How DiamondIT is supporting clients during the COVID-19 (coronavirus)

About Matt Mayo, CEO of DiamondIT

Matt Mayo has 20 years technology field experience and is the owner/CEO of DiamondIT. He is an entrepreneur who believes in being the very best at what he does while also never taking himself too seriously.

Cybersecurity Awareness Month: Your People Are Your Biggest Threat

2020 has been one curveball after another. Each change brought an increase in digital communication tools to work, meet and carry on daily life. This introduced new vulnerabilities, but what hasn’t changed are your clients’ and employees’ expectations about the privacy of their data. Since October is cybersecurity awareness month, now is the perfect time to ensure you and your third-party partners meet reasonable security procedures and practices.

This vague phrase is used in laws like the California Consumer Privacy Act (CCPA). Understandably, you may be wondering what exactly it means. Fortunately, SecureTheVillage, an organization CEO Matt Mayo is on the leadership council for, has stepped in to fill the void with a 9-point list detailing the minimum reasonable information security practices all responsible IT service providers should follow.

The highly detailed, technical guidelines are packed with useful and actionable advice for any organization that’s looking to take security up a notch and proactively stop cybercrime. Using the guide, we pulled out 11 actions you should prioritize right now.

Your Top 11 Cybersecurity Priorities

1. ‘SecureTheHuman’ and get your employees to stop clicking

Develop a workplace of knowledgeable employees who avoid malicious links and actively help prevent cyberattacks. Unless you “SecureTheHuman,” and tell people what not to click, they will continue to accidentally cause cyber incidents.

2. Plan for the worst

Create an Incident Response Plan and a Business Continuity Plan, then go over both with your staff so everyone is aware of what the plan entails and their responsibilities during an emergency.

3. Lock down your network security

Using a Virtual Private Network (VPN) with two-factor authentication to remotely access the network is a simple way to secure access to your network and keep cybercriminals out.

4. Enforce password best practices

Passwords are at least 15 characters long and contain a mix of upper- and lower-case letters, numbers and characters.

5. Track activity

Log all IT staff activity at the individual level so you can track user, event, time of event, success or failure, event origination, and the affected data and systems. Securely store the logs for at least 1 year.

6. Review admin access

Every 90 days, review who has administrative access to your IT networks.

7. Evaluate third-party vendors

You’re dependent on the security of your third-party partners, including your managed service provider, to prevent breaches. Set policies, control information and secure who has access to your data to protect yourself.

8. Control access with policies

Define who has access to sensitive information and restrict it to people who absolutely need to know.

9. Identify experts you can call for help

SecureTheVillage recommends having access to a Certified Information Systems Security Professional (CISSP). These experts pass rigorous exams and participate in continuing education, making them valuable resources who can help your organization implement measures to stop cybercrime.

10. Stay informed about the latest threats

To prevent attacks, you need to know what you’re up against. Every month, we share some of our insights and practical advice for improving security in a free newsletter. You can sign up here.

11. Start a conversation with your IT provider

Ask your managed IT provider to review SecureTheVillage’s 9-point checklist, then ask how many of the policies they comply with internally and which they use with their clients. Your IT partner should be able to give the reply we’re able to tell our clients: The guidelines form the basis of the policies we adopt internally and for our clients.

You Could Be Breached if You Ignore These Standards

Familiarize yourself with the minimum standards so you can hold your managed security partners responsible. Your ability to obtain and keep cyber insurance and maintain compliance depends on following the 9 standards.

Hold Your IT Provider Accountable for your Cybersecurity

If your IT provider isn’t meeting the bare minimum and doesn’t implement the same high-level security for you, you’re at risk. You shouldn’t be blindsided by an attack. Our credentialed experts, including CISSP, are here to help. An assessment will show you how to redress existing vulnerabilities and enable you to hold your provider accountable. Contact us to get started today.

Are You a Risk to Your Clients?

Your clients rely on you to be there when they need you and to keep their information safe. The vendors you choose and policies you implement could hurt them. When you can’t work because your network is down, your server was destroyed by a fire or your computers are tied up because an employee clicked on ransomware, your clients see you as unreliable. If you suffer a cybersecurity breach, the attack can spread to your clients, making it highly likely they’ll stop working with you. You’ve become a risk to them.

It doesn’t have to be this way. Here’s how you can avoid the most critical vulnerabilities we see.

How to Save on IT Without Sacrificing Security

Deciding what to cut from your budget is a difficult decision. We understand no business owner, ourselves included, wants to go through the process. But, as the coronavirus continues to cause severe health and economic distress, business leaders throughout California will need to decide what they can live without. At DiamondIT, we don’t want to see any business owner lose $600,000 because they eliminated or drastically reduced IT security services.

Are You Insurable? 5 Tips to Get (and Keep!) Cyber Insurance

We know a nonprofit that paid $2,500 for a cyber insurance policy a little more than two years ago. When they were breached, the insurer paid out the $50,000 lost because of downtime and unrecoverable software and data. The money was essential aid when it was most needed. Isn’t that the point of getting any kind of insurance?

Unfortunately, suffering a breach can deem you a risk for insurance companies, marking you as negligent and costly. Unless you can prove you’re taking steps to heighten security, you could easily be in danger of losing your cyber policy.

Stop Wasting Money on Network Security Tools You Already Have

You likely have IT security features on existing solutions you’re not using. That can lead you to invest in products you already have. As we work with businesses to set up remote work, we’re challenging them to invest smarter. We run an assessment to gain a comprehensive picture of the tools they pay, highlight security gaps and plan next steps to truly protect their business.

Start by taking a look at your subscriptions, apps and operating systems to fully understand what you’re already paying for and how to use it best. Start with security and solutions in Microsoft 365.

How to Set Up a Lasting Work-from-Home Solution for Your Business

No one saw coronavirus coming. Well, almost no one. Turns out, the All England Lawn Tennis and Croquet Club, home of the Wimbledon tennis tournament, did. For 17 years, the club has paid $2 million annually for “pandemic insurance,” and will receive $141 million for this year’s canceled tournament. They’ll still lose money, but it’s certainly better than the alternative: no tournament revenue at all.

Take your lessons learned to plan for the second wave now

No one really wants to think the current situation could happen again, but it’s possible. We’re still many months away from a vaccine and experts are warning about a potential second wave of infections. What happens next is unclear, but if you take the 4 steps outlined below, you’ll be better prepared and have a lasting work-from-home solution for your business.

Working from Home Exposes You to Threats – Here’s How to Stay Safe

Shelter-in-place and social distancing mean your new commute consists of shuffling to your home office or dining room table, favorite mug in hand, bathrobe secured tight around you. It seems COVID-19 has introduced millions of people to remote work almost overnight. It also created prime targets for cybercriminals.

No Internet, No Phones, No Access: The Alarming Implications of the PBVUSD Ransomware Attack

By Matt Mayo

DiamondIT, Founder and CEO

In January, Panama-Buena Vista Union School District’s network was infected by ransomware which shut down the school’s phone system and all Windows computers. While school officials lamented late report cards and using manual processes for communications, temporary hotspots and an examination into internal controls and network security, my mind turned to the real issue here – the protection of our children at school.

In a generation that relies on school phone systems and networks to thwart the very real possibility of a school shooting, the significance of the recent data breach at Panama-Buena Vista USD is alarming. It brings to mind the question: What are school districts doing to make sure students are protected and emergency systems are operable at all times?

Your IT Manager’s IT Department

Background

Daniells Phillips Vaughan & Bock (DPVB) has served central California businesses with tax and accounting services since 1956 in its Bakersfield location. DPVB is a well-respected member of the area business community and, for the last 60 years, has strived to lead the CPA industry in adopting state-of-the-art technology solutions to better serve clients in Bakersfield and Kern county.

Thomas Woods, DPVB Director of Information Technology, has been at the forefront of these efforts for the last 17 years.

The Iranian Threat & How 3 Cali Organizations Avoided Disaster

Would You Survive a Cyberattack?

For over a month you’ve heard about the threat Iran poses to U.S. businesses. Have you taken steps to prepare? According to FEMA, 90% of small businesses fail within a year, if it takes them more than 5 days to re-open after a disaster. Thinking “It won’t happen to me” is easy now, but won’t help you if a worst-case scenario unfolds.

As the Cybersecurity and Infrastructure Security Agency (CISA) detailed in their alert, previous Iranian targets include the financial sector, a dam in New York and a corporation in Las Vegas.  Even if your business isn’t directly targeted, you can still anticipate an impact from the Iranian cyberterrorism threat. A large vendor you work with, like Microsoft, might be targeted and take systems offline, or an attack might have a reverberating impact on the economy that you need to be ready for.

Build your cyber incident response plan now.