Monthly Archives: March 2016

Receive Security Up-Dates with IT Monthly Management Reports

20160331

IT Monthly Management Reporting can provide up-to-date and comprehensive protection for your entire business.

There are best practices for everything in business, software coding, sales management, and human resources, just to mention a few. IT monthly management reporting is a best practice with the purpose of keeping executives and owners informed regarding the health of their business’ information technology (IT) network.  A report will let you know what is working and what isn’t, what needs your immediate attention and those things that can be taken care of “down the proverbial road.”  A significant feature of IT monthly management reporting is the security aspect of your IT system.

Certainly, as a business owner or executive you are flooded with reams of data and business intelligence, such as sales numbers, inventory information, financial reports, facility records and so on. However, it would be an oversimplification to say you only care if your network is secure. After all, what does “secure” really mean?

Everyone has their own definition of “secure.”  It is a difficult thing to quantify, but you really do want to know if your business environment is safe from all risks. Security is not a state of compliance.  It’s not a condition of being happy with a certain level of perceived safety. Nor is it the knowledge that no known intrusions have taken place. Many organizations end up getting themselves into trouble by being content with this last bit of information. It’s no secret that organizations are failing at early vulnerability and breach detection. In fact, according to a Data Breach Investigations Report, over 92% of breaches go unnoticed by the target organization.

The science of security originates in the tools that quantify security events: number of breaches and viruses, what was blocked, what got through, the damage caused, and the staff hours and resources used to support security.  Effective IT reporting is the art of interpreting this raw data into forms that educate and influence decisions, translating the information from “geek-speak” into what you need to make informed decisions regarding the security of your business’ IT structure.

Every business has different cultures, operations and expectations. Regardless of these differences, organizing your IT reports, especially the security aspect of the information, into easily understandable intelligence, will go a long way in informing, educating and influencing your decisions. By tracking the changes in the monthly reports you can see the progress made in remediating problems affecting your overall security environment. In addition, rather than just conveying information, the statistics and trends the reports contain allow you to make necessary adjustments in your business’ policies and procedures that have to do with your IT communications, user information and other aspects of IT security.

An IT monthly report will include information regarding the day-to-day services that maintain your organization’s security stance and lessen or lower risk. What does that include?

  • Controlling access to systems through such things as remote access tokens or keys
  • Maintaining firewall rules
  • Responses to external threats such as viruses, worms, ransomware, and other maleware
  • Recovering from security incidents
  • Rehabilitating compromised equipment
  • Discovering and Preventing vulnerabilities

Each report should contain two types of information, assessment and activities. The assessment aspect should answer your main concern, “Are we secure?” It should be short and simple, and essentially coded into area such as: “problems,” “concerns” and “satisfactory.” It should answer questions like: “Do we need additional employee training and quality assurance?” A goal of the assessment report is to highlight items that need your attention.

The activity aspect contains details regarding the assessment. How many intrusion attempts were deflected? If a threat gained access, what was the cost of recovering from system compromises? This aspect should contain information regarding routine tasks such as password resets, and access token issues. It is here that your IT MSP should provide you with tangible evidence that your investment in their services is of value to your business.

Contact us, we don’t just monitor your system, we manage every aspect and provide you comprehensive information about the health of your network on a monthly basis.

Here come the Thingbots!

20160324

As the Internet of Things continues to become more common in our daily lives, the vulnerabilities of these devices will become more apparent and more in need of protection

Information technology experts have been dealing with malware for years now. First, worms, then viruses, then ransomware. Malware re-invented itself as the internet expanded and hackers found new ways to make money through criminal enterprises on the net. That was then; this is now: get ready for the rise of the thingbots.

The Internet of Things

Last year, the internet was awash with stories about the rise of the Internet of Things (IOT). In the new digital world all our smart devices would be able to talk to each other and connect to the smart grid. Our toasters, coffeemakers, baby monitors and our internet-connected cars will communicate with each other and with our smart houses to make our lives so much simpler, organized and automated. The IOT would learn our preferences and our habits and adjust programming based on what they learn about our wants and needs. Some experts estimate that by 2020, a mere four years from now, between 25-50 billion devices will connect to the Internet and, potentially, to each other.

When that happens, IOT will not only take in data about our lives but will send data to other external machines. For example, the smart refrigerator not only keeps tabs on the food in your refrigerator and knows when you need to order particular items. It can send the list of foods you need to order to your smart phone, and then externally to the shopping delivery network that you use.

How do botnets form?

Botnets form when malware takes command over large numbers of computers (the term “bots”, derived from robots) and organizes them into systems (nets). A botnet, then, is a system of computers infected by malware. Botnets are the reason we have most of the hacking, spamming, and malware that we face each year.

As a rule, most of us haven’t worried too much about botnets attacking our computers. They seemed to mostly target the data of Fortune 500 companies or cause denial of service issues. When you hear the numbers of computers infected and controlled by botnets, however, the scale is nothing short of amazing. Just as an example, hackers created one botnet called ZeroAccess. At its height, this botnet reportedly controlled 1.9 million computers around the world in its efforts to commit cyber crimes.

Botnets are a threat to both businesses and personal users. We all use smart devices now. We bring our smart phones, notebooks and tablets to work. Any infection in the business network will spread easily to your personal devices. Similarly, an infected personal device linking to the business network can spread the infection to the network.

Of course, corporate networks usually have more sophisticated anti-malware protections and cyber-security systems than we do at home simply because they have more secret and proprietary information that hackers want to steal. Since there are various types of malware, though, any computer user is at risk. Some botnets send spam, some collect credentials or steal intellectual property, and still others send internet users to malicious websites. Once individual devices are voluntarily connected to each other, who knows what evil hackers will accomplish on a worldwide scale.

So, What are Thingbots?

Thingbots are botnets made of infected devices from the internet of things. Controlled by the owner of the botnet, they have the same capacity for malicious activities as traditional botnet malware.

Wireless routers and modems are the most likely targets for thingbots because they are directly connected to the internet. As our home appliances and workplace machines become fully automated, cyber-security will need to protect data at each segment of connection. The more data points connect, the more companies will need to employ security checkpoints.

To read more about thingbots, read the October 2014 article “Botnet malware: What it is and how to fight it,” on welivesecurity.com.

To talk more about botnets, thingbots, and what it means for your cyber-security, please contact us. We want to help your business stay cyber-secure.

Backup Disaster Recovery: The Biggest Risks Today as Incentive to Prepare

20160310

Backup disaster recovery–no matter what the cause–can be devastating for your business without proper preparation.

Backup disaster recovery is more necessary than ever as cyber threats become more prevalent and insidious. This doesn’t mean it’s strictly limited to natural disasters since human beings can cause just as many problems. Nevertheless, the combined threats permeating cyberspace are at red alert level now.

For your business, not having some form of backup in today’s times becomes the worst type of risk. Entrepreneur recently reminded that 40 to 60 percent of all small businesses don’t survive disasters. All of this comes from lack of evaluation on what makes a business vulnerable.

It’s easy to get complacent if nothing ever happened to your business in the past. What didn’t happen maybe five or ten years ago could easily happen now, especially newer threats you’re not aware exist.

So what are some common threats that could threaten your business data? With proper backup tools, none of these have to make you worry.

The Current Threat of Ransomware

This could soon become the worst cyber threat in the world. We’ve written about it before in our blogs, but we’ve seen an increase in ransomware since the first of the year. It’s been cited recently as one of the worst-case-scenarios in business disasters.

What makes this threat so bad is it’s so easy to catch if your employees inadvertently click a link in an email. Those behind ransomware frequently create convincing emails that appear to come from government agencies or superiors in a company.

Once the ransomware gets into your system, a hacker can shut down your entire network and demand a ransom to get your files back.

While some companies get their data returned after paying a ransom, not all do. It’s better to create reliable backup systems to prepare for this growing problem. With proper IT management, you can succeed, especially through the cloud.

Natural Disasters

Just about anything can happen in the way of natural disasters, and it goes far beyond hurricanes or earthquakes. Now freak winter storms or even floods can happen in places you wouldn’t expect. Your own business location may have typically calm weather, then suddenly experience something on a biblical level.

These events could wipe out your business in an instant. Having an on-site server could mean your entire business data disappearing forever. Even some other forms of backup may not have complete reliability, especially using something outdated like tapes.

Once again, with more reliable backup services from quality IT management, you can retrieve your files the same day without having to wait for hours. Through the cloud, you can access everything anywhere you find an Internet connection.

Human Error or Deliberate Disasters

While nature can always wreak havoc on a business, so can human beings. Sometimes a disaster may occur strictly because an employee accidentally deletes important data. Despite all the technological advances out there, it’s still far too easy to press one button wrong that eliminates entire databases.

Other times, employees can do things out of spite due to dissatisfaction in their jobs. When this happens, it can bring even more damage and cost you a fortune in downtime.

Small businesses experiencing downtime could have costs up to $427 per minute, so it’s time to prepare for any occurrence. Because you may have employees numbering in the hundreds, it only takes one of them to create a major problem accidentally or intentionally.

Through superior BDR systems, this kind of disaster won’t leave you hanging. What’s important is finding an IT provider that’s reliable and affordable.

Let us provide the reliable backup disaster recovery system you need here at SystemsNet.

Contact us to find out more about our comprehensive IT services.

Six Workflow Questions to Ask Your Managed Service Provider (MSP)

20160304

A good MSP provider always consults with clients when technology arrives that can deliver innovative solutions and service to their customers.

”A good decision is based on knowledge and not on numbers.” -Plato

In today’s technology and data-driven world, your greatest competitive asset or your biggest headache will be IT. With that in mind you shopped around, received referrals from trusted resources, studied the costs, determined your budget and decided which Managed Service Provider (MSP) your company can afford to hire. However, the answers to these six questions that have to do with workflow rather than numbers are equally important before you sign on the dotted line.

1) How are issues handled and how long is the response time?

A good MSP documents the systems in place to prevent an issue from reoccurring and corresponds with you in a timely manner. At the very least, when you ask for support, you should receive an acknowledgment immediately, and a response from a support technician shortly after that. If the issue is unsolvable by the first response, you should be notified of when you could look forward to a resolution of your issue.

2) How are response times categorized?

Every MSP has systems in place to sort out issues. The seriousness of each issue is determined and categorized by the amount of workflow that is impacted and the number of employees unable to complete their tasks.

If your business cannot function at all, there should be a response within 5 to 15 minutes after you have alerted your MSP of this problem.

If critical applications have gone offline or are not functioning, impacting entire departments or a significant portion of your business, you should receive a response within 15 to 30 minutes of your notification.

If some employees are being prevented from doing their work, due to application slowness or because of lost or missing data, a MSP technician should contact you within 1 to 2 hours after being alerted of your issue.

If only a few employees are impacted, but it is still “business as usual,” you may be asked to schedule an appointment at a later time.

3) Will you be consulted when newer, more efficient products become available?

A good MSP provider always consults with clients when technology arrives that can deliver innovative solutions and service to their customers. The recommendations should justify the cost of upgrading through increased efficiency, security or long-term savings. In addition, the recommendations should be supported by data and reports directly linked to your business functions and priorities.

4) How will you be notified of increased or one-time costs?

One of the reasons to contract with a MSP is to help you maintain your IT budget. To be able to forecast and chart fixed expenses. A good MSP will give you a detailed account of what is and what isn’t covered. It is important to make sure that not only you, but also your employees, understand what IT needs are covered in the MSP contract. If your support is contracted for a specific or limited amount of monthly time, ask if you will be notified when that contracted time is close to expiring. It should be absolutely clear to you and completely itemized regarding what is being covered in terms of time, cost and open issues.

5) Who will be handling my business?

When you call for support, knowing which technicians to ask for and trusting that they know your unique business needs is paramount to your company’s IT well-being. You should be provided a set group of representatives acquainted with your IT needs and workflow necessities. Every business has its share of employee turnover, and while it is important to understand that new employees will need time to “get up-to-speed”, it is also important to understand that you should not have to explain your business or reoccurring events every time you reach out for support.

6)Where does the proverbial “buck” stop?

Contracting with a MSP means a single company is monitoring and managing all your IT assets. Although you will still require an internet provider and probably other software applications, a dedicated MSP will have a working knowledge of the other IT services linked with your account. You should be alerted before something becomes problematic, even if it is a periphery resource. Contact us, you need an advocate that will work for you in all your IT needs.