Monthly Archives

June 2020

Eargo Case Study

Rapid Wireless Deployment Helps Pave the Way for Business Expansion

By | Case Studies, IT Support

SUMMARY

After relocating into a new, more expansive office building, one of the first priorities for Eargo, a West-coast-based hearing device manufacturer, was quickly establishing reliable wireless connectivity. Working with BACS, the company was able to install the required infrastructure and activate a new wireless network in a matter of days. The rapid installation helped ensure the continuity of its business operations while creating an IT foundation that would help drive business growth in the years to come.      

 

INTRODUCTION

Growing a business from a small startup operation into a large-scale manufacturing enterprise doesn’t happen without a few obstacles along the way. A frequent challenge for many companies is navigating the complexities of technology deployment and scaling up IT infrastructure quickly and efficiently. That was the scenario facing Eargo, a Silicon Valley-based designer and developer of small and virtually invisible direct-to-consumer hearing aids. 

 

While this was not the first challenge of this type for Eargo, the degree of urgency, in this case, was more intense and the scope of new infrastructure required for this expansion was on a much larger scale. Having quickly outgrown its previous office, the new facility would provide the company with more than 30,000 square feet of new office and manufacturing space. 

 

With only minimal IT infrastructure in place, Eargo’s first order of business was establishing wireless access to the building as quickly as possible. To help them find a solution quickly, they turned to BACS―the same IT provider who had helped them overcome previous expansion hurdles and one they knew they could trust.

 

CHALLENGE


After signing the lease on its new building, Eargo’s first task for BACS focused on how quickly they could get a wireless network installed. The infrastructure not only needed to be ramped up quickly but also needed to be carefully planned to allow easy scalability as the company began to add new staff and scale-out its manufacturing operation. 

 

To define exactly what Eargo meant by “quickly” and provide more precision to the timeframe they had in mind, company executives posed to BACS a simple and pointed question: “Would it be possible to install a wireless network and get it up and running within a week?”

 

For a company like BACS that prides itself on ingenuity and thinking outside the box, the question instantly became a challenge. Initially, the BACS team wasn’t sure if the goal was feasible. But as they weighed their options, the idea of a phased approach emerged as a potential option. 

 

“The plan that emerged was that we would install a temporary wireless network first, giving them the quick connectivity they needed as they continued to relocate staff, install equipment, and prepare the facility for full-scale production,” said James Burger, CIO, BACS. “At the same time, this staged approach would give us the extended runway we needed to lay the groundwork for a more robust, permanent wireless solution.” 

 

Strategic Network Management

SOLUTION


With the scope of the challenge more clearly defined, BACS began to work on the solution. That same day, BACS ordered the core infrastructure it would need for the initial deployment. The following day technicians ran the cabling. Two days later they installed the firewall, access points, along with a 4G wireless access card. Within five days, BACS had the infrastructure fully installed and the wireless service activated, providing Eargo with fast the connectivity it needed along with sufficient speed and bandwidth to meet its immediate needs.  

 

“We used a 4G access card we had on hand and were able to negotiate a 60-day temporary wireless connection at a substantial discount with one of our preferred vendors,” said James Burger, BACS. “This allowed us to get the company up and running quickly as we continued to plan and configure the supporting infrastructure they would need to support a high-speed fiber connection.”

 

While establishing the wireless connectivity was at the top of Eargo’s priority list, other needs quickly rose to the surface. One of those was installing a new business telephone system, as well as adding a cloud-based server to support the company’s rapidly growing volumes of data. 

 

RESULTS

Before the temporary 60-day wireless plan had expired, BACS was able to install a new 100 Mbps fiber-optic network and remove the temporary 4G connection. Thanks to smart planning and diligent effort on the part of BACS, Eargo now enjoys optimized and seamless wireless connectivity through its facility. 

 

The phased approach helped provide Eargo with a smooth transition into its new space, allowing it to scale out of its office and manufacturing environment at a controlled pace with minimal business disruption. 

 

As the company began to ramp-up its engineering operation, Eargo relied on BACS to help it build out its IT infrastructure, including installing a new cloud-based server that could run its various engineering tools. Thanks to BACS’s extensive experience working with SOLIDWORKS, Mathcad, and other engineering tools, BACS was able to help Eargo install these applications at substantial cost savings compared to specialized third-party integrators.

 

BACS’s deep technical expertise also proved instrumental in helping Eargo select and implement a new business phone system, deploy new call center infrastructure, as well as implement the cabling to conference rooms to run flat-screen monitors for online meetings and video conferencing. The new business phone system and call center infrastructure are designed to meet Eargo’s current needs while allowing room for expansion. 

 

From its initial site analysis and needs assessment to planning and implementation, BACS was able to provide a fast and efficient infrastructure deployment, integrating complex technologies in multiple phases that all work seamlessly together. The rapid wireless installation and carefully planned infrastructure build-out have had a profound impact on helping Eargo drive business growth, boost productivity, and strengthen its network and IT security.

 

Like with many expansion projects, IT and infrastructure needs can be easily overlooked until the last minute. One advantage BACS brought to the project was its deep business planning expertise and its insistence on scheduling quarterly meetings, which were vital in helping to gain a clear insight on upcoming priorities, potential roadblocks, and what the team needed to be preparing for next.  

 

“Our quarterly meetings proved instrumental in helping to eliminate many of the last-minute surprises that often arise in rapidly-evolving IT projects,” said James Burger, BACS. “Another advantage was our early involvement with the client from their small start-up stage. Our scope and depth of engagement with Eargo factored heavily in terms of our ability to clearly understand their goals, their timelines, and what they wanted to accomplish.”

 

Like many growing companies, Eargo is well-aware of the complexities, delays, and obstacles that are all-too-common in the world of technology deployment. But in this case, the company also discovered that with the right support, some creative thinking, and diligent effort, it is possible (though indeed rare) for events, timelines, and tasks to fall into place precisely as planned.  

 

Free IT Consultation

data-backup-and-recovery-business-continuity

Conducting an In-Depth Review of Your Current Backup System

By | Business Continuity, IT Support, Security

The Challenge

Backing up your data and the ability to quickly and fully recover it in the event of a natural disaster or ransomware attack is critical to the stability of your company. If malware damaged your server beyond repair or a ransomware attack hit you, and all of your files were locked, corrupted, or erased, how fast could you get back up and running again?

And it doesn’t end there. You may still experience data loss even while backing up your server. Most business owners know that it is crucial to backup their server(s). But they forget about their desktops, laptops, and Macs. Even if quite a bit of your data is stored on your servers and backed up on your network, your computers themselves may not be. Your icons, background, all of your settings, local files, the music and pictures you have stored, and all of your software applications are most likely not being backed up.

If your company’s computers were to crash, get a virus, or simply die, all of that information could be lost. The company data that you’ve saved to your server would still be there if you are saving everything to your server (a big if for many people), but everything else would be gone. You would have to recreate each computer by reloading all of the software and settings. And if you’ve ever had this happen to you, you know that it can take a significant amount of time to do, and time is money.

So, either at the macro (server) or micro (computer) level, having the appropriate backup system is crucial to keep your company running efficiently at all times.

 

Our Recommendation

We recommend conducting an in-depth review of your current backup system.

  • Determine the data that is critical to your business so you can make sure you are indeed backing it up.
  • Guard yourself against the more sophisticated attacks we see today by putting a more robust, ransomware-proof backup system in place.
  • Review what data you have and its location. Unfortunately, it’s typical to find critical data on laptops and other devices that are not being properly backed up.
  • Identify the processes, such as payroll or client-facing services, that are crucial and cannot be down for an extended time.
  • Discover your tolerance for downtime. How long could you be without access to your server, files, e-mail, Internet, and other processes before it starts costing you real money?
  • What’s the plan for an actual disaster? What will you do if your team can’t get to your data because of a fire, flood, or natural disaster?

The End Goal

The purpose of these questions is to:

  1. Get an awareness of the risks and limitations of your current backup.
  2. Use your answers to map out a disaster recovery plan so you won’t have to face any unpleasant surprises should a disaster happen.
  3. Help you choose the disaster recovery system that fits your budget and priorities.

 

Next Steps

Not comfortable conducting your own review? BACS’s Disaster Recovery, Security, and Backup Audit will reveal how quickly your business could recover after a server crash, natural disaster, virus attack, or other data-erasing catastrophes. We make it easy for you not to push this “important, but not urgent” action item to the back burner.

Our Disaster Recovery, Security, and Backup Audit determines:

  • How fast could you recover if a disaster were to happen?
  • How secure is your data…really?
  • Are you backing up all your critical data every day?
  • Are you protected from hackers, viruses, and even simple mistakes?
  • Do you know what steps would be involved to rebuild your server and recover your data if you had to and how much they would cost?

If we don’t find any issues, you’ll have peace of mind about the security of your network and the fact that you would experience a quick recovery in the event of a disaster. But if we do find a few gaps, you’ll be able to fix them before you experience an unexpected catastrophe.

 

The Most Common Reasons for a Server to Malfunction

Here are some of the most common reasons why the performance of a server geta affected or stops altogether.

  • Physical causes. Accidents such as falling from a rack, fire, or a flood can cause severe server issues.
  • Power supply failures. Missing power results in servers shutting down.
  • Hardware problems. Overheating can cause server failure.
  • Software problems. Database issues can result in servers malfunctioning.
  • External actions. External attacks or malware can also end up in a server going down.

How Can Backup Issues Harm You?

Even though it’s challenging to add up specific figures, backup issues have a real economic impact. The actual calculations depend on multiple factors, such as:

  1. Loss of sales. The server that supports the website’s cart is down.
  2. Service loss. Not being able to purchase from you will force prospects to buy from your competitors. And even worse, some of those people, disappointed by not being able to buy from you, might not try to do it again in the future.
  3. Productivity loss. If your team is unable to use the systems and programs they need, preventing them from working, productivity will decrease.
  4. Customer service issues. What if billing is down, affecting your customers, and having them worry about the security of their personal data?
  5. Reputation problems. A website or a billing system failure will not only affect you in the specific moment in which they occur, but they can convey a negative image of your company, with all the negative consequences that this may entail.

The biggest challenge BACS faces in protecting you (and other companies) is your thinking. Many business owners think like this:

  • these problems won’t happen to me,
  • our company is too small, or
  • we don’t have the kind of information a hacker wants.

Or they think that if it does happen to them, the damages won’t be significant. That may have held 10 to 20 years ago, but it does not hold today.

Act now, in partnership with us, to develop a disaster recovery plan that fits your budget and priorities. We are here to help.

5 Real-Life Lessons About Cybersecurity

5 Real-Life Lessons About Cybersecurity

By | Security

As a cybersecurity leader in your organization, there are technical and strategic lessons you can learn from overwhelmingly unfortunate security failures. As seen in the cybersecurity incidents presented below, correcting or improving technical issues is important. However, by diving deeper into these devastating events, you can learn ways to develop more effective cybersecurity strategies to protect your organization’s most critical data. 

There are five important lessons that you can glean from the cyberattacks presented below:

  • Lesson 1: Effectively Mitigate Your Risks When Using Cloud Solutions
  • Lesson 2: Invest in IoT Safeguards
  • Lesson 3: Re-Examine Your Password Policy
  • Lesson 4: All Software Updates are Important
  • Lesson 5: Employee Compliance is a Critical Element of Cybersecurity

 

Lesson 1: Effectively Mitigate Your Risks When Using Cloud Solutions

The exploitation of a Capital One cloud database by a single individual in mid-March of 2019 triggered discussions about an increasing target for cyberattacks: the cloud. Capital One’s infiltrated database was protected by a firewall, but the cybercriminal, an ex-Amazon Web Service (AWS) employee, discovered a vulnerability in its configuration. The perpetrator bragged openly about her exploits online and was eventually reported and caught. Unfortunately, her illegal activity was undetected for nearly four months—an amount of time in which she was able to obtain access to more than 100 million U.S. and Canada customer accounts. 

Lesson to Learn: The growing reliance on cloud solutions that enable organizations to streamline their technology and provide better service to their customers hasn’t gone unnoticed by cybercriminals. According to a report by device-to-cloud cybersecurity company McAfee, cybersecurity threats on cloud services has increased 630%. Despite this staggering statistic, the number of organizations using cloud services continues to grow. 

In a 2015 keynote speech, Capital One’s chief information officer (CIO), Rob Alexander, announced the company’s expanding use of cloud services that included the deployment of critical services to the cloud. In his speech, the CIO acknowledged the importance of a security framework that was implemented to protect their sensitive financial data. Four years later, the company experienced one of the most notable cyber attacks of 2019. 

Of course, the underlying cause of the Capital One data breach was a technical flaw that neither the AWS nor Capital One cybersecurity team detected, but there is more that you can learn from the incident to help you mitigate the risks associated with using cloud solutions:

  • Instead of moving large amounts of critical data to the cloud, a better strategy is to make the move less dramatic with detailed security checks at each deployment.
  • Obtain buy-in from the executive team to invest in extra protection to protect your most sensitive data that you choose to deploy to the cloud.
  • Educate your cybersecurity team about cloud security and ensure they have the tools and technologies they need to prevent, detect, and respond to cloud-specific security issues. This is in addition to any cybersecurity tasks that your cloud services partner has specified they will perform.

Lesson 2: Invest in IoT Safeguards

The Dark Nexus botnet was first discovered in late 2019 and has continued to evolve and spawn into 40 iterations that have wreaked havoc around the globe. The botnet was initially developed to unleash both malware and a distributed denial-of-service (DDoS) attack on IoT devices such as video recorders and routers. 

Lesson to Learn: Like cloud solutions, Internet of Things (IoT) enables organizations to quickly improve day-to-day processes and create better value for their customers. IoT focuses on the connections to the Internet between devices, the individuals that use those devices, and the server where the data that people want to access using those devices is stored. As your IoT deployments grow, so do your pathways of potential risk. As seen with the Dark Nexus botnet, large numbers of connected access points are attractive targets for cybercriminals. 

The technical focus on preventing an attack on your IoT could be adding encryption and authentication technologies such as Zero Trust. Implementing these types of technologies can impact the benefits that IoT offers and are often cost-prohibitive. Another tricky area of protecting IoT devices is that the data that is transmitted across them may be protected personal data. 

A strategy for safeguarding IoT should include the following:

  • As the cybersecurity leader in your organization, determine the best strategy for managing the risks associated with your organization’s IoT. Depending on the nature of your organization’s business, you may have to confer with compliance and regulatory agencies to establish an effective plan.
  • IoT means a variety of devices with likely unknown security measures. According to “The CEO’s Guide to Securing the Internet of Things” developed by AT&T, conducting a risk assessment of all IoT deployments and then establishing a security baseline is a more effective approach than implementing a blanket level of security.
  • Statistics provided by the technology research firm Comparitech indicate that the critical technical methods of solving issues with default passwords (the most common tactic cybercriminals use to attack IoT) require a focus on authentication, access control, and encryption. When you request buy-in from your organization’s decisionmakers, make sure you include funding for these three technical areas.

Lesson 3: Re-Examine Your Password Policy

In 2012, Dropbox announced that an employee’s password was obtained and used to gain access to email addresses of 60 million user accounts. Fast forward to 2016 when the online cloud storage company reveals that more user accounts (100 million is the estimate) and additional personal information was obtained during the 2012 data breach. The source of the breach was determined to be that a Dropbox employee’s password was part of a LinkedIn data breach and was reused to access a Dropbox corporate account. 

Lesson to Learn: The good news about the Dropbox data breach is that the credentials stolen by the cybercriminals were hashed with advanced algorithms and since being dumped on the dark web haven’t appeared to be cracked. However, the incident rings the bell about the long-standing issue of policing passwords. Despite the large number of public incidents involving stolen passwords, people continue to have what appears to be a low disregard for considering their security implications, as reported in an article by CNN

The National Cyber Security Centre (NCSC) offers valuable advice for devising an effective password management strategy: 

  • Consider implementing technical solutions that limit the reliance on passwords, especially for access to critical data.
  • Broaden your password protection measures to include an extra level of protection. Multi-factor authentication (MFA) and single sign-on systems are two examples. 
  • Train all employees about the importance of password security and hammer the lessons into them constantly so they understand the importance and consequences of their actions.

Lesson 4: All Software Updates are Important

Atlanta-based credit reporting agency Equifax made history in 2017 when the personal data of 143 million Americans in 51 of its databases was accessed by cybercriminals. As with the Capital One cyberattack, the attackers were able to remain undetected for about four months. It is also similar in that human error was the source of the attack. In this case, that human error was neglecting to patch a known security issue.

Lesson to Learn: Software is a dynamic technology, constantly being improved and repaired via updates to enhance the user’s experience. It’s safe to say that organizations are aware of the importance of software updates. Then why would a company the size of Equifax neglect to fix a known issue? When you discuss the importance of software updates with your cybersecurity team, they probably roll their eyes while they nod their heads in agreement. In addition to being a mundane task, patching software can break existing systems, which can cause downtime.

The following are three ways you can improve your software update processes:

  • Perform a risk analysis to determine the software patches that are required and the critical nature of the patches. Your cybersecurity team should work from the top of the list downward, starting with the most critical update first. 
  • Incorporate an audit task to your cybersecurity processes (a mix of automated and manual steps) to check the status of all your software updates. This has the added benefit of giving the team an idea of the most common software that is outdated and those for which the provider is no longer providing updates.
  • Prevention is key in cybersecurity, so keeping an eye out for known vulnerabilities is important. The National Institute of Standards and Technology (NIST) provides several data feeds of vulnerabilities that your cybersecurity team can access and monitor for any issues related to software and/or systems that your organization uses.

Lesson 5: Employee Compliance is a Critical Element of Cybersecurity

In July 2019, Mimecast posted details of a phishing attack on their blog. The cloud-based email management company described the attacker’s method as using a SHTML file attachment that employees clicked and were subsequently taken to a malicious website that requested their login credentials. 

Lesson to Learn: There’s a common saying in cybersecurity circles that people are the weakest link in a cybersecurity strategy. While human nature has played a significant part in cyberattacks, this should be viewed an opportunity instead of a weakness. 

Too often, cybersecurity is viewed by employees as something that is maintained for them. While it is true that your team has responsibilities to keep the organization’s personal information and technologies safe, every single person in the organization plays an important role. Until every single employee in your organization understands that and performs in a manner that proves they do, your cybersecurity strategy will continue to have a serious flaw.

The following are three actions you can take to adopt a culture of employee cybersecurity compliance:  

  • Roll out a cybersecurity plan to the organization that highlights employee compliance.
  • Training every single employee about security is a given. However, this should be more than a quick session that employees are able to gloss over and check a box that they completed it. The training should be engaging and have a long-term effect on employees.
  • Measure the effectiveness of your employee security compliance training by keeping track of security incidents committed by employees. Over time you will be able to determine areas of improvement to address in your training.

Final Thoughts

As a cybersecurity professional, it is safe to state that your responsibility to lead your organization’s fight against cyberattacks is only going to become tougher as cybercriminals become more and more sophisticated in their approaches. The organizational costs associated with security failures can be devastating, so establishing an effective plan is critical. Attempting to limit your defense to a technical strategy is not enough. You must also develop strategic policies and plans that are based on valuable insight and experience. For many cybersecurity leaders, the responsibility is overwhelming. BACS consultants know how to assess, develop, and implement robust IT security solutions that address the technical and strategic needs of organizations. 

How to Tackle 3 Top Cybersecurity Challenges

How to Tackle 3 Top Cybersecurity Challenges Related to the COVID-19 Pandemic

By | Security

The increasing sophistication of criminal attacks on computers and network systems keep cybersecurity professionals on their toes. Bad actors are continually enhancing their tactics to infiltrate systems and cause havoc, especially during crises. The novel coronavirus disease, referred to as COVID-19, was declared a global pandemic by the World Health Organization (WHO) on March 12, 2020. The fear of the unknowns and shifts inactivity of people and organizations all around the world that have resulted from the pandemic have created a “perfect storm” for cybercriminals. 

Cybersecurity professionals have a significant task at hand to mitigate the security risks associated with the challenges to protect their organization’s assets and resources. Presented below is an explanation of three top cybersecurity challenges related to the COVID-19 pandemic and tips for mitigating your risk.

  1. Increased Social Engineering
  2. Varied DDOS Attacks on Organizations
  3. Remote Work Environment Exploits    

 

1. Increased Social Engineering

Social engineering consists of malicious actors using a variety of communication methods (email, phone, text, social media posts, and snail mail) to exploit individuals for the purpose of obtaining personal data. Cybercriminals obtain the personal data by deceiving their victim. They may purport to be someone you know or someone in an authoritative position. They may also disguise an email to look like a well-known company. The bottom line is to deceive you so that you unknowingly provide the information they want (passwords, bank account details, etc.). There has been a significant amount of social engineering during the COVID-19 crisis. One of the most common form of social engineering is phishing.

According to Google, they block more than 18 million phishing emails every single day. During a week in April (shortly after COVID-19 was declared a global pandemic), they saw 18 million (combined with malware) related to COVID-19. In addition to more than 240 million spam messages related to COVID-19. 

An example of how cybercriminals use human emotion during a crisis is a phishing scam that started with a text message. An individual in New York city received a text message about an important update related to COVID-19. As the email requested, the individual forwarded the message to others. The message ended up going out to individuals in Kansas, Boston, Washington D.C. and the West Coast. The bad actor of the text message was eventually tracked down by a team of U.S. Intelligence Community.

Phishing scams have become so prevalent during the COVID-19 pandemic that a group of hackers have joined forces to tackle the attacks. The group includes 400 members from 40 countries. 

The unfortunate case of social engineering for cybersecurity professionals is that its main point of entry is human emotion. While it is a prudent practice to implement email filters and increase the severity of your systems that detect phishing, educating employees will prove the greatest benefit.

Here are a few tips to pass on to employees: 

  1. Review and understand the company’s cybersecurity policies.
  2. Don’t use company equipment for personal social media interactions.
  3. Only discuss personal and sensitive data in person or over the phone (when you know the other person), never in response to an email.
  4. If you receive a suspicious email from a known or unfamiliar contact, and it includes an attachment or link, call the individual on the phone to confirm they sent the message. 
  5. Report any suspicious communications to your cybersecurity officer.

2. Varied DDOS Attacks on Organizations

According to the security advising firm CSO, cybercriminal attacks during the COVID-19 pandemic have targeted the geographic locations and organizations most impacted by the disease. The industries most affected include retail, manufacturing, education and research, government, financial services, manufacturing, transportation, engineering, technology, chemical, and food and beverages. The method of attacks on these organizations has varied, but distributed denial of service (DDOS) attacks have been gaining momentum since 2019 when the COVID-19 pandemic was introduced. DDOS attack consists of one or more automated bots set in motion to overwhelm a public-facing system in order to slow down or paralyze it.  According to a report by dataset management firm Neustar, DDOS attacks are providing significant disruptions during the COVID-19 pandemic by launching both large-scale and small-scale attacks.

Large-Scale Attacks

The 2016 DDOS attack on the Dyn infrastructure company that resulted in shut downs of technology giants Reddit, Twitter, Yahoo, and PayPal among a host of other organizations is an example of a large-scale attack. It was in the form of a botnet that infiltrated devices that were infected with malware. The attack, which was really three-in-one, was eventually resolved by Dyn, but resulted in the company reporting an 8% loss. 

The healthcare industry’s frontline position in the novel coronavirus crisis, coupled with their increased reliance on technology, are setting up the industry to be a focus of large-scale DDOS attacks. In addition to housing HIPAA-protected patient data, these organizations are also on the forefront of testing and devising medicines to control the spread of the disease. As they respond to the needs of people infected by the disease, their systems are a viable target for cybercriminals aiming to cripple it. In March, the Department of Health and Human Services was subjected to a DDOS cyberattack. While the attack was not successful at crippling the organization’s systems, it is an example of what we could see more of in the near future. 

Widespread Small-Scale Attacks

Cyberattacks have been thought of as activities carried out by people with advanced technical skills. DDOS cyber threats are low-level enough to minimize the costs and knowledge necessary to launch a successful attack. However, a new trend in DDOS cyber threats is that hackers are now offering services to assist individuals with launching a DDOS attack. These services may include planning, creation, monitoring, payment, and reporting services for a botnet whose costs will vary according to the services and length of the attack desired. These work-for-hire services mean that just about anyone can now launch a DDOS attack for just a little money. An investigative study by Securelist uncovered that a five-minute attack on a “large online store could cost as minimal as $5.

Mitigating the risks of a DDOS attack can be tricky since they are so varied, but the following are some basic tips:

  1. Monitor local, state, and global lists of current DDOS threats.
  2. Keep systems up to date. 
  3. Secure all your network borders.
  4. Investigate all changes in network performance.
  5. Create a mitigation plan.

 

3. Remote Work Environment Exploits

Cybercriminals typically target the weakest link. As companies transition to a remote working environment to prevent the spread of COVID-19, human beings are occupying the role of the weakest link. Cybersecurity professionals can implement a robust infrastructure, but its power can be easily compromised by employees who neglect security best practices.  

Employees should be informed about the following key best cybersecurity practices:

  • Use strong passwords that are not duplicated.
  • Ensure that all software is approved by the organization and updated with latest versions.
  • Maintain a watchful mindset when responding to communications and accessing the Internet.

In addition to educating employees, you should also consider the cybersecurity systems you currently have in place. One of the most critical services provided when workers work remote that can become a weak point for cybercriminals to attack is your network traffic. The Cybersecurity and Infrastructure Security Agency (CISA) published a document to assist federal agencies with preparing for a quick transition to teleworking. 

The following five objectives provided in the document are beneficial for other organizations with remote workers:

  • Manage traffic
  • Protect traffic confidentiality
  • Protect traffic integrity
  • Ensure service resiliency
  • Ensure effective response

Summary

Cyberattacks are disruptive and often destructive. The risks to businesses are many and include a damaged reputation and financial losses. The attacks are becoming more sophisticated, making the mitigation of risk a moving target. During a time of crisis, such a the COVID-19 pandemic, the likely case that there will be an increase in attacks makes mitigating the risks even more critical for organizations. Organizations of all sizes are having to respond to the “new normal” that is taking shape during the COVID-19 pandemic. One certainty is that no organization can accept the risks.

Just as there are basic strategies for preventing the spread of COVID-19, there are also basic strategies for preventing cyberattacks during this heightened time of cyber activity:

  • Stay current with updates. The Department of Homeland Security website includes a list of security alerts. You can sign up to receive the alerts via email. 
  • Educate the workforce.
  • Revamp your cybersecurity measures and infrastructure.

Is your organization prepared to tackle the cybersecurity challenges related to COVID-19? A simple question you can ask yourself is “Does your organization have the technology and resources in place to protect your data assets, limit cybersecurity risks, quickly respond to cyber threats, and enable employees to work efficiently and safely from home?” If your answer is affirmative, that’s great news. Otherwise, now is the time to implement a viable cybersecurity plan. BACS is a team of IT support professionals that help organizations assess their cybersecurity needs and determine the best solution for long-term results.

Cybersecurity In The Era Of The Cloud | How To Prevent Hackers

Cybersecurity In The Era Of The Cloud | How To Prevent Hackers

By | Security

If there’s one technology with widespread benefits across every industry, it’s the cloud. The ability to improve operations while saving costs has companies eager to make this transition and plan to improve their IT infrastructure. However, companies may be too quick to adopt this technology without establishing proper cybersecurity protocols and policies. This leaves businesses vulnerable to vicious attacks from hackers that could leave your business and operations in shambles. Thus, it is imperative that companies educate themselves about potential cybersecurity risks when moving to the cloud.

 

What is the Cloud? 

Broadly, the cloud refers to servers that are accessed over the internet that host software and data that you use for services. Many people may be passively familiar with the cloud because of its rise to prominence in personal usage such as phone storage. People are familiar with the fact that their phone’s photos may be stored somewhere else, and that those can be accessed no differently than if they were saved on your phone just by a simple login. 

 

For businesses, the cloud offers much more than added phone storage. Entire processes, systems, and applications can be moved to the cloud to improve productivity and reduce downtime. Although it is not without its risks, the cloud is an incredibly valuable tool for businesses to utilize. 

 

Cybersecurity Weaknesses in the Cloud

As previously mentioned, a challenge that presents itself when you are working with the cloud is the issue of cybersecurity. Cybersecurity is an ever-evolving battle between hackers and between the people who want to steal your data and the people who want to protect it. Hackers are becoming more sophisticated by the day in their efforts to infiltrate and steal businesses valuable data.

 

The cloud needs to be secure and maintain a secure lock on the data. It is vital that both the business and the cloud being used are identifying and maintaining the proper security controls necessary to prevent breaches. The cloud provider and the business both have to share in the responsibility of protecting their data and their customers from breaches that can cause issues for their business. For the most part, the benefits almost always outweigh the cybersecurity risks 

 

Cloud Benefits are Clear

Cost

Most businesses will be drawn to the first benefit, cost. This is especially true if you are a small business. For small businesses, it is generally significantly cheaper to use services through the cloud than to spend the money to host servers on their own. Many small businesses cannot afford to hire an entire IT staff to manage their services, let alone defend their data against hackers. 

 

Global Scaling

The cloud also provides a more efficient way to scale your company, as the cloud services are most likely already available at the scale that is required. This will free your business from the burdens of scaling, so your team can focus on building your business. Your cloud provider will be able to help your business meet all of your needs while growing. 

 

Team Performance Through Data Access

Your team will be able to access all of the data and applications that they need to perform their job. As teams become more decentralized, your team members will need to access critical services to keep customers. The cloud will ensure that as long as your employee has internet, they will be able to access the necessary applications and data. 

 

Productivity

Cloud computing can increase the performance of the services and applications that are vital for your business. Any software application can be updated in real-time whenever there is a need for it, and our business will always have the most up-to-date applications to improve productivity. 

 

Security

Cloud computing also helps to keep a business’ data safe. When working with a service provider, you now have a company whose job it is to protect this priceless information. You can sleep much easier at night knowing your data is protected by the best cybersecurity experts in the world. 

 

Reliability

Using the cloud will ensure that your business has reliability and speed when you need it the most. Cloud computing will improve your reliability all while decreasing IT and scaling costs. 

 

Even, with all of these benefits, it is necessary to understand exactly what issues can arise from moving to the cloud. 

 

The Cloud Could Result in Cybersecurity Issues

 

Data Breaches & Government Fines

Data breaches have always been a risk for business well before the cloud existed. Hackers have an even larger opportunity now that businesses are moving rapidly to the cloud. More devices are connected to the internet, which are more potential entry points for hackers to infiltrate your network. This can occur in the cloud if the proper precautions are not established. These data breaches can result in massive government fines. 

 

Outdated Software

This threat is made worse by the fact that outdated third party apps can cause data breaches. An outdated application is another potential entry point for hackers. It is imperative to be sure that the apps you are using in conjunction with your cloud services are up-to-date and secure. The newest application version will patch any known vulnerabilities in previous versions. 

 

Inadequate Training

Lasty, you will have to make sure that your employees are fully trained how to properly use  cloud services. Employees are resistant to change and may struggle to adapt to the cloud. If your employees are not using the cloud services to their fullest extent, they will be losing out on all the benefits. Additionally, improperly trained employees could create opportunities for hackers to breach the cloud. Many cloud companies will set up your cloud and leave you and your employees to figure out the rest and vulnerable to hackers. 

 

All of these issues can be handled by a competent cloud hosting organization. 

 

BACS Takes Care of Your Cloud Worries

BACS takes great pride in alleviating concerns that organizations may have involving cloud computing. 

 

Personalized Plans & Data Protection

We work with you to develop a personalized cloud plan that works specifically for your business. No matter if you have 10 or 10,000 employees, BACS will find the plan that fits. The most sensitive data that businesses have can be kept on-site in order to keep data safe and secure. BACS has a high level of encryption on all its data and applications, thus keeping you in and the hackers out.

 

Up-to-Date Apps & Training

BACS will also make sure that your apps are all up-to-date in order to function at their best and keep your data safe. Your business needs the most up-to-date applications to ensure that hackers cannot exploit weaknesses in versions that are outdated. Most importantly, BACS will ensure that your employees are trained to properly use the cloud computing tools at their disposal in order to work as effectively as possible. Your employees will know exactly how to utilize all of your cloud capabilities. 

 

Cloud computing offers businesses numerous advantages in their operations and the ability to safely store their data. It empowers businesses to grow faster and more seamlessly while implementing the technology it needs to do so. If your business does not adopt the cloud, then you are quickly falling behind your competitors. Reach out to BACS today to learn more about how our cloud solutions can take your business to the next level. Your data will be safely in the hands of our experts who can defend against the most sophisticated cybersecurity attacks.

Computer disasters - Servers - Business IT

Top 10 Most Expensive & Deadly Computer Disasters

By | Business Continuity, Security

Imagine the frustration of losing a couple of hours of work on your computer.

Now imagine losing days and even weeks. Or, imagine losing critical data like your client database and those clients’ financial records. Imagine not being able to access your email or any of the information on your computer. What is the level of your frustration now?

Many small business owners ignore the natural disasters that can destroy all their data or tend to forget to implement an emergency recovery plan. They fail to take steps to secure their company’s network from these types of catastrophes until disaster strikes, and by then, it’s too late. Think about these facts:

  • Sixty percent of small businesses will experience a significant network or technology disaster
  • The average cost of these technology disasters ranges from $9,000 to $60,000 in repairs and restoration costs
  • 99% of businesses claim to be “too busy” to think about network security and maintenance
  • An auto body shop spends $20,000 to clean up a virus
  • A health products company spends $40,000 and suffers nine days of downtime from two corrupted hard drives
  • A property management company pays $9,000 and experiences weeks of downtime for a simple, inexpensive repair

And now think about this: you can avoid 100% of these disasters and restoration costs easily and inexpensively. Yes, it’s impossible to plan for every potential computer disaster or emergency. Still, you can take simple steps to prevent the top 10 most significant threats and disasters that wipe out businesses from happening to you.

 

Viruses and Worms

Viruses remain the most common type of security threat for your network.  They can do a wide range of damage from displaying annoying popups to corrupting all your files and hurting your company’s reputation. Imagine unknowingly spreading a virus to a customer, or imagine a virus hijacking your email address book.

Worms don’t need a host file to infect your network, making them even more dangerous than viruses. They are often embedded in emails. The infected computer can make quick copies of itself and affect an entire network in just a few hours, making worms responsible for a good number of companies’ widespread network failures.

Make sure to install anti-virus software on every computer and laptop in your office. Once you install it, don’t forget about it. Monitor your network, making sure every machine has the most up-to-date version installed and making sure the software isn’t accidentally disabled.

 

Not Keeping An Offsite Copy Of Your Data, or Not Even backing up at all

Most small businesses never back up their computer network, or only keep an on-site copy of their data. Imagine this: you write the most crucial piece of information you could ever write on a chalkboard. Can you get it back if I come along and erase it? Unless you copied it, you can’t recover the data. It’s gone forever. There are many ways to lose data. If the information is essential to you, make sure you have more than one copy of it.

The first step in prevention is to make sure you have a good on-site copy of your data. Second, you must have an additional off-site copy. No one considers natural disasters. But should you consider the possibility of theft? Or, what if a nearby office catches fire or if a faulty sprinkler system waters your server room? And, what if your data becomes corrupt or a hardware failure erases your data?

 

Not Performing Back-ups Tests


Many business owners set up some type of back-up system and never check to make sure it’s working correctly. It’s typical for a system to appear to be backing up when it’s not. Perform a restore of your data monthly to see if it can be restored and to see if your data is intact.

Trojan Horse Malware Attacks

Trojan horses hide in innocent items like screen savers, computer games, or even YouTube videos. They are challenging to remove, so preventing them from happening is what you want to do. Educating your employees is not enough to protect against Trojan horses because hackers come up with new, innovative strategies to access your network all the time. Instead, block users from downloading freeware and computer games, as well as embedded links in emails, and even block all websites that are not on an approved list of websites that employees may visit.

 

Spam

Spam is a malicious menace every business faces. In addition to killing office productivity and introducing viruses, worms, and Trojan attacks, spam can take up enough bandwidth to crash your network. Fortunately, a good email filter may be all you need.

 

Lack of A Secure Firewall

Small business owners have the mindset that hackers would not waste time trying to access their networks when nothing is further from the truth. There have been experiments where, within hours, malicious code took over gigabytes of space from a single computer connected to the Internet without a firewall. Remember that there are thousands of unscrupulous hackers out there who think it’s fun to disable your computer just because they can. Maintaining a secure firewall can save your business a lot of headaches.

 

Failing to Install The Most Up-To-Date Security Patches and Updates

Software companies continuously discover security loopholes within their programs that hackers use to access your network. That is why these companies offer free patches and updates to their users. The irony is that most hackers do not discover these security loopholes on their own; they learn about them when the software vendor discloses the vulnerability and issues the patch or update. The announcement is the hacker’s cue to action. And the time gap between the solution and the exploit gets shorter every day. That is why it’s critical to keep an eye out for security updates and patches and install them quickly.

 

Phishing Attacks

Phishing refers to spam emails designed to trick recipients into clicking on a link to an insecure website. The intention is to steal passwords and account information for e-commerce sites and credit card and bank account numbers. Most of us have received the infamous PayPal emails alerting us that our account is going to be deactivated or closed if we don’t log in to verify our account information. To prevent phishing attacks, you can educate employees on how hackers try to phish account information and remind them to never enter personal information in a web site solicited via an email

 

Hardware Loss and Residual Data Fragments

Did you know that stolen laptops and computers are a significant contributor to the 10 million cases of identity theft suffered by Americans each year? What can you do for prevention?

  • Encrypt sensitive company data (especially on laptops used by employees who frequently travel)
  • Wipe and shred files on old hard drives before they leave your organization
  • Develop a policy for tracking smartphone and USB memory card use around sensitive data

 

You And Your Staff

End-user mistakes are often the biggest threat to the security of your network. Whether someone downloads a virus, accidentally deletes a critical folder or file, visits shady web sites, or shares confidential information, end-users are usually at the root of every computer problem. In most cases, these actions are not intentional, but the effects of a virus are the same whether the download was deliberate or purely by accident. On-going education on proper email, Internet, and computer usage and regular maintenance and monitoring of your critical data and systems is the prevention we recommend.