Tag Archives: IT Systems Compliance

Network Compliance is for Everyone

With so many organizations generating data in the course of daily business, it’s more important than ever to protect it from loss or compromise. Data breaches are frequently in the news, and aside from the negative publicity, result in fines and loss of revenue for companies. Maintaining network compliance is critical for all businesses. Read on to learn how to protect your company from this costly scenario. 

Network Compliance is Helpful to a Company’s Security

Security has to do with a company’s own technology assets, whereas compliance can be defined as a company adhering to policies and procedures. For most companies, network compliance may be scheduled backups, operating system patching and anti-virus updates. For companies with regulatory requirements of a third party, such as a government or industry compliance involves more than simply protecting an individual company’s assets, though doing this can be helpful in progressing toward compliance. Industries can have strict regulations; HIPAA, for example, protects the privacy of patients’ health care data. Another category, which serves as a standard, is Payment Card Industry Data Security Standard (PCI-DSS); it protects the payment card data of people shopping online. These industry regulations carry strict requirements for the protection of personal data, and company networks must comply or face penalties. With threats abounding, such as malware and viruses, or simply a hole in the network, a network’s protection is crucial. 

Ways to Keep Your Network Secure and in Compliance

One way to get a baseline for evaluating the security and compliance of your network is to conduct a network audit, taking an inventory of the network itself along with all devices connected to it. Anti-virus and anti-malware definitions should be reviewed and possibly updated, as well as operating system patches. Along with these improvements, network monitoring can be added, to look for possible weak spots. Be sure to factor in the human element; sometimes employees can unwittingly be a network’s weak link. For instance, an employee can inadvertently click on a link in a phishing email, exposing a company’s data. Or they might access a company’s network from an unprotected device. Frequently instruct employees in common-sense best practices, and emphasize their role in keeping data safe. 

If you need to develop a plan for meeting compliance standards, or are unsure of your organization’s current compliance level, contact your trusted technology advisor today for an assessment. 

Cyber Crime

Network Security Precaution for Meltdown and Spectre Vulnerabilities

The technology industry is working to patch two network security flaws known as Meltdown and Spectre Vulnerabilities. These hardware bugs can expose information being processed or stored in memory on your computer.

While there are no known exploits, malware or phishing schemes specific to these network security vulnerabilities, this reminds us of the importance of Network Security best practices to protect Windows PCs and Macs, as well as Android and Apple iOS Mobile Devices. While the industry rushes to patch these network security vulnerabilities, here are some considerations to protect your network.

Keep your Operating Systems Patches Up to Date

Make sure you install security updates for your operating system and applications. Apple (AAPL), Google (GOOG), and Microsoft (MSFT) have already released some patches. You can do this manually through automated updates, or subscribe to a managed service to keep your network current. Keeping your browser up to date will also prevent websites from attacking your processor to steal your password and other privacy data.

Don’t Forget Updates on Mobile Devices

The Meltdown and Spectre Vulnerabilities serve to remind us of the importance of keeping smartphones, tablet computers, and other mobile devices updated with the latest operating system and related security patches. Also, remember to download software only from trusted sources. Employers should remember to review acceptable use policies to ensure they are up to date and that employees comply with company mobile device acceptable use.

Train Your Employees on the Importance of Network Security

Your employees are on the front line of defense for network security. Through periodic education and training your employees will implement strong passwords and change them regularly. They will also be adept at identifying malware and phishing schemes to better protect your network.

Your network is the backbone of your technology infrastructure. Securing your network is a critical component of your technology strategy. If you have questions or concerns about your network security, contact your technology advisor today.

How is Your Network Health?

Proactive Network MonitoringYour network is the backbone of your IT Infrastructure. Your network health is also an integral part of your defense against Cyber threat. Cloud Computing, Communications and Collaboration, Data Protection, and Digital Transformation put more reliance on your network.  This begs the question, how is your network health? Ask yourself these three questions to find out the answer…

How Well Does Your Network Perform?

You rely on your network to communicate with your employees, customers, prospects, and suppliers. What’s more, your network links your company to public and private cloud services and applications that are critical to your business operations. Performance bottlenecks from social media, streaming applications, faulty hardware, and lost connections can impact your employees’ productivity. Offsite backup and other IT functions also rely on your network. Ensuring network health keeps systems running smoothly and available when you need them.

How Secure is Your Network?

Network security is an imperative for businesses of all sizes. Your business may face additional compliance requirements–for example, Payment Card Industry Data Security Standard (PCI DSS). Data protections standards are rapidly evolving, which could increase your responsibility and exposure to fines and penalties. General Data Protection Regulation (GDPR), the European Union’s data protection rules, could apply to your business regardless of your location.

Keeping your network in compliance through monitoring, endpoint protection, content filtering, and other network security detection and protection technologies is a good start. Train your employees on the implications of phishing emails and how to identify one. Teach them to avoid malicious links in unsolicited scam emails. Underscore the importance of a strong password and steps to take to keep data private.

How Efficient and Flexible is Your Network?

Technology advances at an exponential rate, ensuring access to enhanced technologies at an affordable price. Network solutions continue to evolve, providing better value and performance for your business. Software-Defined Wide Area Networking (SD-WAN) allows companies to mix and match networking solutions from multiple carriers in an efficient and effective manner. If properly optimized, SD-WAN provides you the best performance at the most competitive price.  What’s more, SD-WAN provides capability for failover for your most important voice and data systems.

Your Network Health is critical to your business success. Proactive network management keeps things operating smoothly without failure. If you are concerned about your network health, contact your technology solution provider and ask about a network health check today.

Can A Business Continuity Plan Save Your Reputation?

Reputation Management is a hot topic in the boardroom these days. Having a solid business continuity plan could make or break your company’s ability to survive a data breach or other systems failure that could tarnish your hard-earned reputation. Company news about data loss, systems downtime and other unplanned interruptions occur with regularity. According to technology research firm Gartner, a business that has a catastrophic data event has a two-year survival rate of just 6%. Surprisingly, your company can avoid these scenarios by having a solid BC/DR Plan. It is no surprise that recent research by MarketsandMarkets forecasts the spend on DR as a Service (DRaaS) to grow from $1.68 Billion in 2017 in revenue to $11.11 Billion by 2020. Read on to find out how a Business Continuity Plan could save your business.

Understand Your Business Continuity Risk and Exposure

A great place to start with Business Continuity planning is a review of your company policies and procedures. Your business continuity policies should — in addition to identifying the technical standards for managing your company’s applications, data, and related infrastructure — should identify acceptable risk, what your employees will do in a disaster recovery scenario, and identify any compliance requirements. It is important to understand what information is most important and to consider the risks of suffering a data loss. What would be the impact to your revenue, productivity and reputation? If you could not access your information, or it was subject to data breach, how may that impact your customers’ trust and your business’s reputation?

An Ounce of Planning is Worth a Pound of Cure

Ensure you have a solid data protection plan. Ask yourself; how often is your data backed up, how fast could you recover if needed, who are the stakeholders and how would you communicate with them if you suffered a data loss? Another consideration is your Recovery Time Objective (RTO). Your RTO is how long it will take to restore your data. The size of your data and backup methodologies can impact how long recovery may take. Your network may also be a factor in how quickly you can get up and running. Network bottlenecks can turn a routine restore into a never-ending project. Make sure your network is robust enough to meet your Recovery Time Objectives. Also, remember to train your employees on how to avoid malware and phishing schemes. Last but not least, test your backups regularly to ensure data integrity.


Proactive Communications and Rapid Recovery are Critical

If you find yourself in a situation where your data has been compromised, most experts agree you should respond quickly and proactively. As of last count, the United States had 48 state data breach notification laws to comply with. Many countries around the world have various data protection breach notification laws as well. The EU is in the process of implementing The General Data Protection Regulation (GDPR), which establishes data protection guidelines for its citizens’ information.

Having a Business Continuity plan could save your business. Being able to rapidly respond in a disaster recovery scenario is a critical element of survival. Not only will it help you get back up and running quickly, you will avoid unnecessary fines and protect your company’s reputation. If you feel your business would benefit from a risk assessment, contact your technology advisor today.

Getting the Most from Cloud Computing

Advantages of Moving to CloudCloud Computing adoption continues to outpace the growth rate of total IT spending. According to research firm Gartner, the market for public cloud services will continue expanding, with year-over-year revenue growth of 17.3%. Compare this to Gartner Growth expectation of total IT Growth of 1.4% and you can see how the market for Cloud Computing is maturing. Cloud Service Providers offer a wide range of solutions. According to CompTIA Trends in Cloud Computing, Cost reduction is the primary driver for VoIP, cited by 67% of companies with a VoIP implementation. Integration with other applications was cited as the second biggest driver by 36% of VoIP adopters. Here are a few tips to help realize the benefits of savings and integration of popular Cloud Services.

 

Manage Rogue IT


Rogue IT is a term for technology deployed without the aid of a technology advisor. Cloud Computing empowers Line of Business (LOB) owners to rapidly deploy Software as a Service (SaaS) applications and to minimize the involvement of a technology advisor. Financial management, HR management, Call Center and Help Desk services are common SaaS application purchase decisions made by LOB owners.

More often than not, LOB owners involve a technology advisor in the purchase decision for final approval and consultation. Cloud integration, security concerns, and the need to centralize technologies are common reasons to include a technology advisor. Without the input from a trusted advisor, the costs of Cloud adoption can increase, and the creation of silos from lack of integration can result.

Navigate Cloud Security Concerns

Due to the nebulous nature of Cloud Computing, Cloud Security can be a challenge to manage and is only as strong as its weakest link. By proactively managing their technologies and workflows, companies can avoid security issues including lack of regulatory compliance, malware infection and denial of service attacks. Seeking the support of a trusted technology advisor provides an unbiased perspective for performing due diligence on suppliers and partners so your business can use the Cloud with confidence.

Ensure that your Cloud Service Providers monitor their systems for malware and utilize firewalls and encryption. These actions protect your assets in the Cloud and ensure that Unified Communications, Web Hosting and other customer-facing applications run smoothly.

Manage Internal Change from Digital Transformation

Cost savings and integration resulting from Cloud Adoption will have a positive impact on internal operations. Building new policies, or updating existing policies and procedures, allows your employees to take full advantage of Cloud Computing Adoption. Also consider reviewing how you monitor performance for your network, applications and Cloud Services. Keeping things performing will contribute to the overall productivity and savings realized from Cloud Computing.

Cloud Computing adoption drives change at many levels in today’s business world. With the help of a technology advisor you can get the most from your Cloud Computing investment. Don’t hesitate to reach out to your technology advisor to lift your business to the Cloud.

The Importance of Maintaining Network Compliance

Network SecurityLast month’s blog provided information about ways to “Avoid Being Held Hostage by Ransomware.” Eight days later, on May 12, 2017, there was a global outbreak of the Wanna Cry Virus. With Cyber Threats on the rise, the importance of maintaining network compliance is top of mind with business owners and IT professionals alike. Industry compliance regulations, including PCI, HIPAA, and SOX, drive best practices in Network Compliance. However, most businesses today rely heavily on their systems to access Cloud Services, Voice, and Data Networks for mission-critical applications that run their business. What can you do to maintain network compliance?

Automate Your Network Administration

Keeping operating systems and network configurations up to date is a top priority for network compliance. Each device that connects to your network needs to have up-to-date operating system security patches, anti-virus definitions, and malware threat prevention in order avoid un- intended intrusion of your network. There are abundant tools and managed services to help your business stay up to date without adding to your internal labor cost.

Proactively Monitor Your Network

Monitor your network to identify any systems that are out of compliance. Proactive monitoring can also identify unauthorized devices connected to your network. You can monitor your network traffic to identify unusual use of network bandwidth. Aside from slowing down your systems, excessive bandwidth may be the result of a malware-infected device that is exploiting your network.

Documenting Your Network Security Controls

Achieving compliance with documented security procedures including password policy, systems maintenance, backup procedures, and compliance measures, is critical to following most industry compliance regulations. It is a  best practice to update these procedures annually. Reviewing your Network Compliance policies gives your business an opportunity to stay up to date and serves as a reminder of the importance of maintaining network compliance.

Contact your Technology Advisor if you have questions about maintaining network compliance or other concerns regarding ransomware and other related Cyber Threats.

Migrating to the Cloud with Confidence

Cloud ComputingMore and more companies are migrating to Cloud Computing to gain competitive advantage and reduce capital expense. According to CompTIA’s 9th annual Security Trends study, companies reported over 80% net usage of Cloud Computing. Over 59% reported moderate or heavy usage. What’s more, the survey found that 68% reported confidence in Cloud providers’ ability to provide a Secure Cloud Environment. An additional 17% responded they were very confident in the security of their Cloud environment. Let’s explore what drives confidence in the Cloud.

How to Assess Cloud Provider Security

There are many variables to consider when evaluating security of a Cloud Provider. According to the study, many companies evaluate their Cloud provider based on encryption–when moving data to the Cloud, it should be encrypted at rest and in transit. In addition, companies should consider the disaster recovery plans of their Cloud Provider. Some Cloud Providers adopt industry standards including SAS 70 to provide consistent, compliant cloud security. Industry standards are often used to evaluate a Cloud Provider. Identity and access management are also criteria for evaluating a Cloud Provider. Many companies also consider geographical location(s) of the Cloud Provider’s data center.  

Consider your Compliance Requirements

Many industries have specific requirements regarding handling data. For example, PCI provides guidelines for how companies handle credit card information. Healthcare, Financial Services and Governments (or companies doing business with Government) also have compliance requirements for handling data. Understanding your requirements is key to ensuring you migrate to the Cloud with confidence. Some data may require implementation of a private cloud environment. Also, a Private Cloud has additional security benefits, being a Cloud environment dedicated to a specific company.

Use the Cloud Responsibly

One of the many benefits of Cloud Computing is ease of deployment. Many Software as a Service (SaaS) applications make it easy for a department within a company to migrate to the Cloud without technical assistance. This technology adoption is known as “Rogue IT.” Having a better understanding of Cloud Security and risk helps your business leaders make smart decisions when it comes to migrating to the Cloud.

If you are migrating to the Cloud or have concerns over your Cloud Security, contact your technology advisor to find out how to migrate to the Cloud with Confidence.

What are Managed Services and Why Should I Care?

A managed services provider (MSP) takes on the responsibility for a company’s technology and infrastructure by proactively providing a defined set of IT services for a fixed monthly fee. This approach is preferred by businesses over the traditional Break/Fix services delivered on an hourly rate when needed. By emphasizing high availability and reliability, Managed Services align the MSP’s business model with a company’s business objectives. In contrast, the break/fix model addresses problems when they occur. According to research firm MarketsandMarkets, the global managed‐services market will grow to $193B by 2019, at a Compound Annual Growth Rate (CAGR) of 12.5%.

Information Technology as a Service

According to the fifth annual Trends in Managed Service published by CompTIA, “The central tenet to the MSP model is a provider-customer relationship based on a contract backed by a service level agreement.” This approach provides IT services similar to other utility models.  Many Managed Service Providers (MSPs) rely on remote monitoring and management technologies to deliver a range of core IT services in a scalable and proactive manner. This approach streamlines the process for proactively identifying and resolving issues with IT infrastructure.  

What to Expect from an MSP

CompTIA research indicates it is common for a managed service provider to include desktop and network management, applications management, and remote help desk in their service level agreements (SLA). Security (including firewall management), server management, storage, network monitoring, Business Continuity/DR, Backup as a service (Cloud Backup), Email, and Virtual desktop are often available as managed services.

Benefits of Managed Services

The managed service approach is favored by business for a variety of reasons. Managed services are typically priced at a fixed cost to the business. This predictability in IT service, versus unexpected costs related to break/fix, give business owners more control of the cost of operations. In many cases, MSPs are able to use remote monitoring and remediation to identify and resolve problems before they impact the business. Many problems can be solved without an onsite visit, dramatically reducing the resolution time. This combination of benefits provides business owners peace of mind.

Today’s businesses rely heavily on their IT infrastructure for communications, collaboration, access to critical applications, and data on premise and in the Cloud. Companies with compliance requirements have greater needs to secure their information with reliable IT infrastructure. Managed Services is a way to increase the availability and reliability of IT systems in a cost-effective manner. If you are considering Managed Services, contact your Technology advisor to see how you will benefit from proactive IT and Network Support.

What is Ransomware and How to Protect Against It

RansomwareRansomware is a type of malware designed to block access to your computer until a sum of money is paid. Ransomware issues have impacted many individuals with home computers; however, it is only a matter of time before this malicious software attacks business. Starting with Cryptolocker in 2013, Ransomware exploits have become increasing sophisticated and have cost individual companies thousands of dollars in ransom.

Here are some tips to take to help your business avoid being held captive by Ransomware.

Backup to the Cloud to Recover from a Ransomware Attack.

An inadequate backup strategy without real-time backups or offsite backup could hamper your ability to recover from a Ransomware attack. Being able to recover data from your Cloud Backup could get your systems up and running in a hurry, avoiding the need to pay ransom.

Keep Your IT Assets Up to Date and in Compliance

If your systems get behind in operating system and applications patches and updates, you may create a security hole that can be compromised by Ransomware. Many managed security and managed service offerings include proactive management and delivery of these important updates so your network will not be held hostage by ransomware.

Training Your Employees to Detect and Report Ransomware

Your employees are your front line of defense when it comes to your systems security. Make sure your employees know how to identify a phishing email and understand the risks of opening documents and attachments (including unfamiliar file extensions or .exe file formats) from unauthorized sources. Ensure your employees understand what Ransomware is and how it can impact your company’s productivity and drain financial resources. Make sure employees are clear on procedures to quickly report any security breach to avoid widespread distribution of a Ransomware attack.

To avoid unnecessary downtime and costs associated with Ransomware, it is important to proactively protect your computer systems. If you have any questions about steps to take to avoid Ransomware in your organization, contact your trusted technology advisor.

Does Your Business Need Network Monitoring?

According to a recent Trends in Information Security report by CompTIA, malware, hacking, privacy and data loss/leakage top the list of serious concerns over security threats. Companies large and small have been victims of these security threats. While large corporate security breaches makes the news, smaller companies may not have the vigilance to detect, and the resilience to survive a network security breach. Hackers have evolved and are now more sophisticated than ever. Network Monitoring can identify security exploits before it is too late.

 

Network Monitoring is Proactive

Just like getting your vital signs checked at the doctor’s office, network monitoring is a proactive way to detect a network security threat. Network Monitoring scans for viruses, malware, patch compliance and any unauthorized access to help determine network health and compliance. By using intrusion detection when a system has been breached, you are immediately notified. It’s important to proactively monitored your network and act swiftly.

Network Monitoring Saves You Time and Money

By remotely monitoring and managing your network and related IT assets, your IT Service Provider may be able to detect and remediate security issues without ever coming to your office. This will result in an overall reduction of IT costs. Routine IT tasks, including Patch Management will ensure that all Application and Operating System (O/S) patches are up to date thus protecting your business against vulnerabilities. In addition, keeping software up to date may give you productivity features and benefits.

Avoiding Downtime and Increasing Security

Secure remote support is an important element for delivering an IT Managed Service. In addition to remote support, many IT Service Providers offer remote network monitoring, managed backup and managed security in their IT Managed Service offerings. By adopting the Managed Service Model your IT Service Provider can proactively manage your IT needs in a secure and cost effective manner.

Don’t wait until you have a security breach to add proactive network monitoring to your line of security defense. If you have concerns about your network security contact your IT service provider today.