alt tag

IT Management Posts


Managing Automatic Updates: Balancing Security With Convenience

Tuesday, July 10th, 2018

Running automatic updates for applications and operating systems helps protect your company’s digital devices, but those updates can harm productivity if not well managedUnpatched software is the single biggest security risk in the workplace, so it’s essential to get those updates installed as soon as possible.

However, ASAP updates can be a substantial disruption to work if they run at a bad time. Your business can take advantage of tools, services and techniques to streamline the updating process to minimize the time your software is vulnerable without disrupting work.

General Tips for Updates

Your employees don’t want their computers to get hung up for 30 minutes running through updates in the middle of the workday. However, turning off automatic updates can leave devices vulnerable for a long period of time. The following tips will help streamline the update process for your business:

Use Software Update Management tools and Desktop Management Services whenever possible to automate the process.If automation is not an option, have employees shut down computers at the end of the day and run any updates from notifications.

Use the automated system to push updates at a time when employees aren’t working.

  • Automated updates should run at least once a week, but twice is better.
  • Run updates for individual programs as soon as possible, and only push “later” when busy.
  • Don’t avoid installing updates because of fear of incompatibility: IT will have to work around incompatibilities as they arise.

Mobile Device Updates

Android and iOS devices tend to balance convenience and security with updates. Application stores and service providers generally notify users and implement updates in a timely manner. Apps will update in the background when the device is not in use, and the device will alert the user of a pending operating system update and let them choose when the update will run.

The problem with smartphone updates comes from the limited amount of space on the device. If the phone doesn’t have enough space to download the update, the automatic update won’t work, and employees will fall behind. The most viable way to work around this issue is to buy devices with plenty of built-in storage.

Operating Systems

Computer operating system patches are among the most important updates your business needs to run for security purposes. Windows 10 embraces this concept, but the well-intended nature can be a usability nightmare for users who aren’t under the protection of a Software Update Management system. Windows 10 can be pushy with updates (to the point where there’s a meme in the mix.) An unwanted Windows 10 update can be a massive pain to employees in the middle of the workday because it can take a half hour or longer to complete.

The problem stems from Windows 10 Home’s omitting the ability to adjust the how the automatic updates system works. Professional and Enterprise version users can adjust the system to prompt the user to schedule the update install, so your workplace is better off upgrading any computers running the Home edition. Microsoft usually sends out updates on the second Tuesday of each month which inconveniently situates the update in the middle of the week and can turn a required reboot into a substantial disruption.

If your Bay Area business is trying to get a better handle on IT security by keeping up with software patches, the desktop support and management experts at MPA can help. Contact us today to learn more.

 

3 Steps to Getting Your Business BYOD Ready

Tuesday, July 3rd, 2018

If your business is considering a Bring Your Own Device environment, there’s a great deal of security preparation work to do beforehand. A successful BYOD strategy is all about finding the sweet spot of control, where your business is able to protect itself from digital threats while allowing its staff as much device freedom as possible.

A successful approach is part technology and part human, which requires hardware, software and policy solutions to balance flexibility and protection. Your business should take the following factors into consideration when developing a strategy. Your plan should aim to prevent things from going wrong — and limit the scope of the damage when they do.

Establish a Security-Minded Business Culture and Implement a BYOD Policy

Implementing BYOD begins before an employee connects the first device: It starts with culture. Under BYOD, your staff won’t be able to monitor employee devices to the same degree compared with work-provided devices, so security responsibility shifts to the employee.

Your workplace should implement an IT Security Culture Plan to get employees into the personal responsibility mindset. Additionally, your workplace will need to flesh out a BYOD company policy that establishes best practices for daily use, policies for handling exiting employees and set restrictions. Using a Mobile Device Management Service may streamline the process for your business concerning mobile device security exploits.

Employees will need to be mindful of keeping security software running and updated as well as installing all security-related patches for all programs on their devices. Your company’s BYOD policy also should touch on securing devices for off-location Wi-Fi use. In addition, the policy should establish sensible restrictions on Operating Systems and platforms: For example, don’t ban Windows 10 because your company loves Apple, but feel free to ban Windows XP because it is old and insecure.

Switch to Cloud Apps

BYOD will likely make switching to cloud app versions of the software your company uses in daily work far more appealing. Cloud apps will run the latest, most secure version automatically, so your employees won’t have to worry about installing updates to protect their devices. Making the switch to cloud apps is a decision on its own; however, it is closely related to BYOD security, and your business may benefit from addressing both workplace shifts at the same time.

Secure the Network and Isolate BYOD Devices as Necessary

BYOD devices create new IT security challenges. Unsecured devices can wreak all sorts of havoc on the network, including spreading malware. Your IT staff should configure employee devices for BYOD use by performing tasks like installing security software, implementing encryption and containerizing devices.

As for the network itself, your IT staff will likely need to introduce new security access levels and require access credentials for more situations than before.

Consider setting up a secondary network for BYOD devices, especially for employees who essentially use the network as a gateway to the internet and printer access. If the employee does not need access to the LAN, NAS, etc., don’t grant it.

Your business can also look at VPNs or desktop virtualization to streamline the process.

Configuring a secondary network might be a good idea from a traffic/infrastructure standpoint, as BYOD often means seeing an uptick in the total number of connected devices. The secondary network will help limit damage when something goes wrong. If your employees are bringing IoT devices, which are inherently far less secure than computers and smartphones, the secondary network will save your workplace a lot of headaches.

If your Bay Area business is looking to implement a BYOD policy or make its existing one better, the IT consulting and network management experts at MPA can help. Contact us today to learn more.

Lowering the Bottom Line: IT Management Support and Cost-Saving Benefits

Wednesday, June 27th, 2018

Shifting to IT management support services can make a huge difference in reducing your business’ operational bottom-line. IT management goes a long way to streamline both infrastructure and support while providing access to a larger knowledge pool than what an on-site staff can provide. Businesses can offload work to a managed services provider, and free their on-site IT staff to work on their most important projects. The following list covers many of the common significant expenditure areas your business can reduce through professional IT support.

Reduced Management and Staff Overhead Costs

Outside IT management removes management responsibilities from your business, thus providing an inherent payroll savings. Additionally, IT managed services significantly reduces the amount of on-site IT staff your business needs in day-to-day operations. In short, going with an outside service can save your business the expense of hiring extra staff.

 Less Downtime and Faster Downtime Recovery

IT managed services providers can put their extensive networking knowledge to work by optimizing and monitoring your business network infrastructure.

Just by paying staff to wait, your business can lose a lot of money when the network goes offline or performs slowly, so avoiding downtime is an easy way to improve ROI. A program like Reliable Networks includes productivity analysis, server management services, backup support and disaster recovery assistance, all of which help your business avoid downtime and minimize downtime in the rare event it occurs.

Offloading Technical Security Work: Outsource Desktop and Backup Management

Professional IT support can help your business reduce expenses by assisting in highly specified IT operations with a level of expertise that would require a substantially larger IT staff than is practical at an SMB. For example, desktop management services takes over from your on-site staff the responsibility of making sure every device is running the latest, most secure software updates. Additionally, professional IT support can provide customized backup and disaster recovery strategies that work with how your business is set up. A small IT staff may have the skills to keep the network running at peak performance, but may not be as knowledgeable with backup strategies.

Only Pay for It as You Need It

IT work, specifically downtime protection, often has a feast-or-famine workload dichotomy, and being able to staff alongside the workflow is a major cost-saver. On most days, the server monitoring and maintenance work is easy for a single worker to cover. However, that single worker may be overwhelmed in the rare event a problem arises — in which case your company would want several people working on the issue.

IT managed services makes it easy to bring in extra help when you need it, and avoids keeping that extra help on payroll when you don’t.

Lead Business to Cut Unused Applications

As your business shifts to a model where it only pays for IT services when required, it forces your staff to consider what services are really necessary for operation. Your business can save a substantial sum on operations costs by decommissioning unused applications and hardware.

IT managed services not only helps your business reduce its bottom-line costs, but also improves IT performance in the workplace. Contact us today to learn how your Bay Area business can benefit from IT management support.

Making the Switch to BYOD? Pros, Cons and Security Implications to Consider First

Tuesday, June 26th, 2018

Making the switch to a Bring Your Own Device (BYOD) business environment extends well beyond the decision to let employees choose their devices. Your business should look at the pros and cons of the concept before deciding how to approach it and to what extent your company will embrace it. Your business needs might better work with partial BYOD over complete BYOD.

The BYOD concept requires making adjustments to your business culture by shifting the role of security toward your entire staff. It’s crucial for businesses to focus on BYOD-related security risks before opening the gates.

The Pros of BYOD

The big lure of BYOD is it can dramatically reduce hardware and administration expenses. Employees likely already use their personal devices for some work-related tasks; this approach simply makes it official. Both the business and its workers stand to benefit, because employees may invest more effort in taking care of hardware when they have both a personal and a professional stake. BYOD also allows for device consolidation: Employees only need to keep track of one phone at work instead of two.

Employees develop preferences for specific brands, platforms and form factors based on how well their tools help them do their jobs.

A BYOD workplace enables employees to choose devices they are familiar and comfortable with, which can increase productivity. Employees like BYOD because they can pick the tools they want. BYOD helps businesses avoid situations where employees are stuck using devices they tolerate in exchange for devices they are more likely to love, which ultimately makes employees happier.

The Cons of BYOD

Unfortunately, much of the money saved through hardware and administration expenses can come back in the form of higher support costs. Because employees will inevitably choose a large range of devices, your business won’t have the same level of standardization. This makes it impossible to have a uniform approach to end-user support. Support will have to manage a much larger range of potential issues. Additionally, BYOD can result in incompatibility issues in which devices can’t access essential services or use necessary software.

The Essential BYOD Security Concerns

While increased device diversity means that a hacker will have a more difficult time using the same exploit to access multiple devices on your business network, BYOD is much more heavy-handed in “cons” for security. The following are just some of the many security issues facing BYOD workplaces:

  • Businesses face a loss of control for software security. BYOD workplaces can’t rely on IT to make sure all employees implement all software security updates and keep approved security software running on all devices.
  • IT may not be able to support a given device because it is employee owned. A crash may result in lost work and information that would’ve been saved on a business-owned device.
  • Employees need to implement and maintain their own data backup practices.
  • Businesses have less control over workplace device-use monitoring because of employee privacy concerns.
  • Registering a large number of BYOD devices for work use can be burdensome.
  • Companies may encounter difficulties in wiping a lost device, which can expose confidential business information.
  • A business may need to switch to cloud-based applications in order to better protect business information.
  • Organizations face potential problems with HIPAA compliance, especially if someone steals information.

A security-first culture is more important than ever in businesses that use BYOD. Is your Bay Area business looking to adopt a BYOD strategy? The IT consulting experts at MPA Networks can help; contact us today.

Key Strategies to Boost IT Security in the Workplace

Wednesday, June 20th, 2018

Businesses have more to worry about than ever when it comes to dealing with new forms of cyber-attacks. The shift to a BYOD workplace adds even more challenges to protecting your digital assets. While hardware and software solutions continue to improve as a first line of defense against nefarious IT threats to your company, you can’t fix the human element with software patches.

Creating a workplace culture that takes IT security seriously on all levels is the best way a business can prepare its second line of defense against unpredictable and constantly changing attacks. Specifically, it’s essential to emphasize the importance of the human element in IT security. Here’s how.

Take Action: Develop and Implement an IT Security Culture Plan

Keeping an IT security-focused culture in your business requires constant care and work — you can’t just plant the idea and expect it to take hold. The process has to be ongoing with existing employees, but also needs to be ingrained into the hiring, training and employee exit processes. The mentality starts from the top, so C-level and IT staff should lead by example. Your business should develop a plan for staff that contains ongoing training and communication between security leaders and the rest of the staff.

Remember IT Security is Holistic

The responsibility for secure IT in the workplace belongs to everyone — not just the staff in leadership roles.

While employees that work with confidential data need to be the most vigilant about security, your security plan needs to emphasize that everyone is important. Holding regular training events for all staff and sending out newsletters related to current threats helps keep security on employees’ minds.

Keep everyone in the loop: Transparency and willingness to answer questions will go a long way.

Get Staff Excited

Creating rewards and recognition for your staff related to IT security can help keep the culture at the forefront of your business. Your business may find your staff responds well to gamification techniques for both training and real-world behavior. Take the time to notify staff when a breach occurs or let them know how your team thwarted an attempted breach when it happens. Also, recognize performers who prevent breaches, possibly with cash rewards. Public recognition can be a major motivator.

Pick Your Battles

If you ask too much of your staff your plan will fail. Your business should choose its battles wisely. At least when you’re starting your culture plan, aim for both the most important threats and the issues where staff can make a big difference with little effort.

  • If your workplace is big on BYOD, focus on encouraging employees to be responsible in keeping their devices secure. Employees will need to keep software updated to avoid malware exploits and may need to encrypt their devices to protect data.
  • Train your employees to always change the default credentials on a new piece of hardware or IoT device to combat DDoS. Hackers exploit the default settings to create botnets for attacks.
  • Train your staff to identify spear phishing attacks, which aim to steal credentials or information from an employee in a personalized attack.
  • Teach your staff to use two-step verification whenever possible to protect accounts. Educate employees about developing secure passwords for cases where more secure protection isn’t available.

If your Bay Area business is looking to improve its IT-security culture, the IT consulting experts at MPA can help. Contact us today.

Unique IT Challenges Financial Services Providers Face Today

Tuesday, June 19th, 2018

Financial services providers find their IT challenges list is always growing because of security issues, employee needs, customer protection, regulatory laws and business requirements. Keeping up with IT concerns is important not just because failing to do so means lost business opportunities — but also, the financial services industry can incur substantial penalties over failure.

Performance Challenges

The large amount of data and secure nature of that data create a heap of unique challenges for the financial services industry. While the “if it ain’t broke, don’t fix it” philosophy is a best practice, relying on it for too long creates situations in which older hardware and software can’t perform fast enough or are incompatible with newer platforms. Aging infrastructure can cause performance and compatibility issues.

Financial services providers often rely on high-capacity internet and network infrastructure to move large amounts of data quickly and securely. When that infrastructure no longer performs it’s time to migrate to something that does. IT services can be an invaluable asset when migrating, implementing and performance-tuning new hardware and software.

Compliance Challenges

IT in the financial services industry faces unique challenges from regulation and technology; the challenges are so great that a substantial share of the IT budget can go toward meeting government mandates.

On the technology side, many businesses rely on legacy systems that either need to be better protected because of known vulnerabilities or migrated to newer and more secure platforms.

Businesses often learn about issues and challenges from a Securities and Exchange Commission audit. It is crucial to comply with making changes in order to address identified concerns from the audit. IT addresses much of the regulatory compliance challenges through technology. An IT services provider can help a financial services provider address compliance issues, with solutions for everything from backup practices to email security.

Security Challenges

The financial services industry works with both confidential information and finances, which offers a very desirable target for hackers. Security challenges are the biggest and most important issue facing financial services providers in the IT realm. In particular, the financial industry is the top target for Distributed Denial of Service (DDoS) attacks, which aim to disable online services for customers and staff alike. Businesses need to implement defensive technology that mitigates these attacks when they happen (as opposed to if they happen).

Additionally, the industry needs to protect customer data and avoid breaches, as there are always new security concerns to address. That means IT staff must keep up with software patches on all levels while also avoiding breaking features from updates with the goal of preventing attacks. Aging infrastructure is often the root of cyber-attack vulnerabilities and may need to be replaced for data protection.

Financial providers need to watch out for phishing and ransomware attacks on employees. The financial industry is on the receiving end of 8.5 percent of all phishing attacks, so IT staff must address these concerns on the technical and personal levels to avoid allowing impersonators to access private information. Ransomware is also a major concern in the industry. This increases the emphasis on keeping software patched to avoid attacks and maintaining reliable backups to minimize data loss if any attacks succeed.

If your Bay Area financial services provider business is looking to streamline its integrations with expert help, MPA Networks is here to help put years of professional expertise to use. Contact us today to learn more.

What Nonprofits Should Seek in an IT Provider

Tuesday, May 29th, 2018

While many of the technical needs at nonprofit and for-profit businesses overlap, there are still several key considerations for nonprofits looking for the right IT services provider. Nonprofits’ motivations may be driven less by the concept of “spending money to making money” and more toward avoiding unnecessary costs so that the organization can focus more of its time and money on its message.

For nonprofits, working with an IT managed services provider can offer the following advantages:

IT Providers Help Streamline Technology Growth Alongside Nonprofit Growth

In many cases, growing nonprofit organizations struggle with keeping their infrastructure up to capacity to handle increased staff and workloads. Some nonprofits may find it easy to use in-house staff to set up and prepare new devices for new employees, whereas others may find an IT provider’s assistance invaluable. Other businesses may find it very difficult to keep their network infrastructure providing reliable performance while the number of employee computers and mobile devices continues to grow. Infrastructure can become overwhelmed as your business introduces more devices. IT service providers can help keep a watchful eye on desktop and network management.

Protecting Nonprofits From Technology Threats

Nonprofits and for-profits alike need to make IT security a priority: Overconfidence in your organization’s ability to protect itself and recover from cyber-attacks can be a major security threat in itself.

Though similar to for-profit businesses, nonprofits place a little less emphasis on targeted attacks because nonprofits aren’t as likely to be working with the same level of financial assets or confidential information. However, desktop management, which involves keeping security software running and all applications patched, can easily fall behind if on-site staff doesn’t actively monitor it.

IT services can ensure a nonprofit’s computers are strongly protected from threats.

Additionally, hiring an IT services provider for help with disaster recovery and backup can help your business avoid otherwise catastrophic situations. Proper backup practices require continuous diligent work to minimize loss from events such as hardware failure and ransomware attacks. For nonprofits, it can be invaluable knowing backups are completed correctly without having to worry about it. Losing an hour’s work by restoring data from a backup is a much more desirable prospect than losing entire projects.

Budgeting and Cost-Saving Help for Nonprofits

IT providers can also help nonprofits both stabilize and lower their budgets for IT expenses. Additionally, IT providers can work with nonprofits to only provide needed services and keep as many services in-house as the nonprofit desires. Nonprofits may pay extra attention to keeping overhead costs down, so outsourcing expensive, infrequently used services can bring in huge savings. Additionally, IT providers can offer a flat-fee subscription-based agreement so a nonprofit won’t have to deal with as many possible “surprises” when determining its IT budget for labor and capital expenses. For example, a business might look to IT services to cover IT management, implementation, equipment, software, and maintenance while maintaining control of its own in-house help desk and customer service.

The IT providers at MPA Networks can help your Bay Area nonprofit by fulfilling your IT needs at a lower cost. Contact us today to learn more.

Which Industries Are Most Likely to be Targeted with Cyber Security Threats?

Monday, May 21st, 2018

To understand why some industries are targeted in cyber attacks more often than others, it’s important to understand what drives hackers and what makes a target appealing. Of the two, hackers are easier to understand:

According to a Verizon data security report, roughly 70 percent of attacks are financially motivated, and around a quarter of attacks are for espionage purposes. The rest tend to fall under the categories of personal grudges, ideological attacks, and “just for fun.”

A prime target for an attack will have some of, if not all of, the following qualities:

  • Works with important, confidential data
  • Possesses valuable information (not just financially)
  • Service disruptions require urgent action to restore access or information security
  • Target has substantial financial assets
  • Target has the financial means to pay a ransom

Businesses in the following industries often find themselves on the receiving end of a security attack because they are considered high-value targets.

1. Finance

As the financial industry works with money, it should come as no surprise that it is the most popular target for hackers. This industry is the target in 24 percent of all attacks, which are almost exclusively financially motivated. These attacks often try to compromise credentials so hackers can steal money through a second-step. Businesses in the finance space should make IT security a priority because attacks are less a matter of if and more a matter of when.

2. Healthcare

Hackers often look to exploit the urgency in the healthcare industry for a financial payout: This industry receives 15 percent of all attacks. In particular, ransomware accounts for 72 percent of all malware attacks on hospitals. The healthcare industry is singled out because disruptions to data access could put patient lives at risk, and hackers could be looking to exploit legal penalties for underprepared businesses losing data.

3. Public Sector

The public sector is a popular target because of the information it stores: Around 12 percent of all attacks are on this industry. Financial motivation only accounts for 20 percent of attacks on the public administration segment of the industry; instead, espionage is the motive in 64 percent of cases. Hackers are often trying to steal confidential information from government operations, but they still may try to go after schools with ransomware to earn a quick payout. Criminals may also target public sector operations because they believe the organization is under-resourced in IT security.

4. Retail and Accommodations

When combined, the retail and accommodations industries comprise another 15 percent of cyber attacks. In particular, 96 percent of retail attacks are financially motivated. These attacks often target payment and personal information that can be used to either directly steal money or play a role in identity theft.

5. Everyone Else

Just because your business isn’t in the four largest targeted industries, you shouldn’t fall victim to a false sense of security. Other businesses still account for 34 percent of attacks. In fact, overconfidence in existing security practices can make the difference between a failed or successful breach.

The IT experts at MPA Networks can help your Bay-Area business secure its internet-facing operations to help keep your information safe. Whether you’re in finance, healthcare, or another industry, MPA’s experience can improve your defenses. Contact us today to learn more.

7 Ways to Keep Work Secure on Employee Personal Devices

Monday, May 14th, 2018

Technology improvements have made it easy for employees to get work done on their personal devices from anywhere. However, that freedom comes with additional security risks and requires extra diligence to keep data secure. Safeguarding information is a combined process of utilizing technology and educating staff. The following considerations will help your business keep work secure on employee personal devices.

1. Always Update/Patch Software

Hackers invest time trying to find new ways to bypass security or take advantage of personal apathy and laziness.

According to PC World, failing to install the latest patches and updates for software is the top security risk for both business and private use.

Hackers can look for known exploits that the software creator closed and use them against people who haven’t updated the software to close that security hole. Unlike with business-owned devices, your business really can’t force employees to install software that will prompt updates, so it becomes a matter of training.

2. Use Cloud Apps

Cloud applications for both computers and mobile devices offer some excellent security benefits for your business, especially when your employees access them on personal devices. Cloud apps shift much of the data security burden to the server side, which alleviates many of the security problems that could come from traditional apps run on employee devices. Cloud email is an excellent example of this because the server can handle scans for phishing, malware and other malicious attacks before the content ever makes it to the employee device. Cloud apps generally run the most current software versions, so your business won’t have to worry about employees running updates.

3. Encourage Strong Antivirus and Anti-Malware Practices on All Devices

While employees don’t need to use the same security software your business runs on their personal devices, they do still need quality security software. There are many free and low-cost security programs for personal users that provide excellent protection. Your IT staff can help make recommendations for employees on personal devices.

4. Train to Avoid Phishing Scams

While security software and cloud apps do a great job of catching phishing scams, some still might slip through. That’s why it’s important to train your employees in how to identify and avoid phishing scams.

5. Use Strong Passwords, Password Managers and 2-Step Verification

Employees should also keep their accounts secure by using sophisticated access credentials. This means using 2-step verification for all accounts and programs when possible and using password managers to protect their credentials. Employees should be trained in creating strong passwords in the event that more advanced security techniques don’t work.

6. Practice Public Wi-Fi Safety

In general, employees should avoid using public Wi-Fi when working with confidential information. If employees are going to do work on Wi-Fi outside of the home or workplace, they need to be trained in identifying fake access points and how to tell if a library, restaurant or other business’s network is secure.

7. Consider Using Remote Wipe or Lock Software

As a final effort, your business should encourage employees to install software that allows them to remote wipe or lock mobile devices and laptops they are going to use for work purposes. That way if someone steals that device, the damage will be limited to the financial loss of the hardware and not related to a data security breach.

The IT consulting experts at MPA Networks can help your business implement both software and training practices to help keep your data safe when employees use their personal devices for work. You can read our previous blog on tips for managing remote employees for even more information on keeping data safe. Contact us today to learn more.