alt tag

Posts Tagged ‘IT Management’


Spectre and Meltdown: Valuable Lessons for Your IT Security Team

Monday, February 12th, 2018

At the end of 2017, the world learned about Spectre and Meltdown: two far-reaching security threats that exploit how CPUs work to expose protected information on nearly every recent PC, server and smartphone. Hackers can use these exploits to do things like steal passwords and other protected private information stored in a computer’s memory through programs such as a web browser.

These vulnerabilities essentially affect every computer, including Macs, iOS devices and Chromebooks.

Hardware and software manufacturers are hard at work fixing the vulnerabilities, but it is up to the end users to make sure the fixes go through.

How the Exploits Work

Spectre seizes the ultra-fast memory on the CPU itself, known as the CPU cache. CPUs use processes called “Branch Prediction” and “Speculative Execution” to guess the most likely upcoming instructions from branches in a program to speed up performance. Spectre attacks manipulate those processes to push data from protected memory into the cache then load that pushed data from unprotected memory. The exploit identifies protected information because it loads faster from the cache.

Meltdown exploits a flaw in processor privilege escalation that allows executed code to get access to protected memory. Essentially, Meltdown breaks the isolation between the application and the operating system. Meltdown is the easier to exploit, but the easier to fix of the two.

What It Means for IT Security

IT security staff needs to make sure that all devices impacted by Spectre and Meltdown are properly updated to mitigate the threat. For the most part, this means staff needs to take some key steps: apply the operating system patches, install firmware updates, update web browsers and update other software that works with secure data, all while keeping the antivirus active.

In many cases, it means just staying out of the way, as Windows and MacOS devices will automatically install the updates. According to Microsoft, end users mostly just need to make sure Windows Update is active. However, some anti-virus programs may block patches and others aren’t compatible with the updates, so IT staff will need to find an alternative option to update those devices.

The Damage Done

Fortunately, Spectre and Meltdown haven’t led to any major security breaches, but researchers have identified more than 130 instances of malware designed around related exploits. So far, related malware seems to be proof-of-concept attempts rather than attacks.

At this point, most of the damage comes from performance degradation associated with the security updates. Both Spectre and Meltdown exploit techniques used to improve CPU performance, so closing those vulnerabilities often involves disabling those techniques. In particular, Windows-based systems running 2015-era Intel Haswell or older CPUs may experience performance drops, with older operating systems being more likely to show symptoms.

However, the performance loss isn’t consistent and can vary between 2 and 14 percent depending on the task. Some processes are affected more than others, with “privileged” processes seeing the most slowdown. Your IT staff should be concerned about this if your business is running virtual machine clusters. The performance loss may mean a hardware update is in order.

MPA Networks offers valuable services such as desktop management that can help your business avoid the pitfalls of Spectre and Meltdown by keeping your computers updated and secure. Contact us today to learn more.

Do You Have a Crisis Management Plan for a Cyberattack?

Thursday, February 8th, 2018

A crisis management plan is your business’s best defense for minimizing cyberattack damage after technology-based preventative measures have failed. Unfortunately for most businesses, cyberattacks are not a matter of if, but a matter of when. Establishing a crisis management plan can help your business minimize data compromise, limit attack scope, decrease recovery time and reduce harm to your reputation. Having a plan in advance means your operation can immediately get to work on containing the attack when it occurs rather than allow it to incur further damage while you scramble to develop a plan during the breach.

What Threats Do Cybersecurity Attacks Pose?

Cybersecurity attacks aren’t going away. According to CBS, as of 2015, criminals contributed to 1.5 million annual cyberattacks. These attacks can have major repercussions for a business.

According to IBM, the average breach costs a business $3.6 million.

Some attacks can lead to massive fallout that can put a business in financial trouble. In 2016, there were 15 breaches that exposed more than 10 million identities, Symantec reports.

The technical side of preventing cyber-attacks is an ongoing cat-and-mouse game. The tech industry pushes to close security holes as soon as — if not before — hackers find and exploit them. Hackers like to take advantage of businesses that haven’t applied software patches to close established security holes.

Malware, ransomware, botnets, IoT vulnerabilities and email phishing were all major threat sources in 2017. In particular, ransomware is a growing problem because businesses are paying more than $1,000 on average to recover “locked” data. Many of these payouts could have been avoided by implementing proper crisis management and disaster recovery plans in advance. While big businesses offer big targets, SMBs still need to protect themselves from attacks.

What Your Plan Should Contain

A cyberattack crisis management plan revolves around three main elements: preparation, response and recovery. Every step is crucial, because a poor response can actually make the situation worse. According to WIRED, Equifax’s management response could have stopped the problem before it started in their major 2017 breach, if they had not done such a poor job. Here’s what to consider:

  • Prepare: Your business should prepare for extreme-level attacks in advance. Part of this process involves creating a response team with key players from all necessary departments. The plan should include what each group needs to do in the event of an attack. The crisis response team should take action to plug major known security holes as they are discovered to prevent a breach.
  • Respond: The response team should identify the attack, secure the compromised systems, and investigate the cause of the breach in that order. Next, the team should take action to prevent further attacks that exploit the same or similar security holes.
  • Recover: The cycle continues after your business contains the threat. The response team should next work to minimize public damage and repair customer trust. According to a 2011 Ponemon Institute study, larger businesses say they averaged $332 million in diminished business value following a customer data breach.

The disaster recovery experts at MPA Networks can be a vital part of your business’s crisis management plan. Our experts can help your staff gets back to business as usual as quickly as possible. Contact us today to find out how we can help.

5 Specific IT Considerations for Remote Employees

Monday, February 5th, 2018

Businesses have a lot to gain by hiring remote employees, including the ability to recruit from a larger talent pool and the potential for less expensive workplace accommodations. However, remote employees introduce new challenges in IT security because of the lack of centralized IT management. While the majority of security best practices and techniques still apply, your business and its remote employees will need to take a more hands-on approach to properly protect devices and information. Remote workers introduce the following unique IT security challenges:

1. Increased Importance of Human-Based Security Policies

Remote workers need to be more self-directed when it comes to IT security, as there’s no physically centralized IT staff or infrastructure to reinforce safe practices. A business with remote employees should establish a well-developed set of strict security guidelines to protect both devices and online information.

2. Reduced Reliance on Centralized IT to Secure Devices

Any device used for company work needs to be secured with strong passwords, updated operating system software, current antivirus software and regular malware scans. All applications need to be patched to the most recent versions, too.

Hackers take advantage of weak security practices and known vulnerabilities that were patched by attacking unpatched software installations.

Employees will need to make sure all devices they use for work are properly updated and secured.

3. Potential Threats From Personal Devices

Just as with in-office staff, remote employees often use many different devices to do their jobs. They don’t use only the company-provided laptop; they may also use personal smartphones, tablets and computers. While remote IT services can access and update company-owned devices, ensuring personal devices are secured entirely falls on the remote employees.

4. A Lack of Office Network Security

Remote employees do not have the benefit of office network security. Instead, they are likely spending most of their time working on a personal network from their homes. This means employees need to configure their own secure Wi-Fi connection with a strong password and keep both their router and modem updated with the latest firmware. Additionally, remote employees need to change the default password on all networked devices, including the router and IoT devices.

5. Protecting Online Information

While office-based employees transfer a great deal of data over the internet, remote employees do almost all of their work online. If possible, your company can protect this data by configuring a VPN for remote employee use. Businesses should use cloud applications, such as Google’s office suite, whenever possible. These programs are automatically updated and won’t introduce legacy security issues with information exchanged online. Additionally, remote employees are likely to store and share most of their work over cloud-hosted platforms, so your company will also need to consider the security of those platforms.

If your business is considering the addition of remote employees or you want to make existing remote work more secure, the experts at MPA Networks can help. Through IT managed services and desktop management, we can provide your remote employees with security closer to what they’d expect from an office setting. Contact us today to learn more.

3 Subtle Ways IT Management Makes Day-to-Day Operations More Manageable

Monday, January 22nd, 2018

For many businesses, it is difficult to gauge how helpful IT management can be in the workplace on a day-to-day basis — mainly because when things are going well, there’s little to notice. Some of the most important benefits of an IT managed services provider show themselves subtly in what doesn’t happen rather than what does.

A well-managed IT environment means your staff spends less time worrying about issues such as technology security and network capabilities and more on getting work done.

IT management makes day-to-day operations more manageable in a number of ways. Here are just a few.

1. Fewer Outages and Faster Service Thanks to a Stable Office Network Infrastructure

People don’t say much about network service that works at an acceptable speed, but they’ll be more than happy to give a mouthful when things are running slowly. IT management handles the background work in installing and maintaining workplace networks to provide the rest of the workforce with smooth, secure internet and network access. IT management will examine network traffic to determine necessary infrastructure upgrades concerning both performance and security. This work helps prevent service outages and keeps staff happy with performance speed. If all goes well, employees will only hear about the subject when IT management staff communicate with them to ensure their needs are being met.

2. Staff Can Focus on the Human Element of Digital Security Rather Than the Technical

IT management makes technical security a priority. Your staff may still spend time deciding whether an email requesting confidential information is legitimate, but they can spend less time worrying about infecting their computers with malware when browsing the web. Managed services puts in the effort to ensure all computers are running updated software, including making sure operating system patches get installed and antivirus programs are up-to-date. They also ensure network infrastructure elements such as routers and modems are using security best practices and updated firmware. IT management takes care of security holes that most employees wouldn’t ever consider as potential threats until there’s a breach. And if that breach never happens, staff will remain unaware the threats even existed.

3. Managed Services Providers Free Money for Other Uses

Managed services providers (MSPs) save your business financially in three ways: They help boost productivity with faster infrastructure, avoid lost business from outages with a more stable work environment and cost less to operate than traditional on-site IT staff. MSPs help lower the cost of IT overhead, which means your business can budget that extra money elsewhere as needed. Managers and employees alike may find it difficult to see the value in paying for IT management that ensures smooth operations, but they will certainly notice problems that show up from inadequate IT.

IT managed services sells itself on the concept of helping clients avoid the high cost of downtime, but it also makes daily work easier in subtle ways. MPA Networks can provide your business with a customized IT management plan that addresses the unique needs of your business. Contact us today to get started.

Close Enough to Know You, Small Enough to Serve You

Thursday, November 13th, 2014

human-475668_1280If you’ve been reading our blog for a while, you know why we believe managed IT services are the smart choice over “going it alone” — particularly for a small business. Over the past few years alone, we’ve seen several major tech companies — some of the really big names — branch out into the outsourced IT space.

Of course, they have plenty of their own marketing muscle behind them, but before you become enamored with a “national brand,” ask yourself a few questions:

  • How many years of experience do they have with managed IT for small businesses?

  • Do they have specific experience with the unique needs of my industry (i.e., regulatory compliance) and the know-how to custom-design and implement the best IT solution for me?

  • Would they provide a knowledgeable, local IT specialist who’d meet with me in person whenever necessary?

  • If something suddenly goes wrong, can I immediately connect with The Person Who Can Fix The Problem, or will I get what every customer of a large tech company dreads — a lengthy phone queue (along with that annoying music) followed by a dispassionate support rep who reads from a script?

31 years ago, we envisioned MPA Networks as a Bay Area IT services company dedicated to serving Bay Area customers. We knew how daunting new technology could be for financial services, law firms, healthcare providers and other local small companies — and how personal, one-to-one service was the best answer. From desktop systems to email networks, from smart phones to high-capacity servers and cutting-edge applications in the cloud, we’ve specialized in crafting optimal IT solutions that give our customers the productivity they need to compete in this tough business market.

From our centralized Belmont location, we can easily serve customers from San Francisco to San Jose. Because we’re nearby (not in a different time zone — or continent), you can expect we’ll be at our best when you need us most: normal business hours.

Another difference between MPA and the “big guys” is our individualized MIS Manager Services. We can pair you up with an experienced MIS professional who’ll be your one-stop, face-to-face contact, responsible for fulfilling all your onsite IT needs — whether improving your existing IT infrastructure or building a new network from the ground up, from system design to project management to day-to-day operations. We offer MIS Manager Services in conjunction with our Reliable Networks Managed Services Program, our all-inclusive, flat-fee IT management package designed for small businesses. If you’d prefer to eliminate the pitfalls of IT to focus on your overall success, it’s definitely worth a look.