alt tag

Posts Tagged ‘IT Support’


Spectre and Meltdown: Valuable Lessons for Your IT Security Team

Monday, February 12th, 2018

At the end of 2017, the world learned about Spectre and Meltdown: two far-reaching security threats that exploit how CPUs work to expose protected information on nearly every recent PC, server and smartphone. Hackers can use these exploits to do things like steal passwords and other protected private information stored in a computer’s memory through programs such as a web browser.

These vulnerabilities essentially affect every computer, including Macs, iOS devices and Chromebooks.

Hardware and software manufacturers are hard at work fixing the vulnerabilities, but it is up to the end users to make sure the fixes go through.

How the Exploits Work

Spectre seizes the ultra-fast memory on the CPU itself, known as the CPU cache. CPUs use processes called “Branch Prediction” and “Speculative Execution” to guess the most likely upcoming instructions from branches in a program to speed up performance. Spectre attacks manipulate those processes to push data from protected memory into the cache then load that pushed data from unprotected memory. The exploit identifies protected information because it loads faster from the cache.

Meltdown exploits a flaw in processor privilege escalation that allows executed code to get access to protected memory. Essentially, Meltdown breaks the isolation between the application and the operating system. Meltdown is the easier to exploit, but the easier to fix of the two.

What It Means for IT Security

IT security staff needs to make sure that all devices impacted by Spectre and Meltdown are properly updated to mitigate the threat. For the most part, this means staff needs to take some key steps: apply the operating system patches, install firmware updates, update web browsers and update other software that works with secure data, all while keeping the antivirus active.

In many cases, it means just staying out of the way, as Windows and MacOS devices will automatically install the updates. According to Microsoft, end users mostly just need to make sure Windows Update is active. However, some anti-virus programs may block patches and others aren’t compatible with the updates, so IT staff will need to find an alternative option to update those devices.

The Damage Done

Fortunately, Spectre and Meltdown haven’t led to any major security breaches, but researchers have identified more than 130 instances of malware designed around related exploits. So far, related malware seems to be proof-of-concept attempts rather than attacks.

At this point, most of the damage comes from performance degradation associated with the security updates. Both Spectre and Meltdown exploit techniques used to improve CPU performance, so closing those vulnerabilities often involves disabling those techniques. In particular, Windows-based systems running 2015-era Intel Haswell or older CPUs may experience performance drops, with older operating systems being more likely to show symptoms.

However, the performance loss isn’t consistent and can vary between 2 and 14 percent depending on the task. Some processes are affected more than others, with “privileged” processes seeing the most slowdown. Your IT staff should be concerned about this if your business is running virtual machine clusters. The performance loss may mean a hardware update is in order.

MPA Networks offers valuable services such as desktop management that can help your business avoid the pitfalls of Spectre and Meltdown by keeping your computers updated and secure. Contact us today to learn more.

Do You Have a Crisis Management Plan for a Cyberattack?

Thursday, February 8th, 2018

A crisis management plan is your business’s best defense for minimizing cyberattack damage after technology-based preventative measures have failed. Unfortunately for most businesses, cyberattacks are not a matter of if, but a matter of when. Establishing a crisis management plan can help your business minimize data compromise, limit attack scope, decrease recovery time and reduce harm to your reputation. Having a plan in advance means your operation can immediately get to work on containing the attack when it occurs rather than allow it to incur further damage while you scramble to develop a plan during the breach.

What Threats Do Cybersecurity Attacks Pose?

Cybersecurity attacks aren’t going away. According to CBS, as of 2015, criminals contributed to 1.5 million annual cyberattacks. These attacks can have major repercussions for a business.

According to IBM, the average breach costs a business $3.6 million.

Some attacks can lead to massive fallout that can put a business in financial trouble. In 2016, there were 15 breaches that exposed more than 10 million identities, Symantec reports.

The technical side of preventing cyber-attacks is an ongoing cat-and-mouse game. The tech industry pushes to close security holes as soon as — if not before — hackers find and exploit them. Hackers like to take advantage of businesses that haven’t applied software patches to close established security holes.

Malware, ransomware, botnets, IoT vulnerabilities and email phishing were all major threat sources in 2017. In particular, ransomware is a growing problem because businesses are paying more than $1,000 on average to recover “locked” data. Many of these payouts could have been avoided by implementing proper crisis management and disaster recovery plans in advance. While big businesses offer big targets, SMBs still need to protect themselves from attacks.

What Your Plan Should Contain

A cyberattack crisis management plan revolves around three main elements: preparation, response and recovery. Every step is crucial, because a poor response can actually make the situation worse. According to WIRED, Equifax’s management response could have stopped the problem before it started in their major 2017 breach, if they had not done such a poor job. Here’s what to consider:

  • Prepare: Your business should prepare for extreme-level attacks in advance. Part of this process involves creating a response team with key players from all necessary departments. The plan should include what each group needs to do in the event of an attack. The crisis response team should take action to plug major known security holes as they are discovered to prevent a breach.
  • Respond: The response team should identify the attack, secure the compromised systems, and investigate the cause of the breach in that order. Next, the team should take action to prevent further attacks that exploit the same or similar security holes.
  • Recover: The cycle continues after your business contains the threat. The response team should next work to minimize public damage and repair customer trust. According to a 2011 Ponemon Institute study, larger businesses say they averaged $332 million in diminished business value following a customer data breach.

The disaster recovery experts at MPA Networks can be a vital part of your business’s crisis management plan. Our experts can help your staff gets back to business as usual as quickly as possible. Contact us today to find out how we can help.

5 Specific IT Considerations for Remote Employees

Monday, February 5th, 2018

Businesses have a lot to gain by hiring remote employees, including the ability to recruit from a larger talent pool and the potential for less expensive workplace accommodations. However, remote employees introduce new challenges in IT security because of the lack of centralized IT management. While the majority of security best practices and techniques still apply, your business and its remote employees will need to take a more hands-on approach to properly protect devices and information. Remote workers introduce the following unique IT security challenges:

1. Increased Importance of Human-Based Security Policies

Remote workers need to be more self-directed when it comes to IT security, as there’s no physically centralized IT staff or infrastructure to reinforce safe practices. A business with remote employees should establish a well-developed set of strict security guidelines to protect both devices and online information.

2. Reduced Reliance on Centralized IT to Secure Devices

Any device used for company work needs to be secured with strong passwords, updated operating system software, current antivirus software and regular malware scans. All applications need to be patched to the most recent versions, too.

Hackers take advantage of weak security practices and known vulnerabilities that were patched by attacking unpatched software installations.

Employees will need to make sure all devices they use for work are properly updated and secured.

3. Potential Threats From Personal Devices

Just as with in-office staff, remote employees often use many different devices to do their jobs. They don’t use only the company-provided laptop; they may also use personal smartphones, tablets and computers. While remote IT services can access and update company-owned devices, ensuring personal devices are secured entirely falls on the remote employees.

4. A Lack of Office Network Security

Remote employees do not have the benefit of office network security. Instead, they are likely spending most of their time working on a personal network from their homes. This means employees need to configure their own secure Wi-Fi connection with a strong password and keep both their router and modem updated with the latest firmware. Additionally, remote employees need to change the default password on all networked devices, including the router and IoT devices.

5. Protecting Online Information

While office-based employees transfer a great deal of data over the internet, remote employees do almost all of their work online. If possible, your company can protect this data by configuring a VPN for remote employee use. Businesses should use cloud applications, such as Google’s office suite, whenever possible. These programs are automatically updated and won’t introduce legacy security issues with information exchanged online. Additionally, remote employees are likely to store and share most of their work over cloud-hosted platforms, so your company will also need to consider the security of those platforms.

If your business is considering the addition of remote employees or you want to make existing remote work more secure, the experts at MPA Networks can help. Through IT managed services and desktop management, we can provide your remote employees with security closer to what they’d expect from an office setting. Contact us today to learn more.

3 Subtle Ways IT Management Makes Day-to-Day Operations More Manageable

Monday, January 22nd, 2018

For many businesses, it is difficult to gauge how helpful IT management can be in the workplace on a day-to-day basis — mainly because when things are going well, there’s little to notice. Some of the most important benefits of an IT managed services provider show themselves subtly in what doesn’t happen rather than what does.

A well-managed IT environment means your staff spends less time worrying about issues such as technology security and network capabilities and more on getting work done.

IT management makes day-to-day operations more manageable in a number of ways. Here are just a few.

1. Fewer Outages and Faster Service Thanks to a Stable Office Network Infrastructure

People don’t say much about network service that works at an acceptable speed, but they’ll be more than happy to give a mouthful when things are running slowly. IT management handles the background work in installing and maintaining workplace networks to provide the rest of the workforce with smooth, secure internet and network access. IT management will examine network traffic to determine necessary infrastructure upgrades concerning both performance and security. This work helps prevent service outages and keeps staff happy with performance speed. If all goes well, employees will only hear about the subject when IT management staff communicate with them to ensure their needs are being met.

2. Staff Can Focus on the Human Element of Digital Security Rather Than the Technical

IT management makes technical security a priority. Your staff may still spend time deciding whether an email requesting confidential information is legitimate, but they can spend less time worrying about infecting their computers with malware when browsing the web. Managed services puts in the effort to ensure all computers are running updated software, including making sure operating system patches get installed and antivirus programs are up-to-date. They also ensure network infrastructure elements such as routers and modems are using security best practices and updated firmware. IT management takes care of security holes that most employees wouldn’t ever consider as potential threats until there’s a breach. And if that breach never happens, staff will remain unaware the threats even existed.

3. Managed Services Providers Free Money for Other Uses

Managed services providers (MSPs) save your business financially in three ways: They help boost productivity with faster infrastructure, avoid lost business from outages with a more stable work environment and cost less to operate than traditional on-site IT staff. MSPs help lower the cost of IT overhead, which means your business can budget that extra money elsewhere as needed. Managers and employees alike may find it difficult to see the value in paying for IT management that ensures smooth operations, but they will certainly notice problems that show up from inadequate IT.

IT managed services sells itself on the concept of helping clients avoid the high cost of downtime, but it also makes daily work easier in subtle ways. MPA Networks can provide your business with a customized IT management plan that addresses the unique needs of your business. Contact us today to get started.

3 Tips to Leverage Your IT Labor Costs

Friday, February 7th, 2014

I’ll make a decent bet that your greatest Information Technology costs are not related to hardware and software. In fact, they’re probably not related to physical technology at all.

What is Your Greatest IT cost?

Support labor!

IT labor costsIT labor costs can be incredibly expensive, especially when an IT Services firm operates on a bill-by-the-hour business model, which is quite normal for outsourced IT service.

These costs are further exacerbated by the plethora of incompetent or inexperienced IT technicians.

If you’re considering hiring an outsourced IT Support and Services firm, read on for some important points to consider to best leverage your IT labor costs.

Tips to Leverage Your IT Labor Costs

Go with Experience

We’re going to let you in on a dirty IT-industry secret: competent, experienced IT people get better results per hour spent, and consequently, per dollar spent, than the masses of IT newbies flooding the industry today.

The differential between Trainee rates and experienced Network Engineer rates do not reflect reality when compared with actual value. One would expect Trainee rates to hover around 25-50% of a Senior Engineer’s rates, when in actuality, they are typically about 60-100%.

In a nutshell, you will be paying the same amount of money (or very close to it) per hour for less experienced IT service as you would for exceptional IT service. And it’s almost guaranteed that a more experienced technician will be able to diagnose and fix your issues much faster and for less overall cost than a team of newbies.

When in doubt, go with experience!

Expertise in your Industry and Business-Type

Whether you are a small investment advisory firm, a medium sized law firm, or a burgeoning health clinic, you need an outsourced IT team that knows the ins and outs of your business.

It’s not enough for an IT Provider to have “experience” – the team should have specific expertise in your industry and with other businesses of your size/type. Your IT Provider should know your industry-specific concerns before you even have to think about them. This will save you money, time, and loads of stress in the long run.

A Flat-Fee, Insurance-Like Program

Outsourced IT support doesn’t have to come in the traditional Bill-by-the-Hour model. With bill-by-the-hour service, where is the Managed Service Provider’s incentive to fix your network problems in a timely manner? Where is the incentive for partnership?

IT support business partnership

A flat-fee, subscription-based IT Management program covers everything you would expect from outsourced IT service, minus the headaches. Think of flat-fee IT service like an Insurance program. For the same cost every month, you are 100% covered for both proactive IT management and any unforeseen issues and labor expenses. An IT Managed Services firm that operates on a flat-fee model would much rather deliver the most reliable network environment possible and prevent problems from ever happening than spend time and money fixing them.

This proactive, not simply reactive, role in your business’ success will save you time and money, and is our best recommendation for leveraging your IT labor costs.

………………….

If you’re interested in learning more about flat-fee IT service, look no further than MPA Networks.

MPA made history as the first IT Provider to offer such a program and specializes in this insurance-type model. Even better – MPA has been in business over three decades (the longest of any IT Provider in Northern California) and has the experience to handle your unique situation.

MPA Networks is committed to your ongoing success, not the accumulation of time and materials hours. MPA’s flat-fee approach includes all service and labor, even emergencies, so you need never worry about Bill-by-the-Hour costs.

MPA Networks provides superior outsourced IT service to the San Francisco Bay Area, the Peninsula, San Mateo County, and San Jose.

 

Take a look at MPA’s Reliable Networks Managed Service Program for more information!