Monthly Archives: November 2015

In Cloud We Trust – Cloud Security

Security Blog

We’ve all heard it before: “If you move to the cloud, all of your data will be at risk!”

Countless studies have shown that cloud security is the major factor standing in the way of cloud adoption. While in some cases companies are right to be wary, like most things, not all cloud providers are created equal. In fact, the security a company experiences with the cloud solely depends on the provider chosen. It’s wrong to lump all cloud providers together and assume a general opinion on cloud security, whether that opinion is good or bad. Just as some companies currently have better in-house security than others, some cloud providers view security as a larger priority than others. And the word security is all-encompassing, referring to physical and network security, as well as compliance.

Physical Security

A great cloud provider will have multiple physical security measures in place. Look for providers that can offer the following: full credential-limited access to data centers, key card protocols, biometric scanning systems, exterior security systems, on-premises security guards, digital surveillance and recording, secured cages, around-the-clock interior and exterior surveillance monitor access, and employees that have undergone multiple, thorough background security checks. This isn’t asking too much. These are the things that will protect your information. The best facilities will also include environmental controls such as redundant HVAC systems, circulated and filtered air, and fire suppression systems.

Network Security

A reliable cloud provider should be able to guarantee geographical diversity of data center locations as well as full redundancy. With these steps in place, companies can ensure that in the event of a disaster, their business-critical data and applications will be safe and accessible, even if one of the data centers is affected. Look for in-flight and at-rest encryption, strong firewalls, password protection and around-the-clock monitoring. Make your provider prove itself, and ensure that it can demonstrate strict and accurate Service Level Agreements.

Compliance

Today, more and more industries have regulations and standards to meet. “Compliance” is an extremely important word for businesses in all industries, as it refers to the laws that are in place for security and privacy purposes. Your cloud provider should meet, if not exceed, large compliance laws such as HIPAA, PCI DSS, and Sarbanes-Oxley. Whether or not your company needs to meet these regulations, you want a cloud provider that understands and follows the top compliance laws because this demonstrates that they are knowledgeable and trustworthy.

The reality of today is this: cloud computing is a growing, important technology that is being adopted by the majority of businesses. In order to remain relevant and modern, cloud is the way to go. By no means should you risk your company’s security to do so, but you should work to find a provider that is trustworthy and can offer excellent physical and network security for your data. You have to remember that cloud providers are businesses too – they put loads of money into ensuring that their customers information is secure. For the most part, they aren’t willing to risk their reputation and customers for lesser security. As long as you take the appropriate steps to ensure you’re working with a legitimate, secure provider, the cloud is ‘absolutely a viable and intelligent option for your organization. And when you make the move, you’ll experience better security than you ever had in-house.


IoT and the Impact of “Smart” Technology

internetofthingsScreen Shot 2015-10-13 at 1.21.21 PM

The Internet of Things (IoT) isn’t exactly new – according to The Guardian, the first Internet-connected toaster was unveiled at a conference in 1989, and does anyone remember the movie “Smart House”? People have been intrigued by the idea of connecting, well, anything and everything for years and years now! Today, however, we finally have the technology in place to do so, and the Internet of Things is really taking off.

IoT Defined

The Internet of Things revolves around increased machine-to-machine communication, and it’s said that this technology will make everything from streetlights to seaports “smart.” Its true value lies in the intersection of gathering data and analyzing it. Today, there’s a huge network of physical objects that are embedded with electronics, software, sensors and connectivity. These objects, or “things”, are able to both collect and exchange data, and the network will only continue to grow in coming years.

In really simple terms, the Internet of Things is all about connecting devices and objects over the Internet. They are able to talk to each other and to us. There are plenty of examples already: smart technology in automobiles, the smart fridge, mobile devices, wearable technology, and so much more. And IoT isn’t even limited to singular devices. Imagine a true smart home, or an entire smart city!

The Challenges

Security is always a top concern when new technology is introduced. It’s extremely valid, as devices within the IoT will certainly be gathering a lot of data about people. This is a challenge that experts in the Internet of Things are already working to overcome, and it’s still in the early stages. There have not yet been excessive hackings, but as IoT develops, it will be more attractive to hackers – this means more emphasis should be put on security in these early stages to avoid problems later. However, it’s important to keep in mind that these devices are just as susceptible as a home PC or smartphone – it’s all on an even playing field. And as the Internet of Things grows, so will security technology.

Another concern is how the Internet of Things will affect business. Some think it will affect productivity levels or lead to an invasion of worker privacy. IoT will almost definitely impact how business is done today, but it can have a really positive impact. Manufacturing already uses the Internet of Things to organize and track machines, while farmers are able to monitor their crops and cattle. As more and more businesses adopt this technology, it can have a significant impact on production and efficiency. And while employees may not like the idea of being tracked throughout the workday, this concern may lead to the implementation of IoT policies to both protect workers and take advantage of the latest technology.

IoT and Cloud Computing

The Internet of Things is built on cloud computing and networks of data-gathering sensors. Cloud-based applications are truly the key to using leveraged data gathered from the IoT. They interpret and transmit the data coming from all these sensors. The cloud provides the infrastructure needed to analyze these huge amounts of data in real time. 55% of IoT developers primarily connect devices through the cloud (Forbes). Cloud computing can also address concerns about security, as cloud security has strengthened significantly in recent years.

With huge levels of data flying around, the cloud is immensely important in the development of the Internet of Things. It has the capability to handle the speed and volume of this data, and ensures that the data remains accessible anywhere, at anytime, using any device. And paired with Big Data, cloud computing also provides valuable insights that businesses can use to customize their offerings.


Vulnerability Scanning

9 Questions to Ask a Managed Security Provider

Once, managed security providers were small companies who offered select few larger companies the option to store their data remotely. Now, that market has grown into a widely utilized industry, where providers navigate security issues, compliance regulations, and the importance of data protection for you.

But with this burgeoning enterprise comes the difficulty of deciding between the many competent players. When choosing the company that will defend the security of your data and manage your ability to access it, it’s important to look closely at several aspects of each provider

Track Record. The ideal MSSP to handle your company’s sensitive data will be able to show a strong history of quality information management over a significant period of time.

  1. Response Time and Analysis. An MSSP must be able to easily determine security threats from false alarms. Your provider should be able to respond immediately after analyzing and interpreting large amounts of network security.
  2. Operation Centers. The best MSSP will have state-of-the-art security operations centers at multiple locations, allowing for cross-monitoring and double-checking compliance with security standards.
  3. Global Awareness. To really be prepared, security experts must be able to monitor threats to data not just domestically, but from around the world. International eyes and ears allow for proactive handling of threats and real-time alerts.
  4. High Level Management. Management personnel in the best MSSPs will often have backgrounds working in military, security, or government: an indicator of success.
  5. Range of Services. Particularly for larger businesses, MSSPs must be able to provide a variety of services, including real-time monitoring, firewall management, intrusion detection systems, virtual private networks, and more.
  6. Security Procedures. Ask for documented standards and policies that are in place, from handling of unusual operations to common threats. Look for an MSSP that offers a variety of notification options for optimal staff awareness.
  7. Third-Party Validation. Whatever these policies and procedures are, make sure that the MSSP has had them validated and certified by a third-party auditor.
  8. Range. For best brand-specific protection, find an MSSP that employs specialists who have certified experience working with a variety of security providers and in a wide range of products.
  9. Reporting. Detailed reporting is essential for a company to truly trust the MSSP. Be sure that the reports are based on information drawn from various platforms, include recommendations, are open about latest threats, and are clear about any security changes that have been made.

Your data is only as secure as the company trusted to protect it. Take your time and consider all aspects of the business and relevant details of your own company before deciding.


Intrusion detection System

10 IT Security Questions Every Business Should Ask

 

In this face-paced, ever-changing, technological world, small and growing businesses must be prepared, now more than ever, to not only address the danger of cyber-security threats, but also to have the in-house expertise to implement information security programs that handle these types of issues. This means going far beyond simply having anti-virus software and creating strong passwords.

While this can sound overwhelming, every organization that intends to stay on top of and serious about security should take this into consideration. To help you get started, we outline 10 simple questions to ask yourself when establishing a strong foundation for information security programs:

1. Has responsibility and accountability been assigned for IT security and data privacy? As a business, there should always be someone in place who is designated (and qualified) as the IT Security Officer (ISO).

2. Have you identified, and do you understand, all regulations and standards that apply to you? A sampling of standards includes, but is not limited to:

  • Sarbanes Oxley (SOX)
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Gramm-Leach-Bliley Act (GLBA),
  • Payment Card Industry Data Security Standard (PCI-DSS)

3. Do you have documented information security policies and procedures? Doing so will help you define goals for the organization in regards to information security, as well as provide an outline for how your organization will meet these goals.

4. When looking to prevent security breaches and fraud, how do you monitor the systems you have in place? If you haven’t already done so, start implementing network intrusion detection systems that regularly review system logs and activities. This will allow you to investigate any suspicious activity before it becomes a big problem.

5. If a security or data breach were to take place, do you have a response plan in place? Data and security breaches often blindside people and organizations, and make it difficult to respond in an efficient matter. Having a detailed, emergency plan in place will not only allow you to act quickly and with confidence, but will also provide a blueprint for how to manage:

  • Containment
  • Investigation
  • Legal actions
  • Public relations

6. Do you have a patch management strategy, and if so, what does it look like? A thorough and comprehensive patch management process allows businesses to protect themselves from newly discovered threats – both internally and externally. It is important to note that in order for this to be effective, all software and systems should be covered.

7.  Do you perform initial and periodic security checks on new vendors?
In order to stay ensured that your data is being adequately protected by your vendors, it’s always a good idea to review the security controls they have in place. If gaps are found, you can then take action to correct them before damage is done.

8. Have you identified and protected all sensitive data? 
As a business, always identify any and all sensitive or confidential data, make note of where it is stored, and look into the adequacy of the processes protecting the data.

9. Have all high-risk technology systems been identified? Utilize a basic IT risk assessment and focus your resources on high-risk areas to help you evaluate your security control efforts.

10. Do your employees receive adequate security training? Unfortunately, some of the most common security breaches are a result of employees accidentally divulging sensitive information. Continual security awareness training and testing will not only protect your systems, but also help your employees identify and avoid attackers utilizing social engineering techniques.


How to Protect your Business from Cyber Crimes

When you hear about major cyber crimes such as the Home Depot and Target security breaches, you probably can’t help but to worry about the security of your own business. Cyber criminals seek out sensitive data, and every business is at risk. But just like you put a security system on your home or an alarm on your car, you can put a metaphorical security fence around your business’s data, too.

The best way to protect yourself, of course, is to identify potential risks and combat them. Here are a few ways you can do that.

Issue: Crimeware. Also known as malware, these are essentially viruses that infiltrate your systems, compromising servers, desktops, and data.
Protection: Ensure you have installed up-to-date anti-virus and anti-malware programs, browsers, and firewalls. Block your systems from Java browser plugins and implement configuration-change monitoring.

Issue: Employee or insider abuse of privileges.
Protection: Require logins for every aspect of your data and keep track of these. Review user accounts so that you can identify abnormal behavior. Audit accounts regularly and monitor any data transfers that go outside of your organization.

Issue: Espionage – the infiltration and gathering of data from outsiders.
Protection: Ensure that all software is patched, especially in areas of weakness, and that anti-virus software is up-to-date.  Keep track of data analytics and train your employees to recognize abnormalities. Make use of secure cloud-based office phones and cloud-based servers to properly track network and application activity – this will help you to better identify inconsistencies.

Issue: POS intrusions, or the access of POS systems by outsiders.
Protection: Limit or ban the access of POS systems from third parties. Enforce the use of password access and keep track of all logins. Limit or prevent the use of POS systems to browse the web or perform any other non-work-related tasks.

Issue: Card skimmers, or the collection of credit card or other payment data. Once a customer has their card skimmed via your company’s data, it’s unlikely that they’ll trust payment with your company again.
Protection: Train employees to spot suspicious behavior and regularly inspect credit card swipers at any brick-and-mortar sale location. Install tamper-evident controls and safety measures such as mirrors on ATMs.

Issue: Other errors
Protection: Have a third-party company manage or maintain your cloud servers if your business doesn’t have the capacity to train your existing IT team. Encrypt all data. Stay on top of software or business system updates and keep all employees in the loop to avoid any application misuses or data breaches.


How can I Lock Down my VoIP Network?


What is the Cost of a Cyber Attack?

Even as we shift our focus more and more toward tech security, it’s not perfect (and it’s unlikely that it ever will be). Even major corporations are at risk for – and have fallen victim to, quite recently – security breaches, whether it was in the form of leaked credit card information, hacked e-mails, or any other form of information compromise. A breach in cyber security is a threat to profits, to customer loyalty, and to the business’s security in general. Let’s take a closer look at what it means if your company’s virtual data isn’t secure.

The Average Loss per Cyber Attack is $3,220,000
…Not to mention that that number is higher in the United States. Here in the US, a major company can lose out on $5,850,000 when it suffers a major attack, which is the highest average net loss in the world. Germany pulls in second at $4,740,000 lost on average, and not even France or the UK can compare.

The Cost of Additional IT Security is Nothing in Comparison to Potential Losses
Obviously, the only way to prevent these massive losses due to cyber-attacks is to increase cyber security. The problem is that most companies don’t want to make this investment, as it sometimes comes with a bit pricetag. What these companies don’t realize is that, according to IBM, a stronger security presence could save a company up to $14 per lost data record. Bigger amounts of data compromised means bigger losses – but effectively, this means that the average company could increase their IT spending by $330,000 and still break even should there be an attack.

Companies Spend the Least on Data Center Systems
It’s plain to see that the digital world’s economy has grown at a staggering rate, thanks to the rise of mobile devices and cloud-based services. However, not many companies are investing on bigger, better data center systems. Telecom services rake in 8 times more revenue per year than data center systems; however, investing in better data center systems could mean investing in better security. Hopefully there is an upward trend to come.

Certain Industries Feel it the Worst
Every industry is at risk for data breaches, but a few are the biggest targets: banking, retail, IT, and hospitality. It seems that education, transportation, and entertainment, on the other hand, are the least at risk. Whether your business is in any of these industries should play a role in how seriously you’re taking cyber security.


Three Invaluable Tips for Cloud Safety

One of the arguments most frequently made for switching to the cloud is the fact that it is secure. And, while this is true, nothing is perfect. You’d always rather be safe than sorry. Especially for retailers and financial institutions, security is paramount – although not every institution makes it their top priority. Companies should always be operating as though they are at risk for a data breach, because in essence, it’s always a possibility.

Something that not many people realize is that the vast majority of news-making data breaches have occurred on out-of-date network systems with similarly out-of-date security measures. Embracing the cloud means embracing the latest technology, whether that’s in organization, integration, or, yes, security.

What we’re trying to say is that yes, it’s time you upgraded to the cloud and no, you shouldn’t be afraid that the cloud will put you at risk for security breaches – they’re much safer than the legacy servers you’re probably using. But, once you do move to the cloud, it’s important to employ best practices to keep your business safe.

Here are three tips to achieving cloud safety.

Keep your Staff in the Know; Monitor BYOD
It’s becoming increasingly common for companies to have their employees bring their own devices, better known as BYOD, to work. Some employees even prefer this over having separate computers, phones, etc. While this may be efficient for your company’s needs, it’s important that everyone understands how to keep their devices safe. Hold frequent meetings to let staff members know what could happen if their devices fall into the wrong hands, what applications are secure and which aren’t, and how to protect themselves. A lot of companies have made it mandatory for employees to lock/password protect their computers whenever they are away from their desks, which is never a bad idea.

Encrypt, Encrypt, Encrypt
Chances are, the cloud platform you’re using will encrypt your data automatically. That said, platforms do not always encrypt the data that is synced to mobile devices. It might be a good idea to look into file-level encryption to play it safe if you have employees who work remotely to any degree. Having this extra level security is entirely worth it – if only for your peace of mind.

Always Stay on Top of Security
Security should be your priority. It may seem obvious, but surprisingly, only 40 percent of financial businesses think a data breach is a risk they face, even though small data breaches are incredibly common. Revisit your security often to see what new things you can do to stay safe, and have frequent trainings to ensure everyone understands the consequences of not doing so. You can never be too safe.

Like we said before – it’s time to embrace the cloud and enjoy the integration it offers. You can now have your e-mail, applications, and phone systems all hosted in the cloud. That said, safety should always be #1 in your business, and it applies to the cloud as well.


Contact us