Blog

Archive for Tech Tips for Business Owners

Today’s Security Challenges and How Microsoft Helps Mitigate Them

Today’s Security Challenges and How Microsoft Helps Mitigate Them

Today’s workforce is more mobile than ever, which means they can work from virtually anywhere any time, provided they’ve got an internet connection.

While this is great, it presents a whole new spectrum of security challenges as this level of mobility means more opportunities for a security breach. If this doesn’t ring alarm bells in your head, then picture these statistics:

  1. The IBM-sponsored Ponemon Institute’s 2017 Cost of Data Breach Study puts the global average cost of a data breach at a whopping $3.6 million. That’s about $141 for every data record. Not to mention that the cost of recovering from a security breach is higher than protecting against one.
  2. More than 80 percent of employees use non-approved SaaS (software-as-a-service) apps in their job, leading to hundreds of million records already compromised to date.
  3. An attacker can reside within your network for up to 200+ days on average before detection.

What Microsoft is doing to combat security threats

Microsoft’s protection begins with the unique insights that the tech giant amasses through machine learning technology. Machine learning on Microsoft Security works by overlaying separate sets of company data for its Artificial Intelligence (AI) system to monitor. The system measures each dataset against the other using pattern recognition to detect any anomalous activity which it then flags in order to be addressed.

This threat intelligence gathers signals — or indicators — from a broad and in-depth array of sources to help the security graph understand the threat landscape. This means analyzing and learning from data built into products and services such as Windows, Office 365, Hotmail, and Azure from users all over the planet to detect attack trends and intercept new threats before they happen.

That’s data provided by:

  • 400 billion emails monthly
  • 2 billion devices monthly
  • 1 billion cloud queries daily
  • 2 million file samples daily

Microsoft also employs threat researchers and analytics systems across its worldwide network to provide a timely and actionable assessment of the threat landscape. This approach means that Microsoft has billions of data points that throw light on various security issues.

The company is constantly learning from every one of these interactions and creating a security graph built on its broad scale, strength of signal, visionary mindset, and vast experience as a global enterprise. Most importantly, they perform ongoing studies of the threat landscape to help understand and mitigate the impact of more sophisticated attacks.

Pillars of Microsoft Security

Microsoft’s approach to security comes down to four simple pillars: Trust, Intelligence, Partnerships, and Platform.

Trust

Microsoft believes in the need to trust that your organization, data, and people are protected from security threats.

Intelligence

This is about acting on the intelligence that Microsoft gives you from its security-related signals and insights – helping both Microsoft and its users detect threats more quickly.

Partnerships

Microsoft is fostering an ecosystem of vibrant partners whose contributions lead to the effective raising of the security bar across the industry. The tech giant believes in working with the industry as a way to take a holistic approach to technology.

Platform

Microsoft security is in-built on the company’s platforms, taking a holistic approach to security by looking at it across identity, apps, devices, and data, as well as the security infrastructure. This involves, for instance, harnessing machine learning on integrated applications such as Windows Defender Advanced Threat Protection (ATP) to seamlessly monitor data, detect threats, and eventually contain them before they become a problem. Since all this is done using technology rather than human input, there is little need for employee involvement or related software deployment.

A more targeted approach to threat protection

Because many of today’s organizations have multiple data centers spread across various locations or all over the globe, there are more opportunities for a security breach. This means that an integrated approach to protection would be a less efficient alternative. Microsoft, therefore, encourages the deployment of more targeted products that narrow the focus and guarantee the security of internal business processes.

A good example is the protection that Microsoft offers for emails; a major point of breach targeted by cybercriminals. Here, Office 365 Advanced Threat Protection (which works in the same way as ATP) focuses only on scanning and detecting suspicious activity within emails.

There is also the Threat Explorer in Office 365 Threat Intelligence and Exchange Online Protection that Microsoft uses along with the Office 365 Advanced Threat Protection to create a broader threat visibility. This guarantees faster detection, investigation, and response to email threats.

Microsoft Security

Conclusion

With its unique approach, Microsoft is always steps ahead of bad actors that threaten your two biggest assets – people and data. Using Microsoft Office 365 means that you’re leveraging these unique capabilities to increase your protection. The beautiful thing about having world-class security is that it ensures your employees have the peace of mind to do their best work that will yield the most productivity for your organization.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Happy Canada Day

We’ll Be Celebrating – But Our Help Desk Will Still Be Here For You And Your Staff

On July 1st, we as Canadians, honour the formation of the union we call home. Whether enjoying the holiday at a cottage; watching a fireworks celebration in the city; working hard in the office or shop; or marching in a local community parade; we all celebrate our great nation together as one.

Here’s to our beautiful lakes, our majestic mountains, and everything that makes Canada the greatest place to live!

For anyone who’s not Canadian, here’s what Canada Day is all about.

On July 1, 1867, Canada became a self-governing dominion of Great Britain and a federation of four provinces:

  1. Nova Scotia
  2. New Brunswick
  3. Ontario
  4. Quebec

These four provinces were created from the former British colonies of Nova Scotia, New Brunswick, and the Province of Canada. The Province of Canada was divided into Quebec and Ontario.

Canada’s boundaries have been extended since 1867. Today, Canada consists of ten provinces and three territories.

The Ten Provinces Of Canada Are:

  1. Alberta
  2. British Columbia
  3. Manitoba
  4. New Brunswick
  5. Newfoundland and Labrador
  6. Nova Scotia
  7. Ontario
  8. Prince Edward Island
  9. Quebec
  10. Saskatchewan

Canada’s Three Territories Are:

  1. Northwest Territories
  2. Nunavut
  3. Yukon

On June 20, 1868, Canada’s Governor General proclaimed that Canadians should celebrate the anniversary of the confederation. In 1879, the date of July 1st was designated a holiday known as Dominion Day. However, official celebrations didn’t take place until the 50th anniversary in 1917 and the 60th anniversary in 1927.

After World War II, Dominion Day was celebrated more often with organized events. And, after the 100th anniversary of the confederation in 1967, Dominion Day events became more widespread. July 1st became known as Canada Day, and officially known as this from 1983 onwards. Since 2006, Canada Day celebrations have also been held in the UK at London’s Trafalgar Square.

For our Help Desk employees, Canada Day is just another workday. We plan to celebrate Canada Day just like the rest of our countrymen (and women!). But we do this by being here if you have any technical issues.

Our Help Desk is your front-line support for submitting incidents and service requests.

We say that we operate 24/7/365 and we mean it – Canada Day, Christmas, Boxing Day, Victoria Day, Easter – no matter the holiday or day of the week.

You’ll have direct access to the IT professionals who can help you onsite and provide the advice, guidance, and rapid restoration of services you need to keep your business running. 

When you call, one of our agents will log your request into our IT service management system and either resolve it for your then or escalate it to the next level of support.

You have the option of reporting an incident or service request by email or contacting us by phone. When you do, this will generate a “ticket” in our IT service management system.

Once the ticket is created, you’ll automatically receive an email receipt confirmation with your ticket or reference number. This confirmation tells you that your request has been logged at our Help Desk and that it’s been assigned to a tech specialist who knows your business and is experienced in your particular IT issue.

Here’s what we ask that you provide when submitting a request to our Help Desk:

  • Your name, business name, phone number, and email address.
  • A detailed description of the problem or concern.
  • Whether the issue you’re experiencing affects only one user, many users, your entire office, or multiple offices.
  • The impact your issue has on your business, including whether any critical applications have been affected.
  • Anything you or your staff have done to try to resolve the issue before contacting us.

Prioritizing Tickets

It also helps if you prioritize your need. Here’s an example of what we mean:

  • Non-Urgent: Your problem is minimal and doesn’t impact your ability to work. It’s something that could wait to be addressed within the next week. (For example, you’d like us to provide a new piece of computer equipment for you.)
  • Normal: The IT issue has some impact on your day-to-day operations. However, you could wait for two days for it to be addressed. (For example, you’d like us to help you find a better way to use an application or replace it with a different one.)
  • Urgent: The issue you face has significant impact on one user’s ability to work. You need help sometime during the workday.
  • Emergency: This issue has significant team-wide impact on your staff’s ability to work. Multiple employees are affected. You need help as soon as possible, no matter if it’s after hours, over the weekend, or on a holiday (like Canada Day). This is for things like outages and downtime.

Please do your best not to prioritize something as “Urgent” or “Emergency” when it’s not. This helps us to get to those really urgent requests much faster.

We want you to know that you and your staff can enjoy Canada Day with the peace of mind that our Help Desk is always here for you. Happy Canada Day everyone!

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Stopping Cyber Threats In Small Business (Training/Education)

Stopping Cyber Threats In Small Business (Training/Education)

Best Way to Improve Cybersecurity? Train Your Employees!

Why an informed team is your organizations best defense against cybercriminals

Cyber Security Training

Cyber attacks and data loss are the last thing any organization wants to fall victim to. In an increasingly digital workforce, companies are investing in all kinds of cybersecurity efforts to ensure the bad guys can’t invade their business network. This kind of security is even more important in professional services industries like finance, law and government. The more sensitive the data, the more cybercriminals want it.

The world of Information Technology is definitely evolving and rising to meet the increasing threat. However, even as technological solutions and regulatory standards are developed, the cybercrime landscape is increasingly sophisticated and complex.

Particularly, preventing cybercrime can be incredibly difficult considering the vast majority of cybersecurity issues occur as a result of human error. That’s right. Your very own employees should be your number one concern when tightening cybersecurity. Even worse? These internal threats can be very hard to identify and address because they’re so pervasive and widespread. The bottom line is that without a ‘cyber-literate’ team, your business network will always be open to increased threat.

How An Educated Team Helps Secure Your Network  

Helping your staff become and stay ‘cyber-literate’ is critical based on the very fact that most cases of data breach and loss result from an employee’s lapse in judgment. Whether the internal threats you face are malicious – like a disgruntled and spiteful worker – or more benign – like an employee who struggles with basic email technology – facing them head-on is critical.

Minimizing human errors like downloading malicious files or clicking a malicious link can make a world of difference in reducing your vulnerability to cybercrime. So, what’s the best way to minimize human error? Educate and empower your team to be their own cybersecurity experts. Without driving awareness and understanding, your team will never be truly prepared. Take the reins and help your team better identify, respond to and report suspicious cyber activity.

Not Just a Security Boost: How Security Awareness Training Improves Employee Morale and Retention 

The really great thing about security awareness training is that it really isn’t just about tightening security. Taking the time to invest in security awareness training for your staff can be a major team-building and morale-boosting initiative. Offering your team specialized training and professional development helps you communicate just how valuable they are to your organization. Even better, it makes them want to stick around – meaning your employee retention rates will be nurtured.

You may be asking: how in the world does security training make my team more committed and loyal. The answer is simple: when you include your team in mission-critical tasks, they know they’re important and valued pieces of the puzzle. It really is that simple. If your employees feel valued, included and taken care of, they will be better advocates for your organization as a whole. This means they’ll be more committed to realizing objectives and making sure the company has all its bases covered.

Plus, it doesn’t hurt that security awareness training can be an exciting break from the boring and mundane tasks of the regular workday. Who doesn’t want a job with a little bit of excitement built in? By working with your team to research and understand cyber threats – both internal and external – your team gets to focus on something new and out-of-the-ordinary. You can even let your team spearhead initiatives and stage simulation attacks to keep co-workers on their toes. Make it even more fun by creating internal competitions or offering incentives. Do whatever it takes to help your team become the masters of the technology they use day in and out.

Overall though, the biggest benefit of security awareness training for your staff is the overall improvement of your organization’s success. With a happy, informed and productive team, your network is safe and more secure from threats of all kinds. Undertaking an educational and fun team approach to cybersecurity really makes all the difference in producing positive and lasting results. Don’t leave your cybersecurity discussions limited to manager meetings behind closed doors. Involve your team, ask for their input and make sure everyone is on the same page. This is a surefire way to keep your team feeling valued and your company successful.

Empowering your Team: Tips for Effective Security Awareness Training

So, it seems like a no-brainer: get your staff well-versed in cybersecurity objectives and all will be well, right? This is true, but it’s critical to go in with a plan. Creating an effective security awareness training program for your team means you must keep a few baseline suggestions in mind. Using these suggestions as a starting point will help you develop a custom-tailored plan to meet the needs of your business and ensure all your cybersecurity concerns are shared with your team.

Check out these preliminary suggestions for effectively training your team in all things cybersecurity:  

  • Know Your Weak Spots

The first step is knowing where exactly you need your team to be extra vigilant. Are email phishing scams your biggest concern? Do you need your team to be more careful with sharing access control data? Whatever your weak security spots are, be sure to identify them and discuss them transparently with your team.

  • Avoid Doom and Gloom

Of course, you want to make sure your team is aware of the threats you face, but the last thing you want to do is scare them into silence or make them constantly dread an impending security crisis. As much as possible, keep it light and keep it fun. Avoid the doom and gloom and find ways to make this a team-building exercise instead of a divisive warning.

  • Empower Your Team

The best thing you can do when working to train your staff in all things cybersecurity, is to let them lead the charge. Ask their opinions about various threats. Allow them to offer strategic suggestions and provide their input. The more you empower your team to take initiative, the better they will be at protecting data on the frontlines.

  • Consult an Expert

Another great suggestion when undertaking security awareness training for your team is to check in with a local team of IT security experts. If you’re wondering how to start and what you should focus on, consultation with a strategic IT partner can make all the difference in getting you and your team on the right path. IT professionals have the experience and expertise to help you build a strong internal cybercrime defense.

No matter what industry you’re in, helping your team better understand cyber threats and strategies for mitigation is critical to the success of any modern business. The last thing you want is for one of your team members to inadvertently welcome cybercriminals into your network. You really don’t have to live with this constant fear. Take the initiative to get on the same page as your team – let them know the threats you face and empower them to take action in anyway you see fit.

Once you have your own team prepared and in your corner, you’ll be better able to take on any cybercrime battle that comes your way. Consult with a team of professionals to find out exactly what you and your team should be doing to stay secure.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Ohio Fire & Police Hit By Ransomware

Ohio Fire & Police Hit By Ransomware

Ohio Fire and Police Departments Latest to be Hit by Ransomware Attack

US Secret Service investigates after second ransomware infection in a month

Ohio Police Fire Ransomware

In April of this year, news broke of a devastating ransomware attack at Riverside Fire and Police Department in Ohio. The attack halted operations and over ten months’ worth of data relating to active investigations was encrypted by criminals. The emergency service department’s server was said to be infected through malicious correspondence, disguised as a legitimate email fax.

Luckily, in response to the first attack, the Riverside Fire and Police Department did not pay the ransom, setting a great example for other ransomware victims across the country. The emergency service departments managed to recover most of the critical data from existing backups and public court records. However, the extent of the attack left the Fire and Police departments unable to restore their systems completely.

Doubling Down: Riverside Fire and Police Department Gets Hit by Second Virus

Even worse? The cybersecurity trouble didn’t stop there for the Riverside Fire and Police Department. Less than a month after the initial attack – just as the departments were getting their bearings –cybercriminals struck again and infected Fire and Police servers with a second ransomware outbreak. However, since the departments were on guard from the first attack, their team was more prepared to respond to the second infection.

News of the second attack broke in early May when the US Secret Service was summoned to Ohio to lead a cybercrime investigation. Luckily, department officials had learned from the first attack and had begun backing up data daily. Thanks to this proactivity, the second attack was only able to hold about eight hours of work hostage and the Fire and Police Department was able to recover quickly and fully after the second attack.

However, just because the second attack wasn’t as bad, doesn’t mean it didn’t have a negative effect on productivity at the emergency services department. City Manager, Mark Carpenter claims that though more proactive backup measures had been taken, rebounding from the attack still resulted in redundancies.

“Everything was backed-up,” Carpenter said in an interview. “But we lost about eight hours’ worth of information we have to re-enter. It was our police and fire records, so we just need to re-enter the reports.”

US Secret Service agents are taking the attack very seriously, commencing an extensive investigation. Secret Service agents hope to determine specific points of entry – not just for this attack but for the initial attack as well. The investigation will hopefully uncover critical clues that will help officials track down and stop the hackers once and for all.

A Startling Reminder: No One’s Digital Data is 100% Safe!

These repeat attacks on the Riverside Fire and Police Department serve as a critical reminder that emergency service departments are increasingly becoming victims of ransomware attacks and data loss. In fact, many recent ransomware attacks on emergency service departments have been more devastating than this year’s attack in Riverside. Last year, the Cockrell Hill Police Department in Texas was hit with a massive ransomware attack, resulting in the loss of nearly eight years’ worth of investigation data and evidence.

It doesn’t stop there either. Recent attacks on emergency service departments have been reported across the country. Most recent reports include attacks in Illinois, Massachusetts, Oregon, South Carolina, as well as additional attacks in Ohio and countless others from coast to coast.

However, it must be noted that there’s no evidence to suggest that cybercriminals are specifically targeting emergency service departments. Rather, these attacks do suggest that the bad guys are attempting to deploy more enormous and wide-reaching phishing campaigns in hopes of hitting as many targets as possible. Using manipulative social engineering strategies on a large pool of potential victims, improves the chances of duping targets and infecting as many servers as possible.

If Cyber Criminals Can Breach a Police Station, How Safe is Your Company Data?

While emergency service departments are often able to bounce back quickly – thanks to reliable backups or quietly paying off ransoms – this increase of ransomware attacks emphasizes the need for security awareness training, even for the most seasoned of investigative departments. More importantly, these attacks also serve as a crucial reminder for everyday business professionals. If police and fire departments are falling victim to ransomware attacks, even with the best firewall and cybersecurity measures in place, regular business owners should be on much higher alert.

No matter how extensive your company’s cybersecurity efforts may be, phishing attacks are increasingly being designed to sneak past filters and firewalls. Therefore, getting proactive must be prioritized in your cybersecurity toolkit. Phishing scams are now the most common and effective mode of malware attack and in turn, training your frontline workers to identify these attacks right away and respond to them effectively is critical to keeping your data safe.

Security awareness training is often cited as the best means of preparing front-line tech users to identify and respond to malicious cyberattacks. After all, an informed and vigilant team is a business’ best defense in an increasingly hostile and sophisticated cybercrime climate.

Preparing for the Worst-Case Scenario: What is Security Awareness Training?

Security awareness training isn’t just about reading up on the latest attacks and teaching your team the definitions of phishing, malware, and ransomware. Truly proactive security awareness training involves detailed and interactive modules that help users get a hands-on experience. This includes throwing your team into realistic attack simulations to help them identify red flags and respond with finesse.

So how do you ensure the training you’re providing to your team is up to snuff? Consult or partner with an expert in cyber security. Today’s managed IT service providers are current on the latest cyber-threats. They can assess your current security to see if it’s powerful enough to stop all attacks. In addition, a good IT professional will recommend customized security solutions that can fortify your organization against the ongoing attacks. As the world moves forward, protecting our priceless data is fast-becoming a number one priority.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Confused About All These Tech Terms: Information Technology Glossary

Confused About All These Tech Terms: Information Technology Glossary

In today’s world, everyone uses information technology. This is simply the technology behind our computers and networks including software and hardware. For businesses, it includes servers, data centers, and other technology to support their IT infrastructure.

Information Technology Glossary

In spite of its prevalence, many people are not familiar with some of the terminologies and terms used by IT experts. Below, we offer up a few of the most common expressions and give you easy-to-understand definitions. These are by no means a thorough explanation of the terms but they do provide an overall idea of what the word means.

Glossary

Artificial Intelligence-The development of computer systems that can perform tasks that would normally require a human. They include speech recognition, language translation, visual perception, and decision making skills.

BDR – This abbreviation stands for “backup and disaster recovery”. This is a plan where all hardware and software is regularly saved in both onsite and offsite locations. This can prevent data from actually being lost. If a data breach occurs, an IT specialist can restore the whole system from backed-up copies. This helps a business to get back up and running very quickly even after hurricanes or other disasters.

Big data-This term refers to extremely large data sets used for the purposes of analysis. This complex data processing is often completed by larger companies in order to reveal trends and patterns that can help them with upcoming marketing campaigns.

Breach (cyber) defense-Any method of protecting your networking and computing resources from intruders and hackers. This can include protection for your IT infrastructure along with antivirus software and firewalls. All known threats are analyzed, then strategies are formulated to stop these attacks before they occur. Most breach defense mechanisms include a planned response to any type of cyber-attack. A good breach defense will include strong measures to safeguard company assets.

Business Continuity– The ability for a business to continue its operations even when there is a cyber breach or other disaster that would normally cripple a company.

Cyber or security breach– An internet security breach where cyber thieves hack into your computer systems and steal data or plant malware. These breaches can cripple your organization and damage your data including customer records. Cyber breaches usually cost a business over one million dollars for each event and they damage the company’s reputation, harming the brand.

Dark Web– This is the Back Alley of the Internet. It is where illegal transactions often take place. Drugs and other contraband are sold on the Dark Web. Entry into this area requires a special browser known as Tor (The Onion) and special software to protect the user from the many dangerous threats that loom on the Dark Web.

Deep Web– Any content that is not indexed by Google bots including educational sites, email programs, company intranet, etc.

Hybrid Cloud-A cloud computing environment where a mixture of public and private cloud services are created to lower operating costs and gain access to a wider range of computing resources.

IT Infrastructure-This term includes all networking, servers, computers, software, hardware, and other technology used to manage and support all information technology resources.

Machine learning-This is a subset of artificial intelligence (AI) where a computer system automatically learns as it processes data. The computer doesn’t need to be explicitly programmed to achieve desired results. This science develops computer programs that can access data and learn while they’re working so that they evolve into smarter machines over time.

Malware– A combination of the words “malicious” and “software”. This term has come to refer to any type of software that was built for the specific intent of disrupting a company’s computer network and damaging computer equipment. It can include spyware, viruses, Trojan horses, worms, adware, and many other types of malicious software.

MSP– An IT Managed Service Provider (MSP) is a company that provides a full range of services to help businesses manage all their computer and network resources.

Outsourcing-The process of hiring an outside company to manage all aspects of networking, IT, communications, computers, servers, and other information technology.

Private Cloud-A private cloud refers to a cloud computing environment where a private IT infrastructure is created for one specific organization. It is usually managed with internal resources.

RPO– Recovery Point Objective is the maximum amount of time that data should be lost due to a natural or manmade disaster.

RTO– Recovery Time Objective is the maximum amount of time a business can be without its data (due to a natural or manmade disaster) before the business is at risk.

Ransomware-A type of malicious software where a cyber thief blocks the user’s access to his or her own computers, network, and data. The thief demands a ransom in order to restore full access to all computer systems. Money is extorted from business owners usually in the form of a cryptocurrency like Bitcoin which is untraceable. Ransomware attacks have escalated due to their overwhelming success. Normally, a Trojan disguised as a legitimate file, is accidentally downloaded. These can come as email attachments or links. One of the most dangerous Ransomware programs is called “WannaCry worm” and it can travel between computers with no user interaction.

Resolution Time-The amount of time it takes to resolve an issue, most often a security, network, or IT problem.

Response Time-The amount of time it takes for a service provider to respond to a call for service from one of its clients. Most IT providers guarantee specific response times as a perk to selecting their service over others.

Scalability-A company’s ability and flexibility to scale up or down as business needs arise.

SLA- A service-level agreement (SLA) is a contract between a customer and a service provider. It outlines the duties and responsibilities of the service provider and the terms of the contract. It includes the signatures of those in management from both entities.

Software bug-An error, fault, or flaw in a computer program that produces an unintended effect. Bugs are usually the result of mistakes by programmers when developing the source code. The term “debugging” is often used to describe the process of fixing software bugs.

Virtualization-Virtual Machines (VM) are created that look and behave exactly like the real thing. This can include servers, networks, operating systems, or storage devices. This allows a company to have a much more sophisticated IT infrastructure at lower costs. It also enables a business to enjoy the benefits of scalability. With virtualization, you can easily scale up or down as needed, so you only pay for services and equipment that you need at that time.

VPN– Virtual private networks (VPN) are built over public infrastructures to provide a higher level of security to the data transmitted. Usually, encryption is used to protect apps and data from intruders as the data is processed across the internet. There are numerous types of VPN, including Advanced VPN, PureVPN, Hotspot Shield, and ExpressVPN.

Zero Day Threats– This is a threat exploiting vulnerabilities within computer security systems. The term is derived from the word “zeroth”, which is the time of the exploitation. It occurs either before or on the first day the developer becomes aware of it. Therefore, there is no security fix for the threat due to the fact that developers are completely unaware of its existence. A number of different vectors can be used in a zero day attack. These attacks are usually instigated by well-known hacker groups who take pride in being able to outsmart developers.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Thinking About Moving Everything to the Cloud?

Thinking About Moving Everything to the Cloud?

Check Out These Pros and Cons First.

Many of today’s business owners have decided to move their IT infrastructure to the cloud. In a large company, the number of services and workloads can be staggering, making the transformation a hugely complex procedure. Even in smaller businesses, there are pitfalls to be aware of. If you know about these before you begin, then you can avoid some costly mistakes.

Thunder Clouds

Remember that all clouds do not have silver linings. Some are just big ole thunderclouds that are about to dump 10 inches of rain on your parade. If you understand the issues and complications that can crop up, then you can bring your umbrella and escape getting all wet. If not, you may be in for some rainy days ahead.

What are the benefits?

Migrating to the cloud can deliver some “big-company benefits” that small businesses need these days in order to compete in the global marketplace. However, as many business owners have learned, there can be security issues, unexpected costs, and other snafus. The most successful cloud migration approach involves careful planning. It’s often a great idea to engage with some experts in cloud technology to help you. These experts understand what’s required and they’re familiar with cloud best practices. They can help you optimize the migration process.

You also need clear heads who can keep you on the right road. Why are you moving to the cloud? Most business owners will answer that they’re hoping to reduce their infrastructure costs. That’s a good reason and the primary motivation behind most moves. The problem is that somewhere during the move, it’s easy to lose sight of these basic fundamentals. Cost reduction does occur for most companies but it’s not a guarantee.

If the process is carried out incorrectly and/or the wrong cloud management maturity roadmap is followed, you could wind up in a ditch instead of on cloud 9.

The hybrid infrastructure strategy

Digital transformation and hybrid architecture – these are terms that many business owners struggle with. Though you’re probably an exceptional CEO, manager, or small business owner, if your expertise is not in the realm of Information Technology, hire a pro. In the midst of moving to the cloud, you need to know that everything is being done according to best practices. The diverse environments of infrastructure and operations (I&O) present numerous challenges.

Before you move everything to the cloud, consider the following:

  • The full cost of this process including hidden expenses
  • On-premise vs. public cloud
  • The security of your data
  • Bandwidth availability
  • Ownership of the data
  • Availability of moving the data
  • Developing a multi-year strategy that includes ongoing ROI

The cloud roadmap

In order to seamlessly migrate your physical infrastructures to private, public, and multi-cloud environments, you must first decide which services and applications are best suited for the cloud. Not every application is a good fit for the cloud. A good operational model will help your select the right services and apps based on their unique requirements. In other words, you need a good solid roadmap that outlines what will be moved, when it will be moved, and whether you have the right security to protect all your data throughout the process.

This is especially important in industries where compliance is a factor, such as the healthcare industry. One HIPAA violation can be expensive but a good IT specialist will make sure that all data both in and out of the cloud is well-protected.

Assess the risks

Begin your cloud journey with an assessment of your current business network and IT technology. Include your current resources, along with the maturity of your processes and people. Consider these questions:

  • Which services and applications can best benefit from migrating to Azure, AWS, or other cloud platforms?
  • How will you manage third-party vendors to prevent data leaks?
  • Do you have an IT team or outsourced IT provider with the right experience for this job?
  • Should you migrate everything at once or do it in stages?
  • Have you considered whether your new cloud environment is viable for both the short- and long-term?
  • Can your new cloud infrastructure support growth?

Hybrid infrastructure offers unique benefits to business owners. But it’s not a solution that will fix every IT problem you have. Instead, it’s more of a strategy for ensuring that your business can compete in a global marketplace.

Cloud solutions and hybrid architecture aside, no one can predict the future. But it’s a good bet that cloud technology will evolve rapidly and your new cloud solution should be able to grow right along with it. That means flexibility. And, it should continuously assess your network security and compliance to relevant regulations. One single data breach these days can cost a million dollars.

What to do next

Before you take the next step, it can be highly beneficial to engage with cloud experts who have completed this journey for other companies. When you work with experienced professionals, they’ll guide you down the right path. As you move your applications and services over to the cloud environment, they will advise you every step of the way.

This can eliminate a lot of the worry and stress, plus it usually helps you to complete the process without wasting precious time, money, and resources. Know where you’re going before you begin your journey and the cloud transformation can be an exciting new adventure for your business.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Microsoft Office 365 Service Trust Portal: What It Is and How It Works

Microsoft Office 365 Service Trust Portal: What It Is and How It Works

Data protection and compliance is a major concern for organizations worldwide. With the introduction of the Service Trust Portal, organizations working to support or protect the privacy rights of individuals in Microsoft’s online environment can now rest easy.

Defining the Service Trust Portal

This is a one-stop shop for security, regulatory compliance, and privacy information related to the Microsoft Cloud. The Service Trust Portal, also referred to simply as STP, is a service feature available within Microsoft Office 365 that provides current and prospective users of the platform with a wealth of insight into how the tech giant manages privacy, compliance, and security.

This platform is the location where Microsoft shares information that organizations need to perform due diligence and evaluate all of Microsoft’s cloud services. Microsoft has launched this service as a way to help improve transparency, enhance understanding, and simplify assessments for its users.

What is contained on the STP

The Microsoft Service Trust Portal (STP) contains quite a bit of useful information aggregated from all across the Microsoft cloud services. It also has tools and other resources that organizations need for all things concerning security, compliance, and privacy.

Detailed information

STP is home to in-depth information regarding Microsoft’s way of managing security and how you can access it as a user. The portal has information about compliance and privacy within the Office 365 environment, with the goal of making it easier for users to understand how Microsoft cloud services safeguard data so they can meet their own regulatory compliance objectives.

These include audit reports from independent third-party service providers. Users can find information regarding the ways in which Microsoft’s online services may be able to help organizations comply with regulations and laws. The following standards are included:

  • NIST, or the National Institute of Standards and Technology
  • FedRAMP, or the Federal Risk and Authorization Management Program
  • ISO, or the International Organization for Standardization
  • SOC, or the Service Organization Controls
  • General Data Protection Regulation, abbreviated as GDPR

The regulatory environment is just as dynamic as business risks. With all the compliance-related documents in this platform including audit reports, frequently-asked questions, white papers, and more, you’ll be able to learn everything you care to know.

Assessment tools

There are a rich variety of tools on the platform. These include the resources you’ll need for data protection, risk assessment, and compliance management. These resources should simplify your compliance journey.

Microsoft Cloud compliance resources

STP is also loaded with other resources about Microsoft’s security, privacy, and compliance practices. Essentially, these are centralized resources for all of Microsoft’s Cloud services.

Accessing the Service Trust Portal

STP is a free resource available to everybody; both existing Microsoft online services customers and those who are simply evaluating the cloud-based platform.

To access the Microsoft Service Trust Portal or any of the STP materials, you must be logged in to the platform with your Microsoft cloud services account.

Whether you have an Azure Active Directory account or a Microsoft account, log into that account to take advantage of all the tools and resources now available. You will be asked to accept their Non-Disclosure Agreement for Compliance Materials, so click on “Accept” to move forward.

If you are a current Microsoft cloud services registered user, you can access the Service Trust Portal at https://aka.ms/STP with any of the following internet subscriptions available for both trial and paid users:

  • Office 365
  • Microsoft Azure
  • Microsoft Dynamics 365
  • Microsoft Intune

New customer sign-up

If you are just considering Microsoft online services for the first time or as a new user, you have the option to create a new account or create a trial account. Either of these should allow you to access the Service Trust Portal.

That said, you can use any of the following sign-up forms to gain access to the Microsoft STP. Ensure that you enable Azure Active Directory at the time of signing up to support your access to the STP.

After you are logged into STP, you can access any of the content available on the platform by navigating to the section containing the item you’re looking for and clicking on it.

To review content on the STP, pick an option from the menu: Audit Reports, Data Protection, Azure Security and Compliance Blueprints, Poland Compliance, Romania Compliance.

Once you locate the item you need, you can click on it and download it locally for your own use. Other resources such as the FAQs are serviceable from within the STP, so you won’t have to constantly download documents to your hard drive.

Wrap up

You’ll be happy to know that Microsoft is regularly adding more tools to STP to empower organizations. So, you’ll want to keep checking back to STP for the latest available information.

Service Trust Portal

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

Nest, Google’s Smart Home Division, Discovers Leaked Passwords and Contacts Customers

Nest, Google’s Smart Home Division, Discovers Leaked Passwords and Contacts Customers

Nest Labs, a division of Google, recently discovered a list of email addresses and passwords that had been published online. As part of their ongoing commitment to protect their customers from hackers, Nest continuously monitors databases found online of stolen or leaked passwords. When they found that some of their customers’ passwords were listed on a phishing website, they sent out an email to customers.

Nest Password Leak

Consumers remain the weakest link

Security experts all agree that the weakest link when it comes to internet security is the consumer. People click on suspicious links that download a virus or worm onto their device. They also frequently use the same password across multiple accounts. Many users visit sites that are unsafe where they may be exposed to malware. Often, consumers use the same password for years. All these practices make it very easy for hackers to steal passwords then break into various accounts.

Nest takes proactive stance

When Nest found the databases of leaked passwords, they sent out emails to all of their customers that read in part:

“Nest monitors publicly leaked password databases and checks our own databases for matches. We’ve found that your email and password were included in a list of accounts shared online. Common causes of password theft are falling victim to phishing emails or websites, malware, and password reuse on other websites which may have been compromised.”

The letter goes on to give instructions to users about what to do next and this applies to anyone who suspects that their password has been stolen. Instructions are below:

  1. Sign in to your Nest Account (bank account, credit card account, etc.) immediately.
  2. Navigate to the account management screen and find the item that says, “Reset Password.”
  3. Select a new password. Be sure to use numbers, letters, capital letters and symbols. An example of a good password would be: 57Rop*82!@HK. A password like this is much harder for crooks to decipher. An example of a weak password would be: time1234. This password would be easy for hackers to learn.
  4. Click “Save” to save the new password. Be sure to make a note of the password.
  5. You can also go to the log-in screen of any account including Nest and click on “Forgot Password.” This will initiate a procedure where you are sent a code (usually as a text message). Enter that code where prompted, then proceed to create your new password.

Nest reminded its users that unless they did log on and change their password within a set length of time, the company might disable access to their account. Often, users put off changing passwords so the company most likely felt like it was necessary to include this veiled threat to shut down the account until a new password was chosen.

How to change your Nest password using the app

The company also included instructions for changing the password via the Nest app and these are given below for your convenience:

  • On the Nest app home screen, tap the Menu icon.
  • Select the Account icon.
  • Select “Manage account,” then “Account security,” then “Account password.
  • Enter your current password and your new password, then tap “Save changes.”

How to use Two-Factor Verification (2FA)

Nest also offers the option of 2-step (2-factor) verification, which can add a layer of protection to any account. This is very important to do for financial accounts and other accounts like Nest where your home, family or money might be at risk. The instructions for adding 2-step verification are given below:

  • On the Nest app’s home screen, select the Menu icon at the top.
  • Select Account.
  • Select “Manage account,” then “Account security.”
  • Select “2-step verification.” Then tap the switch to toggle 2-step verification on.
  • Follow the prompts to enter your password, phone number, and the unique verification code sent to your phone.

Cyber theft increasing globally

Many experts are now recommending that customers add 2-step verification to all their online accounts. The increase in hacking and phishing schemes worldwide has alarmed many security experts, as well as consumers. It has become commonplace to read that one of your favorite stores or most trusted brands has lost millions of data records to hackers.

This fact has spawned a new generation of security experts and advocacy groups whose purpose is to stem the tide of the growing number of cyber thefts. One of these groups called the Internet Society was the first to discover the Nest breach when they stumbled across an email from Nest to one of its customers. The society forwarded the email to the Online Trust Alliance and they published it as a blog post. Once this occurred, the story made international news.

How Nest learned of the breach

Though Nest has not revealed how they learned about the compromised passwords, it is believed that they regularly check a site called “Have I Been Pwned?” which is run by Troy Hunt, a security researcher. The site can be used to check whether any of your passwords have been stolen or leaked online. It includes half a billion passwords and other credentials stolen from consumers all over the world.

About Nest Labs

Nest Labs, now a division of Google, provides home automation tools that are programmable, sensor-driven and self-learning. Using your home’s Wi-Fi system, Nest products can be controlled either at home or remotely. These products include smoke detectors, thermostats, indoor and outdoor security cameras, security systems, lights, and other common household appliances.

Nest was founded in 2010 by Matt Rogers and Tony Fadell, engineers who formerly worked for Apple. The company grew quickly to 130 employees and within just a few short years, Nest Labs had grown to 280 employees worldwide. In 2014, Google acquired the company for an estimated $3.2 billion. Today, the company has over 1,200 employees. They recently built a state-of-the-art engineering center in Seattle, Washington.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

CYBER THEFT, A REAL THREAT TO SMALL BUSINESSES

CYBER THEFT, A REAL THREAT TO SMALL BUSINESSES

Cybercrime is no longer a new phenomenon. The zeal with which cybercriminals have committed these offenses in the past has led to an outcry from businesses and organizations. Cybercriminals are constantly on the prowl for new sites to attack. They are continuously improving their methods of attack. To make matter worse, this type of crime is very difficult to solve. The attacks themselves become more sophisticated as the days go by. Many experts are searching for real solutions; permanent solutions.

Cyber Threats To Small Business

The threat to small businesses

While many organizations have put in place various measures to prevent this crime, a look at the statistics reveals that only large organizations are really doing everything they need to do. Smaller companies either think they can’t afford good protection or don’t need it. The best protection from cyber breaches is expensive. It requires training for employees, risk assessment, and the installation of a good array of programs that can detect and prevent intrusion. There are ways that small businesses can get the same top-notch protection as a large organization. And, it is imperative that they do so. A big data breach could cost your company millions of dollars. Most experts say that it’s not a matter of IF you get attacked; it’s just a matter of WHEN.

How real is the threat?

The threat of a cyberattack is a lingering one despite the amount of protection that one invests in. That’s because the nature of this crime is to evolve with each new attack. This is why most business owners prefer to invest in protection services with the ability to detect cybercrime before it occurs. The Verizon Data Breach Investigation Report shows that the threat of cyberattacks on small businesses is much greater than small business owners anticipate. This group states that up to 61% of cyber security breaches were experienced by small businesses last year. This was an 8% rise from 53% in the previous year.[1]

Cost of cyber-attacks on small businesses

While small businesses fail to invest in protection systems because of the costs, it is noteworthy that the amount of money lost as a result of cyberattacks is considerably higher. The ransomware attack is a great example of this fact. One ransomware attack can stop your workforce in its tracks. Your data will be locked until you pay. Some thieves threaten to release your internal documents to the public. This caused a huge amount of embarrassment for Sony Pictures after their 2014 data breach.[2] The North Koreans took responsibility for this breach, claiming that they did not like a movie that Sony was about to release where the North Korean dictator was to be made fun of.

In the end, the damage to Sony was more about being embarrassed before the whole world. Sony’s reputation was severely damaged. Though large companies like Sony can survive an attack like this, small companies cannot. A new study shows that cyberattacks cost on average, $38,000 per attack.[3] Below are a few other stats pertaining to small businesses and data breaches:

  • 23 percent lost business opportunities after an attack.
  • 29 percent lost revenue; 38 percent of those lost more than 20 percent.
  • 22 percent of businesses lost customers; 40 percent lost more than 20 percent of their customer base.

In some cases, small businesses must close their doors within a few months of the attack. Small business owners are only just realizing how vulnerable they are. This is due to the fact that most small businesses are an easy target for hackers. They simply don’t have sophisticated enough data protection programs in place.

What can you do about it?

The first step for any small business is to invest in effective cyber security software. These should be installed on all computers and mobile devices. The second step is to install a remote computer backup. Always have recent copies of your database stored somewhere offsite. A remote computer backup makes recovery of data much simpler.

A third step is to test your data security systems and procedures regularly. This can be easily done through a gap analysis. A gap analysis will enable the business owner to know how effective the data protection system really is. It takes into consideration the detected threats and compares these with the protection system. It is also sensible to develop a data breach response plan. This should include a communications response plan.

Proper response in cases of data breach can save a company millions of dollars and protect customers. A good response plan can let everyone including stakeholders know what’s going on. The sooner your employees know what’s happening, the sooner they can shut down their computers and mobile devices so that the virus can’t spread. All computers and devices with company data should be disconnected from the network until the issues are resolved.

Cyber liability insurance can also come in handy in case of attacks. As we have noted, up to 60% of small businesses which experience cyber-attacks are forced out of business within six months of the attack. Cyber liability insurance will protect your assets.

Final thoughts

Small businesses are currently attractive to cybercriminals because of their lack of protection. When it comes to cyber security, it should be noted that prevention is definitely the best route. Though many prevention measures appear costly, it can save your company from going through a nightmare that will be expensive and damage your reputation.

[1] https://www.verizonenterprise.com/verizon-insights-lab/dbir/

[2] https://en.wikipedia.org/wiki/Sony_Pictures_hack

[3] https://www.score.org/blog/cyberattacks-cost-small-businesses-more-money

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →

10 Major Reasons Small Businesses Are Still Vulnerable To Malware Attacks

10 Major Reasons Small Businesses Are Still Vulnerable To Malware Attacks

We have seen firsthand the common errors and oversights that lead to infections and intrusions – and we want to help your business learn from those mistakes.

Malware Attack

When it comes right down to it, cybersecurity best practices are not nearly as complicated or confusing as they seem on the surface. That’s not to say that security is simple, but rather that the best precautions have more to do with common sense and practicality than anything else. Yes, the software and safeguards you choose matter, but the best way to avoid something like malware damaging your business is to be smart about all aspects of your cybersecurity – not just the technological parts.

Here are the 10 main reasons businesses like yours are still at serious risk of suffering a malware attack.

1) You Still Think It Can’t Happen To You – Smaller businesses have a habit of assuming that just because they’re not a Fortune 500 company, a cybercriminal would have no interest in disrupting their operations or stealing their data. The reality is that couldn’t be further from the truth. It takes minimal effort on a hacker’s part to successfully target an SMB that has invested very little in their IT security, letting them use your business for practice or sport, and profit off of your stolen data. Most of the new malware variants are automated and target ANY business that lacks protection from a particular vulnerability.

2) Threats Evolve Faster Than You Realize – Like any other aspect of technology, malware and other cyber threats are constantly changing and evolving. Hackers are continually coming up with new ways to target businesses, and are creating more advanced threats. If you’re not up to date on the latest malware strains and zero-day exploits, you very likely have a gaping hole in your cyber defenses. This level of vigilance is all but impossible to achieve without full-time IT security staff at your disposal.

3) Your Staff Isn’t Up To Date With Security Best Practices – Your employees are both your best defense and your biggest weakness. Just about every cyber threat out there relies heavily — if not entirely — on the unwitting assistance of someone inside your organization to be effective. If your staff isn’t well-educated on security best practices and offered ongoing training and information to keep them up to date, any number of threats can target your business with ease.

4) Your Policies And Protocols Are Lacking – Your policies need to focus on more than just password control. At the minimum, you should have two-factor authentication and access controls in place to protect mission-critical data. By tightly regulating access to your files, folders, and systems, you can reduce the odds of an unauthorized users getting their hands on your data or finding a way inside your network.

5) You’ve Got Major Exposure To Multi-Vector Attacks – A standard firewall or antivirus will only protect your network against certain types of infections or attacks. If your security measures and protocols don’t take into account email, web browsing behaviors, file sharing, and network activity, your defenses won’t hold up under a multi-vector attack.

6) Your Technology Is Too Complex For Your Administrators To Manage Effectively – When you leave the responsibility for your business’ cybersecurity in the hands of a single in-house IT person or designate a staff member the administrator of these systems, you could be setting your business up to fail. A solid IT security system is far too complex for a single individual to manage on their own. Automating as much of your cybersecurity as possible can help to lighten the load, but these systems still need oversight to run effectively.

7) Your Systems And Software Are Out Of Date – An alarming number of malware infections — including the now-infamous WannaCry ransomware virus — use pre-existing system or software exploits to gain access to targeted systems. More often than not, security experts are aware these exploits exist, and release patches and updates designed to rectify the problem long before a hacker figures out how to make use of said exploit. However, if you’re not keeping on top of these patches and updates, you’re essentially propping a door open for a cybercriminal to waltz right through.

8) You’ve Got Zero Network Visibility – If you’ve got little to no idea about what’s going on inside of and around your network, it’s more than a little difficult to spot threats. Network monitoring tools can quickly detect both internal and external threats, and contain them before they can cause damage.

9) You’ve Got Lackluster Data Backup Practices – The most terrifying malware infection to date has been ransomware, and no other infection makes a better case for the importance of data backups. Without current and complete backups available for your business to restore from – specifically offsite backups that are insulated from threats that target your network and systems – it’s next to impossible to survive a ransomware attack. Businesses that don’t have reliable and up to date data backups to count on will typically close their doors within six months of a major data loss incident.

10) You’re Falling Short Of Compliance Requirements – Any compliance regulations your business is subject to – whether that be HIPAA, PCI, or any other industry-specific guidelines – will make strict recommendations for security. Simply by working to make sure you’re meeting these requirements, you can take a huge step towards better cybersecurity practices.

At the end of the day, great cybersecurity is not impossible to achieve. Often, it just comes down to having the right support in place. The true value of working with an MSP like Paradigm Network Solutions comes not from the specialized tools and support we can offer, but from the guidance and advice, you can only receive from experienced and knowledgeable technology professionals who understand your world, and the threats present in it.

Want to learn more about the industry-leading cybersecurity solutions and support we have to offer? Contact us at (416) 490-9019 or sales@ittoronto.com.

Posted in: Tech Tips for Business Owners

Leave a Comment (0) →
Page 1 of 26 12345...»