Document Storage Solutions for the Work-From-Home Era

working from homeLast month, as many businesses were amending their operations to function in a global pandemic, we wrote about managing the transition to remote work and what small businesses needed to do to make the new arrangement possible. If there’s one positive arising from the COVID-19 crisis, it’s that many of us have been forced to learn the skills necessary to function in the 21st century economy. In the last several weeks, tens of millions of employees have become intimately familiar with video conferencing, VPNs, online collaboration tools, cloud-based document storage and more.

We’re more than a month now into our new normal. Hopefully, your transition to remote work was a seamless one. More likely, your team probably hit a few hiccups along the way. You don’t just unveil a whole new way of doing business without some speed bumps.

One major hurdle for the newly initiated remote-work businesses has been how to store, share and manage sensitive records and information via the web. The big concern is how to do all those things while maintaining tight security protocols. Strangely appropriate, April also happens to be the National Records and Information Management month. So, this topic arises at just the right time on the calendar.

Rising Cyberthreats During COVID-19

cyber criminalYour business’ transition to remote work isn’t happening in a vacuum. In the digital environment there are always threats. And, as we’ve covered in previous posts, criminal activity online is growing every year. The COVID-19 pandemic that’s driving more and more businesses to operate on the web is simultaneously presenting more targets for hackers to exploit.

Cybercrime reports have spiked four-fold in the wake of the global spread of coronavirus, according to the FBI.

“There was this brief shining moment when we hoped that, you know, ‘gosh cyber criminals are human beings too,’ and maybe they would think that targeting or taking advantage of this pandemic for personal profit might be beyond the pale,” stated FBI Deputy Assistant Director Tonya Ugoretz  on a recent online panel hosted by the Aspen Institute. “Sadly that has not been the case.”

Cybercriminals have used COVID-19 themes to go after everything from hospitals and health care systems to wind farm operators. They’ve crashed private – but, unsecured – Zoom calls (Zoombombing) and targeted private email addresses with phishing schemes.

As a result, it’s not surprising that 7 out of 10 organizations reported in a mid-March survey by Adobe that they expected to increase their investment in cybersecurity solutions.

So, what should you, as a small business, be doing to secure your digital environment?

Work-From-Home Solutions

There are a few basic things your business needs in order for your work force to be able to work from home with any efficiency. For starters, your team will need access to and the ability to collaborate on company documents. You will also need to back up the work your employees complete on their company-issued equipment at home. And, of course, you’ll need to protect all of these cloud-based interactions from anyone who might have less than pure intentions.

Secure shared drive

So, let’s start with the company’s shared drive – the library of all your essential documents, from client work and purchase orders to business expenses and marketing materials. Many businesses rely on on-premise servers to house their company shared drive. But, with a network of employees working from their home offices, there is less need to have your document storage on site.

And, there are advantages to a cloud-based solution that’s tailored for remote collaboration. A cloud storage platform, like Microsoft’s OneDrive, allows a team of employees to work on the same document, simultaneously, while maintaining the same working version of the file. The file is also protected through encryption, both while it is being worked on and when transmitting to the cloud. And, there are additional helpful features like data loss prevention, file restore and intelligent discovery.

Beacon, itself, has recently transitioned to a cloud-based shared drive to help our team of employees working from home.

Data Backup

It’s easy enough to backup the data on your employee workstations when they’re in office. It doesn’t have to be difficult to back up your remote employees’ machines when they’re not physically connected to your network. A great solution for centrally enabled data backup is Veeam Backup & Replication. This is another resource we’ve deployed in-house.

cloud securityCloud security

Most cloud applications are created with security features built-in. Still, it’s important to implement protocols and promote habits that further protect your enterprise.

Cybersecurity best practices call for the use of VPNs (virtual private network) for all employees working from home. With cyber attacks on the rise during the COVID-19 pandemic, it is advised that businesses make sure they are updated to the latest versions of their VPNs and all patches are applied.

Multifactor authentication is another helpful security measure. Password protecting your company workstations and all remote applications ensures that your company resources stay safe, even if a phishing attack compromises an employee’s credentials.

Lastly, training your remote employees on how to spot phishing attacks and other security exploits can further reduce the risk of a successful cyber attack.

Beacon Knows Remote Work

Roughing your way through a transition to remote work? The BITS team can help you smooth the way. Give us a call, we’re here to help.

By | 2020-09-22T12:27:02+00:00 April 23rd, 2020|System Administration, BITS Team, IT Services|

The Scary Interwebs: Top Cyber Security Threats in 2019

Big plans for Halloween this year?

The October 31st holiday is an annual pilgrimage to the Altar of the Sweet Tooth for the kids. For adults, on the other hand, the celebration is closer to a fetishization of all things horrifyingly scary.

If you’re a small business owner, or an executive tasked with keeping your company’s digital infrastructure and business data safe, however, you might be forgiven for wanting to skip the terror-fest this year. Why? Because the number and variety of cyber threats just keeps increasing exponentially, year after year, making every day Halloween.

A few obligatory frightful statistics to ponder:

  • A hacker attack on an internet-connected computer or device occurs every 39 seconds.
  • Depending on who you ask, anywhere between 43% and 50% of cyber attacks target small businesses specifically. Oh, and small business typically invest less than $500 on cyber security.
  • Despite the prevalence of cyber crimes and the attention they receive, only about 10% are actually reported – meaning that the statistics above and below may represent the low end of the possible threat spectrum.
  • Some off-the-shelf hacking tool kits are available for purchase for as little as $1.
  • Roughly three out of four organizations lack even a basic cyber security incident response plan.
  • A data breach can often go nearly six months before being detected – and this is true for your financial institutions (Capital One), credit monitoring agencies (Equifax) and even the big boys in tech (Facebook).

What new and potentially devastating cyber threat trends emerged in 2019? Let’s take a look.

Cloud Computing Infrastructure Exploitation

Over the last several years, cloud data storage has become big business, and a popular method of managing your company data. However, non-secure sign-up processes, ease of use and low costs make cloud providers targets for all sorts of nefarious actors.

“Hackers have been found using cloud services to mask their identities while carrying out attacks. We have seen hackers exploiting and abusing popular cloud-based services such as Google Cloud Platform, Microsoft Azure, Asus Cloud, Google Drive, Dropbox, and others to fool their victims. Hackers may use these services to spread malicious code or distribute macro-laden documents and spreadsheets or use them as command and control servers. Hackers were also found using cheap cloud services to host their entire DDoS and brute force infrastructure, and then targeting users and other cloud providers.” – TechGenix

Mobile Fraud

As more and more financial transactions are being initiated on mobile devices, cybercriminals have shifted their exploits to the apps supporting e-commerce.

“Today, mobile fraud is outpacing web fraud. More than 60% of fraud originates from mobile devices. It used to be mobile browsers that were fraud heavy, but now 80% of mobile fraud comes from mobile apps.” – RSA White Paper

Blockchain Privacy Poisoning

Just last year, blockchain technology was being hailed as the most secure method of encryption. How quickly things change.

Hackers have found a way to turn legislation aimed at protecting online consumers – GDPR – into an exploitation through what’s now being called “privacy poisoning.”

“The term […] refers to the insertion of personal data into a public blockchain, thereby making that blockchain non-compliant under the European General Data Protection Regulation (GDPR). According to the GDPR, all individuals have ‘the right to be forgotten,’ so you can immediately see why blockchain technology represents such a problem: by their very nature, blockchains are meant to be completely unchangeable and immutable. So this naturally creates a paradox for organizations: you have personal data ‘on chain’ that cannot be altered, and you simultaneously have the right of individuals to change, alter or delete their data at any time. Personal information cannot be deleted without compromising the chain.” – CPO Magazine

Software Supply Chain Attacks

Not only are hackers targeting cloud networks and mobile banking apps, they’re also going after the source code via software supply chain attacks.

“Attackers hunt for unsecure network protocols, unprotected server infrastructures, and unsafe coding practices. They break in, change source codes, and hide malware in build and update processes.

Because software is built and released by trusted vendors, these apps and updates are signed and certified. In software supply chain attacks, vendors are likely unaware that their apps or updates are infected with malicious code when they’re released to the public. The malicious code then runs with the same trust and permissions as the app.” – Microsoft 

DDoS

Distributed denial of service (DDoS) attacks – flooding a targeted website with an overwhelming amount of traffic – are nothing new. In fact, it’s one of the oldest methods of carrying out cyber warfare.

DDoS attacks were on the decline as recently as 2018. But that trend appears to be over, as Kaspersky Lab notes:

“Last year the number of DDoS attacks was constantly falling, leading Kaspersky Lab experts to assume that cybercriminals who had been conducting DDoS attacks for financial gain had shifted their attention to other sources of income (such as crypto-mining). However, statistics for Q1 2019 contradict this trend and show that the number of DDoS attacks blocked by Kaspersky DDoS Protection has actually grown by a staggering 84%, when compared to Q4 2018. This figure could indicate that such attacks were still in demand, despite being inaccessible when popular DDoS marketplaces were taken down. Once new DDoS-for-Hire websites launched, the number of attacks grew exponentially as a result.”

Beacon Knows Cyber Security

Want to make sure your business is protected from the latest hacker exploits? Beacon is here to help. Give us a call today.

By | 2020-09-22T12:27:02+00:00 October 24th, 2019|Computer Related, IT Services|