Posts

How Cybersecurity Fits Into Disaster Recovery

Having a disaster recovery plan is essential when you’re trying to keep your business and its reputation safe. In addition to focusing on details such as how you’ll function during adverse weather, you need to focus on cybersecurity. By learning more about the way cybersecurity and disaster recovery intersect, you can reduce the impact on your business if the worst happens.

Decide what requires your protection

The essence of a disaster recovery plan is to protect your organization’s data. To ensure your plan is extra-efficient, you need to choose exactly what it is you’re going to protect.

For example, if your business represents many clients, and you need to hold information about them to continue operating, what information is the most important? After you’ve identified the type of information that’s most important, you can move onto protecting it against one of the biggest cybersecurity threats: ransomware.

According to Business Insider, ransomware generates around $25 million for hackers each year. As it’s such a financially juicy target, it’s safe to assume that your most important information is at risk too. By gathering that data and backing it up in a safe space such as the cloud, you can lessen the impact if ransomware takes hold.

Treating all devices as a gateway for disaster

Most people in the United States own a smartphone. Many also have their own laptops and tablets. As a result, more employers are allowing employees to access company information remotely. The benefits of remote access include being able to work at home, working during a commute, and being able to contact the office while on business trips.

Unfortunately, every device that can access your business’s information is a gateway for a disaster. At the same time, those same devices can act as vital tools when disasters strike elsewhere. To prevent devices from becoming disaster gateways, ensure employees receive ample training on cybersecurity threats and identifying phishing emails. To make the most of your employees’ devices, ensure they’re equipped with everything they need for remote access when adverse weather hits.

Consider where you’ll need to mitigate impacts

It’s an unfortunate fact that disaster will hit all businesses at some point. While that may be certain, it isn’t clear just how badly the effects will be. Although you can’t predict the future, you can try to offset impacts in advance.

To offset impacts in advance, consider what the most disastrous element of a cybersecurity threat would be. For example, if a successful DDOS attack were to bring your website down and prevent customers from making transactions, how could you minimize downtime? Or, if a data breach results in highly sensitive information leaking elsewhere, what steps can you take to reduce the impact on your clients?

For most businesses, the biggest impact of a cybersecurity disaster is financial. On average, breached client records cost an organization $150 for each one. In the healthcare industry, the cost rises to $429. You may benefit from identifying potential costs to your business during a disaster and then consider ways to prevent or reduce them.

When examining how cybersecurity and disaster recovery intersect, always create a solid plan. If your business encounters any changes, ensure you update your plan accordingly. It’s always worth reviewing your plan as time goes on too, so you can make sure you’re abreast of the latest threats.

3 ways to ensure your business is protected from cyber threats after Windows 7 end of life

Your business and many others have run on Windows 7 for years. Now, come January 14, 2020, your entire office’s operating system is going to stop being supported by Microsoft. What does this mean for your business and its cyber safety?

Here are 3 ways you can ensure your technology environment is safe and secure following Windows 7 end of life.

Option 1:  Pay for Windows 7 extended security updates through Microsoft

Perhaps the simplest and most trustworthy solution for many businesses who need to stay on Windows 7 is to purchase extended security updates through Microsoft.

There are plenty of benefits to getting extended security updates. The obvious is that you’ll still be getting direct support from the software’s manufacturer. That sort of inside knowledge and accountability is important, for certain.  On top of that, it’s hard to match the resources that Microsoft has when it comes to awareness of the cybersecurity landscape.

If you’ve trusted Microsoft with your cybersecurity thus far, this solution is perfect.

Unfortunately, this service isn’t free. Microsoft doesn’t want to keep supporting Windows 7, so to keep getting these extended security updates you will be paying.

Right now, the pricing they have set forth is a per device cost that increases every year past the end of life of the operating system. From January 2020-January 2021, it will be $25 per computer. The year after the price goes up to $50 per device.  And the doubling trend keeps going year over year.

For the short term, this solution is perfectly viable. If your business needs an extra year to migrate over to Windows 10, paying $25 a device for extended security updates is the right move. Beyond that? Well, you’re throwing your money into life support for a dead operating system. Seems like a waste, doesn’t it?

Option 2: Rely on third-party security solutions

If you find the cost of extended security updates from Microsoft to be a little costly or not reliable enough, there are a slew of third-party solutions available.

The most important thing to consider when applying this solution to your business is to ensure that you have the correct cybersecurity in place. It can be difficult to find a one-stop top-to-bottom security solution. It’s even more difficult if you don’t have an expert on staff to manage it.

Some of the best options for third-party security are to deploy a reliable VPN and endpoint protection solution.

VPNs, or virtual private networks, are essential if your employees ever access any part of your technology infrastructure off-site. If you use Office 365 or any cloud-based solutions, VPNs ensure that anyone accessing materials over an outside internet connection are not opening your technology infrastructure up to cyber threats. For most modern businesses, VPNs are essential.

Endpoint protection is what most people think of when they think of anti-virus. It ensures that each machine it is installed on is capable of blocking cyberthreats that try to attack it. Usually, the softwares cost $10-15 per user.

Endpoint protection can be a great baseline of cyberthreat protection. If you are around enterprise size or want top-of-the-line security, endpoint protection simply won’t be enough.

Option 3: Migrate to Windows 10

Okay, so this one isn’t really a tactic to keep you on Windows 7. But there’s no easy way to put it; if you’re on Windows 7, you need to start creating a plan to migrate to Windows 10.

Sure, the other solutions presented work on some level. But in the end, they are simply bandaids you can use while you migrate your business over to Windows 10. Whether it’s tomorrow or 3 years from now, you eventually need to move off of Windows 7.

That’s the bad news, but there is plenty of good news.

Windows 10 enterprise is $84 a seat. That’s cheaper than paying for Windows 7 extended security updates past the three-year mark. It’s less of a headache than trying to piece together your own triage unit of third-party cybersecurity solutions. And, on top of that, you get the added benefits of Windows 10.

Things like regular updates, security or otherwise. Clean integration with Windows 365. A slew of cloud services your business can leverage on the daily.

It means not trying to carry your business into the future on the back of a dead operating system.

We know it can be a huge hassle to move your entire business over to a new operating system. What about all of your files? Your user preferences? What about the fact that Susan in accounting finally, after three years, knows where all of her Excel files save to?

You don’t need to worry about that, because there are companies out there who specialize in managing this exact sort of migration.

MSPs like ISG know the ins and outs of operating system migration. We can handle your file backup, your individual computer set up, your organization plan and your rollout schedule.

You don’t need to feel like the burden of migration falls only on you. Managed service experts are here and ready to ensure your migration to Windows 10 goes off without a hitch.

4 solid file sharing options for SMBs

Today’s businesses rely on digital files for storing and organizing almost all of their important information. In order to be truly useful, though, these files must be easily transferable. This is where file sharing solutions come into play.
Here’s what you should know about file sharing and some of the top solutions that can help your SMB effectively manage and share its files.

What is file sharing?

While it can refer more generally to any method used to transfer digital files from one location to another, the term file sharing is usually applied to specific applications that run in the cloud. Cloud file sharing systems can be used to give authorized users remote access to files stored on cloud servers.
While cloud file sharing solutions are excellent for giving your employees easy access to important files and facilitating collaboration, they also have the potential to come with cybersecurity risks.
With less direct control over your company’s data and the risk of unsecured devices being used to access files, the use of these applications requires careful supervision to maintain cybersecurity. With strong encryption standards and adherence to a robust security policy, though, cloud file sharing can be perfectly safe.
For the next several years, it is expected that at least 95 percent of cloud security breaches will be directly caused by failures on the part of customers.

Four file sharing services to consider

There are many cloud file sharing services currently available, but a few stand out as the major service providers in the market. Following are four of the go-to services that SMB owners new to file sharing may want to consider.

Dropbox Business

With 300,000 business teams and 500 million total users, Dropbox is one of the most popular web services in existence today. Owing to its ease of use and user-friendly integration with device operating systems, Dropbox is a service preferred by many consumers and enterprise-level users alike.

Google Drive

Google’s answer to independent services like Dropbox, Google Drive is a file sharing service with nearly 1 billion users. Google drive offers large amounts of storage space for files at relatively low costs and integrates smoothly with a range of third-party applications, making it a good solution for businesses in need of a cloud file sharing service.
Drive also integrates with other Google products, allowing users to save files from services such as Gmail and Google Photos to their Drive accounts.

Microsoft OneDrive

Like Google, Microsoft has jumped into the cloud file sharing market with its OneDrive service. OneDrive interfaces seamlessly with the Windows operating system and comes standard as part of the latest versions.
Microsoft Office 365, a favorite suite of tools among enterprise-level businesses, is also integrated with OneDrive, allowing users to easily move files out of tools in the Office 365 suite and into storage in OneDrive.

ShareFile

Rounding out the list of the top file sharing options is ShareFile. With ShareFile, business users can protect their files with a range of security precautions that include 256-bit AES encryption, virus scanning and even a remote file deletion feature in the event a company device is lost or stolen.
Thanks to its 100GB maximum size, ShareFile is also a good solution for storing, sharing and accessing large files.

A final word

These are just some of the many file sharing options in the marketplace today. When using these services, it’s important to remain aware of possible cybersecurity vulnerabilities on your end.
Used correctly, though, these file sharing services can help your company remain secure, efficient and flexible in an increasingly data-driven business landscape.

The down & dirty guide on developing a backup strategy

People who run small businesses have a huge number of tasks to attend to every day, from hiring decisions to customer service to budget reviews. So, preparing for data loss can get lost in the shuffle.

After all, the notion that your company could lose all of its data might seem far-fetched, especially if you have defensive security precautions like antivirus software in place. You might conclude that your time is better spent focusing on products, services and day-to-day management duties.

However, data loss afflicts companies of all sizes, including those that seem secure. And, once your customer, employee or business information is compromised or lost, restoring it can be nearly impossible. Daily operations and transactions can immediately come to a standstill, and you could go out of business in a short period. In other words, disaster planning is critical.

There are quite a few scenarios that can lead to data loss, so understanding the most common ones is an important first step. Let’s look at a few.

Physical server destruction

A natural disaster like an earthquake or hurricane could demolish your server environment, wiping out your data in the process. Furthermore, even without a natural disaster, the building it’s located in could suffer a fire, flooding or roof collapse, damaging the hardware that carries your critical files and systems.

Ransomware

Ransomware is becoming more and more common. When malware strikes a company’s digital infrastructure, it encrypts all of its data, rendering that material unusable. To get the perpetrators to unencrypt the data, the business must pay a sizable ransom, most likely with a cryptocurrency. Even if the payment is made, however, there is no guarantee the criminals will make good on restoring the seized data.

Errors and malfunctions

Employee error is a major cause of data loss. It’s all too easy for a worker, especially someone who’s tired or whose mind is elsewhere, to accidentally delete or overwrite a crucial file. A staff member could also physically damage a file by, say, spilling coffee on a laptop, exposing a machine to a power surge, or dropping an important computer.
In addition, hardware can fail. Software can be corrupted. A system could crash. The power could go out before a certain file is saved. Even if you ultimately recovered your data after such an event, you’d still have to face a costly stretch of downtime.

Choosing a data backup strategy

With all of these dangers lurking, it’s good business practice to develop a data backup plan as soon as possible. Your backup data could be stored in the cloud, a vast system of secure virtual servers. And, as you’re sending your private information to the cloud, it can be encrypted to prevent outsiders from viewing it en route.

Another possibility is copying your data to onsite hard drives, which would remain locked in a climate-controlled, restricted-access storage facility. This option is economical and makes your data easily accessible, but you’d still have to worry about a natural disaster or other calamity striking your storage unit.

Of course, you don’t have to choose between these courses of action. The best strategy is to ensure redundant backups across different locations and methods, including the cloud and a secondary, on-premises server. Depending on your priorities and needs, you can update your approach based on latest trends in backup.

Moreover, you needn’t make this decision on your own. Instead, IT managed service providers can analyze your network and your business needs, walk you through your various options, ensure that your disaster plans don’t have any major flaws and help you determine the best backup solution for your company.

In the end, there are many reasons to develop a strategy for data backup, including regulatory compliance and simple peace of mind. The information you collect and curate over time makes all of your business operations possible. No entrepreneur should ever have to discover that, in an instant, it’s all disappeared.

5 reasons why you need a backup service, even if you’re using Office 365

Enterprises around the world continue to move key applications to the cloud. But the speed and scope of migration presenting new challenges regarding data protection, service delivery, and compliance.

While most organizations have developed robust on-premises backup solutions, the failure to protect cloud data and ensure the availability of key services is widespread and incredibly alarming.

Contrary to popular belief, Office 365 and other software as a service (SaaS) models provide no real internal backup solutions. While Microsoft has sound internal security and is capable of managing Office 365 infrastructure, third-party services are needed to ensure comprehensive data protection and compliance. Let’s take a look at 5 key reasons why you need a dedicated backup service when you’re using Office 365.

1. Protection against internal accidents and threats

Content and events brought to you in partnership with Veeam Software

Regardless of how careful you are with your data, accidents can and do happen. Whether it’s the accidental deletion of a user, the incorrect merging of fields, or the failure of a key service, accidental deletion can be replicated across an entire network and lead to serious problems.

Simple accidents have been responsible for serious damage over the last few years, with an outage on Amazon Web Services costing up to $150 million dollars in 2017.
A backup service can restore data and services quickly and with minimum disruption, either to the on-premise Exchange or the Office 365 cloud network. In addition, dedicated backup services can protect you against internal security threats and manage the risk of malicious data loss or destruction.

2. Protection against external security threats

Along with internal security threats, many businesses have experienced a rise in malware, viruses, data theft and other security threats from the outside. Kaspersky blocked almost 800 million attacks from online resources across the globe in the first quarter of 2018 alone.

While Microsoft 365 and other cloud suites do have some security controls, they’re not robust or reliable enough to handle every case scenario. Having access to a high-grade, third-party backup service is the best way to reduce your exposure and manage the risks associated with data loss and destruction.

3. Retention and recovery management

Cloud-based services are popular for many reasons, with Office 365 and other solutions featuring better integration between applications, more efficient data exchange and delivery, and the ability to utilize transparent services regardless of location.

Many of these benefits come at a cost, however, with enterprises losing control over data retention and recovery. While Office 365 does have its own retention policies, they are ever-changing and difficult to manage. In fact, confusing and inaccessible data retention is one of the reasons why so many businesses refuse to move to the cloud.

You can have the best of both worlds with backup solutions that provide you with complete control over data retention and recovery management.

4. Legal and compliance obligations

In addition to running a business and ensuring access to key data and services, organizations have a responsibility to meet certain legal and compliance obligations.

A cloud backup service allows you to retrieve important data instantly and with minimal disruption to critical business systems.

Whether it’s retrieving user data for law enforcement, accessing your mailbox during a legal action, or meeting regulatory compliance standards, dedicated cloud backup makes it easier to meet your responsibilities.

5. Managing the migration process

With more businesses moving to the cloud all the time, the migration process is often presented as a seamless and natural transition.
While the benefits of SaaS are valid and well-known, managing hybrid email deployments and other critical services during migration can be more challenging than Microsoft would have you believe.

Whether you want a dedicated cloud solution or a mix of Office 365 and on-premises services, backup solutions like Veeam (our recommended solution) allow you to protect and manage your data during and after the transition in a way that makes the source location irrelevant.

Everything you need to know about VoIP phone systems

As internet speeds and capacities increase and technologies and costs improve, more and more businesses are cutting the cord from traditional phone systems. They are choosing to adopt Voice over Internet Protocol (VoIP) systems.
Just the same, it’s smart to determine if the hype is justified. How good are the monetary savings? How seamlessly will it integrate with your current or future business technology? Is VoIP secure?
Before you make any decision regarding changes to your business phone systems, take a look at the pros and cons of VoIP.

How it works

VoIP works by converting voice into digital data and sending it through your Internet connection via the router.
VoIP allows for normal phone calls through the internet with all of the options usually enjoyed by business’s traditional PBX systems including voicemail, call waiting, call forwarding, conference calling, caller ID, and more.
In addition, VoIP software integrates well with desktop computers for use as “softphones”. The only requirement is that they have voice and audio input/output capabilities.

“The last decade saw a splurge of Voice over Internet Protocol (VoIP) businesses mushrooming around the world.” – Forbes

Setting it up

Setting up a VoIP is fairly simple. You need a reliable internet connection with decent bandwidth. Most VoIP providers handle delivering calls and software needs—particularly if you’re using plug-and-play phones certified for that service provider.
Generally, there are no other hardware requirements aside from the phones themselves.
If you opt for a self-hosted, onsite VoIP system, it gets a little more involved. You’ll need to get a VoIP-friendly version of the private branch exchange (PBX) phone system many businesses already use to handle routing your calls to the appropriate phones on the network as well as a PTSN gateway to sit between the VoIP PBX software and the traditional public switch telephone network.
If you don’t wish to host your PBX software on your server, you can opt for a cloud-based phone system. That way, all of the hosting and management is done through a cloud service provider and paid on a subscription basis.
Whatever option you choose, managing the network phones and extensions is fairly simple and you can do further fine-tuning via your provider’s online account interface.
The IP phones themselves usually come in two forms. Most look very much like the traditional desktop business phone with all of the usual features—speakerphone, hold and transfer buttons, multi-caller functions, etc. Some even allow for video conferencing which comes in useful for demos, sales pitches, or just providing a human face to communication.
The other option is “softphones” which are software-based clients installed on computers and mobile devices. These offer the same full functionality as the desktop phones, plus often have instant messaging capability and, with video input available, allow for face-to-face video conferencing.

VoIP versus POTS

It’s common that when a new technology hits the scene that debate erupts over which is better. POTS is an acronym for Pretty Old Phone System, also known as PSTN (Public Switched Telephone Network). This has been the way businesses have handled communication since the days of Alexander Graham Bell. For that reason alone, many are hesitant to make the switch.
But how do the differences really compare for business? There are actually some solid reasons for POTS.
For one, there is continuity of business and of service. VoIP won’t work without an internet connection. Which means it’s not only vulnerable to network issues but power failures as well. POTS are much more dependable in these cases and allow businesses to maintain phone communication even when the internet is down.
911 calls can also be more reliable over landlines, whereas e911 calls are vulnerable to power or internet outages. For these reasons some companies, like alarm companies, require a landline in order to maintain their security monitoring.
And, in some cases, voice quality over POTS is still superior, but this may change as VoIP continues to evolve.
On the other side, VoIP offers a number of benefits not readily available to POTS subscribers.

What are the benefits of VoIP?

There’s a reason why so many businesses are adopting VoIP technology. While there exist a few pros to maintaining a POTS subscription, the benefits of switching to VoIP outnumber them.

Low cost

Generally, VoIP systems are just cheaper than traditional phone systems. There is less hardware to purchase, and, in most cases, VoIP hosts don’t require any new hardware at all. If they do, it’s usually readily available hardware that’s not locked down with propriatary limitations.
When managing remote employees—even far-flung remote employees—there is no extra cost due to distance. Because the voice and data are being sent via the internet, there are no long distance fee considerations. New York calling Los Angeles is the same as calling across the street. In fact, most VoIP services offer free calls to coworkers regardless of location.
Monthly subscription fees are lower as well, and often don’t require a contract.
Much can depend on the amount of phone traffic you regularly have. At worst, you’re not likely to be spending more than you already are. However, you’ll have the added value VoIP can bring you.

“The advancements in technology have greatly helped small business owners to realize increased productivity and lower cost structure in all sectors.” – CIO

Mobility

VoIP is particularly suited for those employees who are not tethered to a desk or traditional office setup.
Many providers offer dedicated apps for sending and receiving calls from remote locations using their data connection and mobile devices including those devices that fall under your business’s BYOD policies. You can set these apps to right simultaneously with an office phone. Apps can even function as a standalone extension.
Likewise, video conferencing options are available for salespeople to run demos and pitches with the same ease and low cost as voice communications from wherever is most convenient or effective, saving on both time and travel.
Being away from the phone is not a problem as voicemail and instant messaging can be converted to email or text messaging and sent to any device specified.

Scalability

You won’t have to worry about installing additional hardware to accommodate new extensions when your business requires them. VoIP service expansion is as simple and inexpensive as purchasing another certified phone with plug-and-play adaptability. At most, connecting a VoIP-enabled phone to your network will require tweaking a few settings. You could also install the softphone client software onto additional networked computers.
VoIP allows for adding or removing any number of phones and extensions. So you can do what makes the most sense for your business’s current needs.

Integration with unified communications systems

If your business uses or is considering implementing a unified communications (UC) system, VoIP fits in well and may already be part of its infrastructure. Because both the UC system and VoIP rely on network connectivity and management, including both makes sense, and both use many of the same communication features such as instant messaging, call management, video calling and conferencing, and mobility.
VoIP becomes another tool for enhancing collaborative workflow and business productivity.

“Today’s small businesses have extensive options for selecting a business phone system, particularly now that cloud-hosted VoIP (Voice over Internet Protocol) solutions are so prominent in the marketplace.” – TechRepublic

Security on VoIP networks

When it comes to the security of your VoIP system, much of that is in the hands of the user. Many VoIP services don’t come with internal security obstacles for cybercriminals to overcome. For that, you need to rely on those same security protocols and best practices as usual.
You’ll want the usual robust firewall protections on your network and employee education regarding phishing scams and malware attacks. You can consider encryption and VPN options as well.
Taken as a whole, however, VoIP is as secure as traditional telephony.

Is VoIP for you?

VoIP is such a rapidly developing technology and is being adopted at a growing rate among companies worldwide. As such, it has been suggested that it may supplant POTS in time. You may want to consider making the switch. It’s simple, given the low costs, the flexibility, and multitude of services available with VoIP systems
As with any business decision, you should do the research and consult with your experts. You’ll likely find that companies dedicated to keeping a competitive edge and looking to take every advantage possible to strengthen their business are adopting VoIP as a useful tool.
 

Enterprise-level BYOD policy dos and don’ts

There’s no way around it. Your organization needs a Bring Your Own Device (BYOD) policy. In fact, it probably needed it two or three years ago.

You dig in and do your homework. You evaluate the options, assess the upsides, and prepare for potential drawbacks. You’ve taken in tons of advice and information. It’s time to sort through it all. Before you go into information overload, tie up your research with our handy list of BYOD policy dos and don’ts.

Don’t forget the gatekeepers

Your IT team probably has existing precautionary guardrails to protect devices and networks.

That’s a great start. But as the BYOD policy develops, IT administrators need to stay informed and involved.

Their teams are accountable for network security. And they know better than anyone the boundaries that need to be set as part of the policy.

Do be cautious yet flexible

In a post for cybersecurity authority Security Intelligence, New York Times best-selling author and award-winning journalist Bob Sullivan stands firm against opinions BYOD is another tech trend. “Neither BYOD nor IoT is going anywhere.”

“So, what should IT departments do?” Sullivan asks. “The solutions aren’t easy—and they’re going to have to evolve alongside every new gadget and application that connects to the company network.”

Is your BYOD policy putting the responsibility on IT to secure every device on your network?

Remember that this isn’t about limiting or restricting device use. It’s about empowering those entrusted to protect the company’s systems and infrastructure. Make sure these policies support your IT department’s overall BYOD objectives.

“Ensure constant monitoring of approved hardware and software,” Sullivan writes, “Just because your team decides a particular tablet or application is safe today doesn’t mean it won’t be unsafe tomorrow.”

Consider how future technologies might impact security. Is there a good possibility that IT will find itself stretched thin? Will IT end up playing “patch-a-mole” with every new OS update and firmware release? If so, you may want to leave some room in the BYOD policy for a managed IT services provider (MSP) to shoulder the load.

Don’t reinvent the wheel

Your BYOD policy needs to consider your organization’s specific technological needs. Think about the size of your company. Think about the kind of tech that benefits your employees. Identify the types of devices you can do without. Separate the must-haves from the nice-to-haves.

Now that you’ve determined who needs to support and influence your BYOD policy and what types of circumstances it needs to address, the fine folks at IT Manager Daily have done us all a solid and posted a BYOD Policy template.

Just cut it, paste it, and make it your own. Maybe put it on the good company stationary you save for special occasions or prepare to upload it to your human capital management system, but first . . .

Do make sure legal reviews the policy

The policy is ready for release after your legal department has officially vetted it. But you still need their help identifying who’s responsible for communicating what. You need their assistance defining what the company considers adequate communication.

Do you send an email to employees asking them to stay on alert for possible phishing attacks? Or is the company on the hook to provide more comprehensive education? Should employees acknowledge in writing that they understand the new policy?

Defining and enforcing the BYOD policy in these ways can make or break its effectiveness.

This is an instance where it is perfectly acceptable to assume the worst. Employees will reuse passwords. New technology will fail. Legacy tech will stop being patched for current threats. A new hire will log into his laptop at a coffee shop, hop on a free network, and access a bunch of sensitive data without thinking twice.

The legal department is a crucial ally when developing any type of company policy. They’re a key partner in making sure the BYOD policy you craft, draft, and deliver is effective and won’t leave the company exposed if a data breach occurs.

7 critical questions you should ask when choosing a cloud computing provider

There’s no question that cloud computing is on the rise. More and more businesses are turning to cloud computing as their default setting. But with so many options to choose from, how do you select the right provider for your business?

Here are seven critical questions you should ask when choosing a cloud computing provider.

1. What cloud computing services do you provide?

There are many different types of cloud services such as a public cloud, private cloud and hybrid cloud. If you already know what type of service you want, your first step is to make sure your potential provider offers that service.

More than likely, though, you know you want to move to the cloud, but aren’t sure which type of service would work best for you. A good cloud computing provider should not only be able to explain the services they offer, but help you to determine which cloud computing services would best meet the needs of your business.

2. How secure is your cloud computing?

Security should be at the top of any list when data and networking is concerned.

Cloud security, just like network security, ensures your data stays safe. Ask potential providers what network and server-level security measures they have in place to protect your data. Security measures to look for include encryption, firewalls, antivirus detection and multifactor user authentication.

3. Where will my data be stored?

Since cloud computing involves the storage of data at off-site locations, the physical location and security of those data centers is just as important as online security.

SSAE 16 and SOC 2 Type II certifications are the best indicator that your provider’s products, systems and data are compliant with industry security standards.

4. How will my business be able to access the cloud?

One of the benefits of cloud computing is its flexibility and ease of access. You’ll want you understand how you will be able to access your data on the cloud and how it will integrate into your current work environment.

If your company is poised to grow in the near future, you may also want to ask about scalability and your provider’s ability to meet your growing needs.

5. What is your pricing structure?

Pricing for cloud computing can vary greatly, so make sure you understand how and for what you will be charged.

Ask about upfront costs and the ability to add services as needed. Will services be charged hourly, monthly, semi-annually, or annually?

6. How do you handle regulatory compliance?

Understanding the many laws and regulations, such as GDPR, HIPAA, and PCCI, that pertain to the collection and storage of data can be intimidating. That’s why one of the benefits of hiring a cloud computing provider is having security experts take care of regulatory compliance for you.

You’ll want to make sure your provider is constantly working to stay up-to-date on the latest rules and regulations that may affect your data.

7. What customer support services do you offer?

Cloud computing never sleeps and neither should your provider’s technical support. Getting help when you need it is important, so you’ll want to ask your provider if they provide 24-hour technical support, including on holidays.

Ease and availability of reporting problems is also important so ask about phone, email, and live chat support options. You may also want to ask about your provider’s average response and resolution times.

Asking these questions can help you find the right cloud computing provider for your business. And getting the right answers is only a phone call away—call your managed IT services provider to start the process today.

Why patching should always be a priority for IT network health

Having a sound IT infrastructure is crucial for every organization.

From network security to hardware and software implementation, your IT plan should always reflect company objectives and directives. But you also need a safe and secure operating platform.

That’s why patches should never be overlooked when it comes to network health and digital environment stability.

“Software updates are important because they often include critical patches to security holes.” – McAfee

What can patching do for my IT services?

Patches are software updates for your OS and other executable programs. Patches offer temporary fixes between full releases of software packages. Similarly, they can help maintain your IT network stability via.

Here’s some of what patching typically addresses:

  • Software bugs fixes
  • New or updated drivers
  • Fixes for new and existing security vulnerabilities
  • Fixes for software stability issues
  • Automatic upgrades for software and apps

Related: The CIO’s guide to lowering IT costs and boosting performance

Will patching tackle the latest viruses and malware?

While antivirus applications are part of any IT security package, patching is designed to integrate with existing systems and improve usability across the board.

At its core, software patching is essentially a convenient way to update applications and supporting data. This, in turn, updates, fixes and improves overall performance. These updates fix bugs within your software and IT infrastructure, resulting in safer and more efficient digital workspaces.

That said, patching does play a key role in vulnerability management.

With digital intrusion and network hacking at an all-time high, you need a timely, effective solution for implementing corrective measures. Sadly, most clients tend to overlook the importance of patching for mitigating risk.

Patches benefit your IT network in the following ways:

  • Identify and mitigate network security vulnerabilities.
  • Facilitate the seamless integration of operating systems and software apps
  • Ensure critical business processes and protocols run smoothly
  • Provide another critical layer of cybersecurity protection
  • Stop malware, viruses, adware and even ransomware from quietly running in your background systems

Looking for a complete cybersecurity plan? Check out The 2018 cybersecurity handbook.

How are patches delivered to my IT network?

Security and network patches are automatically inserted into codes of your existing software and apps.

This is done with little-to-no interruption of your daily business tasks, though there are times when patching requires user permission. In many organizations, patches are handled by the in-house IT teams or by the organization’s managed IT services provider.

Patching is essential for system success

The important thing is that you don’t ignore patching. Because patches rarely feel critical in the moment, it’s surprisingly easy (both for IT departments and individual users) to simply put off the patching process. That has the potential to leave you open to all kinds of nasty vulnerabilities.

Patching your programs may not seem all that important, but it really is vital to your overall network health.

“The takeaway for CIOs: Keep your work computers updated with patches on a regular basis and apply emergency patches as needed.” – CIO

The enterprise-level Wi-Fi security primer

Using Wi-Fi has become almost as natural as breathing.

From a business standpoint, some might say it’s critical. We’re online all of the time, every day and everywhere. We rarely consider how we are connected. All that matters is that we have a way to log in.

Wi-Fi has had a profound impact on organizations and employees. It enables users to communicate and collaborate which in turn enhances productivity, agility and ultimately, profitability. It creates opportunity, increases morale and reduces costs.

But despite being so convenient and flexible, best practices for enterprise Wi-Fi security aren’t always followed.

One of the biggest exploits to affect Wi-Fi security was widely publicized last year. Dubbed with the name KRACK, this vulnerability allowed attackers to bypass Wi-Fi security and steal sensitive data, including credit card details, passwords, emails, photos, chat messages, and the list goes on.

The vulnerabilities are real and robust Wi-Fi security is a necessity.

In a world where new cyberthreats and security exploits are unleashed on a daily basis, it’s more important than ever to stay on top of enterprise Wi-Fi security. In doing so, you can ensure your infrastructure and data is protected without compromising seamless access or enhanced productivity.

Identifying the vulnerabilities

The threats awaiting an unprotected WLAN are many.

Passive eavesdroppers can gather sensitive data, intruders can steal bandwidth and wireless traffic can be recorded easily. Even low-level attackers can launch a packet flood that disrupts your network.

If you don’t know what you are securing your Wi-Fi network against, you might as well be taking shots in the dark.

Before a WLAN can be sufficiently planned, deployed and secured, it is essential that all business assets are identified in order to protect them from the impact of theft, damage or loss. At the same time, you should determine who needs access to what and when so that you can define access policies.

WPA2-Enterprise: the recommended industry standard

When it comes to encryption and authentication, you have an increasing number of options available. The method you choose will largely depend on the level of risk that deploying a WLAN opens up and the size of your enterprise. However, the preferred and recommended standard for most organizations is Wi-Fi Protected Access 2 Enterprise (WPA2-Enterprise).

WPA2-Enterprise was first introduced in 2004 and delivers robust security and over-the-air encryption. Authentication is handled by a RADIUS server which authenticates each device before it connects. Once authenticated and connected, a personal tunnel is created between the network and the device, creating a secure connection over which all data is encrypted.

Another point to note is that WPA3 has recently been launched by the Wi-Fi Alliance. While it won’t hit the mainstream immediately, this new standard will provide strengthened user security through individualized data encryption and is certainly one to watch for the future.

Provide a better user experience for everybody

Wi-Fi is designed to allow users to connect and roam, but not at the expense of your network security.

In a business environment that is no longer restricted to trusted corporate users, you also need to secure your network for the BYOD and IoT era. Any device that can connect to your WLAN is a potential threat, whether it’s a client you have known for years or an IoT sensor streaming data in real-time.

In order to provide a positive and secure Wi-Fi experience for everybody, you must define context-based access policies that limit access by user or device. Even better, implement a guest Wi-Fi network that’s separate from your main WLAN and which will segment all guest traffic and isolate it away from your enterprise data.

Good housekeeping and points to note

Network administrators and IT security professionals should also consider these additional housekeeping tips to further secure and manage their enterprise Wi-Fi networks.

  • Deploy a wireless intrusion prevention system (WIPS) and wireless intrusion detection system (WIDS) on every wireless network.
  • Many best practice guides will tell you to change the SSID for your wireless network. It’s important to remember that the SSID is a network name and not a password. There are no security benefits of changing it, but if you need to distinguish your network name from others in the vicinity, changing it can make it more easily identifiable.
  • Ensure all equipment meets Federal Information Processing Standards (FIPS) 140-2 compliance for encryption.
  • Consider centralized WLAN management in the cloud that allows you to configure all access points, manage access policies and analyze network traffic.

Final thoughts on Wi-Fi security

Just like any segment of your network, wireless networks require robust security in order to protect data and systems, while still offering unfettered access to authorized users.

By identifying your vulnerabilities, using recommended encryption and authentication technologies and controlling access to your WLAN, you can ensure that you reap all the business value that Wi-Fi has to offer.