Layered Approach: Security Is about More than Antivirus

If only online security issues could be solved with sorcery: a magic wand, some incantations, and poof! Troubles disappear.

  Sadly, magic only works in books and movies. Out here in the real world, the bad guys always have the advantage, and you need more than wizardry to keep them off your network.

  Criminals that ply their trade in cyberspace are mostly driven by economics. They might be after the banking credentials for your small business so they can drain funds from online accounts. If your business is connected to sensitive industries, the bad guys might be foreign agents intent on stealing secrets. Or maybe they're in the ransomware business, hoping to encrypt one of your PCs so they can demand a ransom to unlock it.

  If you think antivirus software is going to stop all those threats, think again. Even the most successful antivirus program is only about 90% effective under the best of circumstances.

  Yes, your business needs antivirus software, but a well-rounded IT security strategy includes multiple additional layers, each working in concert with the others.

Here are four crucial ingredients that must be included in that mix:

1. A Comprehensive Update Strategy

       Every year, security companies review the data they collect from virus-infected PCs, and, every year, the results prove the same depressing truth: most drive-by infections are the result of an exploit that targets a flaw in the operating system or a piece of installed software. And the overwhelming majority of infections were only possible because the owner of the infected PC had failed to install patches released months or years before.

    The moral for your company is simple: keep every PC up to date. That includes the operating system, applications like Microsoft Office, and commonly installed software add-ons such as Adobe Flash and Oracle Java. And make sure to check the update status of every PC regularly, either manually or with the help of centralized management software.

2. Robust Email Filters

    What does email have to do with security? A lot, as it turns out.

Email attachments are among the most popular vectors for spreading malware, usually in the form of misleading executable files (Trojan horses) and booby-trapped documents in PDF and other common formats. The best way to protect your network is to have your email provider or gateway detect suspicious packages and remove them before they can get to your users' mailboxes.

3. Standard (Not Administrative) User Accounts

   Even if someone in your organization is tricked into running malware that your antivirus software doesn't block, you can limit the damage. The most important change to make is simple: set up standard user accounts, and reserve administrator accounts for those times when you really need to change something. If malware can take over a user account with administrative privileges, it can wreak havoc on crucial system functions. Don't let that happen.

4. Know Your Network

   Even in the best-run business, it's possible that a virus or other malicious software will slip past your defenses. In fact, you should assume that's a possibility and review network logs regularly to detect strange behavior. Is someone from outside your network making inbound connections at odd times? Are files being transferred outside your network? This type of activity can be an early warning sign of a network compromise, and the best way to find out about it is before you get a call from your bank or the FBI.

Contact us to help identify the right tools for your organization.

To find out more, contact Az Datacom today. 

(623) 688-TECH

5 Tips to Ensure You Survive a Stolen Laptop

"We're missing a laptop!"   These words are not something you want to hear, but the chances are, it's going to happen at some point. Unfortunately, data on the majority of SMB laptops is not encrypted, so what exactly does it mean for your company if this happens?

   It means that if the bad guys pull the hard drive from the missing laptop and plug it into a running system, then chances are they can access to your data. A simple user ID and password are not going to be adequate protection.

   Are the thieves going to bother even looking at the stolen laptop? Many years ago, the hardware itself would fetch a decent amount on auction sites as "previously owned." With the professionalization of cyber crime, oftentimes, the data from a professional firm is worth more than the hardware itself.

   Cyber criminals are very aware of the value of purloined data and a lost laptop can quickly turn into a serious incident. For example, the theft of personal information may lead to an extortion demand or blackmail attempt. Furthermore, a fine from a regulatory or governing body is frequently being applied to organizations that take a cavalier attitude towards laptop security.

In 2013, the Information Commissioner's Office (ICO) in the UK fined Glasgow City Council £150,000 for the loss of two unencrypted laptops, one of which contained personal details on more than 20,000 people.

In 2014, two entities paid the U.S. Department of Health and Human Services Office for Civil Rights (OCR) $1,975,220 collectively to resolve potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules.

Stolen or lost laptops have become one of the most common business security incidents, according to the 2014 Data Breach Investigation Report by Verizon, and depending on the regulations governing your business, the penalties and costs could be significant. These penalties and costs continue to grow as the individuals' privacy, which was violated, may seek additional restitution.

These major enforcement actions in the US and UK underscore the significant risk to the security of personal or medical information posed by laptop computers and other mobile devices.

Here are five precautions you can take to ensure you limit the damage of a stolen device:

1. Utilize Tools Such as Full Disk Encryption

   With the introduction of Windows 8.1 Bitlocker, Microsoft's disk encryption solution is bundled in the operating system (Windows 7 Ultimate had it as well). It takes some work to roll it out to an organization, but since it is included, your organization could find itself in a difficult legal position if a data breach occurs. There are also a plethora of third-party add-on solutions.

2. Physical Security

   The traveling or unattended laptop is one of the more risky situations any mobile device can find itself in. In public places or even hotel rooms, the corporate laptop or tablet should be, at best, secured in a safe and, at worst, stored out of site. In the office, a security tether should be used, especially if overall access control to the facility is weak or the organization is large.

3. Data Segmentation

   If storing all your data on a USB stick seems like a solution, think again. Your laptop may have an email client installed on it, and if those sensitive documents or information has been attached, the bad guys may get at those files. If you only utilize web mail and your documents are on an encrypted USB stick, this may be a useful technique to survive a lost or stolen device.

4. Disposal

   It may sound like something out of Mission Impossible, but the physical destruction of a device that falls into the wrong hands is best, but drive wipe with secure erase software should be your minimum. Always keep in mind that the data lives on the hard drive inside the device. If you plan on backing up user files or archiving the contents of the old device, first make sure that it's secure as well.

5. Avoid Logos

   Advertising whom you work for may not be the best idea if you are in a high-risk situation, like the world's largest hacker convention. Not the best time to bust out your NSA stickered Panasonic Toughbook.

Conclusion

   Ultimately, you need to remember that the security of your mobile device(s) is your responsibility. Folks' stolen property is returned by strangers, or found using technology, all the time. Unfortunately, if it's out of your control, the contents may be copied or malware may have been implanted — be careful.

To find out more, contact Az Datacom today. 

(623) 688-TECH

Customer story: TransBlue

Flexibility and mobility are important for any businesses operating in today's digital age. Especially for small businesses. Without a robust IT department, TransBlue took on the challenge of modernizing their workplace with Microsoft 365. With tools like Skype and Teams, they can collaborate from afar saving them time and resources. AZ Datacom, LLC wants to help you modernize your workplace. Contact us today for more information on how we can help.

Customer Story: Marshall Public Schools

Marshall Public Schools are preparing their students for life after graduation using Windows 10 in S Mode. Students are able to gain valuable technological skills without requiring the school district to sacrifice security.

Read More...

Don't miss another post from AZ Datacom, LLC

To receive updates from AZ Datacom, LLC, and to learn more about how we can help with Microsoft 365, subscribe today!

View: Don't miss another post from AZ Datacom, LLC

The 8 Most-Asked Questions About Cloud Communications – Answered

81% of CIOs believe IT is entering a new era of customer-driven initiatives. Businesses are increasingly embracing cloud communications to craft better customer experiences. Some IT executives, failing to recognize the opportunities cloud solutions can bring to their businesses, are reluctant to adopt this new communications platform. Savvy CIOs view it as a key enabler of a more agile, connected employee and customer experience. They recognize that providing employees with a more aligned communications platform will empower them to deliver a superior experience for customers. As with any new technology, there are several misconceptions and questions to consider.

These 8 most-asked questions will shed some light on how trans-formative cloud communications can be for your business:

1. Is it cost-effective? Cloud is more agile and requires less infrastructure than its on-premises counterpart. You only pay for what you use, allowing most companies to reap the benefits of savings while gaining in highly desirable collaboration, mobility and customer engagement features for employees.

2. Is cloud right for my size business? Not all cloud solutions offer the robust capabilities and reliable platform to work as a successful communications model for companies. We have partnered with Cloud Communications and Contact Center platforms that support 50,000+ global businesses of all sizes, with a cloud solution that can grow with you, easily scaling up or down without compromising features.

3. How reliable is a cloud solution? Again, this depends on the solution you deploy, but cloud solutions are far more reliable than on-site hosted phone systems. Cloud Communications and Contact Center solutions can increase your uptime significantly. Their agreements include a money-backed guarantee of 99.99% uptime. Can your PBX provider offer the same?

4. Will I get global call capabilities? With 15 redundant data centers distributed across the globe, Our Cloud Communications and Contact Center solution offers international local, toll-free and local number transfer services in over 80 countries. Plus, with patented geo-routing algorithm delivers the highest call quality regardless of where the caller is in the world.

5. How accessible is it? If it is a complete cloud communications solution, the solution delivers the full breadth of Unified Communications and contact center capabilities with the flexibility to add capabilities and users as needed. This includes contact centers and calling platforms. With our cloud communications solutions  everything is accessible anytime, anywhere from any device.

6. Can it do what my phone does now? Nobody wants you to give up capabilities. Our cloud communications solution offers you the full breadth of capabilities you depend on today including voice, video, messaging, meetings and customer engagement tools to improve productivity and revenues for your company.

7. Is a cloud solution secure and compliant with government regulations? It should be! Our Cloud Communications and Contact Center solution is backed with industry-leading security and compliance standards and has passed third-party audits for compliance with HIPAA, PCI-DSS, FISMA and other U.S. regulations.

8. How do you pay for cloud? Cloud solutions are often more accessible to businesses of any size because instead of a capital outlay, they can be paid for monthly as an operating expense. Our flexible mix of service packages provide more cost-effective solutions, while also reducing the amount of specialized IT skills and resources required to make the phones work. 

Not all cloud communications solutions are created equal. Our single Cloud Communications and Contact Center solution offers companies ONE platform that aligns and engages on all channels, creating a harmonized platform that empowers employees to deliver exceptional customer experiences. 

Everyone’s talking about cloud solutions. Get the facts first. Contact us to learn more. 

Sync and Share Solutions: No Substitute for Backup

In recent years, enterprise sync and share solutions have become popular mechanisms for protecting endpoint data. Even so, sync solutions do not typically provide the same level of protection as a true backup solution. The reason for this is simple. Although there are undeniably some overlaps in functionality, sync software and backup software were created for completely different purposes.

Backup Software vs. Sync and Share Solutions

    Backup software has one purpose and one purpose only — to allow the organization to get its data back following a data loss event. While enterprise sync software may allow for data recovery in certain situations, data recovery is not the software's primary focus.

Enterprise sync software is designed primarily to make user data available in multiple locations. For example, copies of the user's data might reside on the user's laptop, a network file share, and perhaps the user's tablet. The synchronization engine is designed not only to copy data to each of the designated locations, but also to make sure that each copy of the data remains up-to-date and identical.

    Enterprise synchronization software primarily provides protection against data loss in the event of lost, stolen, or damaged hardware. If, for instance, a user accidentally drops and destroys their laptop, a copy of the user's data remains stored safely on a server. Even so, there are some major shortcomings to this approach.

The Disadvantages of Sync and Share

    One potential disadvantage to using sync software is that the software may not protect everything. Sync software allows a user to choose which data they want to synchronize between devices. It is somewhat common for a user to configure the software incorrectly or to accidentally create and store data in a folder that is not being synchronized. The end result is that some of the user's data may be left unprotected.

    Another disadvantage to using enterprise sync software is that such software may not offer point in time recovery capabilities. Suppose, for instance, that a user were to make an incorrect change to an Excel spreadsheet. That change would immediately be synchronized with the other copies of the data. In other words, unmodified copies of the spreadsheet would be overwritten by the copy containing the error. If the user were to later discover the error, they may not have a way of reverting to a known good copy of the spreadsheet.

    In all fairness, there are some enterprise sync applications that do provide point in time recovery capabilities. Even so, these capabilities may not be as flexible as what would be included in a dedicated backup application. For example, the software may only allow for a few recovery points to be retained or may not support point-in-time recovery for all file types.

Perhaps the biggest potential disadvantage to using enterprise sync software is that such software has been known to cause data loss in certain situations. There are documented instances of synchronization databases becoming corrupted. In most of these incidents, the synchronization process simply stopped working, leaving newly created data unprotected.

In other instances, however, database corruption actually caused good data to be deleted from synchronized folders. This happened because the corrupt database did not contain a record of the data and the software wrongfully concluded that the data must have been deleted from one of the other synchronized copies and, therefore, needed to be removed from the remaining copies.

Conclusion

    Overall, enterprise sync software does not typically provide the same level of data protection as would be provided by a dedicated backup application. Backup applications focus solely on data protection, whereas sync software is often treated more as a convenience feature that makes data accessible from multiple occasions.

To find out more, contact Az Datacom today. 

(623) 688-TECH

Fear of Change in the Age of the Customer

Sometimes, we need to destroy the status quo to create a new model of engagement. Sometimes, the market does that for us and that can be even scarier. Change is always scary and overwhelming, especially when it comes to technology. But it is inevitable.

     If you want to play the game, the siloed, broken communications of yesterday aren’t going to cut it any longer.

      Regardless of what business you’re in, your customer’s experience is your top priority. Customers increasingly prefer human interaction over digital communications channels, positioning your communications systems as a key enabler for delivering superior customer experience. Cloud communications offers your company a unique opportunity to craft the ideal customer experience, creating a competitive advantage few companies have thought to seize upon. With shifting demands and perceptions, it comes down to the company that’s intrepid enough to pull the trigger first.

Here are a few mindsets that help your organization prioritize customer experience:

Every department is a service department

     In today’s highly competitive market, customer loyalty is no longer entrenched as part of our social culture. In fact, 90% of customers today feel that businesses are too slow and unresponsive. 59% of those customers will try your competitor for a better experience, without hesitation. Legacy, premises-based phone systems offer siloed, fractured and inconsistent communications that reinforce breakdowns in employee and customer interactions and slow your ability to provide service. In short, they simply can’t compete with the cloud’s ability to seamlessly integrate communications systems with business applications and processes. The implication is businesses that more quickly adapt to this modern approach to communications will be the clear winner among customers.

Every conversation is an opportunity

     Every conversation customers have with your employees provide an opportunity to deliver superior customer service. 20^th century PBX systems were never designed to support the remote, distributed workforce of the 21^st century. Employees increasingly demand the ability to work flexible schedules from the location of their choosing, across multiple devices. According to a 2015 Citrix and Forrester study in 2015, 85% of employees use a mobile device for work. And yet most traditional PBX systems, with their hardwired infrastructures, can’t easily accommodate needs of this increasingly wireless, mobile workforce.  When employees use tools like personal laptops, mobile devices, Google Hangouts, Skype and Facetime to accomplish this, information leaves company networks to unsecured devices, and collaboration becomes more difficult.   

Failure is not an option

     Current business communications options, like traditional PBX phone systems, have many shortcomings. One of the most significant is the cost and complexity of ensuring your phones are one of the first services restored after any adverse event. While it is possible to develop an effective disaster recovery solution with a premises-based solution, it is not as seamless and cost-effective as a cloud solution. Moving to cloud-based business communications is a painless way to ensure a disaster doesn’t leave your phones down for hours or – worse yet – days.

     New isn’t always better. However, when sweeping technology changes impact the expectations of customers, businesses must keep up. If the only thing holding you back is a fear of change, consider the risks and benefits. What would more accessible employees mean for your business? How could enhanced collaboration improve time to market? What would a 99.99% up-time mean for your profitability? The fact is you must leverage your communications effectively, if you want to remain competitive.

Don’t fear change. Embrace it. Contact Us Today  @ (623) 688-8324 to find out how we can help you leverage better communications for the 21^st century.

Failing to Cut It in Web Security

"Virtually every school in America has some Internet access, thanks, in part, to a federal program known as E-rate, which provides about $2.3 billion annually to connect schools and libraries to the web," Banchero wrote earlier this year.

   There are, of course, pros and cons to making the Internet available in the majority of schools.

   Purely from an educational standpoint, it's hard to make a case that Internet access is a bad thing. Using the web for instructional purposes is a wonderful way to enhance the learning experience and (pardon the pun) connect with today's tech-savvy generation. Learning, no matter your age, should be fun. The Internet and Wi-Fi enabled devices make it possible.

   But there's a disturbing downside to making the web available in most schools: students — many of whom are under age — may be exposed to the darker corners of cyberspace. Some minors may unintentionally access sites and chat rooms glorifying bigotry, pornography and violence, for example. Others intentionally search for such content. 

  To say educators and school officials face a monumental task is an understatement. Parents may have the ability to control their children's web activity at home. But it is virtually impossible to shield them from every danger that exists online, particularly when Internet access is seemingly available everywhere — including schools. Moreover, the number of personal mobile devices students use to access the Internet during the school day makes matters even more challenging.

   According to the Pew Research Center, nearly half (47%) of U.S. 12- to 17-year-olds own smartphones, and 74% say they access the web via mobile devices "at least occasionally." This leads into several serious and sensitive topics.

Take cyberbullying, for example, and consider these statistics from NoBullying.com:

• 68% of teenagers consider cyberbullying a serious problem
• 75% of teens have visited a website that harasses a peer
• 90% of victims will not tell a trusted adult

   Familiar with the Children's Internet Protection Act (CIPA)? It is federal legislation requiring schools to create and enforce a web policy that ensures the safety of their students. This is precisely where a comprehensive IT security platform, complete with web protection, can help you achieve this necessary standard of security.

The solution you choose should enable you to:

• Whitelist specific domains
• Monitor the web around the clock
• Identify web usage by device
• Track bandwidth usage

   The Internet is a powerful tool. But in the wrong hands — whether those of an irresponsible adult or impressionable minor — it can be destructive.

To find out more, contact Az Datacom today. 

(623) 688-TECH