  1. Unusual outbound network traffic. This could indicate someone is moving sensitive files off the network.
  1. Anomalies in privileged user access accounts. A common tactic used by attackers is to either escalate privileges on accounts they have already compromised or use compromised accounts as gateways to more privileged accounts. By monitoring accounts with access to sensitive areas of your network, analysts can look out for signs of insider attacks or account takeover attacks.
  1. Geographic irregularities. If an employee logs out of their account from an IP address in Chicago, then immediately logs back in from New York, that is a huge red flag. Analysts also look for traffic between countries that your organization doesn’t have business dealings with.
  1. General login irregularities. Multiple failed login attempts or failed login attempts for accounts that don’t exist are both huge red flags. Analysts also look for irregular login patterns, such as employees logging in well after work hours and attempting to access files they don’t have authorization for, which likely indicate the account credentials have been compromised.
  1. Unusually high database read volume traffic. If an employee is attempting to download and read your entire personnel or credit card database, that likely means an attacker is attempting to access those sensitive files.
  1. A large number of requests for the same file. Breaches rely on trial and error a lot, so a large number of repeated requests for the same file (such as the credit card database we mentioned earlier) may indicate an attacker is testing out a variety of strategies in an attempt to gain access.
  1. Suspicious configuration changes. Changing configurations on files, servers, and devices may indicate an attacker is attempting to set up a network backdoor or adding vulnerabilities to aid a later malware attack.
  1. Flooding a specific site or location with traffic. Many attackers rely on bots for a variety of tasks and may recruit compromised devices on your network to do their dirty work. A high level of traffic from a number of devices targeting a specific IP address may indicate those devices have been compromised. 
  1. Suspiciously timed web traffic. Even the fastest typers can only type so fast, so if logs indicate that someone is trying thousands of password and username combinations a second, chances are an attacker is attempting to break into your network using a brute force attack

These are just some of the most common IOAs and IOCs that security and IT analysts use to look for signs of suspicious activity.

By monitoring your infrastructure and firewalls 24/7/365 for signs of a potential breach and keeping a watchful eye on your endpoints, you can gather the information you need quickly so you can respond to potential incidents as soon as possible. To help keep your network secure, VirtualArmour offers a variety of managed and consulting services and has extensive experience working with organizations in a variety of industries, including, but not limited to, healthcare, finance, retail, and energy as well as service providers

To learn more about how our experienced security analysts use IOCs, or to get started improving your security posture, please contact our team today

Recommended Reading

Identifying IOCs is just one small aspect of cybersecurity. To learn more about cybersecurity, why it’s important, and what steps your organization should be taking, please consider reviewing the educational articles listed below. 

Managed Services Security Providers (MSSPs)

What is a Managed Services Security Provider (MSSP)?

Leveraging Your MSSP in an “IT Light” Environment

Cybersecurity Basics

Terms & Phrases Used in the Managed IT & Cybersecurity Industries

The SMBs Guide to Getting Started with Cybersecurity

Cybersecurity Spring Cleaning: It’s Time to Review Your Security Practices

Building a Cybersecurity Incident Response Program

Beyond SIEM: Why Your Security Posture Needs to SOAR

Identity Management is Just Cybersecurity Best Practices With a Fancy (& Expensive) Name

Creating an Agile Workplace: How to Prepare for the Unexpected

Cyber Hygiene 101: Basic Steps to Keep Your Company Secure

The Ultimate Guide to Managed Threat Intelligence (2020 Edition)

What is Information Security (& How Does it Impact Your Business?)

5 Old-School Hack Techniques That Still Work (& How to Protect Your Data)

Keeping Your Network Secure in a “Bring Your Own Device” World

Basic Website Precautions: Keep Intruders Out With These Fundamental Security Best Practices

Compliance

Security vs Compliance: What Are Their Differences?

US Companies Could Get Badly Burned by GDPR – Here’s How Not To 

The Challenge to Remain PCI & NIST Compliant During the Shift to Remote Work

Common Types of Cyberattacks

Don’t Let Phishing Scams Catch You Unaware

Cryptojacking: Because Every Currency Needs to Be Protected 

In a Remote World, Social Engineering is Even More Dangerous

How Fear Motivates People to Click on SPAM

Ransomware is Only Getting Worse: Is Your Organization Prepared to Confront it?

Everything You Need to Know About Ransomware (2019 Edition)

DNS Spoofing: What It Is & How to Protect Yourself

About Cybercriminals & Cybercrime

Hacked? Here’s What to Know (& What to Do Next)

The Modern Hacker: Who They Are, Where They Live, & What They’re After

Hackers Are Increasingly Targeting People Through Their Phones 

Airports are a Hacker’s Best Friend (& Other Ways Users Expose Themselves to Risk)

2021 Cybersecurity Trends

Our Predictions for the 2021 Cybersecurity Environment

Cybersecurity by Vertical & Industry

Cybersecurity Basics Every College & University Needs to Have in Place

The Ultimate Guide to Cybersecurity in the Healthcare Industry

How the Financial Industry Can Strengthen Their CybersecurityCybersecurity for the Manufacturing Industry, What You Need to Know Now

Deleting Yourself From Social Media: A Brief Guide to Getting Out

Deleting Yourself From Social Media: A Brief Guide to Getting Out

With many of us still stuck at home, social media has become a bit of a lifeline – It can help us stay connected with friends and loved ones as well as expand our social and professional networks. However, social media both increases our risk of being caught up in a data breach and has been shown to negatively impact mental health, leading many to wonder whether it’s time to hit the delete button for good. 

Why You Should Consider Breaking Up with Social Media

Cybercriminals are increasingly targeting social media accounts. While most attacks simply leverage social media as a delivery mechanism for malware and phishing scams, more advanced attacks aimed at social media networks are now able to leverage user’s contacts, location data, and business activities to develop targeted malware advertising campaigns aimed at specific users.

Most attacks use compromised social media credentials to discreetly gather personal data on the victim’s online friends and colleagues or take the guise of a classic phishing scam: tricking victims into revealing their password or other sensitive data by using scare tactics and “urgent” messages, purportedly originating from the platform’s internal team. Social media is also taking its toll on our mental health: Multiple scientific studies have found a strong link between social media use and poor mental health, including an increased risk of depression, anxiety, and loneliness. 

How to Delete Your Social Media Accounts

Though many social media platforms use dark patterns to actively discourage users from deleting their accounts (or otherwise trick you into doing something you don’t actually want to do), there are steps you can take to break up with social media permanently.

Facebook

Facebook offers two ways for you to remove yourself from their platform: deactivation and deletion. Deletion permanently removes your account, while deactivation is billed as a way to hide your account on Facebook (though, as one former Facebook user discovered, your account is still live, which means some people can still interact with it).

Deactivate Facebook

To deactivate your Facebook account using a web browser, you need to visit Facebook’s site and log in to your account. Next, using the drop-down arrow located in the top right corner of your screen to select Settings. Under General, select the Manage Account option and click Edit, then choose Deactivate your Account. At this point, Facebook will prompt you for your password and ask you to provide a reason for leaving. Select your choice, click Deactivate, and you’re done. 

You can also deactivate (but not delete) your Facebook account via the Facebook mobile app. For iOS users, just open the app and hit the menu button (the three-line icon) in the lower right-hand corner. Then click Settings, Account Settings, General, Manage Account, and Deactivate. Android follows a similar process, but you can reach Account Settings from the first submenu.

Delete Facebook

To delete your Facebook account, you will need to visit this page using your web browser. Once you have logged in, click Delete my Account. Though your Facebook friends will no longer be able to interact with your account, Facebook may take as long as 90 days to delete your data. 

Twitter

Twitter allows users to deactivate their accounts, with un-reactivated accounts being deleted after a set period (regular users have to wait 30 days, while verified users have to wait 365 days before their data is deleted). 

To get rid of Twitter, visit the login page in your web browser and log in to your account. Scroll down to the bottom and select the Deactivate your Account option. Once you have read through the information provided by Twitter, you can select Deactivate. You will be prompted to enter your Twitter password and confirm that you really do want to deactivate your account. 

Once you have chosen to deactivate your account, Twitter will begin erasing your presence on their platform. Your profile and tweets will be hidden immediately, but Twitter holds onto your data and tweets for either 30 days (regular users) or 365 days (verified users). If you log back into Twitter during this cool-down period, your profile and past tweets will be automatically restored. 

LinkedIn

Delete LinkedIn

Most people don’t really consider LinkedIn to be a social media platform like Facebook to Twitter, but it uses a lot of the same social and engagement patterns. 

Start by clicking on your profile icon to open your Settings and select the Account tab. Scroll down to the bottom of the menu and select Closing your LinkedIn Account. LinkedIn will then ask you to specify why you are deleting your account. Unfortunately, you can’t skip this step, so choose whatever answer best fits. You can leave additional feedback if you want, but it isn’t required.

Finally, you will need to enter your password to confirm your identity and your intention to leave, and LinkedIn will once again warn you that this is your last chance to turn back. Once you have entered your password, select Close Account and make sure to check the Unsubscribe from Emails box just to make sure you don’t get any pesky emails trying to tempt you to come back. 

Hibernate LinkedIn

You can also choose to “hibernate” (deactivate) your account, which will temporarily remove your account from circulation without removing your data from the site. If you select this option, any previous comments or posts will be attributed to “LinkedIn member”.

Instagram

Instagram accounts can only be deactivated via their website, not through their mobile apps. Once you’ve logged in, select your profile icon in the top right corner of your screen and select Edit Profile, then click Temporarily Disable my Account. Once you select this option, Instagram will ask you why you are leaving and then prompt you to enter your account password and select Temporarily Disable Account.

Much like Facebook (who owns Instagram), you are only allowed to pause your account, not delete it. Once you temporarily disable your account, other users will no longer be able to view your Instagram page, but the platform will continue to hold onto your data (including photos and comments). If you log in to the platform again, your Instagram account is automatically restored.

To actually delete your account, you need to visit the delete your account page from your web browser. Log in to your account, state why you are leaving, and re-enter your password. Finally, you can click Permanently Delete my Account, which will remove all traces of your account from Instagram’s servers, including all likes and messages. 

TikTok

To delete your TikTok account, start by visiting your profile and open your Settings by clicking the ellipsis in the top corner. Then, select the tab marked Manage my Account and scroll down to the bottom of the screen to select Delete Account. Once you have done this, you will be asked to send yourself a confirmation code via SMS to verify your identity and make sure someone isn’t trying to delete your account on your behalf. 

Once you enter the code, TikTok will warn you one last time that you are deleting your account (and explain what that entails). Select Delete Account, and you are done. Unlike other social media platforms, TikTok doesn’t hold onto your data after you choose to leave.

Snapchat

Snapchat also requires users to visit their website to delete an account. Start by logging in to your account, and then re-enter your username and password on the next page (yes, they really do make you sign in twice to prove it is really you and show that you really do want to get rid of Snapchat). Once you click Continue, Snapchat will begin the account removal process.

From that point forward, your friends will no longer be able to contact you via Snapchat, but your account is still active. If you change your mind in the next 30 days and log back into the platform, your account will be completely restored. 

If you don’t log in again during the 30-day cooling-off period, Snapchat will go ahead and delete your account.

Pinterest

To delete your Pinterest account, you will need to log in and select the directional down chevron icon in the top right corner (this will open your menu). Select Settings and navigate to Account Settings on the left-hand side of your screen. Go to Account Changes, and click Close Account. You will then need to tell Pinterest why you are deleting your account and click Next. You will then need to click Send Email to receive a confirmation email to close your account. Once you have received the email via the email address associated with your Pinterest account, you can confirm that you really do want to close your account. Whether you are leaving social media because of security concerns or for other reasons, we hope you found this guide helpful. To learn what other steps you can take to improve your security, please contact our friendly team today.

Is it Possible to Still Browse Anonymously?

Is it Possible to Still Browse Anonymously?

When it comes to cybersecurity, there are no guarantees, and the same holds true for browsing the internet. Though there are steps you can take to increase privacy and make yourself more anonymous, achieving total and complete privacy and anonymity is unlikely.

There are many reasons organizations and individuals seek to browse the internet anonymously or privately. For businesses, keeping employee internet traffic private is a matter of security: shielding employee internet traffic makes it more difficult for cybercriminals to gather the information they need for social engineering attacks or blackmail. As such, taking organizational-wide steps to improve employee privacy as well as educating employees about the importance of privacy and what steps they can take is critical for any security posture. 

To help you best safeguard your organization, we have created this handy guide outlining some tools and policies you may want to consider adopting.

Private is Not the Same as Anonymous

It takes a surprising amount of work to remain anonymous on the internet. Though many articles and organizations within the cybersecurity space use the terms “anonymity” and “privacy” interchangeably, they are not actually interchangeable. 

An encrypted message is private because only you and the recipient can read its contents, but because of metadata, you aren’t actually anonymous. Metadata is snippets of information that provide context about the message, such as who you are talking to, how long you have been exchanging messages, how many messages you have sent, the presence and size of attachments, and what medium you are using (text, email, etc.), and unlike the contents of your message, isn’t encrypted. 

Because you can’t encrypt this metadata (which can be accessed by cybercriminals and other unauthorized individuals with the right tools, technical knowledge, and motivation), you can’t actually browse the internet or send messages anonymously.

Tips & Tools to Increase Your Privacy Online

Is it Possible to Still Browse Anonymously?

Using Tor & Signal

Adopting Tor and Signal for your internet browsing and message sending needs is a good place to start. 

Tor

Tor is the largest, most comprehensive, and highly effective meta-data resistant piece of software designed to promote privacy and anonymity. Though Tor doesn’t guarantee it will keep your browsing habits private, it is the best option currently available. Tor has developed a bit of a bad reputation because it is favored by criminals looking to keep their illegal activities secret, but it has also been a critical tool for journalists looking to research stories anonymously and has even partnered with Reporters Without Borders. However, using Tor comes with some complications: browsing the internet over Tor is slower than using other search engines, and some large web services block Tor users. 

Tor is available for both desktop browsing (Linux, Mac, and Windows) and mobile browsing on both Android and iOS devices

Signal 

Signal is a popular and highly effective messaging app that allows users to send and receive encrypted text messages, voice memos, audio calls, and video calls. Its user interface is similar to other popular messaging apps, making it easy to use even for less tech-savvy individuals.

However, just because your messages are private doesn’t mean you are anonymous. Any network-level adversary can tell you are using Signal, and government agencies such as the CIA can still digitally peek over your shoulder using malware. Also, the metadata associated with Signal users is still available, so organizations such as the US government and Five Eyes are able to access Signal traffic to learn who is communicating with whom when they are communicating and how long they have been in communication. Though the developers of Signal are aware of these shortcomings, metadata-resistant communication remains an unsolved technical problem. 

In short, Signal is the best encrypted messaging app available, offering a more private communication experience, but it isn’t perfect and cannot be relied on for total or even strong anonymity. 

VPNs Are Useful, But Don’t Actually Offer Anonymity (Only Privacy)

VPNs (virtual private networks) do not actually anonymize your browsing. All they do is move trust from your ISP address (at home, at the office, at your local coffee shop) to someone else’s server. VPNs can be incredibly effective security tools (and vital for remote workers who might be logging on from less than secure networks), but they don’t offer anonymity. 

Since the VPN just shifts your traffic to their server, they can still see all of your traffic; as such, if someone you wish to hide your browsing from accesses the VPN’s servers (either through a cyber attack or via legitimate means such as a court order) they will also be able to see all your traffic. 

Is it Possible to Still Browse Anonymously?

Using Zero-Knowledge Services

Many of the tools you likely use every day, including Gmail, Office365, and DropBox, know everything you do on their respective platforms; Google reads your emails, Office365 can access everything you write, and DropBox has the ability to open and examine all files you upload. These three organizations, along with many more, are also Prism providers, which means they cooperate with mass surveillance programs and, as such, are willing to share anything you do on their platforms with the US government.

While you can protect your privacy on these platforms by encrypting everything you do, you can also choose more privacy-conscious alternatives such as SpiderOak (an alternative to DropBox) or Protonmail (as opposed to Gmail). You should carefully vet these companies for yourself before using their products, but these zero-knowledge options are certainly worth exploring further. 

Check Your App Permissions

Though Apple recently released an update designed to improve user privacy and security (including limiting photo and location access, discouraging Wi-Fi tracking, and at a future date, limiting app tracking), both Apple and Android users should still take the time to check their app permissions. Many apps request greater permissions than they need (including camera and microphone access, location data, and other information), raising security and privacy concerns. 

Be sure to periodically check your app permission settings and revoke unnecessary permissions. 

Consider Installing an Ad Blocker on Your Browser

Ads used to be targeted at wide demographics, using a one-to-many broadcasting model. However, targeted advertising now means that what ads you see while browsing the internet are specifically tailored to you to maximize your chances of clicking a link or buying a product or service. This personalization is possible because of online tracking.

Installing an ad blocker won’t completely hide your browsing activities from curious advertisers, but products such as Brave Browser, AdBlock, and the Electronic Frontier Foundation’s Privacy Badger offer better protection than nothing at all. 

Consider an Ad Blocking DNS Service 

To block ads at the network level, you may want to consider a DNS adblocker such as Pi-hole. DNS ad blockers are basically DNS (domain name system) servers that act as DNS sinkholes, blocking ad traffic by checking requests from your browser (in this case, coming from advertisers who want to serve you ads) against your client hosted DNS server, which contains a list of domains that usually serve ads. If a requester is on that list, their request is denied, blocking the ads before they even reach your computer. This approach is usually done via hardware (for example, Pi-hole requires a Raspberry Pi). 

Technically savvy readers who use Windows may want to consider checking out this handy guide on DNS-level ad Blocking from Privacy International

Fire Your Digital Assistant

Google Home, Amazon Echo, and Apple’s Siri offer convenience, but they are a privacy nightmare. In order to know when to update your grocery list, play a requested song, or call your parents, these devices need to be constantly listening for instructions. Private conversations aren’t private if you have a digital spy in the room, but even if you refuse to get an Amazon Ring for your front door, it doesn’t really matter if they are ubiquitous in your neighborhood. 

However, if you are concerned about privacy, you should still consider banning these devices from the office (and the home office) and turn off Siri voice activation.  

Use Common Sense

At its core, privacy is about autonomy: choosing which information you share and with whom. A good general rule is that you are doing something you don’t want the world to know about, it’s probably best to keep it off the internet. If your team needs to discuss a top-secret project, have them meet in person (when it’s safe to do so) or limit communication to secure devices and products only.

Depending on the nature of your business, you may want to create clear social media and internet use guidelines for employees, contractors, volunteers, and any other individuals involved in your organization.

It’s almost impossible to be truly anonymous on the internet, but that doesn’t mean there aren’t steps you can take to improve privacy (and, by extension, security) at the individual and organizational level. For more information about steps, your organization can take, please contact the Virtual Armour team today.

VirtualArmour Solutions

Detection, investigation, and resolution of your security alerts
Prevention and visibility to protect you from a breach.
Support and monitoring of your firewall and overall security
Evaluation of your infrastructure for vulnerabilities and security gaps.
Team of cybersecurity experts that can bolster your existing security team or supplement light IT staff – to manage and monitor networks, devices, & assets.

Level of Need

Essential Services

Requirements for devices, investigations, and tickets are for a smaller IT environment that needs less.

Requirements for devices, investigations, and tickets are for a larger IT environment that needs continuous white glove service.
One time engagement. Single Service Implementation.

Partners

Become a Partner

VirtualArmour partners with companies focused on providing solutions for cybersecurity

Portal Login

About VirtualArmour

Our Team

When people, process, and technology work together, great things happen.

Articles and Resources

Your best resource for articles, tips and best practices for every cyber security situation.

Technology Partners

Learn more about how our team supplies and services, the latest hardware and software solutions.

Careers

Read about life at VirtualArmour and search for current openings.

Industry

Read more about the industries we serve and our solutions to keep you safe.