19 Dec

7 Key Benefits from Outsourcing Your IT Support

By Ray Miner, Technology Solutions Adviser

Beyond the obvious cost savings of outsourcing IT support to a Managed Service Provider (MSP), there are a number of really significant, but hidden, benefits for small and medium sized business owners who use them.  Among these benefits are:

Timely Responsiveness:  Quality MSP’s initially responds to requests for assistance within 15 minutes.  Any business owner that has waited hours for their part-time “IT Guy” to finish his real job and return their call knows how important responsiveness is.

Proactive, Remote Monitoring:  If you have never used an MSP, it might surprise you to learn that remote monitoring tools are utilized to automatically and immediately notify them of most critical system issues.  In many cases, this happens before you even know a problem exists.

Automated Problem Resolution:  In conjunction with monitoring, most MSP’s also utilize tools that automatically resolve many issues without any manual intervention.

Automated Patching:  Often overlooked and undervalued, keeping software patched and protected is one of the most important ways to protect a business’ critical data.  Utilizing an automated patching solution, MSP’s keep their clients protected from known software issues and protected from outside intruders.

Disaster Recovery and Business Continuity:  To most small and medium sized businesses, having their primary server “crash” is a disaster.  In those situations, simply having file back-ups is no longer sufficient.  MSP’s provide a full disaster recovery and business continuity solution that can restore functionality of your data network within minutes.

Technology Planning:  Avoid waking up one morning to discover that all your computer hardware and software is obsolete and no longer supported by the manufacturer.  Professional MSP’s include annual technology planning as a part of their service offering.

Awareness of Technology Updates:  When faced with a decision between supporting their network and learning new technologies, in-house resources must keep the network running.  MSP’s continuously keep abreast of new technologies and adapt their service offering to include them.

With a combination of advanced tools and deep pool of technical resources, a quality MSP can provide so much more value to your business than simply reducing costs.  Contact us if you are interested in learning more.

Share this
04 Dec

Ransomware: BIG Threat for Small and Medium Sized Businesses

Most small and medium business (SMB) owners do not yet realize the level of threat and potentially devastating results associated with ransomware.

Ransomware is literally the act of somebody holding your data, software, PC or computer system hostage until you pay them a ransom to get it back. What happens is that you suddenly have no access to a program or file and a screen appears announcing your files are encrypted and that you need to pay (usually in bitcoins) to regain access.

Recent studies that explored the frequency, impact, cost and other factors associated with ransomware attacks in the SMB arena showed more than one-third of businesses have experienced a ransomware attack in the last year. For roughly one in six impacted organizations, a ransomware infection caused more than 20 hours of downtime, with some organizations reporting an outage of more than 100 hours.

SMBs tend to most frequently get infected with ransomware via phishing emails (either in an attachment or a link) and shared USB drives.

Several steps can help minimizing the risk of getting ransomware, including staff education and awareness.  Train your staff to be cautious of suspicious messages and files, even if they come from a trusted source.

Ransomware also most frequently infects computers running older operating systems (i.e. Windows XP) that Microsoft no longer supports or updates. By upgrading to a newer, completely supported operating system (i.e. Windows 10), an ongoing stream of updates respond proactively to new security threats.

Work with a reputable Managed Service Provider (MSP).  For a fraction of the cost of a full-time employee, SMBs can outsource network support and avail themselves of the latest endpoint monitoring tools, data back-up and recovery solutions and a full team of people available to fully support their computer system.

Here are some ransomware tips for SMBs and their customers to provide some level of protection against cyber-attacks:

  • Always keep your security software up to date, since new ransomware variants appear on a regular basis.
  • Keep your operating system and other software updated – Software updates usually include patches for newly discovered security vulnerabilities that could be exploited by ransomware attackers.
  • Be wary of unexpected emails, especially the ones containing links and/or attachments.
  • Backing up important data is essential, it is the single most effective way of combating ransomware infection. In case of cyber-attack, if company has backup copies, its files can be restored once the infection has been cleaned up. However, organizations should ensure that backups are appropriately protected or stored offline so that attackers can’t delete them.
  • Using cloud services could help mitigate ransomware infection.

 

Share this
19 Oct

Is malvertising the newest threat?

As you may remember, in May 2017 Equifax, a provider of consumer credit reports, said it experienced a data breach affecting over 140 million US consumers after hackers exploited a vulnerability on its website. That’s about 44 % of the US population! The data exposed in the hack included names, Social Security numbers, birth dates, addresses, and, in some cases even driver license numbers. Unfortunately, this wasn’t the last time Equifax’s website was breached. The site was maliciously manipulated last week, this time to deliver fraudulent Adobe Flash updates. Visitors who clicked the link had their computers infected with adware, which only three out of 65 antivirus providers managed to detect.

If you come to think of it, this is really worrying; the site which previously lost personal data of so many US citizens with a credit history was once again attacked, this time to trick visitors into installing malware, called by Symantec Adware.Eorezo. Usually, in order to avoid being caught, attackers provide malicious downloads only once to just a select number of people. Surprisingly, this time the bogus Flash download links were served to the same visitor at least three times in a row. The Equifax site was redirecting users to the centerbluray.info page which delivered MediaDownloaderIron.exe file. Sometimes browser was redirected to at least four domains before finally opening the Flash download file.

Unfortunately, only Panda, Symantec, and Webroot were able to detect the file as adware. Luckily for our customers Webroot is part of our Managed Services Provider package, so we know we keep you safe. Malwarebytes flagged the centerbluray.info site as one that pushes malware, while both Eset and Avira provided similar malware warnings for one of the intermediate domains, newcyclevaults.com.

It’s not yet clear how the Flash download page got displayed. Researcher Kevin Beaumont in his twit suggested that Equifax was working with a third-party ad network or analytics provider that’s responsible for the redirects. This could mean that the breach isn’t on the Equifax site and may be affecting other websites as well.

Source: https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/

Share this
11 Oct

Disaster recovery vs. security recovery plans: Why you need separate strategies

Many enterprises blend their disaster recovery and security recovery plans into a single and easy-to-implement package. But such an approach not necessarily makes sense. Undoubtedly security and disaster plans are related but not always the same things. Disaster recovery and security recovery have inherently different objectives: the former is more about business continuity and the latter about information asset protection. With disaster recovery plans we tend to focus on data quality in the first place and with security plans we rely on capability of protective control, we focus on “protecting forward”.

Many SMBs combine their disaster and security strategies as a matter of convenience, lured by so many similarities of those plans. Both types of plans include procedures to minimize the impact of a malicious event, that are followed up by procedures to recover from that event, as well as procedure to test and return to business as usual operations. Furthermore, both disaster recovery and security plans have an option that allows to minimize the possibility of a similar event occurring once again.

But if we dive deeper, we will find that the disaster recovery and security plans are fundamentally different:

  • Disaster recovery plans focus on recovering IT operations and business continuity,
  • Security plans focus on preventing or limiting IT interruptions.

Security recovery strategies need to be revisited and updated more frequently than disaster recovery plans. Events such as fires, floods or blackouts are unpredictable but we generally understand their nature. Security threats are also unpredictable, but their nature is often hard to be understood. Nowadays new external cyber threats are mushrooming, they become more and more technically developed and harder to detect, that is why it’s more difficult to keep a security recovery plan up to date. The number of natural or man-made disasters that can possibly threaten our business is relatively static. Keeping that in mind, all SMBs should implement separate disaster recovery and security plans for best protection.

Share this
22 Sep

Your Small Business Isn’t Invisible to Hackers or Immune to Attacks

Did you know that businesses with fewer than 250 workers have become a prime target of cybercriminals? The worst misconception any SMB can have, is that they are too small to be noticed by cybercriminals. Even businesses with less than a dozen employees have become a growing target.

Hackers see SMBs as being more susceptible to security breaches since they typically lack solid security. Instead of attempting one risky “big score”, today’s cybercriminal targets thousands of small businesses at once and uses malware to collect stored credit card information that they use to extract money. Additionally, SMBs are often seen as a gateway to the data of their high-end B2B clientele.

3 Ways to Enhance Security Without Breaking the Bank

Budget isn’t an excuse when it comes to security. Here are 3 security-enhancing fixes that don’t require big investments:

  1. Take Inventory:Many businesses have overcomplicated computer systems that are outdated, poorly secured, and not even business critical. Identify these.
  2. Talk Security:Employees are your greatest security threat. Talk to them about averting phishing email threats, frequently updating passwords, and staying safe while working at the office or remote.
  3. Don’t Fear the Cloud and Managed Services:Don’t let paranoia keep you from moving email, backup, and file sharing to the cloud. It saves money and is often safer. A managed services provider can also take over both routine and complex security tasks.

Don’t Be Forced Out of Business By Cybercrime

According to the National Cyber Security Alliance, one out of every five small-and-medium sized businesses is hit by cybercrime each year. Roughly 60% of these SMBs are out of business within six months of an attack.

Today’s cybercriminal doesn’t discriminate by business type or size. They look for exposed security cracks and vulnerabilities that are rife with opportunity. Don’t be the type of ignorant and defenseless SMB they typically feed on.

Share this
01 Sep

Office 2007 End of Life roadmap – Part II

As we reminded you last week, Office 2007 will reach End of Life on October 10, 2017. If you haven’t already begun to upgrade your Office 2007 environment, we recommend you start now.

Almost all Microsoft products have a support lifecycle during which new features, bug fixes, security fixes are provided to customers. Such lifecycle typically lasts for 10 years from the date of the product’s initial release. When Office 2007 reaches its End of Life on October 10, 2017, Microsoft will no longer provide:

  • Technical support for issues
  • Bug fixes for issues that are discovered
  • Security fixes for vulnerabilities that are discovered

In addition, as of October 31, 2017, Outlook 2007 will be unable to connect to Office 365 mailboxes, which means Outlook 2007 clients using Office 365 will not be able to receive and send mail. Microsoft customers have three options to choose from, which we shortly described in our previous blog post. Here we want to focus on upgrading to Office 365 ProPlus.

What is Office 365 and Office 365 ProPlus?

Office 365 refers to subscription plans that include access to Office applications and other cloud services, including Skype for Business, Exchange Online, and OneDrive for Business. Office 365 ProPlus is the version of Office that comes with many Office 365 plans. It includes the full versions of Word, PowerPoint, Excel, Outlook, OneNote, Publisher, Access, and Skype for Business. Unlike Office 2007, Office 365 ProPlus is a user-based service that allows people to access Office experiences on up to 5 PCs or Macs and on their mobile devices. For information about the new features available in Office 365 ProPlus, see What’s new in Office 365.

Here is a roadmap for your upgrade to Office 365 ProPlus:

  • Review the system requirements for Office 365 ProPlus – before upgrading to Office 365 ProPlus, you need to verify that your computers meet or exceed the minimum system requirements. The Office 365 ProPlus requirements are the same as the Office Professional Plus 2016 requirements. In addition, you should review the system requirements for your Office server workloads. For example, Exchange 2007 does not support Outlook 2016.
  • Plan for Office 365 – because Office 365 ProPlus comes with many Office 365 plans, you should review your current Office 365 capabilities as part of planning an upgrade to ProPlus. Prior to deploying ProPlus, for example, you should ensure that all your users have Office 365 accounts and licenses.
  • Assess application compatibility – to ensure a successful upgrade, we recommend identifying your Office applications, including VBA scripts, macros, third-party add-ins, and complex documents and spreadsheets, and assessing their compatibility with Office 365 ProPlus.
  • Assess your infrastructure and environment – to decide how to upgrade to Office, you should evaluate your infrastructure and environment, including the following:
  • Number and distribution of your clients, including required languages.
  • IT infrastructure, including operating systems, mobile device support, user permissions and management, and software distribution methods.
  • Network infrastructure, including connections to the Internet and internal software distribution points.
  • Cloud infrastructure, including existing Office 365 capabilities, user licensing, and identity.
  • Choose how you want to deploy Office 365 ProPlus – you can deploy ProPlus from the cloud, from a local source on your network, or with System Center Configuration Manager. Which option you choose depends on your environment and business requirements.
  • Choose how often to update Office – with Office 365 ProPlus, you can control how frequently your users receive feature updates to their Office applications.

Here are some special considerations you should take into account while preparing the upgrade to Office 365 ProPlus

The Office Customization Tool is not used as part of the Office 365 ProPlus installation. Instead, you can customize the installation for your users with the Office 2016 Deployment Tool.

Removal of InfoPath from Office 365 ProPlus. InfoPath 2013 remains the current version and therefore won’t be included in the Office 2016 version of Office 365 ProPlus. When you upgrade an existing installation of Office 2007 to the Office 365 ProPlus, InfoPath is removed from the computer. If your users still need to use InfoPath, the 2013 version of InfoPath will be available for installation on the Software page in the Office 365 portal.

Share this
03 Aug

Introducing Microsoft 365

Last month at Inspire, Microsoft unveiled Microsoft 365, which brings together Office 365, Windows 10 and Enterprise Mobility + Security, delivering a complete, intelligent and secure solution to empower employees. It represents a fundamental shift in how we will design, build and go to market to address our customers’ needs for a modern workplace.

With more than 100 million commercial monthly active users of Office 365, and more than 500 million Windows 10 devices in use, Microsoft is in a unique position to help companies empower their employees, unlocking business growth and innovation. To address the commercial needs from the largest enterprise to the smallest business, the company is introducing Microsoft 365 Enterprise and Microsoft 365 Business.

Microsoft 365 Enterprise is designed for large organizations and integrates Office 365 Enterprise, Windows 10 Enterprise and Enterprise Mobility + Security to empower employees to be creative and work together, securely. Microsoft 365 Enterprise:

  • Unlocks creativity by enabling people to work naturally with ink, voice and touch, all backed by tools that utilize AI and machine learning.
  • Provides the broadest and deepest set of apps and services with a universal toolkit for teamwork, giving people flexibility and choice in how they connect, share and communicate.
  • Simplifies IT by unifying management across users, devices, apps and services.
  • Helps safeguard customer data, company data and intellectual property with built-in, intelligent security.

Microsoft 365 Enterprise is offered in two plans—Microsoft 365 E3 and Microsoft 365 E5. Both are available for purchase as of August 1, 2017.

Microsoft 365 Enterprise is built on the foundation of the highly successful Secure Productive Enterprise, which grew seats by triple digits in the last year. Going forward, Microsoft 365 Enterprise replaces Secure Productive Enterprise to double-down on the new customer promise of empowering employees to be creative and work together, securely.

Microsoft 365 Business is designed for small- to medium-sized businesses with up to 300 users and integrates Office 365 Business Premium with tailored security and management features from Windows 10 and Enterprise Mobility + Security. It offers services to empower employees, safeguard the business and simplify IT management. Microsoft 365 Business:

  • Helps companies achieve more together by better connecting employees, customers and suppliers.
  • Empowers employees to get work done from anywhere, on any device.
  • Protects company data across devices with always-on security.
  • Simplifies the set-up and management of employee devices and services with a single IT console.

Microsoft 365 Business is available in public preview starting August 2, 2017. It will become generally available on a worldwide basis in the fall (CYQ3) of 2017.

As a part of Microsoft commitment to small-to-medium sized customers, they’re also announcing the preview of three tailored applications that are coming to Office 365 Business Premium and Microsoft 365 Business:

  • Microsoft Connections—A simple-to-use email marketing service.
  • Microsoft Listings—An easy way to publish your business information on top sites.
  • Microsoft Invoicing—A new way to create professional invoices and get paid fast.

 

Share this
22 Jun

New PowerPoint and Word Viewers

Last week Microsoft announced a new, streamlined web experience for instantly viewing Word and PowerPoint files in One Drive and SharePoint Document Libraries. The PowerPoint and Word Viewers are new Office 365 features and you’ll begin seeing these new features in the coming days. You’ll notice the following with the viewers:

  • they load instantly, in line with your files, just like you’re used to with popular file formats like PDF, photos, and videos;
  • as much clutter on the screen as possible has been reduced so that you can focus on reading the content;
  • you still have access to the same capabilities you use in OneDrive and SharePoint – including editing the document in your browser or Word and PowerPoint clients;
  • you can share, rename, download or see file information (using the details pane of the file you’re viewing);
  • company Shareable Links for Word and PowerPoint files are now part of this experience;
  • the viewing canvas is getting a fresher look and feel with lighter colors and more purposeful spacing that helps you focus on the content – aligning more to other Office 365 experiences.

These features will be gradually rolling out in the following days, and the roll-out will be completed by the end of July. The best part is that you don’t need to do anything to prepare for this change, but you may consider updating your user training, and notifying your help-desk.

Share this
12 Jun

Introducing Groups in Outlook for Mac, iOS and Android

More than 10 million people rely on Groups in Outlook every month to work together and get things done. Groups in Outlook has been proved useful as it offers huge improvements over traditional distribution lists, with a shared space for group conversations, calendars, files and notebooks, the convenience of self-service membership and much more.

In April, 2017 Microsoft launched Groups in Outlook for Mac, iOS and Android. Since Groups is already available in Outlook for Windows and on the web, now you can access your group conversations and content no matter which platform you use.

With these updates, you can:

  • View your group list.
  • Read and reply to group conversations.
  • Add group events to your personal calendar.
  • View unread messages sent to the group.
  • View group details within the group card (Outlook for iOS and Android only).

In addition to bringing groups to more Outlook apps, Microsoft has released several new features for Groups in Outlook on other platforms:

  • Give guest access—Last fall, Outlook on the web was updated to give customers the ability to set up guest accessfor people outside their organization, set group classification as defined by Office 365 admins, and view usage guidelines. Now, these same capabilities are available in Outlook for Windows.
  • Invite people to join—in order to simplify inviting multiple people to join a group, Microsoft released the Invite to joinfeature to Outlook on the web, which lets customers create invitation links and share them with others via email or other channels, giving them a quick way to join the group.
  • Multi-delete conversations—Group owners can now multi-select conversations and delete them from the group conversations space in Outlook for Windows.
  • Send email as a group—Office 365 admins can grant send-as and send-on-behalf-of permissionsto members of a group using the Exchange admin center. Group members who have these permissions can then send emails as the group, or on behalf of the group, from Outlook for Windows and Outlook on the web.

 

Share this
09 May

Your front door is talking

NPO's and volunteer security nightmare,
If you’ve been following the news, the Internet of Things is getting increasing attention. You’re probably also thinking this is some Silicon Valley fancy thing that will take years to reach the rest of us.Not really. You probably already have some items of your own tied into the Internet of Things.

First of all, what is the I of T? Simply, it is any object that collects data about itself or its surroundings, and then transfers that data across a network to some other object, which can then make use of that data. For example, if you have a baby monitor that sends crib pictures from upstairs to your phone, you’re tied into the I of T.

But what about business people? Where is it showing up in the workplace? You may have security cameras tied to a network where they can be monitored by a PC or phone. A front door lock that can be remotely opened via phone. A thermostat that can changed by the same phone. Internal lights that go on when you phone approach. All of these are part of the Internet of Things.

If you have questions about whether being tied into I of T presents a data security issue or hacking threat, you should contact a service consultant to discuss these issues. Headlines are now appearing about hacking into the I of T for nefarious purposes. It is a good idea to stay ahead of the curve because as a business, data security is a revenue-critical issue. Seriously, you don’t want the front door telling someone your client’s private data.

Share this
04 Apr

Higher goals get dragged down by Tech: The NPO story

Higher goals get dragged down by Tech: The NPO story,

If you are a smaller Not-for-Profit, it is likely that your organization has been driven from its inception by individuals strongly motivated with a passion for their cause or humanitarian goal. As a result, it is also possible that the leadership has little interest in developing the administrative technology infrastructure that is necessary for any organization to function in the internet age.

Failure to understand and focus on technology can damage an organization’s growth and success. However, NPO leadership has to be laser focused on the day-to-day struggles of the organization such as seeking funding, keeping the doors open, and pursuing the mission. As a consequence, technology infrastructure may be cobbled together as an afterthought; resource limitations may lead to short term tech decisions that can be wasteful and more expensive in the long term.

An NPO, with its tight budget margins, is an excellent example of an organization that could benefit from outsourcing its fundamental tech needs to a MSP. A MSP can determine short and long term needs, assess possible solutions, and propose the most cost effective tech solutions to ensure a stable, long-term tech infrastructure. Without the time or stomach for administrative distractions, NPOs may continue to use the break/fix model, making less informed tech decisions that may ultimately waste precious resources. Good and careful planning with a professional can mean a better strategic use of organizational resources far into the future.

Share this
28 Mar

Password basics people still ignore

You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are careless with passwords. These simple tips will help you safeguard your data:

  • Change Passwords – Most security experts recommend that companies change out all passwords every 30 to 90 days.
  • Require passwords that mix upper and lowercase, number, and a symbol.
  • Teach employees NOT to use standard dictionary words (in any language), or personal data that can be known, or can be stolen: addresses, telephone numbers, SSNs, etc.

Emphasize that employees should not access anything using another employee’s login. To save time or for convenience, employees may leave systems and screens open and let others access them. This is usually done so one person doesn’t have to take the time to logout and the next take the effort to log back in. Make a policy regarding this and enforce it. If you see this happening, make sure they are aware of it.

These are just a few basic password hints, but they can make a difference.

Share this
21 Mar

You’re Fired! Now Give Me Your Password

Losing an employee is not usually a good experience. If they leave voluntarily, you lose a valuable asset. If they have to be fired, you have the arduous task of the progressive discipline process and the final termination meeting. But there are other concerns that arise when an employee leaves. Those concerns are security and their access to company data.

Here are some considerations regarding passwords and voluntary termination (A.K.A. resigned) or involuntary termination (A.K.A. fired.) It is important you have a process in place so that whenever a termination occurs, nothing slips through the cracks regarding corporate data security.

When you dismiss an employee, you should immediately change out all passwords for anything the employee had access to. Because almost all terminations should be planned, you should also define the process for canceling access. It is unwise to cancel prior to the termination meeting. If you do that, you create the potential for a confrontation when they arrive at work and find their passwords have been disabled. Instead, plan ahead and assign someone to disable their passwords during the time you are having the termination meeting. Before the meeting, be sure you have a list of all access cards, keys, etc. prepared so they can be cancelled before the employee leaves the building.

Voluntary terminations ­- Different firms have different policies handling resignations. Depending on the specific position, an employee will be permitted to continue working during their 2 week notice period. In that case, you need to consider if there is any possibility the employee might get up to no good during the final days. That is something only you can judge.

In some cases, firms will ask an employee to leave the facility immediately. In that case, you need to have a plan in place. You need to have a list available of all of the restricted systems to which they have access for when this situation arises. The employee should not leave the building until all of their access has been canceled.

This all may seem a bit harsh, but things have changed. 30 years ago, for a disgruntled employee to steal files, they’d be carrying out large boxes of file folders. Now, not only can they empty the building onto a thumb drive, they can take nefarious action that wasn’t possible when data was stored on paper.

Share this
28 Feb

Data Security: A People Problem

Phishing Scams – A People Problem

There are some things that only people can fix. There are many security risks to which your data is susceptible, but there is one method that remains a wonderfully effective hacking tool. That is the phishing scam. This is a legitimate looking email that asks the reader to click on a link. If clicked, the link can infect the user’s computer with malicious software that can steal passwords, logins, and other critical data. Alternatively, the email appears to be from a legitimate source, perhaps even duplicating a legitimate webpage. The distinction is that the phishing email asks the user to enter personal information, including passcodes. In either case, that is how hackers easily get into your systems.

What’s the best defense against this one? The single biggest defense is education. Training your people to be constantly wary of all the emails they receive. One way some firms are educating their people is by sending out their own “fake” phishing scams. Employees who click on the link inside are greeted with a notice that they’ve fallen for a phishing scam and then are offered tips how not to be fooled in the future. Think of it as the hi­-tech version of Punk’d.

You may not be ready to go that far, but it is important to provide ongoing training to all of your staff about phishing scams. Your staff are all critical factors in your data security plans.

Share this
14 Feb

Data Breaches are a Question of When, Not If

You hear on the news all of the time about big cyber attacks on large corporations, and even government agencies. The trouble with this news coverage is that is suggests a distorted view of where cyber attacks are taking place. These attacks are not solely hitting large organizations. Small firms represent a significant portion of those who face cyber attacks. Being small by no means keeps you immune. In fact, small firms can be used as conduits to larger organizations. That is likely what happened in the case of Target Corporation back in 2013

If  you’re a small business, then you’re a target for cyber criminals. Last year, 71% of small to medium size businesses were the victims of cyber attacks.

Today’s concern is how you would respond to an attack. 31% of small to medium businesses do not have a plan of action for responding to IT security breaches, and 22% admit that they lack the expertise to make such a plan. A data breach is disastrous.

Your response determines whether it’s a survivable disaster. You need to have a statement for customers ready, (47 states require businesses to disclose data breaches), you need to be able to quickly access backups, and you need access to professionals with experience in disaster recovery and business continuity.

Share this
07 Feb

Penetration Testing vs. Vulnerability Testing Your Business Network

Hearing “all of your confidential information is extremely vulnerable, we know this because…” is bad news, but whatever follows the ellipses determines just how bad. Consider two scenarios.

  1. “All of your confidential information is extremely vulnerable… we know this because a hacker took all of your customers’ credit card info and locked all of your files behind ransomware.”
  2. “All of your confidential information is extremely vulnerable…we know this because we did a vulnerability scan of your network, and have some suggestions on how you can improve.” 61% percent of small businesses are victimized by cyber attacks each year, and one in five victims do not survive. It is financially worthwhile to make sure that you end up being the person hearing the latter sentence.

Scenario 2 describes the statement after you have had a vulnerability test conducted. A vulnerability test is a comprehensive audit of security flaws that a hacker could exploit, and the possible consequences. This is the equivalent of a doctor giving a physical examination. This information will allow you to know what your risks are and plan your security policies accordingly.

Vulnerability tests should be conducted quarterly, and can be done by in-house IT or outside consultants.They should be done quarterly, or whenever you are incorporating new equipment into your IT network.

What is a pen-test: A pen-test is a simulated attack on a network to test the strength of its security. Usually, the pen-tester will have a specific objective (e.g. “compromise this piece of data…) A vulnerability scan tells you “what are my weaknesses?” and pen­test tells you “how bad a specific weakness is.”

How often should you pen-test: Different Industries will have different government mandated requirements for pen­testing. One of the more broad reaching regulations, the PCI DSS, for example, requires pen-testing on an annual basis. However, it is prudent to go beyond the legal minimum. You should also conduct a pen-test every time you have

  • Added new network infrastructure or applications,
  • Made significant upgrades or
  • Modifications to infrastructure or applications,
  • Established new office locations,
  • Applied a security patch
  • Modified end user policies.
Share this
01 Feb

5 Ways SMBs Can Save Money on Security

5 Ways SMBs Can Save Money on Security

Small-to-medium sized businesses and large enterprises may seem worlds apart, but they face many of the same cyber-security threats. In fact, in recent years, cyber-criminals have increasingly targeted SMBs. This is because it’s widely known that SMBs have a smaller budget, and less in-house expertise, to devote to protection. Thankfully, there are several things SMBs can do today to get more from even the most limited security budget. And, no, we aren’t talking about cutting corners. Far too often, SMBs cut the wrong corners and it ends up costing them more money in the long run. It’s a matter of taking a smarter approach to security. Here are five smart approaches to take

  • Prioritize – Every business has specific areas or assets critical to its core operations. Seek the input of valued staff and team members to determine what these are. Is there certain data that would be catastrophic if it was lost or stolen? If hackers compromise a network, or prevent access to certain applications, how disruptive would it be to daily business operations? What kind of potential threats or vulnerabilities pose the greatest risk to the company or your customers/clients? Focus on the most likely risks, not theoretical risks that “could happen.” Asking such questions gives you a clearer more complete perspective as to where to focus available security resources.
  • Develop and Enforce Policies – Every SMB needs to implement a security policy to direct employees on appropriate and inappropriate workplace behaviors relative to network, systems, and data security. Merely drafting this document isn’t enough. Employees must be held accountable if they fail to adhere to policy. Such policies should be updated regularly to reflect new technology and cultural shifts. For example, a document written before social media took off, or before the BYOD (Bring-Your-Own-Device) movement, doesn’t necessarily apply today.
  • Education – Ongoing end user training must be provided. Many security breaches happen because employees fail to recognize phishing schemes, open emails from unknown sources, create poor passwords that are seldom changed, and don’t take proper precautions when using public Wi-Fi connections on personal mobile devices also used for work.
  • Take to the Cloud – Running applications and servers in-house is a costly endeavor. Leveraging the cloud today allows SMBs to cut costs while also strengthening their security. Cloud operators typically have built-in security features, alleviating SMBs of the burden of maintaining security themselves. Today, not only can SMBs shift much of the burden of IT to the cloud, but they can also outsource much of their security by taking advantage of the remote monitoring, maintenance, and security tools provided by Managed Service Providers (MSPs).

Don’t Aim for Perfection – There is no such thing as perfect security. Striving for perfection is expensive and can prove to be more costly in the end. Improving protection and response would be a more ideal allocation of funds. It can take a hacker several months to figure out your systems and do real damage. Having the ability to quickly detect their presence, and mitigate any potential damage they may cause, is a more realistic and less expensive approach than thinking you can completely remove any probability whatsoever of a hacker breaching your system

Share this
18 Jan

Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe

Understand How Data Loss Can Happen…

Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe

Not too long ago, the New York Times’ website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company’s website? What’s to stop someone from sending visitors of your site to an adult site or something equally offensive?

The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspapers’ Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Times’ attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted. Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now…
There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road.

Here are a few ways to stay safe

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

So what else can be done?

Set Up a Registry Lock & Inquire About Other Optional Security

A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

Share this
04 Jan

Cloud Monitoring Can Be the Difference Maker for SMBs

Mitigate Costly New Technology Risks for Continued Stability and Profitability

Cloud Monitoring Can Be the Difference Maker for SMBs

It’s a fast-paced world. Not only do people want things, they want things right now. This sometimes-unnerving need for instant satisfaction has only intensified now that we have Wi-Fi and mobile devices that keep us connected regardless of where we are, what we’re doing, or the time of day. There is no longer any tolerance whatsoever for waiting. A business with a website that fails to load, or loads too slowly, will lose customers and leads to competitors.

So what has your business done to address this need for constant accessibility and optimal uptime? Do you feel you’re doing enough to meet the demands and expectations of your customers, new business prospects and those who have just now found you on Google?

If you’re a small-to-medium sized business owner, do you have confidence in your technology infrastructure? Can you say with certainty that your website, internal server, and mobile applications function smoothly, efficiently, and correctly?

When your IT team leaves work to go live their lives, are you confident that things won’t go bump in the night? That you won’t be ringing their cell phone while they’re out having dinner with their family, or worse yet, sleeping?

If you answer no to these questions, you may be one of the many small business owners who could benefit from cloud monitoring. And you’ll be pleased to learn that cloud monitoring can significantly improve all facets of your business – especially your service, productivity, reputation, and profitability.

What is the Cloud?

According to a study conducted by Wakefield Research, 54% of those questioned responded that they’ve never used cloud technology. However, the truth is that they’re in the cloud everyday when they bank or shop online and send or receive email.

Business owners, specifically non tech savvy small business decision makers, are still apprehensive when it comes to moving their server and web monitoring services to the cloud.  But FDR’s famous quote, “The only thing we have to fear is fear itself,” definitely applies here.  The cloud is nothing more than moving the storage and access of your data programs from a computer’s physical hard drive to the web. There is nothing to fear.

Benefits of Cloud Monitoring

Obviously, these physical and virtual servers, their shared resources, and the applications they run on, must be monitored. This can be done from multiple remote locations and it’s called cloud monitoring.

Cloud monitoring makes it easier to identify previously unseen patterns and potential problems within your infrastructure–issues that may be too difficult for any in-house support staff to detect. For instance, monitoring ensures that your site is delivering accurate page content and is meeting anticipated download speeds. It can detect unapproved changes, website tampering, and compromised data.

The continuous analyzing and testing of your network, website, and mobile applications can reduce downtime by as much as 80%. The speed and functionality of e-commerce transactions are also optimized. Additionally, cloud monitoring tests your email server at regular intervals, which minimizes failure deliveries and other issues pertaining to sending and receiving emails.

Clearly, all of the above, along with the alerts that help identify and fix issues before they become catastrophes, make cloud monitoring an attractive way to gain insight into how end-users experience your site, while also enhancing their overall experience.

Share this
07 Dec

The Good, The Bad, and the Ugly of Mobility and BYOD

The Good, The Bad, and the Ugly of Mobility and BYOD

There are a lot of advantages to mobility in today’s workforce, but the Bring-Your-Own-Device (BYOD) movement has also brought its share of headaches as well.

We live in a society where everyone must have the newest technology. We are inundated with ads reminding us that the smartphone or tablet we just bought a year ago is laughably outdated and inferior to the upgrade that just hit the market.

People who have just bought the latest technology don’t want to have to set it aside to use a separate company-issued device. As a result, businesses are beginning to grant these employee-owned devices access to their file and email servers, databases, and applications.

While this brings certain competitive advantages to employers, it naturally carries many risks, too.

Let’s begin with the pros of BYOD…

The Advantages of BYOD

Greater Flexibility and Productivity – Personal devices allow workers more flexibility, which in turn can increase productivity. Today’s employee isn’t restricted to their office workstation or cubicle. They can carry out job responsibilities from home, a coffee shop, their child’s dance recital, or while traveling.

Reduced Costs – Purchasing even the most basic Blackberry for an employee can cost a company $900+ per worker. Costs like that can be completely eliminated by adopting a BYOD policy where employees are required to use their own device.

Happier Employees/Attractiveness to Job Seekers – Recent studies have found that 44% of job seekers are attracted more to employers who are open to BYOD and occasional remote work. Beyond this hiring advantage over competition, it has been found that employees as a whole are generally happier using the devices they own and prefer for work purposes.

Better Customer Service – This goes hand and hand with more flexibility and productivity. Mobility allows employees to occasionally resolve or escalate urgent client issues outside of normal working hours, and clients remember that kind of response time.

And now the cons of BYOD…

Disadvantages of BYOD

Compromised Data Security – Unfortunately, letting employees use their own smartphones, tablets, and laptops increases the likelihood of sensitive company or customer/client data being compromised. It is important for companies to establish a comprehensive mobile device security policy and never make any exceptions to it whatsoever. Really. No exceptions. Ever.

Employee Privacy – Many employees may oppose using their own devices for work, especially if it’s a company requirement that they aren’t reimbursed for. You have to remember that these are the same devices employees use to log into their Facebook and Twitter accounts or do their online banking. In this age of constant paranoia over big brother watching our every move, employees may be concerned that their employer will spy on them or access their personal passwords and information.

Handling Employee Turnover – Companies must consider how they will address the retrieval of company data and information from an employee’s device if the employee either quits or is fired. Some companies may require that employees only save or edit company files on their servers or use cloud-based sharing software like Dropbox to share and edit docs.

The Importance of a Mobile Device Management Tool

Obviously, businesses must keep track of all of the devices that access their server, applications, and data. Mobile Device Management helps enterprises centralize what is an otherwise chaotic hodgepodge of devices and operating systems. This ensures that all devices are configured, deployed, and properly monitored and managed. This is a smart way for businesses to embrace BYOD while securing data and applications across multiple devices.

Share this

© 2017 Network it Easy, Inc. All rights reserved.