Tag Archive for: firewall

In recent years, remote work has become more popular. While this working arrangement offers many benefits, it also creates numerous security risks. This blog post will provide tips on how to improve your and your employees’ cybersecurity when working remotely.

Create clear remote work policies

Your company should have clear policies in place that outline the security measures that employees must follow when working remotely. This includes using strong passwords, connecting to secure networks, and being careful about what information they share online. Make sure to communicate these policies to all employees and that they understand and adhere to these.

Secure home networks for remote workers

Home Wi-Fi routers are often less secure than business routers, so remote workers need to take extra steps to secure their home networks. These steps include changing the default router password, installing the latest firmware updates, and using WPA2 encryption settings.

Use a virtual private network (VPN)

A VPN is a crucial cybersecurity tool for remote workers, especially when they need to connect to public Wi-Fi networks. It encrypts your internet traffic and routes it through a secure server, making it harder for cybercriminals to track your online activity or intercept your data.

Use a password manager

A password manager stores all your passwords securely so that you don’t have to remember all of them. It can also generate strong, unique passwords for all of your online accounts, so you won’t be tempted to use weak passwords or reuse the same password for multiple accounts. Weak passwords are easy for cybercriminals to crack, and if you reuse them across multiple accounts, all of your accounts at put at risk if even just one account becomes compromised.

Implement firewalls and anti-malware software

Equip all work devices used by remote workers with firewalls and anti-malware software. Firewalls monitor and control incoming and outgoing network traffic. They can be configured to block specific types of traffic, such as traffic from known malicious IP addresses or ports, or traffic that is associated with known malware. Firewalls can also be used to create whitelists, which allow only specific types of traffic to pass through.

On the other hand, anti-malware software scans files and devices for malicious programs, such as viruses, Trojans, and spyware. It can also block malicious websites and emails, and remove or quarantine malicious programs that have already infiltrated devices.

Keep your software up to date

Software updates often include security patches that address known vulnerabilities. It is important to install software updates as soon as they are available. You can configure your devices to automatically install software updates to make sure you are always protected.

Alternatively, your company can use patch management software to track patches on all registered devices and deploy the most recent updates across all of them.

Back up your data

Regularly backing up your data can help you recover from a data loss event due to device failure, theft, or other unforeseen circumstances. There are two main types of data backups:

  • Local backups: Local backups are stored on a physical device, such as an external hard drive or a USB flash drive. Local backups are relatively inexpensive and easy to set up, but they are also more vulnerable to physical damage or loss.
  • Cloud backups: Cloud backups are stored on a remote server. Cloud backups are more convenient than local backups because you can access them from anywhere, but they can be more expensive and may require a reliable internet connection.

It’s best to use a combination of local and cloud backups for the best protection. This will ensure that you have a copy of your data even if one backup fails.

Be careful of phishing scams

Phishing scams typically involve emails or messages that look like they are from legitimate companies, such as banks or government agencies, to trick victims into revealing personal information, such as passwords or credit card numbers.

To reduce your chances of falling for a phishing scam, follow these tips:

  • Check the sender’s email address carefully. Phishing emails are often sent using email addresses that are slightly altered versions of those of legitimate companies.
  • Be wary of clicking on links or opening attachments in emails or messages, especially if they seem suspicious or come from unknown senders.
  • Look for signs of a fake website, such as a misspelled URL or a missing lock icon in the address bar.
  • Don’t enter personal information into a website that you are unsure is legitimate.
  • If you are not sure if an email is legitimate, contact the sender directly to verify its authenticity.

Remote work setups can pose many cybersecurity risks, but you don’t have to address them alone. Our technology experts can provide IT guidance, implementation, and maintenance to help you protect your business and its data. Contact us today to learn more.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Cybersecurity is a crucial component of managing a successful company and understanding different cybersecurity terms is essential to protecting your company’s sensitive information, data, and assets can be deleted. Here’s a guide to key cybersecurity terms every business owner should know.

Malware

Malware is short for malicious software and encompasses various harmful programs designed to disrupt computer systems, steal data, or gain unauthorized access to a network. Types of malware include viruses, ransomwareTrojans, and spyware. Employing robust antivirus and anti-malware solutions is crucial to detect and mitigate these threats.

Phishing

Phishing is a cyberattack where malicious actors attempt to trick individuals into revealing sensitive information, such as passwords, credit card details, or login credentials. Phishing attacks often come through deceptive emails, spam messages, or websites that appear legitimate. Business owners must educate their employees about the dangers of phishing and promote a culture of vigilance when dealing with suspicious communications.

Firewall

A firewall is a network security solution that acts as a barrier between a company’s internal network and external networks such as the internet. It constantly scans and controls traffic coming in and out of a network using predetermined rules. These security rules help prevent unauthorized access to a system and keep potential cyberthreats at bay.

Encryption

Encryption is a method of converting plain, readable data into an unreadable format called ciphertext. It is used to protect sensitive information and maintain confidentiality during data transmission or storage. Even if the data is intercepted, the information will be unreadable without the correct decryption key.

Multifactor authentication (MFA)

MFA is a security mechanism that enhances the protection of user accounts and sensitive information by requiring users to provide multiple forms of identification or “factors” such as passwords, biometrics, and one-time codes to verify their identity. The goal of MFA is to add an extra layer of security beyond just a username and password.

Patch management

Hackers often exploit vulnerabilities in networks and applications to gain unauthorized access to an organization’s system. Patch management involves regularly updating and applying security patches to software, operating systems, and applications to close these vulnerabilities and protect businesses from potential breaches.

Data breach

A data breach occurs when unauthorized individuals gain access to sensitive information, such as customer data, financial records, or intellectual property. Data breaches can have severe consequences, including financial losses, legal repercussions, and reputational damage. Implementing robust security measures can help minimize the risk of data breaches.

Security awareness training

Security awareness training educates employees about potential cybersecurity threats and best practices to help them recognize and respond to such threats effectively.

Virtual private network (VPN)

A VPN is a software or platform that helps establish a secure and encrypted connection between a user’s device and a remote server. Using a VPN especially when connected to public Wi-Fi networks will ensure privacy and data protection.

Insider threat

An insider threat is a current or former employee, contractor, or business partner who intentionally or accidentally misuses their authorized access to compromise data security.

Security audit

A security audit is a systematic evaluation of an organization’s security policies, practices, and controls to identify potential vulnerabilities and improve overall security.

Cybersecurity is an ongoing process, and staying informed about the latest threats and solutions is essential to keep your business safe in the digital age. Protect your assets, safeguard your customers, and maintain your reputation by talking to our cybersecurity experts today.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Students are returning to the classroom now that back-to-school season is officially underway. During the first few weeks, teachers will be reteaching their students the topics they learned in the previous school year to help them regain knowledge they may have forgotten during summer break. But students aren’t the only ones in need of a refresher every year. Your employees also need to be refreshed on company policies, values and, most importantly, cyber security practices.

Did you know that human error accounts for 95% of all successful cyber-attacks? When a cybercriminal is planning an attack, they look for weak points within a company’s cyber security plan. The easiest spot for hackers to exploit is a company’s employees. New cyberthreats are created on a consistent basis, and it’s important that your employees know what to do when they encounter a potential threat. If your employees are not routinely participating in cyber security trainings, your business could be at risk, regardless of size.

Every single one of your employees should be familiar with your cyber security practices. When they’re hired on, they should go through an initial training that lays out all of your practices, and they should also participate in refresher trainings throughout the year to ensure that the entire team is on the same page with cyber security. At the very least, you should host at least one security training annually. If you’ve never put together a cyber security training, you may be wondering what topics you need to cover with your team. Below, you will find four of the most important topics to cover.

Responsibility For Company Data

This is your opportunity to explain to your employees why cyber security is so important. They need to understand why cybercriminals are interested in your company’s data and what they could potentially do with it. Everyone on your team has a legal and regulatory obligation to protect the privacy of your company’s information. When discussing this topic with your team, it’s imperative that they know the ramifications of falling victim to a cyber security threat.

Internet Usage

Does your company have restrictions on what websites your employees can use while at work? If not, that’s something you should look into. Every device that’s used by your employees should have safe browsing software downloaded onto it to prevent them from stumbling upon dangerous sites that could put your company’s data at risk. Your employees should know what sites are acceptable to use and that they should not be accessing their personal accounts while connected to your company’s network. They should never click on links that are sent from an anonymous source or are found on an unapproved website.

E-mail

If your employees utilize e-mail while at work, it’s important that they know which e-mails are safe to open. Employees should not respond to e-mails that are from people they aren’t familiar with, as that could be a cybercriminal attempting to gain access to your company’s data. Employees should only accept and open e-mails that they are expecting or that come from a familiar e-mail address.

Protecting Their Computers

If your employees have their own personal computers, they should be doing everything in their power to keep them protected. Whenever they walk away from their computer, they should make sure it’s locked; they should also never leave their computer in an unsecure location. Also, ensure that your employees are backing up their data routinely and have downloaded necessary antivirus software.

It’s of the utmost importance that your team has been fully trained in your cyber security practices. If they haven’t, they could open your business up to all sorts of cyber-attacks that will damage your company’s reputation from a customer perspective. Your business will also no longer be compliant, and insurance companies may not cover your claims if your team is not participating in regular training.

Ensuring that your team is aware of your cyber security practices and actively taking steps to strengthen your cyber security is the best way to stay compliant and prevent cyber-attacks. If your team is not regularly going through cyber security training, you need to start. It will offer more protection to your business, which will make your customers more comfortable doing business with your company.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org SOURCE

Many businesses still haven’t figured out secure remote working

It’s been more than two years since the pandemic forced much of the world into lockdown, with many companies thrown into a remote working environment.

But new research has shown the majority still haven’t figured out how to keep their workforce secure as they work from their kitchens, local libraries, coffee shops, and airports.

A survey of 3,000 IT staff and other employees conducted by TechRadar Pro, in partnership with Perimeter 81, shows that more than three-quarters of businesses have at lease some remote employees.

Their responses to questions around intended spending for 2022-23, however, revealed that many still do not have the necessary protections in place; 10% will look to implement some form of access management, while 9% will prioritise VPN and zero-trust solutions, respectively.

Further, just half (50%) of firms have a cloud-based cybersecurity solution in place, with an additional 15% saying they are currently exploring their options.

VPNs and firewalls reign supreme

Ever since the pandemic, the number of cyber-incidents, data breaches, business email compromise attacks, and ransomware attacks has spiked, bringing with them billions of dollars in damages.

Cybersecurity researchers argue that many employees who were forced into a remote working environment weren’t prepared, and ended up compromising their corporate networks with malware-laden home devices running no antivirus solutions, password sharing, and falling victim to phishing and other social engineering attacks.

However, now more than two years since the transition, it should be expected that businesses hold up their end of the bargain too, putting in place the necessary services to protect against threats.

The data shows that companies are performing strongly when it comes to a web security (more than two-thirds have either web or malware filtering solutions set up). Cybersecurity solutions like VPNs and firewalls have also seen relatively high levels of adoption.

But the survey data also serves to highlight the number of businesses that remain at risk, when the inevitable occurs.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechRadar SOURCE

Working from home is becoming an increasingly popular option for employees around the world. While this flexible work arrangement can be a great perk for employees, it also comes with its own set of security risks. Follow these cybersecurity tips so you can protect yourself, your personal information, and your company’s data while telecommuting.

Patch your software regularly

Although installing software updates can be a major nuisance, these updates generally address critical weaknesses and protect your systems from the latest threats. Most apps now offer an automatic update feature so you don’t have to manually patch your software.

Another option for your business is patch management software. These track patches on employee devices and roll out the most recent updates on a company-wide scale.

Fortify your accounts

When everyone is working remotely, user accounts must be properly secured. One way to achieve this is by setting at least 12-character long passwords with numbers and special characters mixed in to make them more difficult to guess. More importantly, these passwords must be unique to each account, to minimize the damage if hackers manage to compromise one set of credentials. If you find it difficult to generate and remember login details for all of your accounts, consider using password managers like LastPass, Dashlane, and Keeper.

To further strengthen your accounts, you’ll also need to enable multifactor authentication (MFA). This adds another layer of identity verification — like fingerprint scans or one-time activation codes sent through SMS — to make it more difficult for cybercriminals to hijack your accounts.

Use a virtual private network (VPN)

VPNs are primarily used to circumvent geographic restrictions on location-specific websites and streaming services, but they’re also a crucial tool for remote workers. A reliable VPN creates secure connections between devices and networks by encrypting internet traffic. This hides web activity from prying eyes, protecting your employees’ online privacy and mitigating the risk of hackers stealing company information.

Set up firewalls and antivirus software

Make sure to enable firewalls in your operating systems and hardware. These provide a strong layer of protection between your device and the internet, preventing malicious programs and other network threats from reaching your device. Your managed IT services provider (MSP) may also provide third-party firewalls in case your computers don’t have any built in by default.

In addition to firewalls, you’ll want to implement antivirus software to detect and remove any malicious programs that manage to infiltrate your device. Just remember to constantly update the software so it can effectively detect the newest malware strains.

Secure home routers

Home Wi-Fi routers are not as thoroughly secured as their business counterparts so take extra precautions to safeguard them. For starters, change the default router password immediately after setting it up because hackers can easily look up the password online once they know your router model. You should also install the latest firmware updates to eliminate any security vulnerabilities.

Finally, check whether your router has Wi-Fi Protected Access 2 (WPA2) encryption settings to secure inbound and outbound traffic. If your router doesn’t have WPA2, you’re overdue for an upgrade.

Back up your data

Important files must be backed up regularly in the cloud and your external hard drive. This way, you’ll always have a copy of your files in case of a major data loss incident like a ransomware attack or a power outage.

Watch out for online scams

The biggest threat remote workers face is online scams. Phishing emails may entice you with free coronavirus test kits in exchange for personal information. Some cybercriminals may even masquerade as legitimate companies, CEOs, or friends to trick you into clicking on dangerous links and attachments.

To avoid these threats, you must be critical of everything you see online. Look for any suspicious links and attachments, grammatical errors in the email body, and misspelled email addresses. Plus, you should never give out sensitive information to an unsolicited email, text message, or phone call.

Working from home poses many cybersecurity challenges for businesses, but you don’t have to address them alone. If you need guidance with enabling MFA, setting up firewalls, and even avoiding scams, we can provide the IT support you need.

Are you interested in learning more about cybersecurity? Call us today and discover how our wide array of tech services can safeguard your business.

If you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment

Published with consideration from TechAdvisory.org  SOURCE

Apple security threats

The hearsay that Macs cannot be infected by viruses or malware couldn’t be further from the truth. There are plenty of cyberthreats that pose risks to Macs, so if you’re a Mac user, you should prioritize your device’s security. The good news is that protecting your Mac is simple and easy. Just follow these steps.

Check your privacy settings

Make sure that your Mac settings are set up properly to keep your data safe. Manage the information your Mac makes available across the internet or on a network by going to Apple menu System Preferences Security & Privacy Privacy. From there, you can choose which information to share and with whom. For example, you can specify which apps are allowed to see personal information, such as your location, contacts, photos, or music.

Take advantage of the firewall

A firewall protects your Mac from unwanted contact initiated by other computers on a network or the internet. It protects your computer by allowing only authorized services and apps to communicate with your Mac, so be sure to enable macOS’s built-in firewall.

To do so, just go to Apple menu System Preferences Security & Privacy Privacy then, click Firewall. If the padlock icon at the bottom left is locked, click it and key in your username and password. Enable the firewall by clicking Turn On Firewall.

To modify Firewall settings, click on Firewall Options… just below the “Turn Off Firewall” button. You will find a list of services and apps that are allowed to receive inbound connections. If you want to add an app or service to the list, just click the “+” button below the list itself. However, we recommend keeping this list as short as possible, as the apps listed can be exploited by cybercriminals.

Another useful feature to enable is stealth mode. This option will make your Mac more difficult to find, thus keeping hackers and malware at bay. For instance, if you are in a coffee shop and connected to its unsecured Wi-Fi, enabling stealth mode will make your Mac invisible on that public network. To turn on this feature, just tick the box next to “Enable stealth mode” in Firewall Options. A dialog box will pop up, and you can click on the “Enable Stealth Mode” button.

Set up a firmware password

Every new Mac today has the FileVault encryption automatically enabled. This means that your device already encrypts the hard drive by default, and the only way your data can be accessed is by logging in. Keep in mind, though, that this feature won’t necessarily save your account in case someone reinstalls the operating system or uses a memory stick to boot the Mac and remove all data from your hard disk.

To increase protection, set up a firmware password. Do this by restarting your computer, then pressing and holding down Cmd+R before the Apple logo shows up on the screen. You can let go of the keys once the progress bar pops up.

When the utilities window appears, click on Utilities in the menu bar, then choose Startup Security Utility or Firmware Password Utility. Click on Turn On Firmware Password… and simply follow the succeeding instructions.

Finally, quit the utilities window, then choose Apple menu Restart. Make sure to never forget or misplace your firmware password, because only Apple technicians can recover it.

Ensure that your confidential data remains private by performing minor tweaks on your Mac’s system settings. It takes only a few minutes to ensure lasting online protection. If setting up a firewall or firmware password sounds a little too advanced for you, or if you need to set up more advanced defenses, don’t hesitate to get in touch with our experts.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

Remote work policies have become a necessity not just because of the current coronavirus crisis, but also for the ways they improve a company’s bottom line and efficiency. Yet despite remote work’s benefits, it leaves you and your company exposed to online scams and other cybersecurity threats. To defend your company and your remote workers, make sure to heed the following tips.

Fortify user accounts

When everyone is working remotely, user accounts must be properly secured. One way to achieve this is by setting at least 12-character long passwords with numbers and special characters mixed in to make them more difficult to guess. More importantly, these passwords must be unique to each account, to minimize the damage if hackers do manage to compromise one set of credentials. If you find it difficult to generate and remember login details for all your accounts, consider password managers like LastPassDashlane, and Keeper.

To further strengthen your accounts, however, you’ll also need to enable multifactor authentication (MFA). This adds another layer of identity verification — like fingerprint scans or one-time activation codes generated by SMS — to make it more difficult for cybercriminals to hijack your accounts.

Use a virtual private network (VPN)

VPNs are primarily known for circumventing geographic restrictions on location-specific websites and streaming services, but they’re also a crucial tool for remote workers. A reliable VPN creates secure connections between devices and networks by encrypting internet traffic. This hides web activity from prying eyes, protecting your employees’ online privacy, and mitigating the risk of hackers stealing company information.

Patch your software regularly

Although installing software updates can be a major nuisance, they cover critical weaknesses and protect your systems from the latest threats. Most apps now offer an automatic update feature so you don’t have to manually patch your software.

Another option for your business is patch management software. These track patches on employee devices and distribute the most recent updates on a company-wide scale.

Set up firewalls and antivirus software

Make sure to enable firewalls in your operating systems and hardware. These provide a strong layer of protection between your device and the internet, preventing malicious programs and other network threats from reaching your device. Your managed IT services provider (MSP) may also provide third-party firewalls in case your computers don’t have any built in by default.

In addition to firewalls, you’ll also want to implement antivirus software to detect and remove any malicious programs that do manage to find their way onto your device. Just remember to constantly update the software so it can effectively detect the newest malware.

Secure home routers

Home Wi-Fi routers are not as thoroughly secured as their business counterparts so take extra precautions to safeguard them. For starters, change your router password as soon as possible because hackers can easily break into them once they know the router model. You should also install the latest firmware updates to eliminate any security vulnerabilities.

Finally, check whether your router has Wi-Fi Protected Access 2 (WPA2) encryption settings to secure inbound and outbound traffic. If your router doesn’t have this setting, you’re overdue for an upgrade.

Back up your data

Important files must be backed up regularly in the cloud and your external hard drive. This way, you’ll always have a copy of your files in case of a major data loss incident like ransomware or a power outage.

Watch out for online scams

The biggest threat remote workers face is online scams. Phishing emails may entice you with free coronavirus test kits in exchange for personal information. Some cybercriminals may even masquerade as legitimate companies, CEOs, or friends to trick you into clicking on dangerous links and attachments.

To avoid these threats, you must be critical of everything you see online. Look for any suspicious links and attachments, grammatical errors in the email body, and misspelled email addresses. Plus, never give out sensitive information to an unsolicited email, text message, or phone call.

Working from home poses many cybersecurity challenges for businesses, but you don’t have to address them alone. If you need guidance with setting up firewalls, avoiding scams, and even enabling MFA, we can provide the IT support you need in this difficult time.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE

As businesses have become more reliant on digital technology for day-to-day operations, they’ve also become a favorite target of internet threats. If you want to protect your organization from cyberattacks, make sure your security is clear of the following flaws.

Open wireless networks

With one main internet line and a couple of wireless routers, a whole office can go online. A wireless internet connection saves money, but there is an inherent risk that it’s an unsecure network.

If you need a secure network, plugging in a wireless router and creating a basic network is not enough. If you don’t set a password on your routers, then anyone within range can connect. With fairly simple tools and a bit of know-how, hackers and criminals can start capturing data that goes in and out of the network, and even attacking the network and computers attached.

Therefore, you should take steps to ensure that all wireless networks in the office are secured with strong passwords. Many internet service providers that install hardware when setting up networks will often just use an easy password for the router, such as the company’s main phone number. These need to be changed.

Email is not secure

Most companies that have implemented a new email system in the past couple of years will most likely be secure. This is especially true if they use cloud-based options or well-known email systems like Exchange, which offer enhanced security and scanning.

The businesses at risk are those using older systems like POP, or systems that don’t encrypt passwords (what are known as “clear passwords”’). If your system doesn’t encrypt information like this, anyone with the right tools and a bit of knowledge can capture login information and compromise your systems and data.

If you are using an older email system, it is advisable to upgrade to a newer one, especially if it doesn’t use encryption.

Mobile devices that aren’t secure enough

Mobile devices offer a great way to stay connected and productive while out of the office. However, if you use your tablet or phone to connect to office systems but don’t have security measures in place, you compromise your networks.

Imagine you have linked your work email to your tablet but don’t have a screen lock enabled, and you lose your device. Anyone who picks it up will have access to your email and all your sensitive information. The same goes if you install a mobile device app with malware on it. Your infected device will spread this malicious program to your entire network and cause major disruption to your business.

Take steps to ensure that employee devices have adequate security, such as passcodes, and that your company has sufficient security policies in place to govern their use. Lastly, mobile device management solutions are specifically designed to prevent your bring your own device (BYOD) policy from being a risk with employee devices causing havoc to your network.

Anti-malware software that isn’t maintained

These days, it is essential that you have anti-malware software installed on all devices in your company, and that you take the time to configure these properly.

It could be that scans are scheduled during business hours. If you install these solutions onto your systems and they start to scan during work time, most employees will just turn the scanner off, leaving your systems vulnerable.

The same goes for not properly ensuring that these systems are updated. Updates are important for software, especially anti-malware applications, because they implement new databases that contain recently discovered threats and the fixes for them.

Therefore, anti-malware software needs to be properly installed and maintained if they are going to even stand a chance of keeping systems secure.

Lack of firewalls

A firewall is a network security tool that can be configured to block data traffic from entering and leaving the network. For instance, it can protect data from being accessed from outside the network. While many modems or routers include firewalls, they are often not robust enough for business use.

What you need is a firewall that covers the whole network at the point where data enters and exits (usually before the routers). These are business-centric tools that should be installed by an IT partner like a managed services provider (MSP), in order for them to be most effective.

How do I ensure proper business security?

The best way a business can ensure that their systems and networks are secure is to work with an IT partner like us. Our managed services can help ensure that you set up proper security measures in place and that they are managed properly. Tech peace of mind means your focus can be on creating a successful company instead.

To learn more about how to safeguard your business, or if you are looking for an expert to help you find the best solutions for your business talk to GCInfotech about a free technology assessment.

Published with consideration from TechAdvisory.org SOURCE