Has Your Company Data Been Compromised?

You might believe that your information assets are secure and your company’s security systems are keeping things safe, but how do you really know? While large scale financial services companies and other major corporations have the resources, highly trained technical staffs, and custom tools to monitor for and identify leaked data, most businesses do not. Companies with the resources are constantly scouring the internet, deep web and dark web for any indications that sensitive information has been exposed.

Now you might think, who wants my information or why would anyone target my company? It depends on an attacker’s motivation, or maybe its just a blind scan looking for vulnerable hosts by a potential hacker. If you become compromised perhaps access to your environment might be sold and your infrastructure used to email malware or house stolen data. Maybe your email credentials are compromised and someone is illicitly reading confidential communications. Whatever the outcome, certainly at a minimum, your business reputation is at risk.

Many companies that are compromised typically find out long after the initial occurrence, with time spans perhaps extending months into years. Typically breaches are not found by the company itself. Many times law enforcement or other 3rd party sources may advise a compromised organization of the unfortunate situation. 

There are organizations that take extensive proactive approaches to managing information security through the use of firewalls, intrusion detection systems and monitoring software, while also investing in various technical assessments, the approach does not take into account how to detect information that may have quietly been leaked to the internet in an isolated event or ongoing.

While building robust defensive measures have improved security for many corporations and helped protect many companies from network attacks it does not account for other sources of compromise such as theft of login credentials or compromise of a 3rd party service provider’s network connected to the company’s environment. In such instances data flows may likely be flagged as normal traffic and not detected by security management systems. In these instances companies may leak sensitive information over an extended period of time.

You may still believe that data breaches don’t apply to your company, but they do.  Unfortunately many employees may use the same email address, (name@yourcompany.com), and password for sites they access in their personal lives. A compromise of a third party site used for cooking recipes may lead to a credential compromise at your company, followed by a potential loss of sensitive company data. Maybe third party service providers that work with your company’s sensitive data may expose this information through a compromise of their own infrastructure, leading to your sensitive company information being for sale on the Internet. The point is if your information has been leaked to hacker websites, regardless of the manner in which this occurred, you really should care to know.

There are an emerging set of tools that gather information in realtime, not by directly scanning a company’s infrastructure but from querying public records and other illicit sources. These relatively new commercial offerings scan internet records, the deep web, and dark web to identify what is known that may be exploited or company data that may be for sale. This may include login credentials, proprietary data, compromised servers, client sensitive information, vulnerable hosts, or other assets. Employed ongoing, such tools can provide proactive alerting to enable a company to understand potential issues and develop realtime response strategies to protect the company and its reputation.

Network Management Solutions has been helping business navigate technology challenges since 1996. If you are concerned about what company data might be readily available on the dark web, please contact us for a free, confidential discussion. We can be reached at 908-232-0100 or on the web at www.nmscorp.com

Ransomeware Attacks Hit Home

Coronavirus (COVID-19) has proven to be challenging. For most of the US, this epidemic has been ongoing for near 9 months with a new wave overtaking the country once again. Businesses have shuttered, jobs have been lost, and financial insecurity has become an obstacle for many to deal with.  

As one of the ongoing complexities, COVID-19 has shuttered in-school learning for many US students. Several US school districts including Baltimore County, MD announced that online learning had been impacted for 115,000 students due to an apparent Ransomware attack. As parents struggle to maintain a somewhat normal learning experience for their children studying from home, lacking information security practices within the information infrastructures are paramount in these disruptions. 

So what is ransomeware and how does this impact a compromised organization? Ransomeware is malicious software designed to deny access to an organizations information assets, files and or services. The perpetrator having compromised the target organization demands a ransom payment prior to restoring access to the locked data. In the case of Baltimore County, it has been reported that access to online learning tools and grading systems have been disrupted. 

Cyber insurance policies are available to facilitate ransom payments should such an attack occur within an insured’s environment. Many organizations choose to pay the ransom through insurance or directly if not insured. The cost of ransom payments have risen with many payments now being 6 figures or larger. Other organizations that choose not to pay a ransom spend millions trying to restore systems.  Atlanta Georgia in the spring of 2018 chose not to pay a ransom of $52,000 and instead paid a reported $2.6M to recover. 

While an insurance policy payment may reduce the recovery cost of an outage it does not account for the lost time of a disruption and only encourages further ransomware attacks. Ransomware attacks accounted for 41% of policyholder claims, insurer Coalition stated in its 2020 “Cyber Insurance Claims Report,” released in September of 2020. In some instances insurance companies have denied claims with excessive damage as in the case of NotPetya.

According to a Dark Reading article Maryland State auditors found a variety of vulnerabilities that could have lead to the incident in Baltimore County. While there is not clarity yet in the Baltimore County incident, it should be noted that ransomeware attacks have been ongoing for many years and most propagate due to unpatched systems. Typically, exploited systems are Windows based. Impacted systems in the case of Baltimore County have been reported to be Windows based.

At what point do we demand that organizations who maintain our personal information and upon which we rely on make certain that vulnerabilities are minimized? Individuals that are placed in technical roles must be held accountable in some manner as well as their management teams should they choose not to appropriately address ongoing maintenance of the systems and applications for which they are responsible. 

The most formidable defense against most cyber attacks beyond a properly designed infrastructure, is to establish reliable ongoing patch management and update processes for the entire infrastructure. While some may have you believe that this is a complex endeavor and perhaps it is in a very large scale environment, once established the organization’s ability to withstand cyber attacks is significantly improved. Choosing not to establish the proper protocols either through in-house staff or consulting resources is a dire mistake.

Network Management Solutions has been assisting organizations to properly design, implement, monitor and manage information technology infrastructure since 1996. We are available to assist your company in navigating the technical complexities associated with your business infrastructure. Call us today at 908-232-0100 for a free, confidential discussion on how we can assist your business and support your ongoing information security and technology goals.

The importance of online privacy

Online privacy is a topic that is often misunderstood. Many people believe that since they are not involved in doing anything wrong that there is nothing to hide and therefore online privacy is not an important issue. However, online privacy is more about service providers profiling you, including your likes, dislikes, habits, beliefs and beyond, so that you can be the target of advertising, misinformation, and beyond. Ultimately, service providers you have trusted use your information to generate revenue. Who knows where it all goes from here and perhaps one day that profile intersects with insurance companies, healthcare providers, employers, and government if it hasn’t already.

Everywhere you travel, every move you make, the nuance of your writing, emails, phone conversations, essentially everything you do, is being logged and analyzed through artificial intelligence with the aim of monetizing the information. We are all subjected to a conglomerate of big tech company experiments. While corporate attorneys may have written language in their terms of use agreements for the applications or services we use, explaining how your information may be used, most of us never bother to read or consider the impacts of misuse.

We are barraged by privacy statements with many sites now asking you to accept their use of cookies and privacy policies.  Here is one of note:

“YouTube Privacy Warning”

“YouTube (owned by Google) does not let you watch videos anonymously. As such, watching videos here will be tracked by YouTube/Google.”

Have you ever turned off location services for Apple Maps 0n your iPhone only to have it tell you later that your car is parked 150 feet away? Did you know that Alexa has features that allow it to listen and record private conversations and forward them on to contacts? Do you know when Alexa is listening or any other “smart” devices? Have you ever had Siri speak to you when you weren’t talking to her? The point is we don’t know how a lot of the technology works and what happens with the associated data. Have we invited devices into our homes and businesses naively thinking they’d help without considering adverse consequences? How often do you see advertisements for products that you were viewing online elsewhere being presented to you as an advertisement on social media or another website?

Big tech is doing its best to monetize your private information by either directly targeting you with adds, or through the sale of your private information to other data mining companies. Google now buys credit card data so they can better understand your purchasing habits to better target adds and know when you bought an item after an advertisement was presented. Online marketing campaign metrics have become very precise.

So still, why care about privacy? The Cambridge Analytica scandal speaks for itself where a vast amount of personal information was provided by Facebook and shared with Cambridge Analytica who exploited the information for political purposes during 2016, targeting profiled potential voters with disinformation in attempt to get them to vote a particular way. This was business as usual for Cambridge Analytica who had been helping politicos win elections throughout the world with its tactics. Weaponizing personal information is clearly crossing the line.

The free services model being provided by companies like Google and Facebook are at the heart of the problem where services like email and social platforms are provided in exchange for users personal information being collected, analyzed and eventually monetized. Unfortunately our representatives are underwhelming in there knowledge of and response to the problem. This was demonstrated during a 2018 US Senate hearing where senators asked questions of Facebook’s CEO such as how do you make money. Between lobbyist and uninformed representatives we have little hope in solving the core issues in the near term.

So how can you begin to protect yourself? 

  • For starters take care in how you utilize online platforms such as Facebook and other social media applications. The questionnaires that your network routinely share that seem harmless are utilized to directly profile you and may be later used against you in the form of advertising and disinformation campaigns.
  • Use Internet Security Software that blocks website tracking by web analytics, ad agencies, behavior trackers and social networks.
  • Consider utilizing VPN services that can enable you to browse anonymously and encrypt your data end to end, so that your activity is not tracked by your Internet Service Provider nor intercepted by prying eyes.
  • Utilize web browsers, email platforms, search engines and internet security software, or services who have stated missions to support your privacy.
  • Some names that come to mind are Mozilla, Proton, DuckDuckGo, among others.

Network Management Solutions has been helping business navigate technology challenges since 1996. Please contact us for a free, confidential assessment. We can be reached at 908-232-0100 or on the web at www.nmscorp.com

Managed Service Providers – Strategic Investment or Cost Reduction?

Many businesses will tell you that they initially decided to engage a Managed Service Provider (MSP) to reduce their information technology costs or avert adding additional employee resources. Fast forward to 6 months later and those same businesses may speak of the strategic value they have gained from the financially motivated move. While it is true that the right MSP can help control costs and expand resources, the right MSP can also bring considerable strategic value that was perhaps not part of the initial business decision.

Persistent ongoing security threats and continuous operational tasks place a significant burden on internal IT resources responsible for managing the company’s systems and networks. While properly trained full time resources often provide excellent support, in many small to mid-sized companies these resources are stretched beyond limits leading to missed tasks that can negatively affect service and security levels. Over time a once efficient and secure infrastructure can become exposed to slowdowns, outages, data losses or worse yet, compromise. MSP resources can be a welcome addition to help assess, patch, configure and restore the infrastructure to its former state. 

Managed Service Providers can add to an organization’s technical depth and know how specific to tools, approaches, and methods to maintain and improve service levels and security. MSPs interface with its customers through Standard Operating Procedures tailored to client requirements. These procedures help define service delivery, improve efficiency, and communications between the organizations. Additionally, custom tool sets used by MSPs can be leveraged to identify potential weaknesses before problems impact business operations or security. 

Simple vulnerability assessments can identify unpatched systems that are vulnerable to exploitation. As has been the case for many years, attacks continue to propogate through improperly patched systems. Unfortunately, many unchecked systems and networks have vulnerabilities that persist, raising the probability of an inevitable compromise. Simple ongoing systems maintenance has a significant impact on improving an organizations overall security profile and operating availability. However, many companies do not maintain proper patch management across their networks, systems and applications. Whether your business operates its own infrastructure or uses cloud services, ongoing systems management and maintenance is still a requirement.

A MSP brings value not only in the services which it provides but also in the knowledge of what is available and should be done in order to protect an organization. Ask any of the municipalities, government offices, or others that have spent millions recovering from recent attacks which were propagated through unpatched systems, certainly they would do things differently to avoid the events if they could go back in time. To believe there is little chance for your organization to fall prey is a mistake.

So what are some improvements a Managed Service Provider can provide its customers?

  • Improved service levels
  • Expanded knowledge and resources
  • Monitoring and assessment tools
  • Improved security posture
  • Improved processes and efficiency
  • Increased awareness 
  • Proactive planning
  • Personel redundancy
  • Reduced operating costs

While not an all encompassing list the above can provide significant improvement to any organization and its business infrastructure.

Network Management Solutions has been providing custom information technologysolutions since 1996 for large, mid-sized and small businesses.  We provide a variety of design, assessment and managed services customized to meet your business needs. Please call us at 908-232-0100 for a complimentary, confidential discussion of how Network Management Solutions can help your organization better manage its technology challenges.

Is your business at risk from a trusted employee?

All businesses depend on their employees regardless of their size. Trust is foundational in ensuring the business operates as required, customer needs are met, and intellectual property or regulated data is protected. While many companies are focused on protecting the business from external exploitation the thought of exploitation from insiders is many times missed.

Both Twitter and Trend Micro reported in November to have fallen prey to malicious insiders with legitimate access to sensitive company information. In both cases it appears that the companies did not discover the misuses by their own measures but became aware through 3rd party sources, long after the unwanted activity was initiated. Alarmingly, Trend Micro is a cyber security company which goes to show that even the best can get taken advantage of. Insider incidents are not new and are thought to account for one-fifth of all data breaches.

In the  case of Trend Micro the company indicated that 68,000 customer data records were provided to a 3rd party source who used the information in attempt to scam Trend Micro customers. In the Twitter leak, information was being provided to the Saudi government and Royal family pertaining to individuals who were hostile to the current regime. In both cases motivated employees provided the privileged information.

So what impact could a data breach have on your business? According to IBM the cost of a data breach in a small to medium business (SMB) with fewer than 500 employees averages $2.5M or 5% of annual revenue to remediate the issue. Regulated data such as in the case of Healthcare, averages $429/record, so the overall cost could be significantly higher to remediate the issue. Beyond cleanup costs a data breach can be devastating to a company’s reputation and the resultant loss of business can overcome many companies.

There is tremendous focus on the right tool set being the answer in solving complex information security issues. While investments in software, hardware, personnel, and training are all pieces in a complex puzzle, detailed processes and procedures are as critical as all of the other investments and without such, all investments are rendered ineffective. To many technical staffs the tools are exciting, but the process and procedures that insure the tools are generating manageable alerts for support staff may be viewed as ominous and are never fully implemented.

Without a proper implementation, many times events are generated and logged to some database server and alerts to supporting staff are never generated, or there are so many alerts that a support staff becomes overwhelmed and the response is to silence or ignore the alerts. When a third party source such as law enforcement contacts the compromised company and an incident response team is hired to investigate the breach, logs of malicious activity is often found tucked away on some database server that was never configured to alert support staff. Many times the malicious events have been ongoing for months to years.

Ask yourself or your employees:

How does the company monitor security alerts?

Is privileged user access to sensitive data audited on an ongoing basis?

Does the company use an internal audit function that is outside of the information technology group or use 3rd party resources to review security?

Are processes and procedures reviewed on an ongoing basis by an independent audit function?

Are the processes and procedures updated on an ongoing basis as the business and technology changes?

Does the organization perform regular incident response testing for data loss, systems outages, component failures, or other potential business disrupting compromises?

In the case of Twitter and Trend Micro a simple ongoing audit of privileged user access may have identified the malicious activity at its commencement saving time, reducing reputational risk, and significantly improving the company’s security profile.

Network Management Solutions has been helping organization since 1996 to establish sound information technology networks, systems, processes and procedures. Please call us at 908-232-0100 for a confidential consultation on how we can assist your business in managing the security of its information assets in a continuously changing world.

Ransomeware – Should You Be Concerned?

There has been a lot of news lately regarding ransomware. What is ransomeware and should you be concerned? Ransomware as defined by CERT is a “type of malicious software, or malware, designed to deny access to a computer system or data until a ransom is paid”. Theft of proprietary information, credit card data, or personal information is not a motivating factor, taking control of vulnerable systems and denying access to the information is. It’s essentially a kidnapping of your IT environment. Ransomware can spread through direct targeting of a system, phishing emails or by unknowingly visiting an infected website.

Ransomware attacks started out primarily with individuals and it origins date back to the late 1980’s. Perhaps you know someone who paid a “fee” of $25 or $50 to have their computer “cleaned” of malware detected by some random third party organization. While it seemed to be somewhat suspicious that an unknown organization would detect your computer problem, for many it was just easier to pay the “fee” and move on. 

Ransomeware exploits today are aggressive, intrusive and demanding with Bitcoin or other cryptocurrencies being the payment of choice. While crypto platforms are not technically anonymous, they do provide opportunity to act anonymously. Crypto platforms make currency exchanges between wallets. The person(s) associated with the wallet are not identifiable in the transaction. In some places crypto exchanges are required to collect personal information but this is not the case in many places.

Ransomware attacks target individuals, corporations, governments, schools and even police departments. The ballooning monetary demands of ransomware extortionists are claimed by some as being fueled by cyber-insurance companies who prefer to pay claims to help drive new business. For an insured, having a ransom paid by an insurer is the quickest way to end a crisis and get back in business.

Lake City, Florida  at the end of June this year paid 42bitcoin worth about $460,000. The loss was covered by cyber-insurance with Lake City paying a $10,000 deductible. According to ProPublica, Baltimore, Maryland did not have cyber insurance and chose not to pay a $76,000 ransom payment and has spent $5.3M to date recovering locked files. Atlanta similarly balked at a $53,000 payment and has spent $8.5M to date on recovery. Another unnamed company chose to pay a $10,000 ransom payment when they realized that recovering their data from backup tapes would take weeks. Most recently, 22 municipalities in Texas were attacked simultaneously with extortionists demanding millions of dollars in ransom payments. 

Blaming insurance companies for helping escalate extortionist’s demands by paying claims is ignoring the elephant in the room. As business owners, managers and technologists, what is important is to focus on is how these exploits occur so we can prevent infection and its potentially devastating impacts. While having insurance as a financial tool is great, preventing the event is paramount to keeping the business operating.

Cyber exploitation occurs due to mismanaged or improperly patched systems, lacking processes and procedures, compounded by insufficient employee training. Unpatched computer systems are vulnerable to exploitation either through direct attack or by individuals browsing infected sites or clicking on malicious links. Once compromised, an inability to detect the breach allows the attack to propagate over time resulting in an ultimate loss of control over the organization’s systems and information. Without a proven disaster recovery plan, an organization stands little chance of regaining control in a timely manner.  

Some questions to ask yourself and your organization supporting your IT systems are:

Do we have a properly designed infrastructure?

Do we have a process to apply security updates ongoing?

Do we regularly backup our critical data?

Do we have a disaster recovery plan that is updated and tested on a regular basis?

Do we regularly validate our security posture, including audits and testing?

Are all of our methods documented and reviewed on an ongoing basis?

If we were to suffer an attack do we have a planned response, as well as the financial resources to recover?

Network Management Solutions has been helping organizations since 1996 design, implement, monitor and manage critical IT assets. Please call us for a free, confidential discussion regarding your IT challenges and goals. We can be reached at 908-232-0100 or on the web at www.nmscorp.com.

IoT, What You Should Know

Do you know what IoT stands for? IoT is the Internet of Things. It allows organizations and individuals to interconnect their home and business devices through a cloud (Internet) based service. Tech talk has been consistent since the beginning of time with its never ending stream of acronyms. If you’re like me you might find it a bit of a put-on. I guess originally tech speak was intended to make things sound important, technical, and beyond the average person. Today not surprisingly most industries have their own acronyms. 

Back in the mainframe days of the 1980s there were FEPs, Front End Processors; DASD, Direct-Access Storage Devices; and computing power was measured in MIPS, Million Instructions Per Second. Transmission lines were measured in KBPS, kilobits per second and there was no Internet yet. Computing resources and data storage devices were guarded by physical security such as, guards, video surveillance, card readers, as well as key locks. Companies that had multiple geographic locations and could justify the cost had point-to-point transmission lines providing remote access to mainframes and other computing platforms. Many times the remote terminals were kept in secured rooms that only authorized users could access. Security in general was simplified and data breaches far less common and certainly not headline news.

Today we live in a data intensive age where digital transactions build our digital footprint and influence how we are marketed to online. The average home today has greater processing power, data storage and global broadband access than many large corporate entities maintained in the early 1980s. Physical security controls while still important today have been augmented with a large array of technologies to monitor and manage information security at a physical, connectivity, application, and transaction level.

Cloud computing has become a serious alternative to multi-million dollar corporate investments, long timeframes and large support staffs providing pay-as-you-go pricing and the ability to scale globally on a near immediate timeframe. Millions of businesses use some form of cloud computing including startups, government agencies and the largest enterprises.

Amazon’s IoT Core has millions of customers and can connect billions of devices and process trillions of messages globally. Cloud computing is an incredible leap forward in computing technology in terms of its global reach, processing, scalability, and availability. While the technology is mind blowing there are still noteworthy security risks and downsides that are not addressed by simply implementing a cloud based infrastructure.

The Commission on the Theft of American Intellectual Property estimated in April 2018 the annual costs from the loss of intellectual property ranged from $225 billion to $600 billion. These costs are projected to rise to $6 Trillion worldwide by 2021. While there are many ways that thefts occur, including social engineering, technology transfer, hacking, the point is that there are risks regardless of how you run your business and that implementing a cloud based infrastructure is not a cure all.

Whether you are a small or large business securing end-point devices such as office computers, terminals, usernames/passwords, remote access devices, networking infrastructure and properly training employees to be able to identify potential fraudulent activity is critical. End-point devices need to be maintained though ongoing backups, updates and other processes. Finally if you are breached you need to be able to detect malicious activity and eliminate it in the shortest timeframe possible. Many of the largest breaches go on undetected for years leading to serious losses and business consequences.

Network Management Solutions has been helping small to medium sized businesses, along with some large global organizations adapt to the ongoing changes in networking and computing technology since 1996. Contact us for a free, confidential consultation. We can be reached at 908-451-1821.

Why You Should Care About Information Security As A Small or Mid-Sized Business Owner

You’ve seen the news, heard all the hype; Marriott, Chinese State sponsored hacking, DNC email leaks, along with Saks, Lord and Taylor, Panera, Facebook, Under Armour among others becoming victims of data breaches. You’ve probably also seen the TV shows and commercials portraying hackers and their potential targets being defended by some slick cybersecurity group. While it’s dramatic, what does this have to do with you, the small to mid-sized business owner or manager?

Perhaps at first glance little to nothing you would say. Who would want my company’s information, no one will target us you think. Well, while yes the big companies, political organizations, governments, and others are direct targets you may be a target as well, albeit indirect. 

While no named organization, or government entity is going to directly attempt to hack your company you may be the target of smaller groups that crawl the Internet searching for vulnerable anonymous systems. So why do they look to do this especially if you and others truly have nothing to offer you ask? Well, at the very least you have some information as well as servers or other infrastructure that is of value to the perpetrator.

Hackers have differing motives. Some may be in search of sensitive information such as credit card data or personal and private information, others may seek to take control of your systems to anonymously launch hacking operations on others from your systems, while others may look to store stolen information for sale, or host pornography. Many who conduct this type of activity may do so from Internet cafes in far off places with limited chances for prosecution. Many have little means and any payoff from compromising a system is welcome. It’s not glamorous like what you get from TV or the media, not dramatic but the ‘work’ pays off.

So how do they find me?

Hackers use simple scanning tools readily available as freeware and test address ranges, identifying networks that have weak security controls or improperly configured networks. While they may not have specifically targeted your company they may stumble upon your company as its Internet addresses lie within the range of their target scan.  

So what’s next?

When an IP address is found to have technical vulnerabilities the next step by the hacker is to exploit the vulnerability with more free pre-packaged hacking tools and see if they can gain access to your network or systems. With success additional tactics and tools will be employed to poke around inside the network to see what information or hosts may be readily available for compromise.

What’s the payoff?

If they do obtain records of value, such as credit card information they look to sell it to other criminals that will exploit the information.  Values vary but here are some rough numbers.  Credit card information roughly sells for  $5 to $8. Data that includes the number as well as a bank ID number or a date of birth sells for $15. “Fullzinfo” information, which may include details like a cardholder’s full name, address, mother’s maiden name, Social Security number, and other details, can sell for $30. $30 to someone that lives in a far away place may be more money than the average person normally sees in weeks or a month. Beyond that they may disrupt or take control of your system just to show they can.

What’s your potential harm?

The potential for reputational harm or an inability to operate may far exceed the value of any stolen data. You may loose customers, business partners and revenue should your compromise be known or legally need to be reported. Business impacts could be severe if you can’t operate for a period of time.  Beyond that you may find that you are facing lawsuits from customers or business partners.

While I can continue to write the Internet is full of information and articles related to this topic so don’t just take my word for it.  Take a look on your own though some simple Google searches.

We have helped numerous companies recover from hacking, viruses and other security events as well as strengthen defenses against random hacking. Please feel free to contact us at 908-232-0100 for a discreet, confidential discussion as to how Network Management Solutions can be of assistance to you and your company.

Why Your Business Needs A Professional Information Technology Team

You may run your small to midsized business with ad-hoc resources that support your IT infrastructure. What do I mean by IT infrastructure? You know your desktop computers, servers, internet connectivity, cloud infrastructure, all the technology ‘stuff’ that enables you to track inventory, bill for services, manufacture inventory, produce reports; all the things your business needs to operate. You may utilize an in-house resource for some IT things since they have perceived knowledge but it’s not their primary role. You also call on outside resources such as a local computer store, your Internet Service Provider, email hosting company, or others depending on the perceived issue.

You might think that you’re saving money by not having dedicated resources that can monitor, manage and secure your infrastructure but you are not. You might think that much of what an IT person or company would do is not necessary for your small or mid-sized company but again you are mistaken. Having provided services for over the last 22 years we have seen many companies make assumptions that they can get by until they find that their business is in jeopardy having suffered a data breach, data losses, system outages or other problems that now threaten the company and perhaps its viability.

What do outages and slowdowns cost your business over the course of a year? If you or your employees cannot work for an hour or two, or you can’t track orders or inventory, or if you can’t appropriately communicate with your customers for the day, or run a production line for an extended period what is the cost? What if your server gets compromised and begins emailing all your clients malware? In all these cases there is not only a quantifiable cost in dollars but perhaps also in loss of reputation. I don’t know about you but if I can’t count on the companies that I interface with I go elsewhere for the products or services I need.

At Network Management Solutions we have seen in many instances where companies cannot operate for days or beyond. Improper software or hardware setup can not only cause performance issues such as slow response but also lead to data breaches. Malicious phishing attacks are emailed on an ongoing basis, without proper setup an employee’s mistake of clinking on a link may lead to malware, compromised passwords and systems. Perhaps the real value of the IT infrastructure and the business reliance on it were not scrutinized until the small problems became momentous.  

So what  can a service provider do for you and your company? While no one can guarantee that IT problems will never occur, a professional services organization like Network Management Solutions can ensure that problems are reduced to a minimum and the effects of any outages are quickly recognized and mitigated.

A proper Managed Service Provider (MSP) will make certain that your infrastructure is appropriately designed to meet the business information needs, focusing on reliability, information security, and performance. This may include ensuring desktop computers are maintained, servers are updated, security patches are applied, outages are addressed in real time, and the overall health of the infrastructure is monitored to prevent and mitigate potential outages. Additionally, an MSP will identify design flaws and recommend measures that will improve service levels, security, and data retention. You can’t get these services from a full time employee acting as a part time IT resource, or a part time IT firm of 2 people that may be assisting other customers and cannot address your business needs for days.

If you are interested in protecting your business, its information assets, and the systems that help it operate while maintaining a fiscally sound approach we would like to speak with you. Network Management Solutions can be reached at 908-232-0100.  Please contact us for a free, confidential discussion to learn more about how we can assist your organization.

What Applications Are Running In Your Network?

Do you know the answer?  While perhaps your company is well equipped and can answer the question, many small to mid-sized companies cannot. If you find that you are among the firms that cannot answer the question you should take an interest in knowing.

Why you ask?  Here are five important reasons:

  1. Financial – Computing and network resources are costly. Resources that are utilized for non-business purposes consume precious resources and cost the company money. Some personal communications may be acceptable but there are limits that certain individuals might take advantage of.
  2. Security – Unauthorized or rouge applications may impact information security. When properly utilized as part of an overall strategy, applications such as Dropbox or Google Drive may be great for your business. However they may also provide a platform for lost data, data leakage, or theft if being utilized without company knowledge or appropriate safeguards. The problem may be further compounded when an employee has resigned and maintains the information stored on Internet devices.
  3. Productivity – It may be within the boundaries of your business policies to allow employees to use Facebook, Twitter, personal email, and surf the web within certain timeframes. Without being able to measure usage you may have undesired activity that negatively impacts productivity, is detrimental to the business culture, and or potentially creates a hostile work environment
  4. Piracy – Software piracy not only affects the developer but also the company that installs the software. An IDC study found that 37 percent of midsized companies that participated in software audits had pirated software within their environment. While there are obvious impacts to the developer with lost revenue and potential dissatisfaction of those using pirated software, many times pirated software contains vulnerabilities including viruses, worms and Trojans. Employee devices containing pirated software that are used within the business environment can contribute to compromise of  the company network.
  5. Reputation – With all of the online media your business reputation can suffer serious harm. Social media can help spread news around the globe in a matter of moments. With companies searching online for the products or services your company offers having bad things show up in search engines can directly impact your bottom line. News of a breach, low employee morale, or piracy can seriously damage the business reputation.

Engaging a consulting company that can perform regular audits of your business infrastructure or managed service providers that can monitor activity in real-time can be a cost effective solution to the problem.

Network Management Solutions has been providing pragmatic solutions for business since 1996. For more information please contact us.