Cybersecurity: Small Business Solution to an International Problem

“Cyber intrusions and attacks — many of them originating overseas — are targeting our businesses, stealing trade secrets, and costing American jobs. Iranian hackers have targeted American banks. The North Korean cyber attack on Sony Pictures destroyed data and disabled thousands of computers. In other recent breaches that have made headlines, more than 100 million Americans had their personal data compromised, including credit card and medical information.”

This commentary doesn’t belong to a cybersecurity expert working for big business. And they’re not an assessment by a member of the intelligence community.

No, these words were published in an April 1, 2015 op-ed in Medium (a popular online journal) by none other than the 44th President of the United States, Barack Obama. They speak to the enormity and seriousness of the problem that cyberattacks initiated in foreign countries present to American businesses and citizens.

These concerns have not dissipated in the interceding years. In fact, the threat continues to grow.

Cybersecurity vulnerability isn’t just an American problem. It is a truly global concern. That recognition has driven international cooperation among the world’s governments, best exemplified by early agreements like the Budapest Convention on Cybercrime, and supported by more recent measures, like the Obama Administration’s Executive Order promoting the sharing of private sector cybersecurity information.

These efforts aim to protect consumers and businesses in developed nations, by building up capabilities and shoring up vulnerabilities in both developed and developing countries. After all, cybercriminals often operate more freely in less-regulated, emerging economies.

But, not all international initiatives succeed. In fact, nations like China, Russia and India have bristled at the terms of agreements like the Budapest Convention, preferring to keep their policies, capabilities and vulnerabilities closer to the vest.

So, while some global efforts are succeeding in identifying and bridging cybersecurity gaps – this paper by the non-profit Third Way captures the latest success and challenges – American businesses still face a digital environment fraught with danger.

As a business owner, you can appreciate the gains made by global cybersecurity cooperation. But, at the same time, you must also do everything you can on your own to secure your digital assets.

Protecting Your Business From International Cybercrime

There are a number of things you can do to minimize the chance of being victimized by international cybercriminals. This article from The SSL Store outlines a detailed, robust 9-step guide for cybercrime prevention:

  1. Follow industry best practices (GDPR, NIST, HIPPA, PCI SSC)
  2. Implement digital and physical security measures (antivirus, firewalls, etc)
  3. Keep up with asset lists, patches and software updates
  4. Manage SSL/TLS certifications and keys for your domain
  5. Train employees to identify threats and take appropriate and immediate action
  6. Implement email security solutions and run your employees through phishing simulations
  7. Monitor traffic and access to increase transparency
  8. Test and assess your systems regularly
  9. Develop, implement and enforce new security policies often

This a great, comprehensive list. The only problem is, it’s impossible to implement all of these recommendations for most small businesses. If you have the budget for a robust IT team, yeah, you can handle most of this in-house. But, most small businesses run a shoestring IT operation with one, maybe two, people.

So, What Can Small Businesses Do To Prevent International Cybercrime?

If you’re a small business, a more reasonable technical solution may be to simply wall yourself off from countries known to host a large number of cybercriminals. If you don’t do business in places like Russia, China, Brazil, or any other country from which a large number of cyberattacks are known to originate, then there’s no reason to leave yourself exposed to bad actors in those locales.

One solution we’d recommend is the SonicWall Geo-IP Filter. Configuring the filter is relatively straight-forward and easy. If you don’t do

any international business at all, you can simply block all international traffic and call it a day. If, on the other hand, you have a few international markets where you’re active, you can set up the filter to allow connection from just those countries.

But, what if you have a substantial number of customers in some of those less-regulated countries? For this scenario, you can create a “white list” of IP addresses that belong to your clients and you know are safe, and still block traffic from everyone else.

One word of caution: the Geo-IP Filter may not protect your network from VPN connections. VPNs are used to route internet traffic through one or several servers located in different parts of the world, masking the true origin of the user.

Beacon Knows Cybersecurity

Want some expert help setting up the Geo-IP Filter, or implementing any other cybersecurity measure? BITS is here to help. Give us a call today.

By | 2019-11-19T14:24:15+00:00 November 19th, 2019|IT Services|

The Scary Interwebs: Top Cyber Security Threats in 2019

Big plans for Halloween this year?

The October 31st holiday is an annual pilgrimage to the Altar of the Sweet Tooth for the kids. For adults, on the other hand, the celebration is closer to a fetishization of all things horrifyingly scary.

If you’re a small business owner, or an executive tasked with keeping your company’s digital infrastructure and business data safe, however, you might be forgiven for wanting to skip the terror-fest this year. Why? Because the number and variety of cyber threats just keeps increasing exponentially, year after year, making every day Halloween.

A few obligatory frightful statistics to ponder:

  • A hacker attack on an internet-connected computer or device occurs every 39 seconds.
  • Depending on who you ask, anywhere between 43% and 50% of cyber attacks target small businesses specifically. Oh, and small business typically invest less than $500 on cyber security.
  • Despite the prevalence of cyber crimes and the attention they receive, only about 10% are actually reported – meaning that the statistics above and below may represent the low end of the possible threat spectrum.
  • Some off-the-shelf hacking tool kits are available for purchase for as little as $1.
  • Roughly three out of four organizations lack even a basic cyber security incident response plan.
  • A data breach can often go nearly six months before being detected – and this is true for your financial institutions (Capital One), credit monitoring agencies (Equifax) and even the big boys in tech (Facebook).

What new and potentially devastating cyber threat trends emerged in 2019? Let’s take a look.

Cloud Computing Infrastructure Exploitation

Over the last several years, cloud data storage has become big business, and a popular method of managing your company data. However, non-secure sign-up processes, ease of use and low costs make cloud providers targets for all sorts of nefarious actors.

“Hackers have been found using cloud services to mask their identities while carrying out attacks. We have seen hackers exploiting and abusing popular cloud-based services such as Google Cloud Platform, Microsoft Azure, Asus Cloud, Google Drive, Dropbox, and others to fool their victims. Hackers may use these services to spread malicious code or distribute macro-laden documents and spreadsheets or use them as command and control servers. Hackers were also found using cheap cloud services to host their entire DDoS and brute force infrastructure, and then targeting users and other cloud providers.” – TechGenix

Mobile Fraud

As more and more financial transactions are being initiated on mobile devices, cybercriminals have shifted their exploits to the apps supporting e-commerce.

“Today, mobile fraud is outpacing web fraud. More than 60% of fraud originates from mobile devices. It used to be mobile browsers that were fraud heavy, but now 80% of mobile fraud comes from mobile apps.” – RSA White Paper

Blockchain Privacy Poisoning

Just last year, blockchain technology was being hailed as the most secure method of encryption. How quickly things change.

Hackers have found a way to turn legislation aimed at protecting online consumers – GDPR – into an exploitation through what’s now being called “privacy poisoning.”

“The term […] refers to the insertion of personal data into a public blockchain, thereby making that blockchain non-compliant under the European General Data Protection Regulation (GDPR). According to the GDPR, all individuals have ‘the right to be forgotten,’ so you can immediately see why blockchain technology represents such a problem: by their very nature, blockchains are meant to be completely unchangeable and immutable. So this naturally creates a paradox for organizations: you have personal data ‘on chain’ that cannot be altered, and you simultaneously have the right of individuals to change, alter or delete their data at any time. Personal information cannot be deleted without compromising the chain.” – CPO Magazine

Software Supply Chain Attacks

Not only are hackers targeting cloud networks and mobile banking apps, they’re also going after the source code via software supply chain attacks.

“Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.

Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when they’re released to the public. The malicious code then runs with the same trust and permissions as the app.” – Microsoft 

DDoS

Distributed denial of service (DDoS) attacks – flooding a targeted website with an overwhelming amount of traffic – are nothing new. In fact, it’s one of the oldest methods of carrying out cyber warfare.

DDoS attacks were on the decline as recently as 2018. But that trend appears to be over, as Kaspersky Lab notes:

“Last year the number of DDoS attacks was constantly falling, leading Kaspersky Lab experts to assume that cybercriminals who had been conducting DDoS attacks for financial gain had shifted their attention to other sources of income (such as crypto-mining). However, statistics for Q1 2019 contradict this trend and show that the number of DDoS attacks blocked by Kaspersky DDoS Protection has actually grown by a staggering 84%, when compared to Q4 2018. This figure could indicate that such attacks were still in demand, despite being inaccessible when popular DDoS marketplaces were taken down. Once new DDoS-for-Hire websites launched, the number of attacks grew exponentially as a result.”

Beacon Knows Cyber Security

Want to make sure your business is protected from the latest hacker exploits? Beacon is here to help. Give us a call today.

By | 2019-10-24T08:43:03+00:00 October 24th, 2019|Computer Related, IT Services|

Client Spotlight: RSVP Communications, Inc.

At Beacon, our success hinges on how well we know our clients. That’s what empowers us to anticipate their needs and deliver the right solution to the right problem at the right time.

That doesn’t just happen by accident. It happens with a purposeful effort to get to know and understand our clients, their business needs and future goals. And, as with any successful relationship, it all starts with asking questions.

Every once in a while, we wrangle one of our clients for an honest conversation about what we’re doing well and how we can improve. After all, you’ll never know if you don’t ask.

This month, we had the privilege of chatting up Ken Dobbins, Vice President and General Manager of RSVP Communications, Inc.

Conversation with Ken

Beacon: How does BITS help you be successful? 

Ken Dobbins: You play a huge role for us. When we joined up with Beacon we ended up getting a lot of brains and a lot of different perspectives on how things can be done. You get all these smart people in a room that come up with great solutions. We’ve had great success with you guys.

B: What separates BITS from other IT services/providers? 

KD: Your performance is really a cut above. If there’s an issue, you can get somebody over here pretty quick. Your monitoring capabilities are outstanding. And, you guys are reading, developing and understanding what the market is doing every day. That’s your job.

B: What’s the best part of working with BITS?

KD: Your understanding of the industry. The flexibility that you have. And, your customer service – Beacon has got a great team, top to bottom.

Contact Center Upgrade

On top of the core IT services Beacon provides to RSVP, we’ve also had the chance to help out with a couple of special projects. One such opportunity was the expansion of the RSVP contact center.

KD: Here’s what’s amazing. With the help of you guys and three other companies, we were able to rip out the entire Contact Center – all the work stations, all the carpet, all the wiring, all the electrical – and come in and run new electric with drop downs from the ceiling, instead of in the floor. We were able to – in a three-day period – come in, rip it all out, put it all back in, and on Monday morning, the agents were able to come in and go right to their work stations and go to work.

Warehouse Expansion

In addition to upgrading the Contact Center, Ken also oversaw the expansion of the RSVP Communications warehouse from 79,000 sq. ft to 109,000 sq ft.:

KD: You guys were instrumental in coming in and making very good recommendations on what equipment we should have, what equipment we shouldn’t have, and monitoring the guys who were doing the actual install – pulling the wire, putting the equipment in – monitoring all that to make sure that they’re putting in the right stuff.

At the end of the day, there were some issues that you identified that we were able to get fixed along the way.

It’s not that anyone was doing a bad job. It’s just that you guys were just doing a great job to ensure that it was being done right. That was extremely successful, and the new facility is up and running flawlessly pretty much.

About RSVP Communications

The company delivers a number of services, helping clients market, sell and deliver their products to their customers. These services require a broad set of competencies – from web developers creating custom CRM applications and friendly customer service representatives managing customer questions and orders, to a robust warehouse operation ensuring that the right products are shipped on time and where they need to go.

That’s quite a complicated operation. But all the complexity is skillfully managed with strong infrastructure, experienced people, proven systems and reliable technology.

Client Profile

Name: RSVP Communications, Inc.

Size: 80+

Industry: Product Fulfillment, Call Center Services, Marketing

Location: Greensboro, NC

BITS Services: end-user support (managed IT), server support, IT consultative services, expansion support

By | 2019-09-26T05:40:26+00:00 September 25th, 2019|System Administration, BITS News, IT Services|

Small Medical Offices: How to Stay on the Right Side of Data Security

In the last decade, the healthcare industry has undergone a dramatic evolution in the way that medical records are managed. If you work in the medical field, whether as a doctor, nurse, technician or administrator, you could not escape the implication of the “big switch” to EMR (electronic medical records).

The change from paper to electronic record-keeping was a needed step forward. EMR saves time, money and all those trees, in addition to improving actual patient care. But, while considerable efforts were expended to convince everyone – from the largest healthcare systems to individual medical practices – to adopt this more tech-forward approach, not as much attention was paid to the vulnerabilities of a healthcare system so reliant on tech.

Let’s be clear, EMRs did not cause the astronomic spike in cybercrimes of recent years. But, in the rush to adopt a better system, it’s possible that not enough was done to protect that system from people who’d want to exploit it.

As a result, it’s not uncommon to find headlines like these:

The Verge’s Nicole Wetsman provides a succinct summation:

“Despite the rising threat, the vast majority of hospitals and physicians are unprepared to handle cybersecurity threats, even though they pose a major public health problem.”

But, Is Cybersecurity a Problem for the Little Guys?

The short answer… yes. One of the biggest hurdles to creating a safe and secure IT network for your small medical or dental practice is thinking that you’re too small a fish for anyone to bother with.

“Most small businesses, including medical practices, think they’re too small to be a target to hackers. Unfortunately, medical data is a prize most hackers want to get their hands on and they will specifically target small medical practices expecting to find little to no cybersecurity in place.” – myitsupport.com, 4/13/2017

Don’t let the size of your business fool you into thinking that you’re immune to being targeted by cyber criminals. The cybercrime epidemic is not slowing down. But, if you’re one of those small medical practices, there is good news: it just might be easier to protect a small office from hacking than a complex, sprawling healthcare system.

Cybersecurity & HIPAA Compliance

While it isn’t a silver bullet, the U.S. government does provide guidelines and standards for setting up secure networks to store and maintain private health data. These instructions are included with a host of other requirements  governing the management of personal medical information. However, they are not easy to parse, especially for medical practices lacking experienced IT staff.

That said, the requirements for small medical practices with just one or two locations are considerably less than for large healthcare systems with numerous locations and thousands of patients. Even so, compliance is not always a snap, and the penalties for coming up short can be severe (up to $50,000 per HIPAA violation).

How to Protect Your Medical Practice From Cybercriminals & Stay HIPAA Compliant

So, what do you need most to keep your electronic records and IT network secure? It helps to have a trusted partner who can combine expert knowledge in IT and data security with specialized knowledge of HIPAA.

Step 1: The Audit

Before you can fix a vulnerability, you have to be aware that a vulnerability exists in the first place. To that end, it helps to conduct a thorough audit of your existing network setup and see what’s what. The results should then be compared to the requirements spelled out by HIPAA.

While the audit could be conducted by your internal IT staff (if you have it), it’s best to let an outside consultant perform the assessment. That approach typically leads to better, more accurate results.

The audit results should then by reviewed for compliance with HIPAA regulations. At BITS, we rely on our partner, Total Medical Compliance (TMC), for this type of analysis.

Step 2: Results & Recommendations

After your HIPAA experts complete the analysis and present the results, your IT vendor should outline a list of issues that need to be addressed and deliver a set of solutions for your consideration.

Some of these may require an investment into newer or better equipment, including servers or security devices. More often, recommendations will call for updating to more stringent internal user policies, including unique logins for all employees and stronger password protection protocols.

Step 3: Implement the Recommended Solutions 

If you’ve decided that it’s important enough to know about your digital vulnerabilities, you’ll want to finish the job and address found concerns. You just don’t want to be oversold on something you don’t need.

Be sure to ask for explicit explanations of every recommendation presented to you. At BITS, we discuss and review every suggested solution with our clients, so there is no question why we make the recommendations that we do.

Beacon Knows Medical Data Security

Does your medical office need to reassess data security and HIPAA compliance? BITS can help. Reach out to our team today.

By | 2019-08-28T10:28:26+00:00 August 28th, 2019|System Administration, IT Services|

Employee Monitoring: Balancing Security & Productivity

Is your small business optimized for digital security and productivity?

Pretty much every business takes measures to protect its network and IT infrastructure. With the extraordinary proliferation of malware and ransomware attacks in recent years, it’s just prudent planning to set up strong defenses against potential intruders.

Managed IT services, which focus on more mundane tasks like updating and patching business applications, typically don’t receive the same level of scrutiny. But, they also play a key role in protecting your company’s key digital assets.

Why Monitor Employee Computer Habits?

<a href="http://www.freepik.com">Designed by vectorpouch / Freepik</a>The focus with managed IT services shifts from outside threats to internal ones. With firewalls and security protocols in place to counteract bad actors, in-house monitoring efforts ensure that internal digital vulnerabilities are identified and neutralized.

In addition, monitoring of your employees’ computers offers managers and business owners something else – the ability to track productivity. This can come in the form of tracking the websites employees visit, time spent in business application, idle time and a host of other activities.

Considering American cultural ideals of privacy and trust, however, this type of monitoring can rub some employees the wrong way. So, how do you navigate the competing priorities of security and privacy as a business and keep your employees happy at the same time?

Two Approaches to Employee Monitoring

There are two schools of thought pertaining to monitoring employee computers – and they are on the opposite ends of the spectrum. We’ve dubbed these as the “Don’t Do Stupid” and the Centralized Control options.

The “Don’t Do Stupid” Model

<a href="http://www.freepik.com">Designed by pikisuperstar / Freepik</a>

This is the less hands-on approach to employee monitoring. It works well in office cultures with a high degree of trust and business environments where a potential breach of trust would not result in a catastrophic failure. This is the more permissive set up, and probably the one most preferred by employees, managers and IT professionals alike.

With this approach, productivity is encouraged by a simple “black list” of websites that employees cannot access. Black listing is guided more by legal requirements, industry norms or security considerations, rather than the drive to limit employee browsing options.

Security is upheld with a minimum number of rules and tracked employee activities with potential for exposure to cyber threats or other digital vulnerabilities.

The Centralized Control Model

<a href="http://www.freepik.com">Designed by iconicbestiary / Freepik</a>

This model has much in common with the much more controlled way that internet activity is regulated by non-democratic governments, like China. The approach replaces the “black list” with a “white list” – rather than listing the destinations employees can’t access, the organization creates a limited list of approved websites.

Activity tracking is also much more robust, aiming to collect as much data on individual employee usage patterns as possible in order to promote a culture of efficiency.

This type of employee monitoring set-ups are more commonly deployed by larger organizations, like health systems, banks and multi-national corporations.

Your Model

Which model works best for your business? As with most things, your business needs will dictate the appropriate approach to employee computer monitoring. And, odds are, it’s going to fall somewhere in between the two extremes described above.

Once you settle on the level of monitoring that works for your business goals and office culture, it helps to have a knowledgeable IT team implement the monitoring set up.

Beacon Knows Managed IT Services

Looking for an experienced IT team that can help you manage your business network? Look no further, BITS is here to help. Give our team a call today to discuss your IT management needs.

By | 2019-07-25T12:09:12+00:00 July 25th, 2019|System Administration, IT Services|

Client Spotlight: Graham Personnel Services

How do BITS customers really feel about the job we do for them? We’re sure that almost every business asks itself a variation of the same question. After all, being successful is all about maintaining relationships.

Here, at BITS, we really wanted to know the answer. So, we decided to take the radical step of, you know, actually talking to our clients about how our services impact them.

Inaugural Client Spotlight

This month, we had the pleasure of speaking with Dace Hennessee, General Manager of Graham Personnel Services. Dace was extremely welcoming and forthcoming about his company’s reliance on the IT expertise provided by BITS.

So, what stands out about BITS services to Dace?

“Beacon is a local company. Graham Personnel is a local company. I think that’s a good match. We like to support locally owned Triad companies.”

That answer is more than just a preference for doing business with a neighbor, however. It’s about quality and reliability. And, knowing that if the owner’s computer is experiencing an issue, it will be fixed as fast as humanly possible. (In this case, we did our thing and it was back to normal within the hour.)

In managed IT services, the speed with which a glitch is resolved can mean a difference of thousands of dollars. After all, if his computers are down, Dace isn’t placing too many people on work assignments.

And that can be a major concern if, let’s say, you’re moving your entire operation to a new location.

“The Move” 

One of the biggest projects BITS managed for Graham Personnel Services was transitioning the company’s IT infrastructure to new offices on Gallimore Diary Road. In addition to it’s 30+ employees, GPS also houses multiple classrooms with dozens of computer stations where applicants are screened for various skills.

“Two years ago, we switched everything from one location to another location. I think we were down for 30 minutes,” says Dace. “We were up and functional by 8:30 [a.m.]”

The BITS team handled all the planning, logistics and execution for the job, seamlessly transitioning employee work stations, classroom computers, company servers and presentation equipment to their new homes.

“A lot of that was planning. It was getting involved early,” observes Kevin Lackey, BITS Account Executive who was involved in the project. “Having that vision on the front side, knowing what the expectation was, and being involved so early really helped us. Because we knew: this is what he’s asking.”

What Else Does BITS do for GPS?

In addition to helping with the occasional monumental move, BITS provides all end-user support for GPS’ employee work stations. In plain language, we are Graham Personnel’s external IT team. Everything from managing software updates to helping recover lost passwords is managed by the BITS help desk.

We also help Dace keep an eye on equipment performance, recommending updates when necessary and managing the procurement process.

Last, but definitely not least, BITS also manages firewall and backup functions for the GPS website, keeping digital assets secure and functioning at 100%.

About Graham Personnel Services

Graham Personnel Services has a 50-year history of successfully placing job seekers in the Triad area with businesses, large or small, in the distribution, manufacturing, professional and healthcare sectors. Over the years, the company has developed expertise and earned recognition in helping Fortune 500 companies and small businesses in Greensboro and the surrounding communities fulfill their staffing needs.

During any given week, there are anywhere between 700 and 1,200 associates placed on assignments with Graham Personnel clients. The firm takes pride in its commitment to customer satisfaction and strives to be the local leader in recruiting.

Client Profile

Name: Graham Personnel Services

Size: 30+ employees

Industry: Staffing

Location: Greensboro, NC

BITS Services: end-user support (managed IT), firewall, backup

By | 2019-06-26T07:46:42+00:00 June 25th, 2019|System Administration, Computer Related, IT Services|

5 Assumptions of a Great Email Backup Solution

Two email icons floating against clouds over an open handYour company’s email accounts represent some of the most vital assets of your business. They contain important client correspondence, extensive team processes and projects, working copies of various reports and deliverables, and a host of additional valuable bits of information.

A loss of a record, or the inability to find or retrieve archived information, can cause tremendous harm to a business relationship with a client, vendor, regulator or even your own employees. That’s why responsible business administrators take steps to protect their business email accounts through comprehensive email backup solutions.

Finding the Right Email Backup Solution

Let’s be honest, as a business owner, you’re more at home selling a client on the value of your services, finding that next great team leader or setting the long-term direction for your growing business units. Understanding the nitty-gritty of email setup does not, and should not, rank high on your priority list.

That said, protecting your business emails is a real need – all the more pressing if your company is growing. So, how do you know what to look for in an email backup service?

To help business owners navigate the search for the right email backup solution, we’ve put together the below list of requirements.

Email Backup Solution Assumptions

Cloud symbol with a white down arrow1) On-demand email retrieval

Mistakes happen. Important emails containing sensitive or proprietary information get lost or erroneously deleted all the time. It’s been happening since the beginning of time… or, you know, the business computing era, at least.

No matter how well-intentioned your employees are, and no matter how many stringent protocols you put in place, it’s going to happen. Sure, prevention efforts are important. But, for when the worst does happen, a robust email backup solution makes sure it’s reversible.

2) Protect data in email accounts of former employees

What happens to the email accounts of your employees who leave? You’d be surprised how many small businesses don’t have a plan for retiring the email accounts of former team members.

Yes, in majority of cases, your former employees are trustworthy individuals who would never dream of taking advantage of continued access to their old work account. But, it’s better to be safe than sorry.

A good email backup service will feature a plan to save and convert employee email accounts into archives, preventing any unauthorized access after employee separation.

3) Compliance with industry data storage requirements

Your industry, or the industries in which your clients operate, may have requirements governing various aspects of data storage. Some businesses in the health care space, for example, are required to keep backup data physically on-premises.

The right email backup service will help you both, understand the data security requirements applicable to your business, and structure your email solution to be in full compliance.

Female hands on the keyboard of a laptop, and a list of files on the screen4) Easy search of archived and backed-up files

Have you ever had a client ask historical data from a project completed years ago? Or, maybe tried to recall that perfect response to a complicated technical question? The team members involved in those initiatives may be long gone. But, with the email backup solution in place, you still have access to their correspondence and files.

A search of your business email archive can bring back the needed historical information quickly and efficiently. Having an easy-to-navigate archive of your old business information is a valuable resource.

5) Portability

As small businesses grow, many of their operations mature to become more detailed and complex. This can even impact the email provider you choose to contract with.

If you think you may upgrade or change your email service provider in the future, you’ll want to make sure that the email backup solution you select is compatible with a number of leading email providers.

Beacon Knows Email Backup

Considering an investment in a robust email backup solution? Beacon can help. As a Datto partner, we install and maintain some of the most trusted, industry-leading IT solutions around, including Backupify for email. Get in touch with our team today to learn more.

By | 2019-05-23T09:53:08+00:00 May 22nd, 2019|System Administration, IT Services|

Is Your Business Ready for Hurricane Season?

Don’t look now, but hurricane season is once again bearing down upon us. Last year was predicted to be a below-average season. Instead, the Atlantic Ocean spit out 15 named storms, including eight hurricanes.

The damage sustained from 2018 tropical storms – which included, not one, but two major hurricanes (Florence and Michael) – reached nearly $50 billion. Power outages, dangerous winds, heavy rains, flooding and other hazards wreaked havoc on homes and businesses in many parts of the US.

There’s no telling what this season will bring. But, while you can’t predict when, or if, a major storm will strike, smart businesses plan for these types of disasters to ensure that they can survive and bounce back as quickly as possible.

One of the key requirements of a good business continuity plan is protecting your business data and network. To give your business the best chance of surviving a natural disaster, you need to consider your data backup, data recovery and infrastructure access needs.

Let’s talk about all three in a bit more detail.

Data Backup and Storage

Redundancy is a major theme in data protection. Putting in place a system that routinely saves your enterprise-wide data protects your business in case an unexpected event destroys your existing, on-site IT infrastructure. It also makes retrieving mistakenly-deleted files very easy.

In choosing a data backup solution, you’ll need to think about the following:

Data protection goals

How often does your data need to be backed up, and to what degree? There are several types of backup setups, including full backup, incremental backup and differential backup, and each has benefits and drawbacks.

Scalability

Optimally, you’ll need a data backup solution that can grow with your business.

Storage

Cloud storage solutions allow your data to stay protected in case something happens to your physical IT infrastructure – a key benefit if your businesses is flooded by a hurricane storm surge. Of course, legal or other constraints require other businesses to have their data backups on site. Many businesses rely on a hybrid on-site/cloud storage solution, giving them the best of both worlds.

Disaster Recovery

A good disaster recovery plan and solutions will help your business minimize or prevent downtime in case the worst does happen. A key step in setting up your backup recovery system is determining the appropriate recovery time objective (RTO) and recovery point objective (RPO).

Simply put, RTO defines how quickly your business network and applications need to be back online after a sudden disruption. Some types of businesses – hospitals, for example – have an RTO of 0. They cannot afford to be down for even one second. Most other types of business have less stringent RTO constraints.

RPO is the threshold for how old your recovered data can be. How great is the disruption to your business if you lose the last hour of your operational data? Two hours? A day?

Effectively, RPO defines how often your data should be backed up, and sets the data loss tolerance.

IT Infrastructure Access 

If your business does succumb to a natural disaster, like a hurricane, a good business continuity plan will allow you to get your network back up before you even rummage through the rubble.

How easily can your team access the needed backup data? Does it need to do so remotely, from any device? These are key considerations in choosing the right solution for your business.

A well-designed disaster recovery solution will have your servers virtualized in the cloud and ready for you and your team to resume operations in no time.

Beacon Knows Affordable Small Business Solutions

It doesn’t have to cost an arm and a leg to make sure that your business network is protected in case a natural disaster strikes. At Beacon, we partner with Datto, a leading provider of IT services, to implement robust and affordable disaster recovery solutions on behalf of our customers.

Get in touch with our team to learn more about ALTO, Datto’s platform designed to provide total data protection and enterprise-level functionality specifically to small businesses.

By | 2019-04-30T05:45:37+00:00 April 24th, 2019|IT Services|

Running Your Business on the Cloud? SD-WAN May Help

“Necessity is the mother of invention” – English proverb

Ever notice how one small change can cause a cascading series of bigger changes? It’s the classic butterfly effect in a nutshell – a butterfly flaps its wings in China, and 12 hours later a tornado hits, let’s say, Kansas. One small thing leads to a seemingly unrelated, bigger thing.

The relatively recent rise of the cloud and Software-as-a-Service (SaaS) provides an excellent example of the theory in work. Of course, these trends are more significant than a single flap of butterfly wings. And the aftermath is surely less destructive. Nonetheless, the changes that adoption of the cloud has ushered in have been immense, and not always predictable.

One of the biggest and more obvious tech-related changes is the growing demand for digital bandwidth. After all, it makes sense that you’d need more of it to routinely access applications online, rather than from a copy saved on your desktop.

That extra bandwidth has a cost. Moreover, if you’re now relying on the cloud to run your critical business operations, maintaining access to the cloud is suddenly much more of an imperative.

The more unpredictable response to cloud adoption is how organizations have adjusted to account for these new challenges. Today, going offline – for any reason – is no longer a palatable option for many business. So, smart operations have found a way to control their access to the Internet more intelligently, strategically, securely and with more granularity.

Necessity, meet SD-WAN.

What Is SD-WAN?

SD-WAN stands for software-defined wide area network. That’s a lot of words and not necessarily revealing concepts.

Simply put, SD-WAN is a service that lets you parcel out your digital connection bandwidth to each specific resource, based on strategic rules you control.

What Does SD-WAN Do?

One of the key benefits of SD-WAN is that it allows you to package your expensive, dedicated MPLS network with cheaper, public internet services.

Some business applications require the added security of traditional, dedicated WAN connections. But, not all. Also, many cloud-based applications are protected by their own, robust security or encryption measures, requiring less intense security investment from users.

This means that your business traffic can be segmented into separate streams of varying technical requirements – some routed via a MPLS network, and some through a public internet service provider (ISP) of your choice. And that’s exactly what SD-WAN does, optimizing your costs in the process.

You could possibly even ditch your expensive, enterprise-level connection and go with two different, lower-cost ISPs.

Why Get SD-WAN

Redundancy – SD-WAN allows for the use of a second Internet provider service, ensuring that your business network stays online in case one service is interrupted.

Cost-efficiency – Mixing your enterprise-level connection with broadband or other cheaper internet delivery options through SD-WAN allows you to optimize your costs.

Maximum performance – With SD-WAN, your multiple connections can all be used at the same time, maximizing the available bandwidth. In effect, your multiple connections add up to a bigger pipe for your traffic to flow through.

Security – SD-WAN ensures that specific, customizable security protocols are followed for every cloud-based application, always.

How Does SD-WAN Work?

SD-WAN devices and software monitor all available traffic paths, keeping track of latency, one-way packet loss and available bandwidth for each. Traffic is routed through the best possible path, taking into account security requirements of each individual data request. The software reacts to changes in performance, adjusting connections as necessary at sub-second time intervals.

Beacon Knows SD-WAN

If you’d like to learn more about how SD-WAN can help your business, give BITS a call. Our experts are here to help you understand your options. Request a free network audit today.

By | 2019-03-19T11:55:02+00:00 March 19th, 2019|IT Services|

Top Security Breaches of 2018

Some of the biggest companies in the world were hit by some of the biggest cyber security breaches in 2018. Of the 24 largest breaches of all time on the USA Today list, three of the top 10 occurred last year – Marriott, Under Armour and Quora.

But it’s not just the digital novices who are vulnerable. Cyber breaches were also a problem for tech-giants, like Google, Facebook and Twitter last year. If Google isn’t safe, what chance do small and medium-size business have of keeping their digital infrastructure secure?

A snapshot of the digital security landscape, afforded by a peek at some of the biggest breaches of last year, can at least give us an idea of what private business owners could be up against. That broad look should also provide the ammunition to assess what solutions need to be applied.

The Breaches

  1. Marriott: 500 million customers
    • What was stolen: names, addresses, email addresses, phone numbers, dates of birth, passport numbers, credit card and additional personal information
    • What happened: Reports of the breach alleged the company was hacked by foreign intelligence operatives. The vulnerability came via Marriott’s Starwood booking system, which the company purchased in 2016. Investigation revealed that the Starwood system was compromised since 2014.
  2. Under Armour (MyFitnessPal): 150 million customers
    • What was stolen: names, email addresses, encrypted passwords
    • What happened: The company discovered unauthorized third-party access to some of its customer data, but reported that its security measures kept the intruders from more sensitive information, such as GPS location, eating habits, credit card and Social Security numbers.                                                                     
  3. Google Plus: 52.5 million customers
    • What was stolen: names, email addresses, dates of birth, personal Google + session information
    • What happened: A security audit discovered that outside app developers could have had access to personal information of Google Plus users b/w 2015 and 2018. The company announced a breach affecting 500 thousand users in October (the breach occurred several months earlier). In December, Google revealed a second, bigger breach of 52.5 million users. Google is ending the Google Plus platform, and the breaches have helped to expedite its demise.
  4. Panera Bread: 37 million customers
    • What was stolen: names, addresses, email addresses, dates of birth and last four digits of customer credit cards
    • What happened: Panera was tipped to a database leak in August of 2017, but ignored warnings of security experts. The company failed to take action for eight months.

What Does This Tell Us?

It’s not every day that you’ll find yourself the target of government-sponsored hackers. Or is it? Reports have circulated for years about foreign hacking of corporate, government and infrastructure targets in the US.

Putting aside the fact that Marriott was potentially the target of international espionage, the company acknowledged a sub-optimal investment in cyber security. While internal security protocols did signal an unauthorized access to the system, they were not sufficient enough to detect the vulnerability during the acquisition of the system two years earlier. Marriott has since hired a new chief information security officer and began reporting on cyber risks to the company board.

Marriott, like Under Armour, was at least partially positioned to withstand cyber attacks. Both companies responded by studying their vulnerabilities and applying fixes in short order. Notably, they went to outside experts who could provide an honest, objective assessment of threats and recommend the right fix.

Google decided to keep the initial breach in-house – because they’re Google – and was burned by another, much bigger breach less than 10 months later.

Panera, on the other hand, mishandled everything – from the initial vulnerability, to the flagging of the issue by an outside security researcher. Eight months passed between when Panera was notified to when a fix was applied. And in the process, the company ignored a credible tip and efforts of an informed individual trying to help.

Hubris and presumptive arrogance on one end… insufficient deployment of security resources on the other. Despite the size of these companies, when it comes to cyber security, the execs of international corporations face the same type of problems and decision-making concerns as small business owners.

So, What Can Business Owners Do?

Well, the first thing to do is to acknowledge that cyber security is not your area of expertise. Guard against that hubris and arrogance by staying humble in your attempts to address this need. It’s ok to acknowledge that you’ll need the help of a trusted cyber security expert.

That said, the scale of the threats you’ll face is probably different than that of Marriott and Google. It’s unlikely you’ll face government-sponsored espionage. Small and medium-sized business are more likely to fall victim to ransomware attacks. As such, you’ll need backup and firewall services tailored to exploits favored by ransomware attackers.

At Beacon, we lean on the SonicWall Capture Advanced Threat Protection service to keep our clients free from ransonware and subsequent critical failures. The SonicWall platform is designed to discover and defeat zero-day (brand new) threats, and is set up to provide automated remediation – meaning you don’t have to lift a finger.

Beacon Knows IT Security

If you’re ready to take your IT security to the level it needs to be, give BITS a call. We’ll be happy to talk through the needs of your business.

By | 2019-03-19T11:57:50+00:00 February 26th, 2019|IT Services|
Load More Posts