2024 itwerks.net Privacy Policy:
We strive to protect and defend all digital information systems that have been or will be entrusted to us. The primary function of this website, www.iTWerks.net is to distribute information to our clients and for the purposes of marketing. We have no design nor intent on collecting information in the realm of www.iTWerks.net.
Our primary function is to help ensure our client’s business operations as well as our own. WE ARE NOT A DEDICATED CYBERSECURITY TEAM. Information Technology and Cybersecurity are not the same, but share many of the same goals pursuant to Information System Security (InfoSec). For a clear and concise understanding of the types of security, please see this post from IBM.
https://www.ibm.com/topics/information-security
With that said, we have worked with independent, third-party security firms in the past and will continue to do so in the future. While it is the responsibility of the client to contract or enlist security experts, cybersecurity firms, researchers or a qualified independent party, we will assist in any way we can. This is effectively a security audit of all network, domain, workgroup, server, workstation, laptop resources currently (and previously) attached to the business.
A report will be generated which will be scary. It is intended this way for good reason. We should seek to reveal our pink underbelly. Those that have aging servers and other legacy resources are the most vulnerable. Denial will not protect you, but an invasive network scan just might. This is called a “Penetration Test or Red Teaming.”
This should be a non-destructive process, but please make sure all core infrastructure has been backed up. In addition to the forementioned cybersecurity tests, the scope of a penetration test may involve gaining access to critical systems and initiating a data exfiltration as a matter of proof.
Keep in mind that a basic security audit will reveal open ports on the network, domain/local accounts and potentially exposed passwords. This however is only the start of the process in which many of the potential threats will be false-positives and known vulnerabilities. However, we cannot know vulnerabilities if we don’t seek them out and address them for what they are.
In general, we will be proactive in our defense of the systems we control and work with the global, allied community to crowdsource mutual security from our Internet neighbors. Our shared goals need to align with the businesses we support. We must communicate and work together to best defend all systems that we are directly or indirectly linked to.
For example, to stop and/or prevent malware including ransomware,we must work together to prevent it’s spread. Even malware that started 15 years ago remains undetected in certain corners of the Internet where some legacy, forgotten system resides. With the advent of AI based security devices, we may see much of this vulnerability curtailed. However, please do not expect Siri to protect you anytime soon.
You are the target. Be vigilant and thoughtful in your digital endeavors.
Thank you,
The iTWerks Family
Please feel free to contact us with any questions at:
847-892-6123
