Tag Archives: cybersecurity

The Coronavirus Impact: Have You Reviewed Your BDR Plan?

Data Backup, , , ,
security, cybersecurity, crisis, response, bdr plan

Is your business prepared for the cybersecurity consequences of remote work?

As the coronavirus pandemic worsens, the fears of many people across the world are increasing. Unfortunately, hacking and the presence of scams are also increasing. Coronavirus scams continue to appear with increasing frequency. Cybercriminals are not just trying to attack individuals, but they are also targeting businesses in the following industries:  Healthcare, aerospace, hospitality, and Insurance

Hackers want to manipulate the many fears that individuals and business owners have about COVID-19. Everyone is doing their best to not become infected with the deadly virus, but hackers are hoping to infect your personal and business devices with a virus. Many users have already been tricked into revealing some of their most personal information, and it could be through a phishing scam or a recently created domain.

Coronavirus-related scams have unfortunately become a money making enterprise for criminals. People are constantly searching online for more information about the virus, and these are the ones who are the main targets of the scams. It is so important for everyone to be aware of the hacking and scam attacks in order to become a victim.

Why are hackers using COVID-19 to target people?

Unfortunately, hackers thrive on using frightening current events to prey on people with the hope that they will go against their better judgment. Sometimes people’s ability to recognize a threat will dwindle because their fear and confusion will get the best of them. Unfortunately, these types of attempts happen often, especially when there are concerns about the economy or when a natural disaster occurs.

How are businesses impacted?

When you look at everything through a cybercriminal’s eyes, there are hacking and phishing opportunities everywhere. Hackers are always changing their methods and adjusting their criminal activities to take advantage of the fears and concerns of people every time there is an outbreak, disaster, or economic concern.

There are many opportunities surrounding them, and this gives them new ways to manipulate people. Attackers do not care what measures they have to take in order to take advantage of the real concerns that people have. Cybercriminals will do anything for a financial gain, including exploiting the fears that people have about contracting a deadly virus.

Every business and organization is now a target. Businesses that have not taken any security measures to protect their business, employees, customers, etc. can find themselves in a position that it may be hard to get out of.

What does this mean for workplace security?

Unfortunately, many businesses were not prepared to have the majority of their workforce working from a location outside of the workplace. The businesses that were not prepared to transition to a remote workforce have been presented with a variety of challenges. A remote workforce can lead to a variety of security concerns and risks.

As a result, many cybercriminals will look to take advantage of the businesses that are allowing employees to work from home. Unfortunately, those who use wireless networks that are open to others may bring more risks. Public network connections will open the door for the theft of confidential information and several network security issues.

What can your business do to lower its chances of being attacked?

If you currently have a Backup and Disaster Recovery(BDR) plan in place, we encourage you to take some time to review your plan. Do you think your plan is effective and efficient enough to provide protection when you need it? Will you be protected against malware and other threats? It is important that you have an accurate snapshot of the health of your systems and that you review your activity and event logs. If you have a significant number of your workforce working from home, we encourage you to ensure your remote-access technologies are safe and effective.

As the coronavirus continues to spread and impact more people, more people will search the web for more information. Unfortunately, hackers will see this as an opportunity to take advantage of your attempt to protect yourself and your family. For more information on how to protect your personal information, your devices, etc., contact us today.

How Often Should You Take Backups?

Data Backup, , , ,
Backup files and data on internet with cloud storage technology that sync all online devices and computers with network connection, protection against loss, business person touch screen icon

We all get busy and backups is one of the last things on your mind, however its critical when disaster strikes

Backup recovery is something that every business should invest in. Not just because it’s a smart thing to do on every technical guide, but because disasters happen. Big disasters like floods and fire and ransomware along with little disasters like accidentally deleting a Client’s CRM entry. Even run of the mill software updates can corrupt all the data that your software supports. Backup recovery data makes sure that no matter what happens, you can roll back the clock a day, a week, or a month to the last time your data was complete.

But the functional question isn’t whether you should have backups, you should. The question is how often you should take those backups. What happens if your data is lost, and it’s been over a month of active project work and client data since your last backup? That’s an entire month of detailed work gone. On the other hand, you also don’t want to take backups of static assets so often that you fill your storage with identical archives.

So today, we’ve put together a quick rule-of-thumb guide on how often you should back up each type of your data.

Active Data – Continuous Version Control

The data you update every day should probably be backed up continuously. This is a special kind of backup known as version control, which not only takes ‘saves’ of your work but also tracks exactly when changes were made and who made them. Version control ensures that you can quickly and easily roll back any changes that don’t work, remove only the changes made by a specific person, restore versions that were completed minutes or hours ago if an ongoing project or client file is somehow damaged.

Continuous backups through version control give you the most fine-tuned ability to both edit things based on changes and to restore recent version after changes were made that did not ultimately pan out.

Ongoing Project Data – Twice a Day

Data that is updated as a result of an ongoing project may be more practical to uptdate once or twice a day. A database into which entries are added in chunks, for example, or an archive of paperwork for which only a few pages are added per day might be the type of data that you want backed up constantly, but not necessarily minute by minute.

Backups made once or twice a day ensure that your active files can always be restored to a very recent version, even if they are not the type of file that requires version control levels of detailed editing and constant tiny roll-backs.

Workstations and Hardware – Once a Week

Your workstations and hardware are often the hosts to a great deal of useful data, including the software and configurations that are loaded onto them. When you have a full backup of a device, you can reload it from a factory wipe or clone it onto a whole new device in a much shorter time than it would take to rebuild all the configurations, apps, and stored data files by hand. However, workstations and devices don’t change often or drastically enough to need to be backed up every single day.

Weekly is probably the most practical timeline for backing up devices, particularly if your team tends to store files locally and update their settings to streamline their work. A device backed up weekly can be quickly restored to it’s favored functioning state directly after a malware attack, update crash, or other general malfunctions that might require a restoration process.

Infrastructure and Settings – Once a Month

Finally, there are the big infrastructure backups. Your network and its configurations, for example, were not perfect for your business right out of the box. Your tech infrastructure and static company files were carefully built piece by piece and setting by setting until everything worked exactly the way it needs to for your business. It contains your tech stack, your network configurations, and all your security measures.

Backing your tech infrastructure and settings up monthly can ensure that even if you suffer a system-wide outage, physical disaster, or ransomware attack, you can bring the whole system back online. Even if you need all-new hardware to do it.

For more insights into smart IT management and data security, contact us today!

How to Keep Your VoIP Highly Secure

VOIP, , , ,
close up man hand point to press button number on telephone office desk with virtual interface effect of VOIP security concept

Cyber Security doesn’t stop at your data network, does your managed service provider review your VoIP System?

VoIP is the standard for office phone systems today. It offers economy, versatility, and valuable features. It’s the only reasonable choice for a new exchange. When it’s done right, it provides a very secure communication system, much safer than email. Calls within the network, as well as many outside calls, have end-to-end security.

Like any other function on the network, it takes some attention to make sure it really is secure. There are people who try to get into every network, and phone systems are as much of a target as any other point of entry. Nothing can eliminate all risk, but a careful approach to selection, installation, and management keeps it down to a very low level.

Reasons for caring about VoIP security

Any part of a network can be a jumping-off point for attacks on the rest of it. Every device needs to be kept as safe as reasonably possible. VoIP phones, like workstations, smartphones, and servers, need to be part of the network security plan.

If the exchange isn’t well secured, people can get in and use it for free. They increase the costs as well as the load on the network. Unauthorized calls can reduce the quality of service for legitimate ones.

Spies could listen in on calls, gathering business secrets or personal information. Once they’ve collected enough information, they can impersonate key employees and engage in plausible-sounding scams.

A weakly secured system is more vulnerable to a denial-of-service (DoS) attack, making it impossible to place calls. Such an attack, sustained for hours, can seriously disrupt business.

A security plan that takes VoIP into account greatly reduces these risks and ensures reliable phone service. Users can make calls with greater confidence.

Setting up the service

The first steps’ come with the selection and ordering of the service. The hosting provider needs to handle its own security well. If you set up an on-premises PBX, you take on responsibility for it and need to make sure it’s well managed. Most businesses, especially small to medium-sized ones, find that hosting is the sensible choice.

Make sure that the service which you choose offers secure protocols in the service package you select. Secure SIP does for voice connections what HTTPS does for Web access. It uses TLS security to prevent unauthorized access and ensure that the connecting parties are who they claim to be. Secure RTP, or SRTP, encrypts the content of communications, making it nearly impossible to spy on. As a bonus, it makes DoS attacks more difficult.

Setting up the network

Adding VoIP to a network requires some configuration changes. This is the time to minimize the vulnerability of voice connections on the network.

The voice network ought to be segregated from the data network. One approach is to have two separate networks, each with its own router and devices. That can require significant rewiring, though. Having voice and data on separate subnets accomplishes almost the same thing and is easier to set up. Either way, the separation improves quality of service as well as security.

Voice and data devices should have separate IP address ranges, so they don’t get mixed up with each other. If a DHCP server assigns the addresses, voice and data should each have their own DHCP allocations.

Many businesses have multiple locations, and employees would like access to the phone exchange from home or in the field. Setting up a virtual private network (VPN) or wide-area network (WAN) keeps all intra-office calls inside the network. They give an extra layer of safety, encrypting all traffic.

Securing the administrative functions is vital. Keep the number of people who have access small, and use multi-factor authentication. Allowing administrative access only from specified IP addresses further improves safety.

Securing the users

The individual devices and user accounts need ongoing attention. When configuring phones and softphone applications, each one needs to have a strong and distinct SIP password.

People like being able to access the voice network from their personal phones. Setting them up with compatible applications and VPN access makes this possible. However, a well-managed BYOD policy is necessary to keep matters under control. If someone installs a softphone app on an infected phone, that could give spies access to the voice network and more. A good policy for user-owned devices sets standards for acceptable device types, and it lets the administrator cut off any misbehaving devices.

When using their personal phones in the office, people will often prefer to go through Wi-Fi rather than the cell network and VPN. Access is more direct and faster. All Wi-Fi access points in the office should already use WPA2 encryption, and voice access is one more reason to make sure they do.

Ongoing maintenance

Security isn’t something administrators can set up and forget about. It requires regular maintenance. Vulnerabilities will turn up from time to time in both phone firmware and voice applications. Where there are known vulnerabilities, attacks soon follow. Keeping the phones and software patched with the latest security releases will keep anyone from exploiting those weaknesses.

Network monitoring and periodic security scans will alert administrators to any problems. The sooner a problem is caught, the less damage it will do. The system should maintain logs of activity to aid in diagnosing any issues. The logs need to be kept safe, since they could provide attackers with clues about weaknesses in the network.

VoIP needs the same attention to security as any other network function. When everything works right, it’s safer than a PSTN connection, since conversations never travel through analog lines. Intra-office calls are secure from end to end, and conversations with other VoIP systems often have the same level of protection. With a reasonable level of care, employees can discuss confidential matters safely.

SystemsNet hosts, maintains, and upgrades your VoIP for you, so you don’t have to worry about configuration errors or security patches. You can use your PBX in confidence. Contact us to learn how to get started.

The Importance of Multi-Factor Authentication

Security, , , ,
Digital fingerprint login multi-factor authentication

Doing nothing is no longer an option as cyber criminals are no longer targeting just large corporations.

Doing nothing is no longer an option: maintaining security for your business’s data–and your customers–has become more critical than ever. If you aren’t actively protecting your business, you can experience downtime (which can mean an expensive loss of income, not to mention the loss of employee labor during your downtime) or lose data. Turning to multi-factor authentication can offer a number of key benefits for your overall network security.

Benefit #1: Weak or stolen credentials play a role in a high percentage of cyber attacks.

Weak credentials, like poor passwords, can make it easy for hackers to break into your company’s system. Worse, when a hacker steals a worker’s credentials, they can often access your company’s data almost entirely unnoticed. A high percentage of cyber attacks begin with weak or stolen credentials that then allow the hacker full access to the system. The higher up the person the stolen credentials come from, in many cases, the more access is provided to the hacker due to those stolen credentials.

Multi-factor authentication makes it harder for hackers to log into your system.

Instead of relying on those weak credentials, multi-factor authentication uses something unique to the user–a phone number, for example–to add an extra layer of protection when they attempt to log in. While it’s not impossible for hackers to work around this barrier, it does slow them down substantially.

Benefit #2: Multi-factor authentication is easy to implement.

You  may already use multi-factor authentication in many areas of your life, often without realizing it. When you forget your email password, for example, the system may trigger a text alert that lets you access your account. It’s a quick, easy method to add an extra layer of security–and it’s one that even your most technologically-challenged team members will be able to easily add to their arsenal.

Benefit #3: Password theft is getting easier.

Tricks like keylogging and phishing are becoming increasingly common, and more hackers than ever have the keys to unlocking your password. Through multi-factor authentication, on the other hand, you make your private data much more difficult to steal–which can in turn create a substantial layer of protection around your entire company. You don’t want to leave your customers or your data at risk–and multi-factor authentication can offer the protection you need.

Benefit #4: Multi-factor authentication helps show the effort your company is putting toward cybersecurity.

Today’s customers are savvier than ever. They understand the threat represented by hackers and other cybersecurity challenges, and they want to know that your company is taking the right steps to protect their private information. When you require multi-factor authentication, you let your customers know that you genuinely care about their security and are willing to take the right steps to protect them.

Benefit #5: Multi-factor authentication can actually streamline workflow.

One of the biggest objections to multi-factor authentication is that it can make it harder to log into the systems you use every day. The reality, however, is that multi-factor authentication is fast. Most of today’s systems deliver a text within seconds, allowing you to quickly log into the system and access the information you need–but they also provide a substantial layer of protection that makes it much more difficult for a hacker to access company data. Advances in technology continue to streamline the process, making it easier on your employees and customers without decreasing the protection added by those elements.

You can no longer afford to do nothing when it comes to securing your company. If you’re ready to take the leap and protect your business and your customers with multi-factor authentication, contact us today to learn more about how we can help.