The Hidden Risks of Taking Shortcuts in IT Security

A recent study by the National Cancer Institute in Maryland analyzed data from three significant US health studies, revealing a surprising statistic: people who took daily multivitamins had a 4% higher mortality rate than those who didn’t. This unexpected finding brings to mind a scene from the movie Grumpy Old Men, where a character, despite his unhealthy lifestyle, outlives many who followed strict health regimens. The takeaway? Shortcuts to achieving meaningful goals often lead to unintended consequences.

In various areas of life, including diet, we see that easy solutions can result in serious problems. For example, labels like “fat-free” or “sugar-free” might encourage people to overindulge, negating any potential benefits. The Atkins diet, which promises easy weight loss by cutting out carbs, has been linked to numerous health issues due to an unbalanced diet. Similarly, weight-loss drugs like Ozempic have led to serious health complications, reminiscent of the dangers posed by quick fixes like Fen-Phen in the 1990s.

In the IT world, shortcuts are equally dangerous. Many businesses try to meet compliance requirements or protect themselves from data breaches by taking the easiest, cheapest routes. It’s common to see companies relying on free antivirus or firewall software found through a quick online search, underestimating the risks involved. Small businesses often think they’re too insignificant to be targeted by cybercriminals, but in reality, these businesses are prime targets precisely because they tend to have weaker defenses.

Another common mistake is entrusting IT management to someone with basic tech knowledge but lacking professional expertise. When businesses eventually upgrade to professional IT services, they often discover numerous inefficiencies and vulnerabilities that had previously gone unnoticed. The problem isn’t the intent but the lack of necessary skills and resources, which significantly increases risk.

However, not all shortcuts are bad. Handing over IT responsibilities to an experienced managed services provider can be the ideal “easy button.” By partnering with professionals who understand your industry and its specific requirements, you can achieve compliance, security, and operational efficiency without the associated stress.

Choosing the right IT provider is crucial. History has shown us that even experts can be convincingly wrong, as evidenced by past medical practices like lobotomies or financial scams like Madoff’s Ponzi scheme. That’s why it’s essential to thoroughly vet potential IT partners, ask the right questions, and seek testimonials from other clients.

When selecting an IT provider to manage your network, take the decision seriously. You don’t need to know every technical detail, but it’s your responsibility to ask questions, request client testimonials, and hire someone trustworthy. Your company’s security, reputation, and future could be at stake if the wrong person mishandles your business. To help with this, I’ve created a FREE guide that outlines 16 essential questions you need to ask before letting anyone touch your network. It’s a valuable resource for every business owner.

If you’re ready to entrust your IT to a reliable team of experts, we’re here to help. Our team is ready to manage your network, allowing you to focus on growing your business while we focus on what we do best: protecting it. Check out our website for real client reviews!

To get started, give us a call at 214-550-0550 or click here to book your FREE Cyber Security Risk Assessment today.

3 Things to consider before you sign-up with a cloud services provider

3 Things to consider before you sign-up with a cloud services provider

More and more SMBs are migrating to the cloud and that is not a surprise considering the numerous benefits the cloud can offer them. For a SMB, the cloud is a cost efficient and secure answer to their growing data needs and IT security requirements. The cloud grows with them and lets them scale their business without worrying about a corresponding rise in IT costs. Plus, with the cloud, the important aspects of security and backups are mostly taken care of by the cloud service provider. And then, there’s the convenience of any-time-anywhere data access. With all these benefits that the cloud brings, what’s there to think about before signing up with a cloud service provider? While are a lot of benefits of storing your data on the cloud, but your data is still yours, so there are a few things you need to know and be comfortable with before you jump onto the cloud.

Data storage location

Ask your cloud services provider where, (as in the location of the data center) your data will be stored. Ask them if they have multiple data centers and if yes, then, will they be backing up your data and storing them at different places. It is great if your cloud services provider does that, since that ensures higher safety of your data.

How secure will your data be?

Yes. When you hire a cloud services provider, a major chunk of your data’s security responsibility is passed onto them. You don’t have to really worry about your data security, but, you still need to know how they plan to keep your data safe. Ask your cloud services provider for details regarding their data security procedure. Have them share all policies, SOPs and data security frameworks that they claim to have in place.

Past performance/data loss history

Everyone talks about their best projects in a sales meeting. What you really need to know are the worst ones. Ask your cloud services provider to share with you their data loss/downtime trends for the past one year. Observe the trend. How often does their system give way and how long does it last? This is important for you to understand, because this metric translates into loss of business for you.

And finally, don’t forget to ask for a client list. Like we said before, everyone highlights the good things about themselves in a sales meeting. If you really want to know how good your cloud service provider is, ask them for a client list–both current and past. Check how many of them are from your industry vertical. Try reaching out to those who are willing to talk. Find out what they like the most about your cloud service provider and what aspects they find negative. Find out why their former customers left them. Usually customers are pretty good indicators of the quality of service a business provides. Hope these tips help you finding a cloud service provider who fits in well with your needs.

World Backup Day: Is it needed or not? Tech experts share their views

 

Tech experts react to annual World Backup Day.

Source: http://www.cbronline.com/news/cybersecurity/world-backup-day-needed-not-tech-experts-share-views/

World backup day

As we reach the annual World Backup Day of the year, it is important to focus on the importance of backing up to avoid losing important files that could have been saved with a simple back-up procedure.

I, for one totally know how this feels following my recent incident of dropping my phone down the toilet, to which the phone became instantly inactive losing over 2000 pictures, files, A LOT! All of which could have been saved if I had just backed up to cloud, but yes I’ve learnt the hard way.

So now here’s the question- shouldn’t back-up day be every day? Does a day dedicated to it really express its true importance and effects?

Well, CBR put together a list with what some experts in this field have to say to answer this mystery.

 

GDPR

In aid of raising awareness of the risks of losing data and what can be done to prevent it, Cloud computing company, Rackspace shares its views on the importance of UK businesses backing up their data.

Read more: How Organisations Should Be Preparing for the GDPR

Lillian Pang, Senior Director of Legal and Data Protection Officer, Rackspace said: “Every day data becomes more valuable to businesses, with more and more created at an ever-increasing speed. While the message to ‘back up’ data is beginning to resonate, this in turn means that businesses are up to their necks in large amounts of data that needs protecting. And this is just the data they know about, without even thinking of what is going on in shadow IT.

GDPR“Initiatives like World Backup Day serve as a timely reminder to businesses not only of the need to back up data, but also to protect and carefully manage this invaluable asset. Like all risk based strategies, businesses must know what really needs to be backed up in the first place. In other words, businesses must understand what the ‘mission critical data’ actually is.

 “The sheer scale of data in circulation means that a simple backup tool is no longer enough in minimising the risk of valuable file or database goes missing or becoming corrupted. In addition, the process of backing up data has become more complex than it used to be because companies are more conscious than ever of the compliance regulations they have to adhere to.

“ If processes aren’t in place to meet legislation like GDPR, it’s not just reputational damage that organisations need to worry about – high fines could also have a significant business impact. Businesses need to dedicate time and resource to implement and execute on the processes in place for identifying and responding quickly to system degradations or failures.”

 

Disaster Recovery

In response to the importance of regular backups, Cloud service provider, iland shares the idea that backing up data is an easy and hassle-less procedure that can be done daily or any day of the week. Still yet, many organisations and individuals ignore the process for different reasons.

Brian Ussher, President and Co-Founder, iland said: “On World Backup Day, it’s a good time to recognise how far the market has come in protecting mission-critical business data. The scalability, flexibility and on-demand nature of the cloud means that backup and DR strategies that were previously only available to large enterprise customers are now also within the reach of small and medium sized businesses.

“Indeed, many of our customers have evolved from onsite backup to cloud backup to a full cloud-based disaster recovery strategy.  While risks ranging from the dramatic; hurricanes, storms and ransomware attacks to the mundane; power outages, unauthorised changes and human error are only increasing, companies of all sizes can be confident that the technology and expert assistance is available to help them achieve IT resiliency and business continuity.”

What do Veeam and Hitachi Data Systems have to say?

Data Centre Action

Again, in response to World Back up Day itself, many look at the risks of making organisations back up on the same day. Not only could it cause a crash in backup locations, but who can be so sure that the process of large amounts of data transfer at once will not cause users files to end up in different locations.

This is why files should consistently be stored in secure locations.

Jon Leppard, Director, Future Facilities said: “A comprehensive backup policy should involve keeping copies of data on a local server or hard drive, but most importantly it should also be stored in an external location –usually a datacentre. But even datacentres have capacity limits on the volume of data they can store at any one time. If everyone were to back up at the same time there would be considerable pressure on network bandwidth and global data centre capacity.

“Data centre operators must ensure they have a backup strategy in place, in terms of predicting the impact of a sudden spike in demand. After all, backup must be failsafe, or it is of little value. With that in mind, maybe encouraging everyone to backup on one day of the year is not the right approach.”

 

Availability Gap

As we have a specific day set aside to encourage backing up, it should be just as important to demand continuous availability, especially as businesses are now required to adjust to become the Always-On enterprise to allow 24/7 availability.

For this reason, it is advised that World Availability Day should be imposed the day before World Backup day and should also be given more awareness, according to Veeam.

Richard Agnew, VP NW EMEA, Veeam said:  “In today’s connected world, businesses need to ensure availability to avoid a breakdown in operations.

“The recent AWS outage (which took down many large websites for several hours) paints a clear picture that businesses cannot afford to have unavailable data. Not only does brand reputation take a toll, businesses are also left out of pocket. Organisations have become more aware of the dreaded ‘availability gap’ emerging – which includes data loss, extended recovery times, unreliable data protection, and a lack of knowledge of the IT environment leading to unplanned issues and downtime.

“Organisations have implemented innovative solutions and planning which needs to be complemented with processes that can ensure availability at all times. With AI, machine learning and the Internet of Things driving IT modernisation, it’s imperative that data and functionality is protected at all times, and that’s why having a secure website is important, but you can achieve this with the right hosting, and if you don’t know how to host a websites there are guides such as the Introduction to Web Hosting site you can find online and is perfect for this purpose.

“The boardroom discussions need to evolve from the backup and recovery strategy to availability. It’s high time for businesses to take action and introduce an IT strategy that ensures their business is Always-On 24/7.”

 

Data Storage

For businesses especially, secure enterprise data storage should be of key importance especially considering the upcoming GDPR effects which are due to take place.

Steve Lewis, CTO UK&I, Hitachi Data Systems said: “With just a year to go before organisations operating in the EU must become GDPR-compliant, it’s now more important than ever for companies to focus on safely and securely storing organisational and customer data.

“The amount of data captured by businesses every day can be a huge asset, unlocking valuable insights and creating competitive advantage. However, this same information can also cause serious headaches for those tasked with securely storing and managing it – and GDPR is putting a time limit on the need to get this right.

“As a result, it’s no surprise that many organisations are looking to new solutions to help them navigate the regulatory landscape – with Data Protection Officers increasingly being hired to guide organisations and provide a bridge between the IT department and the boardroom, and companies looking for technology solutions to help them better manage and govern the data they hold.”

Amazon Cloud Failure

Usually people don’t notice the “cloud” — unless, that is, it turns into a massive storm. Which was the case Tuesday when Amazon’s huge cloud-computing service suffered a major outage.

Amazon Web Services, by far the world’s largest provider of internet-based computing services, suffered an unspecified breakdown in its eastern U.S. region starting about midday Tuesday. The result: unprecedented and widespread performance problems for thousands of websites and apps.

While few services went down completely, thousands, if not tens of thousands, of companies had trouble with features ranging from file sharing to webfeeds to loading any type of data from Amazon’s “simple storage service,” known as S3. Amazon services began returning around 4 p.m. EST, and an hour later the company noted on its service site that S3 was fully recovered and “operating normally.”

THE CONCENTRATED CLOUD

The breakdown shows the risks of depending heavily on a few big companies for cloud computing. Amazon’s service is significantly larger by revenue than any of its nearest rivals — Microsoft’s Azure, Google’s Cloud Platform and IBM, according to Forrester Research.

With so few large providers, any outage can have a disproportionate effect. But some analysts argue that the Amazon outage doesn’t prove there’s a problem with cloud computing — it just highlights how reliable the cloud normally is.

The outage, said Forrester analyst Dave Bartoletti, shouldn’t cause companies to assume “the cloud is dangerous.”

Amazon’s problems began when one S3 region based in Virginia began to experience what the company called “increased error rates.” In a statement, Amazon said as of 4 p.m. EST it was still experiencing errors that were “impacting various AWS services.”

“We are working hard at repairing S3, believe we understand root cause, and are working on implementing what we believe will remediate the issue,” the company said.

WHY S3 MATTERS

Amazon S3 stores files and data for companies on remote servers. Amazon started offering it in 2006, and it’s used for everything from building websites and apps to storing images, customer data and commercial transactions.

“Anything you can think about storing in the most cost-effective way possible,” is how Rich Mogull, CEO of data security firm Securosis, puts it.

Since Amazon hasn’t said exactly what is happening yet, it’s hard to know just how serious the outage is. “We do know it’s bad,” Mogull said. “We just don’t know how bad.”

At S3 customers, the problem affected both “front-end” operations — meaning the websites and apps that users see — and back-end data processing that takes place out of sight. Some smaller online services, such as Trello, Scribd and IFTTT, appeared to be down for a while, although all have since recovered.

The corporate message service Slack, by contrast, stayed up, although it reported ” degraded service ” for some features. Users reported that file sharing in particular appeared to freeze up.

The Associated Press’ own photos, webfeeds and other online services were also affected.

TECHNICAL KNOCKOUTAGE

Major cloud-computing outages don’t occur very often — perhaps every year or two — but they do happen. In 2015, Amazon’s DynamoDB service, a cloud-based database, had problems that affected companies like Netflix and Medium. But usually providers have workarounds that can get things working again quickly.

“What’s really surprising to me is that there’s no fallback — usually there is some sort of backup plan to move data over, and it will be made available within a few minutes,” said Patrick Moorhead, an analyst at Moor Insights & Strategy.

AFTEREFFECTS

Forrester’s Bartoletti said the problems on Tuesday could lead to some Amazon customers storing their data on Amazon’s servers in more than one location, or even shifting to other providers.

“A lot more large companies could look at their application architecture and ask ‘how could we have insulated ourselves a little bit more,'” he said. But he added, “I don’t think it fundamentally changes how incredibly reliable the S3 service has been.”

Source: By Mae Anderson, AP technology reporter NEW YORK — Feb 28, 2017, 7:50 PM ET

Mirrored Storage | Secure CLOUD Solutions for Business | mirroredstorage.com
Mirrored Storage provides cloud backup, cloud storage and a full range of Information Technology services to businesses in Dallas, Fort Worth and surrounding area.
By John Neibel | mirroredstorage.com

Cyber Security Breaches at SMB’s in 2017

I read a very interesting article about 2017 predictions for SMB’s closing due to Cyber Attacks.  Businesses surveyed concerns have risen concerning their technology, email and even documents which can be in Word format or PDF which you can format with an sodapdf software .

It’s not just big firms like Target or Home Depot that need to worry about cyber security. Forty-three percent (43%) of all cyberattacks target SMBs.(1) Not surprisingly, our data shows they are increasingly concerned about the safety of their company’s technology and files. Most SMBs don’t have in-house experts to deal with breach issues, and the average recovery cost is $36,000. Sadly, 60% end up having to close their doors within six months of the breach (2). In 2017, this could add up to 550,000 business failures.

Sources: (1) Symantec Internet Security Threat Report 2016; (2) National Cyber Security Alliance 2016; Bank of America SBO Report 2015; The Business Journals SMB Insights; E = predicted estimate/preliminary data from SMB Insights 2017

The ONLY TRUE WAY to protect your business is with services like Data Protection solutions like we provide to our clients.  We can also help with protecting your network and many other aspects with our Proven Technology Services specifically out Network Services.

Mirrored Storage | Secure CLOUD Solutions for Business | mirroredstorage.com
Mirrored Storage provides cloud backup, cloud storage and a full range of Information Technology services to businesses in Dallas, Fort Worth and surrounding area.
By John Neibel | mirroredstorage.com

Security features to look for while choosing a Cloud Storage Solution for Enterprise

The biggest advantage of cloud storage is that it not only allows users to access files anytime, anywhere but readily sync them to enable sharing and coauthoring of the documents with ease. This advantage, however, makes it susceptible to security threats and attacks. Statistics reveal, most organizations find cloud storage to be the riskiest. This acts as a barrier to the adoption of cloud technology.

How does one ensure, if a cloud storage provider is reliable and can manage data of his enterprise with safety? Well, there appears no one-size-fits-all cloud storage solution. Every enterprise has different requirements, and such requirements should reflect while opting for cloud provider of choice. Security nevertheless should remain a top criterion for consideration. The following guidelines may help you to a large extent.

Cloud Storage security

Security features for an Enterprise Cloud Storage Solution

We will follow somewhat a different approach here. Apart from features that make the use of service easy and secure, we should look out for the one that has the following red flags—and avoid them completely. Here’s a list!

Exit Strategy for Cloud Storage

When you are dissatisfied with a service, you may want to exit. However, exiting a Cloud services contract and switching to another provider can make the process expensive since. So make sure, your service provider is service compliant and includes exit mechanism as a part of a general risk strategy.

Reputation

Before signing any contract with a cloud service provider, have the following information about it at hand:

1.    Recent downtime
2.    Experience
3.    Price

If a no-name company is offering a great price, make sure to investigate testimonials because it raises a red flag.

Service agreements

The cloud service provider whose service you intend to use should make clear commitments about the kind of security infrastructure it has, where your data will reside or stored and the underlying technology to handle/manage it in a secure environment. All this information and other relevant information should be mentioned explicitly in the service agreement as this is a mark of transparency. Also, find a service with a strong privacy statement, one that doesn’t give permission for that service to browse your files.

Non-HTTPS site

HTTPS is an application-level protocol for secure communication over a computer network which is widely used on the Internet.  Sites not encrypted with HTTPS allow for easy interception of login credentials. If your login credentials are easily discoverable, hackers can have access to them. So, be sure to check if the cloud service provider uses ‘HTTPS’ protocol.

Compliance standards

Industry certifications and compliance standards deliver an assessment of a service provider based on industry knowledge. Obtaining industry certifications generally demonstrate a provider’s capabilities and often serve as a proof of reliable security. So, when you are looking for a cloud service provider, ensure certifications such as ISO and standards like HIPAA, FERPA, FISMA, SSAE 16, PMI are met.

All these parameters can serve as an objective way of comparing each cloud service provider and therefore help you in making an informed decision, says Microsoft.

As an individual, these free Cloud Storage Providers are sure to interest you.

Source: http://www.thewindowsclub.com/security-features-cloud-storage-solution

Our Two Cents:  This is a good start of the questions you should ask for your critical business data.  Check out our cloud storage offing and contact us for more information.

Mirrored Storage | Secure CLOUD Solutions for Business | mirroredstorage.com
Mirrored Storage provides cloud backup, cloud storage and a full range of Information Technology services to businesses in Dallas, Fort Worth and surrounding area.
By John Neibel | mirroredstorage.com