(403) 237-7750

Archive for category: Business Continuity

windows server 2012

Windows Server 2012 and 2012 R2 End of Life

/in , , /by

Microsoft has reminded users that Windows Server 2012 and 2012 R2 will no longer be supported after October 10, 2023. SQL Server 2012 also reached its end of support July 12, 2022. There are significant security risks that come with continuing to use server software that has reached end of life.

What Does End of Life Mean?

When Microsoft schedules software for end of support, it means they will no longer provide technical support for the product. It also means they will no longer issue security updates, regular software updates, or patches. When organizations continue to use these products after their lifecycle has ended, they put their entire network at risk. Cybercriminals take advantage of these weak points to infiltrate the network.

Microsoft is urging users to migrate their applications and workloads to Azure to continue to operate securely. According to Microsoft, “Azure SQL Managed Instance is fully managed and always updated (PaaS).” Microsoft is also encouraging organizations who require on-premises upgrades to move to Windows Server 2022 and SQL Server 2019.

Migration to Azure

Current users of Windows Server 2012 and 2012 R2 are urged to make the migration to Azure or Windows Server 2022 as soon as possible to ensure adequate security, including receiving regular security updates to help protect their networks from malicious attacks. It is already well past the time that users still employing SQL Server 2012 should be taking steps to upgrade to SQL Server 2019. SQL Server 2012 lost mainstream support from Microsoft in July 2022. Any organization still relying on the platform will not only encounter operational difficulties but are exposing their networks to security risks, as there is no support or patching available.

Act Now to Protect Your Organization from Windows 2012 Security Risks

If you are a current Windows Server 2012 or 2012 R2 user, or if you are still employing Server SQL 2012, and you don’t already have an upgrade plan in place, please contact your Client IT Manager or Account Manager to discuss the transition so that there is no lapse in your security coverage. Here at The ITeam, we understand that replacing hardware and software can be a daunting task, so if you have any questions at all, don’t hesitate to reach out to your ITeam Account or Client IT Manager to discuss your options. We are here to help make this as seamless and budget friendly as possible! Get in touch today.

lessons from data breaches

Lessons from Data Breaches

/in , , , , , /by

learning lessons from data breachesMore than 6 million Canadians were impacted by the Capital One data breach that happened this year – and that was not even the biggest breach by any stretch. The biggest data breach is still Yahoo, whose breach impacted more than 3 billion people. Big or small, however, each data breach is costly and damaging – to consumers, to businesses, and to the economy. We can – and should – learn everything we can from these incidents to avoid repeating them. In analyzing security breaches that have occurred over the last 10 years, experts found that the main reasons data breaches occur are:

  • Failure to patch
  • Human error
  • Insider attacks
  • Poor mobile device management

Failure to Patch

Too often, a breach occurs because an organization has delayed patching, leaving them vulnerable to hackers. This often happens because the organization does not have a dedicated IT staff, leaving one or more employees responsible for IT on top of their other duties. Those other duties – their “real” jobs – take priority and patching jobs get postponed.

Partnering with a managed services provider (MSP) can help solve this problem and extend the strength of your IT team, whether your team is a whole department, or one person assigned with additional responsibilities. An MSP ensures patches are installed in a timely manner, but they’re also there to monitor your network 24/7.

Human Error

Clicking links and opening attachments in emails that appear to come from within your organization or from a trusted vendor cause more data breaches than we can measure. It’s possible your organization has malware sitting on your network right now that has been introduced by an errant employee and has yet to have been detected.

While we can never completely remove human error from the equation, we can drastically reduce the number of email-related data breaches by:

  • Developing, implementing, and enforcing strict zero-trust policies
  • Providing ongoing training to employees to help them recognize potential phishing scams
  • Limiting the data to which employees have access
  • Requiring multi-layer authentication that includes complex passwords and other access barriers

Download The ITeam Email Security Guide; then discover how you can transform your employees from your weakest link to your first line of defense through security training.

Insider Attacks

Insider attacks don’t account for many data breaches, but they can be the most devastating simply because of the betrayal involved. According to the 2019 Verizon Data Breach Investigations Report, insider threats are on the rise, accounting for 34% of data breaches. In one case highlighted in the DBIR, a hacker admitted that when all other efforts failed, he bribed an employee to get him inside the network.

Preventing insider attacks can be difficult; they are often only discovered after the fact during forensic analysis– and often after the employee is long gone. But you can minimize the risk of insider threats by having multiple layers of security, strictly limiting employee and third-party access to data, and by conducting regular audits. Often, insider attacks come from former employees whose access to the network was not terminated; make it protocol to immediately revoke all access to employees who leave – whether they leave on good terms or not.

Poor Mobile Device Management

Mobile phones are being used to conduct business whether you authorize it or not, so your best bet for protecting your organization is to have a highly sophisticated MDM security plan in place that includes the following:

  • Strict usage requirements that include installing your security on the device being used and requiring the use of a secure network when conducting business
  • Remote wipe capabilities to disconnect the device from your network in the event that it is stolen, or the employee leaves the organization
  • A no-tolerance policy for any employee who refuses to comply with the security requirements

Data breaches are not going away, but you can minimize the risk to your organization with strong IT security and a comprehensive disaster recovery plan. You can’t just address one of these issues; you must have a comprehensive, proactive data security program that addresses all of these risks and more.

The ITeam understands the IT security issues facing businesses in Canada. We are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency. Contact us to learn more.