Make those minutes count

Staying Safe: How to Prepare for Ransomware

RansomwareThe cybercrime game can be faddish at times, with cyber crooks all briefly piling on the “flavor of the month” attack before collectively moving on to the next big thing. One thing we can be certain of after the past year, however, is that ransomware has been added to the regular menu. It’s here to stay.

How Ransomware Works

It’s no wonder the dark underbelly of the internet is so taken with ransomware attacks. For keyboard-based ne’er-do-wells it really is the gift that keeps on giving.

A ransomware attack begins much like any other cyberattack. The bad guys get into the target system by the usual methods; most frequently via a phishing email or a spear-phishing email. This opening is used to plant the malware, and it is the nature of this malware package that sets ransomware apart.

The malware, once it gains access to the system, encrypts all the data it can find with an encryption key known only to the bad guys, who then demand lots and lots of money in exchange for getting the data back.

To Pay or Not to Pay?

A business that has been hit with a successful ransomware attack usually has only 2 options: say goodbye to the data, or pay the money.

No business can afford to lose all their data, so most companies end up paying the ransom, but this has unintended consequences. Now that the bad guys have access to the system, it’s trivial for them to get back in at a later date – some even go so far as to install a backdoor into the system so they can come and go as they please. Having walked away richer the first time, what’s to stop them from going back to the well a second or even third time? They know that the company is willing to pay, and so they make the company pay.

Thankfully, while the consequences of a ransomware attack can be more dire than other types of attack, they are no more difficult to prevent, or to deal with afterwards – given a certain amount of preparation.

Ransomware Defense

The first line of defense is prevention, and this involves solid email security that can detect and remove email-based threats before they reach the recipient. Another key part of prevention, or at least mitigation, is implementing a multi-layered security solution so that breaches can’t compromise the entire system. 

Finally, under preparation and aftermath, companies need to establish and follow a business continuity plan that incorporates real-time backups of all important data.

Real-time backups can allow companies to more or less ignore ransom demands. If infected with ransomware, they can simply roll back the clock to a point before the malware hit the system and continue on, as if nothing had happened, with minimal data or productivity loss.

Conclusion

According to the FBI, ransomware attacks in 2015 were responsible for ransom payments of just over $1.5 million. In 2016 that amount was almost a thousand times more – close to $1 billion. This huge increase is because of two factors: ransomware attacks are hard to stop, and the bad guys are almost impossible to catch.

If the numbers above are any indication, it will be almost impossible for most businesses to avoid a ransomware attack in 2017. Given an environment where ransomware attacks are an inevitability, being properly prepared is the only viable option.

Advantages of BYOD

BYODThe edge that small companies have over larger ones is they can move faster and aren’t bound by restrictive agendas. Small businesses will more likely allow employees to work on the device of their choice. It’s a win-win for the owner and staff members who enjoy flexibility in the workplace. Here’s a deeper look at how bring your own device (BYOD) programs help streamline businesses.

BYOD Cuts Costs

The most obvious advantage to BYOD for a company is that it saves money. The company won’t have to invest in as many computers or software licenses, as workers are responsible for bringing their own laptops, notebooks, and smartphones. The firm will not have to keep upgrading hardware and software, and it will cut costs on security.

One of the most valuable advantages to BYOD is that it provides the company with a safety net in case of a power outage or other disruption. Not everyone will be affected by the same network conditions. Businesses will be able to redirect IT personnel to focus on cost efficiency.

Evidence of Successful BYOD Strategies

Harrison Associates is a health care organization that embraces the BYOD concept. By allowing employees to bring their own devices and providing them with IT support, the company has been able to attract experienced talent.

The firm has used a formal BYOD solution that includes Parallels Remote Application Server (RAS) as a more affordable alternative to shared systems management software Citrix. This solution has led to a reduction in support calls and downtime. Another advantage is that it allows employees to see all applications in one area.

Another organization that has enjoyed success with device flexibility is independent mobile games developer Hutch, led by CEO Shaun Rutland. His policy has been to let employees get their work done with the least amount of friction. Some of the cloud services that help shape the company’s communications are Google Apps for Business, Dropbox, GitHub, Slack, and Atlassian.

The company offers maximum device policy flexibility that includes security and management for its workers. Many of them connect and do assignments as needed. The result is a more confident and productive workforce with less than 3% staff turnover.

Terms and Agreement Language

The best way to secure a commitment from employees that they will comply with company policies is by issuing them a Terms and Agreement form to sign. Their signature will confirm that they have read and understand the policy. The form should specify who pays for communications devices and services and who is responsible for damages that may occur to a device.

One area that is essential to address is setting a policy for personal and professional use. Some companies use software that splits a device into two separate compartments. Employees will be expected to not mix work and personal data. The terms should specify devices, job roles, and security requirements. It should also explain remote policies on network use and disciplinary action for not meeting requirements.

Security Budgets Continue to Soar, But Is It Enough?

SecuritySecurity is now a vital concern for businesses across several industries. However, investments in privacy and defense should have been implemented years ago. With cyber crime now an international epidemic, why have so many companies waited so long to invest in cybersecurity measures? The following sheds some light on whether or not it’s too late to invest in cybersecurity.

Cybersecurity Is an Increasing Concern

Cybersecurity is a growing concern for many businesses, and the number of high-profile breaches continues to grow each year. In 2015, there were approximately 781 data breaches across the U.S. – the second highest year on record for security invasions. According to industry monitors, 40% of those breaches happened entirely in the business sector.

With this in mind, industry experts have predicted mass-scale investments in cybersecurity for 2017. Here are a few statistics based on Business Insidermagazine and other industry publications:

  • An estimated $655 billion will be invested in cybersecurity measures between 2015 and 2020.
  • Nearly $2.77 trillion in security investments was estimated for 2016 – far above the $75.4 billion in spending that took place in 2015.
  • These numbers suggest that businesses are just now catching on to the importance of cybersecurity.

Are Recent Security Investments Enough?

Are these recent security investments enough to combat the rising number of intrusions? According to Radware, companies that are only now investing in cybersecurity protocols are way behind. This is due to new threats that are evolving at rapid rates, so much so that even the latest security applications and programs are not able to contest new strains of malware, adware, and other viruses.

Companies cannot afford to sit around and wait for the next best cybersecurity solution. Industry experts recommend the following:

  • Never procrastinate when it comes to protecting enterprise hardware, software, applications, and general infrastructure.
  • Work with leading vendors to develop a sound and proactive security platform that can combat prior and new threats.
  • Strong security platforms are based on solid foundations; core policies and processes for data availability, integrity, access, and confidentiality must be in place.

 

The Rising Costs of Security

IBM recently estimated that the average cost of security breaches in 2016 was $4 million. This was up from $3.8 million in 2015 – and is slated to grow even more in 2017. With this in mind, businesses have to stop scrambling with last minute endeavors to protect corporate data. They simply need to agree on one comprehensive and cohesive security platform that will prevent massive revenue losses.

The longer businesses wait to implement cybersecurity initiatives, the more susceptible they will be to digital intrusions. It will also be harder for them incorporate security measures in the future, especially if infrastructure has already been jeopardized.

Securing the Right Levels of Encryption

EncryptionIn a business environment where workplace collaboration is now considered the norm, how are consumer-focused companies implementing end-to-end security? According to industry experts, many commercial entities are simply emulating the security infrastructures of companies like Apple and WhatsApp.

To combat unsolicited messaging and foreign intrusion, Apple revamped its security infrastructure to protect all its iPhone users and data. Similarly, WhatsApp amended its messaging technologies so that no one could access messages except for end-user clients. These changes have served as models for businesses wishing to incorporate stronger levels of encryption for their communications technologies.

Issues with Encryption

While encryption is now commonplace for collaborative efforts, it is still not easy for companies with cloud-based messaging and communications. This is due to the following obstacles:

  • Cloud technologies are consistently changing and evolving, resulting in newer encryption modules that must be adopted and implemented by subscribers.
  • Cloud-based services are now adding more features, including bots, artificial intelligence, and even third-party integration.
  • The above-mentioned features are simply known as “valued additions”. However, this means that third party vendors will still have full access to user data and content.

To tackle this form of “accepted intrusion”, companies in the cloud are looking for stronger and more durable forms of encryption. In fact, they are seeking codes and programs that will protect user data and transmissions from even recognized vendors and services providers. In an industry that is blanketed with so many forms of encryption, is it possible to secure the right balance between content access and privacy?

Encryption Solutions in a Nutshell

There is no concrete answer to the current encryption dilemma. However, IT experts still play a pivotal role in encrypting codes and establishing access, eligibility, and defense for messaging programs. In other words, companies cannot go either way with encryption; not too insecure, but also not too clamped down. They must collaborate to find common ground and acceptable levels of encryption for all parties involved.

To that end, businesses should use fully locked down end-to-end consumer messaging tools. This means companies can take advantage of existing encryption and security codes without investing in other paid messaging apps.

Enterprise Messaging Providers

While WhatsApp seems to be a plausible solution, it is not the only program in town. Enterprise messaging providers also feature end-to-end encryption databases for all messaging platforms. However, services like Slack and HipChat are designed to be less strict when it comes to recognized intrusion. The latter includes IT involvements, especially during periods of downtime and maintenance. Certain clients may also have access to these internal chat databases, which can seriously impact privacy. With this in mind, user content and data can still be breached, and hackers may easily be able to intrude as well.

Millennials and Unified Communications: What’s the Connection?

shutterstock_328634297The U.S. Bureau of Labor Statistics predicts that Millennials are likely to comprise 50% of the national workforce by 2020, and as much as 75% by 2025. Businesses are beginning to recognize that these individuals are valuable in many ways, including the effective adoption of unified communications (UC) technologies.

UC uses tools such as instant messaging, email, and video chat in a single platform that allows employees to more easily communicate with each other from nearly any location. The main influence behind the increase in UC adoption is the Millennial generation.
How Millennials Are Changing the Landscape

Millennials have benefited from instant communication technology that allows them to easily connect with individuals from any location at any time. Many Millennials are used to this technology out of the workplace, so it’s natural for them to want to utilize that same innovation on the job. This means that if employers want to appeal to the Millennial generation, implementing UC systems is a necessity.

A study published by Bentley University found that 77% of Millennials think that more flexible work hours would result in greater productivity, with 40% relating the same belief regarding remote and virtual work. Also according to the study, many stated that they would be willing to sacrifice pay and promotions in exchange for increased flexibility. The nine-to-five system is becoming obsolete as a result.
Pros and Cons of Unified Communications

There are many reasons for businesses to implement UC. It allows organizations to employ people from nearly anywhere in the world, and retain a dynamic work schedule that helps maintain a consistent workflow. Businesses that operate without any kind of UC system face the risk of falling behind the competition and deterring Millennials—an increasing majority of the workforce.

On the other hand, UC doesn’t come without its risks. Ransomware and hacking attacks are some of the many threats that businesses face, but they can more easily avoid these issues with an effective security system that includes a reliable backup plan.

Ultimately, utilizing UC in business operations can prove invaluable to a business, encouraging Millennials to remain productive and become a part of the company’s success. Without a UC system, companies close themselves off to this lucrative generation.

Making the Right Choices in the Cloud

shutterstock_328634297While it may be true that cloud services are not the perfect solution for all business computing needs, almost every business has at least some applications for which cloud is, indeed, the best solution. Premises-based solutions will continue to become less prevalent as time goes on. The focus of cloud services on scalability, efficiency, and flexibility is the primary driver of the move away from premises-based computing.

The biggest problem with traditional solutions is that in order to maintain capacity for peak loads, it’s necessary to maintain a great deal more computing resources than are needed the rest of the time. Overspending becomes a necessity. There is also the onerous process required to upgrade server capacity or other infrastructure.

Cloud solves these problems admirably by placing the onus for hardware purchasing and maintenance on someone else’s shoulders. There are three ways in which cloud services can be deployed, each serving a slightly different set of needs.

SaaS

Software as a Service (SaaS) involves the hosting of individual business applications in the cloud, to be accessed remotely by end users. The business has no control over the environment in which the application ‘lives’ under this model.

PaaS

Platform as a Service (PaaS) provides all the infrastructure, management, development, and deployment tools a business needs to create and maintain their own software applications.

IaaS

Infrastructure as a Service (IaaS) consists of hardware and other components (networking, storage, servers, and software) and gives businesses more control over the system than SaaS.

One of the most difficult aspects of moving to the cloud is not deciding what type of service a business needs, but rather what parts of the business can best utilize the cloud in the first place.

What Not to Move

Business critical applications should certainly not be among the first to transition to a new environment. Nor should any applications where performance is touchy, or that require intensive number crunching. Any system with a high level of complexity and tight integration with multiple apps should also probably wait until the organization has more cloud experience.

What Should be Moved

Non-critical systems are a good first step, including departmental applications where a smaller number of people will be affected by growing pains. Email servers and other well-established and easy to maintain apps are also likely candidates.

Other Considerations

Before making the jump into the cloud, it’s important to consider a few other details:

  • What are the company’s requirements for a service level agreement (SLA)?
  • Is a service provider able to provide the required level of security with the type of cloud model that fits the business’s other needs?
  • Do any of the apps that will be hosted in the cloud have special requirements?

The cloud isn’t more difficult to understand than on-site resources; it’s the same, only different. The differences can, however, complicate individual situations and turn wrong decisions into costly mistakes. Contact us for help simplifying the complicated.

 

Important Considerations When Setting up a Data Center

shutterstock_388249231The requirements for storage and handling of business data have changed rapidly and dramatically over the past decade, and the amount of data and the number of ways in which businesses need to interact with it will continue to increase. This is why data centers are becoming a more vital part of business strategy every day. The decisions made when implementing a data center can mean the difference between success and failure. Following are some issues to keep in mind when setting up a data center.

​Location

There are two location options available for data centers: in-house or off-site. The need to lower costs and increase reliability and security is quickly turning the in-house data center into a thing of the past. Unless a business has specific needs that can only be met by having its data center on-site, there is really no reason to take on the equipment, setup, and maintenance costs that go along with it.

​Reliability

When selecting an off-site data center, make sure to consider the provider’s track record and infrastructure with regard to power supply, networking, and geographic location – both in terms of how likely natural disasters are to affect the data, and how easy it is for IT staff to physically visit and inspect the site. Ask about a service level agreement (SLA) and guaranteed uptime, keeping in mind that 99.999% uptime is an industry standard.

Security

In addition to the standard questions about point to point encryption, firewalls, and other software-based security measures, make sure to look into the physical security employed by off-site data centers. All the network security in the world won’t help if it is easy to gain physical access to a company’s data.

Network Capacity

In addition to looking at current bandwidth needs when setting up data centers, consider future needs based on growth projections. Further, be aware of the possibility of changing needs due to increased functionality.

​Scalability

As the business grows, downsizes, or shifts from one market to another, how easy would it be to make changes to the data center? It is important that data centers are as responsive as possible to accommodate changing needs.

Backup

One of the key components of a data center is data backup. If disaster strikes, are there copies of the data? How many iterations are kept? Are backups stored at a separate physical location?

Every business has its own unique needs that must be taken into consideration. Contact us for more specific advice on how to account for your business’s data center requirements.

Understand VoIP Security Vulnerabilities and How to Combat Them

shutterstock_165758546smVoice over Internet Protocol (VoIP) offers substantial benefits to businesses, but the same IP technology that creates these benefits also introduces potential security vulnerabilities. Cybersecurity has become an increasing focus for companies across the United States and around the world as hackers try to exploit the growing use of IP to gain access to networks.

Budget resources are increasingly being dedicated to fending off threats, but breaches continue to expand. Companies must take security threats via VoIP seriously and take steps to counter those potential attacks. Consider the following threats and mitigation measures.

Types of Threats

  • Call Interception. VoIP by its nature involves the transmission of voice interactions over IP links, and bad actors will look for opportunities to intercept those transmissions. This requires the hacker to fully access the signal transmission between point A and point B. Typically, the intent of this type of breach is to interrupt the call by diminishing call quality via transmission delays or echoes or uploading sound packets to a server. Authentication and encryption tools are the most effective way to combat this type of threat.
  • Identity Misrepresentation. Hackers may attempt to access VoIP calls so they can eavesdrop, sometimes with the intent to steal information. This is particularly worrisome when sensitive information, such as credit card numbers, is transferred across VoIP links. Typically, hackers will seek the path of least resistance when attempting to access a network, so basic security features such as authentication and encryption may serve as an adequate barrier to entry for most hackers.
  • Theft of Service. An increasing concern for VoIP systems is hackers gaining access to use service, then leaving companies with the bill. These attacks are often carried out outside of business hours, so the breach is less likely to be detected and shut down right away. This threat is best mitigated with software-based measures, firewalls, and good security hygiene, including strong passwords.
  • Disruption. Denial-of-service attacks are another growing area of concern. These attacks seek to interrupt normal business communications by flooding call centers or transmission lines with fraudulent calls. When this occurs, calls from legitimate callers often are unable to get through. Firewall solutions that are built to identify and block fraudulent calls are the best defense against service interruption attacks.
  • Physical Attacks. Sometimes bad actors will go to any length to disrupt service and wreak havoc on a company’s operations. While attention is often focused on thwarting virtual attacks, physical infrastructure can be left vulnerable. Criminals may cut off a power source or damage hardware, rendering the network temporarily useless. It is crucial to take physical security at data centers as seriously as virtual security by ensuring equipment and data centers are secured and inaccessible.

Protection Measures

While the threats may be somewhat different for VoIP, the steps companies can take to safeguard their systems are the same common-sense approaches recommended for traditional computers and networks. Install and maintain firewalls, ensure communications and transactions are encrypted, and implement user authentication techniques along with basic security hygiene policies.
Companies also should work to stay ahead of threats by studying security trends and deploying best practices recommended to combat or prevent those threats. Businesses should work as a team with their VoIP vendor to ensure both virtual and physical assets are secure and hardened against potential attacks.

What Exactly Is a Hybrid Cloud?

shutterstock_105784313With the new digital age upon us, the “hybrid cloud” term is everywhere. In fact, hybrid models continue to rank high among the top 10 strategic technology trends. The current craze has prompted several infrastructure providers to define what “hybrid” really means, but definitions may differ according to varying interpretations and limitations. Channel partners are struggling to find the best hybrid solutions to meet their customers’ needs.

​Hybrid Cloud Defined

According to the National Institute of Standards and Technology (NIST), the focus should primarily be on the cloud when defining hybrid environments. NIST describes the hybrid cloud as a combination of public, private, and community clouds that are intertwined for optimal compatibility and performance. These clouds feature cutting-edge and innovative technologies that enable data and application portability.

While this effectively describes the hybrid cloud as a whole, it does not include managing and transferring applications across cloud and non-cloud environments. This is known as hybridization, which enables a comprehensive and cohesive platform for on-premise and hosted or remote cloud solutions, and creates a unified network that incorporates applications, programs, and features across on-site and remote cloud servers and environments.

Hybrid Environments

Even with the hybridization label, the line between on-site and off-site is rapidly diminishing. In fact, physical and local networks are now routinely extended across companies’ on-site data centers and third party sites to enhance network performance, security, and ease of use. This includes wide area networks (WANs), along with firewalls, storage gateways, and application-delivery controllers.

Hosting and cloud platforms are sometimes described as un-managed network links. This is during the initial connection, which must be streamlined and centralized to secure one consistent hybrid environment. Once the parameters and adjustments are set, the links are designed to foster network transparency across a myriad of environments.

While this is the ideal scenario and creates a more consistent and unified approach that engages partners, telecom agents, IT solution providers, and others involved in cloud deployment services, communication and compatibility problems are common. These issues include problems with linkage as well as difficulty in provisioning, managing, and monitoring all machines and applications across third-party cloud environments.

The Perfect Hybrid Cloud

With so many definitions and options, how does one select the right hybrid cloud service or environment? According to industry experts, clients must look for the following when assessing provider abilities to deploy fully-functional hybridized solutions.

Flexible Service Options

Hybrid cloud providers must offer services that can meet a full range of requirements, including application compatibility, managed hosting, and colocation services. Whether for public, private, or community based clouds, these services must be easy to access and ensure optimal performance and productivity across the cloud.

Unified Network Fabric

Hybrid specialists must ensure unified networks for deploying services across multiple environments. This includes computing, as well as storage and networking accessibility. Unified networks allow workloads operating in different environments to share the same network elements. This secures consistent connections that expedite workloads across hosting environments while reinforcing the level of security required.

User-Friendly Interfaces

With user-friendly interfaces, customers and partners are able to:

  • easily manage an entire IT infrastructure across a myriad of servers;
  • manage storage capacities and resources via one centralized portal; and
  • enable a single point of contact, which eliminates the need for multiple service providers.

The Collateral Damage of Shadow IT

shutterstock_146042084Over the past few years it’s become evident that businesses are embracing cloud services, and that trend is predicted to keep growing. An enormous risk to the security and stability of a company’s cloud potential is a problem known as “Shadow IT,” the practice where the use of certain applications and services may be occurring outside of IT’s knowledge and approval.

Shadow IT happens because employees want fast, efficient ways to get things done. However, not everyone is tech-savvy enough to know a safe application from one that could allow malware or a virus into the company’s network. Here are a few of the many ways that shadow IT hurts a business.

Inadequate Security

Not all cloud services are created equally. Some applications are designed to be tightly locked down, encrypted, and otherwise protected against vulnerability. However, others may be very lax or incorrectly configured. For example, if data encryption is used, is it outdated encryption technology? Are the encryption keys stored on the same server? Either of these scenarios could be an access opportunity for hackers. Consider the traffic flow to and from the application as well as where it is stored. All of these points must be secured for that application to be safely used.

Data Gone Wild

When a cloud service hasn’t been properly vetted by the company’s IT group, it’s hard to know where data is actually going. Customer information is one of the most valuable assets a company possesses, and it should be up to date and protected. Failing to bring IT into the picture to assess an application could mean a gap in disaster recovery or business continuity programs. In addition, having multiple storage areas for data in a cloud service may lead to business decisions based on erroneous information.

Accountability

The IT department is liable for anything that goes wrong with a company’s technology, including shadow IT problems. Regardless of whether the group knows about cloud services in use, they are charged with keeping the company’s data secure. Should a breach occur as a result of an unknown cloud service, the IT team would still be held responsible for the damage.

Standardization Is Necessary

Using a pre-approved set of cloud services helps the organization save money in a number of ways. First and foremost, the risk of a security incident is drastically diminished through the vetting process. Second, when the business sets out to acquire licensing for all applicable users, it will typically receive a volume discount for a higher number of licenses. If workers use a variety of different cloud services, this savings is negated and the company spends more on software licensing.

Most Apps Aren’t Enterprise Grade

The use of cloud services began as a consumer movement and then spread to businesses. Employees today often take the apps they’ve been using at home and try to use them at work as well. However, these apps are not built with a large organization in mind. Security, scalability, data storage, and the stability of the developing company are all considerations that IT must be permitted to assess for a new app to be approved. Many of these shadow IT choices aren’t strong enough to defend against the type of maliciousness directed at enterprises, as in the case of distributed denial-of-service (DDoS) attacks.

Shadow IT is a very real problem for companies today, and one that must be included in security planning. Encouraging employee input on new cloud services and having an efficient vetting process can mean the difference between rogue use of applications and a secure company network.