Posts

CompTIA Report on IT Security

Staying Ahead of Cyber Attacks

/in , /by

Technology is a giant juggernaut ameba growing and evolving at an exponential and unstoppable rate. Trying to keep up with just everyday tech can be overwhelming. What iPhone number are we on now? And what exactly is a ChromeBook, anyway? Keeping up with the Joneses is one thing; staying up to date with and ahead of cyber attacks is a monster all its own. It seems like every week another company makes national headlines for falling victim to a cyber attack. Yours doesn’t have to be one of them.

Stay Proactive

Cybercriminals are always learning, adapting, and evolving new ways of cracking cybersecurity. Staying proactive with your approach to cybersecurity is the first step towards getting ahead of potential cyber attacks. Fortunately, Cognoscape can help you take an active approach to security. We can help you create a Technology Roadmap to plan for the future and stay ahead of whatever those pesky hackers think of next. We can help train you and your employees on how you can strengthen your daily workflow and what precautions you can be taking with each email and keystroke.

Use the Buddy System

If the Joker stepped into your server room and started tinkering around, you wouldn’t go in there alone. You would light up the bat-signal to call Batman. Don’t face cyber attacks alone. Buddy up with a Cognoscape consultant. Our consultants have years of experience staying up to date and ahead of the technology driving cyber attacks. You will be able to focus on the core of your business, while we race ahead of the latest cybercriminal technology to protect your company’s most precious digital assets. Your consultant will be there by your side to help create a custom strategy on how to best fend off and recover from whatever comes your way.

Don’t risk your company’s future by tackling your network security alone. Contact us today to start putting together your Technology Roadmap.

 

 

CompTIA Report on IT Security

CompTIA Report on Security features Cognoscape

/in , /by

IT departments are struggling to build a sound security practice against the ongoing threats and hazards that are attacking IT channels. Companies from diverse backgrounds are just beginning to understand the benefits of IT security. A CompTIA report by author Seth Robinson, senior director for technology analysis, identifies several key takeaways for partner firms trying to build robust security practices.

  • There are channel companies who now offering more security services in their portfolios while others are focusing their business solely on security.
  • Channel firms reported that the security technologies and services that generate the most revenue are firewalls (38%) and antivirus (20%) – going forward that’s got to change.
  • Channel companies need to become more proactive with security when working with their customers. Conversations about the cost and return on investment of security are going to start taking place.
  • Partner firms need to take initiative in building their own company brand and breaking out as an individual entities rather than relying on the reputation of more commonly known security vendors.

The CompTIA report highlighted Cognoscape LLC’s ability to combine their technology processes and education in order to protect their partners digital assets. Cognoscape focuses on small and medium sized business and offers basic layers of security services – backup and disaster recovery, antivirus, antimalware, antispam and patch management. However, they also offer a more strenuous, advanced level of active monitoring services like network policy management and risk mitigation, and they are in the process of developing security information and event management as a service. Cognoscape is lighting the path for partners who aren’t taking the right precautionary measures in security technology and service practices.

According to the CompTIA report, there is a discrepancy between channel companies and the services provided. CompTIA states that only about one-third of partner firms balance vendor reputation and value added services, with 1 in 10 partners primarily relying on the strength of their own services or innovation. This lack of communication leaves room for worry. At the end of the report, ESG analyst Kevin Rhone said that he views security as one of the biggest transformative trends for partners.

Data Loss Can Cause You To Shut Down

/in , /by

52Small and medium sized businesses today are relying more than ever on IT systems to efficiently run their business, support customers and optimize productivity. These systems house sensitive digital data ranging from employee and customer information, to internal emails, documents and financial records, sales orders and transaction histories. This is in addition to applications and programs critical to daily business functions and customer service.

While corporate-level data losses and insider theft are well publicized, many smaller businesses have also become casualties of data loss and theft. Following a significant data loss, it is estimated that a small-to-medium sized business can lose up to 25% in daily revenue by the end of the first week. Projected lost daily revenue increases to 40% one month into a major data loss.

According to The National Archives & Records Administration in Washington, 93% of companies that have experienced data loss, coupled with prolonged downtime for ten or more days, have filed for bankruptcy within twelve months of the incident while 50% wasted no time and filed for bankruptcy immediately. Finally, 43% of companies with no data recovery and business continuity plan actually go out of business following a major data loss.

Still, a survey conducted by Symantec SMB revealed that fewer than half of SMBs surveyed backup their data each week. Only 23% of those surveyed said they backup data every day and have a business continuity plan in place.

Businesses play on a much bigger playing field than they did two decades ago. Any disruptive technological event – even the smallest of incidents – can have an amplified impact on day-to-day business and profitability. Being proactive with data recovery solutions, and having emergency response procedures in place prior to a disruption or data disaster, is the only way to minimize downtime and soften the impact of such events. CLICK HERE for a free network assessment.

Why SMBs Must Proactively Address the Threat of Mobile Hacks

/in , /by

70More cyber criminals are targeting small-to-medium sized businesses. One reason for this is too many workplaces have insufficient bring-your-own-device (BYOD) policies in place. Some have none at all. Although firms are generally more knowledgeable about network security risks than in years past, they still woefully underestimate the security vulnerabilities linked to mobile devices like smartphones and tablets.

This is a real cause for concern since data breaches have the ability to put many already financially challenged SMBs out of business.

If customer/client data has been breached, there could be potential litigation costs, and naturally, lost goodwill and an irreparable hit to brand or company reputation.

Don’t Just Say You’re Worried About the Bad Guys… Deal With Them

SMBs say they view network security as a major priority but their inaction when it comes to mobile devices paints a different picture. An April 2013 study found that only 16% of SMBs have a mobility policy in place.

Despite the fact that stolen devices are a major problem in today’s mobile workforce, only 37% of mobility policies enforced today have a clear protocol outlined for lost devices. Even more troubling is the fact that those firms who have implemented mobility policies have initiated plans with some very obvious flaws.

Key components of a mobility policy such as personal device use, public Wi-Fi accessibility, and data transmission and storage are often omitted from many policies.

Thankfully, most SMB cybercrimes can be avoided with a comprehensive mobility policy and the help of mobile endpoint mobile device management services.

A Mobility Policy Is All About Acceptable/Unacceptable Behaviors

Your initial mobility policy doesn’t have to be all encompassing. There should be room for modifications, as things will evolve over time. Start small by laying some basic usage ground rules, defining acceptable devices and protocols for setting passwords for devices and downloading third-party apps. Define what data belongs to the company and how it’s to be edited, saved, and shared. Be sure to enforce these policies and detail the repercussions for abuse.

Features of Mobile Device Management Services

MDM services are available at an affordable cost. These services help IT managers identify and monitor the mobile devices accessing their network. This centralized management makes it easier to get each device configured for business access to securely share and update documents and content. MDM services proactively secure mobile devices by:

  • Specifying password policy and enforcing encryption settings
  • Detecting and restricting tampered devices
  • Remotely locating, locking, and wiping out lost or stolen devices
  • Removing corporate data from any system while leaving personal data intact
  • Enabling real time diagnosis/resolution of device, user, or app issues

It’s important to realize that no one is immune to cybercrime. The ability to identify and combat imminent threats is critical and SMBs must be proactive in implementing solid practices that accomplish just that.

CLICK HERE for a free technology assessment.

Just Because You’re Not a Big Target, Doesn’t Mean You’re Safe

/in , , , /by

69Not too long ago, the New York Times’ website experienced a well-publicized attack, which raises the question – how can this happen to such a world-renowned corporation? If this can happen to the New York Times, what does this bode for the security of a small company’s website? What’s to stop someone from sending visitors of your site to an adult site or something equally offensive?

The short answer to that question is nothing. In the New York Times’ attack, the attackers changed the newspapers’ Domain Name System (DNS) records to send visitors to a Syrian website. The same type of thing can very well happen to your business website. For a clearer perspective, let’s get into the specifics of the attack and explain what DNS is.

The perpetrators of the New York Times’ attack targeted the site’s Internet DNS records. To better understand this, know that computers communicate in numbers, whereas we speak in letters. In order for us to have an easy-to-remember destination like nytimes.com, the IP address must be converted to that particular URL through DNS.

Therefore, no matter how big or small a company’s online presence is, every website is vulnerable to the same DNS hacking as the New York Times’ site. The good news is the websites of smaller companies or organizations fly under the radar and rarely targeted.  Larger targets like the New York Times, or LinkedIn, which was recently redirected to a domain sales page, are more likely targets.

For now… There is no reason to panic and prioritize securing DNS over other things right now. But there is a belief that DNS vulnerability will be something cybercriminals pick on more often down the road. Here are a few ways to stay safe:

Select a Registrar with a Solid Reputation for Security

Chances are, you purchased your domain name through a reputable registrar like GoDaddy, Bluehost, 1&1, or Dreamhost. Obviously, you need to create a strong password for when you log into the registrar to manage your site’s files. Nonetheless, recent DNS attacks are concerning because they’re far more than the average password hack.

It was actually the security of the registrars themselves that was compromised in recent attacks. The attackers were basically able to change any DNS record in that registrar’s directory. What’s particularly frightening is the registrars attacked had solid reputations. The New York Times, along with sites like Twitter and the Huffington Post, is registered with Melbourne IT. LinkedIn, Craigslist and US Airways are registered with Network Solutions. Both had been believed to be secure.

So what else can be done?

Set Up a Registry Lock & Inquire About Other Optional Security

A registry lock makes it difficult for anyone to make even the most mundane changes to your registrar account without manual intervention by a staff registrar. This likely comes at an additional cost and not every domain registrar has it available.

Ask your registrar about registry locking and other additional security measures like two factor authentication, which requires another verifying factor in addition to your login and password, or IP address dependent logins, which limits access to your account from anywhere outside of one particular IP address.

While adding any of these extra safeguards will limit your ability to make easy account change or access your files from remote locations, it may be a worthwhile price to pay.

CLICK HERE for a free network assessment and avoid cybercrime with Cognoscape.

Why it’s Time to Move on if Your Cloud Provider Won’t Sign a HIPAA BAA

/in , , , /by

68Despite new HIPAA Business Associate Agreement (BAA) regulations going into effect in 2013, many healthcare organizations are still encountering the occasional cloud service provider who refuses to sign a BAA. Although they may have a logical explanation, any refusal to sign a BAA should be seen as a red flag.

Here’s the logic from their angle. There are still many cloud vendors who view themselves more as conduits of Personal Health Information (PHI). They feel their role is more akin to that of a mailman. They’re merely transporting data to others and have no real access to the actual contents.

If the data is encrypted and cannot be read, or If they don’t touch the actual PHI data at all, the cloud service vendor will argue that HIPAA regulations do not apply to them and possibly refuse to sign a BAA.

Fair enough, right? If the data is encrypted and the vendor doesn’t hold the encryption key, what’s the problem? Well, here’s the problem.

File this in the unlikely yet not improbable category. Let’s say that the PHI data wasn’t properly encrypted before it was sent into the cloud or unencrypted data was mistakenly transferred over to the cloud service provider. If the cloud provider has refused to sign a BAA, this jeopardizes your HIPAA compliance and could potentially result in a fine anywhere from $50,000 to $1.5 million.

This is why those in the healthcare sector must move on from any cloud provider that is reluctant to sign a BAA. They are basically refusing to be complaint since the new HIPAA Omnibus Rule clearly defines a business associate as anyone who creates, receives, maintains, or transmits PHI on behalf of a covered entity. By refusing to share accountability for HIPAA compliance, they’re a liability to your organization that you just can’t afford.

CLICK HERE for a free network assessment.

 

Is That a Business Continuity Plan in Your Pocket or a Bunch of Jargon?

/in , /by

67Technology is full of difficult jargon. To further complicate things, certain terms are often used in a different context between one publication or service provider and the next. An example of this is the usage of backup, disaster recovery, and business continuity. These terms are commonly used interchangeably, often resulting in confusion. In an effort to alleviate some of this confusion, let’s describe each physical process. You will see an overlay among all three, although they are each different processes.

Backup – In IT lingo, the most basic description of backup is the act of copying data, as in files or programs, from its original location to another. The purpose of this is to ensure that the original files or programs are retrievable in the event of any accidental deletion, hardware or software failure, or any other type of tampering, corruption and theft.

It’s important to remember that the term “backup” refers to data only and doesn’t apply to the physical machines, devices, or systems themselves. If there were a system failure, disk crash, or an onsite physical disaster, all systems would still have to be replaced, rebuilt, and properly configured before the backed-up data could be loaded onto them.

Disaster Recovery – Backups are a single, albeit crucial, component of any disaster recovery plan. Disaster recovery refers to the complete recovery of your physical systems, applications, and data in the event of a physical disaster like a fire; hurricane or tornado; flood; earthquake; act of terror or theft.

A disaster recovery plan uses pre-determined parameters to define an acceptable recovery period. From there, the most satisfactory recovery point is chosen to get your business up and running with minimal data loss and interruption.

Business Continuity – Although backup and disaster recovery processes make sure that a business can recover its systems and data within a reasonable time, there is still the chance of downtime from a few hours to many days. The point of a business continuity plan is to give businesses continuous access to their technology and data, no matter what. Zero or minimal downtime is the goal.

Critical business data can be backed up with configurable snapshots that are instantly virtualized. This allows files, folders and data to be turned on and restored in seconds. Bare metal restores of hardware, where an image of one machine is overlaid onto a different machine, is also utilized along with cloud replication for instant off-site virtualization.

Many businesses also keep redundant systems and storage at a different physical location than their main site as part of their business continuity process. They may also outline procedures for staff to work remotely off-site. Some businesses or organizations may go as far as to have printed contact lists and other critical data stored off-site to keep their business moving if a disaster wipes out power and their ability to access anything electronically.

This should clarify the differences between backup, disaster recovery, and business continuity solutions. Choosing what works best for your business will come down to your current IT infrastructure, your budget and how much downtime you can reasonably accept.

CLICK HERE for a free network assessment.

2 Steps to Ensure Healthcare Data Availability in the Cloud

/in , , /by

66In 2013, major companies like Google, Amazon, and Microsoft experienced outages. Not only were these big name outages disruptive to users, but they also made headlines and proved to be costly to each brand. Google’s hiccup footed an estimated bill of $500,000 while Amazon’s 30-40 minute blackout contributed to roughly $3 million in losses.

2013 was also the year the healthcare industry embraced cloud computing thanks to modifications to the HIPAA Privacy, Security, Enforcement and Breach Rules. With these modifications extending the definition of a Business Associated (BA) to cloud service providers, many of the data breach concerns that had previously kept the healthcare sector from taking to the cloud have been quieted.

But as more patient health data is electronic and residing in a virtual environment, the availability of this data is just as important, if not more important, than securing it. Unlike Google, Amazon, and Microsoft, the disastrous effects of data outages in the healthcare sector can have potentially deadly consequences.

Not only is high uptime mandatory in a healthcare cloud, business continuity and disaster recovery (BCDR) plans are also crucial. The good news is the cloud’s virtualized infrastructure, coupled with the expertise and cloud monitoring of a trusted Managed Service Provider (MSP) can help healthcare organizations maintain uptime and reliability. Here are two helpful steps:

  1. Risk Assessments Are Absolutely Necessary

While risk assessments are critical to protecting patient health information, a 2012 audit conducted by the Office of Civil Rights revealed that many healthcare entities and contracted service providers fail to perform them. These evaluations must be conducted regularly and require an honest assessment of probable risks ranging from malicious cybercrime attacks to acts of nature such as natural disasters, flood, earthquakes and power outages. Analyze both the architectural vulnerabilities relative to data availability and security as well as the effectiveness of the counteractive measures in place. The goal is to minimize the plausible impact of such an event and prevent service disruption.

 

  1. Proactively Monitor for Cybercrime

It is often months before a security breach is detected. By this time, hackers have had ample time to infiltrate your system and feast on its data. Since cybercriminals use an unpredictable array of methods to strike, such as viruses, malware and phishing schemes to steal credentials, the strength of your detection system is key. Alerts should be set up to identify anomalies such as unusual application requests, forced entry attempts, suspicious spikes in traffic, and abnormal data patterns that suggest a breach. The proactive monitoring tools available through a MSP can help scan, pinpoint, and remediate such attacks.

Any BCDR plan must be built upon your organization’s recovery time objective (RTO) and recovery point objective (RPO). Your RTO is the duration of time in which your service level must be restored to avoid dire consequences. Your RPO is the maximum age of the recoverable files in storage to resume normal operations. A MSP can help determine the optimal scenario for your healthcare organization and prioritize the most critical health care information with near real-time replication.

Through this preparation and foresight, your organization can lay the groundwork to not only protect healthcare information in the cloud but potentially save patients’ lives in the event of an unforeseen outage.

CLICK HERE for a  free network assessment.

Healthcare and Cloud Computing Together at Last

/in , , , , , /by

65 For years, the healthcare industry was thought to be the very last sector to embrace cloud computing. With HIPAA compliance, storing private patient data in the cloud seemed much too risky from a security and legal standpoint. However, with a government issued mandate to migrate patient data to electronic heath records by 2015, the cost-effectiveness of the cloud was simply too logical to not entice independent practitioners and small healthcare entities now burdened by the need to invest technology and tech-savvy personnel. If only there was a way around the security and privacy concerns.

Wish granted. In January of 2013, the U.S. Department of Health and Human Services introduced a few revisions to the regulations administered under the Health Insurance Portability and Accountability Act of 1996. Labeled the “Final Omnibus Rule,” this update spelled out the legal framework to be used by healthcare organizations working with cloud service providers.

With a signed Business Associate (BA) agreement, a cloud service provider accepts the responsibility to protect patient data under HIPAA law. This expanded definition of BA means that the government can now penalize cloud service providers accountable for data breaches.

Although many healthcare organizations had already entrusted certain cloud service providers with their data, only the HIPAA covered entity (the healthcare organization) was penalized in the event of a breach prior to this ruling. While the HIPAA covered entity is still responsible for oversight, this shared accountability with the cloud service provider has expanded responsibility and has led to an influx of healthcare organizations and cloud service providers working together, worry-free, in perfect harmony.

CLICK HERE for a free network assessment.

Are Managed IT Services Right For You? A Few Things to Consider

/in /by

64How do you get a small business to recognize the value of manages IT services? In the start-up environment, we encounter an eclectic bunch of personality types. There is a reason people become entrepreneurs or C-level execs. When we meet the owners or decision makers at smaller companies and organizations, we can tell right away why they’re where they are. They’re visionaries. They’re risk takers. They’re competitive. They want to be in charge. Therefore, they aren’t always quick to place the fate of their business technology in the hands of a third party. They’ve come as far as they have by being in control and they’re hesitant to give up that control. But we’ve learned a few things along the way. For example, the Type A personality is highly independent but also very competitive. So we tap into the competitive advantage that managed IT services gives them. The Type B personality is creative and doesn’t like static routines. But their ears perk up when they hear terminology like “cutting-edge” and we can then paint the big picture for them once their listening. But anyone we do business with has to be committed to the efficiency, security, and stability of their business technology to see our value proposition. And they have to recognize that managing their IT infrastructure is an investment they cannot take lightly. So here are a few things we commonly have to address before any deal for managed IT services is signed.

Is my business large enough to even consider managed services?

There is an old adage that size doesn’t matter (ahem… we’re talking about in a fight) but SMBs must always think big to get big. The truth is, any company, regardless of its size or the number of people they employ, will run more efficiently if its technology is monitored, maintained, and managed properly. These are facets of your operations that drive profitability and give our Type A personalities that competitive edge they crave. And they can rest easy whenever business is booming because their technology is built to sustain their growth. That’s the big picture that our Type B personality can appreciate.

How is making another IT investment a cost-savings move for my business?

There are still many SMBs who feel a greater focus and investment should go towards their core operations or marketing and sales. They only worry about technology when it breaks, figuring they’ll just call a service technician to come to the office and fix whatever the problem is. Or buy some new hardware at Office Depot.

There are some very obvious flaws to this strategy.

  • You’re paying way too much when it’s way too late – An issue that was likely preventable with early detection has escalated into a full blown business disruption and that on-call technician likely charges a high hourly rate, on top of hardware replacement costs, and may not get to your site right away. Being proactive rather than reactive to technology issues is important.
  • Don’t forget productivity killers – It’s taking your employees too long to boot their computers. Servers and applications are running slowly. Employee devices are full of Malware. Non-technical employees are running around troubleshooting tech problems. If you see this, your present approach to IT management is killing employee productivity and your bottom line.
  • What happens internally is noticed externally – Don’t think for a second that customers or clients don’t notice outdated or slow internal technology and mismanagement. If your site or applications are down often, run slowly, or your customer service rep tells them “I’m sorry, our system is down”, they’re noticing and it’s hurting your business.

When all is said and done, professionally managed IT services will give you a competitive edge, guarantee your business is always leveraging the newest most cutting-edge technology, and enhance your relationships with customers and clients – all while reducing costs.

CLICK HERE for a free network assessment.