Make those minutes count

Staying Safe: How to Prepare for Ransomware

RansomwareThe cybercrime game can be faddish at times, with cyber crooks all briefly piling on the “flavor of the month” attack before collectively moving on to the next big thing. One thing we can be certain of after the past year, however, is that ransomware has been added to the regular menu. It’s here to stay.

How Ransomware Works

It’s no wonder the dark underbelly of the internet is so taken with ransomware attacks. For keyboard-based ne’er-do-wells it really is the gift that keeps on giving.

A ransomware attack begins much like any other cyberattack. The bad guys get into the target system by the usual methods; most frequently via a phishing email or a spear-phishing email. This opening is used to plant the malware, and it is the nature of this malware package that sets ransomware apart.

The malware, once it gains access to the system, encrypts all the data it can find with an encryption key known only to the bad guys, who then demand lots and lots of money in exchange for getting the data back.

To Pay or Not to Pay?

A business that has been hit with a successful ransomware attack usually has only 2 options: say goodbye to the data, or pay the money.

No business can afford to lose all their data, so most companies end up paying the ransom, but this has unintended consequences. Now that the bad guys have access to the system, it’s trivial for them to get back in at a later date – some even go so far as to install a backdoor into the system so they can come and go as they please. Having walked away richer the first time, what’s to stop them from going back to the well a second or even third time? They know that the company is willing to pay, and so they make the company pay.

Thankfully, while the consequences of a ransomware attack can be more dire than other types of attack, they are no more difficult to prevent, or to deal with afterwards – given a certain amount of preparation.

Ransomware Defense

The first line of defense is prevention, and this involves solid email security that can detect and remove email-based threats before they reach the recipient. Another key part of prevention, or at least mitigation, is implementing a multi-layered security solution so that breaches can’t compromise the entire system. 

Finally, under preparation and aftermath, companies need to establish and follow a business continuity plan that incorporates real-time backups of all important data.

Real-time backups can allow companies to more or less ignore ransom demands. If infected with ransomware, they can simply roll back the clock to a point before the malware hit the system and continue on, as if nothing had happened, with minimal data or productivity loss.

Conclusion

According to the FBI, ransomware attacks in 2015 were responsible for ransom payments of just over $1.5 million. In 2016 that amount was almost a thousand times more – close to $1 billion. This huge increase is because of two factors: ransomware attacks are hard to stop, and the bad guys are almost impossible to catch.

If the numbers above are any indication, it will be almost impossible for most businesses to avoid a ransomware attack in 2017. Given an environment where ransomware attacks are an inevitability, being properly prepared is the only viable option.

Security Budgets Continue to Soar, But Is It Enough?

SecuritySecurity is now a vital concern for businesses across several industries. However, investments in privacy and defense should have been implemented years ago. With cyber crime now an international epidemic, why have so many companies waited so long to invest in cybersecurity measures? The following sheds some light on whether or not it’s too late to invest in cybersecurity.

Cybersecurity Is an Increasing Concern

Cybersecurity is a growing concern for many businesses, and the number of high-profile breaches continues to grow each year. In 2015, there were approximately 781 data breaches across the U.S. – the second highest year on record for security invasions. According to industry monitors, 40% of those breaches happened entirely in the business sector.

With this in mind, industry experts have predicted mass-scale investments in cybersecurity for 2017. Here are a few statistics based on Business Insidermagazine and other industry publications:

  • An estimated $655 billion will be invested in cybersecurity measures between 2015 and 2020.
  • Nearly $2.77 trillion in security investments was estimated for 2016 – far above the $75.4 billion in spending that took place in 2015.
  • These numbers suggest that businesses are just now catching on to the importance of cybersecurity.

Are Recent Security Investments Enough?

Are these recent security investments enough to combat the rising number of intrusions? According to Radware, companies that are only now investing in cybersecurity protocols are way behind. This is due to new threats that are evolving at rapid rates, so much so that even the latest security applications and programs are not able to contest new strains of malware, adware, and other viruses.

Companies cannot afford to sit around and wait for the next best cybersecurity solution. Industry experts recommend the following:

  • Never procrastinate when it comes to protecting enterprise hardware, software, applications, and general infrastructure.
  • Work with leading vendors to develop a sound and proactive security platform that can combat prior and new threats.
  • Strong security platforms are based on solid foundations; core policies and processes for data availability, integrity, access, and confidentiality must be in place.

 

The Rising Costs of Security

IBM recently estimated that the average cost of security breaches in 2016 was $4 million. This was up from $3.8 million in 2015 – and is slated to grow even more in 2017. With this in mind, businesses have to stop scrambling with last minute endeavors to protect corporate data. They simply need to agree on one comprehensive and cohesive security platform that will prevent massive revenue losses.

The longer businesses wait to implement cybersecurity initiatives, the more susceptible they will be to digital intrusions. It will also be harder for them incorporate security measures in the future, especially if infrastructure has already been jeopardized.

Data Storage Is Becoming Cheaper, but More Complex

There’s good news for companies considering outsourcing their data storage: It’s getting cheaper.

Storage outsourcing is a popular choice for many organizations and businesses as data generation increases almost exponentially. Companies are particularly interested in outsourced emergency backup and disaster recovery options. In the past, high technology costs for storage rendered outsourced options prohibitively expensive; but that is changing as costs are now driven more by management skills and tools rather than the price of technology.

Lower Costs

The decrease in technology costs is a result of several factors, including:

— A shift toward disk storage rather than more expensive tape or off-site options

— Lower media costs for solid-state drives

— More efficient management tools

— Open standards and common application program interfaces (APIs) that allow for more flexible capacity and integration of cloud options

— Options that store unstructured data

Management Complexity

The shift toward more efficient but increasingly complex storage options is creating some additional costs related to the skills and training required to manage these options. Other complicating factors include various compliance demands, security considerations, the need for frequent retrieval, and life cycle management.

One often overlooked issue with storage is that at any given time, many unstructured files should be archived because they are rarely needed. Tape storage options are ideal for archiving, while disk storage is better for files that will be accessed more frequently.

Companies frequently find that their storage performance needs fluctuate, necessitating implementation of management tools that can automate the management process. Emerging unified storage products offer simple tools that allow one-stop management of Storage Area Networks (SAN) and Network Attached Storage (NAS). Software-defined storage is also a growing trend, allowing companies to virtualize storage.

Formulate a Strategy

In order to make the best use of the available options, including outsourced storage, it is crucial to make a storage plan. The following items should be considered when formulating a strategy:

— Preferred storage tools, including well-established options and emerging technologies

–Performance, availability, and capacity requirements

–Tiering based on usage patterns

–What files can be stored on lower performing and less accessible but more cost-efficient media like tape

–How much control should remain in house and what can be outsourced

A successful storage strategy, therefore, will first examine how much and what type of data is generated, how often access is needed, and what internal and outsourced management options are available to meet the company’s needs. Understanding life cycles is crucial to creating the best possible plan.

Emerging cloud options are usually part of an end-to-end management plan for all phases of IT rather than being storage specific. Companies should be aware that moving files to and from the cloud often incurs a fee. Understanding requirements when moving to cloud storage solutions will help avoid unforeseen costs.

The Benefits

New technologies have great potential to create the efficiencies companies are looking for when managing their skyrocketing storage needs. The key to getting the most out of these technologies is understanding the business’s data storage needs and which technology and outsourced options best fit those requirements.

Contact us to explore your data storage needs and the best solutions to meet them.

Important Considerations When Setting up a Data Center

shutterstock_388249231The requirements for storage and handling of business data have changed rapidly and dramatically over the past decade, and the amount of data and the number of ways in which businesses need to interact with it will continue to increase. This is why data centers are becoming a more vital part of business strategy every day. The decisions made when implementing a data center can mean the difference between success and failure. Following are some issues to keep in mind when setting up a data center.

​Location

There are two location options available for data centers: in-house or off-site. The need to lower costs and increase reliability and security is quickly turning the in-house data center into a thing of the past. Unless a business has specific needs that can only be met by having its data center on-site, there is really no reason to take on the equipment, setup, and maintenance costs that go along with it.

​Reliability

When selecting an off-site data center, make sure to consider the provider’s track record and infrastructure with regard to power supply, networking, and geographic location – both in terms of how likely natural disasters are to affect the data, and how easy it is for IT staff to physically visit and inspect the site. Ask about a service level agreement (SLA) and guaranteed uptime, keeping in mind that 99.999% uptime is an industry standard.

Security

In addition to the standard questions about point to point encryption, firewalls, and other software-based security measures, make sure to look into the physical security employed by off-site data centers. All the network security in the world won’t help if it is easy to gain physical access to a company’s data.

Network Capacity

In addition to looking at current bandwidth needs when setting up data centers, consider future needs based on growth projections. Further, be aware of the possibility of changing needs due to increased functionality.

​Scalability

As the business grows, downsizes, or shifts from one market to another, how easy would it be to make changes to the data center? It is important that data centers are as responsive as possible to accommodate changing needs.

Backup

One of the key components of a data center is data backup. If disaster strikes, are there copies of the data? How many iterations are kept? Are backups stored at a separate physical location?

Every business has its own unique needs that must be taken into consideration. Contact us for more specific advice on how to account for your business’s data center requirements.

Making the Switch: A VoIP Adoption Checklist

shutterstock_54629416smFor any business contemplating the switch from an old-fashioned public switched telephone network (PSTN) system to Voice over Internet Protocol (VoIP), it’s easy to focus on the shiny new functionality and convenience and overlook the potential complications such a transition inevitably entails. To help avoid difficulties and maximize the benefits, here is a checklist of five things to consider before moving to a new VoIP system.

 

How Many Users?

Whether considering hosted VoIP or a premises-based system, it’s important to take into account the size of the user base before signing a service agreement or provisioning the hardware. Ensure that the service provider is capable of accommodating the number of users on the system in addition to enabling potential growth. To that end, it is a good general guideline to add 20% to the maximum projected user count for the next 12 months when calculating how much capacity the new VoIP system will need to support.

How Much Data?

In addition to considering the number of users on the system, it is important to have a reasonably accurate idea of how much data each of those users will require, and to ensure that the network infrastructure can carry that load. On top of being able to deal smoothly with normal bandwidth requirements, a good service provider must be able to handle abnormal surges in the amount of traffic passing through the system.

Upward Mobility

Most workplaces now are mobile, with a great deal of communications and other work being performed on mobile devices. This is largely due to the fact that the vast majority of people now use mobile devices in their personal lives, and they like to continue doing so at work. It is generally better to plan for employees’ preferences to use their personal mobile devices and implement those devices properly than to allow them to be used haphazardly on the VoIP system.

Relationship Worries

Aside from the technical aspects of setting up a new telecommunications system, the relationship with the service provider is an important consideration. Look for signs that a VoIP service provider is professional and values its clients. A service provider who takes unduly long to respond to questions or continuously attempts to up-sell potential customers before they’ve even sold the service is probably not a good choice.

Hidden Costs

It’s quite easy to look no further than the startup costs when considering the effects of switching to VoIP, but a more sound approach is to consider the total cost of ownership (TCO), which includes both startup and operating costs. Hosted services might involve lower startup costs than premises-based systems, but the operational expenses are sure to be higher.

Making the switch to VoIP services can be a daunting task. By considering these five areas, the process is more likely to be successful.

The Collateral Damage of Shadow IT

shutterstock_146042084Over the past few years it’s become evident that businesses are embracing cloud services, and that trend is predicted to keep growing. An enormous risk to the security and stability of a company’s cloud potential is a problem known as “Shadow IT,” the practice where the use of certain applications and services may be occurring outside of IT’s knowledge and approval.

Shadow IT happens because employees want fast, efficient ways to get things done. However, not everyone is tech-savvy enough to know a safe application from one that could allow malware or a virus into the company’s network. Here are a few of the many ways that shadow IT hurts a business.

Inadequate Security

Not all cloud services are created equally. Some applications are designed to be tightly locked down, encrypted, and otherwise protected against vulnerability. However, others may be very lax or incorrectly configured. For example, if data encryption is used, is it outdated encryption technology? Are the encryption keys stored on the same server? Either of these scenarios could be an access opportunity for hackers. Consider the traffic flow to and from the application as well as where it is stored. All of these points must be secured for that application to be safely used.

Data Gone Wild

When a cloud service hasn’t been properly vetted by the company’s IT group, it’s hard to know where data is actually going. Customer information is one of the most valuable assets a company possesses, and it should be up to date and protected. Failing to bring IT into the picture to assess an application could mean a gap in disaster recovery or business continuity programs. In addition, having multiple storage areas for data in a cloud service may lead to business decisions based on erroneous information.

Accountability

The IT department is liable for anything that goes wrong with a company’s technology, including shadow IT problems. Regardless of whether the group knows about cloud services in use, they are charged with keeping the company’s data secure. Should a breach occur as a result of an unknown cloud service, the IT team would still be held responsible for the damage.

Standardization Is Necessary

Using a pre-approved set of cloud services helps the organization save money in a number of ways. First and foremost, the risk of a security incident is drastically diminished through the vetting process. Second, when the business sets out to acquire licensing for all applicable users, it will typically receive a volume discount for a higher number of licenses. If workers use a variety of different cloud services, this savings is negated and the company spends more on software licensing.

Most Apps Aren’t Enterprise Grade

The use of cloud services began as a consumer movement and then spread to businesses. Employees today often take the apps they’ve been using at home and try to use them at work as well. However, these apps are not built with a large organization in mind. Security, scalability, data storage, and the stability of the developing company are all considerations that IT must be permitted to assess for a new app to be approved. Many of these shadow IT choices aren’t strong enough to defend against the type of maliciousness directed at enterprises, as in the case of distributed denial-of-service (DDoS) attacks.

Shadow IT is a very real problem for companies today, and one that must be included in security planning. Encouraging employee input on new cloud services and having an efficient vetting process can mean the difference between rogue use of applications and a secure company network.

SIP Trunking Is an Asset with the Right Provider

SIP TrunkingSession Initiation Protocol (SIP) trunking replaces ordinary phone lines by using Voice over IP (VoIP) to connect to the Internet, allowing phone systems to run on Internet connections to increase efficiency and reduce costs. SIP trunking can support several signals at a time and allow for multiple simultaneous users. This service can greatly benefit enterprises if implemented properly.

Why SIP Trunking Is Helpful

SIP trunking can be used as a single solution for multiple tasks, including:

  • making local, regional, or international inbound and outbound calls;
  • providing sufficient bandwidth for emergency calls and overall Internet connections; and
  • supporting texting and email services.

The key to successful implementation of SIP trunking is the quality of the service provider. Bad providers can cause businesses to spend more for lower quality services. There are several specific issues to be aware of when choosing a provider.

Prioritization of Data and Voice Traffic

In order for SIP trunking to work effectively, each aspect needs to be organized according to a business’s priorities. For instance, if a company relies on SIP trunking for calls, then voice traffic should be the main priority instead of data. Inadequate prioritization may cause some inconveniences.

If a business has extremely limited bandwidth, voice traffic should be the main purpose for SIP. However, if there is plenty of bandwidth available, data should take top priority. Typically, both voice traffic and data are used equally when there is enough bandwidth to accommodate both.

Backup Plans

Companies may be able to rely on SIP trunking for business communications most of the time, but there’s always the potential for service interruption. If businesses want to avoid disrupted communications and subsequent downtime, multiple backup plans should be implemented. Backup plans usually involve Internet backup, second-line sources for certain types of equipment, and backup trunking providers. Solid backup plans are crucial to maintain business continuity in the event of a disaster.

Plans for Call Admission Controls

When conducting normal business communications, companies need to ensure that they still have enough bandwidth to make emergency calls when needed. This is where call admission control comes in, which is responsible for calculating how many calls a business can make while allowing for emergency calls. It requires the knowledge and experience that only a SIP trunking provider can offer. A good provider allows for enough bandwidth in the event of emergency calls.

Choosing the right provider can help companies avoid potential issues and enjoy all of the benefits that SIP trunking is intended to provide.

Weighing Your Cloud Computing Choices

shutterstock_107141402Cloud computing continues to gain attention and momentum as companies learn about and experience the benefits of Internet-based solutions. The use of cloud solutions is increasing exponentially while traditional data center computing models are declining for the first time.

Virtualization via cloud computing creates business efficiencies, adds flexibility, increases server capacity, and provides companies with the benefits of distributed data. The positives of the cloud are universal and the cloud computing market has evolved to support four primary models for cloud deployments. Each model has its own benefits and drawbacks that must be weighed when making a cloud choice.

Keep It In-House

The idea of “the cloud” gives rise to images of equipment housed and data stored in some vague place. In reality, the cloud can reside within the physical confines of a company’s premises or at a private data center.

Private cloud solutions allow companies to provide the benefits of the cloud to employees while maintaining tight control over the network equipment and applications available to them. Companies with the resources to deploy the necessary equipment and maintain it over the life of the network may gravitate toward this option, especially if in-house control of assets is a primary concern.

Third-Party Options

Some companies, particularly smaller organizations or companies that only need the cloud for a limited time, may not have the resources or time to deploy and maintain an in-house private cloud network. For these companies, the ability to flip a switch and activate cloud services without the startup cost and work is attractive.

Public cloud offerings hosted and maintained by a third-party provider might be an ideal choice for this segment. The provider services many end users with the same resources, thereby aggregating the costs among those users and allowing each to pay only for what they need, when they need it.

The Best of Both Worlds

Many companies want the simplicity, flexibility, and scalability offered by public cloud solutions, but they are hesitant to cede such a high level of control to a third party. Enter the hybrid solution, which gives companies the benefits of both models.

Using a hybrid approach, a company can still tap the resources and benefits built into the public cloud model while retaining some control within the company. This model allows a company to adjust the network to meet its changing needs. Companies can also use a hybrid approach to offload traffic during peak usage on the private network temporarily to the public cloud.

Community Cloud

A relatively new concept, the community cloud model allows equipment to be hosted either privately or publicly. Companies may use this model to test public-cloud products and features. Within this model, servers do not have to be dedicated to specific users, but can be logically segmented among several end users while maintaining the security of a dedicated environment.

Making the Choice

Choosing the right model will depend on each company’s business environment and needs as well as the type of data that will be hosted on the network. A careful evaluation of the company’s needs and how each cloud model might fulfill those needs is crucial when deciding how to deploy cloud services.

How to Keep Customers’ Personal Information Private

shutterstock_135054332The increased collection of detailed personal information by private companies is a major concern among consumers. As security breaches become more frequent, companies are under increased pressure to ensure the safety of customers’ personal information.

Consumers concerns center are the unauthorized release of personal data including chat logs, files, images and emails. These worries aren’t unwarranted, as an unsecured firm can be compromised to the point where customers’ private data could be accessed by third parties. It is the organizations’ responsibility to avoid security breaches.

Here are tips for organizations to help keep customer data safe.

Tips for Maintaining Privacy of Customer Data

  1. Make sure that your network, email protection and endpoint can effectively avoid dangerous types of files, malware and spam.
  2. Keep staff trained on how to effectively identify, report and deal with potentially dangerous emails, such as messages that include suspicious attachments or possible phishing links.
  3. Implement a patch assessment tool that automatically applies security updates to programs and operating systems, preventing potential exploits.
  4. Having a secure gateway and/or endpoint protection application can identify and prevent exploits before your systems can be hit.
  5. While many companies might believe that attackers could be satisfied with only a few pieces of private data, the reality is that these criminals want to gain full access to user databases and entire networks, where they can access all available personal information en masse. To avoid this, you might want to separate each of your own internal departments with multiple top-of-the-line firewalls, as opposed to relying on a single firewall that, once exploited, can leave all of your systems vulnerable.
  6. Device control strategies can be effective in keeping dangerous removable storage devices away. Companies can make it so that any personal data for customers is impossible to store on external devices, and avoid potential exploit kits that might be stored on them.
  7. When sharing any sensitive information internally, utilize full disc protection and securely encrypt all private information that’s located on private servers or any external devices.
  8. Make sure that you aren’t using any applications that are unnecessary and potentially detract from system security.
  9. Create and stick with a data protection policy that provides detailed instructions on how to keep all private information secure from possible threats.
  10. When transitioning to cloud services, organizations should make data encryption a top priority.

How Consumers Can Help

  1. Consumers should create strong passwords that aren’t easy to figure out, avoiding the use of any information that others may know. A good password consists of a complex combination of letters, numbers, punctuation and capitalization to make it more difficult to compromise, but consumers should create one that’s not difficult for them to recall.
  2. When making purchases with independent sellers on eBay or other online outlets, consumers should stick with PayPal or credit card payments in order to avoid scams.
  3. Consumers should always look carefully through emails before clicking on links or opening attachments. If they are from people with whom they’ve had no previous contact, or if the email doesn’t include enough detail to appear legitimate, it could be an email intended to phish personal information or infect computer systems with malware.

As network technology continues to develop, so does that of crooks looking to steal personal information, This is why both businesses and consumers need to put in more effort in securing data.

SMBs Benefit from Lightning-Fast Fiber-Optic Internet

Fiber opticsFor years, many big businesses have benefited from having the fastest Internet service at their disposal. Today, given the availability and spread of fiber-optic service, now even SMBs can benefit from speeds as high as 1 gigabit per second.

Most recently, some of the biggest names in the Internet service provider world have rolled out lightning-fast fiber-optic Internet service throughout several cities and regions. While this is great for ordinary consumers, it’s even better for SMBs.

Why Fiber-Optic Beats Out Cable

One of the biggest and most important advantages to fiber-optic Internet service is its speed. Whereas a typical cable Internet connection offers up to 150 Mbps for uploads and up to 20 Mbps for downloads, a fiber-optic connection offers speeds of 1 Gbps. When it comes to Internet speeds, cable Internet is a high-performance supercar; fiber-optic is a top fuel dragster.

It all comes down to one simple fact: fiber-optic connections are a big deal–much more so than a typical cable connection. It’s like pipes: today’s new fiber-optic lines are the big, brand-new pipes that let lots of liquids flow through unimpeded–as opposed to the narrow and winding pipes of yesteryear.

What It Means for Small Businesses

It’s not just movies and games that are getting bigger in size. Many of the digital items that small businesses rely on are also growing. Spreadsheets, PowerPoint presentations, and graphics are just a few of the daily business items that involve lots of data. Simply, they need big pipes. Video-conferencing tools also require plenty of bandwidth, making fiber-optic lines necessary so that excellent video quality is maintained.

Fiber-optic connections are also becoming essential for cloud computing, which many SMBs employ. With a fast fiber-optic connection, businesses are able to access large amounts of their cloud-stored data and use a wide range of cloud apps at remarkable speeds.

In the end, the move towards fiber-optic connections means increased productivity for employees and an increased bottom line for many SMBs. More likely will adopt fiber-optic connections in the coming months, especially as cloud applications grow in popularity and daily business functions require more bandwidth.