alt tag

Key Strategies to Boost IT Security in the Workplace


June 20th, 2018


Businesses have more to worry about than ever when it comes to dealing with new forms of cyber-attacks. The shift to a BYOD workplace adds even more challenges to protecting your digital assets. While hardware and software solutions continue to improve as a first line of defense against nefarious IT threats to your company, you can’t fix the human element with software patches.

Creating a workplace culture that takes IT security seriously on all levels is the best way a business can prepare its second line of defense against unpredictable and constantly changing attacks. Specifically, it’s essential to emphasize the importance of the human element in IT security. Here’s how.

Take Action: Develop and Implement an IT Security Culture Plan

Keeping an IT security-focused culture in your business requires constant care and work — you can’t just plant the idea and expect it to take hold. The process has to be ongoing with existing employees, but also needs to be ingrained into the hiring, training and employee exit processes. The mentality starts from the top, so C-level and IT staff should lead by example. Your business should develop a plan for staff that contains ongoing training and communication between security leaders and the rest of the staff.

Remember IT Security is Holistic

The responsibility for secure IT in the workplace belongs to everyone — not just the staff in leadership roles.

While employees that work with confidential data need to be the most vigilant about security, your security plan needs to emphasize that everyone is important. Holding regular training events for all staff and sending out newsletters related to current threats helps keep security on employees’ minds.

Keep everyone in the loop: Transparency and willingness to answer questions will go a long way.

Get Staff Excited

Creating rewards and recognition for your staff related to IT security can help keep the culture at the forefront of your business. Your business may find your staff responds well to gamification techniques for both training and real-world behavior. Take the time to notify staff when a breach occurs or let them know how your team thwarted an attempted breach when it happens. Also, recognize performers who prevent breaches, possibly with cash rewards. Public recognition can be a major motivator.

Pick Your Battles

If you ask too much of your staff your plan will fail. Your business should choose its battles wisely. At least when you’re starting your culture plan, aim for both the most important threats and the issues where staff can make a big difference with little effort.

  • If your workplace is big on BYOD, focus on encouraging employees to be responsible in keeping their devices secure. Employees will need to keep software updated to avoid malware exploits and may need to encrypt their devices to protect data.
  • Train your employees to always change the default credentials on a new piece of hardware or IoT device to combat DDoS. Hackers exploit the default settings to create botnets for attacks.
  • Train your staff to identify spear phishing attacks, which aim to steal credentials or information from an employee in a personalized attack.
  • Teach your staff to use two-step verification whenever possible to protect accounts. Educate employees about developing secure passwords for cases where more secure protection isn’t available.

If your Bay Area business is looking to improve its IT-security culture, the IT consulting experts at MPA can help. Contact us today.

 

 

Unique IT Challenges Financial Services Providers Face Today


June 19th, 2018


Financial services providers find their IT challenges list is always growing because of security issues, employee needs, customer protection, regulatory laws and business requirements. Keeping up with IT concerns is important not just because failing to do so means lost business opportunities — but also, the financial services industry can incur substantial penalties over failure.

Performance Challenges

The large amount of data and secure nature of that data create a heap of unique challenges for the financial services industry. While the “if it ain’t broke, don’t fix it” philosophy is a best practice, relying on it for too long creates situations in which older hardware and software can’t perform fast enough or are incompatible with newer platforms. Aging infrastructure can cause performance and compatibility issues.

Financial services providers often rely on high-capacity internet and network infrastructure to move large amounts of data quickly and securely. When that infrastructure no longer performs it’s time to migrate to something that does. IT services can be an invaluable asset when migrating, implementing and performance-tuning new hardware and software.

Compliance Challenges

IT in the financial services industry faces unique challenges from regulation and technology; the challenges are so great that a substantial share of the IT budget can go toward meeting government mandates.

On the technology side, many businesses rely on legacy systems that either need to be better protected because of known vulnerabilities or migrated to newer and more secure platforms.

Businesses often learn about issues and challenges from a Securities and Exchange Commission audit. It is crucial to comply with making changes in order to address identified concerns from the audit. IT addresses much of the regulatory compliance challenges through technology. An IT services provider can help a financial services provider address compliance issues, with solutions for everything from backup practices to email security.

Security Challenges

The financial services industry works with both confidential information and finances, which offers a very desirable target for hackers. Security challenges are the biggest and most important issue facing financial services providers in the IT realm. In particular, the financial industry is the top target for Distributed Denial of Service (DDoS) attacks, which aim to disable online services for customers and staff alike. Businesses need to implement defensive technology that mitigates these attacks when they happen (as opposed to if they happen).

Additionally, the industry needs to protect customer data and avoid breaches, as there are always new security concerns to address. That means IT staff must keep up with software patches on all levels while also avoiding breaking features from updates with the goal of preventing attacks. Aging infrastructure is often the root of cyber-attack vulnerabilities and may need to be replaced for data protection.

Financial providers need to watch out for phishing and ransomware attacks on employees. The financial industry is on the receiving end of 8.5 percent of all phishing attacks, so IT staff must address these concerns on the technical and personal levels to avoid allowing impersonators to access private information. Ransomware is also a major concern in the industry. This increases the emphasis on keeping software patched to avoid attacks and maintaining reliable backups to minimize data loss if any attacks succeed.

If your Bay-area financial services provider business is looking to streamline its integrations with expert help, MPA Networks is here to help put years of professional expertise to use. Contact us today to learn more.

 

 

What Nonprofits Should Seek in an IT Provider


May 29th, 2018


While many of the technical needs at nonprofit and for-profit businesses overlap, there are still several key considerations for nonprofits looking for the right IT services provider. Nonprofits’ motivations may be driven less by the concept of “spending money to making money” and more toward avoiding unnecessary costs so that the organization can focus more of its time and money on its message.

For nonprofits, working with an IT managed services provider can offer the following advantages:

IT Providers Help Streamline Technology Growth Alongside Nonprofit Growth

In many cases, growing nonprofit organizations struggle with keeping their infrastructure up to capacity to handle increased staff and workloads. Some nonprofits may find it easy to use in-house staff to set up and prepare new devices for new employees, whereas others may find an IT provider’s assistance invaluable. Other businesses may find it very difficult to keep their network infrastructure providing reliable performance while the number of employee computers and mobile devices continues to grow. Infrastructure can become overwhelmed as your business introduces more devices. IT service providers can help keep a watchful eye on desktop and network management.

Protecting Nonprofits From Technology Threats

Nonprofits and for-profits alike need to make IT security a priority: Overconfidence in your organization’s ability to protect itself and recover from cyber-attacks can be a major security threat in itself.

Though similar to for-profit businesses, nonprofits place a little less emphasis on targeted attacks because nonprofits aren’t as likely to be working with the same level of financial assets or confidential information. However, desktop management, which involves keeping security software running and all applications patched, can easily fall behind if on-site staff doesn’t actively monitor it.

IT services can ensure a nonprofit’s computers are strongly protected from threats.

Additionally, hiring an IT services provider for help with disaster recovery and backup can help your business avoid otherwise catastrophic situations. Proper backup practices require continuous diligent work to minimize loss from events such as hardware failure and ransomware attacks. For nonprofits, it can be invaluable knowing backups are completed correctly without having to worry about it. Losing an hour’s work by restoring data from a backup is a much more desirable prospect than losing entire projects.

Budgeting and Cost-Saving Help for Nonprofits

IT providers can also help nonprofits both stabilize and lower their budgets for IT expenses. Additionally, IT providers can work with nonprofits to only provide needed services and keep as many services in-house as the nonprofit desires. Nonprofits may pay extra attention to keeping overhead costs down, so outsourcing expensive, infrequently used services can bring in huge savings. Additionally, IT providers can offer a flat-fee subscription-based agreement so a nonprofit won’t have to deal with as many possible “surprises” when determining its IT budget for labor and capital expenses. For example, a business might look to IT services to cover IT management, implementation, equipment, software, and maintenance while maintaining control of its own in-house help desk and customer service.

The IT providers at MPA Networks can help your Bay Area nonprofit by fulfilling your IT needs at a lower cost. Contact us today to learn more.

 

 

Which Industries Are Most Likely to be Targeted with Cyber Security Threats?


May 21st, 2018


To understand why some industries are targeted in cyber attacks more often than others, it’s important to understand what drives hackers and what makes a target appealing. Of the two, hackers are easier to understand:

According to a Verizon data security report, roughly 70 percent of attacks are financially motivated, and around a quarter of attacks are for espionage purposes. The rest tend to fall under the categories of personal grudges, ideological attacks, and “just for fun.”

A prime target for an attack will have some of, if not all of, the following qualities:

  • Works with important, confidential data
  • Possesses valuable information (not just financially)
  • Service disruptions require urgent action to restore access or information security
  • Target has substantial financial assets
  • Target has the financial means to pay a ransom

Businesses in the following industries often find themselves on the receiving end of a security attack because they are considered high-value targets.

1. Finance

As the financial industry works with money, it should come as no surprise that it is the most popular target for hackers. This industry is the target in 24 percent of all attacks, which are almost exclusively financially motivated. These attacks often try to compromise credentials so hackers can steal money through a second-step. Businesses in the finance space should make IT security a priority because attacks are less a matter of if and more a matter of when.

2. Healthcare

Hackers often look to exploit the urgency in the healthcare industry for a financial payout: This industry receives 15 percent of all attacks. In particular, ransomware accounts for 72 percent of all malware attacks on hospitals. The healthcare industry is singled out because disruptions to data access could put patient lives at risk, and hackers could be looking to exploit legal penalties for underprepared businesses losing data.

3. Public Sector

The public sector is a popular target because of the information it stores: Around 12 percent of all attacks are on this industry. Financial motivation only accounts for 20 percent of attacks on the public administration segment of the industry; instead, espionage is the motive in 64 percent of cases. Hackers are often trying to steal confidential information from government operations, but they still may try to go after schools with ransomware to earn a quick payout. Criminals may also target public sector operations because they believe the organization is under-resourced in IT security.

4. Retail and Accommodations

When combined, the retail and accommodations industries comprise another 15 percent of cyber attacks. In particular, 96 percent of retail attacks are financially motivated. These attacks often target payment and personal information that can be used to either directly steal money or play a role in identity theft.

5. Everyone Else

Just because your business isn’t in the four largest targeted industries, you shouldn’t fall victim to a false sense of security. Other businesses still account for 34 percent of attacks. In fact, overconfidence in existing security practices can make the difference between a failed or successful breach.

The IT experts at MPA Networks can help your Bay-Area business secure its internet-facing operations to help keep your information safe. Whether you’re in finance, healthcare, or another industry, MPA’s experience can improve your defenses. Contact us today to learn more.

 

 

7 Ways to Keep Work Secure on Employee Personal Devices


May 14th, 2018


Technology improvements have made it easy for employees to get work done on their personal devices from anywhere. However, that freedom comes with additional security risks and requires extra diligence to keep data secure. Safeguarding information is a combined process of utilizing technology and educating staff. The following considerations will help your business keep work secure on employee personal devices.

1. Always Update/Patch Software

Hackers invest time trying to find new ways to bypass security or take advantage of personal apathy and laziness.

According to PC World, failing to install the latest patches and updates for software is the top security risk for both business and private use.

Hackers can look for known exploits that the software creator closed and use them against people who haven’t updated the software to close that security hole. Unlike with business-owned devices, your business really can’t force employees to install software that will prompt updates, so it becomes a matter of training.

2. Use Cloud Apps

Cloud applications for both computers and mobile devices offer some excellent security benefits for your business, especially when your employees access them on personal devices. Cloud apps shift much of the data security burden to the server side, which alleviates many of the security problems that could come from traditional apps run on employee devices. Cloud email is an excellent example of this because the server can handle scans for phishing, malware and other malicious attacks before the content ever makes it to the employee device. Cloud apps generally run the most current software versions, so your business won’t have to worry about employees running updates.

3. Encourage Strong Antivirus and Anti-Malware Practices on All Devices

While employees don’t need to use the same security software your business runs on their personal devices, they do still need quality security software. There are many free and low-cost security programs for personal users that provide excellent protection. Your IT staff can help make recommendations for employees on personal devices.

4. Train to Avoid Phishing Scams

While security software and cloud apps do a great job of catching phishing scams, some still might slip through. That’s why it’s important to train your employees in how to identify and avoid phishing scams.

5. Use Strong Passwords, Password Managers and 2-Step Verification

Employees should also keep their accounts secure by using sophisticated access credentials. This means using 2-step verification for all accounts and programs when possible and using password managers to protect their credentials. Employees should be trained in creating strong passwords in the event that more advanced security techniques don’t work.

6. Practice Public Wi-Fi Safety

In general, employees should avoid using public Wi-Fi when working with confidential information. If employees are going to do work on Wi-Fi outside of the home or workplace, they need to be trained in identifying fake access points and how to tell if a library, restaurant or other business’s network is secure.

7. Consider Using Remote Wipe or Lock Software

As a final effort, your business should encourage employees to install software that allows them to remote wipe or lock mobile devices and laptops they are going to use for work purposes. That way if someone steals that device, the damage will be limited to the financial loss of the hardware and not related to a data security breach.

The IT consulting experts at MPA Networks can help your business implement both software and training practices to help keep your data safe when employees use their personal devices for work. You can read our previous blog on tips for managing remote employees for even more information on keeping data safe. Contact us today to learn more.

 

 

6 Can’t-Miss Tools for Innovative Presentations


April 26th, 2018


It’s easy to grow jaded about presentation software. After all, each new version of PowerPoint and Keynote may feel like the equivalent of the same old room getting a new coat of paint. However, new tools and apps offer all sorts of fresh and clever ways to make better presentations. Encourage your employees to experiment with the following six tools in 2018 and see where they take you.

1. Collaborate with Google Slides

Google Slides may not offer PowerPoint- and Keynote-level features, but it’s free, widely supported and cloud-based. If you’re working on a presentation as a part of a team it’s easy to use Google Slides to work together. The program updates itself online in real time, so if one person on the team makes a change to a slide, the rest of the team will see it immediately if they are also working on the presentation. Google Slides also features automatic saving.

Additionally, your staff can use Google Slides as a tool to create a first draft of a presentation. When the draft is done, one employee can transfer the slideshow to another more capable program for revisions.

2. Exchange Ideas with SlideShare

LinkedIn SlideShare is like a social network for slideshows.

As long as the presentation doesn’t include confidential information, your staff can showcase their work and get feedback from other presentation experts.

Additionally, your staff can take a passive role in the social network: You can use it to look at other presentations from people across the world for inspiration on how to make a better presentation. SlideShare offers expert-taught presentation courses as well.

3. Dump Dated Software for Slidebean

Slidebean is a popular alternative presentation program that’s built to create stunning presentations with minimal effort from the content creator. Slidebean is a cloud-based app much like a premium version Google Slides and offers seamless online collaboration. It’s built to work on just about any device that supports a web browser.

4. Make a Non-Linear Presentation With Prezi

Prezi is an excellent tool for presentations during which the presenter interacts with the audience and adjusts points based on the discussion. It’s excellent for non-linear presentations as well as Q&A-style conferences. It can also be a helpful visual aid for a Q&A session after another presentation.

5. Present From Your Tablet or Phone with ApowerMirror

ApowerMirror is an application that streams a presentation from an Android or iOS device onto a computer. This tool can be very helpful for presenters who prefer the freedom of being able to move around and control their presentation with a smart device rather than a clicker. It’s also helpful for making sure that all the necessary media files are accessible for the presentation because it can access the device’s storage.

6. Generate Website-Based Timelines with TimelineJS

TimelineJS is a handy tool for presenters who want to produce a timeline with relative ease.

The tool quickly generates a timeline for display on a website from data entered into a Google spreadsheet template.

Presenters can display the timeline through any web browser to guide a presentation outside of a slides program.

Empower your productive staff to become even more productive with the right tools at your disposal. The IT consulting experts at MPA Networks can help your business identify and utilize new apps and tools to increase productivity well beyond your greatest expectations. Contact us today to learn more.

 

 

What Changes in Net Neutrality Could Mean for Your SMB


April 19th, 2018


The FCC net neutrality 3–2 repeal vote of December 2017 could lead to major concerns for IT staff at small and medium businesses. As of February 2018, the FCC is continuing to move toward the net neutrality repeal, but actual business changes will take a while to go into practice. That delay means IT staff is left with more questions about what’s going to happen rather than solid information on what will happen.

Understanding the Public Protests and FCC Defense

Opponents argue that the repeal allows services providers to create premium paid “fast lanes” that will give the paying customers a leg up on the competition when it comes to how quickly their content travels over the internet.

While big businesses can afford to pony up for fast lane service, SMBs will be less likely to afford the advantage.

Service providers say they just don’t want to be treated like a utility akin to gas, electric and phone service providers. Additionally, service providers argue the “fast lane” concept would be a step-up deal and wouldn’t mean slowing down speeds for non-paying businesses.

A lack of competition means that customers who are dissatisfied with fast lane practices can’t simply take their business elsewhere. According to the FCC’s 2016 Broadband Progress Report, “Only 38 percent of Americans have more than one choice of providers for fixed advanced telecommunications capability.”

How Net Neutrality Changes Impact IT

As far as IT staff is concerned, net neutrality changes are related to internet performance. The rules could amplify existing concerns over how different services function and change some points of emphasis:

  • Customer-facing website and online application performance will be more important than ever. Businesses that aren’t paying for “fast lane” access will want to make sure their CDN is performing well and their platforms have efficient data footprints. Not paying for “fast lane” service could be considered a barrier to entry for new competitors.
  • Company website SEO could take a hit because longer load times on their sites mean more people will abandon the page load. Load time doesn’t play a role in search result rankings, but page abandonment does — and longer load times mean higher abandonment rates.
  • Growing SMBs that move a lot of data across the internet could be crushed by larger businesses entering the same space and paying for an ISP speed advantage.
  • IT staff will have to address unfair business complaints against service providers with the FTC rather than the FCC, which the Harvard Business Review argues is less equipped to protect consumers in those disputes.
  • “Fast lane” cloud services may be more appealing for business use, which means IT staff may be tasked with migration to other platforms.
  • Businesses may opt to change high-bandwidth services such as teleconferencing to competitors who are paying for “fast lane” performance, especially those who rely on those services to communicate with clients.
  • Cloud-based backups could run at less optimal speeds compared with the full potential of the internet package speed, which could mean more time between backups.
  • Location-to-location network traffic could run at less-than-optimal speed, which could turn into a problem down the line as the business moves increasing amounts of data.

The IT consulting experts at MPA Networks can help your business adjust to changes in net neutrality rules as they take effect. Contact us today to learn more.

 

 

Addressing the Unique IT Management Needs at Law Firms


April 11th, 2018


Law firms face many unique IT management challenges that stem from the confidential nature of the information they work with. And that confidential data is why law firms must make the protection of information a key IT priority. Threats can come from outside (such as hackers using pressure to extort money from the firm) as well as inside (from technology failure). In order to adapt as threats change, it is important to understand both why law firms are prone to specific IT management challenges and how to address those challenges.

Why Are Law Firms a Prime Target for Ransomware?

As with other businesses, law firms must be ready for the growing number and scope of ransomware threats.

Hackers see law firms as ideal targets because lawyers may opt to pay the ransom to recover information for a case with an immediate court date.

Additionally, hackers may seek to exploit a larger law firm’s substantial financial backing to get an easy payday: A $300 ransom is worth much more to an individual than it is to a large firm. The 2017 ransomware attack against prominent global law firm DLA Piper demonstrates how serious these attacks can be.

Law Firms Are Vulnerable to Data Theft

While technology automates a great deal of law firms’ work, it also brings additional risks for information theft. The 2017 Equifax hack demonstrates exactly how far-reaching damage can be when hackers steal personal information.

Law firms also need to be concerned about keeping confidential client information confidential. Hackers may try to steal information stored on servers or personal computers through malware attacks and software exploits.

What’s less obvious is how criminals can use social engineering — such as posing as a client via email or during a phone conversation — to get law firms to give up confidential information.

External and Internal Data Loss

Law firms work with a substantial amount of information that can go missing due to both external and internal factors. For example, a firm’s server or an employee’s laptop may fail and lose all the data stored on the device. Additionally, employees may not always properly manage their documents and information, which makes them difficult to find. In fact, poor document management can cost a firm hours of productivity every week. IT management can help organize information through platforms such as a document management system to help minimize data loss related to human error.

Law Firm IT Management Solutions

While law firms face many unique IT challenges, businesses can take several steps to minimize risk and mitigate damage:

  • Implement a three-copy backup policy to safeguard against data loss related to ransomware, malware, device failure and human error.
  • Make sure that all software on all devices is up to date and running the latest version. Hackers tend to exploit user laziness by attacking security holes that could have been patched had the user not skipped an update.
  • Confirm that all information exchanges are secure. Don’t fall for social engineering schemes or use compromised public Wi-Fi networks.
  • Use document management systems to prevent losing data from mismanagement. These also serve as a type of backup.

If you would like to learn more about how your law firm can better manage its IT assets and protect itself from online threats, contact the IT experts at MPA Networks today.

 

 

Training Employees in Data Security Practices: Tips and Topics


April 3rd, 2018


While there’s plenty of technology available to keep your business’s data protected, the human element is still the most important piece to consider in safeguarding your company’s data. Properly training employees to understand and implement data security best practices works best when your business makes a cultural shift toward prioritizing IT security. Successfully training your staff is half about knowing how to train them and half about knowing which topics to train them on. Businesses that embrace a proactive approach to training employees on data security will have a much better track record than those that take a reactive approach.

Training Tips

Don’t just make a plan: Implement a program that focuses on training all employees. Have your business take an active role in implementing a data security program. This ensures training is far more effective than simply creating security practices, offering one-time training and hoping it works.

By implementing regular security training meetings on changing topics, your business can train your staff on a wide range of concerns.

In addition, your company can benefit from focused training while constantly reinforcing security as a priority. Hold multiple sessions that get into each topic in depth to help your employees better understand data security.

Training doesn’t end when the session ends — it’s an ongoing process. As an extension of training, your security staff should frequently send out reminders about security concerns to help employees remember what they’ve learned. Make your data security training materials easily accessible in the event staff members see a reminder and realize they should read up on a topic if they’re unclear of what the reminder is about. Additionally, C-level staff, IT and supervisors should lead by example.

Training Topics

The bad news is hackers will always create new threats for your staff to worry about — but the silver lining is that you’ll never run out of fresh topics to cover. Because of the fluidity of data security, your program will need to change which topics are covered in training and continually adjust strategy to address new threats. The following list covers just some of the many topics training sessions can cover:

  • Strong passwords and more secure authentication practices: This includes covering two-step authentication when applicable.
  • Secure Wi-Fi best practices: Explore red flags to look for when using public Wi-Fi and discuss whether public Wi-Fi should be used at all.
  • Physical device security: Cover topics such as encryption and disabling devices remotely to minimize data leaks for stolen/lost devices.
  • Use policy: Reaffirm that non-employees shouldn’t be using employee hardware.
  • Device security: Discuss the importance of keeping software patched and running security software on devices.
  • Popular methods of attack: Cover security best practices for avoiding popular phishing, man-in-the-middle and ransomware attacks.
  • Social engineering threats: Discuss the importance of the user as an essential line of defense when software can’t protect from threats.
  • Three-copy backup strategy: Explain that data is also at risk of being lost rather than stolen, and explore key backups to minimize these losses.

Hackers and thieves are known to exploit human complacency in security practices — and frequent training sessions will help employees stay aware. Is your business looking to improve its security practices? The IT consulting experts at MPA can help; contact us today to learn more.