Cyber-readiness Strategy 11: Reduce Supply Chain Vulnerabilities

Nearly two-thirds of firms (65%) have experienced cyber-related issues in their supply chain in the past year. As a part of your cyber readiness plan, you must deploy protocols to evaluate and monitor the security of your supplier networks and third-party vendors.

The supply chain is only as strong as its weakest link, and with the increasing complexity of global supply chains, that weak link is becoming increasingly difficult to find and fix. Cybersecurity threats can come from anywhere in the world, and they can have a devastating impact on businesses of all sizes. That’s why it’s so important to include reducing supply chain vulnerabilities into your cyber-readiness plan. By taking steps to secure your supply chain, you can help protect your business from the devastating effects of a cyberattack.

Here are 7 ways to reduce your supply chain cybersecurity vulnerabilities:

1.     Understand Your Supply Chain

To reduce supply chain cybersecurity vulnerabilities, it is important to first understand your supply chain fully. By understanding the different components of your supply chain, you can better identify potential cyber risks and take steps to mitigate them. Make sure to conduct a thorough analysis of your supply chain including all your upstream and downstream partners, so that you can identify any potential weak points throughout the chain.

2.     Train Your Employees

This first place to start reducing your supply chain cybersecurity vulnerabilities is to train your employees. Employees should be trained on how to identify potential risks and how to mitigate them. They should also be aware of the different security controls that you have in place. By educating your employees, you can help reduce the risk of supply chain disruptions and keep your business running smoothly. If you are not comfortable doing this in-house, look for a third-party that has expertise in cyber-security training especially with supply chain in mind.

3.     Educate Your Suppliers

Another important step in reducing supply chain cybersecurity vulnerabilities is to educate your suppliers. Suppliers should be made aware of the different security controls that you have in place. They should also be trained on how to identify potential risks and how to mitigate them. You should look at cyber-security standards like NIST 800-161 and ISO 28000:2022, so that you have a common language and set of standards to use in your discussions with your suppliers.

By educating your suppliers, you can help reduce the risk of supply chain disruptions and keep your business running smoothly.

4.     Conduct Risk Assessments

Another important step in reducing supply chain cybersecurity vulnerabilities is to conduct risk assessments. By identifying potential risks, you can take steps to mitigate them. Risk assessments should be conducted on a regular basis – usually annually or semi-annually – so that you can keep up-to-date on the latest threats even as your supply chain changes. Risk assessments can be conducted with in-house personnel, but third-parties are often used to make certain that ‘new eyes’ a looking at the supply chain systems periodically.

5.     Implement Security Controls

Once you have identified potential risks, you can then take steps to mitigate them by implementing security controls. There are a variety of different security controls that you can implement, depending on the specific needs of your organization’s supply chain.

For instance, if you are moving computers or other smart devices through your supply chain, you need to take into consideration the patching and updating of those systems if they have been sitting in inventory for a long time. You should also consider the proper handling of those systems if they are returned for repairs. The systems should be air-locked until it is determined that they are not a risk to your organization.

6.     Have an Incident Response Plan

In the event of a supply chain disruption, it is important to have an incident response plan in place. This plan should include steps that you will take to mitigate the impact of the disruption. It should also include a list of contacts that you will need to contact in the event of a disruption. A complete Incident Response Plan will cover all aspects of your operation, not just your supply chain, but the supply chain has historically been left out of security planning. As modern supply chains become heavily digitized and as the items in the supply chain increasingly have software components to them, the Incident Response Plan needs to take the supply chain into account.

7.     Use a Cyber-aware Third Party Logistics Provider

If you are not sure how to reduce supply chain cybersecurity vulnerabilities, you may want to consider getting help from a third party logistics provider. A third party logistics provider can help you with a variety of different aspects of your supply chain. They can help you conduct risk assessments, implement security controls, and train your employees. By getting help from a third party logistics provider, you can effectively reduce supply chain cybersecurity vulnerabilities.

Now that you know more about how to reduce supply chain cybersecurity vulnerabilities, you can take steps to protect your business. By taking these steps, you can help reduce the impact of a supply chain disruption and keep your business running smoothly. Cybersecurity is an important issue in the supply chain that should be given the attention it needs. By taking a proactive approach, you can help reduce the risk of supply chain disruptions and keep your business running smoothly.

If you are not sure how to start assessing or remediating your supply chain cybersecurity vulnerabilities, you may want to consider getting help from a security-aware third party logistics provider. By working with a third-party logistics provider that has strong cyber-security skills, you can have confidence that you can effectively reduce your supply chain cybersecurity vulnerabilities.

If you have any questions or would like more information about reducing supply chain cybersecurity vulnerabilities, please contact us. We would be happy to help you protect your business from the many threats that exist in today’s digitized supply chain. If you would like more information or have questions about how strong your cyber-readiness is, please contact Montra at sales@montra.io.

Benefits of Microsoft 365 and Azure Active Directory for Identity Management

Identity management is critical for businesses today. In a world where more and more employees are working remotely and accessing corporate data from a variety of devices, it’s important to have a robust system in place to manage and protect employee identities. That’s where Microsoft 365 and Azure Active Directory come in.

When used together, Microsoft 365 and Azure Active Directory provide a complete solution for identity management in organizations. Microsoft 365 provides the productivity and collaboration tools that users need, while Azure Active Directory handles the single sign-on and security features. This offers several benefits, including a consistent experience for users across all applications, enhanced security through centralized control.

Azure Active Directory

Azure Active Directory is a cloud-based identity management service that provides single sign-on (SSO) capabilities and robust security features. It offers several capabilities, including an enterprise identity service that provides single sign-on, multifactor authentication, and conditional access.

Microsoft 365

Microsoft 365 is a cloud-based productivity and collaboration suite that is the most popular SaaS platform in use today. It includes the Microsoft Office applications, Outlook, OneDrive, SharePoint, and Teams. It offers several capabilities, including email, calendaring, contacts, tasks, and document management.

Using Microsoft 365 and Azure Active Directory for identity management provides several benefits:

1. Centralized Management of Workforce Identities

Organizations that use Microsoft 365 and Azure Active Directory can manage their workforce identities in a centralized way. This means that they can provide their employees with a single set of credentials to access all the applications and services that they need, both on-premises and in the cloud. This makes it much easier for administrators to manage user accounts and reduces the chances of users forgetting their passwords or having their accounts hacked.

2. Consistent User Experience across Applications

When users sign into Microsoft 365 with their Azure Active Directory credentials, they will have the same experience across all the applications that they use. This includes the Office applications, Outlook, OneDrive, SharePoint, and Teams. They will also be able to access their files and documents from any device, including their mobile phones.

This makes it easier for users to access the information and resources they need, regardless of which application they are using. Additionally, it reduces the need for training on multiple applications.

3. Enhanced Security through Centralized Access Control

Azure Active Directory provides organizations with the ability to control access to their applications and resources in a centralized way. This includes the ability to set up multifactor authentication and conditional access rules, making it easier to monitor and control access to resources.

This enhanced security helps to protect corporate data and makes it more difficult for hackers to gain access to sensitive information. Additionally, it reduces the chances of users accidentally disclosing corporate data.

4. Reduced IT Costs and Increased Efficiency

M365 and Azure AD offer reduced IT costs and increased efficiency by enabling organizations to manage all identities in one place. This is because administrators can manage users in a centralized way, eliminating the need to maintain multiple user accounts across different applications. This makes it easier to provision and deprovision users, as well as to monitor and control access to resources.

Additionally, Azure Active Directory integrates with the Microsoft 365 suite of products, making it easier to deploy and manage. This integration can help to reduce the amount of time and effort required to manage user accounts.

Microsoft 365 and Azure Active Directory are a valuable combination to give organizations of any size the ability to manage identities. While the capabilities provided are great, the ability to cost-effectively leverage these capabilities can be beyond the scope of even the largest IT organizations.

At Montra, we understand the importance of workforce identity management and security, which is why we have spent time developing our own software that leverages the core capabilities of M365 and Azure AD to ease the use of it for all IT organizations. If you have any questions about our identity management services and software, please contact us at sales@montra.io.

Phishing in the Workplace: 3 Attacks and 3 Ways to Protect Yourself

About the time most people learn how to spell phishing, they realize that it is an email-based social engineering tactic to get access to a user’s account or financial information. It probably won’t come as a surprise that phishing is now fairly common on LinkedIn and Text. 

No matter whether it is email, LinkedIn, or text, the tactics the scammers use are consistent. Here are three of the most common tactics being used by scammers today: 

1. Fake Messages from the “Boss” 

This is a particularly insidious and effective tactic. A message is sent via email/text/LinkedIn to the user with an urgent request to contact them from the CEO, CFO, or other high-ranking employees at the company. The scammer typically uses more targeted language in the messages that applies to the business to make the attack more effective. This is typically called a spear-phishing attack because of its more targeted nature.

2. Fake Tech Support Messages  

Some phishers try to mimic the IT support staff rather than an executive to get people to engage. The focus of this type of attack is to get the target to give up their credentials to important company accounts. The attacks usually start with something like “Important Alert: Your Account Has Been Hacked”. The user will then be instructed to click on a link to reset their password and/or give up other important information. The links will always go to fake sites that will not match the company name or name of the software that has been supposed hacked. 

3. Fake Contact Requests 

This is used most often on social platforms like LinkedIn, but it is seen on email and text also. When a fake LinkedIn request comes via email, the link embedded in the email will go to a nefarious site that can load malware or ask for login information. We are often excited to receive a request that might lead to new business, so these attacks are particularly effective on sales and finance staff. 

These are just a few examples, and it is important to know that the types of phishing attacks and the format by which employees are targeted in the workplace continue to expand. Regardless, there are some basic tactics that apply across email, text or LinkedIn. Here are three ways to keep yourself from getting “social engineered” by one of these attacks:

1. Look at the Sender Information 

Whether in email, text, or LinkedIn, the sender’s information will look wrong. Most sending info will have the right name with the incorrect email like: 

Boss Lady <badactor234@gmail.com> 

In the case of LinkedIn, you need to look at their profile picture, name, and work history. The picture will typically be pulled from publicly available photos and the work history will be very limited. 

2. Look for Poor Grammar and Terminology 

While the sophistication of attacks continues to improve, it is difficult to completely mimic a message from a boss, customer, or colleague. If the fake sender is using the term “customer” when you know the real sender always says “client”, you should be concerned. 

“Hey, send me your phone number. I have some important work for you” 

Also, if they send an email to ask for your phone number, you need to think whether that fits with how they would really interact with you. Once they ask for your phone number, and they text you rather than call you then it is 100% a scam. 

 3. Reach out Separately or Just Don’t Respond 

In most workplace phishing attacks, you have alternate ways to communicate with the supposed sender. If you are concerned, reach out to them by a different method – phone call or Slack – and see if that is really them. If you do not have another way to verify the information, and you are not certain if it is legitimate then ‘do nothing’ is not a bad option.

“John, I just received a strange email message that is supposedly from you. Did you just send me something?” 

If the scammer is trying to create a false sense of urgency for the boss or a customer, this is difficult to do. Just remember, though, if it is really an emergency – even in today’s world – they will call you. If it is a social network connection request, just login to the service separately and view the request there rather than clicking the email link. 

There is a lot more your company can do to help including using email filters and text blockers on company accounts and providing cybersecurity training on an annual basis. In fact, for many companies, these actions are required for them to follow industry cybersecurity regulations. If you aren’t certain what tools are available to you, reach out to your company’s IT staff or service provider. They will be happy to help you stay safe!  

Montra Ranked #48 in 2021 NextGen 101 Managed Service Providers To Watch

NextGen 101 Honors Montra as an Industry Leading Managed Services and Technology Provider 

 NextGen Honors 101 Industry Leading Managed Services and Technology Providers. Selected from 2021 Channel Futures MSP 501 

ATLANTA, September 30, 2021 — Montra has been named as one of the world’s premier managed service providers on the prestigious Channel Futures 2021 NextGen 101 rankings. 

 The 2021 NextGen 101 winners were selected from applications submitted for the 2021 Channel Futures MSP 501. Channel Futures is pleased to name Montra Solutions as number 48 on the 2021 NextGen 101 list 

For the 2nd year running, MSPs from around the globe completed an exhaustive survey and application this spring to self-report product offerings, annual total and recurring revenues, profits, revenue mix, growth opportunities and company and customer demographic information. The NextGen 101 list recognizes MSPs with annual recurring revenues under 20% of total revenue. While these partners offer managed services, they’re also resellers, system integrators, and shops that do project work. 

“We are pleased to be included again in this prestigious group. It is a great confirmation that the work our team has done to serve our customers. Montra is providing unique and much needed software to automate critical IT processes,” said Scott Ryan, CEO, Montra Solutions. “And we are excited to bring this innovation to our customers to help them utilize technology the way they have been promised they can.” 

“The NextGen 101 is designed specifically to honor partners dedicating resources to building out their practices — all while maintaining the integrity of their core businesses”, said Allison Francis, editor and content producer at Channel Partners and Channel Futures. “Given that these companies represent the future of the technology channel and IT industry, the Channel Futures NextGen 101 are the most-watched of all organizations in the channel today”. 

The NextGen 101 list honors industry-leading managed services providers who have shown promise through the leading-edge information technology solutions they offer. Many of the honorees business models place emphasis on generating revenue from the cloud, security, devices, unified employee communication, among others. 

The complete 2021 NextGen 101 List is available at Channel Futures.  

 

Background 

The 2021 NextGen 101 list is based on data collected by Channel Futures. Data was collected online from March 1 through May 24th 2021. The MSP 501 list recognizes top managed service providers based on metrics including recurring revenue, profit margin, and other factors.  The NextGen 101 list honors industry-leading managed services and technology providers who are driving a new wave of growth through the innovative solutions they deliver for customers. 

 About Montra Solutions 

Montra Solutions is a managed IT services provider that has developed modern software to deliver enterprise-grade services to businesses of any size. Montra simplifies complex IT operations with software that securely manages modern systems and data – in the cloud, at the edge, or wherever your business takes you. Montra is based in Atlanta with offices in Tampa and Seattle and customers worldwide. For more information please us at www.montra.io or contact us at info@montra.io 

 About Channel Futures 

Channel Futures is a media and events platform serving companies in the IT channel industry with insights, industry analysis, peer engagement, business information, and in-person events. Every year, they welcome 7,400+ subscribers to their research, more than 3.8 million unique visitors a month to our digital communities, 18,200+ students to their training programs, and 225,000 delegates to their events. 

 MEDIA CONTACT: 
Grace FitzGerald 

Marketing Coordinator 

Montra  

gfitzgerald@montra.io