alt tag

Posts from January, 2015


Watch Out! Protect Your Home and Office against the Internet of Things

Wednesday, January 28th, 2015

computer-305523_1280

Internet of Things (IoT) devices provide a powerful way to utilize technology to enhance everyday machines in your home or office, from wrist fitness bands to refrigerators to thermostats. The ability to monitor your home security cameras while you’re on vacation, or tell your coffee machine to skip tonight’s brew, makes life a little easier.

New Technology, New Network Security Holes

Beware!

Internet-enabled devices create new security holes that cyber criminals can exploit to steal your information. While you’re probably not storing your credit card information on your IoT washing machine, the device itself could serve as a springboard or gateway for hackers to compromise any system inside your network. The Target store hack in late 2013 is a high-profile example of how criminals can wreak havoc by exploiting an IoT device.

The Target breach didn’t start with an attack on payment servers via the Internet; instead, hackers attacked the system through an HVAC subcontractor’s authentication credentials and made their way in to the main Target network through an air conditioning IoT control device. While the Target hack did expose credit card information, the attack could have been even worse if it gathered enough information for criminals to commit identity theft or drain bank accounts.

Securing Your Network for IoT Devices: The Best Options

A network security breach is a huge productivity killer, typically requiring hours of work to secure the network and compromised personal accounts. While the IoT device security threats may be discouraging for potential technology adopters, you could be missing out on some incredible innovations by refusing to implement IoT devices.

IoT devices can be used safely in your home or business when combined with either a dual-firewall or a firewall with a De-Militarized Zone configuration to isolate Internet-connected devices and stop hackers from using them as a network entry point.

A DMZ is a separate network that sits between the Internet and your in-office or in-home network, offering a more secure environment than the Internet but less secure than your protected internal network. Devices located in the DMZ are severely limited in which other devices in the network they can communicate with, and how they do it — blocking hackers from accessing your laptop after they’ve hacked your IoT wristband.

Since IoT devices are unlikely to receive the same level of security updates and patches as computers and network hardware, they are more vulnerable to security breaches.

You can configure a DMZ with a dual-firewall configuration, or with a higher-end firewall that has DMZ capability.

Alternatively, you can configure a second wireless network that exclusively hosts IoT devices for complete network separation. Under the two-network setup, hackers that break in to IoT devices find themselves on a completely different network than the one that contains your secure information.

IoT security concerns can be minimized with the proper preemptive configuration. IT consulting firms and managed service providers (MSPs) can help you establish a secure network environment if you’re not sure how to configure your firewall(s) for DMZ protection.

The Cloud: A Better IT Choice for Law Firms… or Not?

Wednesday, January 21st, 2015

business-17686_1280Several years since you probably first heard about it, “the Cloud” remains among the trendiest buzzwords in the tech world—particularly here around Silicon Valley. Several of our Bay Area law firm clients have approached us asking if migrating their IT into the Cloud is the right choice for them, especially after reading a handful of articles in the legal trade media urging them not to be left behind in the Cloud Revolution.

Much of this Cloud-or-bust evangelism is actually driven by PR hype from folks with “a dog in the hunt”—vendors of Cloud-related products or services targeted to the legal market. While there’s no doubt the Cloud is transforming how business is done across various industries, is it actually a good fit for a small to mid-size law firm? Actually, it depends. Let’s examine just a few of the important points to investigate before “ascending” into the Cloud:

Timing. If your firm’s onsite servers are over three years old, they’ve probably outlived their manufacturer’s warranties and have achieved a reasonable service life. Instead of replacing those servers, you might want to consider Cloud services. If moving to the Cloud will achieve a good ROI for your firm, the ROI is going to be better at “upgrade time” than at other times.

Cost. A Cloud-based platform doesn’t necessarily guarantee more “bang for the buck” than a traditional data center. While shifting to the Cloud may or may not increase attorneys’ productivity, the overall costs to your firm may actually turn out to be higher, especially in the long run. We recommend a thorough evaluation of your firm’s particular IT needs, matched with a favorable service contract from a managed service provider (MSP). Then compare that to what you’ve been spending.

The Cloud is not a one-size-fits-all cost solution. Research is recommended.

HINT: It may be a royal pain to reverse course if you don’t like the Cloud(s) you chose—so choose carefully.

How Much of What? A law firm’s initial foray into the Cloud doesn’t have to be an all-or-nothing proposition. It involves choosing the right proportions of IT operations to host in a private Cloud datacenter, or possibly installing a few specific software-as-a-service (SaaS) apps to handle essential tasks such as docketing or billing. The firm can also opt for a desktop-as-a-service (DaaS) platform, which would enable any Mac aficionados in the office to freely use your firm’s PC apps at their desktop, at home, or in a condo at Lake Tahoe.

Security. Cloud security is a real concern. On one hand, many Cloud providers, especially private Cloud providers who mimic what a private, corporate data center looks like, say that their security is better than what most small or medium-sized businesses have in place today.  This is somewhat true. On the other hand, there is the problem we have christened the “Willie Sutton Effect.” Willie was the most prolific US bank robber. When a reporter asked why he robbed banks, he was said to have replied, “Because that’s where the money is.” The same goes for cyber criminals. If you were a hacker in a criminal gang, who would you rather spend your valuable time hacking? A small law firm, or a Cloud provider where the data for dozens or even hundreds of small law firms is stored in one place?

One way to combat this problem of Cloud security is to use the Cloud only for workloads that involve encrypted data, which hackers generally cannot open. This includes some systems labeled “Hybrid Cloud.”  For example, there are business continuity systems  (a.k.a. “backup”) that store the backups from your on-premises servers in an encrypted form in your offices, and then mirror that data into Cloud data centers. That way, your data stored in the Cloud is far safer.

Another Hybrid Cloud option is to store apps and other “auxiliary” files externally in the Cloud, but store sensitive data on your firm’s onsite server—particularly confidential client information or data protected by government regulations like HIPAA.

Is Cloud computing the right solution for your law firm? For a complimentary assessment, click here.

 

Stay Productive with IT Managed Services

Wednesday, January 14th, 2015

hand-577355_1280It doesn’t take a psychic to know that one of your business goals is improving efficiency and productivity. You can do both with an IT managed service provider. MSPs specialize in finding technical solutions to streamline your work environment and preemptively stop work interruptions. The end goal of IT consulting is to help your business maximize employee time usage and productivity so you never have to stop driving toward your bottom line.

Work Smarter

Whether your company is a law firm, an investment advisory service, or another professional business, Cloud services are one option to consider if you want to improve efficiency. Cloud services can make your business more agile, reduce dependency on in-office hardware and mess, and improve business continuity by allowing for telecommuting and using your systems from anywhere. Your staff won’t need to spend as much time waiting for the computer to finish loading, or be at any specific machine to work. Cloud services can even help with email continuity by pushing messages to multiple devices, and keeping an off-site backup and archives for compliance or other purposes. Your users can even run PC applications in the Cloud and use a Mac or tablet to run them from your office!

The Cloud is not right for everyone, but an MSP will help determine whether Cloud services make sense for your business.

Cut Down Time

If your employees are spending less time managing and dealing with computer and network problems, they can devote more time to things that matter. Any sort of IT disruptive event that hinders productivity leads to a double dose of lost work time and costly maintenance. According to a CA Technologies study, IT outages cost North American and European businesses upwards of $26 billion in revenue.

Small companies lose around $55,000 on average from just 14 hours of downtime.

Outsourcing your IT services to an MSP can free up payroll expenses to hire workers for other important jobs. The MSP help desk is ready to quickly resolve technical problems that come up, as well as answer any questions you have. The IT managed services staff are specialists in the field, and they’ve already invested time to learn the ins-and-outs of repairing even the most severe problems.

Put Out Fires Before They Start

The best kind of problem is the one that doesn’t happen. IT consulting services guide you through proactive changes to prevent future problems, such as the selection and implementation of IT security software and other technology or practices that make sense for your workplace. If your network can’t handle the stress of the work day, you could be looking at outages and unexpectedly expensive upgrades. Being prepared and protected now is much less time consuming than waiting for something to fail and then having to fix it. Managed services will make sure your network infrastructure can sufficiently handle your growing data needs.

MSPs can help your business get back up from catastrophic IT failures quickly while losing as little data as possible. According to InformationWeek, 56 percent of North American businesses don’t have an adequate disaster recovery plan. An example of a good emergency plan includes installation of backup(s), along with a disaster recovery system that can restore your IT situation like nothing ever happened even after a massive outage — and can do so quickly, in your office or in the Cloud. Avoiding the necessity to redo hundreds or even thousands of hours of work is one way to think of being more efficient.

‘Tis the Season—for Small Business Cybercrime. Here’s How to Protect Your Company

Wednesday, January 7th, 2015

security

The holiday season means more than shopping and gift giving. It also now marks prime season for cybercriminals and hackers around the world — and they’re coming after small businesses in the U.S.

“Targeting” Target—via Small Businesses

You may have seen a segment on the November 30 broadcast of 60 Minutes which looked at today’s record levels of data security breaches among large national retailers. They spotlighted the credit card nightmare at Target stores, which occurred a little over a year ago. It’s now known that sophisticated hackers in Eastern Europe pulled off that massive caper not by directly “targeting” Target, but by seeking out smaller vendors who were doing business electronically with the company. They finally found a small HVAC contractor in Pennsylvania who had been performing work in nearby Target locations. Bypassing comparatively weaker IT security, the hackers located the contractor’s sign-in credentials for Target’s vendor interface. Once inside the Target network, they unleashed viral malware which attached itself to point-of-sale terminals in Target stores coast-to-coast. The result: roughly 40 million American consumer credit card numbers (including yours?) were suddenly up for grabs on the international black market.

Enabling a nationwide consumer panic is not how any small business wants to be remembered.

The holidays, and the post-holiday sales season, are particularly attractive to the cyber underworld because of the higher volume of commercial activity across our modern digital economy. And they know hacking into a Fortune 500 company — with vast security resources — is about as promising as trying to hop the fence at Fort Knox. They’d rather look for smaller companies with vulnerable security flaws, such as weak data protection policies, obsolete or unpatched security software, or careless employees.

The consequences hackers can inflict on a small company can range from compromised customer records to virtual extortion through “ransomware” and outright theft of cash. And unlike the generous fraud protections offered to those credit card customers at Target, unauthorized withdrawals from a commercial account may take weeks to resolve — or longer, pending investigations by banks and law enforcement. And unlike credit card fraud, in many cases you may never get your money back!

Now is an excellent time to review your company’s defenses against hacking and cybercrime.

Start with the Basics

Remind your employees to choose difficult company passwords (and periodically change them). Better yet, have your administrator set your password policy to require changes once a quarter or even once a month. Yes, users don’t like it — and yes, your security will improve and your business will be protecting itself.

Have your employees remain on the lookout for phishing emails — particularly “spoof” emails made to resemble notices from trusted websites like Amazon, Facebook, or your bank. One click on a phony link can quickly spread malware throughout your company and disrupt your business fast. To educate your employees, you might have them read this.

One malicious email could cost you thousands of dollars. Get the facts. Here’s how to identify a malicious email.

If your employees think they’re good at picking out a malicious email vs. a real one, have them take this quiz. And even if they don’t think they’re good, have them take the quiz anyway. Then have them review the quiz answers. Your employees may be surprised. (Hint: we’ve been told this quiz is a good educational tool — and can save frustration, money, and downtime.)

Security, and Then Some

Talk to your IT service folks and make sure your workstations, laptops, and any servers you might have in your office or in the Cloud are continually being patched for security flaws, and that your anti-virus systems are being constantly updated (as often as multiple times a day is recommended).

Next, consider a comprehensive security audit to identify likely weaknesses a hacker could exploit. Then patch those holes with state-of-the-art IT safeguards, including the latest enterprise-grade malware protection suites, hosted email security, extended encryption for Cloud applications, and optimal firewalls.

Cybercrime is out there, and growing by the day. To learn even more about precautions you can take against these threats, click here.