Monthly Archives

November 2020

Everything To Know About Managed Service Providers

MSP 101 – Managed Service Provider

By | IT Support, managed It services

Managed service providers are becoming more and more popular. Replacing or supplementing traditional IT teams with an MSP can improve the quality of a company’s IT infrastructure. Companies all over the world are taking advantage of all the benefits that come with working with an MSP.

Still, the concept of a managed service provider may be confusing to interested parties and could keep them from utilizing an MSP. Understanding the basics of what an MSP is will help businesses stay ahead of the curve.

 

What Is An MSP?

In order to better understand managed service providers, a bit of history of how they evolved could be useful. Managed service providers have a history dating back to the 1990s. During the early 90s, many IT companies only provided repair services to various technology pieces. That began to change as the 90s evolved and the industry rapidly evolved.

Internet speed was rapidly improving throughout the 90s until it reached a point where software applications could be deployed from a central location. This enabled the development of software that could manage and control a computer from a remote location. Innovative software solutions could be developed and deployed to a number of customers all at once.

The early 2000s marked the beginning of the managed service provider industry. IT consultancies began to create companies filled with computer engineers that could create comprehensive IT frameworks for other companies. By the 2010s this process had become much more robust to the point where an MSP could manage nearly all of another company’s IT software, strategy, and infrastructure. The rise of the cloud has only accelerated this trend.

MSPs have recently exploded in popularity with the rise of cloud services. The cloud allows services and software to run through the internet, instead of on your local computer network. This enables your business to access software, applications, and data anywhere in the world. The cloud has opened the door to various improvements in company productivity, but there are some potential drawbacks.

Managing this complex cloud environment can be extremely challenging. This is one of the key reasons why companies have turned to managed service providers. MSPs can manage the entire IT infrastructure of a company, including the cloud infrastructure. Many companies use an MSP to help take their company into the cloud environment. Managed service providers can also keep software applications up to date, database maintenance and setup, data analytics, cybersecurity, and more. Even with all of these services, some businesses are still hesitant to utilize a managed service provider.

If you could bring all of your IT infrastructure in house, why would you want to pay someone else to do it? Trusting and relying on another company to manage your IT infrastructure and data can be a scary proposition. Many companies want to do everything themselves, but the benefits of MSPs vastly outweigh the risks.

 

Why Do You Need An MSP?

Managed service providers create a ton of value for companies that they work with. If you have not switched to an MSP then you are likely falling behind your competitors. Here are a few reasons why you need a managed service provider.

 

Take Stress Out Of Your Life

Your expertise is likely not in the area of IT. A managed service provider will make your life much easier. Your business can call your MSP anytime to repair any issue that is affecting your business’s IT infrastructure. Your website and IT infrastructure will have significantly less downtime, so your employees will not have to wait around while repairs are made. Instead of worrying about managing an IT department, you can focus on the bigger picture. Your team will have extra time to focus on projects and keep your customers happy.

 

Cost Savings & Scalability

Many businesses believe that hiring an MSP may be out of their budget, but that is not the case. Managed service providers reduce the costs that businesses are responsible for. Companies will no longer have to worry about paying expensive IT employees or investing in IT infrastructure. MSPs will handle all of those costly endeavors. Additionally, as your business grows you will need to add additional IT infrastructure. A managed service provider can help you scale your business easily. Your business can easily increase server space and install additional applications to improve productivity.

Use Their Experts

Managed service providers are full of IT experts that can improve your IT infrastructure. Your team can use an MSP expert to work on a project that will improve your processes and productivity. Instead of having to hire an expensive consultant, you can work with your MSP to finish the project. This is extremely beneficial from an HR perspective as well. Your HR team does not have to manage additional employees and worry about key team members leaving the company. Your team can simply rely on your MSP experts to help out on any projects.

 

How BACS Can Help

Whether your company has 10 employees or 1,000 employees, BACS can create a customized solution that will meet your unique needs. Your business can take advantage of all the benefits that working with us comes with. From cost savings to less stress, your business will be able to focus on the core competencies that drive revenue.

 

BACS can answer any questions you may have about managed service providers and how we can benefit your organization. Reach out to BACS today to learn more about our services and offerings. Our team can develop a comprehensive, customized plan that will make your life easier and help your business grow.

 

 

 

 

 

 

 

 

 

 

 

 

Cloud computing - cloud manged IT services

Cloud Computing Frequently Asked Questions

By | Cloud

New technologies continue to move the business world forward. Simultaneously, they create a lot of confusion and apprehension among business people and owners who tend to get intimidated by new business concepts.

While cloud computing had been growing in popularity over the last few years, it’s still a reasonably new concept to most people. Perhaps, you have thought about transitioning your company’s software, and computing needs to a cloud environment. If so, it’s very likely that you would have questions about the transition process and how cloud computing works.

To help you move closer to making the right decision about your company’s data needs, it makes sense to offer you a few answers to some common questions about this concept. The following question/answer format should help provide you with the answers you seek.

 

Question:

What does the transition process encompass, and how long will it be before my data servicing is fully operational offsite?

Answer:

The transition process requires some level of participation by company employees. However, hiring an IT professional consultant with related experience could help remove a lot of the burden off of your employees’ shoulders. Your company’s employees could focus on their everyday responsibilities while the IT consultant concentrates on implementing a parallel system with the cloud-computing facility.

As for time requirements, experts claim the entire transition process will usually take 10 to 14 days, depending on business size, the amount of data involved, and the services required.

 

Question:

How will my company’s data access be affected should there be a complete loss of Internet connectivity?

Answer:

The answer to this question is complicated. If you maintain updated synchronized copies of your data in-house, your employees might be able to continue working off of your local server. If not, your company would face one of two possible scenarios.

First, you could be out of luck if your service provider was a single office environment. You would have to wait until they were able to restore access. Under the second scenario, your primary facility’s location might be one of many sites your provider maintains. If that’s the case, it’s doubtful that all of their facilities will experience the same issue simultaneously. If the provider supports substantial redundancy, you might be able to access your cloud-computing environment through an alternative location.

 

Question:

How will a slow Internet connection affect our company’s work productivity?

Answer:

Data connection issues are hit and miss. Some days, the connection speed is adequate, while other days, it might be unbearably slow. The most feasible solution for this type of problem is the simultaneous synchronizing of data between the cloud-computing facility’s data servers and your in-house data server.

Here is how that might work. Most operating systems, Microsoft’s Windows included, offer a feature that can facilitate this kind of synchronization process. Somebody can do work on either server, with the data updated on the opposite server within seconds. Suppose your company is experiencing a slow period of connectivity. In that case, your employees could easily switch to working from the in-house server, knowing the data input will hit the cloud-computing server in short order.

 

Question:

How secure are cloud environments? Will we need to sacrifice some of the protection we have in-House?

Answer:

Of course, your number one concern will focus on security and the protection of your data. You need to understand that there is nothing about your ability to protect data in-house that can’t be replicated in a cloud environment. Your cloud-computing provider probably has access to substantial financial resources they can use to create multiple layers of security.

Another issue worth considering is that your employees are likely to make errors that could compromise the security located around your in-house server. That might include downloading files with viruses or forgetting to use secure passwords. For a cloud-computing provider, their reputation often rests on their ability to keep the client’s data safe. It’s a good bet they have procedures in place to protect against potential errors.

 

Question:

How easy is it to reclaim data should our company go out of business?

Answer:

At the point of implementation, you should receive information about how to proceed in case of an emergency. The information should include detailed instructions on how to recover all of your data without assistance from the facility’s personnel. If you were to encounter any problems, you should also have access to the emergency contact information that would put you directly in touch with someone who could help you proceed.

Ensure you receive copies of the facility’s disaster recovery plans, corporate insurance policy information, specific information about backup procedures, the exact location of your secured data, and any software licensing information you might need.

The bottom line is your provider is your data partner. They should be there to help you under any circumstance, even if your company is going out of business. Never settle on a provider that is unwilling to offer total transparency.

 

Question:

Will there be any special hardware requirements placed on our company?

Answer:

There is lots of good news here. By committing to a cloud-computing solution, you would need to invest less money in your data infrastructure. At most, you would only need one server to use as a backup, plus the workstations and printers you would need for your employees. You would also benefit by not needing to purchase state-of-the-art components because the real thrust of your computing power would be residing with the cloud-computing facility. The money saved could be quite substantial, depending on the size of your company.

 

Question:

Is there adequate protection against disasters, viruses, and errors that could affect our data?

Answer:

Again, cloud computing providers rely on reputation. Through economies of scale, they can provide all clients with a protection level that each client would have trouble providing for themselves.

 

Question:

Will training be available for my employees?

Answer:

Yes, your employees would get ample training related to accessing data and monitoring backup procedures. The training would come in the form of face-to-face live training sessions or through online webinars. Nothing would be permitted to go live until you feel your employees are up to speed and ready to go.

 

Question:

Is this the best data solution for a company with limited financial resources?

Answer:

The short answer is an emphatic yes. Your company would likely experience substantial annual savings in a lot of areas.

 

First, this data option offers the benefit of workforce savings. You would likely need less emphasis on hiring an IT professional because the biggest hardware concerns would fall under the cloud-computing provider’s responsibilities. You would not be responsible for hardware installations, maintenance of updates, and software licensing.

Second, you could save a lot of money on software if you were to choose a generic software system that’s already available on the cloud’s servers. Custom software programs can get quite expensive.

Finally, you could save money in the form of higher productivity among your employees. Instead of worrying about IT issues, they can focus on doing the jobs for which they are getting paid.

 

cloud computing - it services - cloud services

Different Types of Cloud Solutions and How to Decide Which One is Best For You

By | Cloud

It is our goal here at BACS IT to keep our information relevant to our customers and our readers. We updated the information in this blog to provide you with more value and insight as to the types of cloud solutions we have available as of August, 2021. Please read through our blog and contact us if you have any questions! 

Businesses worldwide have started implementing the use of cloud solutions for handling their technology storage needs. These solutions allow for off-site servers and hardware that is easy to access via the internet. There’s no doubt that this off-site setup allows for reduced business expenses that come from paying for on-site housing physical infrastructure and staff to manage it.

Are you considering moving to a cloud solution? If you have done even some rudimentary research, you may have been overwhelmed with all the options that are available. From public clouds to hybrid clouds, there are a variety of cloud solutions available. Which one is right for your company? The truth is that each cloud computing solution offers different benefits for different businesses. Not all of these solutions will be right for you, which is why it’s vital to compare your options before selecting one. Before looking at your options, here are the features that all cloud solutions offer.

 

What All Cloud Solutions Have in Common

All types of cloud solutions do have many features in common. By using a cloud instead of a single server or even a farm of servers, you are able to take advantage of the shared processing power, storage capacity, and other resources. Server loads can be distributed among all servers in the cloud, reducing the amount of pressure a single server is under. Servers can automatically balance these loads, too, so one server never experiences a high load. This prevents servers from being overtaxed, plus users do not experience any slowdown or other issues related to a lack of resources.

All cloud solutions offer outstanding backup and continuity. You may back up your data locally, but should a disaster affect your business, that backup may be lost. By backing your data up to the cloud, it is stored off-site. Ideally, your cloud will contain servers located in various physical locations. You can back up data to servers in each of these locations. This means that even if one location goes offline, servers from other locations have a copy of your data.

 

Cloud Services

In addition to sharing benefits, all cloud solutions can offer the same cloud services. Typically, these services fall under three categories: software, infrastructure, and platform. You may need to make use of one, two, or all three of these services.

  • Software-as-a-Service: Instead of installing copies of every piece of software on individual computers, cloud servers can provide software-as-a-service (SaaS). This allows any individual with the correct login credentials to access software without downloading or installing it on their computer. Businesses pay a licensing fee or subscription rather than buying multiple copies of software. This allows you to quickly scale your business by adding or removing licenses as needed.
  • Infrastructure-as-a-Service: If you plan on using the cloud, you will likely take advantage of infrastructure-as-a-service (IaaS). It includes the virtual servers, data storage, and operating systems that allow businesses to fully benefit from the cloud’s scalability, reliability, and flexibility. You will not need to purchase server hardware or dedicate employees to its upkeep. This is cost-effective for smaller businesses, but it is also effective for larger corporations.
  • Platform-as-a-Service: If your business needs more than IaaS and SaaS offers, you can opt to make use of platform-as-a-service (PaaS). This option allows you to develop applications yourself, personalizing them to your unique needs. You can scale these solutions to fit your business or for testing. This is ideal if your business has multiple developments in progress or a large number of developers working together on a project.

All cloud options allow you to make use of these three types of solutions, either individually or in combination. This means you will want to look at the other benefits before you decide if you’re looking for a public, private, hybrid, or community cloud solution.

Cloud Services

 

1. Public Clouds

The most popular and common cloud solution is the public cloud. Public cloud providers provide infrastructure and services for a large group of customers. This type of solution works best for collaborative projects and software development. Due to the easy scalability and pay-as-you-go structure, public clouds are an excellent option for developers to create and test their applications before switching to a private option. Developers can create and test applications on a public cloud, then later move them to their private cloud if needed. This allows developers from other locations to collaborate on the project.

The major downside of public clouds is the lack of control. You rent the servers rather than own them. This means that the solution provider has full control over the hardware. They could also decide to change their platform at any moment or even shut down operations. This situation requires consistent monitoring and the ability to quickly respond to any changes made by the provider.

Public networks are also susceptible to more security issues as users don’t have any control over the security measures implemented for the network. You may always request specific hardware updates or security solutions, but the provider is typically not obligated to provide those solutions.

Because multiple businesses use the servers in a public cloud, you may not have the option to add specific services. This includes operating systems and hardware that are uncommon or that would affect the other businesses that are renting space in the public cloud.

Pros

  • A massive amount of space offers easy scalability
  • The pay as you go structure fits the needs of smaller businesses
  • You can easily manage your cloud’s services through a self-service web portal
  • You can move projects to a private cloud as needed

Cons

  • The solution provider has full control over the hardware and other features
  • You must follow the provider’s terms and services
  • The cloud is susceptible to significant platform changes and provider shut down at any time
  • You could experience more unpatched security issues or vulnerabilities

Recommended For: Public clouds are best for those businesses that are not looking for a high level of data security. They are also ideal for companies that are just starting and have minimal investment funds. Small to medium business owners may find that public clouds fit their budget where other options don’t. Public clouds tend to be preferred by software developers who need the convenience of easily scaling up their space without the massive infrastructure investment at first. Many developers, once finished, will switch from public to private for a more secure application.

 

 

2. Private Clouds

Private cloud solutions, on the other hand, offer a more secure solution for businesses that need their data to be accessible only by authorized users of a single organization. No other business or organization uses this private cloud. The actual infrastructure can be positioned on-site or accessed via a partner provider. Since private clouds are under your full control, there is no threat of sudden changes or shutdowns. You can also determine the hardware solutions, when maintenance is done, and much more.

However, there is a downside: the cost. While private clouds can be an ideal option for businesses with strict data collection and storage regulations, they can be very costly. This is because, unlike public clouds, your company is assuming the full cost of maintaining the servers in your private cloud. With public clouds, the maintenance and upkeep cost are shared between every business that has rented server space.

Another factor that affects the cost of a private cloud is scalability. With public clouds, you can use the massive amount of available space to expand easily. With private clouds, though, you will need to add more infrastructure and software to expand. This cost makes scalability time-consuming and expensive for any organization regardless of size. The trade-off of having full control of your private cloud is that you also are completely responsible for all costs, upgrades, maintenance, and security.

Pros

  • Only your business and those you allow can access your private cloud
  • Take advantage of customizable security and other features
  • You have full control over the hardware and software used in the cloud
  • There is no risk of sudden changes or of the provider shutting down
  • Private clouds can be hosted on-site or accessed online

Cons

  • Because the financial responsibility for the private cloud all falls on you, the cost is higher
  • Private clouds are expensive to quickly scale
  • Small or medium-size businesses may not have the budget for this option.

Recommended For: Private clouds are highly sought-after by businesses who work in industries with highly restricted data regulations. These include financial organizations, government agencies, healthcare providers, and schools. These businesses do need to have a large budget, however, because private clouds are costly. This is especially true if your business is on the verge of scaling up and will need to expand its cloud.

 

Top Cloud Computing Frequently Asked Questions

Types of Cloud Solutions BACS IT

3. Hybrid Clouds

As the name suggests, hybrid clouds offer features of both private and public clouds. In this solution, businesses can utilize public clouds for some aspects of their business and private clouds for others. The hybrid model allows for seamless interaction between both private and public platforms. There are typically two ways to utilize hybrid clouds.

The first is called cloud bursting. In this configuration, private clouds are used as a primary solution to store data and house exclusive business applications in a secure environment. Public clouds are used as a backup resource to ensure that these exclusive applications operate seamlessly when user demand increases beyond the private solution’s limits. This solution helps save your business money because you don’t have to buy more infrastructure or servers to handle high demand. If you did buy more private servers, you would then have more infrastructure than you need during less busy times. It wouldn’t be an efficient use of resources.

The second hybrid model is based on using public clouds for outsourcing non-critical business applications. These non-critical applications include basic productivity tools and other applications or CRM tools. However, your exclusive applications and data storage are housed in private clouds for more secure access. This multi-cloud architecture allows businesses to take advantage of private security for regulatory needs while still enjoying cheaper public computing for basic tasks. For example, you likely do not need to house Microsoft Office 365 or Adobe Lightroom on a private server, so those SaaS solutions could reside on public clouds.

Pros

  • Allows for a cost-effective solution that combines private and public clouds
  • Ensures a business can always meet user demand
  • You can customize your private cloud’s security to fit your needs
  • Secure data is more protected, while common applications can be more easily shared

Cons

  • Can be more difficult to set up and maintain
  • Can make business data more susceptible to threat when user demand is high
  • The cost of setting up a private cloud still applies

Recommended For: Businesses who deal with frequent spikes in demand. Some well-known businesses that use this hybrid model include Airbnb, Uber, and Netflix. Small and medium-sized businesses may not need this capability. The high cost of setting up a private cloud is also a factor for those with restricted budgets. While they are not as common as public or private clouds, hybrid clouds do have their uses. You may find that this solution offers you the best of both worlds.

 

 

4. Community Clouds

While the first three cloud solutions are the most common, there is a fourth option: community clouds. This solution is commonly used by businesses within the same industry. They work essentially as private clouds, but they are shared among a handful of companies. This model creates a multi-tenant environment similar to that of a public cloud. You share the cloud and its resources with other companies, but you also share the cost. This reduces the high cost of infrastructure and software that come with private clouds. The members of the business that use the community cloud jointly manage it. Community clouds can be housed on-site, such as in a shared industrial building, or at a data center.

Pros

  • Much cheaper than a single organization private solution
  • Allows for optimal data security at more affordable costs
  • Combines the scalability of a public cloud with the customization of a private cloud
  • Decisions are collaborative rather than controlled by the cloud provider

Cons

  • Network security depends on effective management of infrastructure
  • You do rely on the other businesses sharing the community cloud to share in the cost

Recommended For: Common users of community clouds include those in the financial services sector, healthcare organizations, and government agencies. Any company that feels comfortable sharing a cloud with other businesses and needs the benefits of a private cloud may want to consider this option.

 

Selecting the Right Cloud Option

Now that you understand the basics of these four options, you need to select one. There are benefits and drawbacks to public, private, hybrid, and community clouds. That’s why selecting the right one for your business is vital. There are several factors you can use to eliminate some of your options:

  1. Price plays a significant role in your ability to choose the ideal solution for your business. You may not have the money in your budget for a private or hybrid solution. Smaller or new businesses may need to pay especially close attention to the cost of their cloud.
  2. Security Requirements vary depending on your industry. Some government regulations may require your business to have a private solution for data storage. Make certain you understand what data regulations your industry must follow and select a solution that meets those requirements.
  3. User Demand, for some businesses, fluctuates tremendously. Having the available infrastructure to handle high times of demand is a must to keep customers coming back. If your business has this fluctuation, you will need a solution that offers scalability and flexibility without additional costs.
  4. Industry Partners can be a great asset to save money on data storage and operation solutions. Those with many industry partners may opt for community clouds instead of bearing the full cost of a private cloud. However, you want to select partners who are stable and will be reliable for many years.

You will need to fully analyze your business and your needs as well. Once you have a good understanding of what you need in a cloud, you will be able to see which options can be discarded.

However, the cloud solution that is right for you today may not be right five or ten years from now. Fortunately, migrating from public to private or hybrid solutions is easy. You will want to re-evaluate your cloud solution annually or every few years to make certain that it still meets your needs. If it does not, it may be time to consider moving to a different option.

New call-to-action

 

Let BACS IT Help You Find the Type of Cloud Solutions That Will Work Best for You

Choosing a cloud solution requires diligence and understanding of your business’s various options and the many benefits that those options can provide. By analyzing the benefits and your needs, you should be fully capable of selecting the right type of solution for your business.

cybersecurity trends

TECH TALK: 7 Trends You May Have Missed About Cybersecurity

By | Data Protection, Security

At any given point in time, there are numerous trending topics in cybersecurity. Change is one aspect of technology that we can always depend on, and that’s a good thing. We’re able to do more in less time than ever before. Of course, advancements in technology goes together with the cybersecurity landscape. As someone who has a key role in IT, keeping up with changes in technology and cybersecurity should be a routine task. However, there trending topics that are just beginning to emerge that you may not yet be aware of.

Here are seven cybersecurity trends you may have overlooked:

1: Bring Your Own Device (BYOD)

2: Internet of Things (IoT) Devices

3: Fifth Generation (5G) Technology

4: Social Engineering

5: Bitcoin Ransomware

6: Smart Contracts

7: Insider Threat

New call-to-action

1: Bring Your own Device (BYOD)

 

BYOD programs that allow employees to use their personal devices to access business assets on the job have been accepted by IT programs for a while now. They can be a bit unwieldy in terms of control, but the benefits to production and costs are difficult to ignore. Unfortunately, the security concerns are increasing. The main concerns with allowing personal devices to access a corporate network is that IT personnel are usually not aware of their connection to the network, there is usually minimal security features, they are easily stolen or misplaced, it is difficult to control how employees use them (they can easily download apps).

History has proven that the concerns listed above are serious. In 2017, the cryptocurrency firm Bithumb experienced a data hack that was traced to an employee’s home PC. That data breach exposed the personal information of 30,000 of the Korean company’s customer base.

If your organization supports a BYOD program, you can mitigate your risk by first developing a policy that outlines the requirements for use in the organization. It is a good idea to add controls to your organization’s Wi-Fi. These are often easily accessible by anyone who knows the password. There should be an acknowledgement before a device can connect to the organization’s corporate network. This could consist of requiring employees to register any device they want to connect to the network and implement security safeguards such as multi-factor authentication. You might also consider implementing a Mobile Device Management System (MDM) that functions like a global positioning system (GPS). These toe a fine line to privacy infringement, but there are MDM systems available that are less invasive.

 

2: Internet of Things (IoT) Devices

 

Wikipedia defines Internet of Things (IoT) as a “network of physical objects—’things’—that are embedded with sensors, software, and other technologies for the purpose of connecting and exchanging data with other devices and systems over the Internet.” While IoT devices include many of the popular smart devices that individuals use on a regular basis (watches, fitness trackers, alarms, biometric scanners), there is a growing use of these by organizations. For example, the healthcare industry uses IoT-connected sensors to improve the services they provide to patients.

The main security concern for IoT devices is the amount of data that is shared among interacting devices. According to a report by KPMG, 84% of IoT adopters have experienced a security breach. The advisory and audit firm offers the following three best practices for securing IoT devices:

  • Asset management – know the devices that connect to the organization’s network and the path they travel once they are outside the organization’s network.
  • Device Security – In addition to granting only authorized users access to business data using IoT devices, make sure these devices are protected by antivirus and encryption software, are kept updated with the lasts security software, and are monitored for suspicious activity.
  • create a vulnerability management program – “identify and fix weaknesses with a device”

 

3: Fifth Generation (5G) Technology

 

The growing use of IoT is stressing our mobile capabilities. The good news is fifth-generation wireless technology has arrived! Just as with its predecessors, this advancement in mobile communication offers faster download speeds, decreased latency, and more network capacity. The transition to 5G is just beginning and is predicted to reach full evolution by 2022.

Many of the cybersecurity risks associated with 5G networking will be addressed through the network’s builders. However, there are more responsibilities of IT departments. The increase in bandwidth that 5G provides also increases network monitoring tasks for IT departments. With data traveling much faster on the network, new strategies for monitoring the traffic will be necessary. 5G also transitions from a network that is based on hardware switching to one that relies on software digital routing. IT departments that are unable to keep up with the 5G advancements can expect an increased threat of distributed denial-of-service (DDoS), man-in-the-middle (MiTM), and botnet attacks.

 

4: Social Engineering

 

According to Verizon’s 2019 Data Breach Investigations Report, social engineering threat actions in data breaches have increased significantly more than any other type of threat in the past seven years. In the past, phishing (pretending to be someone else to persuade an individual to disclose their personal information) has been the most used form of social engineering.

The social engineering threats that are trending now include the following:

  • Smishing – Phishing via phone calls or text messages
  • SIM Swap – Fraudulently switching another individual’s mobile account information to gain access to bank and credit card accounts
  • Harpooning – Phishing by impersonating executives and using information from social sites
  • Pharming – Fraudulently installing malicious code on a PC or server. The code redirects any click to another fraudulent website without the user’s consent.
  • Deepfakes – Editing (using advanced AI technology) a legitimate video or voice clip for the purpose of acquiring personal information.
  • Vishing – impersonation via phone calls or voice message

Hopefully, your organization has already implemented email safeguards to detect and block suspected phishing communications.

Social engineering involves human interaction. The best safeguards are educating employees about the different types of social engineering tactics and how they should be cautious before responding to any type of communication, even if it appears to be from someone reputable. If possible, employees should use an alternate method to verify suspicious communications.

 

5: Bitcoin Ransomware

 

Using malevolent software for the purpose of blocking access to another’s system and requiring payment to unblock it is referred to as ransomware malware, or ransomware for short. This type of attack is often carried out by someone clicking a bad link that installs the ransomware on the system. The sophistication of the ransomware can vary. The most advanced types use encryption to prevent access to systems or files and require a decryption key. The latest form of requested payment for ransomware attacks is bitcoin because it is a digital currency that is quickly exchanged.

Ransomware is a serious problem. This was highlighted with the 2017 WannaCry ransomware attack that involved computer systems all over the world that had not applied a Microsoft software patch. Unfortunately, the trend is continuing. The most significant ransomware attacks as of June 2020 cost the victims more than $100 million to recover from the incidents.

Network and security monitoring software maker NetFort recommends the following five tasks to protect and recover from ransomware attacks:

  • Back up your data regularly
  • Make sure all systems that connect to the network have the most recent security updates
  • Implement anti-intrusion detection systems
  • Monitor network traffic for unusual activity
  • If a system is infected with ransomware, disconnect it from the network immediately and rebuild it

 

6: Smart Contracts

 

Blockchain, the technology that powers bitcoin, is being used in a variety of methods of exchange. Smart contracts are one of those. A smart contract is a daisy chain of encoded actions that are saved within a blockchain and digitally self-executing without the assistance of a third party such as a bank or attorney. Smart contracts are gaining popularity because of their transparency, speed, permanency, and non-editable characteristic. Although smart contracts are inherently secure (the data they contain are encoded), they are comprised of program code that is susceptible to vulnerabilities. The main security concerns with smart contracts are access control and undiscovered bugs in their programming code. One of the most newsworthy incidents occurred in 2017 when the code of a multi-signature wallet was exploited by a user by accident. The incident caused users of the wallet to lose more than $280 million because they were unable to withdraw funds from the digital wallet.

The best way to mitigate your risk with smart contracts is to:

  • Make sure the smart contract is 100% encoded (every record from start to finish). Access via private key should only be distributed to specific users.
  • Don’t lose your private key! Even better, your organization should consider engaging in smart contracts that use multi-access so that there is more than one point of failure.
  • Ensure the underlying code is bug free. This means to test, test, and test some more to make sure there are no vulnerabilities that malicious actors could take advantage of.

 

7: Insider Threat

 

An unfortunate trend that is increasing is that people who have or previously had legitimate access to an organization’s data may intentionally or unintentionally cause destructive actions. Insider threat occurs through multiple methods. An example of the significant damage an insider can cause is the ex-Cisco employee who caused $1.4 million in damages. The criminal left the company in 2018 and shortly thereafter installed malicious code from his old Google Cloud Platform account and subsequently deleted the nearly 500 virtual machines hosted by Cisco WebEx applications. Within two weeks, 16,000 WebEx accounts were deleted. In this case, the ex-employee somehow managed to maintain his access to Cisco’s cloud infrastructure after he left. It is not known how.

The Insider Threat Mitigation Guide  published by the Cybersecurity and Infrastructure Security Agency provides the following tips for establishing an effective inside threat mitigation program:

  • Identify and focus on those critical assets, data, and services that the organization defines as valuable
  • Monitor behavior to detect and identify trusted insiders who breach the organization’s trust
  • Assess threats to determine the individual level of risk of identified persons of concern
  • Manage the entire range of insider threats, including implementing strategies focused on the person of concern, potential victims, and/or parts of the organization vulnerable to or target by an insider threat
  • Engage individual insiders who are potentially on the path to a hostile, negligent, or damaging act to deter, detect, and mitigate

 

Conclusion

 

Is your IT department equipped to address the emerging cybersecurity threats? If you’re unsure, now is the time to determine your level of vulnerability and implement the necessary safeguards to ensure your organization’s assets are fully protected.

If you require assistance with assessing your needs and implementing the “right” IT security solutions for your organization, BACS can help. We are an experienced team of IT service professionals that work closely with clients to assess, develop, and implement security solutions that offer an ideal level of protection.