Appalachia Technologies Blog

Appalachia Technologies team is comprised of a diverse mix of IT professionals, some of whom have been on the forefront of IT since the industry’s inception. Through the years, our team has developed a wide array of experience in understanding individual needs and how they relate to your business.

3 Types of Cyber Insurance You Need to Know About

Social Ads Cyber Liability InsuranceAd 15 800x800 Blog 3As the world becomes more digitized and cybercrime increases, the need for cyber insurance is something businesses should not overlook. If your company handles, transmits or stores sensitive data, you need to know about cyber insurance.

Continue reading

How an IT Service Provider Can Help With Cyber Insurance

Social Ads Cyber Liability InsuranceAd 14 800x800 Blog 2When looking for cyber insurance for your small business, you may find it hard to navigate technology and insurance jargon. There are even different types of cyber coverage and you might not be sure what you need because you’re not a cybersecurity expert. Plus, once you do have coverage, there’s always the risk of not receiving a payout in the event of an incident if you didn’t meet your policy’s requirements.

Continue reading

Don’t Fall for These Cyber Insurance Myths

Social Ads Cyber Liability InsuranceAd 13 AEL cropAs the world increasingly moves online, so do the risks to our businesses. Cyber insurance is one way to help your business recover following a cyberattack. It covers financial losses caused by events such as data breaches, cyber theft, ransomware, and more.

Continue reading

The OWASP Top 10: Security Logging and Monitoring Failures

Recently, we explored the Open Web Application Security Project (OWASP) Top 10 (Allergic to Bees? Don’t Get Stung by the OWASP Top 10) by looking at what it is and why it matters.  Then we took a closer look at one area of the Top 10 – Security Misconfiguration. Next in line for a deeper dive is Security Logging and Monitoring Failures.  This particular category is in place to help detect, escalate, and respond to active breaches.

Continue reading

Auto-Dealers Will Face Fines for Not Meeting New Security Mandate as of December 9, 2022

FTCAuto dealers may face penalties for not meeting requirements established by amendments to the FTC’s Safeguard Rule.  In 2021, the FTC amended its Safeguard Rule, originally created in 2003, to help protect the security of customer information.  The Safeguard Rule applies to any non-banking financial institution. 

Continue reading

Don’t Gamble with Your Cybersecurity: Appalachia Technologies to Host a Live Event on October 19, 2022

P R E S S  R E L E A S E

Grantville, PA:  On Wednesday, October 19, Appalachia Technologies will be hosting a free in-person cybersecurity summit at the Hollywood Casino at Penn National Race Course for regional CIOs, CISOs, and IT Security Leaders.

Tags:
Continue reading

Appalachia Technologies Named to MSSP Alert’s Top 250 MSSPs List for 2022

Sixth-Annual List & Research Identifies Leading Managed Security Service Providers Worldwide

September 20, 2022, Mechanicsburg, PA: MSSP Alert, a CyberRisk Alliance resource, has named Appalachia Technologies to the Top 250 MSSPs list for 2022 (http://www.msspalert.com/top250).

Continue reading

The OWASP Top 10: Security Misconfiguration

Security Misconfiguration

Last week we touched on the basics of the Open Web Application Security Project® (OWASP) and why it should be used as a source of information for keeping your web applications secure.  This week we are going to touch on one particular vulnerability from the OWASP Top 10 Web Application Security Risks - Security Misconfiguration.

Continue reading

CMMC News & Update - July 2022

CMMC-new_20220720-180942_1

In your city or town, you know that stretch of road or highway that feels like it has been under construction for 10 years?  In many ways, the development of CMMC can feel like it too is marked with orange cones and will be underway for years.  From the most significant change of CMMC 1.0 (the OG version) to the November 2021 update to CMMC 2.0, to even the CMMC-AB name change to The Cyber AB, new information seems to keep coming with timelines shifting.  While The Cyber AB holds monthly Town Hall webinars to share updates, the DoD and various vendors are also sharing out information via webinars.  Recently, PreVeil, a DoD supplier, along with members of the Manufacturing Extension Partnership, hosted a webinar with DoD leaders Stacy Bostjanick (DoD CMMC Program Head) and Dave McKeown (DoD CISO) to review recent updates and timelines. 

Continue reading

Social Engineering: A Story About How Breakfast Treats and Human Nature Led to Full Network Access

I sat in the parking lot watching employees walk in the corporate office.  Ready with my five dozen donuts, I waited until the perfect moment to see if I could infiltrate.  It’s like the start of a great superhero movie - except starring Kevin James and not Christian Bale.

I had been hired by the company for a physical social engineering assessment.  Only a few people (stakeholders and managers) within the company knew that this was occurring that day.  The goal was to see if I could gain entry into the building unnoticed and once in, what I could access.

Continue reading

Allergic to Bees? Don’t Get Stung by the OWASP Top 10

OWASP - is it something we don’t want to get stung by, or is it here to protect us?  In cybersecurity, we’ve all heard the term, but what is it really?

Continue reading

3 Actions for a Better Security Posture

There are many frameworks and security models to refer to when working to secure your organization.  Sometimes it can prove to be overwhelming.  Today I’m going to talk about three action items that will make a significant difference in your overall security posture.  Keeping in mind that there is no silver bullet to securing an organization, these three will certainly gain a great return.

Continue reading

PCI - The Credit Card Industry's Answer to Consumer Data Protection

People carry less cash in their wallets than they used to.  Even when going to the ice cream stand in the middle of summer, a debit or credit card is swiped instead of cash being tendered.  The reason for this is simple - it’s easier to swipe a card than it is to carry a load of cash in your wallet.  This has become an extremely convenient option over the years when making purchases.  However, as is often the case, convenience comes with risk.

Continue reading

The ABC's of Ransomware

Ransomware – The What, Where, and Why

Everyone has heard stories by now of an organization getting hit by ransomware.  From individuals to small and enterprise-level organizations, it can pop up anywhere and cause havoc.  What is it?  Where does it come from? Why isn’t it going away?  Today we’re going to break it down.

Continue reading

Top 8 Sources for Cybersecurity News

Not a single day goes by that we don’t either hear the word security or read the word security.  See?  You’ve already read it twice!  The internet is full of so much noise that it sometimes can be hard to filter out information that pertains to you and your organization, as well as what is credible.  Today I thought I’d take a moment to give you some great sources for security news.  These are sources that are very accurate and trustworthy.

Continue reading

Social Engineering: How Kind Humans Can Cause Big Breaches (appTECH TALK Ep. 6)

Humans are the smartest beings on earth.  So why is it that they are the number one cause for breaches that cost millions of dollars?  It’s because they are kind.

Because of the kindness of human beings, they are easily manipulated by bad actors to give up private information or even hold a door.  This is the foundation of Social Engineering.

Continue reading

What is a vCISO? (appTECH TALK Ep. 5)

Let’s face it.  Security is expensive.  Many organizations think of security as an unwanted expense when budgeting for the next fiscal year.  However, no matter what industry an organization is in, security IS its business too.

Continue reading

What is an Incident Response Plan (IRP)? (appTECH TALK Ep. 4)

Let’s face it.  If you haven’t had a security incident within your organization, you will.  Are you prepared?  An IRP is a plan or playbook that needs to be established and practiced on a normal basis.  When a breach happens, this is your playbook of who, how, and what steps to take to protect your organization and minimize impact. Let’s break down the steps of an Incident Response Plan (IRP). 

Continue reading

After a Penetration Test - The Road to Remediation (appTECH TALK Ep. 3)

Your company has been proactive in having a penetration test performed and you have the report in hand - so now what do we do with it?

Continue reading

What is Penetration Testing – Finding Vulnerabilities Before the Bad Guys Do (appTECH TALK Ep. 2)

If you are an organization with digital assets to protect, you’ve most likely heard the term Penetration Testing, also known as Pen Testing.  Penetration testing is the process used to find vulnerabilities and leverage them to hack an organization.

Continue reading

News & Updates

PRESS RELEASE Mechanicsburg, PA, July 11, 2024 - Appalachia Technologies is excited to announce that Terri Black-Bendl, Vice President, Sales & Marketing, has been nominated for the Women in Technology Awards, presented by Technology Council of Central PA.  Terri’s nomination category, Impact Award – Private Sector/Entrepreneur to Small Business, spotlights women who have made contributions in technology in the Entrepreneurial/Small Business (under 50 employees) category.

Contact Us

Learn more about what Appalachia Technologies can do for your business.

Appalachia Technologies
5000 Ritter Road Suite 104
Mechanicsburg, Pennsylvania 17055