Our Most Popular Managed Services

If you need help deciding what services are best for your business let us know.

VT Logo header logo wrap shape

VT Logo header logo wrap shape

Award-Winning Dallas-Fort Worth IT Services.

Questions? Call (817) 595-0111

inner banner overlay

VersaTrust Blog

VersaTrust has been serving the Texas area since 1997 , providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses.

5 Cyber Trends an Outsourced IT Support Services Firm Says You Can't Ignore


Tech companies experienced a 2,300% increase in cyberattacks in 2021, according to Deepen Desai, CISO and vice president of security research and operations at Zscaler. But tech isn’t the only industry that’s been hit, and the attackers aren’t likely to go away any time soon.

As hackers develop more sophisticated methods of attack, it’s important to be aware of the security concerns that may affect your company. Watch out for these 5 cybersecurity trends in 2022 and learn how you can protect your business. 

#1 Remote Work Vulnerabilities

Devices that belong to the Internet of Things experience an average of 5,2000 attacks per month, according to Symantec. Those devices are often hooked up to home networks – networks that remote employees use to access work files.  

When all employees worked on-site, the area that bad actors could attempt to exploit and attack was tiny compared to the decentralized remote work environments of today. For many companies, a return to a fully on-site staff in the short term is unlikely. 

While home office kits, faster broadband, and more devices have made remote work more agile, they have also increased security threats. Home networks are rarely as secure as on-site cyber defenses, and there are also more unsecured devices connected to the home network, creating even more vulnerabilities.  

Sometimes, employees who are working from home may fall into a comfortable routine and adopt a more lax approach to how they use their devices and the software that they download. Tech used without either the permission or the knowledge of the IT department can create vulnerabilities since they haven’t necessarily been vetted by your IT team to ensure that they are secure and will keep you safe.  

The solution? Set up the controls you need while also empowering your employees to work securely while they’re remote. Be confident that your team has the right software, hardware, and equipment to keep your data secure. Talk to an expert at VersaTrust about the security of your remote team to keep them and your company data safe.  

Learn about how advanced security systems can keep you protected and running in the new year

#2 More Attacks in the Cloud

Gartner forecasts that Software as a Service (SaaS) revenue will grow to $151.1 billion in 2022, which makes these applications an attractive target to hackers looking for a major payout. 

SaaS tools have solved many problems, but they come with their own set of issues. Did you know that poor management, or a lack of management, can lead to SaaS data leaks?  It’s not just the user’s responsibility to keep their account protected; management plays an important role. These solutions need to be properly updated and monitored to remain cyber secure.  

SaaS solutions are vulnerable to attacks like any other business. Recently, the HR management platform Kronos was attacked by a ransomware group. Kronos retained data about their clients that the ransomware attackers were able to access. This breach caused scheduling, timesheet, and payroll problems for businesses that use Kronos.  

Kronos isn’t the only third-party service that ransomware groups have successfully targeted. In fact, hackers go after SaaS providers and third-party services because they can breach more companies in one attack. In 2022, remember that SaaS solutions are also vulnerable to attack, and they can turn into serious cybersecurity problems.  

What’s your solution? Before purchasing or downloading any new SaaS tools, make sure they are secure. Our team at VersaTrust can point out possible vulnerabilities and explain what needs to happen before you adopt a new SaaS tool to close those security gaps. Take a look at how we keep you secure.  

#3 Attacks with a Human Element

Eighty-five percent of data breaches involve what Gartner calls "a human element" - aka people inadvertently clicking on links or wiring money to criminals. Hackers succeed because they know how to exploit the blind trust most people put in communications that look like they come from the boss or a business partner. It's called social engineering. Here's how it works:

A hacker creates an email address with a similar name to the CEO and asks employees to send them money. Or they send a link in an email that looks harmless, but actually contains a virus. Either way, the trusting employee falls for the scam and suddenly you're dealing with a data breach. 

These attacks are only going to increase. According to Troy Gill, senior manager of threat intelligence with Zix | App River, email will be increasingly targeted in 2022.

Everyone is responsible for cybersecurity, but many people are unaware of just how much one mistake can cost in terms of lost data and ransoms. To solve this problem, everyone on your team needs to be educated about and aware of potential threats. Empower your staff to be more secure through training that’s easy to understand and relatable. Start by sharing this article about phishing with your team to help them identify what they should be looking out for in emails before they click.  

 Contact us and let’s start working on your cybersecurity strategy for 2022

#4 Ransomware Hasn’t Gone Away

According to the National Security Institute, the average requested ransom fee increased from $5,000 in 2018 to $200,000 in 2020. When those attacks succeed, the costs are astronomical. The average total cost to an organization of recovering from a ransomware attack was $1.85 million in 2021. 

Ransomware attackers have changed their strategies. Instead of using large-scale, generic, and automated attacks, hackers are using more advanced methods. Specifically, they’re attempting more hands-on keyboard hacking that’s more targeted while focusing intently on fewer organizations. 

The ransom fee isn’t the only cost involved, however. Recovering from a successful ransomware attack takes time, impacts customers, and even requires rebuilding systems. According to Sophos, these costs, on average, come out to 10 times more than the ransom paid. Many companies that are victims also never get their data back. 

In 2022, stay focused on preventing ransomware attacks. Don’t just detect and respond. Focus on predicting and anticipating risks. An expert at VersaTrust can show you how our fortified IT and security can keep your business’s data safe.

#5 Fight Back with a Multi-Layered Cyber Defense from an Outsourced IT Support Services Firm

Of the 32% of organizations that chose to pay a ransom during a 12-month period, 29% got half or less than half their data back, and only 8% managed to retrieve all their compromised data, according to a report from Sophos. Paying an attacker doesn’t mean you’ll get your data back, so do everything you can to prevent an attack in the first place.

Businesses are fighting back against remote work vulnerabilities, attacks in the cloud, social engineering scams, and ransomware attacks. It’s impossible to ignore what’s happened in the cybersecurity realm in the past few years. Because of the serious and expensive consequences of these attacks, there’s more awareness of and funding for cybersecurity solutions.  

A strong cyber defense strategy uses a multi-layered approach that not only responds to attacks but also proactively defends against them. For many companies, it’s a matter of if not when an attack will happen. Partnering with security professionals like VersaTrust can help you prepare and respond.

Outsourced IT support services firms provide the expertise you need to navigate these current cyber trends. In 2022, prioritize budgeting for security and investing in a strong cyber strategy that aims to prevent attacks and mitigate risk. VersaTrust’s multi-layered approach uses proven technologies to provide detection protection. Learn more about how we can help your business here.

Outsourced IT support services like VersaTrust can help you plan how to respond to the most recent cyber trends 

Continue reading

Cybersecurity Professionals Are Difficult To Find – Consider Outsourcing


With the labor market increasingly taxed by the Great Resignation, Outsourced IT services are increasingly in demand. Add in this decade’s rapid spike in cybersecurity woes, and it becomes an even more desperate picture. Hardest hit are small businesses whose profit margins are under pressure from inflation and that are struggling to hire and retain talent.

According to the 2020 Cybersecurity Workforce report, the IT industry is currently in need of 3 million qualified cybersecurity workers. 64% of the cybersecurity professionals surveyed say their organization is impacted by this cybersecurity skills shortage.

Until recently, most businesses have been able to skate by on bare-bones cybersecurity. Relying on a single software solution or firewall to keep them safe. Cybersecurity can no longer be an afterthought – even for micro-enterprises. If you deal with information, you’re dealing in gold – and it is absolutely critical to safeguard your organization, workforce and clients.

Consider what security measures you have in place, and then consider how rapidly an issue would be remediated by your team. If you don’t have a cybersecurity expert on staff, or haven’t consulted with one, chances are there are big gaps in your security. Outsourcing IT for cybersecurity doesn’t mean you have to replace your current IT staff. On the contrary: a provider can support and augment your team, so you have the best of both worlds.

Outsourcing allows small and large businesses to leverage economies of scale for their IT needs. A recent study from Computer Economics found that security was the fastest growing IT role being outsourced. It’s little surprise, as more companies recognize they can’t insource the right skills to address these varied and complex threats and keep their companies safe. That makes security a priority for outsourcing.

By choosing to leverage external resources, these companies can refocus on their core competencies and offload the external pressures created by an ever-changing IT threat landscape, increasing complexities presented by technology and the scarcity of IT employees who can navigate these challenges at a fair price.

There are several benefits to outsourcing IT, especially when it comes to improving your security.

Here are our top 5:

Expert Cybersecurity, Affordable IT Services

Outsourced IT security management calls for expertise in diverse skill areas, typically requiring multiple specialists. At the same time, there is a market-wide shortage of these skills. Hiring and retaining workers with the requisite skills to protect your company is expensive and uncertain. In contrast, you can access a team of such experts by outsourcing and pay flat fees with relative certainty that your IT team is going to be there, protecting you around the clock.

Focus on your core business

Outsourcing your IT even partially can free up critical resources to focus on the core of your business. Your existing IT team can manage infrastructure and all those “keeping the lights on” tasks or turn their attention to strategic initiatives to make your business more effective and competitive. For example, outsourcing your IT security allows your staff technicians to focus on high-impact projects that lead to the success and growth of your business.

Informed policy guidance

The IT threat landscape is always changing, and companies that don’t have a full, expert grasp of the extent of these security risks can’t adequately address them. Creating effective security policies takes in-depth experience that most IT generalists don’t possess. For instance, the IT staff in your company may not be able to accurately assess the effectiveness of your existing security policies or how well your company is keeping up with compliance requirements you’re required to follow.

Unbiased checks and balances

Your IT security is best outsourced, because it ensures some necessary degrees of separation between your company and your security checks and balances. Processes like security assessments and recommendations can become sensitive territory when managed internally. Outsourcing puts it in the hands of neutral parties who are fully vested in protecting your organization and can offer verification of that protection.

Comprehensive security coverage

Most companies focus on infrastructure security measures, like firewalls, anti-virus and spam filtering, but fail to address internal threats or physical security risks, like inappropriate data access or removal and employee security lapses. These actually represent a large risk to organizations. Employees removing confidential information on a USB key or a busy manager clicking on a phishing link can have catastrophic results. The nuances of these internal threats rely on trained security professionals. It’s not something you can have a regular IT person scout for with enough success to detect all the vulnerabilities.

With an outsourced IT provider, you can address security from all angles, covering your bases and providing safeguards and protections your internal IT staff often don’t have the experience, training and skills to implement and oversee. Given that 60% of small businesses suffering a serious cybersecurity incident go out of business within 6 months, outsourcing your IT security could be one of the most important decisions you make as a business owner.

The Outsourced IT Provider Fort Worth Trusts for Cybersecurity

We’ve provided outsourced IT services for companies throughout Fort Worth to improve their cybersecurity, get compliant with regulatory mandates and weather the storms of the 2020s. By partnering with VersaTrust, you get the benefits of a fully compliant IT and security team at the fraction of the cost of having an in-house IT team. At VersaTrust, we work with you to continually improve your IT and cybersecurity as your business grows.

Contact us today to find out how we can help your business grow!

Continue reading

Cybersecurity Awareness Month: Phight the Phish


October is Cybersecurity Awareness Month. Now, in its 18th year, Cybersecurity Awareness Month exists to help Americans develop an appreciation and awareness of the importance of cybersecurity. One of the focus areas of this year’s campaign is phishing. And with good reason. Consider the following statistics:

Continue reading

Cybercrime and You: Why Cybersecurity Is Critical for Small Businesses


In 2019, more than $3.5 billion was lost to cybercrime. During this, the 18th annual Cybersecurity Awareness Month, we want to help you understand the threat of cyberattacks. More importantly, we want to help you see the cybersecurity steps that you can take to protect your business so that you do not become yet another victim of these digital criminals.

Continue reading

How Partnering With a NIST-Compliant MSP Can Help You Meet Compliance Needs

How Partnering With a NIST-Compliant MSP Can Help You Meet Compliance Needs

When you’re working on government and Department of Defense (DOD) contracts, trust and reliability are key. In a world where cyberattacks cost businesses and governments billions of dollars each year, your cyber readiness can have a critical impact on the contracts you secure and the business you gain. To guarantee the right level of service and security, most government clients demand compliance with key standards like the NIST (National Institute of Standards and Technology), CMMC , and others. 

Continue reading

4 Affordable Ways to Secure Your Business

4 Affordable Ways to Secure Your Business

Phishing attacks are on the rise

While many Forth Worth businesses struggle to weather everything that 2020 has brought, hackers have been busy taking advantage of the uncertainty and fears of things like COVID-19 and the political climate with phishing scams that exploit the disruption in our normal routines.

Continue reading

6 IT Essentials You Simply Can’t Cut – and 3 You Can


During good times, businesses usually operate IT on the just enough and just in time standard. Often, this includes putting off upgrades and license renewals until the last moment in favor of cash-on-hand or other investments. However, much like a hospital that routinely operates at 98% of their bed capacity, when a downturn hits – like a global pandemic – there’s no surge capacity on hand.

Continue reading

Fort Worth DOD Contractor Relies on VersaTrust to Manage Complex Compliance Requirements

Managing CUI compliance

The U.S. Department of Defense (DOD) spends more than $316 billion on contracts each year. Notwithstanding the multibillion-dollar contracts that go to the likes of Lockheed Martin, Boeing and Raytheon, many smaller organizations manufacture and offer products and services to the Defense Department as contractors. VersaTrust is the proud managed security services provider for one such company.

Continue reading

Prevent Hackers from Stealing Your VoiP and Costing You Money


Prevent Hackers from Stealing Your VoiP and Costing You Money Best ways to prevent your business from losing money because of hackers stealing your VoIP service. In 2017, telecom fraud amounted to $29.2 billion in losses to organizations and carriers, according to No Jitter. One form of telecom fraud is theft of service, which is obtaining service

Continue reading

Hackers Access CEO Email to Steal Company Money


BEC Scam Helps Hackers Steal Over $46M from Company How fast could your company lose $46M? BEC Scams do it in minutes. Find out how criminals hack CEO emails to earn themselves a huge payday at your expense. Sometimes criminals hide in the shadows and sometimes they hide behind technology, waiting, ready to strike

Continue reading

Want To Drastically Enhance Your Small Business Cybersecurity?


No matter how secure you may be right now, you could always be doing more. Have you double-checked your cybersecurity lately? Review the best practices below to strengthen your small business cybersecurity. When everything is going well, the last thing you want to do is think about what will happen when something goes wrong. It’s

Continue reading

Should You Worry About Facebook Identity Thieves?


Tips for Avoiding and Reporting Facebook Identity Theft Financial fraud and access to confidential business data rank among scammers’ reasons for setting up fake profiles in Facebook identity theft schemes. Right now, hundreds of people could be viewing your photos on Facebook — on an account that doesn’t belong to you. In recent years

Continue reading

How VersaTrust Partners with Cities to Prevent Cyberattacks

Envelope with virus being delivered to a computer

Across the country more than 140 municipalities, police departments and hospitals have fallen victim to ransomware attacks so far this year. Texas, where 22 public institutions have been infected by malware and held hostage, has been far from immune.

In this case study review, we share how the Defense in Depth network security solution we installed helped the City of Richland Hills avoid two potentially debilitating cyberattacks.


The City of Richland Hills is a municipality of 8,000 residents located in Tarrant County, Texas. The city employs 110 full- and part-time employees. The Richland Hills Police Department is required to comply with stringent information technology regulations from the Criminal Justice Information Systems (CJIS), the Texas Department of Public Safety and the FBI.

VersaTrust’s relationship with Richland Hills began in 2014 when we entered an open bidding process to provide managed IT services. Since then, we’ve managed their IT infrastructure and helped them maintain CJIS compliance.


Several years into our relationship with Richland Hills, the city manager decided to take a proactive, preventative approach to IT security. He asked VersaTrust to participate in another competitive bidding process — to provide security services.

While the competition offered one-size-fits-all packages, no matter the cost point, VersaTrust designed a package that provides layered security to the city’s network and fits their budget. The city approved our solution and we became their managed security service provider.


The security solution we designed for Richland Hills is a Defense in Depth approach that borrows from advanced Department of Defense (DoD) methodology and tactics. In Defense in Depth, we create an infrastructure that deploys multiple barriers, rather than a single perimeter, to prevent, detect, quarantine and eliminate cyberthreats.

Defense in Depth

Traditional antivirus programs and firewalls are insufficient on their own to protect against modern, dynamic hacking tactics. Most hacks originate through some form of phishing attack in which an employee opens the door to an attacker by clicking a link or opening an attachment.

While there’s no substitute for employee training on cybersecurity best practices, Defense in Depth involves monitoring the network and individual workstations to detect the kind of abnormal behavior that signals a breach.

The City of Richland Hills suffered two breaches – each the result of employees falling victim to phishing attacks. In both cases, Defense in Depth performed optimally and prevented catastrophe.

Breach #1: Ransomware introduced through a link

Issue: Richland Hills’s first hack occurred when an employee clicked an email link from an unknown sender. The link downloaded ransomware, infected the workstation and attempted to spread across the network.

Response: The hack bypassed the robust antivirus tools and firewalls that we installed because the employee actively, if accidentally, introduced the infections. Our Defense in Depth response took over.

Our Security Operations Center (SOC), which monitors our clients’ systems 24x7, detected unusual activity on the network within moments. In real time we identified the ransomware’s origin and shut down the culprit system.

Breach #2: Password stealer infection from a fake PDF

Issue: The second breach took the form of an Emotet, a password stealer that jumps from one workstation to another. It was packaged and disguised as a fake invoice attached as a PDF to an email. The city official opened the attachment, even though he did not recognize the sender, and the Emotet began deciphering passwords.

Response: Once again, our SOC detected unusual activity before Richland Hills employees felt the symptoms of the attack. We quarantined the password stealer and froze the compromised accounts. Meanwhile, the city’s other employees continued working unaffected while we repaired the damage.


The Richland Hills city manager appreciates our Defense in Depth solution first and foremost because it keeps their computers free of adware and malware, which improves performance and lengthens the intervals between hardware upgrades and new computer purchases.

Having suffered two of the most common breaches that can hamstring an organization, Richland Hills has first-hand experience to prove that Defense in Depth identifies and immediately responds to a hack before negative consequences are felt. Moreover, in the aftermath of these breaches, Richland Hills engaged VersaTrust to provide employee training across the city’s workforce, which has now become mandatory for municipalities in Texas.

Whatever your industry and unique set of circumstances, a multilayered approach is essential to securing your business in today’s complex cyberthreat environment. Reach out to us (817-595-0111 or email) for more information today.

Continue reading

Cybersecurity Interview: 5 Steps Cities Can Take to Prevent Ransomware

The spate of cyberattacks on Texas cities has left municipalities wondering what can be done. VersaTrust’s owner and CISSP, Danny Owens, dissected the threat and outlined steps municipalities can take to combat the methods cybercriminals use in the interview below.

1. Is this the last we’ve seen of attacks on city governments?

Danny Owens (DO): No. City governments will continue to be targeted until they implement comprehensive security controls equal to and better than the threats they face.

2. Why don’t organizations realize they’ve been breached?

DO: Today’s hackers are very good at covering their tracks. They also use tactics traditional security tools can’t detect. Effective detection tools need to be in place to identify an attack that is in progress or that has occurred.

3. What should municipalities do if they know or believe they may have been breached or attacked?

DO: Report the incident to your qualified IT/Security personnel who should:

  1. Immediately work to determine if a breach has occurred
  2. Stop the attack and minimize the damage
  3. Notify management who may then notify state or federal authorities
  4. Assess the damage and develop a recovery plan
  5. Perform a recovery if necessary and preserve any evidence related to the breach

4. Have any VersaTrust clients been impacted by these attacks?

DO: None of our municipal clients have been impacted in the latest attacks. One municipality recently had ransomware accidentally introduced from a phishing scam, however, our advanced endpoint protection software and Security Operations Center neutralized both threats before they could cause damage.

5. What are some examples of how you protect your municipality clients?

DO: We strongly believe in a layered security approach for all of our clients. It’s also recommended by the U.S. Department of Defense and introduces multiple barriers to halt attackers. Security controls, like real-time scanning and advanced endpoint anti-malware protection are customized based on a client’s risk, requirements and budget. During employee training sessions we show your team what to watch for, so no one falls for a phishing scam or accidentally introduces malware to your network.

We also synchronize local backups to a secure cloud server at least once every 24 hours to minimize data loss. A bulletproof backup is the only guarantee for recovery from data loss and ensures that ransom will never have to be considered as an option.

6. Should cities pay ransomware demands?

DO: Robust backups will prevent cities from being in a position where they consider paying a ransom request. If restoring from a backup is not an option, state or federal authorities should be involved in any decisions to be made regarding negotiating with the criminal.

7. A CFO recently reached out to you for heightened security but had a limited budget. Which solutions did you recommend?

DO: The CFO wanted a backup solution with faster data recovery time and advanced antivirus software to guard against malware and ransomware. Due to budget constraints, they had to choose between implementing stronger anti-malware/DNS protection and the more effective backup solution.

We recommended they add the backup solution first because recovering data is the highest priority after a breach. Then, additional protections can be implemented in a second phase when a budget is made available.

8. What are specific steps cities can take to prevent ransomware?

DO: Have an IT security expert conduct an assessment to determine areas where risks exist, like unsecure firewall configurations, no local backups, or lack of employee training. Then they’ll be able to:

  1. Prioritize areas according to risk level
  2. Develop an action plan to reduce chances of exposure or breach
  3. Work with you to determine a budget, as needed
  4. Maintain a secure environment and prevent new threats from infiltrating the environment
  5. Perform ongoing assessments


Don’t let cybercriminals have the upper hand

VersaTrust is a Fort Worth cybersecurity service provider. We’re ready to assess your network and heighten your security posture to keep your city, data and citizens secure. Contact us today online or by phone (817) 595-0111.

Continue reading

How VersaTrust – a CISSP – Secures Fort Worth Businesses

Fort Worth secured by CISSP IT provider VersaTrust

If you were shopping for a home security system, you wouldn’t settle for an option that only protects the front door. You’d want a system that can secure every nook and cranny of your house, 24/7. You need to have the same mindset when it comes to your business.

You need more than firewalls and anti-virus software.
Relying on firewalls, anti-virus software or other basic protections is like only protecting the front door of your house. Yes, you’re preventing some threats, but there are many other ways a thief can break in. You need to work with an expert managed security provider who is a Certified Information Systems Security Professional (CISSP) to prevent cyberattacks and mitigate IT risks.

Understanding IT Risks Fort Worth Businesses Face

Businesses of all sizes have a lot to lose by falling prey to today's increasing cyber security threats.

Employees can be a serious threat

Even though vendors are developing advanced security features, hackers can still easily exploit vulnerable employees and businesses with lax information security management.

Often, this is accidental and caused by something as simple as an employee clicking a link in a phishing email. Less common, but still possible, are insider threats exploiting a trusting employer.

If you’re breached, you’ll likely lose revenue

Ransomware isn’t the only way a breach can cost you. You could also suffer a decrease in profits from:

  • Unexpected downtime or productivity slowdowns due to ransomware and phishing attacks
  • Loss of money or financial account information due to executive impersonation (whaling)

The longer it takes you to recover from outages or data loss, the more you stand to lose. You need to have a robust disaster recovery/business continuity plan in place.

Breaches damage your professional reputation

Loss or exposure of sensitive data have implications beyond downtime; they can hurt your reputation. Public faith falters when breaches are disclosed – 60% of small companies are out of business 6 months after a cyberattack occurs.

Risks change as you grow

Growth brings change, and change can introduce new threats. When we work with clients who are growing, we vet their security to ensure their businesses aren’t open to compromise, especially if they’re acquiring or merging with other businesses. Here are two ways we help growing businesses create or modify processes with security in mind:

  • Establish human resources procedures that include background checks and timely notification of IT when hires and terminations occur for proper account creation and removal
  • Audit file access and security group permissions as employee movement occurs between roles

Multilayered Security is a Key Line of Defense

When you have layers of security, you make it much harder for a threat to take advantage of a vulnerability. But, not all businesses have the same threat exposure. How many layers of security control you need depends on your level of risk.

That said, there are basic preventive measures all businesses benefit from. We recommend you put into practice tools and systems that can:

  • Detect anomalies and threats as they occur
  • Minimize or subvert damage in the event of an attack
  • Recover from a successful attack or disaster with a response, remediation and recovery plan

Work with a security expert to determine the level of protection you need.

Partner with a Managed Security Partner Who is a CISSP

You don’t have to confront these risks on your own. A managed security provider will be able to help you develop incident response plans, provide tools to protect your business and monitor your network for suspicious activity.

Look for a partner you can trust who has a high level of expertise – a CISSP.

What is a CISSP?

CISSP stands for Certified Information Systems Security Professional. It is considered the gold standard of security certifications. Working with a CISSP provides full confidence that your business is protected by the most up-to-date best practices.

To qualify, a candidate needs to:

  • Be endorsed by another CISSP who is in good standing
  • Pass an adaptive test lasting 3 hours and containing 150 questions
  • Possess 5 years of verified information security work experience
  • Complete 120 hours of continuing education every 3 years

Read more about CISSP processes and benefits here.

CISSPs are on staff at VersaTrust and can help protect your business. Contact us to schedule an assessment or learn more about how we safeguard organizations in the Fort Worth area.

Continue reading

How to Achieve Texas-Sized Growth with Network Security

Man crossing problem out seeing opportunity to grow business with network securityIf you’re building a home, you lay the electrical wiring before installing and painting the drywall. Going in reverse order is illogical and would create unnecessary complications. Similarly, when growing your business, you want to have processes in place that prevent extra work and mitigate risk, especially when it comes to IT.

With a blueprint it’s much clearer what you need to do first. As your business grows, you need a plan that lays out the foundations of your growth and addresses new requirements, risks, challenges and opportunities. Without network security and IT built in, your growth fizzles out like a dust devil.

I offer up two client cases as examples. Each illustrates the challenges and opportunities they faced with growth and underscores why using the 3 pillars of security early in their plans was key to their success.

Improved Security Empowered a Defense Contractor to Seek Bigger Contracts

We started working with a defense contractor in 2014, ensuring the company was compliant with the government’s rigorous data security requirements. As a direct result of our work together, the company had the confidence to bid on and win big contracts that were once out of their league, fueling their growth. In the past year, the contractor has grown from 35 to 50 employees, is opening a second location and further growth is projected.

Failure to meet ever-evolving regulatory requirements would quickly result in a suspension of their Authorization to Operate (ATO), which means forfeiting their existing contracts and exclusion from bidding on future ones.

To ensure the contractor maintains compliance, we:

  1. Conducted a point-by-point evaluation of the government’s data security requirements
  2. Met with our client to explain the implications, costs and risks
  3. Developed appropriate solutions while our client remained focused on fulfilling the contract and growing the organization

Our strategic role as their managed security provider has empowered the company to bid on ambitious contracts without worrying about how they will scale up their IT and network security.

Doubling in Size Increased this Insurance Company’s Exposure Risk

Since 2006 we have supported the continual growth of a home insurer. In 2016 they reached a milestone of 50 employees, and since then they have doubled in size.

Due to the rapid growth, they quickly realized their success required them to re-evaluate their network security and they worked with VersaTrust to do it. Specific concerns included:

  1. Greater exposure to cyberattacks as a result of increased size and visibility
  2. More scrutiny from the Texas Department of Insurance, provoked by their larger portfolio
  3. IT disruption posing increased threats to their brand and reputation

Likewise, as they surveyed the regulatory landscape, they recognized that government guidelines would evolve into compliance requirements over the next 24 months.

We recommended managed security services. This helped them quickly double down on their risks with the confidence that, not only did they have tighter security, but they had access to ongoing strategic advice based entirely on our objective evaluation of their costs, risks and benefits. That’s why, when we determined that the on-premises location of their servers was their highest risk factor, the conversation was immediately a trust-based discussion about budgeting, timelines and logistics to move them to a more secure solution.

An Easy Way to Include Security in Your Growth? An Assessment

Remember, it’s ideal to wire a home before you install the drywall. Your home needs electricity, and if it doesn’t have wiring, the sooner you address it, the better. The same goes with whatever network security needs you have for your growth. Sooner is better than later; later is better than never.

Understanding how your network security and IT can impact your company’s growth starts with a comprehensive assessment from a trusted IT partner – one who brings knowledge of the advantages you can gain through IT security and how to leverage those as part of your growth strategy.

VersaTrust has the expertise of an on-staff Certified Information Systems Security Professional  (CISSP) and the depth and experience to identify your vulnerabilities and devise cost-effective solutions to secure your company’s future and growth.

How is your IT security going to foster or hinder your growth? Find out with an assessment from the experts. Contact us at (817) 595-0111 or online today to get started on your security assessment.

Continue reading

Buckle Up: How to Securely Drive Business Growth

Buckle up your business for network securityNetwork security is a lot like airbags and seat belts. They used to be optional but nowadays you probably wouldn’t drive a car without them. So, if a seat belt is an essential everyday safety measure, what about when you’re in a hurry and distracted?

The same is true of network security and your business. It’s important for doing business as usual but it’s vital when you’re growing and expanding. That’s because growth creates the kind of disruptions that are like a flashing neon sign to opportunistic hackers.

The Risks Grow as Your Business Grows

As you grow your sales, increase production and deliver more services, you need more employees and technology to enable the expansion. This means more computers, tablets and smartphones; new user accounts; faster servers; larger data storage and maybe even additional office locations or remote work opportunities.

Unfortunately, each additional device, application and user – each new node in your network – increases your vulnerability to viruses, ransomware and phishing attacks. But it’s your people who are actually your greatest security vulnerability.
Even if you can afford all the top-shelf security solutions, not incorporating security into your business plan will leave you incredibly vulnerable to the preventable threats most likely to get you:

  • An employee who clicks an insecure email link
  • A vendor who was gets hacked and infects your system
  • A consultant who logs in without encryption or has unneeded administrative permissions

These are common situations and can easily result in an IT disruption such as network downtime or the theft and ransom of your valuable, confidential data. In both cases, the cost to your business includes lost sales and revenue, major delays, IT expenses and lasting damage to your reputation.

How to Plan for Growth and Security

As a business owner, you try to plan for changes in market conditions, the actions of your competitors and other possible factors that might impact your growth plans. Often, those “possible factors” don’t include security threats. If they do, most businesses only insert a budget line and some generic text about the threats.

Incorporating security throughout your business and growth plans is the key to avoiding these nightmare scenarios. One practical, specific way to incorporate security is to address the 3 tenets of network security – confidentiality, integrity and availability.

For example, your sales team certainly needs read & write access to your Customer Relationship Management (CRM) platform but maybe your marketing vendor can do with read only access.

Or, shifting responsibilities among team members may require revising user authorizations so each individual has the appropriate level of access. Likewise, whenever individuals leave your employment, access to company accounts and shared digital spaces like Google Hangouts, OneDrive and Slack must be frozen immediately.

These are just a few of the many daily changes that increase risk and create new vulnerabilities for a business experiencing growth. Each must be continually monitored to vet for risks and take the appropriate security measures.

Use a Risk Assessment to Create a Security Plan

You can’t buckle your seat belt or install an airbag after you have a crash, and you can’t secure your network after an attack. Instead, the best and only practice you should follow is to incorporate security in your business plan and then budget accordingly.

Start with a security assessment. It’s a critical first step that identifies your needs and vulnerabilities and ensures a secure operating environment. Security is vital for your business, and the assessment should be conducted by a qualified, experienced expert.

Don’t Trust Just Any IT Provider With Your Network Security

Look for Certified Information Systems Security Professional (CISSP). VersaTrust has a CISSP on staff, who went through extensive training and testing to prove an in-depth understanding of cybersecurity strategy and an ability to design and implement solutions that improve the security posture of an organization.

Reach out to us with a call (817) 595-0111 or email to get started with your assessment today.

Continue reading

Build Your Business Plan on These 3 Pillars of Network Security

triangle showing 3 pillars of network securityIn the early days of information technology, network security was a fancy way of saying that you had installed antivirus software on your PC. Today the threats are more sophisticated, encompassing ransomware, identity theft and phishing attacks. Your network security must evolve in scope and sophistication just to continue doing business as usual.

There’s a lot that goes into developing robust, multilayered security to safeguard your data and IT infrastructure, but it can be broken down into 3 principal pillars: Confidentiality, Integrity and Availability, otherwise known as the CIA triad.

3 Pillars of Network Security

A security solution that covers the 3 pillars ensures your business is protected against an attack and will be resilient in responding to and recovering from one.

1.      Confidentiality

A security solution that provides confidentiality ensures that access to data can be enabled or restricted for specific users based on their need to know.

For a medical practice this is a well-known HIPAA requirement. Staff who don’t need access to a patient’s files shouldn’t have it.

2.      Integrity

Data integrity refers to security controls that ensure data or system configurations are not modified in an unauthorized way.

For example, an account spreadsheet must be protected from unauthorized changes to ensure you can rely on the accuracy of the data.

3.      Availability

Availability describes how data and applications remain accessible to users and processes through secure, authorized devices during production hours.

How to ensure data availability:
  • Establish security controls for systems to protect against malicious attacks that affect uptime
  • Build redundancy into server and network configurations
  • Implement robust disaster recovery and business continuity planning
Knowing these 3 pillars is key. All 3 components must be considered alongside all the other elements in your business plan.

Tying Security Into Your Business Plan

Any technology or process put into place as a result of the business plan has to be measured against whether or not those components are secure. That’s why it’s more difficult to tack on security after the fact than it is to integrate it into your business planning process.

Let’s say, for example, your business plan calls for outsourcing payroll functions to a third party. Your plan should address essential security issues like:
  • Which data and files should the vendor be allowed to access? (Confidentiality)
  • What information are they permitted to alter? (Integrity)
  • How and from where will they access your system and payroll information? (Availability)
Or, if your business is expanding and you need to add new servers, they will need to be regularly updated and properly configured. This ensures any security flaws are patched and that all workers – office or remote – can access the information they need to do their job.

Without a plan that addresses availability you run the risk of not knowing how long your systems will be down when IT disruptions occur.

When an IT Disruption Occurs

We have all experienced the helplessness of being unable to access email, the customer relationship management (CRM) database files on the server and other essential business apps.

Preventive measures are essential, but you also need to be prepared for the possibility that something – a phishing email, a tornado, a hail storm, a neighbor setting the sprinkler system off – could leave you without access to your systems. To prepare for this reality, consider these two important factors:

Maximum Tolerable Downtime (MTD)

MTD defines how long your business can remain shut down – without access to email, databases and essential apps – before it causes irreparable or unacceptable losses. This can be determined by thinking about disruption to sales and/or damage to your reputation or any other factors that might be impacted by downtime, like an employee revolt.

Your MTD might be a few hours or a few days. It will determine the level of investment and preparation you need to avoid downtime and recover from an IT disruption.

Recovery Time Objective (RTO)

RTO is your target time for restoring access to your data and apps. It is always going to be less than your MTD – your cliff’s edge. Your RTO should be realistic for the level of investment, preparation and testing built into your business plan. A security-focused managed services provider like VersaTrust can help you determine this.

Start Your Business Planning with a Security Assessment

Network security is intertwined with every aspect of your business, and there are many factors you need to consider as you evaluate your business plan. A security assessment helps organize the process and provides actionable insights that safeguard your business.

When we conduct security assessments, our in-house Certified Information Systems security professionals identify vulnerabilities and design customized solutions. After the initial evaluation we help you to:
  • Incorporate the 3 pillars, MTD, RTO and proper budgeting in your business plan
  • Implement and configure your applications for usability and security
  • Monitor your network and perform routine upgrades
  • Recover your network quickly in case of a disruption
Not all managed IT providers have the expertise to provide a thorough security assessment and align it to your business goals. We do. Contact us at (817) 595-0111 or email us to schedule an assessment.
Continue reading

Basic PC fixes are costing you money

When your employees seek your IT security staff’s help to fix their personal computer (PC) problems, it’s often perceived as a productive use of everyone’s time. After all, employees must have working computers and IT professionals are expected to resolve any technology issues. What doesn’t get acknowledged, however, is that instead of troubleshooting technical problems, your technology support staff could be spending their time on more productive tasks.

Cost of fixes

According to a survey of technology professionals, companies waste as much as $88,660 of their yearly IT budget as a result of having security staff spend an hour or more per work week fixing colleagues’ personal computers. The ‘wasted amount’ was based on an average hourly salary of IT staff multiplied by 52 weeks a year. Other than knowing how much time is wasted, what makes things worse is that IT security staff are among the highest paid employees in most companies.

The fixes have mostly to do with individual rather than department- or company-wide computer problems that don’t necessarily benefit the entire company. The resulting amount is especially staggering for small- and medium-sized businesses (SMBs) whose limited resources are better off spent on business intelligence tools and other network security upgrades.

Other costs

All those hours spent on fixing personal computers often means neglecting security improvements. The recent WannaCry ransomware attacks, which successfully infected 300,000 computers in 150 countries, demonstrate the dangers of failing to update operating system security patches on time. It should be a routine network security task that, if ignored, can leave your business helpless in the face of a cyber attack as formidable as WannaCry. It didn’t make much money, but had it been executed better, its effects would have been more devastating to businesses, regardless of size.

Profitable projects could also be set aside because of employees’ PC issues. For SMBs with one or two IT staff, this is especially detrimental to productivity and growth. They can easily increase their IT budgets, but if employees’ negligible computer issues keep occurring and systems keep crashing, hiring extra IT personnel won’t do much good.

What businesses should do

The key takeaway in all this is: Proactive IT management eliminates the expenditure required to fix problematic computers. Bolstering your entire IT infrastructure against disruptive crashes is the first step in avoiding the wasteful use of your staff’s time and your company’s money.

Even if your small business has the resources to hire extra staff, the general shortage of cyber security skills also poses a problem. Ultimately, the solution shouldn’t always have to be increasing manpower, but rather maximizing existing resources.

Having experts proactively maintain your IT eliminates the need to solve recurring small issues and lets your staff find a better use for technology resources. If you need non-disruptive technology, call us today for advice.

Published with permission from TechAdvisory.org. Source.

Continue reading

The Presidents' Executive Order on Strengthening Cybersecurity of Federal Networks and Critical Infrastructure - Four Key Takeaways

By Danny Owens

Understatement of the Day - The cybersecurity landscape is more dangerous than it has ever been. The Federal Government has been the recipient of both internal and external data breaches and as a result, a new Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure has been signed. There are several items in the Executive Order that are worth calling attention to that will affect both the Federal Government and the private sector.

Triggered - The Executive Order calls for the Federal Government to be proactive in detecting, responding to and recovering from cyber threats and attacks

Takeaway: With the recent disclosure of the NSA's Classified internal security tools and information on a specific information leaks website and high-profile data breaches exposing thousands of government and military employees in recent years, the Government has realized that the threat is not going away. The attacks will worsen and become more sophisticated.
This is a directive by the President to the Government, however it's premise and philosophical requirement extends to all private entities and citizens. The governments' focus on cybersecurity risk management to maintain awareness of threats, detect anomalies and incidents (requires significant security tools and expertise) is timely as private corporations and individuals have also been waking up to the fact that data security has become a core requirement, not an afterthought.

Don't Go It Alone - The Executive Order calls for the Federal Government to 'buy vs. build' in key IT areas
This directive issues a requirement to show preference for 'shared IT services including email, cloud and cybersecurity services'.

Takeaway: The Government now realizes that the private sector can provide certain services more skillfully, at a greater economy of scale and at less cost than it can reasonably build itself. If the Government is looking to rely on the private sector for critical IT applications and services (email, application services and cybersecurity defense), I believe it will translate to more comprehensive and more secure service offerings to businesses as well. We still see a certain level of distrust of cloud services in general since businesses that would subscribe to them cannot physically control their data. It will be interesting to see how this directive plays out.

The Foundation for the Future - The Executive Order calls for the Federal Government to promote the American cybersecurity workforce
This exciting directive recognizes that an educated and skilled cybersecurity workforce, both inside the Federal Government and in the private sector, is in the national security interest of the United States. It calls for the assessment and recommendations for building the cybersecurity workforce of the future, including 'cybersecurity-related curricula, training and apprenticeship programs, from primary through higher education'.

Takeaway: Currently, there is a critical shortage of cybersecurity-skilled workers, and the Government realizes that it must contribute, promote and support programs that will educate young people on the joys of a career in cybersecurity and the required training to enter the field. The end result of this directive will likely take the form of scholarships, career re-training programs, grants and loan support. In the early 2000's, the Information Technology industry in general was the beneficiary of the same type of Government initiatives when it deemed the shortage of skilled IT workers critical to the national interest.

Final Takeaway: Better late than never. The journey of a thousand miles starts with the first step, so we will watch and see how well these initiatives are implemented.
Continue reading

Mobile? Grab this Article!

QR-Code dieser Seite