About Mark Bochkis

This author has not yet filled in any details.
So far Mark Bochkis has created 3 blog entries.

Running Your Business on the Cloud? SD-WAN May Help

“Necessity is the mother of invention” – English proverb

Ever notice how one small change can cause a cascading series of bigger changes? It’s the classic butterfly effect in a nutshell – a butterfly flaps its wings in China, and 12 hours later a tornado hits, let’s say, Kansas. One small thing leads to a seemingly unrelated, bigger thing.

The relatively recent rise of the cloud and Software-as-a-Service (SaaS) provides an excellent example of the theory in work. Of course, these trends are more significant than a single flap of butterfly wings. And the aftermath is surely less destructive. Nonetheless, the changes that adoption of the cloud has ushered in have been immense, and not always predictable.

One of the biggest and more obvious tech-related changes is the growing demand for digital bandwidth. After all, it makes sense that you’d need more of it to routinely access applications online, rather than from a copy saved on your desktop.

That extra bandwidth has a cost. Moreover, if you’re now relying on the cloud to run your critical business operations, maintaining access to the cloud is suddenly much more of an imperative.

The more unpredictable response to cloud adoption is how organizations have adjusted to account for these new challenges. Today, going offline – for any reason – is no longer a palatable option for many business. So, smart operations have found a way to control their access to the Internet more intelligently, strategically, securely and with more granularity.

Necessity, meet SD-WAN.

What Is SD-WAN?

SD-WAN stands for software-defined wide area network. That’s a lot of words and not necessarily revealing concepts.

Simply put, SD-WAN is a service that lets you parcel out your digital connection bandwidth to each specific resource, based on strategic rules you control.

What Does SD-WAN Do?

One of the key benefits of SD-WAN is that it allows you to package your expensive, dedicated MPLS network with cheaper, public internet services.

Some business applications require the added security of traditional, dedicated WAN connections. But, not all. Also, many cloud-based applications are protected by their own, robust security or encryption measures, requiring less intense security investment from users.

This means that your business traffic can be segmented into separate streams of varying technical requirements – some routed via a MPLS network, and some through a public internet service provider (ISP) of your choice. And that’s exactly what SD-WAN does, optimizing your costs in the process.

You could possibly even ditch your expensive, enterprise-level connection and go with two different, lower-cost ISPs.

Why Get SD-WAN

Redundancy – SD-WAN allows for the use of a second Internet provider service, ensuring that your business network stays online in case one service is interrupted.

Cost-efficiency – Mixing your enterprise-level connection with broadband or other cheaper internet delivery options through SD-WAN allows you to optimize your costs.

Maximum performance – With SD-WAN, your multiple connections can all be used at the same time, maximizing the available bandwidth. In effect, your multiple connections add up to a bigger pipe for your traffic to flow through.

Security – SD-WAN ensures that specific, customizable security protocols are followed for every cloud-based application, always.

How Does SD-WAN Work?

SD-WAN devices and software monitor all available traffic paths, keeping track of latency, one-way packet loss and available bandwidth for each. Traffic is routed through the best possible path, taking into account security requirements of each individual data request. The software reacts to changes in performance, adjusting connections as necessary at sub-second time intervals.

Beacon Knows SD-WAN

If you’d like to learn more about how SD-WAN can help your business, give BITS a call. Our experts are here to help you understand your options. Request a free network audit today.

By | 2019-03-19T11:55:02+00:00 March 19th, 2019|IT Services|

Top Security Breaches of 2018

Some of the biggest companies in the world were hit by some of the biggest cyber security breaches in 2018. Of the 24 largest breaches of all time on the USA Today list, three of the top 10 occurred last year – Marriott, Under Armour and Quora.

But it’s not just the digital novices who are vulnerable. Cyber breaches were also a problem for tech-giants, like Google, Facebook and Twitter last year. If Google isn’t safe, what chance do small and medium-size business have of keeping their digital infrastructure secure?

A snapshot of the digital security landscape, afforded by a peek at some of the biggest breaches of last year, can at least give us an idea of what private business owners could be up against. That broad look should also provide the ammunition to assess what solutions need to be applied.

The Breaches

  1. Marriott: 500 million customers
    • What was stolen: names, addresses, email addresses, phone numbers, dates of birth, passport numbers, credit card and additional personal information
    • What happened: Reports of the breach alleged the company was hacked by foreign intelligence operatives. The vulnerability came via Marriott’s Starwood booking system, which the company purchased in 2016. Investigation revealed that the Starwood system was compromised since 2014.
  2. Under Armour (MyFitnessPal): 150 million customers
    • What was stolen: names, email addresses, encrypted passwords
    • What happened: The company discovered unauthorized third-party access to some of its customer data, but reported that its security measures kept the intruders from more sensitive information, such as GPS location, eating habits, credit card and Social Security numbers.                                                                     
  3. Google Plus: 52.5 million customers
    • What was stolen: names, email addresses, dates of birth, personal Google + session information
    • What happened: A security audit discovered that outside app developers could have had access to personal information of Google Plus users b/w 2015 and 2018. The company announced a breach affecting 500 thousand users in October (the breach occurred several months earlier). In December, Google revealed a second, bigger breach of 52.5 million users. Google is ending the Google Plus platform, and the breaches have helped to expedite its demise.
  4. Panera Bread: 37 million customers
    • What was stolen: names, addresses, email addresses, dates of birth and last four digits of customer credit cards
    • What happened: Panera was tipped to a database leak in August of 2017, but ignored warnings of security experts. The company failed to take action for eight months.

What Does This Tell Us?

It’s not every day that you’ll find yourself the target of government-sponsored hackers. Or is it? Reports have circulated for years about foreign hacking of corporate, government and infrastructure targets in the US.

Putting aside the fact that Marriott was potentially the target of international espionage, the company acknowledged a sub-optimal investment in cyber security. While internal security protocols did signal an unauthorized access to the system, they were not sufficient enough to detect the vulnerability during the acquisition of the system two years earlier. Marriott has since hired a new chief information security officer and began reporting on cyber risks to the company board.

Marriott, like Under Armour, was at least partially positioned to withstand cyber attacks. Both companies responded by studying their vulnerabilities and applying fixes in short order. Notably, they went to outside experts who could provide an honest, objective assessment of threats and recommend the right fix.

Google decided to keep the initial breach in-house – because they’re Google – and was burned by another, much bigger breach less than 10 months later.

Panera, on the other hand, mishandled everything – from the initial vulnerability, to the flagging of the issue by an outside security researcher. Eight months passed between when Panera was notified to when a fix was applied. And in the process, the company ignored a credible tip and efforts of an informed individual trying to help.

Hubris and presumptive arrogance on one end… insufficient deployment of security resources on the other. Despite the size of these companies, when it comes to cyber security, the execs of international corporations face the same type of problems and decision-making concerns as small business owners.

So, What Can Business Owners Do?

Well, the first thing to do is to acknowledge that cyber security is not your area of expertise. Guard against that hubris and arrogance by staying humble in your attempts to address this need. It’s ok to acknowledge that you’ll need the help of a trusted cyber security expert.

That said, the scale of the threats you’ll face is probably different than that of Marriott and Google. It’s unlikely you’ll face government-sponsored espionage. Small and medium-sized business are more likely to fall victim to ransomware attacks. As such, you’ll need backup and firewall services tailored to exploits favored by ransomware attackers.

At Beacon, we lean on the SonicWall Capture Advanced Threat Protection service to keep our clients free from ransonware and subsequent critical failures. The SonicWall platform is designed to discover and defeat zero-day (brand new) threats, and is set up to provide automated remediation – meaning you don’t have to lift a finger.

Beacon Knows IT Security

If you’re ready to take your IT security to the level it needs to be, give BITS a call. We’ll be happy to talk through the needs of your business.

By | 2019-03-19T11:57:50+00:00 February 26th, 2019|IT Services|

Employee Security Training: Your IT New Year Resolution

Happy New Year! What are you looking to do better in 2019?

The turn of the calendar tends to bring with it thoughts of personal growth and improvement.  But, for many business owners – their identity being tied directly to their enterprises – New Year’s resolutions often translate to things they can do better for their companies.

So, let’s restate the above question: What are you looking to do better for your business in 2019?

If you’re open to it, allow us to offer a suggestion: if you haven’t made cyber security a part of your company culture, make cyber security training for your employees a priority this year. Why? Because you’ll be shoring up the weakest part of your network defenses.

The Case for Initiating Security Training for Your Employees

It’s not a secret that employees are the weakest link in any organization’s security efforts. That doesn’t mean that your staff is going out of their way to jeopardize your network. They’re just either unaware of which actions leave the company vulnerable, unsure of what to do if they do encounter a potentially threatening situation, or simply don’t assign a great deal of importance to security concerns (this is sometimes called the “it’s the IT guy’s problem” syndrome).

In most cases, though, you really can’t blame the rank-and-file. Think about this:

  • 65% of companies have over 500 employees who are never prompted to change their passwords
  • 52% of business leaders don’t know what to do if cyber security is breached
  • 45% of employees don’t receive cyber security training at all
  • Microsoft Office applications (Word, Excel, etc) account for 38% of malicious file extensions
  • 91% of cyber attacks begin with a phishing email

What are these statistics telling us? First, that workers are routinely targeted – and via the communication methods (email) and business applications they rely on the most (Microsoft Office). Secondly, if/when things go wrong, management typically doesn’t empower employees to help in warding off the threats, and often has no plan of action.

Let’s take a look at a few more statistics:

  • cyber crime is expected to cause $6 trillion in damages by 2021
  • 61% of breach victims in 2017 were companies with less than 1,000 employees
  • average cost of malware attack is $2.4 million

If you’re a small business, a multi-million dollar mistake is hard to recover from. Encouraging your team to become more discerning digital users and an active part of your data security efforts is, simply put, the smart move. The best way to do that is with an active cyber security training program.

What Does Security Training Entail?

Education can cure a lot of ills. This is absolutely the case with cyber security concerns. But before you can teach, you much know where your subjects stand.

As such, the first part of training focuses on identifying what your trainees know and don’t know. At Beacon, we initiate our cyber security training program with real-world examples of cyber exploits. This is accomplished with a computerized test, where employees are asked to complete a few simple tasks, such as opening an email with an attachment.

The test serves two purposes. First, it exposes people to real life attack methods that they are likely to encounter. Secondly, it identifies the types of exploits to which your team is most vulnerable.

Once you know which types of tricks are most likely to work on your team members, you can arm them with the skills to shore up their vulnerabilities. That’s the second part of the training – teaching how to recognize when something is amiss and how to counter a suspected attack.

The training portion should be tailored to each employee, based on the results of their assessments. Focus on what they don’t know. You don’t want to waste anybody’s time going over concepts they already know well. Your team is more likely to retain information they find valuable and/or interesting – so, teaching them stuff they know is counterproductive. Each employee’s training should cover the exploits they did not handle well during the assessment.

At the end of training, be sure to remind your team of how valuable their contributions to network security are.

Beacon Knows Security Training

Want some professional help with your employee security training? BITS is here to help. We’re more than happy to get your team up to speed on the latest cyber threats.

By | 2019-03-19T11:58:00+00:00 January 28th, 2019|Computer Related, BITS News, IT Services|