Tag Archives: Infrastructure

Why Cybersecurity is Important For Small Businesses

Posted on by

Most small businesses think themselves beneath notice in the larger corporate world. After all, without the need for IT systems or significant infrastructure, there is less to manage and fewer vulnerabilities to address. Anything related to technology is often an afterthought for small businesses, and many make the mistake of believing that cyber threats are not a potential issue.

The unfortunate reality is that cybercriminals are more than willing to prey on small- to mid-sized businesses, even with bigger targets available. Widespread adoption of technology has made just about every enterprise a potential target. Given the lack of focus on technological infrastructure and fewer resources to dedicate to systems monitoring or recovery after a breach, these organizations are especially vulnerable. And every company has data worth stealing, to sell or use as leverage. The loss of any sensitive information can cost a company in both reputation and capital.

For small businesses, a bit of investment in cybersecurity can keep records safe and ensure that larger losses don’t happen down the line. There’s no need for a dedicated IT team to take necessary precautions when it comes to adopting new technology or infrastructure. The first step is acknowledging that, while small businesses are vulnerable, they are not without options for their own protection.

Many cybersecurity breaches are the result of internal error—I can’t emphasize this enough. As a result, controlling for human mistakes such as weak passwords, clicking on risky emails, and using mobile devices on unsecured networks can go a long way. Many do not realize how many points of vulnerability exist. Small businesses should ensure that the tools in place are easy to use for employees that may not be familiar with these matters.

Mobile devices are such a massive point of vulnerability that it’s worth dedicating time to examine all of the ways that they can go wrong. Between the difficulty inherent in managing them, the risk of public wifi, and employees bringing devices from home, small businesses will have to account for every possible attack surface. Consistent regulation is necessary to ensure that personal and business devices stay safe no matter where they go.

For that matter, small businesses should consider regulating access to certain systems and technology. Though they may not have an IT department or dedicated standards for who can access what, these organizations should consider which systems each employee has a consistent need for. If an employee doesn’t require a system to get their work done, they should not have access.

Planning for a cyberattack should also account for the worst-case scenario of a breach occurring and ease the recovery process. Making backups of everything digital is the best and easiest way that a small business can protect themselves in the event of a breach and allow for the least downtime when something goes wrong. The investment to create on- and off-site backups is minimal, but the safety it provides is huge.

This is only a small sample of the tactics that small businesses can consider when investing in cybersecurity. VPNs, software audits, and proven antivirus software can also provide an additional line of defense. However, any small business should recognize that precautions do not guarantee safety, and may want to consider investing in the services of a third-party cybersecurity firm to assess risk levels and provide scalable solutions. Technology will become even more involved in business, and safe adoption is important for businesses of all sizes.

 

Teaching Employees Cybersecurity

Posted on by

As the weather gets warmer and employees start looking forward to their vacations, enterprises should be wary. While the summer is seen as a time to be outside and active, many cybercriminals are waiting to take advantage of an unwary organization and steal sensitive information.

This is in part because employees on the move are more likely to access unsecured wifi networks. Public wifi may be convenient, but it can risk the compromise of sensitive data. For organizations, it may be difficult to respond. Not only is it nigh-impossible to track wifi usage outside of the office, but having fewer staff during the summer months can reduce response time in the event of a breach.

Some companies may invest in full time staff meant to screen against a breach. However, this is often not effective, especially if the staff are not specialized in cybersecurity. Combined with the cost of labor, maintaining a defense in this way is not cost-effective.

The solution lies in stopping the problem at its source—the people that can cause a breach. Many employees may not even be aware of the problematic conduct that can lead to a cyberattack, and awareness goes a long way. Paying to train employees against a cyberattack may be a more effective use of revenue than paying full time IT staff to hedge against breaches.

Of course, teaching employees the principles of cybersecurity is something worth spending time on and executing correctly. In many cases, enterprises may have security training in place due to compliance laws. This is often done as a way of checking boxes rather than providing any meaningful education.

For instance, some types of training may be entirely online, with employees required to read a short pamphlet and complete a test verifying that they understand its contents. This approach, though simple for management, does not foster good retention and may not adequately cover the types of threats an organization might experience. It’s all too easy to grow complacent with training, even as its limitations open up new attack surfaces for cybercriminals.

Generally, the best way to train involves small groups of five to ten employees. Training should involve roleplaying several common scenarios and teach employees how to spot red flags and respond to potential problems. Threat assessment should be the priority for training, as many may not know what a potential cyberattack looks like.

Threats can take many forms, both digitally and physically. Phishing schemes are the most common, with an innocuous-looking emails downloading a payload that can sit on an employee’s computer for some time, compromising the machine and even spreading to others. Other red flags can happen in a workspace, such as an individual masquerading as an IT professional and planting problem files on a computer under the guise of performing work.

Whatever the nature of an attack, employees should feel empowered to not only detect these red flags, but report on them as well. It does an organization no good to criticize an employee that raises a false alarm, as this can discourage them from speaking up in the event of an actual problem.

When it comes to dealing with cyberattacks, preventing them is vastly better than containing them once they’ve started. Because of this, it’s worth examining an employee training program geared toward an enterprise’s needs. New attack surfaces mean new issues, and training that starts before cybersecurity becomes a problem can pay dividends—even if an organization doesn’t know it.

Gartner’s Guesses—Predictions for IT in 2018

Posted on by

As another year begins to draw to a close, industry experts are already looking to the future. The IT industry has been dynamic over the past few years, with innovations such as improvements in cloud computing, machine learning, and even IT management propelling it forward. At the recent Gartner Symposium/ITxpo 2017 in Orlando, FL, Gartner took a shot at the future of IT, painting a picture of the industry as being more integrated with business than ever. IT is now so central to operations that businesses can no longer afford to isolate their departments, and Gartner knows this.

Since IT is often a means of improving products/services and generating additional revenue, Gartner’s central point was that professionals in the industry will need to have a working grasp of business tactics and company goals. From there, they can set up IT departments that maximize technology usage to meet these goals. CIOs, Gartner believes, will become more integrated than ever into business operations and become important collaborators for the companies they work for.

One trend that Gartner discussed was cryptocurrency. Starting as a technological curiosity, cryptocurrencies such as Bitcoin have since attracted significant interest for their value in facilitating swift and secure transactions. While working cryptocurrency into business models has proved to be slow going, Gartner predicts that over $1 billion in business value will be derived from it by 2020. They were also optimistic about the future of IoT-enabled devices, predicting an upsurge in these products with smartphone integration.

However, there were other trends that Gartner was less bullish about. The aforementioned prediction of IoT devices came with the caveat that that billions of dollars will be necessary for companies to safely harness this technology. IoT devices are almost famously difficult to completely secure given network decentralization, and their usage would divert funds that would otherwise be spent to improve cybersecurity.

The use of AI was also the subject of controversy for Gartner, with the company citing it as a potential contributor toward a future age of digital mistrust. While they praised the ability of AI to help inform business decisions, they also believe that its use on the web will hasten the spread of false information. This has social and financial implications, with Gartner stating that a major fraud as a result of these prolific falsehoods will occur by 2020. Commercial projects to detect and halt fake news have already begun, and a tenfold increase in these projects is predicted in the coming years.

Still, IT is slated to prosper. As its role in business changes and it becomes more integral to operations, the industry is expected to grow, with a predicted 2.3 million jobs being created as opposed to 1.8 eliminated. Early adoption is, as always, important in the IT sector, and one of the latest trends, visual and voice search, may be the next big investment. Both are growing quickly, and large tech companies are expected to invest in improving their visual and voice query offering through the use of AI.

There is a lot on the horizon for IT. While these improvements will undoubtedly be a boon for the companies and individuals that harness them, a level of caution is necessary. Much of this technology is relatively untested, posing security and operational concerns for businesses. Now more than ever, a need for skilled professionals is arising to ensure that companies are able to adopt in an efficient and safe manner.

How To Harness the Hybrid Cloud

Posted on by

Hybrid cloud models have become even more prominent than ever before, with many companies demonstrating a need for both private and public clouds. As with any other IT solution, making a hybrid cloud viable is a question of integration. In this case, seamlessly transitioning between the two cloud models is the primary challenge. However, existing IT systems must often operate in conjunction with the cloud.

There’s no “one size fits all” solution for any business, but many cloud providers are starting to take the hint and adapt their services accordingly. Azure Stack is one of the newest hybrid offerings, intended to bridge the gap between public and private cloud services. Services such as these lower the barrier to entry for hybrid cloud adoption and may be what is necessary for this model to truly become mainstream.

The advantage of the hybrid cloud is flexibility. With private clouds hosting core applications and sensitive functions, companies can then use scalable public clouds as widely as their needs allow. This is the most efficient solution once implemented, but there’s a high level of logistics necessary to make it work. The data centers that provide the infrastructure necessary for the hybrid cloud will need to be customized in order to function properly. Specialized personnel will need to be on-site to test and reassess the service, and cybersecurity is, as always, paramount.

Service is another issue that needs to be addressed when working with a hybrid cloud. With the massive volume of data that needs to be transitioned between the two clouds, a quick response time from providers and high connectivity are necessary for success. Latency problems continue to be one of the largest issues when it comes to hybrid cloud adoption. Going forward, businesses will need to decide whether they can host this infrastructure on-site or outsource to IaaS organizations. It’s an expensive proposition, and one that many companies lack the funds to handle.

Networking between facilities is another challenge that Microsoft has tackled in the interest of improving their services. ExpressRoute is an interlink touted as a low-latency connection, though it is not available to all facilities. And, as a trunk connection, ExpressRoute does experience some latency issues with the last bit of distance that data must travel. Still, it’s the start of a future of trans-facility marketing. In the near future, as more of these connections become available, the hybrid cloud will become more of a practical option. Multiple connections to each facility and more robust data centers are the key to better hybrid offerings.

The idea of a hybrid cloud continues to become more popular as the need for scalability becomes more pronounced for IT departments. Companies such as Microsoft are now scrambling to meet these new needs, but delivering the necessary level of connectivity has proved difficult. Still, it is not impossible to strive for trans-facility networks that allow for better data delivery and provide organizations with the infrastructure that they need.

Dispelling Common Myths About Cloud Computing

Posted on by

Cloud computing has truly grown into its skin in terms of its impact on the modern technological landscape. Most major industries now implement and rely on some form of cloud-based storage to improve their efficiency and niche-specific innovation. Still, even with the cloud’s growing maturity and agility, it still remains at the center of several myths stemming mainly from its security, financial constraints, and overall usability.

Here are logical responses to several cloud-based myths.

“The cloud is the end-all/be-all of success”

While cloud computing holds immense potential in terms of “speed-to-market” deliverables, it is not necessarily the only means of finding success in an increasingly data-driven business world. The best rule of thumb is to conduct an analysis of your company’s specific needs, goals, and weaknesses and determine if cloud-based software will stand as an asset to achieving and mending these matters. The reality is that there are several major breakthroughs going on in the business technology sector (virtualization, autonomy), and these innovations may simply serve your company in a more constructive manner.

In short, the cloud is great, but “cloud washing” is not.

“The cloud is unsafe”

A common concern surrounding the cloud stems from its security, and this notion is reasonable given the amount of precious data held within cloud communities. However, much of this skepticism is unfounded, as there have been very few public cloud security breaches since the concept took off as a technological norm.

The cloud is obviously not impenetrable, but its security is much stronger and more consistent than many commentators would lead you to believe.

“The cloud is typically not reflective of a company-wide decision”

Cloud computing is often given the false label of a “CEO-said-so” implementation — in other words it is perceived to be a change imposed on an entire company, regardless of majority interest. In reality, most companies make the switch to the cloud after a long planning and goal mapping process in which employees and executives alike weigh the pros and cons of such a move.

The cloud is almost never the result of a knee-jerk decision — its vast array of uses makes it almost impossible to be handled in such a way.

“Data shared in the cloud cannot be taken back”

Another reasonable, but mostly incorrect cloud-based fear comes from the stakes surrounding data storage. In many of these cases, the skeptic is under the impression that data stored in the cloud is essentially irrevocable. In the past, these beliefs were legitimate, but subsequent advances in data-based technology have given way to easier methods of data migration — both to and from the cloud.

Initial cloud-based data storage can be daunting, but rest assured that your data is far from “locked in.”