Compliance

Completed CompTIA Security Trustmark+

I am very happy to announce that, we successfully completed our annual review for the CompTIA Security+ Trustmark. We view this as a big differentiator between us and our competitors. While many organizations claim that they have good security practices in place, it is impossible for them to prove it. We submit Quanexus to an annual review of our security practices, where a third party, independent auditor reviews our polices, controls and practices. Our practices are based on the CompTIA Security+ Trustmark, which is based on NIST’s (National Institute of Science and Technology) Cybersecurity Framework.

This is important for several reasons. The first is, some of our clients operate in regulated industries, such as finance and medical. These organizations that operate in regulated industries are required to perform vendor due diligence; they need to prove that they are working with “trustworthy” vendors. By having a third party, independent auditor review our controls, it makes it easier for our clients to work with us.

The second reason we do this is, if we are going to consult and perform services in these industries, we have to understand and meet the same or very similar requirements that our clients have to meet. This provides us a much deeper understanding of the process and controls needed to operate.

Thirdly and most importantly, we take security very seriously! We need to be continually learning and adopting to the changes in the world that affect us. The CompTIA Security Trustmark+ helps us keep a keen focus on the evolving security landscape and helps us continually improve.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

How to better plan for 2019 in two hours

How can you better plan for 2019 in just two hours?

The end of the year is quickly approaching. Have you started planning for 2019? Every business owner knows that planning for a yearly budget is much easier when you know what IT projects are upcoming, or what equipment needs to be replaced. A good place to start is with a free network assessment.

Utilizing this complimentary service can give you a look into where vulnerabilities and problems may exist on your network and its equipment. Regularly reviewing your network is vital in ensuring it is running at peak performance and is protected from data loss, downtime, viruses and breaches.

If your system is not regularly monitored, assessing your infrastructure is critical. Businesses often fall behind in upgrades and compliance simply because they are busy running their business. Having a third party evaluate your network can give you a peace of mind and can catch issues you may not know exist.

The process is conducted on site at your office and generally takes anywhere from one to two hours to complete. Based on our findings we will compile a list of suggestions and concerns and present them to you at a later date. There is absolutely no obligation to move forward with our recommendations, or to purchase any services or equipment from us.

The benefits of a network assessment can give you an excellent snapshot of where your business is technologically and can help you to develop an action plan to keep your systems up to date and running optimally.

Request your free network assessment today. There is no hassle, or obligation.

If you would like more information, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

The Benefits of Migrating to Office 365

Prior to Microsoft launching Office 365, updating to the newest version of a program was often costly and time consuming; Office 365 has vastly improved the process by offering a variety of benefits.

If you are thinking about migrating to Office 365 we have put together a short list of some of the major benefits of switching.

  1. Work anytime, anywhere. Office 365 provides web-enabled access to email, documents, and calendars and more on almost any device. Have the flexibility to work where and when you need to.
  2. Predictable monthly costs. Rather than spending a hefty, up-front amount for the latest version of a program, Office 365 utilizes a monthly fee structure that keeps you working on the most up-to-date programs at an affordable monthly fee.
  3. Built in security and compliance. For small businesses, staying secure and in compliance can take a large chunk of their resources, Office 365 has built-in features that can take care of this for you. All of your data can be stored securely on the cloud and available for you wherever you need it.
  4. Stay organized. Everything synchronizes for you; if you update a contact on your phone, or save a document on a PC, it will automatically update across all of your devices, including Macs, iPhones and Android devices.
  5. Licensing simplified. Rather than keeping track of who is using what version of a program with which license, you will now have the ease of having all users accessing the same version of each program and receiving updates at the same time.

Office 365 has plenty of bells and whistles but determining the right plan for your organization can take time. We have taken each of the options and broken them down into as easy to understand chart which we would be happy to go over with you.

Related: Office 365: Too Many Options

When deciding to migrate many companies consider working with a Managed Services Provider (MSP) to ensure that the transition goes smoothly and is as cost effective as possible.

There are many different options to consider and questions to answer if you are considering moving to Microsoft Office 365, we have several, experienced technicians on hand who can assist you.

Related: Managed IT Services in Dayton

Are you thinking about migrating? Would you like more information on how to get started? Contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on by subscribing to our email list.

Posted by Jack Gerbs in Recent Posts

Understanding Compliance for Smaller Organizations

Compliance continues to be a challenge for smaller organizations, because of the high cost of tools needed to meet the regulatory guidelines. Quanexus has been busy researching solutions that are affordable for this segment and our clients.

The two key areas we have focused on are file access, including administrative access to the servers (separation of duties), and network monitoring.

The requirements for file access and administrative access are:

  • Logs need to be maintained and reviewed, showing who and when files and directories that contain confidential or sensitive information were accessed.
  • Logs need to be maintained and reviewed, showing when a user with administrative privileges logs into servers, and what changes were made to the server.  Examples of changes are: a new user was created, rights to who can access files have been changed, a user was moved to a different user group, and privileged escalation, etc.

Related: Create a Security Conscience Team

The other requirement is network monitoring. 

Almost all organizations have a firewall in place, which are fairly successful at protecting the network, but how do you know if they are working or if something might have slipped by the firewall?

It is important to have a way to monitor network traffic inside, on your local area network (LAN) segments.

We are building our network monitoring solution in two phases.  Phase one is the monitoring for intrusion based traffic on the network.  Phase two is to look for intrusions on workstations and servers.  We are in the final stage of completing phase one of our network monitoring solution.

As a part of the layered security approach, we are also evaluating how to better utilize a host (workstation or server) based firewall, to limit traffic between systems on the same network.

This approach would detect if a workstation is trying to access, or being accessed by, a system that it should not have a need to access.  If suspicious access activity is identified, an alert will be sent.

Network segmentation is another control that helps protect against lateral movement and can detect if a network has been potentially compromised.

Related: Cybercrime By The Numbers

If you are a smaller organization and are concerned about your system’s compliance, we would be happy to meet with you and review your process.

If you would like more information about how we can help, contact us here or call 937.885.7272.

Follow us on FacebookTwitter and LinkedIn and stay up to date on Hacks, Attacks & Cybersecurity by subscribing to our email list.

Posted by Jack Gerbs in Information Security, Recent Posts, Small Business