Hacker is infiltrating a business’s network system from a remote location

Brief History of Information Technology Security

People are fiercely driven by ‘what is going to happen’ rather than ‘what has happened’. Due to the growing concern of intellectual property vulnerability, people have begun to investigate further into the past. By understanding the history of technology security you might be able to safeguard against potential threats. Information technology security protects sensitive assets and property through the use of technology processes and training. High concerns that stem directly from information security are protection of confidentiality, integrity, and availability.

“The more you know about the past, the better prepared you are for the future.” -Theodore Roosevelt

The Early Years

Despite the efforts of the “CIA Triad” (or more commonly known as the Parkerian Hexad) on confidentiality/control, information integrity, authenticity, availability, and utility, they were not able to guard against all threats. Early mainframes used by the military were connected to phone lines called ARPANET (precedent to today’s internet), which allowed integration of information between government data centers. A special ARPA squadron began to determine additional steps for better security by studying the unsecure points between the data centers and the public. Their studies jump started the first few precautions focused on mainframe operating systems. MIT, Bell Labs, and General Electric were the first pioneers to build multiple security levels and passwords into their mainframes.

The Boom of Hacking

Computer system hacking began in 1970’s with the boom of emerging telecommunication technology. Ready to ‘stick it to the man’, a group of hackers found a way to infiltrate the telephone and computer networks in order to make free long distance calls. Also known as “phreakers”, these groups were pioneers for organized crime against unsecured networks. After Ian Murphy’s crime of stealing information from military computers in 1986, the Computer Fraud and Abuse Act was created. The Emergency Response Team was created to alert computer users of network security issues after Robert Morris unleashed the Morris Worm to thousands of defenseless computers.

The Growing Concern

Although public use of the Internet is barely 20 years old, malicious Internet activity has turned into a major criminal enterprise for over a decade. Businesses are now under attack by big threats that can leave them defenseless and exposed. Growing concern for the safety of personal/business information comes from the accelerated worldwide use of electronic data and the heavy amount of business conducted over the internet. With this expedited advancement and expansion, more and more people are putting their personal information online, making them vulnerable for an attack. In 2010, a group of the nation’s top scientists concluded in a report to the Pentagon that “the cyber-universe is complex well beyond anyone’s understanding and exhibits behavior that no one predicted, and sometimes can’t even be explained well.”

We recognize that monitoring technology activities are important to continue to protect the safety and security of your business. If you have any questions or concerns about your technology contact Cognoscape today.  

data loss prevention

3 Tips To Help You Prevent Data Loss

Data loss has been a hot issue lately, especially after the hacking of iCloud and the resulting leak of celebrity photos, as well as the attack on Sony Pictures, releasing massive amounts of confidential and personal employee data.

Whether you’re a large multinational corporation or an independent technology company, your information is important and should be kept as safe as possible.

Here are a few basic tips on how to make sure your data is secure and remains that way.

 

Backup Your Data

By now, backing up your data should be common sense. Too many things can go wrong not to have your data backed up in case of hardware failure or an untimely system crash.

But here’s an additional recommendation – DO NOT back your data up on the same drive as your operating system.

Whether it’s a result of malfunctioning software or a vicious malware attack, a majority of computer issues affect the operating system.

Often, you’ll need to reinstall certain software or reformat the infected drive in order to remove a virus, leaving most if not all of your data unsalvageable.

Which brings us to the next tip…

 

Install An Anti-Virus Program

Though backing up your data is extremely important in the event that your system is infected by a virus, preventing the virus from the start can save a great deal of trouble in the form of downtime as well as file loss and data corruption.

An effective anti-virus program will help prevent, detect, and remove software viruses (as well as other malware such as trojans, worms, bots, etc.) keeping your valuable data as secure as possible.

 

Have A Disaster Recovery Plan

All it takes is one major security breach or virus attack to force unnecessary downtime, vital data loss, while risking the safety and reputation of your business.

Even with sufficient data backup and up-to-date antivirus software, your documents and important information can still be lost due to human error and natural disasters. Though these issues cannot always be prevented, they can certainly be minimized with a proper disaster recovery plan.

So if you have the opportunity to safeguard the future of your business, shouldn’t you take it?

Contact Cognoscape today to learn more about how you can keep your information truly safe.

cloud backup

How Cloud Backup Can Keep Your Business Data Secure

Data backup used to be a lot more difficult than it is now. Remember the days of floppy disks? Fortunately, the system eventually made its way to CDs and then external hard drives, but it is even easier than that. Did you ever wonder what would happen in the disks got into the wrong hands or they burned up in a fire? You do not have to worry about any of that with a cloud backup; it is safe, secure, and not as risk for catching on fire. Discover the many ways a cloud backup can keep your business data secure. Remember, to benefit from data archiving, you have to actually back up the files. According to a Harris Interactive poll, over 2,250 users admitted to never backing up their computers, and only 7% actually practice safe archiving on a daily basis. What gives? Your computer’s data is definitely not safer just sitting around it he computer. You put your credit card back in your wallet every time you use it, so why not tuck your essential data away too. Discover how cloud backup can keep your business data secure.

  • Backup features are automatic and recovery is swift. This makes it easier for a user to recover critical data at any given moment and from any location. If human error, natural disaster, or an electrical outage cause a user to lose his/her data, everything the user needs will be stored in the cloud.
  • Access is only granted to permitted users, and the host can revoke cloud privileges at any time.
  • Some services encrypt files on the PC before they are uploaded with a SSL connection. The files will remain encrypted until the user(s) need to access them again.
  • Files are inaccessible unless the key can unlock the encryption algorithm.
  • The cloud services allow the users to create their own password or keys to access the files, so if the password is incorrect, the encryption process will make the data inaccessible to outsiders.
  • There is also a physical protection when a business uses a cloud-based backup system. Not only are your documents are data subjected to online activity and theft, but they are also susceptible to burglary and fire.       If the files are not backed up or company hardware is stolen, data can be destroyed or accessed by thieves with sinister intentions.
  • Some services permit access only with facial recognition.

Need help choosing a good cloud computing solution? Cognoscape can help!

Let’s talk about your company needs. Contact us today for a free consultation.

 

disaster recovery plan

5 Scenarios That Could Put You Out Of Business If You Don’t Have a Disaster Recovery Plan

Taking time and money to back up your company data is extremely burdensome, but make no mistake – having a disaster recovery plan is absolutely necessary. Many companies have perished after experiencing a devastating IT catastrophe. Here are 5 scenarios that could leave your businesses in pieces if you haven’t invested in disaster recovery.

Can Your Company Survive Disaster?

  1. Could your company goes weeks without revenue? Most business owners would say no! Regardless of what type of disaster may come your way, most will leave you scrambling to pick up the pieces if you haven’t prepared. It can only take a few weeks of time before a company has lost so much income that they close up shop.
  2. Mother nature is unpredictable and unforgiving. Hurricanes, fires and water damage are all examples of how natural disasters can wipe out your company. When this type of disaster occurs it can be devastating, so it is imperative that you have your important data backed up and stored in a safe place.
  3. It’s no secret that there are malicious attackers on the internet. What would happen if your office became the target of someone looking to obtain sensitive personal information for you or your clients. Once a company experiences a security breach, it can be a problem for the owner, clients and employees.

Maintain Your Good Reputation With Clients and Staff

  1. Hardware and software are never fool proof, regardless of the quality. Even the best brands become outdated and can break without warning. Often times companies will gain a false sense of security, thinking that if they invest in a good IT infrastructure they won’t have to worry about disaster recovery.
  2. Regardless of what may come your way, it is important to maintain your reputation to your customers. When a company experiences an IT crisis it can be detrimental to the way that customers view the way you do business. When you appear unprepared, customers look for someone else to take care of their needs.

Are you prepared for the worst case scenario? Having a plan doesn’t mean much if you don’t put it in to motion. Any one of these disasters could put you out of business if you haven’t taken the time to carefully weigh the consequences. For companies who have invested in a disaster recovery plan, getting up and running won’t be a problem.

Data Loss Can Cause You To Shut Down

52Small and medium sized businesses today are relying more than ever on IT systems to efficiently run their business, support customers and optimize productivity. These systems house sensitive digital data ranging from employee and customer information, to internal emails, documents and financial records, sales orders and transaction histories. This is in addition to applications and programs critical to daily business functions and customer service.

While corporate-level data losses and insider theft are well publicized, many smaller businesses have also become casualties of data loss and theft. Following a significant data loss, it is estimated that a small-to-medium sized business can lose up to 25% in daily revenue by the end of the first week. Projected lost daily revenue increases to 40% one month into a major data loss.

According to The National Archives & Records Administration in Washington, 93% of companies that have experienced data loss, coupled with prolonged downtime for ten or more days, have filed for bankruptcy within twelve months of the incident while 50% wasted no time and filed for bankruptcy immediately. Finally, 43% of companies with no data recovery and business continuity plan actually go out of business following a major data loss.

Still, a survey conducted by Symantec SMB revealed that fewer than half of SMBs surveyed backup their data each week. Only 23% of those surveyed said they backup data every day and have a business continuity plan in place.

Businesses play on a much bigger playing field than they did two decades ago. Any disruptive technological event – even the smallest of incidents – can have an amplified impact on day-to-day business and profitability. Being proactive with data recovery solutions, and having emergency response procedures in place prior to a disruption or data disaster, is the only way to minimize downtime and soften the impact of such events. CLICK HERE for a free network assessment.

Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe

69Not too long ago, the New York Times’ website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company’s website? What’s to stop someone from sending visitors of your site to an adult site or something equally offensive?

The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspapers’ Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Times’ attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted.  Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now… There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road. Here are a few ways to stay safe:

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

So what else can be done?

Set Up a Registry Lock & Inquire About Other Optional Security

A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

CLICK HERE for a free network assessment and avoid cybercrime with Cognoscape.

Is That a Business Continuity Plan in Your Pocket or a Bunch of Jargon?

67Technology is full of difficult jargon. To further complicate things, certain terms are often used in a different context between one publication or service provider and the next. An example of this is the usage of backup, disaster recovery, and business continuity. These terms are commonly used interchangeably, often resulting in confusion. In an effort to alleviate some of this confusion, let’s describe each physical process. You will see an overlay among all three, although they are each different processes.

Backup – In IT lingo, the most basic description of backup is the act of copying data, as in files or programs, from its original location to another. The purpose of this is to ensure that the original files or programs are retrievable in the event of any accidental deletion, hardware or software failure, or any other type of tampering, corruption and theft.

It’s important to remember that the term “backup” refers to data only and doesn’t apply to the physical machines, devices, or systems themselves. If there were a system failure, disk crash, or an onsite physical disaster, all systems would still have to be replaced, rebuilt, and properly configured before the backed-up data could be loaded onto them.

Disaster Recovery – Backups are a single, albeit crucial, component of any disaster recovery plan. Disaster recovery refers to the complete recovery of your physical systems, applications, and data in the event of a physical disaster like a fire; hurricane or tornado; flood; earthquake; act of terror or theft.

A disaster recovery plan uses pre-determined parameters to define an acceptable recovery period. From there, the most satisfactory recovery point is chosen to get your business up and running with minimal data loss and interruption.

Business Continuity – Although backup and disaster recovery processes make sure that a business can recover its systems and data within a reasonable time, there is still the chance of downtime from a few hours to many days. The point of a business continuity plan is to give businesses continuous access to their technology and data, no matter what. Zero or minimal downtime is the goal.

Critical business data can be backed up with configurable snapshots that are instantly virtualized. This allows files, folders and data to be turned on and restored in seconds. Bare metal restores of hardware, where an image of one machine is overlaid onto a different machine, is also utilized along with cloud replication for instant off-site virtualization.

Many businesses also keep redundant systems and storage at a different physical location than their main site as part of their business continuity process. They may also outline procedures for staff to work remotely off-site. Some businesses or organizations may go as far as to have printed contact lists and other critical data stored off-site to keep their business moving if a disaster wipes out power and their ability to access anything electronically.

This should clarify the differences between backup, disaster recovery, and business continuity solutions. Choosing what works best for your business will come down to your current IT infrastructure, your budget and how much downtime you can reasonably accept.

CLICK HERE for a free network assessment.

Healthcare and Cloud Computing Together at Last

65 For years, the healthcare industry was thought to be the very last sector to embrace cloud computing. With HIPAA compliance, storing private patient data in the cloud seemed much too risky from a security and legal standpoint. However, with a government issued mandate to migrate patient data to electronic heath records by 2015, the cost-effectiveness of the cloud was simply too logical to not entice independent practitioners and small healthcare entities now burdened by the need to invest technology and tech-savvy personnel. If only there was a way around the security and privacy concerns.

Wish granted. In January of 2013, the U.S. Department of Health and Human Services introduced a few revisions to the regulations administered under the Health Insurance Portability and Accountability Act of 1996. Labeled the “Final Omnibus Rule,” this update spelled out the legal framework to be used by healthcare organizations working with cloud service providers.

With a signed Business Associate (BA) agreement, a cloud service provider accepts the responsibility to protect patient data under HIPAA law. This expanded definition of BA means that the government can now penalize cloud service providers accountable for data breaches.

Although many healthcare organizations had already entrusted certain cloud service providers with their data, only the HIPAA covered entity (the healthcare organization) was penalized in the event of a breach prior to this ruling. While the HIPAA covered entity is still responsible for oversight, this shared accountability with the cloud service provider has expanded responsibility and has led to an influx of healthcare organizations and cloud service providers working together, worry-free, in perfect harmony.

CLICK HERE for a free network assessment.

Inquiring SMBs Want to Know… What’s the Difference Between a Help Desk and NOC?

It’s no secret that any growing small-to-medium sized business must monitor and manage its business technology in the most 63cost-efficient way. The tricky part is figuring out how to do this without sacrificing the overall experience of the end- user. End-users can be clients and customers or employees. Both rely on the efficiency of a firm’s network, servers, and applications, and the availability of the company’s data center. Thanks to the evolution of managed services, it’s actually possible these days to reduce costs, which strengthens IT support and infrastructure. It’s just a matter optimally integrating all available resources.

 

IT’S A STAFFING CONUNDRUM FOR MOST SMBs

Most SMBs tend to be short staffed. This isn’t just another reference to the many SMBs with little to no onsite tech support. While that’s true, and problematic, it’s actually all operations that tend to be short staffed.

Small yet growing companies and organizations aren’t just short on tech support; it seems like even their administrative assistant needs an assistant to keep up. Customer support and sales teams are also overworked, and often hindered by having to understand and troubleshoot tech problems when they have no tech expertise whatsoever.

There is no, “Hold for a moment, Sir. I’m about to transfer you to our tech support team.” There is no tech support team.

This is where managed service providers (MSPs) step in to save the day. MSPs help SMBs better manage their technology to achieve greater ROI (Return-on-Investment). One way they do this is by augmenting a SMBs existing on-site staff with the remote support of a 24/7 Network Operations Center (NOC) and Help Desk.

WHAT’S THE DIFFERENCE BETWEEN A NOC AND A HELP DESK?

This question is asked a lot because it’s really not uncommon to see both referenced interchangeably, which leaves many to assume they are one in the same. They are not. Here is the easiest way to distinguish between the two.

NOC: Most of the work performed by a NOC focuses on the network and systems. The NOC can almost be viewed as a mission control center. They monitor and manage an IT network. A 24/7 NOC typically monitors the network and system security, performance, and backup processes.

Help Desk: The Help Desk is more customer-oriented. The Help Desk has interaction with the end-user, or someone representing the end-user, to directly respond and resolve technical problems as they arise. Customers or employees can typically reach the Help Desk by clicking a support icon, emailing them, or dialing a toll-free number.

DO THE HELP DESK AND NOC INTERACT? Although the NOC and Help Desk are different, they do work together, along with any in-house tech support, to provide cohesive tech solutions to end-users. The Help Desk typically has three tiers of support and may sometimes have to escalate tickets to the NOC for resolution. This open communication, and ease of escalation, improves the end-user experience and serves as a proactive cost-efficient approach to managing SMB technology.

CLICK HERE for a free network assessment.

You’re in Business But Is Your Technology Ready?

It’s a fast business world. Brilliant business ideas can be conjured up at some hipster-filled vegan coffeehouse, a website is thrown together, and poof… in no time at all there is a living, breathing, small business venture accessible from anywhere in the world.

But as your head hits the pillow at night, with visions of becoming the next Mark Zuckerberg dancing in your head, understand that many obstacles will greet you on your road to entrepreneurial success. A fresh innovative idea is merely a start. For every successful startup like Groupon, there are even more that have faltered. Some great, even revolutionary, business concepts that just faded into obscurity; leaving behind nothing but tales of what could’ve been and insurmountable debt.

Failed business technology is often a big reason for this. Many startups think big but tend to operate small-minded to keep overhead and costs down. They then find themselves completely unprepared to meet the demands of growth, particularly when it comes to their IT infrastructure. There is no one-size fit all approach to how to manage technology for optimal efficiency, uptime, and profitability. Especially given the challenges of limited budgets and the need to keep overhead down.

So exactly how do SMBs make sound decisions regarding their technology infrastructure? Choices that are cost-effective enough to get their business off the ground and running without screwing them over once it truly takes off?

61Combine On-Site and Off-Site Support for the Best of Both Worlds Over 45% of SMBs have no dedicated in-house IT staff and no contracted IT consultant regularly monitoring and managing their technology. Roughly only 7 percent of SMBs have a full-time onsite IT technician on payroll. The rest rely on third-party on-call IT companies who appear only when technology goes haywire and disrupts business. These on-call companies can sometimes take a day or two to even show up, which means issues aren’t resolved in a timely and efficient manner. And did we mention they’re expensive?

Most SMBs say they simply can’t afford full-time in-house support. Even those who do budget for it face overwhelming challenges. They often experience a revolving door of on-site help who leave for a larger company and better salary once they’ve beefed up their resume. And those hires that do remain loyal often feel as if they have no reliable help and become overworked and frazzled as the business and their responsibilities grow. Discontent may even set in if wages aren’t raised proportionately to the added responsibilities, or if they grow bored of doing the same mundane repetitive work every day.

But today’s SMB has access to technology that won’t drain resources. In particular, the evolution of cloud computing and managed services can either automate or re-assign a lot of the day-to-day caretaking of technology to remote employees, leaving onsite support available for more meaningful and potentially profitable projects.

Better yet, it saves money on equipment costs.

Whenever possible, a mix of on premise and off-premise IT support is the best way to make your technology scalable and prepared for growth.

CLICK HERE for a free technology assessment.