Remote Access Risks – Protecting your data outside of the office

June 25, 2015 by Leave a Comment

Internet cafes, hotel rooms and airports can all be convenient places to catch up with work tasks. But how safe is your data when you access your office systems, email or financial accounts from a public place?  Well, in the age of tablets, laptops, and smart phones, the answer is complex—however, knowing these few facts can help keep your data safe.

Just like home burglary, Internet theft is most often conducted by opportunists. Online thieves are on the prowl for passwords and other information that can give them direct access to your confidential information, as well as your money!

Be your own security guard by following these three steps when you connect publicly with your laptop, tablet or phone:

1.) Check that the network requires a password and shows a lock icon next to its name, indicating it utilizes encryption. Without this, others can easily steal what you send and receive.  Alternately, if you do connect to an unencrypted network, make sure the accounts you access have encrypted login (authentication), and encrypt any sensitive data that you might exchange (the web address will start with https).

2.) Confirm that you have the latest security updates installed for your computer’s operating system, as well as for any applications. Cyber-criminals are clever, and OS and app updates help counter their latest tricks.

3.) Always utilize a system firewall or similar application, PLUS a full-featured Internet security software suite that includes traffic filtering, intrusion prevention, and anti-virus capabilities.  This will not only protect you in public places, but at home or in the office as well.

Besides policing your own devices, it’s also wise to be very wary of computers that are offered as a customer service in hotels, lounges, libraries and Internet cafes.  You put yourself at risk whenever you use these machines to access sensitive accounts or information, including email, because the browser cache could be configured to store your login credentials. You can’t know that an open-access machine doesn’t have malicious software installed to burgle passwords and information, so sit down at any public computer with extreme caution!

Finally, a special word of advice to business owners since employees now commonly work out of the office on a variety of personal use devices … Take the time to get assurance that remote access to your systems and data is properly configured to provide optimal security. Workplace servers that are left open to the Internet are easily compromised, with potentially disastrous results. Consult with professionals to minimize your system vulnerabilities and invest in mounting your best defense to protect your valuable information and financial assets.

Network Management Solutions is a proven service provider that enhances the security, manageability of IT systems for small businesses, while reducing costs.

For more information about our range of services, and helpful tools for evaluating your IT security, visit us at www.nmscorp.com

Filed Under: News Tagged With: , , , , ,

Are Shadow Cloud Services In Use Within Your Business?

March 4, 2015 by Leave a Comment

Shadow Cloud Services are unsanctioned networks and services that are subscribed to by individuals and business groups without the involvement or knowledge of Information Technology, Security, Compliance Groups, or others.  These services can pose serious risks to the business including data leakage, data integrity, business continuity, and regulatory compliance issues. This is a formidable exposure for both the small business owner and the larger enterprise.

The ability for an individual or group to procure services for collaboration or individual use at a low cost price point makes it an attractive way for some to bypass IT and do things “on their own”.  Services that fall under this can include collaboration software, remote storage, customer relationship and human resources applications.

There may be considerable financial implications in larger enterprises due to duplication of services.  However, there are business risks that can far outweigh operating costs, including loss of intellectual property and trade secrets, regulated data exposures and the breach of rules pertaining to data handling, along with business continuity problems.  For the small business owner a rogue employee(s) utilizing personal cloud storage could lead to serious issues.

In a survey, conducted by Frost and Sullivan, of 300 IT employees and 300 business unit managers 80% of respondents reported using SaaS (Software as a Service) applications that were not approved by IT.  This is the equivalent of business units running non-sanctioned manufacturing facilities, offices, or lines of business.

Skyhigh Networks recently conducted a study of 200,000 public sector employees with various organizations in the U.S. and Canada.  The study found that the use of shadow cloud services was on average 10 times greater than the applications that IT was running within these government organizations.  A copy of the report can be downloaded here.  This is a serious issue that must be addressed if the government is to protect our personal information and control costs.

The ability to identify unsanctioned or rogue usage can be a complex issue to solve for most organizations large and small.  The outcome however can be well worth the effort and potentially avert serious issues.

About Network Management Solutions

Network Management Solutions (NMS) has been helping companies address their business and technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia. For more information please contact us.

Filed Under: Uncategorized Tagged With: , , , ,

Preparing for Rouge Employees

November 17, 2014 by Leave a Comment

Just as it is important to prepare for hackers, it is critical to prepare for internal theft or inappropriate use of resources stemming from employees and contractors. We routinely hear from our clients that there is suspicion surrounding an ongoing or recently departed employee or contractor. Without proper planning the ability to confirm or deny suspicions can be full of navigational landmines, both legal and technical that carry a stinging price tag.

Having the appropriate protocols and tools in place can help avoid panic and enable the organization to quickly obtain the facts. A clearly communicated plan will also reduce employee and contactor sensitivity surrounding monitoring that might otherwise kill a company’s culture.

So what should be done and what are some of the pitfalls to prepare for this unfortunate yet inevitable situation?

You need to be certain of both company and employee legal rights. Assuming that the monitoring of company equipment without notifying those who use it can be a mistake. Depending on the state your business operates in, your approach will vary. Many states require the employer to notify employees of its monitoring practices. This might include email activity, websites accessed, calls made, internal and external sites visited, files accessed, text messages and other communications. The best approach is to make certain that employee handbooks and policies reflect your right as an employer to monitor and that your employees acknowledge this.  For specific information pertinent to your business we suggest that your in-house or other legal council assist in developing your approach.

From a cultural perspective it makes sense if you choose to adopt tools to monitor employees and contractors, that you spell out what can be monitored along with the internal procedures and approvals necessary to monitor employees.  This will ensure that employee rights are not violated and overzealous management doesn’t create a draconian environment. Clearly defining your policies and why the approach is necessary helps reduce potential negative consequences reflected in employee moral and productivity.  Both human resource experts, legal counsel, management and employee representation should be integral in defining your approach and the spirit in which messaging is provided to employees.

On the technical side here are some tips specific to areas that should warrant your attention.

  1. Define Objectives – including what information and activity should be monitored and why. Do this while paying close attention to the impact on company culture and other potentially negative impacts.
  2. Define Systems – including where is critical information housed and how is it shared within and outside of the organization.
  3. Define Access – including how are systems accessed and who has access to them.  Pay attention to both in house connectivity and remote access.
  4. Define Portability – including what information can be transmitted and through what means.  Consider all media that can be utilized including flash drives, email, print, mobile devices, and other platforms.
  5. Define Methods – including what type of monitoring should be implemented, who will have access, and how will use be audited.  Clearly layout the steps taken when anomalous activity is detected.
  6. Define Tool Set – identify the necessary tools to meet the defined objectives.
  7. Implement Plan – review performance of the tool set in accordance with objectives and adjust as necessary.

Being prepared can save the organization from data loss, lawsuits, organizational and reputational harm among other negative consequences while protecting the rights of employees and contractors.

Network Management Solutions has been assisting organizations since 1996 to build, monitor and manage IT systems with a pragmatic business centric approach.  Please contact us for further information.

Filed Under: Uncategorized Tagged With: , , ,

Securing Your Desktop Computers

May 22, 2014 by Leave a Comment

Perhaps you were aware that support for your business computers using the Windows XP operating system was being discontinued as of April 8, 2014, maybe not.   Were you able to compile an inventory of the Windows XP machines in use at your business or in virtual home offices of your employees and upgrade them?  Why as a business owner, office manager, or IT support person should you care and be motivated to come up with a plan if you have yet to?

Your business is vulnerable.  According to global security solutions provider Symantec, over 30% of targeted spear phishing attacks during 2013 were aimed at companies with less than 250 employees.  End of life support by Microsoft for the Windows XP operating system eliminates critical support updates that help ensure the security and reliability of the operating system as well as on-line technical information updates that help techies resolve issues when PCs have problems.  If you think that your virus software will protect your XP computers, you are mistaken.

Cyber criminals target organizations to steal and or store stolen information.  Small businesses are targets since stealth attacks or the storage of stolen information can persist for long periods of time without detection.  Targeted attacks result in malware being planted within an unsuspecting company that then provides hackers access to the target company’s computers.

As a business, you may have both legal and regulatory compliance issues, if you process credit cards and or store personal and private information such as social security numbers, driver’s license numbers, bank and credit/debit card numbers, healthcare records, etc.  Even if you don’t have such information, the loss or compromise of your company intellectual property and bank accounts, client data, and other sensitive information can lead to significant reputational harm, financial losses, and legal problems.

In an article published earlier this year titled “Why Your Small Business Is at Risk of a Hack Attack” Entrepreneur provides an overview of what is happening with the world of cyber crime.  This is a quick worthwhile read if you want to learn more of how and why your business may be a target.

Network Management Solutions has been helping companies address business driven technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia.

You may contact NMS to schedule a free one-hour no obligation consultation to discuss your concerns.  We will provide expert advice in simple business terms on how to best address your issues through NMS or another provider.  NMS can be reached by phone or email at 908-232-0100 or info@nmscorp.com.  More information on Network Management Solutions can be found at www.nmscorp.com.

 

Filed Under: News Tagged With: , , , , ,

Why Browser Maintenance Is Important To Your Business

April 28, 2014 by Leave a Comment

Late last month an Internet browser vulnerability was identified by security firm FireEye.  The flaw affected all versions of Microsoft’s popular browser Internet Explorer (IE). According to FireEye, the vulnerability allowed attackers to install malware on your computer without your knowledge or permission.  Once compromised, the system would be open to a variety of issues including theft of personal data, tracking of online behavior, or control of the computer.

The vulnerability was so severe that it caused both the US and UK Computer Emergency Readiness Teams (CERT) to recommend not using IE until the flaw was corrected. This sort of reaction by CERT is rare. While a patch was made available within a week’s time, your organization still had to apply it to vulnerable machines to remediate the issue. Anyone utilizing IE and other browsers should take note; some exploits are left without remediation for months or longer. Many organizations never patch vulnerabilities leaving them open to exploitation indefinitely.

Browser exploits are commonly utilized to infiltrate computer systems and the networks they are connected to. Exploit code is commonly placed within infected websites and launched against unknowing visitors that browse the site. Once a browser has been compromised through the exploit, software is installed to provide remote access and control of the machine. This is commonly referred to as a RAT or remote administration tool, Trojan, or backdoor.

Many exploits will send out a beacon signaling the remote attacker of the systems compromise. The remote attacker will access the machine installing additional software to exploit the local machine as well as hack deeper into any local network connections that may provide access to other computers, databases and networks.

What makes the compromised organization so vulnerable is that the hacking activities occur without obvious signs of the exploit.  The attacker can operate over long-periods of time ultimately uncovering some information that can be monetized. This may include: theft of banking funds, credit cards, customer information, intellectual property and more.

Compromises affect all organizations large and small. Larger entities may be newsworthy but small enterprises are also affected. eBay is one of the most recent big names to be compromised, however one-third of all attacks involve small business.

Your best line of defense starts with awareness, and the proactive management and response to the latest threats. Most maintenance does not involve the latest gadgets and security tools but more so an organized, pragmatic approach to managing the threats.

Network Management Solutions (NMS) has been helping companies address business driven technology issues since 1996. We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia.

Please contact NMS to schedule a free one-hour, no obligation, consultation to discuss your concerns. We will provide expert advice in simple business terms on how to best address your issues through NMS or another provider. NMS can be reached by phone or email at 908-232-0100 or info@nmscorp.com. More information on Network Management Solutions can be found at www.nmscorp.com.

Filed Under: News Tagged With: , , ,

Keeping IT At Pace With Business Demands

July 11, 2012 by Leave a Comment

I frequently speak with business owners that have done a remarkable job of building incredible businesses.  Their vision and ability to create a thriving enterprise never ceases to amaze me. Whether it is a NY metropolitan records storage company, a global manufacturer of goods, a local NJ services organization, or otherwise, the creativity, market knowledge, and the capacity to innovate and grow market share is impressive.

Unfortunately these same bright and unique individuals many times find their businesses stymied by information technology demands. We see a recurring theme that is a lack of information technology expertise and accountability to guide the business, meet operational demands, maintain the infrastructure and make sound information technology investments.  Many times the business owner or several employees on a part-time basis get to dabble in IT.  Ultimately this becomes a recipe for disaster.

Many small to mid sized business rely on 3rd party resellers to advise them on products, and or services, which have little to do with ensuring the solutions meet the business needs ongoing.  Or they have a break-fix person that is called in to respond to whatever the latest crisis is, patch things up and move on.

Network Management Solutions frequently becomes involved when an organization realizes that the manner in which they have been managing IT is no longer working.  This can be due to an extended outage that can’t be cured by the current provider, or in house “staff”, or repetitive outages or slow-downs that can’t be explained or resolved, or worse yet a theft or loss of information.

Network Management Solutions guides organizations to make sound technology investments, delivering 24×7 remote managed services, while maintaining accountability for the performance, reliability, and well being of the technology infrastructure at a price point below a traditional self-service model.

The Managed Service Provider model works well, if you have the right partner.  For additional information please contact us.

Filed Under: News Tagged With: , , ,

Keeping Corporate Information Safe

June 20, 2012 by Leave a Comment

There is much in the news about data breaches, information hacks, and data loss.  Such events when publicized can lead to a loss of reputation, brand damage, legal actions, and other undesirable outcomes.  Loss of data can also mean a loss of competitive advantage, damaged infrastructure, and monetary losses, regardless of the size and scope of the business.  If your intellectual property is important to your business it is important to others also.  This can include insiders who may profit from your vulnerabilities while under your employ or become your competitors down the road.

Thefts and losses occur from a variety of sources including both intentional and non-intentional acts. The threat landscape is complex, pervasive, and difficult to manage and mitigate.   Even the largest of corporations face great challenges in keeping pace with the onslaught of new technology, growing threats, and ongoing criminal activity.   Most small to mid-sized businesses do little to address the issues believing they are under the radar and safe from harm.  Unfortunately this is not the case.  So what are the answers?

As with any event that is difficult to control or predict, it is best to be prepared.  Preparations start with being well organized in all facets of the business operation, technology management, ongoing oversight, and the ability to respond precisely to a threat or compromise.  Ad hoc planning and response will not cut it as you are most likely to miss the early warning signs and destroy key information in your response.

Books have been written, courses taught, standards developed, degrees obtained, with professions and lives dedicated to being prepared. This is a complex mission and far beyond the scope of this article, however some food for thought follows.

What do the technology platforms look like in your business?  How are devices deployed?  Are there approved apps, devices,networks, deployment standards, acceptable use policies, ongoing training? If BYOD is part of  your business platform, do you allow devices that are jailbroken, run unapproved apps, and how do you monitor for data leakage?

What does normal traffic look like on your network?  Where does legitimate remote traffic originate from? What times are remote users accessing your networks and computing systems?  How do you detect anomalous behavior?

Building secure, standardized, stable infrastructure and understanding what normal activity looks like is critical in benchmarking security.  Additionally the ongoing monitoring and management of network access, traffic and transactional flows, and the monitoring of key applications are critical in the ongoing day-to-day management of the availability, performance and security of the information technology infrastructure.

Network Management Solutions provides robust design and management services that are a critical component in keeping corporate information safe.

For further information please visit us as www.nmscorp.com or contact us.

Filed Under: News Tagged With: , , ,

Ten IT Tips to Protect Your Business

February 21, 2012 by Leave a Comment

Strong IT practices are essential to the success of any business.  Lacking IT oversight can directly contribute to computer outages, lost data, data thefts, reduced employee productivity and ultimately business losses.  Many organizations struggle with the costs of IT or ignore proper practices until a catastrophic event occurs that threatens the viability of the business.

Break fix service providers, limited in-house resources, lacking tools or manpower to monitor activity do not provide the critical oversight necessary to protect the business.  Extended damages can occur when routine tasks are not managed properly.

Many small to mid sized business owners do not become aware of lacking IT practices until there is a crisis.  While other areas of the business may undergo risk review and mitigation, the information technology area is many times overlooked.  This critical mistake can cost the organization dearly. Lacking attention and oversight of IT  is unwise.  Here are a few tips to help management conduct some oversight of information technology.

1. Set a strategy and framework to guide all activity and ensure  an ongoing dialogue

2. Identify key company data and segment access on a need to know basis

3. Ensure that proper backups are run on a daily basis and that the data is securely stored

4. Ensure that OS updates are reviewed and applied on a regular basis.  Update Antivirus daily.

5. Implement software based firewalls that control application behavior on desktops and servers

6. Implement outbound filtering on network layer firewalls

7. Implement a web based email filtering service and  content filtering service for web browsing

8. Control the use of personal devices for remote access and remote desktop programs like LogMeIn

9. Baseline and monitor the availability, performance and security of your environment ongoing

10. Conduct regular third party reviews of IT practices, business processes, and compensating controls

Most important is to have the proper professionals engaged to manage the infrastructure, protect information assets, provide oversight, and reduce risk within your business. Network Management Solutions provides robust solutions, expertise and resources to complement and support your business objectives.  Please contact us for further information.

 

Filed Under: News Tagged With: , , , , ,

Management of Hosted Networks and Applications

January 20, 2012 by Leave a Comment

You have moved all your critical processing and applications to a hosted facility.  You have designed in all the fault tolerance and backup capabilities that would address any reasonable failure scenario.  Security is tight, the network is fast, latency is at an all time low and the cost of delivery is down. Mission accomplished, time to celebrate, right? Not exactly.

While you have been able to squeeze the design to get maximum performance and keep costs in line with projections you may have missed out on how to maintain that balance ongoing. The cost per square foot of data center space and or computer cycles and storage is at a premium. Your environment is a dynamic one and growth is inevitable.

In being a good steward, it is of critical importance that you can identify how resources are being consumed to keep pace with a growing demand. Unlike when you hosted your own equipment the cost to add a server or expand an application is more readily apparent as it will most likely appear on next months bill. Without performance management and monitoring  you may be lost for answers when management asks for justification.

Availability and performance management ensure that your finger is on the pulse of your infrastructure. Anomalies in usage may point to more than increased traffic to your sight or usage of core applications. There may be ongoing security issues you are unaware of, the latest generation of your new in-house application may be consuming inordinate resources and needs tuning, slow downs may indicate network segmentation is required.

Utilizing a third party Managed Services Provider can deliver significant benefit in managing your resources as well as reducing the cost in technical support staff.  Improved performance, expanded technical expertise, and cost benefits are obtainable with the right provider.  Network Management Solutions can assist in making your transition to hosted facilities an immediate and long-term success.  Please contact us to find out more about how we can help.

 

Filed Under: News Tagged With: , , , , , ,

What’s Slowing Your Network Down?

May 2, 2011 by 1 Comment

Its a simple question, but do you really know?  Do your IT staff have the time, energy, tools, and expertise to manage response times?  In many small to mid-sized organizations the answer is no and even in many of the the largest of organizations this is true.  Internal staff often have too many high priority demands that get in the way of network monitoring and management functions.  While perhaps in the early stages of a network buildout many small performance dips go unnoticed.  However over time network performance issues unchecked can become show stoppers.

Network slowdowns can originate from a variety of issues and may be indicative of overbooked resources, improper patch management, unwanted user activity, viruses, failing circuits, among many other issues. Without diligent management and monitoring of resources issues that could have been addressed without disruption now manifest themselves as major infrastructure outages. While many organizations may consider outages as part of the day to day, the overall cost to your business and its efficiency may be many times greater then considered and can be avoided.

Managed Service Providers are a great compliment to busy IT staffs providing robust monitoring and management capabilities that help improve service levels, reduce the cost of operations, protect investments the company has made in technology, as well as assist the business in meeting its goals. Network Management Solutions has been helping organization design, implement, monitor and manage their IT assets since 1996.  Please feel free to contact us at http://www.nmscorp.com/contact-nms/ to find out how we can assist your organization in meeting its goals.

 

Filed Under: News Tagged With: , , , , ,
« Previous Page
Next Page »