Enterprises around the world continue to move key applications to the cloud. But the speed and scope of migration presenting new challenges regarding data protection, service delivery, and compliance.
Contrary to popular belief, Office 365 and other software as a service (SaaS) models provide no real internal backup solutions.
While Microsoft has sound internal security and is capable of managing Office 365 infrastructure, third-party services are needed to ensure comprehensive data protection and compliance. Let’s take a look at 5 key reasons why you need a dedicated backup service when you’re using Office 365.
Regardless of how careful you are with your data, accidents can and do happen. Whether it’s the accidental deletion of a user, the incorrect merging of fields, or the failure of a key service, accidental deletion can be replicated across an entire network and lead to serious problems.
Simple accidents have been responsible for serious damage over the last few years, with an outage on Amazon Web Services costing up to $150 million dollars in 2017.
A backup service can restore data and services quickly and with minimum disruption, either to the on-premise Exchange or the Office 365 cloud network. In addition, dedicated backup services can protect you against internal security threats and manage the risk of malicious data loss or destruction.
Along with internal security threats, many businesses have experienced a rise in malware, viruses, data theft and other security threats from the outside.
Kaspersky blocked almost 800 million attacks from online resources across the globe in the first quarter of 2018 alone.
While Microsoft 365 and other cloud suites do have some security controls, they’re not robust or reliable enough to handle every case scenario. Having access to a high-grade, third-party backup service is the best way to reduce your exposure and manage the risks associated with data loss and destruction.
Cloud-based services are popular for many reasons, with Office 365 and other solutions featuring better integration between applications, more efficient data exchange and delivery, and the ability to utilize transparent services regardless of location.
Many of these benefits come at a cost, however, with enterprises losing control over data retention and recovery.
While Office 365 does have its own retention policies, they are ever-changing and difficult to manage. In fact, confusing and inaccessible data retention is one of the reasons why so many businesses refuse to move to the cloud.
In addition to running a business and ensuring access to key data and services, organizations have a responsibility to meet certain legal and compliance obligations.
A cloud backup service allows you to retrieve important data instantly and with minimal disruption to critical business systems.
Whether it’s retrieving user data for law enforcement, accessing your mailbox during a legal action, or meeting regulatory compliance standards, dedicated cloud backup makes it easier to meet your responsibilities.
With more businesses moving to the cloud all the time, the migration process is often presented as a seamless and natural transition.
While the benefits of SaaS are valid and well-known, managing hybrid email deployments and other critical services during migration can be more challenging than Microsoft would have you believe.
Whether you want a dedicated cloud solution or a mix of Office 365 and on-premises services, backup solutions like Veeam (our recommended solution) allow you to protect and manage your data during and after the transition in a way that makes the source location irrelevant.
The post 5 reasons why you need a backup service, even if you’re using Office 365 appeared first on ISG Technologies.
Source: my isg
Any time you’re dealing with sensitive business data, you need to take care to elevate security measures. But cybersecurity trends are always changing. You can’t (and shouldn’t) jump on every bandwagon that comes along. This article will give you the scoop on MFA so you know what it actually does to provide additional network security.
Multi-Factor authentication is all about making it more difficult for hackers to access your company’s sensitive data, email addresses, files, company credit card numbers, sign-in information and even personal information.
Forbes breaks down the essence of MFA this way:
“Multi-factor authentication is more complex, yet potentially more secure than two-factor, usually requiring additional verification such as biometrics to include voice, retina or fingerprint recognition, etc., which is harder for an attacker to bypass. Depending on the nature of the organization (i.e. maintains critical infrastructure), the risk could outweigh the cost and multi-factor authentication may be preferred.”
An example may help.
If you use an iPhone, there’s a good chance you’re already using MFA. When you use your fingerprint to access your phone, that’s an element of multi-factor authentication in action.
Of course, that’s multi-factor authentication on a consumer level. In business, there are all kinds of applications for advanced cybersecurity, including things like fingerprint readers.
The end result is simple—it’s significantly harder for a hacker to breach your data because the requirements for access are far more difficult to bypass.
There are multiple ways a cybercriminal can get to your company’s data. That’s why firewall protection, antivirus programs and other standard network security measures are so important.
Unfortunately, that kind of protection will only take you so far. That’s because the overwhelming the overwhelming majority of cybersecurity breaches happen, not because of a technical breakdown, but because of something a human being did or failed to do. If you don’t secure data at the human level, a breach is simply more likely.
Not only that, but password theft is alarmingly common and constantly evolving. Phishing scams, keylogging and pharming don’t take advantage of human error, per se. But the result is the same. Data is compromised because user passwords are compromised.
A multi-factor authentication method forces anyone accessing data to use more than a password alone. Even if users’ passwords are compromised, MFA means data is still safe.
Two-factor authentication is more or less what it sounds like—two pieces of information are needed for access.
For instance, at an ATM you need two pieces of information to access your account—your ATM card and your PIN. But multi-factor authentication ups the ante. You’re required to provide multiple (as in, more than two) pieces of information for access, and one of those pieces of data is typically something completely unique to you. (Think retinal or fingerprint scan.)
Multi-factor authentication helps with security, productivity, flexibility, and compliance. It gives business leaders an effective way to protect their organization’s infrastructure and adds multiple additional layers of cybersecurity. While it’s never possible to stop all data breaches, it’s well worth your time to do what you can to minimize the possibility that your data will be compromised.
If you’re interested in using MFA in your office, we recommend reaching out to your managed IT services provider. They’re already familiar with your technology and your network. They’ll be in a position to help determine exactly what kind of multi-factor authentication will work best for you and your staff. At ISG Technology, we have partnered with the very best in the industry, Aruba, to provide you with the tools to create the best mobile workplace and prevent a cyberattack.
Cloud computing has been gaining popularity in the business space over the last couple years. Organizations are abandoning server-based data centers in favor of a third-party-provided solutions. Yet as more data is stored digitally, the danger of hacking grows. Companies are losing significant income to data breaches, and cybercriminals are developing new, sophisticated ways to steal data.
So why are companies taking their information to the cloud? Many executives want to push their businesses to the cloud but don’t fully understand how it works. As such, they may be wary over the idea of removing confidential information from complete corporate oversight. However, the cloud is not as penetrable as its name might imply.
Three factors driving cloud safety
According to Forbes, there are three principal factors helping to keep data secure when it is in a cloud platform. The first is redundancy. Losing data can be almost as harmful as having it stolen. When a server fails or a hacker gains access to a corporate network and deletes or attempts to ransom vital information, companies can lose months of productivity. Most cloud networks, however, typically keep data in at least three locations.
This means that lost data at one location, such as data loss caused by a server failure, will not have the disastrous impact that it could in an organization relying on an on-premise data center. By keep copies of each file, cloud solutions are making sure mission-critical data is accessible until the user no longer wants it.
The second factor is the safe sharing policy. Anyone who has ever used the popular Google Docs knows how file sharing works. Rather than making a copy, the user must enter the email address of anyone they want to see the file. These extra users can’t share the file on their own (unless given express permission), they simply have access to the information. This is how safe sharing works. It prevents any unauthorized copies from being created or distributed. Users have access to their own data and can control exactly who sees it.
The last factor driving cloud safety is encryption. Provided a user keeps track of their password, it is very difficult for a hacker to gain access to the files. They are being stored either entirely in the cloud or at a secure, remote facility in an unknown location. Since the user’s connection to this information is encrypted, following it to gain access would be difficult, if not impossible for a human hacker.
“Cybersecurity today is more about controlling access than managing data storage.”
It’s all about access
As TechTarget pointed out, cybersecurity today is more about controlling access than managing data storage. When hackers breach data, they typically do so because they have access to sensitive information. This can be a password or even a corporate email address. Cybercriminals infiltrate and steal information based on the access they’ve gained, typically from an unknowing authorized user.
Cloud solutions help monitor this access, keeping secure data under control. The providers offering these platforms have the expertise and the resources to keep cybersecurity evolving alongside the threats. In most cases, they have more resources than the client companies using their solutions.
The cybersecurity arms race
One popular cloud vendor is Microsoft. Each year the company invests over $1 billion into cybersecurity initiatives for its Azure platform. The money, explained Azure Government CISO Matthew Rathbun in an interview with TechRepublic, isn’t just about maintenance, it is about innovation:
“Ninety percent of my threat landscape starts with a human, either maliciously or inadvertently, making a mistake that somehow compromises security,” said Rathbun. “In an ideal state, we’re going eventually end up in a world where there’ll be zero human touch to an Azure production environment.”
Overseen by talented specialists with ample resources, cloud solutions are a safe form of data protection in today’s digital business space.
Cybersecurity is a paramount issue facing businesses in the digital world. The average costs of a successful cybercrime in 2017 were roughly $1.3 million for large enterprises and $117,000 for small- to medium-sized businesses, according to Kaspersky Lab. These figures include the cost of data theft but do not encompass the additional potential price of a damaged reputation and ensuing legal action. Data also indicates that cyberattacks will become only more expensive and damaging in the coming years.
Defending an organization against cybercrime requires a multi-channel approach. Companies should be open to software solutions, employee training and hardware upgrades whenever necessary. However, another avenue for cybercrime is occasionally overlooked. Physical theft of connected mobile devices, laptops and even desktop computers can lead to an open pathway for cyberattacks. In addition, some businesses simply sell their used electronics without first doing a proper data cleanse.
But can information to completely and permanently removed from a hard drive?
The levels of data destruction
Deleting data is not as secure as some might assume. In actuality, when information on a computer is "deleted," the files themselves are not immediately removed. Instead, the pathing to that information is expunged. The data is also designated as open space, so the computer will eventually overwrite it. However, until this rewrite occurs, it is relatively easy for the information to be restored and accessed by any tech-savvy user.
Fortunately for organizations trying to permanently dissolve their data, deletion is only the first step of the process. Lifewire recommended three additional methods to ensure that information remains lost.
First comes software – using a data destruction program on the hard drive. This method has been met with approval from the National Institute of Standards and Technology as a secure way to permanently remove information from a hard drive, according to DestructData. However, drawbacks include resource consumption, as this can be a time-intensive process. In addition, some overwriting tools can miss hidden data that is locked on the hard drive.
The most secure method to completely remove data is degaussing. Hard disk drives operate through magnetic fields, and degaussers alter those waves. The result is a drive that can never be read again. In fact, the computer will not even register it as a hard drive from that moment on. However, the downside in this process is twofold: One, the drive is useless after degaussing. Two, this method can on only hard disk drives. Solid state drives and flash media do not use magnetism in the same way, so a degausser will be ineffective.
The final option is to physically destroy the data drive. While many people think that this task can be done with patience and a hammer, it is unfortunately not that simple. Hard drives can be rebuilt with the right tools and expertise. According to the Computer World, NASA scientists were able to recover data from the charred wreckage of the Columbia shuttle after its disastrous explosion and crash in 2003.
The resiliency of hard drives
In short, it can be difficult to permanently expunge data from a hard drive. This reality is in part why businesses are opting for less internal data centers and more dependency on cloud solutions. According to TechTarget, cloud solutions represent a more secure method of data organization than traditional IT infrastructure.
While data can be safely deleted, the reality is, unless a degausser is used, there is always some chance of information recovery. Cybercriminals are becoming more sophisticated, and given the expensive nature of dealing with data breaches, it is understandable why the cloud is becoming the preferred solution.
First things first, just to make sure we’re all on the same page.
Phishing is a type of cybersecurity attack. Someone impersonates a legitimate entity to try to persuade the recipient to hand over sensitive information. Most phishing happens via email.
Compared to other forms of hacking, phishing is quite easy to execute. In fact, the first “phishers” used AOL in the 1990s to get information from unsuspecting AOL users. These attacks were painfully simple. But here’s the kicker. They didn’t differ much from phishing attacks of today!
The attackers simply pretended to be AOL employees. Even if only a few victims believed their ruse, the attack was worth it. That’s because if even one person falls for a phishing tactic, the results can be devastating.
Here are the fundamental things all your employees need to know to protect your company from phishing attacks.
While most people think of phishing as occurring exclusively via email, it can also happen on social media sites, in messaging apps, and through any method of online communication.
If your employees are communicating anywhere online, they need to make sure they really know who is at the other end.
Some phishing attempts are just hackers sending out emails to a random group of people and hoping one of them will bite. But an increasing number of phishing attacks are getting more sophisticated.
In some cases, hackers will spend months or more building a relationship with the target through false social media profiles and frequent communications. This combines catfishing and phishing, forming a dangerous combination.
After a while, the target grows comfortable with the hacker and trusts them enough to share personal information.
Some sources estimate that phishing attacks may cost American businesses up to $500 million per year, with thousands of businesses targeted and more personal consumers attacked at home.
That figure comes only from the attacks that were investigated by the FBI over a period of three years, so it is likely that the total cost to US businesses is more than that.
There are a few major types of phishing attacks. The most basic is when attackers email a random group of people and hope that a few of them will fall prey to the scam.
“Spear phishing” is a targeted attack that centers on one organization or a group of individuals. Attackers pretend to be someone from within the organization—a client or vendor—in order to infiltrate and get access to sensitive information. Some spear phishers are able to hack into organizational communication systems so the messages really do appear to be coming from the inside.
“Whaling” is when a spear phisher goes after a huge target.
There are many trademarks of a phishing attack. Educating employees about these signs can save your business a whole lot of money. Some of these may seem a bit obvious, but to those who are not as savvy, it’s important information that could stop an attack.
Phishing emails often come from addresses that seem like they could be legit. But if you examine the address more closely you’ll notice that it’s a little off. Perhaps it’s one letter off from the company’s actual name or the email address doesn’t follow the convention of other people you have met from that organization. You will find a similar situation with URLs in phishing messages.
Many phishing emails have bad spelling and improper grammar, typically due to poor translations. If it was coming from a legitimate organization, typos are possible, but not usually at the magnitude seen in phishing emails.
Finally, if a message seems too good to be true, it probably is!
Use these tips to avoid harmful phishing attacks. For more information on how to protect your business, be sure to contact your IT support partner.
As of late June 2018, one of Microsoft's newest software platforms, Azure IoT Edge, is generally available. This means that commercial enterprises and independent consumers now have access to it and, thanks to Microsoft's decision to take the platform open source, can begin modifying the technology to fit specific needs.
Every innovation brings new opportunity and unforeseen challenges, and there is no reason to suspect that Azure IoT Edge will be any different. Even programs created by technology industry leaders like Microsoft have their potential disadvantages.
What exactly is Azure IoT Edge?
Simply put, Azure IoT Edge represents Microsoft's plan to move data analytics from processing centers to internet of things enabled devices. This sophisticated edge computing technology can equip IoT hardware with cognitive computing technologies such as machine learning and computer vision. It will also free up enormous bandwidth by moving the data processing location to the device and allow IoT devices to perform more sophisticated tasks without constant human monitoring.
According to Microsoft, there are three primary components at play:
Overall, Azure IoT Edge represents a significant step forward in cloud computing and IoT operations, empowering devices with functionality that wasn't before possible.
The cybersecurity concerns of Azure IoT Edge
It is worth remembering that IoT hardware has a long and complicated history with cybersecurity standards. Considering the bulk of IoT technology adoption has been driven by consumer, rather than enterprise, products – issues like security and privacy were placed second to interface design and price point.
Research firm Gartner found that 20 percent of organizations had already reported at least one IoT-centered data breach within the three years leading up to 2018. This risk has led to IoT security spending that is expected to cost $1.5 billion globally in 2018. Some companies scrambling to make their IoT hardware more secure may want to leave this problem as a priority over incorporating Microsoft's newest software platform.
Another potential issue is Microsoft's decision to make the platform open source. The original code is public knowledge and now available to all to modify for personal use. While this flexibility will greatly help the product's user base expand, open source programs have not historically been the most secure from cybercriminals.
Many ecommerce websites ran on the Magento platform, an open source solution that became the target of a brute force password attack in 2018, which ultimately proved successful. The resulting data breach led to thousands of compromised accounts and stolen credit information.
A Black Duck Software report tracked open source programs as they have become more widespread. While the overall quality of open source code is improving, the study found that many organizations do not properly monitor and protect the code once it has been put in place, leaving it vulnerable to exploitation from outside sources.
"Microsoft annually invests $1 billion in cybersecurity research."
The Microsoft advantage
However, Microsoft is arguably in position to address the major security concerns with its Azure IoT Edge platform. The company invests over $1 billion in cybersecurity research each year. According to Azure Government CISO Matthew Rathbun, a lot of this money is spent with Azure in mind:
"Ninety percent of my threat landscape starts with a human, either maliciously or inadvertently, making a mistake that somehow compromises security," Rathbun told TechRepublic. "In an ideal state, we're going eventually end up in a world where there'll be zero human touch to an Azure production environment."
Azure IoT Edge represents a bold step forward in empowering IoT technology and improving automated productivity. While there are risks associated with every innovation, Microsoft remains committed to staying at the forefront and protecting its platforms. Companies should be willing to invest in Azure IoT Edge while remaining vigilant about the possible risks.