Archive for category: Disaster Recovery

lessons from data breaches

Lessons from Data Breaches

/0 Comments/in , , , , , /by

learning lessons from data breachesMore than 6 million Canadians were impacted by the Capital One data breach that happened this year – and that was not even the biggest breach by any stretch. The biggest data breach is still Yahoo, whose breach impacted more than 3 billion people. Big or small, however, each data breach is costly and damaging – to consumers, to businesses, and to the economy. We can – and should – learn everything we can from these incidents to avoid repeating them. In analyzing security breaches that have occurred over the last 10 years, experts found that the main reasons data breaches occur are:

  • Failure to patch
  • Human error
  • Insider attacks
  • Poor mobile device management

Failure to Patch

Too often, a breach occurs because an organization has delayed patching, leaving them vulnerable to hackers. This often happens because the organization does not have a dedicated IT staff, leaving one or more employees responsible for IT on top of their other duties. Those other duties – their “real” jobs – take priority and patching jobs get postponed.

Partnering with a managed services provider (MSP) can help solve this problem and extend the strength of your IT team, whether your team is a whole department, or one person assigned with additional responsibilities. An MSP ensures patches are installed in a timely manner, but they’re also there to monitor your network 24/7.

Human Error

Clicking links and opening attachments in emails that appear to come from within your organization or from a trusted vendor cause more data breaches than we can measure. It’s possible your organization has malware sitting on your network right now that has been introduced by an errant employee and has yet to have been detected.

While we can never completely remove human error from the equation, we can drastically reduce the number of email-related data breaches by:

  • Developing, implementing, and enforcing strict zero-trust policies
  • Providing ongoing training to employees to help them recognize potential phishing scams
  • Limiting the data to which employees have access
  • Requiring multi-layer authentication that includes complex passwords and other access barriers

Download The ITeam Email Security Guide; then discover how you can transform your employees from your weakest link to your first line of defense through security training.

Insider Attacks

Insider attacks don’t account for many data breaches, but they can be the most devastating simply because of the betrayal involved. According to the 2019 Verizon Data Breach Investigations Report, insider threats are on the rise, accounting for 34% of data breaches. In one case highlighted in the DBIR, a hacker admitted that when all other efforts failed, he bribed an employee to get him inside the network.

Preventing insider attacks can be difficult; they are often only discovered after the fact during forensic analysis– and often after the employee is long gone. But you can minimize the risk of insider threats by having multiple layers of security, strictly limiting employee and third-party access to data, and by conducting regular audits. Often, insider attacks come from former employees whose access to the network was not terminated; make it protocol to immediately revoke all access to employees who leave – whether they leave on good terms or not.

Poor Mobile Device Management

Mobile phones are being used to conduct business whether you authorize it or not, so your best bet for protecting your organization is to have a highly sophisticated MDM security plan in place that includes the following:

  • Strict usage requirements that include installing your security on the device being used and requiring the use of a secure network when conducting business
  • Remote wipe capabilities to disconnect the device from your network in the event that it is stolen, or the employee leaves the organization
  • A no-tolerance policy for any employee who refuses to comply with the security requirements

Data breaches are not going away, but you can minimize the risk to your organization with strong IT security and a comprehensive disaster recovery plan. You can’t just address one of these issues; you must have a comprehensive, proactive data security program that addresses all of these risks and more.

The ITeam understands the IT security issues facing businesses in Canada. We are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk and maximize efficiency. Contact us to learn more.

improve cybersecurity without increasing spending

You Don’t Have to Increase Spending to Improve Cybersecurity

/0 Comments/in , , , , /by

improve cybersecuritySmall and medium-sized businesses (SMEs) need to improve cybersecurity. They aren’t as protected from cyber threats as they should be. Although larger corporations have more data for cyber criminals to take advantage of, SMEs are less likely to have up-to-date cybersecurity defenses, making them tempting – and easy – targets for hackers.

Because SMEs are easier targets, you may feel the need to invest heavily in the right infrastructure to protect your private information. Although improving cybersecurity is a must, a good strategy doesn’t have to drain your budget; managed services can be a predictable, plannable, and affordable cost. Your MSP can help improve cybersecurity and protect your business and support a stronger strategy that includes:

Lifecycle management.

You’d be surprised how many systems are still running on outdated, unlicensed, or unpatched software. This leaves businesses completely open to attack, as critical upgrades to prevent data breaches must be installed to protect your organization. Hackers will take advantage of these vulnerabilities in your infrastructure.

Staff training and education.

Human error is the most challenging aspect of cybersecurity because it’s not as easily managed. The only way to mitigate the possibility of mistakes is to educate employees on an ongoing basis. Teach your staff about the latest phishing methods and implement basic policies and procedures to protect business data.

Strict permissions and policies.

Not everyone in your organization should have access to every system. Controlling access to your data to only those who must have such access can limit risk. As well, having strict policies about passwords, email security, and mobile device use can protect your organization.

Offsite backup and data recovery (BDR).

By storing a backup of your data at a secure offsite location, you will have access to the information your business needs to remain in operation, even if your facility is inaccessible or destroyed. Offsite backup and data recovery is critical to all businesses, no matter their size.

Multi-factor authentication.

Every organization should be using multi-factor authentication because password protection simply isn’t enough to protect your business. Multi-factor authentication (MFA) is a crucial security layer requiring more than one authentication method to verify a user’s identity.

These basic cybersecurity practices will help you protect your infrastructure in a cost-effective way. SMEs must defend against cybersecurity threats, because they are at risk, more so than larger organizations. These simple steps are the best start to securing your private networks, leaving more money in the budget for the right resources. Don’t fall victim to cyber threats when you can be prepared and remain competitive in a time when IT is your strongest asset.

As a top-rated IT security firm in Canada, we are committed to helping Calgary- and Alberta-based businesses develop proactive, cost-effective IT strategies that minimize risk, maximize efficiency, and build trust with Canadian citizens. Contact us to learn more.

Disaster Data Recovery Is Not Optional

/0 Comments/in , , /by

One of the most sobering news reports of this year for businesses was the announcement that approximately 190,000 organizations in over 170 countries had been hit by a massive, coordinated, ransomware cyber-attack. Not all of these businesses were disrupted, but many faced significant losses, and it is doubtless that some will go out of business as a result. Such an incident highlights something we have said repeatedly:

Disaster data recovery is critical to all businesses, no matter their size, and the former causes of such recovery efforts no longer define the parameters of business need. Simply put, in our new technological age, each and every organization faces the real possibility of a catastrophic event that could compromise its data integrity and threaten its very existence.

Disaster Data Recovery Is Not OptionalThe key issue is expeditious data and IT systems recovery. The businesses that were not impacted significantly by the recent cyber-attack were those that had robust protection and data recovery systems in place; those that suffered the most damage lacked one or the other critical component. Importantly, it is not just financial loss or blackmail that causes difficulty and irreparable harm. It is also the blow to a business’s reputation and the attending fear and anxiety generated among customers and employees.

The following are common misperceptions that hinder companies’ ability to take the necessary measures to strengthen their cybersecurity and survive catastrophic events of various kinds:

Solid Cybersecurity is Cost-Prohibitive

In the past, even only a few decades ago, implementing system improvements robust enough to provide solid data backup and recovery might have been exorbitant. Deploying and maintaining additional, physical data centers and managing redundant networks, servers, print materials, storage centers, and all other necessary measures was daunting, if not completely overwhelming. Advances in technology have increased the likelihood of cyber-attacks, but they also have provided solutions that are affordable and manageable.

In particular, cloud-based data recovery provides an excellent option for all businesses, but it is particularly advantageous for smaller companies that might not have been able to dream of cybersecurity only a few years ago. Disaster-recovery-as-a-service (or DRaaS) is a remarkably secure option.

Since DRaaS allows for payment based on storage units, you have the ability to contract only for the amount of assistance you need – meaning smaller businesses can recover data at a proportionately lower cost.  Given the costs of traditional, physical data backup and recovery, DRaaS is a much more cost-effective alternative, and it is often more secure, since it is administered by professionals in the field.

On-Site Server Backup is Adequate

Traditional, physical backup presents serious problems for a number of reasons. The most common are:

  • They are subject to the same natural disasters that would compromise the primary data systems if housed locally.
  • They are subject to the same cyber attack vulnerability if administered internally.
  • Recovery and restoration generally take much longer to complete, and every hour, day, and a week without data is significant for most businesses.

The Business is Too Small to Be a Cyberattack Target

If there is one thing that has become apparent with the most recent cyber-attacks, it is that many hackers view small to mid-sized businesses as excellent sources of moderate income (enough to keep their operations running while they target bigger corporations) and also as good testing grounds for development of strategies to attack larger companies. Company size simply is not a reasonable factor in this day and age.

Minor Downtime is Manageable

Downtime, particularly when it occurs somewhat regularly, can impact businesses in multiple ways, many of them tied directly to revenue. Of particular concern in our modern economy is the increasing customer expectation of immediate communication, input, delivery, etc. In survey after survey, more than half of the respondents (in some cases nearly 70 percent) state that they consider even small amounts of downtime to be their top frustration and would consider frequenting a different business. This is certainly true of potential, new customers, but it also applies to established customers, particularly if even minor downtime occurs more than once.

Conclusion

Modern businesses no longer have the luxury of ignoring disaster data recovery. They simply must consider how to incorporate such systems into their core business plans. Fortunately, DRaaS is available to address this new reality, and The ITeam stands ready to help make disaster data recovery an affordable part of your enhanced business model. Contact us today for more information.