by Felicien | Mar 29, 2018 | Education
Sure, yoga teaches the flexibility that is key to adapting to your surroundings. But in practicing daily self-awareness, the saying “A team is only as good as its weakest player” is rarely truer than in the world of cybersecurity. How does your team stack up?
Target knows. Sony knows. Ashley Madison definitely knows. That’s the bad thing – an organization may only realize how strong — or weak — their cybersecurity position is once there is a successful cyberattack. The nature of the attack doesn’t matter, nor does the overall effect. The damage is done, and the organization goes into clean-up mode. In the days immediately following, the phrase heard most is “How did this happen” when the real question should be “How can we prevent this from happening again”?
Subtlety isn’t the goal of a hacker, nor is it their strongest attribute. The modus operandi of any hacker is singular: find a cybersecurity vulnerability and exploit to their advantage. The rest doesn’t matter. You likely disagree, but we think you’ll realize this is exactly the case. After all, we want to help you beef up your security and prevent a vulnerability rather than shift into defensive mode upon clean-up from an attack. The latter is going to shift your focus for up to a year of reactivity, while a little extra focus now will prolong your proactive position. An ounce of prevention is worth a pound of cure, especially in this type of situation.
At the most basic level, your organization’s cybersecurity is based on your team’s awareness level – which can easily be assessed and addressed in training. Data breaches caused by hackers are one thing, but the simplest way for a hacker to gain access is by finding a weak link – a human operator – and using sneaky tricks to exploit weakness from that angle. A hacker can use pretty low-tech approaches in this way, like phishing.
Does your cybersecurity awareness training still include exercises and tips on old-fashioned tricks like phishing? It’s amazing the simple tactics some of these hackers will resort to – but the reason is that these tricks still work on us. A 2017 study by Google reported that phishing was still one of the most effective tactics used for hacking a user account.
Phishing is the practice of sending emails pretending to be from a reputable company, like Google or Apple, to get recipients to reveal personal information like passwords to the sender.
Perhaps it’s because we don’t see ourselves as targets anymore, thinking hackers only target the “big fish” for the bigger reward – a unique tactic called “whaling” – but the reality is that everyone is a target There are no exceptions. Any computer user can be an access point for a cyberattacker because any computer can serve a greater purpose for a cybercriminal.
Why does phishing still work? Because we let it. We start to shift our focus to the newer or more sophisticated methods hackers use, and we don’t maintain vigilance on the basic approaches in cybersecurity awareness training.
One click is sometimes all it takes to turn a user into a victim – and for a hacker to wreak havoc on a network. One click can lead to a malware installation, identity theft, or worse, ransomware. That click could cost an organization into the millions of dollars.
Ransomware is like a virus, where a hacker accesses a computer or network and places a file or code that blocks user access, and requires the user to pay money – a ransom – to the cyberattacker to regain access to the computer or network.
Remember when we said all it takes is one click? It’s true. In 2017, hackers sent emails to staff at Chipotle and managed to trick someone into one click, compromising the point-of-sale (POS) machines at locations that enabled the hackers to gain access to the credit card data of millions of customers. The worst part is that even end users who are in the tech industry have been tricked; Google and Facebook have both been affected to the tune of $100 million each because of successful phishing attempts.
Did you know that some companies hire former (“rehabilitated”) cybercriminals as cybersecurity specialists – true experts – to help mold technology teams in charge of cybersecurity and oversee cybersecurity awareness training programs? These are probably among the most solid and effective programs in existence!
One way organizations have used to test the awareness of their team is by executing an internal phishing campaign. This is a campaign where the company has total control of the phishing attempt but tests the staff to see where the weaknesses are. The results only help improve overall training and cybersecurity.
This approach is wildly successful in getting an accurate picture of your team’s awareness. Who fails the test? How far will some employees allow a hacker to get before realizing they are being phished? Where does your training lack focus that the attempt was successful?
A few things to keep in mind with this approach:
While internal phishing campaigns are helpful, don’t shift your training focus to only weaknesses discovered in this process.
Be careful not to call out any one particular team member or access point; the goal isn’t to embarrass team members but to improve your team’s awareness overall.
Don’t aim for only those team members you consider to be the weakest when it comes to cybersecurity knowledge; you’d be surprised at where an organization may discover vulnerabilities
On this note, it’s helpful to provide one-on-one level training catering to these team members, but you can still do so as a company by offering exercises aimed at specific weaknesses without placing blame.
Keep the phishing exercise as realistic as possible, so the teachable moments that result are valid and credible
When your exercises and training give you enough insight to update your training, keep the training outline simple with a few target areas that are comprehensive enough to be thorough but straightforward enough to be digestible:
Form a baseline for where your team is currently, regarding cybersecurity awareness.
Devise goals for where your team should be, and target dates to achieve these goals.
Outline a plan to meet these deadlines.
Develop a maintenance process for ongoing support.
Organizations can also take steps to protect themselves internally, too. Limit access to all computer equipment to authorized personnel only, install up-to-date antivirus software at each workstation and update all programs on a regular basis – especially security updates. Having a contingency plan in place for any vulnerabilities might seem like overkill, but it never hurts to be prepared.
Self-awareness is just the first step in achieving the ultimate level of cybersecurity protection – don’t wait until an attack happens before you start defending yourself and your organization!
by Felicien | Mar 28, 2018 | Education
It happens to all of us at some point – you’re sitting by someone who whips out this über cool gadget, and you can’t take your eyes off of it. You have to know what it does… and where you can buy one! Read on for eye candy just like this.
We’ve all been there: Gadget Envy. We want the smartest phone, the thinnest tablet, the fastest Internet speeds, the strongest network connection, the battery that never dies – the list goes on. Part of this is due to our busy lifestyles, and part of this is from our never-ending quest to get more done in less time. The best gadgets combine advanced technological features with enhanced productivity.
The options are endless, but we’ve narrowed our list down to 5 categories with the top tech that today’s savvy CEO will have – along with the envy of everyone nearby!
Sound
We know you get perturbed with the pathetic volume coming from your laptop speakers. Amplification is impossible in atmospheres where white noise is loud, like airports, and while the settings on newer laptops and tablets are growing in sophistication, they still lack in sound quality. Here are a couple of solutions to help.
The ICE Harmony Floating Bluetooth Speaker packs powerful sound in a colossally cool package. The spinning speaker floats above the base with concealed (read, secret) magnets to maintain the floating position. The design results in a 3D sound effect and can be used separately from its base giving the user portable and potent sound, connecting to smartphones or tablets via Bluetooth.
Simple-to-use Startech USB Stereo Audio Adapter helps your laptop with the addition of SPDIF digital output. Designed for Windows-based machines (sorry, Mac lovers), functions as though users add a 5.1 sound card, and is quite compact but also has a set of two headphone jacks.
Secure Storage
So, you need to bring files along for the ride, but live in fear of losing your thumb drive? We have a couple of cool ideas for you.
The Aegis Secure Key 3Z is a super-tough USB storage device made from sturdy metal and uses top-of-the-line technology for encryption plus a physical keypad for which the user can set a custom PIN for secure entry.
PIN-protected storage is a popular choice these days. DiskAshur Pro is another option to secure up to 500GB of data with a customizable PIN, between seven and 15 characters.
Aegis makes this list with not one, but two options, with its Apricorn Secure Key USB 3.0 480GB Flash Drive. Using a 10-key alphanumeric keypad with a dust-proof and waterproof enclosure, this storage solution means business. This one is on the list has received accolades from NIST, the National Institute of Standards and Technology, a U.S.-based entity that oversees government IT security.
Power
The perennial power problem: your power capability does not match your mobile lifestyle or needs. In other words, your battery dies faster than the mother in a Disney movie and you need a backup solution.
Have you checked out the Orico SC28 Mobile Power Bank? With promises to power you all day, this one is designed for laptops instead of smartphones – for which power banks are everywhere. Recharging via USB or the old standby (wall plug-in), up to three devices at once can benefit from this baby.
The Jackery Titan S is a stylish portable battery charger whose claim to fame is its flexibility: it is also friendly to the MacBook.
The feature-filled Sandberg Laptop Powerbank charges quickly, supports (and automatically detects) multiple voltages, and comes with a dozen charge tips.
Mobile Hotspots
Our addiction to data is endless, and with the growing number of wireless providers offering unlimited data, we find ourselves using our smartphones as hotspots. Our ultimate battle is the need to connect versus the need to preserve smartphone battery life. Enter the mobile hotspot device!
The KnowRoaming Global Hotspot aims to provide seamless and simplified global connection in more than 140 countries, with unlimited data in more than 90, but only to corporate accounts at this time. The daily flat fee service is especially a bonus for those who travel to countries like Japan where connectivity is just ridiculously expensive for foreign travelers. About the size of a matchbox, the device battery lasts for up to 20 hours and supports 3G although LTE is pending.
Boasting speed and simplicity, the TP-Link M7650 Mobile Wi-Fi Hotspot claims to be the fastest Wi-Fi router ever made, capable of streaming video to a user’s laptop or tablet and can support up to 32 devices at once – enough for an entire small office.
Just Cool Stuff
Here’s where things get really awesome! These items didn’t fit into any of the categories above, but couldn’t be left off this list. Just trust us and read on.
A notebook that you put in the microwave to erase everything you wrote (or doodled)? Yep! Well, using a Pilot FriXion pen, but still the Rocketbook Wave is a pretty incredible gadget. Not only can the microwave erase all your writing when you’re ready to start fresh, but you mark an icon to represent where you want your notes sent, and everything you write is then stored in your account on Google Drive, Dropbox, OneDrive, Slack, iMessage, email, and so much more. Using your smartphone and the Rocketbook mobile app, you scan your notes and voila! The Rocketbook Everlast erases with a dampened cloth instead and can be reused in the same way.
Moleskine, the cult favorite notebook maker, brings you the Smart Writing Set. This set includes the smart Pen+ tool that sends your writing to the Bluetooth-connected phone or tablet to display using the Moleskine Notes app, and your notes are editable within the app (highlights, scribbles, etc.).
Want to wow your crowd in a presentation? Logitech makes a Spotlight Presentation Remote that looks super cool when in use, including the ability to magnify and highlight selections on-screen, with Bluetooth connectivity. There is also a cool built-in timer that shows (only you) how long you’ve been talking and can give a subtle vibration at a pre-set timed interval.
Try the Gyration Air Mouse Voice with your presentation, which can act as a standard wireless mouse but also has built-in microphones to work with voice recognition as you get through slides. Voice commands can zoom, open web browsers, etc., with the push of a button.
This is just the tip of the tech iceberg; we know – but we’re pretty sure you’ll be as fascinated with the items on this list as we are. One thing we know for certain? You can’t wait to try them out and be the envy of someone else!
by Felicien | Mar 28, 2018 | Education
So many big, expensive cyber attacks have taken place in the last few years that it’s hard to remember them all – when will we learn our lesson?
Cyber attacks are common ground these days. There was the Chase Bank breach of 2014, which exposed the financial information of 76 million Chase customers. This attack was set to target 10 major financial institutions in total, but only one other company reported that data had been stolen. This company was Fidelity Investments. Though the attack caused serious repercussions for Chase Bank, the damage could have been much worse. Four hackers (two from Israel) were eventually arrested.
Hacking Isn’t Just About Stealing Data
In the Sony Pictures data breach of 2014, over 100 terabytes of data was stolen by North Korea. This attack was about more than just getting the personal information of consumers. The attack occurred because of a movie that Sony Pictures was set to release called “The Interview”.
The movie, starring Seth Rogen and James Franco, was a fictional story about two journalists who go to North Korea to interview Kim Jung Un. The two men actually work for the CIA and are planning to assassinate the very well-known but unpopular leader. It was believed that North Korea’s leader ordered the cyber attack on Sony Pictures to show his displeasure and disapproval of the film. In addition to the personal information of Sony executives and other employees, hundreds of photos and emails were released to the public. These highly personal items caused a massive amount of embarrassment to Sony’s top executives.
No One Is Safe from Hackers
Proving that no one is immune from cyber hackers, Equifax, one of the nation’s largest credit reporting agencies, was infiltrated by hackers in mid-2017. The company estimated that approximately 143 Americans were affected. In addition, an unknown number of consumers from Canada and the UK were affected by this breach. Were there any signs that an enormous data breach like this might occur?
A report issued in October of 2017 by Motherboard, found that Equifax had certain vulnerabilities due to an online portal created for employees. Researchers discovered that the Equifax website was highly susceptible to a basic forced browsing bug. A researcher from Motherboard said that he didn’t even have to do anything special to infiltrate the system. It was far too easy to get in.
“All you had to do was put in a search term and get millions of results, just instantly—in cleartext, through a web app,” the researcher said.
In spite of this information being available to Equifax, it took them six months to close the portal and shut down these vulnerabilities. In this day and age, it’s unthinkable that organizations as sophisticated as Equifax might be so lax in their data security.
The Final Cost of Cyber Breaches
Target Stores lost millions of dollars when they had to reimburse customers for their losses after their 2013 data breach. In addition to that, a class action lawsuit was settled for roughly $10 million. As if that wasn’t enough, 20-30 percent of Target shoppers said they were worried about shopping online at Target stores after the breach.
Are We More Vulnerable Than We Believe?
Many data security experts believe that cyber weaknesses like this are far more common than the public believes. In an era when everyone should be fully aware and taking every precaution to prevent a data breach, numerous large corporations remain at risk.
After all is said and done, most people would expect any organization that has experienced a cyber theft to drastically improve their cybersecurity. Large, expensive data breaches leave an organization open to legal action, plus they’re embarrassing. Consumers say that they are less likely to do business with any company that has been a victim of a cyber breach.
But has that really happened? A new study performed by CyberArk reveals that 46 percent of all companies who have experienced a cyber breach have not substantially updated their security policies.
This failure to learn from past mistakes has the public truly baffled. In some cases, IT professionals have been interviewed and asked why they haven’t greatly improved their cybersecurity. Over 30 percent of these pros said that they did not believe it was possible to prevent all cyber-attacks. This indicates that even security experts aren’t sure what to do to stop future attacks from occurring. But, should we simply make the decision not do anything at all?
New Report Sheds Light on the Problem
A 2018 report from CyberArk called, “Global Advanced Threat Landscape Report”, indicates that at least half of all businesses and organizations have only taken the basic security measures required by law. Though their public relations department may say they are taking every precaution to protect customer data, this is probably not true. In addition, 36 percent of respondents in the report said that administrative credentials were currently being stored in Excel or Word docs. These documents would be easy to obtain by any hacker with average skills.
The Global Advanced Threat Landscape Report also reveals that the number of users with administrative privileges has jumped from 62 percent to 87 percent over the past few years. This points to the fact that many companies are opting for employee convenience over data security best practices. This is an alarming statistic given the soaring cost of cyber breaches.
Moving Into the Future with Better Cyber Security
The new AT&T Global State of Cybersecurity highlights many of the critical gaps that remain in our cybersecurity strategies. IT infrastructure and critical data must be fully protected, including credentials and security answer keys. In most organizations, those in higher positions are given greater access and authority to online data and this equates to heightened risks of a cyber breach.
According to Alex Thurber, Senior Vice President and General Manager of Mobility Solutions, “If 2017 has taught us anything, it is that every device needs to be secured because any vulnerability will be found and exploited”.
The company is set to sign a deal with Punkt Tronics to install better security on smartphones, Blackberry devices, and other electronic devices. With consumers spending more and more time browsing on their cell phones, all mobile carriers are searching for ways to better protect their customers from hacking.
What Consumers Can Do
A great increase in the sale of anti-virus software and password managers demonstrates a strong resolve by consumers to incorporate stronger security measures into their everyday lives. Innovative technology is producing a new generation of security software that combines threat defense techniques and other more conventional means of cybersecurity. Though some of these techniques are having an impact, experts believe there’s much more to be done.
As our society becomes more aware and more prepared, even stronger security for IT systems will be developed. Until then, security experts urge the public to be more cautious about clicking on links. Employees at any company need regularly scheduled security meetings where they are educated and reminded to utilize best practices when using smartphones and computers. All programs should be updated regularly with software updates and fixes to known bugs. Create difficult passwords and change them every 90 days. These are just a few of the ways that consumers can stay safe while surfing on the internet.
by Felicien | Mar 27, 2018 | Education
When was the last time you thought about technology and the role it plays in your business success? Strategic IT Budgeting and planning for the tactical use of technology resources will bolster your business efforts to establish a competitive advantage. Just as you develop and adjust your annual business plans, you should do the same when it comes to IT planning and budgeting.
Budgeting for IT Has Completely Changed
Technology is now a part of nearly everything you do, and it involves much more than computers. With the advent of artificial intelligent (AI), the Internet of Things (IoT), big data, business intelligence (BI) and Voice over Internet Protocol (VoIP) phone systems, the line items for IT may take up quite a bit more space on your balance sheets than before.
With information technology changing so rapidly, it’s sometimes difficult for business owners to anticipate what they will need for optimal performance in years to come. In the past, it was easy to budget for technology. You simply purchased the number of computers and software programs you needed to handle the basics. Today information technology is central to most all of your business processes. What you choose and how you choose to use it can mean the difference between success and failure. But how do you anticipate what you’ll need tomorrow?
The Increasing Dependence on Information Technology
In today’s competitive environment, businesses must rely on technology in order to compete and survive in the marketplace. With computers, the Internet and the availability of more software applications, productivity has been increased for many. Technology helps employees become more efficient, quick, and precise.
Information can now be relayed instantaneously, coworkers can collaborate on projects in real time from wherever they are, and businesses now have the ability to more easily spread their services throughout the world. We can no longer function without our computers, laptops, tablets or phones. Even our smartphones have the capabilities and apps that allow us to run our business from anywhere we have cell service.
You can cut labor costs by using computers and software programs for payroll, project management, and accounting. Instead of budgeting for hours of labor, you now need to budget for computers and programs. In the long run, this is money-saver for businesses of any size.
IT Budgeting Must Be a Priority
With IT shifting from just another piece of equipment in the office to the core of business operations, you should designate it as a central part of your budget. This also means that you must assess and clearly define how IT aligns with your business objectives to decide what you’ll need for the coming year(s).
Proper IT budgeting will help you lay a foundation for success for the future. Using the right IT solutions can help you:
Accelerate your business growth.
Increase your operational effectiveness.
Ensure optimal productivity from your employees.
Overcome operational challenges.
Increase collaboration and communication.
Reinforce your efforts to win new business.
Your IT Budget Should Be a Key Component of Your Business Plan
Think big and in terms of the innovative measures you can employ to increase productivity, efficiency, mobility, collaboration, and communication.
Every department in your business should adopt this philosophy when considering what they need to improve operations and cut costs.
Consider the value IT solutions bring to your business. For example, Backup and Disaster Recovery solutions will pay for themselves many times over when compared to the cost of losing your critical data.
Include key players in your organization when planning your IT budget. Your purchasing department may have different goals and requirements than your sales or distribution teams. Ensure you consider all initiatives and how innovative technologies will help them succeed.
Remain open-minded. What worked for you in the past probably won’t be enough in the year(s) to come. Consider your business’s changing needs and how new technologies might align more closely with them.
Assess and Clarify Your Business Requirements Before You Begin
Before you start, you must determine what your business will face in the coming year(s).
Will you be:
Launching a product or service that requires a new fulfillment process?
Acquiring another company or participating in a merger?
Adding employees to your staff who will need additional hardware and software?
Processing and storing additional confidential, proprietary or personal data that needs protecting?
Moving to a larger office, or adding satellite offices in other locations?
Consider the Following Requirements When Budgeting for Technology
Industry and Government Regulations: Will you need additional resources for data backup, vulnerability assessments, penetration testing, HIPAA, FINRA, PCI/DSS compliance?
Cybersecurity: With all the new and evolving cyber threats will your current IT security solutions be enough? This is an ever-increasing need due to the growing cyber threat landscape. Will you need managed firewalls, antivirus solutions, security awareness training for your employees, mobile-device-management, remote 24/7 security monitoring, Security as a Service or other solutions to protect your IT infrastructure? Most businesses need these and more to ensure their data remains secure.
Productivity and Collaboration: Software as a Service (SaaS) applications like Microsoft Office 365 provide your business the capabilities a larger-sized business enjoys, with popular applications like Word, Excel, PowerPoint and much more packaged together in a subscription-based platform. Plus, you and your employees can access it from wherever you are on your smartphones, tablets, laptops, or desktops.
Communications: Many businesses are switching from desktop phones to VoIP systems. With VoIP business phones you and your employees can make and receive calls remotely via your smartphones, retrieve messages via voicemail-to-email, and stay connected even if power and Internet access go down.
Consider All the IT Components You’ll Require
Hardware – This is the backbone of your IT infrastructure – The actual technology equipment you need to run your business. Be sure to include installation costs and maintenance in your calculations for items like the following:
Workstations
Laptops
Tablets
Smartphones
Servers
Cabling
Firewalls
Routers
Switches
Business Phones
Warranties
Licenses
Renewals
Hardware Implementation
Software – These are the business applications you’ll need to run your business. Be sure to include licenses and support contracts for your on-premise solutions.
Business Software and Applications for your Workstations, Laptops, Tablets, and Smartphones
Server Software
Anti-Virus, Anti-Spam, Anti-Malware Software
Backup Software
Routine Software Implementation
Subscriptions – These are any costs associated with subscription-based services like cloud solutions. They include options like Workstation as a Service (WaaS), Software as a Service (SaaS), Security as a Service (SecaaS), Infrastructure as a Service (IaaS), Platform as a Service (PaaS) and more.
Services & Support – This is the cost for services required to support all of your IT operations. It may encompass expenses for in-house IT employees, or contracts with a Managed Services Provider who will maintain all your IT infrastructure needs. Expenses may include:
Salaries and benefits for IT employees.
Monthly fees for an external IT provider (MSP).
Annual costs for vendors of owned software/hardware.
Outsourcing for selected services like monitoring, help desk, security services, data backup.
Data network expenses (Virtual Private Networks, Wide Area Network connections, Internet Service Providers, Broadband Connections).
Training for internal IT staff and industry certifications, Security Awareness Training for employees.
Project Costs – These are initiatives to transform or improve operations to support the growth of your business, and may include:
IT Consulting and Planning.
IT Project Implementation.
Additional software and/or hardware.
Identify the Gaps Between What You Have and What You Need
Now it’s time to compare your current IT capabilities with what’s needed to meet your business requirements for the upcoming year(s). Once you identify the gaps, you must align them with what your budget allows. You might not be able to purchase all of them. Make a list of the “must have” and another of the “would-like-to-have” technology assets. Go for what will give you the best return on your investment (ROI), and what you “must have” to keep your data secure and business running efficiently.
Implementing Your Solutions
Implementation planning is critical as it lays out the steps you’ll take to complete your IT Budget for the year. You should contract with an IT Managed Services Provider to help you acquire, install and deploy your new IT solutions. The best ones will offer a payment plan that allows you to pay for the services you need on a monthly basis. And, don’t choose just any company, or one according to their prices. Also, make sure they aren’t a “fix-it-and-go” company. You want an IT partner who will be with you 24/7. Ask your business associates for referrals, check the testimonials on the MSPs’ websites, and certainly interview more than one.
The following are some things to consider when selecting an IT provider.
Can they provide for your IT needs?
Consider your current IT support needs and how these might change in the coming year. Also, consider how these needs will change beyond next year as your business grows. Make a detailed list of your IT service and support requirements and objectives to determine if the IT provider can meet, and even, surpass them.
Look for an IT company that’s located in nearby
This affects the speed at which the company can respond onsite when IT emergencies arise. They should have the ability to handle all of your concerns and provide solutions thoroughly and effectively.
Do they offer fixed-rate managed services solutions?
To keep your IT budget under control, look for an IT Managed Services Provider who provides fixed-rate, all-in-one IT services. This is the only way you can accurately budget for IT services in the coming year(s).
Choose an IT company that provides 24/7 support, as well as onsite and remote service
With around-the-clock service and support, you’ll always have the assistance you require when IT issues arise. Also, ask if they can remotely identify and block cyberattacks, and address IT problems before they cause downtime, breaches or data loss.
Are their service technicians certified, knowledgeable and experienced?
Visit the company’s website to assess the experience they have, how long they’ve been operating and what services they provide. Check the testimonials on their website and online reviews. Ask if you can contact some of their customers to ask their opinions about the service they receive.
Ensure you’ll receive the value you require from an IT MSP
The cheapest provider isn’t always the best. Before you sign a contract with an MSP, ensure it includes any and all contingencies that may arise and details about how services are priced and delivered. Your IT provider must also be capable of aligning technology services to meet your budgetary guidelines and ensure that you’ll receive maximum value from your IT investments.
Look for an IT company that offers training on software, hardware, and security
It’s essential that your staff is thoroughly trained on your systems and software, as well as Security Awareness Education to avoid being victimized by hackers. This will increase their confidence, capabilities, and productivity, and provide a first-line of defense against cyber threats.
Will they assign a dedicated account manager to your business?
This is a representative from the MSP who will act as your main point of contact. This person can get to know your business and your requirements in detail, to ensure you receive the exact service you need.
Do they provide monthly reports?
You must stay informed and aware of the performance of your IT assets. You’ve invested a lot in them, and you must be kept apprised regarding their capabilities and value. These monthly reports should highlight which solutions are performing well, and which ones need improvement.
Can your MSP act as your IT Consultant and Strategist?
You can greatly benefit from an IT Consultant who operates as an extension of your business. They can liaison with vendors and provide strategic technical advice to ensure your IT investments are providing what you need. They can assist with your IT budgeting and help you plan ahead and take advantage of the best prices.
IT Budgeting is an Ongoing Process
You shouldn’t think of IT budgeting as having a start and finish. It’s an ongoing process with a series of do’s and don’ts. No plan is 100% correct, and if you run into obstacles you should modify your budget. Budgets are often modified after they are prepared as we discover things we didn’t know before. You must find what works, what doesn’t and make adjustments along the way. Your IT budget will go through cycles as your business needs grow and change, and as the opportunity to take advantage of new, innovative technologies emerges.
by Felicien | Mar 27, 2018 | Education
According to Attorney General Rod Rosenstein, Iranians connected to the Islamic Revolutionary Guard Corps (IRGC) were recently charged with conducting a massive cyber theft campaign on American and foreign universities, businesses and government agencies.
AG Rosenstein states:
The stolen information was used by the IRGC or sold for profit in Iran. They hacked the computer systems of approximately 320 universities in 22 countries. 144 of the victims are American universities. The defendants stole research that cost the universities approximately $3.4 billion to procure and maintain.
They also attacked computer systems of the U.S. Labor Department, Federal Energy Regulatory Commission, United Nations, and the states of Hawaii and Indiana.
When hackers gain unlawful access to computers, it can take only a few minutes to steal discoveries produced by many years of work and many millions of dollars of investment.
For many decades, the United States has lead the world in science, technology, research, and development.
Academic institutions are prime targets for foreign cybercriminals. Universities can thrive as marketplaces of ideas and engines of research and development only if their work is protected from theft.
The events described in this indictment highlight the need for universities and other organizations to emphasize cybersecurity, increase threat awareness, and harden their computer networks.
Every sector of our economy is a target of malicious cyber activity. Everyone who owns a computer needs to be vigilant to prevent attacks.
This type of criminal activity does not just cause economic harm. It also threatens our national security. Identifying and prosecuting computer hackers is a priority for the Department of Justice.
Hostile individuals, organizations, and nation-states have taken note of our success. They increasingly attempt to profit from American’s ingenuity by infiltrating our computer systems, stealing our intellectual property, and evading our controls on technology exports.
The FBI Considers These Individuals State-Sponsored Hackers
FBI Deputy Director David Bowdich reports:
“During a more than four-year campaign, these state-sponsored hackers compromised approximately 144 U.S.-based universities and 176 foreign universities in 21 countries… When the FBI learned of the attacks we notified the victims, so they could take action to minimize the impact. And then we took action to find and stop these hackers.”
The special agent from the FBI’s New York Division who investigated the case tells us:
“Their primary goal was to obtain usernames and passwords for the accounts of professors, so they could gain unauthorized access and steal whatever kind of proprietary academic information they could get their hands on. That information included access to library databases, white papers, journals, research, and electronic books. All that information and intellectual property was provided to the Iranian government.”
Is Your Data at Risk?
The Small Business Administration believes it is. Here’s what they recommend you do:
Protect against viruses, spyware, and other malicious code. Make sure each of your business’s computers is equipped with antivirus software and antispyware and updated regularly. Such software is readily available online from a variety of vendors. All software vendors regularly provide patches and updates to their products to correct security problems and improve functionality. Configure all software to install updates automatically.
Secure your networks.
Safeguard your Internet connection by using a firewall and encrypting information. If you have a Wi-Fi network, make sure it is secure and hidden. To hide your Wi-Fi network, set up your wireless access point or router so it does not broadcast the network name, known as the Service Set Identifier (SSID). Password protect access to the router.
Establish security practices and policies to protect sensitive information.
Establish policies on how employees should handle and protect personally identifiable information and other sensitive data. Clearly outline the consequences of violating your business’s cybersecurity policies.
Educate employees about cyber threats and hold them accountable.
Educate your employees about online threats and how to protect your business’s data, including safe use of social networking sites. Depending on the nature of your business, employees might be introducing competitors to sensitive details about your firm’s internal business. Employees should be informed about how to post online in a way that does not reveal any trade secrets to the public or competing businesses. Hold employees accountable to the business’s Internet security policies and procedures.
Require employees to use strong passwords and to change them often.
Consider implementing multifactor authentication that requires additional information beyond a password to gain entry. Check with your vendors that handle sensitive data, especially financial institutions, to see if they offer multifactor authentication for your account.
Employ best practices on payment cards
Work with your banks or card processors to ensure the most trusted and validated tools and anti-fraud services are being used. You may also have additional security obligations related to agreements with your bank or processor. Isolate payment systems from other, less secure programs and do not use the same computer to process payments and surf the Internet.
Make backup copies of important business data and information
Regularly backup the data on all computers. Critical data includes word processing documents, electronic spreadsheets, databases, financial files, human resources files, and accounts receivable/payable files. Backup data automatically if possible, or at least weekly, and store the copies either offsite or on the cloud.
Control physical access to computers and network components
Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
Create a mobile device action plan.
Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
Protect all pages on your public-facing websites, not just the checkout and sign-up pages.
Protect information, computers, and networks from cyberattacks. Keep clean machines: having the latest security software, web browser, and operating system are the best defenses against viruses, malware, and other online threats. Set antivirus software to run a scan after each update. Install other key software updates as soon as they are available.
Provide firewall security for your Internet connection. A firewall is a set of related programs that prevent outsiders from accessing data on a private network. Make sure the operating system’s firewall is enabled or install free firewall software available online. If employees work from home, ensure that their home system(s) are protected by a firewall.
Create a mobile device action plan. Mobile devices can create significant security and management challenges, especially if they hold confidential information or can access the corporate network. Require users to password protect their devices, encrypt their data, and install security apps to prevent criminals from stealing information while the phone is on public networks. Be sure to set reporting procedures for lost or stolen equipment.
Control physical access to your computers and create user accounts for each employee. Prevent access or use of business computers by unauthorized individuals. Laptops can be particularly easy targets for theft or can be lost, so lock them up when unattended. Make sure a separate user account is created for each employee and require strong passwords. Administrative privileges should only be given to trusted IT staff and key personnel.
Limit employee access to data and information, and limit authority to install software. Do not provide any one employee with access to all data systems. Employees should only be given access to the specific data systems that they need for their jobs and should not be able to install any software without permission.
The increased frequency of cybercrime of cybercrime incidents has raised concerns and stakes for both small and large businesses. Your IT Managed Services Provider will help you fight and prevent cybercrime of all kinds. They will be your best friend in this regard. Don’t wait to contact them.
