Make those minutes count

It’s Becoming Harder to Come up With Reasons Not to Choose Cloud

CloudWhen you first heard about replacing your on-premises software with a cloud solution, you likely had some of the common fears shared by other business decision makers. How could cloud storage safely guard your data? Wouldn’t you put your IT division out of a job? Where exactly was all your information going to be stored?

As cloud offerings have expanded and pioneering companies took the dive into cloud solutions, it has proven to be a cost-effective and flexible software environment, and a more secure storage option for your data in many situations. Here are a few of the reservations that are no longer limiting adoption, making the future of cloud technology even more promising:

Flexibility: Introducing a cloud solution into your software mix gives you a product that is easily adaptable to your business needs. As you hear about features that integrate well with your cloud system, implementation is just a phone call and a quick update away. Adding business units or completing an acquisition is no longer an IT nightmare with the flexibility of the cloud.

Cost: This is an area that requires caution. If you start asking around, you’re sure to hear a story of ballooning cloud costs that were a significant disappointment after promises of reduced software costs. Overall, though, you should experience some cost savings. Cloud solutions require little-to-no hardware investment and because they are subscription based, you’re never paying for extra users. Be prepared for ongoing support and subscription costs.

Staffing: Selling an IT team on a move to the cloud required a lot of fast talking at first. After all, why would an IT professional get excited about a software solution that might eliminate their job? The reality is that IT is still critical for supporting your software, but their roles pivot from managing updates and fixing glitches to optimizing the infrastructure and operations that support storage and manage bandwidth.

Security: You need to evaluate your cloud choice for its security features, but while this was formerly the biggest concern about a shift to the cloud, it’s not a problem for many who have adopted cloud software. In some cases, the security support exceeds anything a company can host with an on-premises storage solution.

Accessibility: One of the best features of cloud software is its accessibility for smaller enterprises. At first, it was assumed that the cloud would be championed by the big guys and then filtered down to smaller businesses, but small- to mid-size companies are experiencing access to the same great software tools at their own subscription size.

If you still have reservations about a transition to the cloud, talk to our consultants at T2. We can help you work through any concerns you have and ensure you have reliable network connectivity with access to the most advanced technology at prices that fit your company’s budget.

Approaching Cybersecurity from a New Perspective

CybersecurityEvery day a large number of cyberattacks are launched. Malicious software is often initiated by intelligent attackers that many scanners can’t even detect. An entire IT infrastructure can be riddled with a virus. When it comes to cybersecurity, what can you do to protect yourself and your organization?

Is Proactive Cybersecurity Possible?
While a proactive cybersecurity measure would be ideal, the cards are currently stacked against such an approach, at least in a comprehensive way. Scanners don’t know what to look for and nothing can be done until after an attack has occurred, driving the need for a reactionary response.

The History of Cybersecurity
To understand where we are now, it’s helpful to take a look behind us. Many older systems would leave doors open open for whomever needed to get in and work to improve the operating system. This goes back to the old mainframe days. Slowly, they began to develop protection strategies to lock down vulnerable areas.

As computing went more mainstream, better security practices were implemented. However, there was also a move from mitigation to risk management, a trend that continues in terms of how we perceive cybersecurity strategies today.

Rather than mitigating the probability of attack and the impact that such an attack would have, IT security has turned to jumping on issues as they arise, working on solutions to minimize damage after it has occurred.

Data Protection
In many IT circles, the idea that an organization needs to protect its data border, so to speak, has come to the forefront. This circle includes such giants as Google, which has adopted a zero-trust, end-to-end encryption initiative. Rather than protect devices, the move is aimed at protecting the data itself.

Therein lies the question: do you protect your software and hardware, or do you lean toward protecting data with encryption? For some, neither of these approaches begins at the right point and neither is foolproof, mostly because they don’t consider what to do when something goes awry. This is why many say cyberattacks will never be eradicated.

Putting Security in the Cloud
There is hope, however. Organizations are moving data and processes to the cloud, which means security issues are often placed on the vendors with which they partner. You want reliable network connectivity and business continuity that provides the level of disaster recovery that keeps your data within reach all the time.

At T2, we’ve given our clients the promise that we can save time, reduce costs, and provide the connectivity that makes a difference. Contact us today to talk about how we can eliminate the burden of managing services while providing you the infrastructure you need to succeed.

Staying Safe: How to Prepare for Ransomware

RansomwareThe cybercrime game can be faddish at times, with cyber crooks all briefly piling on the “flavor of the month” attack before collectively moving on to the next big thing. One thing we can be certain of after the past year, however, is that ransomware has been added to the regular menu. It’s here to stay.

How Ransomware Works

It’s no wonder the dark underbelly of the internet is so taken with ransomware attacks. For keyboard-based ne’er-do-wells it really is the gift that keeps on giving.

A ransomware attack begins much like any other cyberattack. The bad guys get into the target system by the usual methods; most frequently via a phishing email or a spear-phishing email. This opening is used to plant the malware, and it is the nature of this malware package that sets ransomware apart.

The malware, once it gains access to the system, encrypts all the data it can find with an encryption key known only to the bad guys, who then demand lots and lots of money in exchange for getting the data back.

To Pay or Not to Pay?

A business that has been hit with a successful ransomware attack usually has only 2 options: say goodbye to the data, or pay the money.

No business can afford to lose all their data, so most companies end up paying the ransom, but this has unintended consequences. Now that the bad guys have access to the system, it’s trivial for them to get back in at a later date – some even go so far as to install a backdoor into the system so they can come and go as they please. Having walked away richer the first time, what’s to stop them from going back to the well a second or even third time? They know that the company is willing to pay, and so they make the company pay.

Thankfully, while the consequences of a ransomware attack can be more dire than other types of attack, they are no more difficult to prevent, or to deal with afterwards – given a certain amount of preparation.

Ransomware Defense

The first line of defense is prevention, and this involves solid email security that can detect and remove email-based threats before they reach the recipient. Another key part of prevention, or at least mitigation, is implementing a multi-layered security solution so that breaches can’t compromise the entire system. 

Finally, under preparation and aftermath, companies need to establish and follow a business continuity plan that incorporates real-time backups of all important data.

Real-time backups can allow companies to more or less ignore ransom demands. If infected with ransomware, they can simply roll back the clock to a point before the malware hit the system and continue on, as if nothing had happened, with minimal data or productivity loss.

Conclusion

According to the FBI, ransomware attacks in 2015 were responsible for ransom payments of just over $1.5 million. In 2016 that amount was almost a thousand times more – close to $1 billion. This huge increase is because of two factors: ransomware attacks are hard to stop, and the bad guys are almost impossible to catch.

If the numbers above are any indication, it will be almost impossible for most businesses to avoid a ransomware attack in 2017. Given an environment where ransomware attacks are an inevitability, being properly prepared is the only viable option.

Advantages of BYOD

BYODThe edge that small companies have over larger ones is they can move faster and aren’t bound by restrictive agendas. Small businesses will more likely allow employees to work on the device of their choice. It’s a win-win for the owner and staff members who enjoy flexibility in the workplace. Here’s a deeper look at how bring your own device (BYOD) programs help streamline businesses.

BYOD Cuts Costs

The most obvious advantage to BYOD for a company is that it saves money. The company won’t have to invest in as many computers or software licenses, as workers are responsible for bringing their own laptops, notebooks, and smartphones. The firm will not have to keep upgrading hardware and software, and it will cut costs on security.

One of the most valuable advantages to BYOD is that it provides the company with a safety net in case of a power outage or other disruption. Not everyone will be affected by the same network conditions. Businesses will be able to redirect IT personnel to focus on cost efficiency.

Evidence of Successful BYOD Strategies

Harrison Associates is a health care organization that embraces the BYOD concept. By allowing employees to bring their own devices and providing them with IT support, the company has been able to attract experienced talent.

The firm has used a formal BYOD solution that includes Parallels Remote Application Server (RAS) as a more affordable alternative to shared systems management software Citrix. This solution has led to a reduction in support calls and downtime. Another advantage is that it allows employees to see all applications in one area.

Another organization that has enjoyed success with device flexibility is independent mobile games developer Hutch, led by CEO Shaun Rutland. His policy has been to let employees get their work done with the least amount of friction. Some of the cloud services that help shape the company’s communications are Google Apps for Business, Dropbox, GitHub, Slack, and Atlassian.

The company offers maximum device policy flexibility that includes security and management for its workers. Many of them connect and do assignments as needed. The result is a more confident and productive workforce with less than 3% staff turnover.

Terms and Agreement Language

The best way to secure a commitment from employees that they will comply with company policies is by issuing them a Terms and Agreement form to sign. Their signature will confirm that they have read and understand the policy. The form should specify who pays for communications devices and services and who is responsible for damages that may occur to a device.

One area that is essential to address is setting a policy for personal and professional use. Some companies use software that splits a device into two separate compartments. Employees will be expected to not mix work and personal data. The terms should specify devices, job roles, and security requirements. It should also explain remote policies on network use and disciplinary action for not meeting requirements.

Security Budgets Continue to Soar, But Is It Enough?

SecuritySecurity is now a vital concern for businesses across several industries. However, investments in privacy and defense should have been implemented years ago. With cyber crime now an international epidemic, why have so many companies waited so long to invest in cybersecurity measures? The following sheds some light on whether or not it’s too late to invest in cybersecurity.

Cybersecurity Is an Increasing Concern

Cybersecurity is a growing concern for many businesses, and the number of high-profile breaches continues to grow each year. In 2015, there were approximately 781 data breaches across the U.S. – the second highest year on record for security invasions. According to industry monitors, 40% of those breaches happened entirely in the business sector.

With this in mind, industry experts have predicted mass-scale investments in cybersecurity for 2017. Here are a few statistics based on Business Insidermagazine and other industry publications:

  • An estimated $655 billion will be invested in cybersecurity measures between 2015 and 2020.
  • Nearly $2.77 trillion in security investments was estimated for 2016 – far above the $75.4 billion in spending that took place in 2015.
  • These numbers suggest that businesses are just now catching on to the importance of cybersecurity.

Are Recent Security Investments Enough?

Are these recent security investments enough to combat the rising number of intrusions? According to Radware, companies that are only now investing in cybersecurity protocols are way behind. This is due to new threats that are evolving at rapid rates, so much so that even the latest security applications and programs are not able to contest new strains of malware, adware, and other viruses.

Companies cannot afford to sit around and wait for the next best cybersecurity solution. Industry experts recommend the following:

  • Never procrastinate when it comes to protecting enterprise hardware, software, applications, and general infrastructure.
  • Work with leading vendors to develop a sound and proactive security platform that can combat prior and new threats.
  • Strong security platforms are based on solid foundations; core policies and processes for data availability, integrity, access, and confidentiality must be in place.

 

The Rising Costs of Security

IBM recently estimated that the average cost of security breaches in 2016 was $4 million. This was up from $3.8 million in 2015 – and is slated to grow even more in 2017. With this in mind, businesses have to stop scrambling with last minute endeavors to protect corporate data. They simply need to agree on one comprehensive and cohesive security platform that will prevent massive revenue losses.

The longer businesses wait to implement cybersecurity initiatives, the more susceptible they will be to digital intrusions. It will also be harder for them incorporate security measures in the future, especially if infrastructure has already been jeopardized.

Securing the Right Levels of Encryption

EncryptionIn a business environment where workplace collaboration is now considered the norm, how are consumer-focused companies implementing end-to-end security? According to industry experts, many commercial entities are simply emulating the security infrastructures of companies like Apple and WhatsApp.

To combat unsolicited messaging and foreign intrusion, Apple revamped its security infrastructure to protect all its iPhone users and data. Similarly, WhatsApp amended its messaging technologies so that no one could access messages except for end-user clients. These changes have served as models for businesses wishing to incorporate stronger levels of encryption for their communications technologies.

Issues with Encryption

While encryption is now commonplace for collaborative efforts, it is still not easy for companies with cloud-based messaging and communications. This is due to the following obstacles:

  • Cloud technologies are consistently changing and evolving, resulting in newer encryption modules that must be adopted and implemented by subscribers.
  • Cloud-based services are now adding more features, including bots, artificial intelligence, and even third-party integration.
  • The above-mentioned features are simply known as “valued additions”. However, this means that third party vendors will still have full access to user data and content.

To tackle this form of “accepted intrusion”, companies in the cloud are looking for stronger and more durable forms of encryption. In fact, they are seeking codes and programs that will protect user data and transmissions from even recognized vendors and services providers. In an industry that is blanketed with so many forms of encryption, is it possible to secure the right balance between content access and privacy?

Encryption Solutions in a Nutshell

There is no concrete answer to the current encryption dilemma. However, IT experts still play a pivotal role in encrypting codes and establishing access, eligibility, and defense for messaging programs. In other words, companies cannot go either way with encryption; not too insecure, but also not too clamped down. They must collaborate to find common ground and acceptable levels of encryption for all parties involved.

To that end, businesses should use fully locked down end-to-end consumer messaging tools. This means companies can take advantage of existing encryption and security codes without investing in other paid messaging apps.

Enterprise Messaging Providers

While WhatsApp seems to be a plausible solution, it is not the only program in town. Enterprise messaging providers also feature end-to-end encryption databases for all messaging platforms. However, services like Slack and HipChat are designed to be less strict when it comes to recognized intrusion. The latter includes IT involvements, especially during periods of downtime and maintenance. Certain clients may also have access to these internal chat databases, which can seriously impact privacy. With this in mind, user content and data can still be breached, and hackers may easily be able to intrude as well.

Millennials and Unified Communications: What’s the Connection?

shutterstock_328634297The U.S. Bureau of Labor Statistics predicts that Millennials are likely to comprise 50% of the national workforce by 2020, and as much as 75% by 2025. Businesses are beginning to recognize that these individuals are valuable in many ways, including the effective adoption of unified communications (UC) technologies.

UC uses tools such as instant messaging, email, and video chat in a single platform that allows employees to more easily communicate with each other from nearly any location. The main influence behind the increase in UC adoption is the Millennial generation.
How Millennials Are Changing the Landscape

Millennials have benefited from instant communication technology that allows them to easily connect with individuals from any location at any time. Many Millennials are used to this technology out of the workplace, so it’s natural for them to want to utilize that same innovation on the job. This means that if employers want to appeal to the Millennial generation, implementing UC systems is a necessity.

A study published by Bentley University found that 77% of Millennials think that more flexible work hours would result in greater productivity, with 40% relating the same belief regarding remote and virtual work. Also according to the study, many stated that they would be willing to sacrifice pay and promotions in exchange for increased flexibility. The nine-to-five system is becoming obsolete as a result.
Pros and Cons of Unified Communications

There are many reasons for businesses to implement UC. It allows organizations to employ people from nearly anywhere in the world, and retain a dynamic work schedule that helps maintain a consistent workflow. Businesses that operate without any kind of UC system face the risk of falling behind the competition and deterring Millennials—an increasing majority of the workforce.

On the other hand, UC doesn’t come without its risks. Ransomware and hacking attacks are some of the many threats that businesses face, but they can more easily avoid these issues with an effective security system that includes a reliable backup plan.

Ultimately, utilizing UC in business operations can prove invaluable to a business, encouraging Millennials to remain productive and become a part of the company’s success. Without a UC system, companies close themselves off to this lucrative generation.

Making the Right Choices in the Cloud

shutterstock_328634297While it may be true that cloud services are not the perfect solution for all business computing needs, almost every business has at least some applications for which cloud is, indeed, the best solution. Premises-based solutions will continue to become less prevalent as time goes on. The focus of cloud services on scalability, efficiency, and flexibility is the primary driver of the move away from premises-based computing.

The biggest problem with traditional solutions is that in order to maintain capacity for peak loads, it’s necessary to maintain a great deal more computing resources than are needed the rest of the time. Overspending becomes a necessity. There is also the onerous process required to upgrade server capacity or other infrastructure.

Cloud solves these problems admirably by placing the onus for hardware purchasing and maintenance on someone else’s shoulders. There are three ways in which cloud services can be deployed, each serving a slightly different set of needs.

SaaS

Software as a Service (SaaS) involves the hosting of individual business applications in the cloud, to be accessed remotely by end users. The business has no control over the environment in which the application ‘lives’ under this model.

PaaS

Platform as a Service (PaaS) provides all the infrastructure, management, development, and deployment tools a business needs to create and maintain their own software applications.

IaaS

Infrastructure as a Service (IaaS) consists of hardware and other components (networking, storage, servers, and software) and gives businesses more control over the system than SaaS.

One of the most difficult aspects of moving to the cloud is not deciding what type of service a business needs, but rather what parts of the business can best utilize the cloud in the first place.

What Not to Move

Business critical applications should certainly not be among the first to transition to a new environment. Nor should any applications where performance is touchy, or that require intensive number crunching. Any system with a high level of complexity and tight integration with multiple apps should also probably wait until the organization has more cloud experience.

What Should be Moved

Non-critical systems are a good first step, including departmental applications where a smaller number of people will be affected by growing pains. Email servers and other well-established and easy to maintain apps are also likely candidates.

Other Considerations

Before making the jump into the cloud, it’s important to consider a few other details:

  • What are the company’s requirements for a service level agreement (SLA)?
  • Is a service provider able to provide the required level of security with the type of cloud model that fits the business’s other needs?
  • Do any of the apps that will be hosted in the cloud have special requirements?

The cloud isn’t more difficult to understand than on-site resources; it’s the same, only different. The differences can, however, complicate individual situations and turn wrong decisions into costly mistakes. Contact us for help simplifying the complicated.

 

Important Considerations When Setting up a Data Center

shutterstock_388249231The requirements for storage and handling of business data have changed rapidly and dramatically over the past decade, and the amount of data and the number of ways in which businesses need to interact with it will continue to increase. This is why data centers are becoming a more vital part of business strategy every day. The decisions made when implementing a data center can mean the difference between success and failure. Following are some issues to keep in mind when setting up a data center.

​Location

There are two location options available for data centers: in-house or off-site. The need to lower costs and increase reliability and security is quickly turning the in-house data center into a thing of the past. Unless a business has specific needs that can only be met by having its data center on-site, there is really no reason to take on the equipment, setup, and maintenance costs that go along with it.

​Reliability

When selecting an off-site data center, make sure to consider the provider’s track record and infrastructure with regard to power supply, networking, and geographic location – both in terms of how likely natural disasters are to affect the data, and how easy it is for IT staff to physically visit and inspect the site. Ask about a service level agreement (SLA) and guaranteed uptime, keeping in mind that 99.999% uptime is an industry standard.

Security

In addition to the standard questions about point to point encryption, firewalls, and other software-based security measures, make sure to look into the physical security employed by off-site data centers. All the network security in the world won’t help if it is easy to gain physical access to a company’s data.

Network Capacity

In addition to looking at current bandwidth needs when setting up data centers, consider future needs based on growth projections. Further, be aware of the possibility of changing needs due to increased functionality.

​Scalability

As the business grows, downsizes, or shifts from one market to another, how easy would it be to make changes to the data center? It is important that data centers are as responsive as possible to accommodate changing needs.

Backup

One of the key components of a data center is data backup. If disaster strikes, are there copies of the data? How many iterations are kept? Are backups stored at a separate physical location?

Every business has its own unique needs that must be taken into consideration. Contact us for more specific advice on how to account for your business’s data center requirements.

Understand VoIP Security Vulnerabilities and How to Combat Them

shutterstock_165758546smVoice over Internet Protocol (VoIP) offers substantial benefits to businesses, but the same IP technology that creates these benefits also introduces potential security vulnerabilities. Cybersecurity has become an increasing focus for companies across the United States and around the world as hackers try to exploit the growing use of IP to gain access to networks.

Budget resources are increasingly being dedicated to fending off threats, but breaches continue to expand. Companies must take security threats via VoIP seriously and take steps to counter those potential attacks. Consider the following threats and mitigation measures.

Types of Threats

  • Call Interception. VoIP by its nature involves the transmission of voice interactions over IP links, and bad actors will look for opportunities to intercept those transmissions. This requires the hacker to fully access the signal transmission between point A and point B. Typically, the intent of this type of breach is to interrupt the call by diminishing call quality via transmission delays or echoes or uploading sound packets to a server. Authentication and encryption tools are the most effective way to combat this type of threat.
  • Identity Misrepresentation. Hackers may attempt to access VoIP calls so they can eavesdrop, sometimes with the intent to steal information. This is particularly worrisome when sensitive information, such as credit card numbers, is transferred across VoIP links. Typically, hackers will seek the path of least resistance when attempting to access a network, so basic security features such as authentication and encryption may serve as an adequate barrier to entry for most hackers.
  • Theft of Service. An increasing concern for VoIP systems is hackers gaining access to use service, then leaving companies with the bill. These attacks are often carried out outside of business hours, so the breach is less likely to be detected and shut down right away. This threat is best mitigated with software-based measures, firewalls, and good security hygiene, including strong passwords.
  • Disruption. Denial-of-service attacks are another growing area of concern. These attacks seek to interrupt normal business communications by flooding call centers or transmission lines with fraudulent calls. When this occurs, calls from legitimate callers often are unable to get through. Firewall solutions that are built to identify and block fraudulent calls are the best defense against service interruption attacks.
  • Physical Attacks. Sometimes bad actors will go to any length to disrupt service and wreak havoc on a company’s operations. While attention is often focused on thwarting virtual attacks, physical infrastructure can be left vulnerable. Criminals may cut off a power source or damage hardware, rendering the network temporarily useless. It is crucial to take physical security at data centers as seriously as virtual security by ensuring equipment and data centers are secured and inaccessible.

Protection Measures

While the threats may be somewhat different for VoIP, the steps companies can take to safeguard their systems are the same common-sense approaches recommended for traditional computers and networks. Install and maintain firewalls, ensure communications and transactions are encrypted, and implement user authentication techniques along with basic security hygiene policies.
Companies also should work to stay ahead of threats by studying security trends and deploying best practices recommended to combat or prevent those threats. Businesses should work as a team with their VoIP vendor to ensure both virtual and physical assets are secure and hardened against potential attacks.