NetStandard | Kansas City's Managed Technology Leader | Sales: 913-428-4202 | Support: 913-428-4200
Posted by: In: Uncategorized 13 Jul 2018 0 comments

 

 
SMBs: It is Hackers v. You – Don’t Let Them Score
 
Selling stolen IDs and other personal data is a lucrative trade for hackers. They are always looking for sources where vital information is stored. As a small to midsize business you store your client’s personal information, collected from different sources, on your computers and servers. Your Point-of-sale (PoS) terminal and some website transactions can be completed by use of electronic banking, credit cards or debit cards only. Your customers have to key-in their pins or passwords to make payments. That information has to be saved. Also, depending on the kind of services or products you provide, you may be collecting Social Security numbers, addresses, driver’s license numbers and DOBs of your clients. Information that personal is as important as it can get. Any source of that information is like a gold mine for a hacker. All this means only one thing for you: A data security nightmare.
 
Here are the channels hackers can use to break into your IT infrastructure
  • Your website: Hackers have become very sophisticated in cyber attacks on websites. They can access specific information by targeting websites that have the information they are looking for. For example, if they want only financial information about their victims, they can use tools that will fish for the websites that carry that kind of information. Implementation of web-based applications has made it easier for cyber criminals to connect to your website data base. They are able to find the loopholes and hack into systems. They can then access your customer’s personal information, allowing them to steal from your clients by committing credit card and bank fraud. Or they can just sell your client’s info on the Internet.
  • Your computers and servers: Your computers and servers are treasure-troves of information. By sending malware into your systems they can steal your admin passwords, and then login to your servers and other network devices. These hardware devices are the ultimate prize for cyber thieves because these devices not only hold important information about your clients, they also have all the information about your business and possibly about your vendors and associates. There is nothing about your business that these hackers don’t know. Imagine how devastating this attack can be.
  • Mobile devices used by your employees: If you are one of those entities that allow their employees to use their mobile devices to conduct business, you have another security dimension to worry about. You don’t know how secure their mobile phones, iPads, laptops or tablets are. You don’t know how hard or easy their passwords are to crack. Breach of security into those devices will lead hackers right into your networks where they can steal data at will.
  • Unsecure Wi-Fi network: Most businesses keep their Wi-Fi networks well protected, but unsecured Wi-Fi is an open invitation to cyber criminals. If your Wi-Fi network is not secure, hackers are one step closer to breaking into your systems without even trying.
  • Your PoS systems: PoS systems are the prime targets for hackers who want to commit financial fraud. Cyber thieves know that PoS systems that come with pre-loaded software can be hacked using an unsecured Wi-Fi network. This fraud has a direct impact on an individual’s finances because a hacker can make unauthorized credit card charges quickly and move on before anyone realizes what happened. Ruined credit can take years to mend.
  • Your emails: Email is another venue that hackers use to infect computers with malicious software. They send viruses that replicate themselves in the host computers, performing various tasks such as denial of service to the users of your systems, spamming your contacts and accessing data without authorization.
Summary: After reading this article you probably feel like you are in cyber warfare with hackers and your IT infrastructure is the battlefield. You are absolutely right. Hackers are relentless and they are devising new methods all the time to steal from businesses. But this is one fight you can’t let them win. Protecting client data is not just a moral obligation. You are legally bound by the privacy laws to protect this information by all means. Breach in data security can ruin your reputation, and the financial liability to meet legal obligations may become too much to sustain.
So how do you fight this war in which you have to make certain that there is only one winner? Outsource your IT managed services to professionals who will monitor your networks 24/7 from a remote location. Your in-house IT management team may be able to fix problems, but it is important that proactive solutions are in place in case there is data loss as a result of a breach. Managed services can create solid data backup & recovery plans that will have your systems up and running quickly, so you can reduce downtime and protect your revenue.

Posted by: In: Uncategorized 11 Jul 2018 0 comments

As organizations explore and define their cloud strategy, they readily identify the expected benefits including reduced capital investment, improved geographic diversity, scalability, agility, and performance. What the cloud can bring to a given scenario varies, but most organizations can find some clear-cut benefits. So, what are the challenges?

Any system or device connected to a network can be compromised and, if the data is sensitive, the reputation and economic risks grow for the data owner. Cloud-hosted solutions offer both hardware and software on demand over the Internet. Since they are provided over the Internet, the systems themselves are subject to attack. It is only through well-constructed controls that data and systems can be safe.

Public cloud providers know keeping their cloud secure is essential to ensuring efficiency and maintaining the credibility of their business. Cloud customers reap the benefits of the public cloud provider’s security but must recognize that they are in a shared security model where they own the risk scenarios associated with the applications and data they implement.

Exposure of sensitive information including personally identifiable information (PII), personal financial information (PFI) or personal health information (PHI) constitutes a data breach subject to fines and legal action.

Risks for an organization rise when they don’t review their risks and apply strong controls. Fortunately, public cloud providers offer cloud-based controls that can mitigate the risks incurred. Key areas that should be considered in a risk-based approach include:

Identity Management
Cloud-based identity management provides users with efficient access to applications, data and network services. One of the true benefits of public cloud providers can be the low-cost, rapidly deployed single sign-on and identity management solution that can be implemented. These identity management solutions are not just limited to applications hosted in the cloud provider’s space, but can also bring benefits to other application access offered by other software as a service or on-premise solutions.

Help desks become more efficient as users are no longer burdened with the need to reset passwords for users who had to remember separate User IDs and passwords for each system. The solutions also typically offer advanced security features like multi-factor authentication.

Rights Management
Public cloud providers offer the use of tools to grant the appropriate level of access to individual users. The recommended approach is to use the philosophy of “rights of least privilege” so that only resources with a need to access a resource, can access that resource. Ensuring data is classified provides the framework to deploy a rights management solution.

  • Data Encryption in flight and at rest
    Public cloud providers offer data encryption solutions for data in-flight and at rest on the provided storage. Encryption ensures that information cannot be easily monitored, viewed or improperly disclosed.
  • Network Security
    Cloud providers offer controls to isolate network segments to ensure data from other tenants is not accessible to or from other tenants. These include traditional concepts like firewalls, application firewalls, and network segmentation.
  • Monitoring
    Monitoring assets provide the ability to collect performance and system utilization information proactively, monitor and audit system and device logs and, based on the information discovered, proactively respond to incidents with alerts or automated actions.
    Many cloud providers offer security monitoring solutions to allow customers to monitor for unusual network traffic or connections with known bad players and alert administrators or automatically block the known bad traffic.
  • End Points
    Most organizations leverage user’s mobile communications capabilities to connect to cloud solutions from anywhere. Devices whether owned by the enterprise or end user-owned (BYOD), often exist outside the protection of internal company controls and therefore additional controls should be considered for these devices. Enterprise mobility solutions apply controls to devices to increase their safety.

There is no single formula to dictate an acceptable level of security. The security deployed must be aligned with regulatory requirements, the application architecture and an individual organization’s tolerance for risk balanced against cost. Building a cloud security strategy requires a thoughtful approach to select protections, monitoring, and governance needed to reach a level of acceptable risk.

Posted by: In: Uncategorized 09 Jul 2018 0 comments

Be Proactive: How to Avoid Potential Network Failures
 
For small- to medium-sized businesses (SMBs), an IT network failure can be devastating because they don’t have the resources of large corporations to bounce back from such disasters. Preparation against such devastation may be the only course for them to avoid failure and survive with the least damage if failure occurs. SMBs must be proactive in recognizing the eventuality of a cyber attack or human error that can cause data loss and disrupt business continuity. This is what needs to be done to help prevent a potential failure.
 
Be prepared: Being proactive is an essential step for preparation against a disaster. There are two ways to determine how to best prepare to prevent potential failure of your infrastructure. First, you need to identify the weaknesses throughout your systems, and second, determine how you are going to eliminate those weaknesses and protect your network.
 
Identify the weaknesses: Determine how and why your system could fail. Examine all aspects of your hardware and software. Assess all the internal and external factors that could contribute to failure of your networks. Here are some questions you need to know the answers to.
  • Does customer access and/or employee productivity often stall because of downed systems? In these situations, how quickly is your IT support able to minimize the damage?
  • Can you say with certainty that your business will be back on line and be able to access lost data with minimal disruption in case of failure?
  • Your critical data should be backed up frequently. The data on personal laptops, iPads and other mobile devices should also be backed up. Are all these steps being taken, and how often?
  • Are all backups stored in a location off-site and are they quickly accessible in the event of corruption, fire or flood?
  • Are you using any custom made software? Can it be reinstalled and updated when needed?
  • Are your systems truly protected from hackers and viruses? Do you change passwords when employees leave the company?
  • How often do you test your backup processes?
The answers to all these questions should give you a clear picture of your network’s ability to survive in case of a catastrophe.
Here are five steps that you can take to protect your networks
  1. Backup files every day: There are a large number of businesses that never backup data. Only 23% of SMBs are backing up their data daily, and only 50% are doing it weekly. A number of issues can result in loss of data. You should backup data every day.
  2. Check backup procedures regularly: Don’t find out accidently that your backup system is not working properly. By then it could be too late. It may seem like your data is being backed up normally, but check frequently if it is backing up the way it should be. In this age of BYOD make sure all employees are also following procedures to backup data on their laptops, iPads, etc.
  3. Make sure virus protection and firewalls are always enabled: Many companies either don’t have virus protection installed or it is disabled. That renders their networks vulnerable to virus attacks from emails, spam and data downloads. Corrupted files will not only bring your systems down but they can spread to your customers and email contacts. That will spell disaster for your reputation. Hackers are always looking for unprotected and open ports online that they can attack with malicious code or files. That can cause permanent data loss.
  4. Monitor server drives: Dangerously full server drives can cause many problems, ranging from program crashes to sluggish email delivery. Servers should be monitored and maintained regularly to avoid these problems.
  5. Check built-in logs: Frequent reviews of built-in logs can reveal small issues. You will have a chance to prevent them from becoming bigger, harder-to- manage problems that can bring your systems down.
Summary: We now know IT system failures have very serious consequences for SMBs. We also know that they can avoid such failures by being proactive. Many SMBs are now turning to cloud-based services and virtualized backup solutions to mitigate downtimes and network failures. Virtualization and cloud computing have enabled cost-efficient business continuity by allowing entire servers to be grouped into one software bundle or virtual server – this includes all data, operating systems, applications, and patches. This simplifies the backup process and allows for quick data restoration when needed.

 

Posted by: In: Uncategorized 07 Jul 2018 0 comments

 

 
Everyday Human Error Can Affect Data Protection
 
Are you under the impression that data loss is all about putting up firewalls to protect against evil cyber attacks? Some of the biggest sources of data loss include sloppiness, human error, and just plain forgetfulness.
 
What are some of the unglamorous things that we do every day that leave us vulnerable?
 
Passwords
Old or easy passwords are a good first example. Employees set up simple passwords that are easy to crack. More importantly, employees may share passwords, and many often fail to create new ones on a frequent basis. Both of these represent critical breakdowns of good data protection practices.
 
Emails
Another significant problem caused by bad judgement is the tendency of people to open phishing scams. Most everyone now knows about the Nigerian who wants to send money to your bank account, but many new scams come along everyday and people fall for them. This is such a serious source of virus infection that some companies now deliberately send out their own phishing email to teach workers not to open anything from an unknown source. (The employee who opens one of these gets a pop up screen that tells them they’ve been tricked and then offers guidelines for identifying bad emails.)
 
Browsing the Web
Bad websites. Yes, everyone has policies about internet use at work, but that doesn’t mean people pay attention and don’t visit places they shouldn’t. Most significantly, a lot of those “sites they shouldn’t visit” are far more likely to be infected than CNN, Ebay or Amazon!
 
Losing Your Belongings
And finally there is just old-fashioned forgetfulness. Phones left on a barstool. Or the bus. Sigh. There isn’t much more to be said about this one.
 
To learn more about the risks that your employees pose to your business’s data integrity, see our e-guide “Now you see it, There IT…Stays“.