by Felicien | Jun 30, 2019 | Education
It’s not surprising that many companies in a range of industries are hiring managed security service providers (MSSP) to manage their specific security initiatives or outsourcing their entire security program to an MSSP. An MSSP can take care of the routine and emergency security issues 24/7, issues which can easily overwhelm a small- or medium-sized company’s in-house IT department. Outsourcing a security program can be beneficial to companies with limited IT personnel, struggle to hire security staff, lack internal expertise in security, or plainly don’t have the number of IT employees necessary to implement a large security program. However, if you are going to hire an outside MSSP, it’s important to consider them carefully. Since your goal is to have them handle your sensitive data and file storage, a thorough evaluation following best practices will ensure your company’s continued growth and success as well as save your peace of mind.
What considerations should you pursue when looking to hire a managed security service provider? What standards set the best companies apart? Are there specific questions to ask potential MSSP candidates when interviewing them? Here are the questions that top security professionals recommend businesses ask when looking to partner with an MSSP.
1. What are They Going to Do for Your Organisation?
When looking to partner with a business, a good managed security service provider will examine the firewall, patching and anti-virus software, as well as have a holistic approach to protection. A good MSSP will talk about implementing security including:
Management – risk management, procedure, policy, auditing, process, training, reporting and education
Adaptability – culture, industry, backup, business continuity and resilience, and disaster recovery
Technology – firewall, wireless, UTM, best practices, VPN, and patch management
Compliance – additional standards or regulations such as GDPR, etc.
2. Do They Have the Right Expertise?
Not all MSSPs have the same training and certifications. Not all staff are trained or have experience on the same brands of hardware or software. It’s important that you hire an MSSP that has expertise in the specific make and model of PC that your company uses. They also need to have enough employees with the right education and training to work with your routine and emergency IT issues. Look for credentials including Premier Partner, Gold Certified Partner, Partner of the Year, Mid-Market Specialist from manufacturers they work with. Partner recognition awards are a good indication of a high level of competency.
Rely on references from recently deployed customers, who are of the same size, in the same vertical, and with similar challenges to what you currently have. Have in-depth conversations with the references. (Ken Baylor, PhD)
3. Do They Have the Capability?
Are they big enough with the number of support staff you need? Are their people trained and certified at every level of the organisation to service clients in the manner that you need? Do they understand your industry and any industry-specific issues you have? Can they support your business 24/7? An MSSP that specialises in health care services may not be a good fit for a manufacturing company. IT systems may be similar, but jargon, slang, abbreviations are different, and each industry may have specific regulations to comply with.
4. What Do They Recommend Changing to Improve Security?
Do they value the investment you’ve already made in your IT systems? Do they recommend logical changes or upgrades to improve your security? Or do they require changes because they can’t support your current system? It’s important to find a company that will mesh with yours, make your job easier and save you money and time.
5. What Benefits Does Your Company Receive from the Partnership?
Outsourcing digital security to an MSSP is a partnership. The MSSP is there to protect your data, and your infrastructure. They are helping you protect your clients and staff. Having a service level agreement (SLA) in place will clearly lay out the responsibilities of everyone involved.
6. How Much Will It Cost?
Costs vary depending on the level of security you need and scale of service you need. However, costs should be clearly listed upfront without any changes for a monthly contract. Any changes to your costs should be approved before the work is done and billed. Costs include management, monitoring and reporting which are all in the SLA.
by Felicien | Jun 28, 2019 | Education
Every business should have a comprehensive cybersecurity plan and a competent team that can execute that plan. Otherwise, cybercriminals and malicious actors can and most likely will take advantage of security vulnerabilities to access company data and cause damage. But as important as it is to have skilled IT professionals looking out for your business, it is equally important to educate yourself in the basics of cybersecurity so that you can avoid compromising your valuable information accidentally.
The following list of cybersecurity terms is one that every business owner, manager, executive and other professional should be aware of. The more you understand the basics of cybersecurity, the better equipped you will be to protect your valuable business data and personal information moving forward.
9 Cybersecurity Terms Every Business Professional Should Know
1. Malware
From the time the average family had a personal computer in the house, most people had heard of computer viruses. Today, it is still common for many people to think of all types of attacks to computer systems and networks as viruses. In truth, a virus is only one type of attack that you need to be aware of. There are many other types of attacks, which along with viruses, fall under the umbrella of malware. Anything that is made to access your network or data—or cause damage to your network or data—is referred to as malware.
2. Phishing
Like the common term it comes from, phishing can be thought of as throwing out attractive bait in hopes that someone will bite and give up their valuable information. Phishing involves making a website or application that looks just like a site or app that people trust. You might get an email from Google or the IRS that looks legitimate. It could claim that the company needs you to update your information or your password and then take that info and give it to a cybercriminal.
3. Antivirus
An antivirus program is just like it sounds—a program for fighting computer viruses. What it is not is a program that will handle all of your cybersecurity needs. It will search for common viruses and eliminate those viruses, but it will not necessarily protect against other types of malware. Your antivirus can only scan the drives it has access to, and can only identify viruses that have already been identified by the company that makes the program.
4. Social Engineering
Social engineering refers to deceiving people instead of computers. While creating malware requires focusing on technical aspects, social engineering focuses on ways to manipulate people into doing what you want them to do. The scams where people ask you to cash checks on their behalf and send them the money because they are out of the country are an example of social engineering.
5. Ransomware
A common type of malware being put out by cybercriminals is known as ransomware. Ransomware takes some of your sensitive data and encrypts it so you cannot access it. The cybercriminal then demands a ransom for you to get access to your data. All of the cybersecurity terms you see that end with ware are types of malware.
6. Zero-Day Attacks
One of the biggest weaknesses of antivirus programs or other anti-malware programs is that they can only detect and protect against malware that has already been identified. Cybersecurity experts are constantly on the lookout for new malware, but they are not able to catch every piece of malware before it compromises systems and networks. There are always holes in the protective layers offered by cybersecurity teams. When a piece of malware compromises a hole, or vulnerability, in standardized security layers, it is known as a zero-day attack.
7. Redundant Data
While cybersecurity experts and your IT team are always striving to protect your system and network from attacks, sometimes your data can still become compromised—like with a zero-day attack. The reality of cybersecurity is that there is always the possibility of compromise, which is why backing up your data is a necessity. Not only does backing up your data protect against cybersecurity threats, but it also protects against equipment failures.
A quality backup will be quarantined in a facility that is not in the same location as your business.
8. Patch
A patch is what software developers send out when they discover a gap in the security of their programs. You should download available patches regularly to ensure optimal protection.
9. Intrusion Protection System (IPS)
An IPS is placed between your firewall and your system to identify intrusions and stop them before they cause damage.
For more information about cybersecurity for your business, please contact our team.
by Felicien | Jun 28, 2019 | Education
USB drives offer so much convenience. A little storage device as big as your finger, you can carry it around without even noticing it—and with every passing year, the amount of data they can hold grows and grows. These small storage devices are so easy and convenient to use that they are found everywhere in the business world, from desk drawers to branded swag drives on keychains. And since they are so easy to pop in and out of your USB drive, if you are like many people, you probably do not even bother to eject them before you take them out of your drive. Is there really any problem with not ejecting your USB drive properly? Unfortunately, the answer is a definite “Yes.”
From losing data to ruining the drive, failing to properly eject your USB drive can lead to real issues. Read on to discover the way your USB drive works and why it is so important to go through the ejection process on your computer.
Removing a USB Drive Without Ejecting—What You Need to Know
How USB Drives and Computers Communicate
Using a USB drive is such a seemingly simple task. But when you look more closely at what goes on with your drive and your computer when they interact, you will discover that the way they work together involves a lot more than just plugging in and unplugging.
When you plug a USB drive into your computer or laptop, the first thing that happens is the computer delivers power through the USB port to the USB drive. The drive does not have its own power source, so it requires power from the computer to operate. After the computer has supplied power, the computer and the drive must communicate with one another.
Proper communication between a computer and a drive requires having the right drivers installed on your computer. Fortunately, today’s drives come equipped with drivers that your computer can download to allow it to communicate with the drive—which is why modern USB drives are considered “plug-and-play.”
When the computer and the drive have established communication, the computer does what it needs to do to figure out what is on the drive. There are multiple steps to just this process, including reading the directory structure, Master Boot Record or Partition Boot Record (the process can vary by drive).
Every one of the things described above happens before you are able to see your USB drive contents on your computer—all within a matter of seconds. There are numerous other things that go on behind the scenes as you use the USB drive as well. While it may seem like the changes you make to your drive happen instantly, in reality, there are multi-stage processes occurring that may take longer than you realize.
Alterations to Your Drive Happen in Batches
As your computer is reading your drive, it is changing the information in the metadata on the files, such as changing the time and date that the file was last modified. Then, when you make changes to files, such as adding or deleting a file, the changes you make will first occur in your computer’s cache. Eventually, your computer will make the actual alterations to the information on your drive. Again, these things happen quickly, but it is important to understand that they do not happen instantly, which is one of the reasons why pulling the drive out can cause problems.
Other Programs May Be Using Your Drive
You see a very small portion of what actually happens with your computer at any given moment. While you may not be interacting with your drive right now, other programs on your computer could be doing so. For example, your antivirus and anti-malware programs could be busy scanning your drive while you are doing other things. Removing the drive while such programs are doing things on your drive can cause the files to be corrupted.
What Happens When You Eject the Drive?
Your computer and your drive have to go through a process to say goodbye just like they had a process to say hello. By pressing the eject button in your system you are telling the computer to start this process and finalize everything so that the drive can be removed safely. The computer will make sure that all of its interactions with the drive are completed before it says that you can safely remove the drive—like waiting until the antivirus is done scanning the drive.
Always Eject the Drive to Avoid Damaging Files or the Drive
Failing to properly eject your USB drive can damage files or corrupt the entire drive. That is why you always want to go through the proper ejection process. Failing to do so could cause you to lose your data on the drive or cause you to lose the ability to use the drive at all.
by Felicien | Jun 28, 2019 | Education
Microsoft Teams and Slack are both team collaboration applications with large percentages of the market. Both apps have their adherents, but what’s most interesting about them, is that many companies use both of them in tandem. Mio, an Austin, Texas-based startup that sells software to enable communication between different messaging tools, polled 200 IT decision-makers at organisations ranging in size from hundreds to hundreds of thousands of employees. What they found out was that 91 percent of businesses use at least two messaging apps; Slack and Microsoft Teams are present in 66 percent of the organisations surveyed.
Why Do Organisations Use Both Slack and Teams?
Mio found out that companies use team collaboration apps for different reasons. A business that acquires another company that uses Slack, may leave it in place. Another reason is that certain job roles prefer specific tools. In this case, Slack is more popular with tech-heavy roles.
IT decision-makers try to accommodate their engineering teams who love Slack, at the same time, standardising the majority of the company with usage of Microsoft Teams. This dynamic matches recent trends in enterprise messaging with specific tools used for varying needs. Developer teams often use Slack, but then select Teams for a company-wide rollout because it meshes with Office 365.
Sometimes messaging apps are adopted without any corporate input. A work group may adopt Slack without checking with their IT department. In fact, there are companies that have more than four team collaboration tools being used simultaneously.
Which App is Used the Most Often?
Slack is the most widely used app, according to the results of Mio’s survey. 65 percent of companies surveyed use it. Skype for Business comes in second place with 61 percent, and Microsoft Teams is in third place right behind with 59 percent. Slack, which just went public on the NYSE, has over 10 million daily active users and 85,000 paid customers. The survey’s respondents cited Slack as being the most user-friendly with 31 percent, while Microsoft Teams came in third behind Cisco’s Webex Teams, cited at 21 percent by respondents.
Results from the survey also indicate that Slack is doing very well with large business, usually Microsoft’s core market. 75% of companies with more than 10,000 employees said they use Slack.
Which Companies Use Microsoft Teams?
Microsoft Teams came out in 2017 and it’s been distributed widely within Office 365 subscriptions. Over 500,000 organisations use Teams, although the company doesn’t break out active user figures. Microsoft Teams has grown quickly, beyond the experimental stages. Large-scale deployments of Teams have occurred in Microsoft’s large enterprise customer base.
What Issues Crop Up with Multiple-App Usage?
One of the biggest issues with multiple application usage within the same company is interoperability challenges. So far, there aren’t a lot of choices to communicate between apps. One company, 8×8, lets users communicate with different apps through their X-Series team chat platform. However, at this point there is no way to communicate with external chat applications natively. Without this, often employees can’t talk to each other.
Without global communication within a company, decision-making gets slowed down, productivity decreases, and inefficiencies occur. It’s important for IT to be aware of potential problems. As long as different apps are used for different use cases, the system will work. However, if every team has a unique way of communicating, chaos can ensue. More than one team can be working on the same project without knowing about each other.
How Difficult is it to Migrate Users to a New Messaging App?
Moving users from one messaging app to another can be a huge project. Consolidating apps requires best practices regarding content, because there is no way to pull up content from one app to another.
by Felicien | Jun 27, 2019 | Education
Technology is rapidly entering all areas of commerce, banking and society due to increased digital communications both in person and online. Much of the business that Canadians do every day is assisted by technology including shopping for groceries, promoting a brand and socializing with friends and family. “Data is a resource that companies use to be more productive and to be more productive and to develop better products and services, unleashing a digital revolution around the world.” according to the Canadian Digital Charter website. Due to this expansion of data access worldwide, Canada has set up the Canadian Digital Charter (CDC) to ensure that “privacy is protected, data will not be misused, and companies operating in this space communicated in a simple and straightforward manner with their users.” The goal is to inspire trust in the government and businesses who handle private data.
Canada’s Digital Charter is Built on Ten Principles
The CDC was developed after the government conducted numerous conversations and surveys with Canadians from all walks of life. These discussions emphasized specific issues that Canadians were interested in and worried about. The result were the following ten principles that form the foundation of the CDC.
1. Universal Access:
All Canadians will have equal opportunity to participate in the digital world and the necessary tools to do so, including access, connectivity, literacy and skills.
2. Safety and Security:
Canadians will be able to rely on the integrity, authenticity and security of the services they use and should feel safe online.
3. Control and Consent:
Canadians will have control over what data they are sharing, who is using their personal data and for what purposes, and know that their privacy is protected.
4. Transparency, Portability and Interoperability:
Canadians will have clear and manageable access to their personal data and should be free to share or transfer it without undue burden.
5. Open and Modern Digital Government:
Canadians will be able to access modern digital services from the Government of Canada, which are secure and simple to use.
6. A Level Playing Field:
The Government of Canada will ensure fair competition in the online marketplace to facilitate the growth of Canadian businesses and affirm Canada’s leadership on digital and data innovation, while protecting Canadian consumers from market abuses.
7. Data and Digital for Good:
The Government of Canada will ensure the ethical use of data to create value, promote openness and improve the lives of people—at home and around the world.
8. Strong Democracy:
The Government of Canada will defend freedom of expression and protect against online threats and disinformation designed to undermine the integrity of elections and democratic institutions.
9. Free from Hate and Violent Extremism:
Canadians can expect that digital platforms will not foster or disseminate hate, violent extremism or criminal content.
10. Strong Enforcement and Real Accountability:
There will be clear, meaningful penalties for violations of the laws and regulations that support these principles.
Digital Technology’s Impact on Canada
The ten principles listed above clearly display the Canadian Government’s vision of integrating ethics and law with digital access. In the discussions with Canadians that led to the CDC, three main issues came to the forefront.
A. How Can Canada Prepare for the Technology of the Future?
Canadians are concerned whether they will be trained for skills needed in the technology of the future. Examples of these are digital skills, including knowledge of coding, data analytics, AI, and machine learning as well as future technologies that have not yet been developed. Although not all careers require a special knowledge of technology,
Canada must instill comprehensive digital literacy and exposure to STEM skills from a young age, particularly for under-represented groups including women, Indigenous people, and people with disabilities. To build digital resilience, Canada must take a multidisciplinary approach to skills development and training that encourages a life-long learning mentality.
Other key issues include retraining workers to build skills that relate to STEM fields, and opening access to training in non-traditional formats including flexible, cost-effective options for attaining new skills in short time frames.
B. How Will Canada Support Growth of Competitive Canadian Companies?
In order for Canadian companies to be competitive on a global scale, they need to “adapt their traditional approaches, and identify, adopt and implement digital and data-driven technologies.” There are several issues that are obstacles to this type of growth including most notably affordability, access for remote, rural and Indigenous communities. Canada ranks among the most expensive countries in the G7 for many telecommunication services including mobile wireless and Internet.1 Other obstacles include awareness of how technology can improve and scale business in traditional sectors, and that technology implementation isn’t a “one-size-fits-all” solution. Recognition of the need for individual, personalized implementation is crucial to moving forward.
C. How Can Canada Be a Leader in the Digital Age Regarding Privacy and Trust?
The digital age has ushered in the usage of an explosion of data “helping to fuel innovations like AI, machine learning, and the Internet of things, however, the rapid acceleration of data being created, and its use as a commodity means Canada must re-evaluate the frameworks it has in place.” While laws such as the Personal Information Protection and Electronic Documents Act (PIPEDA) help to keep personal data private, there needs to be an ongoing effort to keep frameworks transparent and private data protected against hacking and other data breaches.
Trust and privacy of personal data is a key element in any future growth of technology in Canada.
The issue is complex with important questions around data access, ownership, use, and the consent and controls available to both citizens and providers. . . Canada has a mature regulatory environment, however with the growing complexity of vast amounts of data flows, privacy, and cross-border markets, many Canadian companies, in particular SMEs, expressed difficulty understanding how best to comply with existing data and privacy legislation and the corresponding regulations.
To continue to protect privacy, Canada needs to modernize PIPEDA and continue to offer effective and clear guidance on privacy issues, and at the same time effectively enforce any players appropriately to build trust with Canadians.
