By the DynaSis Team

[featured_image]

For close to a decade, providers and the media have touted cloud servers, also known as Infrastructure as a Service (IaaS), which can also provide IT support, as a way for business owners to end the expensive, disruptive cycle of break and fix. Small and midsized business (SMB) owners in particular often struggle with outdated IT equipment until replacement becomes inevitable—and often inconvenient.

With IaaS, SMBs lease space at another provider’s data center, which hosts, manages and maintains—in a secure cloud environment—the data and applications previously kept on company servers. As many advocates have noted, this approach not only ensures much greater reliability and availability but also lets organizations treat the cost as an operating expense for tax purposes.

While this value is still very real, in the past few years, other tangible benefits of IaaS have made the solution even more relevant for SMBs. We’ll outline a few of them here.

• Dynamic load balancing: In a data center, a group of servers can be intelligently and automatically managed so that when one experiences a sudden load (usage) surge, others can assume part of the burden to keep data flowing at the highest speed possible. By balancing loads in this manner, server response can remain optimized, in turn supporting maximum productivity. Such an approach is impossible with a single in-house server, and it requires complex management with even a few.
• Faster, secure order processing: For SMBs that sell products online, or exchange secure information for any reason, the demands of encryption can bog down their servers. The most secure, advanced versions of SSL (secure sockets layer; a common Internet security protocol) generate massive amounts of data, all of which must be processed through the server handling the exchange. With IaaS on shared servers, this load can also be managed more efficiently, keeping data flowing quickly and securely.
• Scalability and flexibility:Better IaaS providers have advanced, powerful storage, servers and networking technologies, enabling them to scale an organization’s server allocations up or down at a moment’s notice—or even on demand, depending on the service agreement. For firms that work on large projects with massive amounts of data—especially those that occur only periodically—this capability is a significant benefit that also helps control costs.
• High availability with support for business continuity and disaster recovery (BC/DR):One of the greatest benefits of IaaS is its support for BC/DR. Information hosted at an offsite data center is inherently safe from a physical disaster at the organization’s location. And, since data exchange with IaaS uses a remote delivery model, data and applications can be accessed by employees from any device. This approach ensures continuity for files, email messages and services, web servers and critical applications with no loss or disruption of data.

These features, along with network protection from cybercrime, only scratch the surface of the benefits of IaaS and managed IT services. We will talk about more at a future data. One thing to remember, between now and then, is that IaaS also spurs business innovation and growth. It is a proven fact that when business leaders and IT professionals aren’t being sidetracked by day-to-day technology problems, they have more time to focus on ingenuity and inspiration. The end result can be an amazing boost in corporate achievement.

For small to midsized business owners and executives who are concerned about managed IT support services and network threat protection, DynaSis is one company that has been at the forefront since 1992. In this ever evolving world of cybercrime, crypto virus and network access protection have become critical to every company’s security. DynaSis also provides 24 x 7 x 365 outsourced IT services, with its own trained staff for helpdesk, real-time monitoring and the DynaSis Business Cloud, for highly secure data storage and backup. You can find out more by calling us at 678.218.1769, or checking out our website at www.DynaSis.com.

By the DynaSis Team

In past articles, we have discussed the value of written policies to direct and define expectations for corporate security. We have talked about the importance of having strong employee security policies that not only educate but also clarify what behaviors are unacceptable—and potentially actionable.

As we head into a year predicted to be more dangerous than ever before in terms of cyber-risk, we offer you a list, developed with the input of DynaSis’ in-house security experts, of the principal elements a data security policy should include. When complete, such a resource will help to manage the activities and behaviors of personnel and provide support for the organization’s risk management strategy.

Nine Essential Elements of a Best Practices Data Security Policy

Data Privacy: What sensitive/confidential data the organization retains (including a plan for classifying data, if uncertainty exists) along with a program for securing, retaining and disposing of it. If the firm is subject to regulatory mandates, such as HIPAA (Health Insurance Portability and Accountability Act of 1996), how the firm will comply.

Password Management: Rules that define the content of passwords; how often they must be changed; how they are administered.

Internet Usage: What personal Internet usage is allowed at the workplace, if any, with a list of restricted site types. Information to help employees identify and avoid risky/infected sites. Also should include restrictions on Internet usage outside the corporate network (e.g. unsecured Wi-Fi sites) as well as prohibitions on establishing unauthorized Internet access points within the network.

Email Usage: How and where personnel can retrieve and send email, including prohibited behaviors such as transmitting corporate email over unsecured networks or allowing non-employees to send messages through a corporate account.

Company-owned devices: How and where company-owned devices may be operated; restrictions, if any, on the types of data stored on them; procedures in the event of damage, theft or loss.

Employee-owned mobile devices: Whether or not company data (including email) may be accessed or stored on personal devices. If personal devices are used for work and are company controlled, restrictions similar to those for company-owned devices may apply.

Social Media: Whether or not, and how, employees may use social media at the workplace or on company-controlled devices. Prohibitions, if any, on sharing information about the company, its personnel and its operations over social media.

Software Copyright & Licensing: Prohibitions against installing and using unapproved or unlicensed software on company servers. May also include how the company maintains its software licenses and how often it updates that software.

Security Incident Reporting: Policies and procedures for reporting security incidents. Incidents include not only activities (e.g. loss or theft of a mobile device) but also potential attempted intrusions, such as receipt of a suspicious email message. Personnel should be encouraged to report any activity or communication they are not certain is safe.

This list is extensive, but it is not exhaustive. Depending on the organization, industry and business model, additional information might be appropriate for inclusion. We have also excluded complex technology-layer policies, such as encryption policies and incident response procedures. Those are a discussion for a different day.

DynaSis has been Atlanta’s premier IT support services provider for more than 23 years. As an IT company working with small to midsized businesses (10 to 150+ users), DynaSis has developed a unique 12-layer approach to network threat protection, ransomware prevention and crypto virus threat elimination. The DynaSis Business Cloud functions through a highly secure environment with full real-time data backup. Please contact us at 678.218.1769 or visit our website at www.DynaSis.com.

By the DynaSis Team

As if it wasn’t bad enough that cybercriminals are targeting small and midsized businesses (SMBs) for their internal corporate data, attackers have discovered another reason to “love” SMBs. Smaller companies often have far less sophisticated security defenses against cybercrime than larger enterprises. For an attacker seeking to steal and sell millions of personal data records, according to top Internet security companies, the easiest way to breach a large retailer is often by sneaking past the defenses of one of its smaller vendors.

That’s exactly what happened with the mammoth Target data breach, where the personally identifiable information (PII) of 70 million shoppers were stolen along with 40 million credit card numbers. The world has heard how serious it was, and those of us who followed the story may have learned how much the breach has cost Target, so far, in settlements alone. (If you haven’t heard, the combined settlement amounts as of December 2015 were approximately $116 million.)

What you may not know is that Target was hit, not directly through a security hole in its own defenses, but through a third-party vendor whose network credentials were stolen by the attackers. Specifically, attackers targeted Fazio Mechanical Services, Inc., a refrigeration and HVAC systems subcontractor of Target and other retailers.

An article in CIO.com broke down the attack, which the author believes required 11 specific steps, the first of which was to infect Fazio with Citadel malware using an email phishing campaign. From there, the attackers used the stolen credentials to gain access to Target-hosted web services dedicated to vendors, and the penetration was well on its way.

After news of its role broke, Fazio President and Owner Ross E. Fazio announced in a statement, “Our IT system and security measures are in full compliance with industry practices.” Apparently, being in full compliance wasn’t enough, but Fazio’s security wasn’t the only problem. As security experts point out, Target should have used more stringent network access protection with its vendors. Nevertheless, Fazio will forever be connected with one of the world’s largest (at the time) data breaches.

The litigation landscape surrounding data breaches and financial liability is still evolving, especially for peripheral firms like Fazio that are implicated in an incident. What is clear to us is that no company wants its name associated with such an event, with or without financial liability. Furthermore, if a firm has an association with a bigger fish, it could also become the “bycatch” of a breach if attackers decide that the smaller firm’s data is worth stealing, too.

In our opinion, this episode adds to the already overwhelming evidence that even the smallest SMB can no longer afford to take security lightly when it comes to defending against hackers.

About DynaSis

DynaSis has been providing managed IT support services to Metro Atlanta’s small to midsized businesses since 1992. We provide Availability – making sure your network is up and running; Mobility – allowing your employees world-wide access to your network; and Security – as an internet security company, we resolve “issues” before they grow into problems. If you want to learn more, please visit www.DynaSis.com, or call us at 678.218.1769.

By the DynaSis Team

[featured_image]

You may have seen the term “shadow IT” in the news and wondered what it means. Maybe you assume it refers to underground technology groups—shady characters doing bad deeds in dark corners. In reality, shadow IT is much closer to home.

The term refers to unsanctioned technology-based activities that take place within organizations, undetected. It first arose to describe unauthorized solution building, such as tweaking a server to run faster, or setting up an unapproved Wi-Fi access point. However, unapproved (and often prohibited) IT activities have become so commonplace that the term can now encompass a variety of behaviors:

• Using unauthorized cloud services or applications to access, create and/or store corporate data
• Accessing the network on prohibited (e.g. open, unsecured) networks
• Allowing unsanctioned individuals to use corporate devices
• “Jailbreaking” corporate phones—making modifications not supported by the manufacturer—to make them run faster; to run unapproved applications; to support customized themes and icons.

Modifying a server requires a fairly high level of technical expertise, so it is not one of the more common shadow IT activities. Consequently, even though tweaking a server, network or other system is unacceptable—and can be dangerous if the effort compromises corporate defenses—this type of activity is not the greatest threat for the average SMB.

Surveys show that employees at all levels—even the executive who metes out punishment when others engage in prohibited behaviors—will “hop” on an unsecured network in a pinch or loan a phone to a friend (or even a stranger) for “just one call.” And, with technology “tips” websites and magazines running articles with titles like “Five excellent reasons to jailbreak your iPhone,” it’s no wonder tech savvy personnel are tempted to explore this customization trick.

The stark truth is that it only takes one minute, one call, or one infected download to wreak havoc on the corporate network, its assets and potentially its reputation and profitability. SMBs must implement strong defenses that ensure personnel cannot engage in risky IT behaviors undetected. They also must rigorously train staff about the dangers—and consequences—of such actions.

These solutions are part of the multi-layered security strategy that DynaSis and other leading security experts promote. We’ll tell you more about it in an upcoming blog. For now, stay safe and remind your employees of their obligation to make responsible decisions where technology is concerned.

About DynaSis

DynaSis is an Atlanta IT services and cloud computing provider for small and midsized businesses. All of our solutions focus on helping companies achieve the three fundamental IT necessities of the modern business—availability, security and mobility. We specialize in on-demand and on-premises managed IT services, managed cloud infrastructure, desktops and backups, and professional hardware and equipment installation. For more information about DynaSis’ IT support and services, visit www.dynasis.com.

By the DynaSis Team

[featured_image]

As cybercrime has evolved from home-grown hacker groups to sophisticated, distributed criminal organizations, perpetrators have become more wily—and more persistent—in their attack methods. Further exacerbating the dangers for small and midsized businesses (SMBs), the tools for sophisticated attack have now become widely available and inexpensive. Even small-time criminals can now wreak big-league damage, and they often target SMBs, specifically.

We have seen a lot of news stories talk about social engineering—tricking humans into compromising corporate defenses and opening security holes through which attackers invade. We’ve covered this helpful topic as well, because people are by far the greatest security threat to any organization.

However, SMB owners also need to understand the underlying mechanisms (which experts call vectors) by which this trickery occurs. Today, we’ll offer a few examples (beyond direct malware attack on an unprotected machine), to help educate you and your personnel on the problem.

Phishing Attacks
Almost always perpetrated via email, phishing involves sending a spoofed communication, such as a warning or request, from what appears to be a valid company. In the communication is a link that also appears valid but that actually points to an infected site.  When the recipient clicks the link, he or she is transported to a dummy, infected site (called an exploit kit site) that looks real. As soon as the individual lands on the site, malware infects the respondent’s computer and cybercriminals can begin downloading information from company databases, working their way into corporate servers or even launching attacks on other firms.

Malvertising

This form of cybercrime is amazingly easy to perpetrate. An attacker sets up a malicious site like the ones referenced in the previous section on phishing, then purchases ad space on Google, Yahoo, Bing or another leading online ad provider. He or she then designs creative that resembles a genuine online ad. However, when an individual sees the ad (which often promotes a surprisingly generous offer) and clicks it, the site’s ad server redirects the victim to an exploit kit site, which infects the user’s machine in much the same manner as a phishing attack.

Ransomware
Although ransomware is often installed via the mechanisms referenced above, it is worth mentioning as a separate type of attack because of its insidious nature. Once ransomware is installed, it either steals or locks down corporate resources and then sends a message demanding money in exchange for returning/releasing them. Ransomware is especially worrisome, because even cleaning the infection often won’t retrieve or restore access to the ransomed data. Sometimes, such an attempt will result in  additional damage or data loss.

How can companies avoid being victims? Implementing a multi-layered security and attack response strategy, including recurring education of employees about risks, is the best way to reduce risk and  lessen damage from an attack. Few SMBs have the in-house expertise to deploy such a broad-based security strategy, so they often choose to outsource these IT services to a security-focused managed service provider or IT support company.

In today’s threat environment, experts expect virtually every business to be successfully penetrated at least once—if not repeatedly. Whether or not an SMB avoids disaster or is dragged into a major nightmare is completely within the control of corporate decision makers.

About DynaSis
Specializing in managed IT services and network security, Atlanta-based DynaSis has been supporting small to midsized businesses for almost a quarter century. Among the services we provide are cloud computing through the DynaSis Business Cloud, 24 x 7 x 365 helpdesk support, and real-time monitoring to deal with issues before they become problems. For more information, please call DynaSis at 770.569.4600 or visit www.DynaSis.com.

By the DynaSis Team

[featured_image]

Cybersecurity, already a hot topic in the news, has moved to an even brighter spotlight now that the presidential candidates are discussing it. The merits of their positions are not for us to debate here. However, their actions underscore the idea that cybersecurity is an issue of concern to the citizens who might vote for them.

Statistics support this viewpoint, especially among the small and midsized business (SMB) community. In May, 2015, Endurance International Group (EIG) released the results of a survey that indicated 81 percent of SMB owners have cybersecurity concerns. Even more (94 percent) “often think” about online security. This is good news, given that SMBs are prime targets. A Verizon study found that organizations with 11-100 employees are 15 times more likely to have their security defenses breached than organizations with more than 100 employees.

Unfortunately, the EIG survey also contained some deeply worrisome statistics. Researchers discovered that 94 percent of SMB owners don’t have cybersecurity insurance. Eighty-three percent handle cybersecurity themselves, often because they don’t think they can afford to employ IT support staff or contract for managed IT services.

In reality, the risk of being breached has become so great that no business can afford not to engage professional help. Attack vectors are evolving so rapidly that it is impossible to avoid them completely. Multi-national, billion-dollar corporations work to manage risk with layers of protection that close security holes, remove or clean infections, detect and stop malicious activities, and provide other lines of defense for corporate systems.

As we head into 2016, we hope all SMB owners will embrace this approach and take action to fortify their companies’ defenses. There simply is no “silver bullet” for security. No single solution will protect a firm. Companies must use a multi-layered approach in order to mitigate threats. Beginning with our first January article, we will be covering various aspects of cybersecurity to help educate our readers regarding this daunting but critical task.

Cybersecurity is complex, and it deserves everyone’s full attention. To ignore it is to accept the consequences of a breach. For an SMB, such an event is almost always financially crippling. In 60% of cases, it will destroy the business within six months.

By the DynaSis Team

[featured_image]

Although the cost benefits of Voice over Internet Protocol (VoIP) phone services are well-documented, business decision makers considering VoIP want more than just savings. Software Advice, a Gartner Research company, reported in 2014 that among companies with revenues of less than $100 million, business owners were more focused on reliability and scalability than price.

These concerns are well-founded, because call quality and system scalability—not to mention enhanced system features—can vary considerably from one VoIP provider to the next. Whether a firm is currently using VoIP service and considering a change or evaluating it as a new technology, evaluating all the criteria relevant to the organization is the best way to reap maximum value. Following are some key benefits that small and midsized business owners should expect from their VoIP solutions.

Call Automation

Fifty years ago, live operators made connections, ensuring that callers reached someone who could help them. With the advent of voice mail, callers increasingly found themselves forced to leave messages or be routed around the system, never speaking to a human. VoIP technology erased this scenario forever.

A well-designed solution should be able to route incoming calls automatically to the location and device designated to service that caller. If a caller leaves a voice mail, some systems can automatically convert it to an email or text message and deliver it electronically. These services increase the percentage of completed calls and reduce the lag time between a message being left and a call returned, which improves customer service and also boost sales.

Scalability

Unlike legacy PBX systems requiring connections installed by “the telephone company,” VoIP systems can be scaled easily and inexpensively over existing office Internet (such as Ethernet) lines. Support for Wi-Fi calling increases scalability even more, since provisioning a new area of the office requires little more than adding an access point and a few handsets.

However, the price tag for upgrade assistance from a communications or managed IT services provider can vary considerably. Furthermore, VoIP platforms do require switching systems to route calls, and scalability can be an issue with on-premise PBX hardware. Cloud-hosted switching platforms are usually the most cost-effective option for system expansion.

Enhanced Communications Services

Many VoIP providers offer a palette of specialized communications services, from chat platforms to teleconferencing. All VoIP services, from basic calls to streaming HD conference feeds—travel over the same connection, providing the company has sufficient Internet bandwidth (capacity). Organizations should evaluate their current and future needs closely and align themselves with a provider that offers everything they want—along with the IT support to manage it. Switching VoIP providers after the contract starts can be cumbersome and even costly if cancellation penalties apply.

In this article, we have introduced you to some of the most fundamental VoIP considerations for business owners. To help you explore additional value-add features, we recommend this “Top 10” article from Tech Republic.

By the DynaSis Team

[featured_image]

With mobile devices presenting one of today’s biggest corporate threats (the biggest threat, according to one study), companies must make sure the mobile devices of their workforce are secure. Encouraging workers to follow mobile device policies and protocols, however, can be a real challenge.

This problem is endemic among Millennials—the up-and-coming, very large generation of workers. A report released in mid-2015 found that Millennials pose a greater threat to mobile security than any other age group. The findings indicated Millennials expect employers to handle mobile security and tend to engage in very risky behaviors, such as letting friends or associates use work phones.

With this generation just starting their careers, the problem is not going away any time soon. The secret, then, is to create a security program to which personnel will actually adhere. Part of this effort is having managed IT services that can administer and secure device-level access to corporate information. The second part involves education—reinforcement through meetings and training sessions that certain behaviors will not be tolerated. The third component is the development of policies that are sensible, clear and consistent.

Millennials in particular do not accept the advice of the older generation very well—even if the older individuals are their work superiors. They also rebel against “special treatment” situations. Following are a few tips that should help you get everyone, even Millennials, on board with your mobile device security programs and policies.

• Do not be creative or trendy—using titles like Acceptable Use Policy sends a clear message about the intent of the document.
• Keep the verbiage simple and avoid legalese. Although the policy document should not be chatty, it also should not be written above the heads of your employees.
• To eliminate grey areas, offer instructive examples of behaviors that are allowed and those that are embargoed.
• Provide instructions for workers to follow if they inadvertently violate policies. Millennials in particular like to solve their own problems. If they discover, for example, that they stored a corporate document in a personal partition, they may be able to fix that simple mistake themselves. But for issues they cannot or should not resolve themselves, give workers a resource for IT support and services.
• Most importantly, make it clear that workers will not be fired for admitting they made a mistake. If an employee loses a phone, for instance, he or she should fear reprisal only if the loss is not reported on a timely basis.

Lastly, draw a line in the sand and ensure everyone sticks to it. Intentionally subverting policies or “jailbreaking” phones (making changes prohibited by the manufacturer) to knowingly share sensitive data is tantamount to corporate espionage. Many less-innocent behaviors can still pose threats, but some firms choose to allow them.

Set your parameters and apply them consistently. If a junior sales person cannot hop onto an unsecured Wi-Fi network, for example, your CEO should not be allowed to do it, either.

By the DynaSis Team

[featured_image]

With small and midsized businesses now enthusiastically embracing the cloud, shrewd business owners are asking themselves if their firms are ready for cloud adoption—and the migration effort it entails. Moving to cloud computing without first evaluating the organization’s needs, level of technology sophistication, risk tolerance and other important concerns will diminish the value of the cloud computing project.

Every aspect of technology—and how the organization uses it—must be considered. Any shortcomings identified during the process should be addressed before the migration moves forward. For example, outdated desktops running older versions of Windows will not only minimize cloud benefits, but also increase potential security risks.

Incidences of siloed cloud computing, where individual departments or employees have adopted their own “boutique” cloud solutions to resolve specific problems, must also be explored and addressed. In some cases, leadership may choose to retain these solutions and expand them company-wide. More commonly, however, they determine that migrating the siloed data and processes to the new cloud platform is more efficient and effective.

Beyond the mere nuts and bolts of the cloud, we also encourage our clients to consider how the cloud fits into the bigger business picture. To reap the greatest benefit from the cloud, companies must identify the synergies that can be created between their business goals, challenges and opportunities and available cloud technologies.

To clarify the situation and give company leadership meaningful benchmarks from which they can make decisions, many firms opt for a Cloud Assessment. Assessments come in numerous forms and may involve multiple approaches, from self-administered software agents to on-site evaluations by qualified technical experts. The goals of these efforts are extensive and can include (but are not limited to):

• Detecting all hardware and software currently running on the network.
• Discovering where all data is being stored and accessed, how much storage is being consumed, and security measures that need to be taken to protect that data.
• Exploring commonalities between departments that can be leveraged for more efficient operation.
• Evaluating current backup and business continuity plans and preparing for improvements, when appropriate.
• Identifying untapped business opportunities and determining how the cloud can help develop them.
• Envisioning how fast the company is growing (and predicted to grow) so the final solution can be sufficiently robust to support that growth.

Once company decision makers have all of this information, they are in a better position to identify an appropriate cloud provider and start preparation for the transition. The actual process of prepping for and achieving the migration is a separate step, so we will save that discussion for a future date. The main point here is that only after an organization has conducted a formal assessment and evaluated the results is company leadership able to make pragmatic, fruitful decisions regarding this remarkable computing opportunity.

About DynaSis

DynaSis is an Atlanta IT services and cloud computing provider for small and midsized businesses. All of our solutions focus on helping companies achieve the three fundamental IT necessities of the modern business—Availability, Security and Mobility. We specialize in on-demand and on-premises managed IT services, managed cloud infrastructure, desktops and backups, and professional hardware and equipment installation. For more information about DynaSis’ IT support and services, visit www.dynasis.com.

By the DynaSis Team

[featured_image]

Although a growing number of business owners understand that technology can increase productivity and reduce risk, in our experience, only a few have made a solid connection between technology and their company’s financial health. In his recent article, “Technology Outcomes Every C-Level Executive Should Expect,” DynaSis President Dave Moorman explains how system availability is a key factor in effectively reducing expenses because of the productivity gains it supports.

This benefit is a fundamental and realistic goal for every firm. However, to reap the greatest benefit from technology, companies need to keep moving their efforts forward. Digital technologies—from the cloud to predictive analytics—are transforming the revenue generating capabilities of organizations at all levels.

Using technology to touch more customers, more often and more easily, for example, forges stronger relationships that increase loyalty and sales. Ecommerce and the automation it enables streamlines product sales and delivery in ways never before possible, reducing overhead and increasing margins. Perhaps most importantly, none of these solutions is an island, and firms that interconnect technologies in new and inventive ways are seeing even greater benefits. We recently read a case study that illustrates this point.

Royal Caribbean Cruise Line has a class of ships (the Oasis line), each of which carries more than 5,000 passengers. To avoid diminishing the passenger experience on such a massive ship, Royal Caribbean decided to eliminate waiting lines for dining and other onboard activities, which research showed would create a more intimate, personal environment for the passengers. To achieve this goal, the cruise line deployed an integrated network of shape-recognition cameras, smart cards, hundreds of wireless access points and other digital technologies to provide the information necessary to eliminate these lines. The project was a rousing success.

We don’t have room to explain how they did it here, but the point is that they leveraged technology in a broadly connected way—one they had never considered—specifically to achieve a profit-based goal. Technology is more than a set of discrete solutions—the network, the desktops, the website, the CRM system, etc. When companies stop viewing each technology solution as the response to a problem and start to consider all of them collectively as an interconnected opportunity generator, they can create a value chain that strengthens customer relationships, fosters greater competitiveness and promotes business innovation.