NGT Technology

Quick one for Gwinnett County small business owners.

Most cyberattacks don't use some fancy zero-day exploit. They use a known vulnerability that had a patch available for months and just never got applied.

When people hear "Windows Update," they think of the annoying restart at the worst possible time. What it actually is: a fix for a security hole somebody already found and bad guys already know how to use.

A few things worth knowing.

"Automatic updates on" is not the same as "patched."
Windows can have automatic updates enabled and still be 6 months behind because the user keeps clicking "remind me later." Or because a pending update needs a reboot that nobody ever does.

Your third-party apps need patching too.
Adobe, browsers, Java, Zoom, your industry software. These are huge attack targets and they don't ride on Windows Update. They each have their own update mechanism, which means each one can quietly fall behind.

Servers and network gear count.
Firewalls, switches, NAS boxes, printers. All of them have firmware that needs occasional updates. Almost nobody checks the printer firmware. Attackers know that.

Documented patching beats hopeful patching.
A managed IT provider should be able to tell you what was patched, when, and on which device. If nobody can produce that report, nobody knows where you stand.

Patching isn't exciting. It's the most boring part of cybersecurity. It's also one of the most effective.

If you want a second set of eyes on what's getting patched at your office and what isn't, give us a call.

(404) 990-4540 | ngttechnology.com

Today is Memorial Day.

We're pausing to remember the men and women who gave their lives in service to our country, and the families who carry their memory every day. We're grateful for the freedoms their sacrifice protects and for the communities they helped build right here in Gwinnett County and across the nation.

NGT Technology will be closed today so our team can be with their families. We'll be back to normal hours tomorrow.

To everyone who has served, and to every family that has lost a loved one in service: thank you.

— The NGT Technology Team

Quick one for Gwinnett County business owners with cyber insurance.

Most cyber insurance policies written in the last 2 years now require certain security controls to be in place. If you have an incident and you don't have those controls turned on, your claim can be denied.

The most common ones we see in policies:

Multi-factor authentication on email, remote access, and any admin account. This is the big one. Almost every carrier requires it now.

Backups that are tested. Some carriers want documentation that you actually restored data within the last 90 days.

Endpoint protection on every device. Free Windows Defender works as long as it's actually running.

A patching schedule. Critical updates installed within X days of release. The X is in your policy.

Employee security training. At least once a year, documented.

Here's what to do this week.

Pull out your cyber insurance policy. Read the security requirements section, often called "Conditions" or "Required Controls" or sometimes hidden in an "Application Warranty." Make a list of what they require.

Then ask whoever handles your IT to verify each one is actually in place. Not "we have it" but "here is the evidence."

Most owners we ask have never read this part of their policy. The carriers are counting on that.

Need help running this check? Give us a call.

(404) 990-4540 | https://ngttechnology.com