Cybersecurity: Are Passwords Your Vulnerability?

Cybersecurity strategies need to take into account vulnerable areas, such as employee passwords.Don’t let employee negligence be the source of a data breach. Cybersecurity has never been more important, yet too few companies are doing what they should to protect themselves in areas that can be easily remedied with a few important steps.

According to a study by password management firm Keeper Security, 81 percent of data breaches are due to weak passwords, or passwords that were stolen or still set to default. The same study found that almost 60 percent of people use the same password for everything. What can you do to ensure your employees are practicing safe password procedures?

Cybersecurity attacks continue to become more targeted and severe, carrying heavy consequences for victims. Despite the threat, a study by the Ponemon Institute shows that instead of becoming more prepared, many companies are doing less.

The Ponemon survey found that 61 percent of respondents had reported a cyberattack, which is a six percent increase over the year prior. Almost 54 percent reported that their data had been breached, which is up from 50 percent a year earlier. A ransomware attack became a reality for 52 percent of respondents, and more than half of those said they got hit more than once.

What steps can you take to protect against a cyberattack?

·       Gain more visibility into employee password practices

·       Don’t use the same passwords for accessing multiple accounts

·       Don’t share passwords

·       Use strong passwords that are not easily compromised

·       Develop a password policy and enforce it

·       Implement a control policy regarding BYOD (bring your own device)

·       Train security staff more frequently

·       Update antivirus software and encryption software

The costs associated with stolen records are severe; enough to sink some companies, particularly when you consider the average cost of a data breach is around $1 million-plus. The ongoing lack of preparation and neglect of developing more robust password policies puts many companies at great risk, which is why it’s important to take proactive steps to remediate weaknesses.

At Focal Solutions, we’ve developed a number of processes that make telecom easy. Our team is committed to the success of your business, and that includes making sure you’re secure with robust cybersecurity solutions. We have a mission to develop long-term advocacy for our clients and know industry best practices. Contact us today to learn more.

Preparing for Ransomware: Reliable Data Backup Is Key

While human error is part of the reason for ransomware attacks, securing data offsite negates vulnerabilities.Ransomware is taking center stage as a number of companies across industries are hit with digital attacks. WannaCry ransomware made headlines when it targeted PCs at banks and healthcare facilities; NotPetya, a malware that is an adaptation of ransomware, made similar headlines when it hit businesses in Europe hard. What can you do to ensure your data won’t be held hostage?

What we know about ransomware right now is that it looks a lot like a PC infection. Its “goal” is to go through your drives and encode all the data that it can, leaving you unable to gain access to critical records until you pay the attacker their ransom.

Business administrators pay large amounts of money to recover their data, in some cases $40,000 or more. The fight against these attacks seems fruitless as the attackers alter their models, always coming up with new ways to sneak into systems and latch on to important data.

As of last year, almost 30 percent of private ventures were involved in a ransomware attack, according to research from IBM. Nearly 60 percent of medium-sized businesses had experienced similar extortion. Security specialists can’t keep up with all the different strains of attacks, which means companies are simply moving to a mindset of paying the ransom as part of their business strategy.

The key to staying safe is to have a reliable data backup. It is imperative that your IT system is not outdated. Furthermore, employees need to be trained on how to use digital systems in a secure way that doesn’t compromise systems. According to Acronis, a data protection company, an inside person ineptly ushers in an attack on a company approximately 30 percent of the time.

New advancements in backup technology allow companies small and large to improve rather than replace their current backup methods. For instance, replication and snapshots have been determined to be a smart part of the strategy against ransomware. Replication involves making periodic copies of your data from one server and putting it on another server.

At Focal Solutions, we take ransomware attacks extremely seriously. We are an advocate for our clients, and we always focus on client satisfaction, and that involves staying prepared and ready for any malicious attack. As telecommunications industry insiders, let us help you get connected with the solutions that make the most sense for your company to keep you safe from attacks. Contact us today to hear the rest of the story.

 

Security in the Age of the Mobile Workforce

The mobile workforce presents unique security concerns for IT. How can enterprises protect their data?The mobile workforce is a boon for enterprises. No longer constrained by geographical concerns when hiring, corporations are able to attract the best talent and offer them a high level of flexibility and the ability to collaborate with their peers across the globe.

Remote access allows employees to work from wherever they are, and field employees can access all the data and resources they need on their mobile devices. In addition, companies save on travel expenses as their employees enjoy the ability to hold virtual meetings in which collaborative software makes it easy to brainstorm and discuss a project.

Increasing Cloud Migration 

The rise of the mobile workforce wouldn’t be possible without the increasing adoption of cloud technology. These two growth areas are intertwined and present a complex security landscape for IT. Here are a few of the concerns on the minds of CIOs trying to protect their systems and data:

  • Providing a secure and reliable data connection for the mobile workforce
  • The complexity of bring your own device (BYOD) culture
  • Supporting technology for a global team, including syncing time differences and facing infrastructure challenges and language barriers

Security in the Cloud

With so much data flying around the mobile workforce, data centers, and the cloud, there’s a lot of opportunity for security breaches, which can be costly in terms of disaster recovery and from a public relations perspective. Every CIO faces concerns when they consider allowing all of their data to move outside the relative safety of carefully-constructed corporate firewalls.

The good news is that the cloud can be as safe as any corporate environment with the right security tools in place. In addition, disaster recovery tends to be much less costly than it is in an on-premise system. The flooding of a data center in a river valley, for instance, won’t cause an interruption in business processes because the data is stored in the cloud.

Putting out Fires

Many CIOs, confronted by the complexity of security in the age of the mobile workforce, are turning to managed services for a variety of areas, including mobile security. In a changing landscape in which cloud and mobile technology are significantly disrupting the IT industry, CIOs are realizing the value of outsourcing some aspects of security management. It frees them to focus on strategy and innovation, rather than putting out security fires.

The mobile workforce adds a new layer of security concern to an already complicated cloud environment. Talk to your clients about outsourcing their security, with Focal Solutions as your partner. Contact us today to discuss the new challenges in mobile security.

 

The CIO of Today Is in Charge of Transformation

CIOIt is the job of most CIOs today to make improvements toward virtualizing their data centers. The majority of CIOs are looking closer at deploying more cloud-based solutions, including those that will help protect their data, keeping it safe from cyberattacks.

IT Infrastructure
Of the many tasks at hand that are intended to help make an organization competitive and profitable, making sure your network is able to protect IT infrastructure is key. It is also critical to increase the ability of your infrastructure to function on a mobile level as the Internet of Things (IoT) becomes an increasingly all-encompassing movement.

Automation
In many cases, the way networks are being examined in the corporate environment is evolving from being manual and labor intensive to functioning with more automation and consideration of the future needs of the organization. The network has to be able to keep up with the speed at which the IoT runs. An intent-based system with automation is the direction CIOs are progressively moving towards.

The problem that the average CIO has is that most networks are only made to automate what is known rather than adapt to all the unknowns that can occur on an average day (large companies will average 300-plus cybersecurity issues per week). The goal of software-defined networking (SDN) is to solve this issue, yet according to an analyst at TechTarget, less than 10 percent of enterprises have deployed such solutions.

The Future of SDN
Part of the initial problem with SDN for some CIOs involved the stumbles in the very beginning of its deployment, which led to skepticism among leaders. However, with its growing pains behind it, the benefits and value provided by implementing SDN will be a key factor for many companies in the years to come. Most networks moving forward will have the benefit of deploying security processes through a commodity processor or x86 server instead of acquiring, deploying, and managing numerous physical appliances.

At Focal Solutions, we make telecom easy with a team that is committed to the success of our clients. From cloud-based solutions to hybrid solutions and data recovery processes, we’ve got you covered. Give us a call today to talk more about your data center needs.

 

Staying Safe When Utilizing Cloud Storage

CloudWhen it comes to data storage, many enterprises are finding better accessibility and cost savings in the cloud compared to on-site servers. If you have yet to make that move, it’s likely one of your chief concerns is the safety of your data. If so, you’re not alone.

Safety and security are the top talking points for those who haven’t embraced cloud-based solutions. However, large cloud providers are extremely vigilant when it comes to security. The resources available to large providers far exceed what even medium-sized organizations are able to produce on their own, making cloud options even more secure than keeping things in-house.

One area that still remains a challenge with security is that encrypted storage isn’t 100% impervious to attack, especially if drive-based encryption is used, and there is evidence that automatic encryption practices can be vulnerable to attack. Encrypting a server with a custom key set is the way around this issue. What other ways can you protect your data?

Protect Against Damage and Deletion
If you’ve taken every step to fully encrypt your data, it’s still vulnerable to damage or deletion if hardware failure occurs. Bad software and malicious operators can also make your data vulnerable.

If you move data to an area where it can’t be compromised, you will ensure your data is more secure. Protect data from exposure through frequent backups and by making offline copies.

Be Diligent About Management
Make sure you’re partnering with a data center that doesn’t have chaotic data management practices. They should be experts at managing partial datasets and trash. Critical files should never be allowed in low-security areas, and they should practice a metadata-driven approach that offers greater control.

Be Careful of Your Insiders
Did you know the majority of data losses have been at the hand of an insider? These are people whom you’re trusting with your data. Protect yourself by using multi-factor authentication. This may seem like too much of a time investment, but it’s not as much as the time lost in the wake of a data breach.

Human error is also a cause of data loss. Know the common mistakes and develop a strategy for when they occur in order to remain proactive rather than reactive.

At Focal Solutions, we invest in our clients by offering comprehensive solutions. For cloud services, our clients have confidence in our data center solutions and disaster recovery strategies. Contact us today and find out how seriously we take the safety of your data.

Keeping Hardware Secure in an Age of Insecurity

SecurityCybersecurity hot topics change rapidly as innovative and bold hackers seek to undermine the security of networks and gain leverage by hijacking critical data. Adware and spam fears, while still relevant, have given way to more intense security threats with the advancements in Bring Your Own Device (BYOD) and the Internet of Things (IoT).

The question now has become, what can we do to provide security that will adequately protect our hardware? The security landscape has changed in a short period of time, barely resembling what it did five years ago. Part of the reason for this change is the proliferation of hybrid IT and cloud-based solutions, which has created a situation where data centers are moved off premise.

To make this even more complex, mobile devices have altered the way we access data, which means corporate devices have far exceeded what they did a decade ago. This means there are just as many new ways in which employees can introduce a security risk, especially in a BYOD environment.

Meeting the Security Challenges at the Hardware Level
The goal for most security professionals is to catch the threat the second it makes itself known on the network. However, if hardware and firmware aren’t up to speed with security solutions, that threat may not be detected until it’s far too late and your data is completely compromised.

Recently, organizations have witnessed DDoS cyberattacks that are driven by IoT devices. IoT has become the target for hackers who recognize this area as an obvious weak spot. There is such a big focus on software security that many organizations fail to see the importance of focusing on hardware as well.

To get ahead of these attacks, some companies are turning to analytical solutions that allow them to monitor behavior in such a way that the system can identify potential threats before they get in and damage the network. The challenge with any type of solution, however, is to stay ahead of the advancements hackers continue to make in their own ingenuity.

The hacking capabilities of experienced and malicious programmers continue to advance among the intricate cells that exist around the world, with many of them focused on hitting companies where it hurts the most – hardware. Damage to legacy hardware can not only stop operations, it can also mean proprietary information, processes and even systems are taken hostage. It’s not unheard of for companies to fall victim to such attacks and never fully recover. 

The best solution is one that addresses software, hardware and firmware security solutions. If you’re relying on traditional solutions, the reality is you’re at serious risk of being compromised, which can be devastating.

At Focal Solutions, we offer comprehensive consultant solutions that strengthen your system as well as your team. We will focus on bringing you business success in all areas of telecom deployment. Contact us today and make us part of your team. 

Why SDN Needs to Emphasize Network Security More

Network SecurityThe next generation of networking includes software defined networking (SDN), as network controls shift from hardware to software. It’s the result of merging multiple devices into one controller, which empowers the user to control an entire network. It’s a giant leap in the evolution of administrative control, but developers must still face network security challenges for this new technology.

Control Plane Concerns

The main concern that users should have about SDN at this stage is that the control plane can be compromised. A separate issue involves the scalability of the control plane. If a hacker is able to gain access to the control plane, they can potentially control the entire network. Another part of the risk involves how easy it is to misconfigure architecture due to the flexible nature of the software.

SDN as a Networking Solution

Despite the network security issues, SDN is quickly becoming a solution for overcoming modern networking problems. One of the reasons for this trend is that it allows for maintenance dry-out. It also answers several other technical issues. The network is set up to respond to its own threats. The problem is that new product developers are not spending enough time working out security issues.

More Than a Buzz Word

SDN is still not clearly defined, which adds to the uncertainty surrounding network security. Many people have used SDN as a buzz word, as different companies such as Cisco have their own definition of it. Various vendors are defining it based on how it fits their existing product lines. Even though SDN is supposed to make a network more consistent, its ambiguity creates confusion.

SDN is not really a new development, but it has the feel of new technology since all the bugs have yet to be worked out. Developers also need to work on making the technology more stable. What’s more, there aren’t many SDN specialists yet, as networking or data center teams have been left in charge of it.

Industry leaders warn that teams using SDN must be careful about hardware rules concerning switches. They also point to multiple layers of security as the safest solution, whether the business uses SDN or not. One of the major benefits of SDN technology is that it allows for fast reconfiguration.

Conclusion

Businesses that have quickly adopted SDN to resolve networking solutions need to consider that this technology still has network security issues. SDN will become more efficient once more focus is put into making the solution more secure. It is becoming widely used due to the simplicity of consolidating all controls into one controller.

Tailoring Security Technologies to Meet Business Needs

SecurityTechnological advancements have impacted business operations in a positive way. However, managing the security required to maintain compliance and protection isn’t as easy as deploying new applications that allow organizations to increase productivity. In fact, developing risk management plans that accurately and efficiently mitigate threats involves a lot of work. So called “black box” network solutions that claim to meet every need will never replace a specific, tailored design.

Therefore, to ensure that organizations meet changing compliance standards, develop adequate preventative measures, and choose the best investments, they must first assess their real and specific needs, and then incorporate the technologies that will suit.   

Identifying Essential Requirements

The first step in discovering the right security technology for any company is to identify the areas that must be secured.

  • What is the value of the data collected, used, and maintained? Companies must accurately determine the value of the data used in order to ascertain the type of protections to introduce.
  • Where is the data stored and how is it accessed? These considerations also outline which procedures, policies, and tools will be required for efficient protection.
  • What are the current regulations, risks, and penalties associated with non-compliance? Understanding which regulations apply to the data used by the company provides key indicators on how to mitigate threats and limit the impact of an attack.  

Assessing Security Posture

Before investing capital in technology, organizations need to honestly assess their current security posture. Glossing over weaknesses or overrating strengths will result in a failure to protect the company in the event of an attack. For example:

  • Are polices for personnel enforced throughout the hierarchy, or are there ways to bypass them for ease of use?
  • Are physical barriers adequate in-house?
  • Are mobility practices equally protected and secured?

Taking an honest assessment of current strengths and weaknesses is vital to the success of any security strategy or risk management plan.      

Increasing Employee Awareness

Accurately tailoring protection to an organization’s needs means making sure that employees understand the reasons for each tool and policy, and have the opportunity to become actively involved. For any plan to work, companies must have feedback from users. For instance, is one tool causing issues with productivity? Are employees experiencing a positive or negative impact from the controls in place? This type of response from users helps identify weaknesses and helps pinpoint any additional lack.

Although tailoring risk management and strategies based on specific needs takes time and effort, the result produces a cost-effective solution that ensures proper compliance and protection. Staying one step ahead of attackers requires continual evolution.

Dynamic, Evolving Solutions to IT Security

ITIn the last year alone, IT security has seen an increase in corporate attention and funding, yet security breaches increase. How could this be?

In short, cybersecurity is not simply a concern you can “throw money at” and expect to go away. The only approach to IT security must be one that is dynamic and ever-evolving. Here are three common mistakes that cause threats to a business’s cybersecurity:

Outdated Defenses

More enterprises now invest in IT security personnel and software than ever before. Yet while IT departments keep an increasing focus on end point defenses, it is imperative to remember that processes that prevent data breaches today will not be effective or relevant forever.

Cyber attackers evolve, and cyber attacks grow more sophisticated. Recent IT security breaches have come from spear phishing e-mail scams, which can compromise an entire corporate network if just one employee is tricked by the scam.

This is why it is important to stay on top of the current threats to a company’s IT security, while also anticipating that new or evolved threats will certainly arise in the future. Anyone who has dealt with a next-generation malware virus knows this: there is nothing more damaging than a malware attack when the antivirus software signatures aren’t available yet.

Tunnel Vision: Compliance Requirements

One marker of IT staff success is compliance with security requirements. But that is only one marker. Too many companies face a crisis after IT security professionals develop tunnel vision, proceeding as if compliance guarantees prevention of data breaches. All too often this is not the case, despite industry periodical CIO’s report that 58% of the companies plan to invest more in meeting compliance in the next year.

This is because cybersecurity threats evolve at a faster rate than compliance standards. The vigilance of a company’s IT team must move beyond compliance. A dynamic cybersecurity strategy goes beyond compliance standards and anticipates the evolving nature of security threats.

Adapting New Tech, Not New Security

Third-party cloud storage sites and file sharing apps can make a business more productive and increase employee communications. That is, as long as these channels are secured. Too often, companies embrace new technologies without first laying the groundwork to protect that data. This can have disastrous consequences after a security breach.

A Dynamic Solution

Moving forward, some strategies to bolster the IT security of a company include:

  • Assess which clouds store company data, and evaluate how secure they are.
  • Embrace encryption-based data security, as well as access controls. This doesn’t just mean on laptops and desktops; every cloud and site of Big Data must be encrypted.
  • Have IT professionals work beyond meeting compliance standards to stay on top of ever-evolving security threats.

 

Adopting Policies That Work for BYOD

BYODThe year was 2009 when the mobile phone revolution inspired office workers to begin to break away from their cubes, ushering in freedom from desktops. An emerging trend, bring your own device (BYOD), surfaced across a wide spectrum of industries. While BYOD has since proven to have many benefits, it also has its drawbacks. Here’s a deeper look at the advantages and disadvantages of how portable devices have reshaped IT and the business world.

Costs of Convenience

A significant reason BYOD has become popular is the convenience of workers using their own devices with which they’ve grown comfortable. It’s convenient for management as well, since it frees up the budget for expenses on other needs beyond equipment. At the same time, however, it’s been a nightmare for some IT teams to oversee a wide range of technology that they cannot completely control.

The savings companies enjoy from avoiding desktop purchases are sometimes offset by the processing fees of plan subsidies, greater security risks, and less productivity from workers using their devices for personal use. The fact that employees can take home data that can be compromised by nefarious entities should be cause to look into device management strategies carefully before implementing BYOD.

First, Conduct Sufficient Research

The quickest path to quagmire in the BYOD era is to not bother planning a structured mobile device policy. Thorough research is needed on costs, ease-of-use, platforms, operating systems, models, and security risks. Partial plan policies may look more appealing on the surface than buying devices outright. But management should not overlook processing costs related to employee expense reports, which average around $18 per report, according to a 2013 Aberdeen Group analysis. Each business needs to study its own finances to determine if this model will provide savings.

A BYOD feasibility study also needs to include the potential security breaches that can occur from the vulnerabilities that BYOD introduces. This research (which can include Google, expert blogs, suppliers, software specialists, and business publications) may lead to a narrowed list of mobile device selections for employees to choose from. Comprehensive research will also help managers make the following determinations:

  • Rules and policies for professional vs. personal use
  • Mobile Device Management (MDM) strategies
  • The level of extra work and pressure BYOD will put on IT support
  • Price targets, options, and negotiation strategies

Developing a Company Mobility Plan

After compiling the above information, management should write a detailed company policy that spells out specific rules and regulations. The policy should identify which employees are permitted to use their own personal devices, which types of devices are allowed, and how they may be used in the workplace.

Additionally, the policy should specify who pays for phone and data plans and who is responsible for device maintenance and security. Finally, the policy needs to culminate in a summary of the company’s enforcement policy of rules and regulations.

The Power of MDM 

MDM software, such as IBM’s MaaS360, strengthens mobility policies through passwords. This cross-platform software is affordable, with options ranging from $3 to $10 per month. The software keeps devices locked down when not in use and sets limits on functions so that management can keep employee usage under control. As a security feature, MaaS360 can wipe data from lost or stolen devices.

As long as management does its homework by conducting a cost analysis then setting clear and appropriate policies, BYDO can help enable workers to be more productive at their jobs.