Month: February 2019

Stop Playing The Odds

by

IT departments looking to save time and money shouldn’t be doing this at the expense of their data protection. A study from the University of Texas showed that 43% of companies suffering from catastrophic data breaches were forced to close and never reopen, and 51% closed within two years.

Although all breaches are not the same, many of the causes are human-related and carry similar themes.

Trusting Co-workers to Follow Policies
The reality is that employees aren’t always great at following company policies, and even when they do, mistakes still occur. Automation enables some solutions. This, along with, strict enforcement of created policies and procedures, and retention enables data retrieval are key steps businesses need to consider.

Underestimating Cybercriminals
Most companies have at least basic security solutions (firewalls and anti-virus applications) in place to defend against malware. But cybercriminals are becoming very adept at breaking through traditional cyberdefenses. IT professionals should evaluate their IT Infrastructure, identify areas of vulnerability and implement better security solutions to overcome them. These solutions include web-monitoring software for safe Internet usage, end-point protection for bring-your-own-device management and a sandbox to fight targeted attacks. From a backup perspective, the ideal approach is to operate backup and disaster-recovery solutions on a non-Windows operating system. Windows has long been one of cybercriminals’ favorite targets, and running protection software on an operating system which is relentlessly under attack just does not make sense.

Playing the Odds
Despite data-loss horror stories, many companies still don’t have disaster-recovery plans in place to protect data (customers, company & employee data) from natural and man-made disasters. Many companies that do have set policies have just one general set of guidelines that apply to all disaster situations. A strong plan focuses on people, infrastructure and processes, and clearly outlines how each is affected in different disaster scenarios.

Failing to Test Disaster-Recovery Plans
Failure to test disaster-recovery plans, or testing them infrequently, can greatly increase the risk of data loss in the event of a disaster. Since IT infrastructure evolves daily, thorough testing must be done on a consistent schedule as a standard business practice.

Transparency is key today. No matter whether the information loss is noticed right away or weeks afterwards, notifying the public and those affected is key to mitigating against negative outcomes for a business. Often companies will recover if they are candid with their customers and helpful with providing solutions to prevent identity thief or further breaches. Taking responsibility of the breach and disclosing exactly what information was breached can help tremendously against further damage.

CCNY Tech delivers IT Services across Upstate New York
Utica |   Syracuse  | Ithaca  | Albany  | Rochester

CCNY Tech offers small businesses in Upstate New York ways to be proactive with their security measures, while being on-call to handle technical issues that come up. Contact a specialist at 315-724-2209 and ask about the exclusive TechAgent program that has been built around helping SMBs to increase uptime, while staying within budget.

Get a Quote for Pre-Owned Networking Equipment:  Utica/RomeSyracuseRochester  – Buffalo  – Albany   – NYCWatertown NY

 

Small Business Owners: It’s Time…

by

There are two main reasons why business owners aren’t taking appropriate actions to safeguard their networks; yet another motive is known as”security fatigue,” and the other explanation is essentially denial. Security fatigue occurs when cybersecurity gets so overwhelming that business owners abandon practices entirely. Safety is constantly changing and attacks are becoming more complex, so some believe that their efforts are futile.

According to a survey, about 87% of small business owners don’t feel this is a legitimate threat. That same poll says that just 69% have steps in place to prevent attacks. These statistics leave an alarming variety of small companies without any intrusion detection/ avoidance in any way. Now let us be clear here, info breaches are a real chance for many companies, in all industries.

CCNY Tech’s Central New York MSP offering understand that securing company networks, data, applications, and sensitive information can be terribly overwhelming. It may be even more stressful when customer information is on the line. As technology grows more and more concentrated in our companies, our need for safety becomes much greater. But, network security doesn’t need to be as complicated as you may think. Although it’s critical, it can be readily implemented and maintained.

1. Designed Wifi Access Points – Having a WiFi range that extends further than your instant building leaves your network more exposed to hackers. Perhaps it doesn’t seem like a probable issue, but it is more common than you may know.

2. Install a Firewall – A firewall is a very straightforward and manageable way to protect your network. Using a dedicated firewall permits for more in-depth review of programs entering your system.

They provide an array of safety enforcement technologies and fight against complex threats.

3. Physical Security – It can be quite useful to keep your system infrastructure behind locked doors. Studies have found that the majority of breaches are performed by workers — both unintentionally and intentionally. It can be best to maintain network infrastructure off limits to anybody that doesn’t require direct contact with it.

4. Educate Your Employees – Since inside accidents are so common, it might be beneficial to spend 1 day per year teaching best practices. This includes teaching employees about opening particular emails, where to conserve company and client information, spam filters, and clean desk policies, amongst others.

A clean desk policy implies all workers keep company and customer data from their desks when it isn’t being used. Any visitor, or even employees from different departments shouldn’t have the opportunity to view sensitive information.

Password training may also be valuable to your organization. Not only is it important not to write passwords down, it’s also helpful to use complicated combinations and to change them regularly. Today the best bet is to have “two-factor authentication” which typically requires a second step of approval on a mobile device via text message or native application.

5. SSL and Encryption – Most businesses these days have a website. If financial information passes through a website, it is up to the business to perform their due diligence and safeguard that information to the best of the ability. A very simple way to kick off this is to allow SSL through your hosting provider. This will help to protect against loss of information through packet sniffing.

6. Keep Log Files – A centralized accounting server keeps logs from all devices on the system and may be used to determine the point of entry for an individual, in addition to their information (in case the system is not compromised). These files are essential for damage control and future preparation.

7. Captive Portal on accessibility Points – Implementing captive portal for guest users on your network is a simple method to alleviate some possible responsibility. This is accomplished by ensuring guest customers read and consent to an AUP (acceptable use policy) which clarifies acceptable use in your network. If a guest then utilizes your network to perpetrate a crime in some way, your business is no longer accountable for their actions.

8. Avoid BYOD – All employees and management should avoid using their private devices for work. When office workers use personal phones, tablet computers, laptops, etc. at the job site, they start the network to several dangers. When connecting outside devices to the business network, it’s subsequently subjected to some viruses and threats that they may have been carrying. Likewise, once an employee brings work home on personal computers and phones, they undermine the job into the low amount of security in their home system. Worker devices shouldn’t be connected to the company network and company work should not be brought home. This can leave a network quite vulnerable.

9. Anti-virus and Automated Software Updates – Researching and installing proper antivirus is an excellent way to shield your network. Attacks can be hiding in all kinds of places and antivirus makes it only that much safer to see sites and emails that are open.

Automated software upgrades are another very helpful networking practice because it ensures that you are running the latest versions. Software updates often include patches to some issues in prior versions. This may consist of security holes and leaks. These upgrades operate in the background, and while you don’t observe they are happening, they can be protecting your information.

CCNY Tech delivers Managed IT Services across Upstate New York
Utica |   Syracuse  | Ithaca  | Albany  | Rochester

CCNY Tech offers small businesses in Upstate New York ways to be proactive with their security measures, while being on-call to handle technical issues that come up. Contact a specialist at 315-724-2209 and ask about the exclusive TechAgent program that has been built around helping SMBs to increase uptime, while staying within budget.

 

Get a Quote for Pre-Owned Networking Equipment:  Utica/RomeSyracuseRochester  – Buffalo  – Albany   – NYCWatertown NY