Four Important Ways to Improve Data Security

Security isn’t convenient by nature—and, if it seems convenient and easy, the truth is that it really may not be secure. Your data is valuable; you need that data to perform your job which makes it valuable to those who can prevent you from accessing it. Knowing it can be held hostage, is a lot of pressure for you as a business owner and keeping on top of a complicated discipline such as security is a full-time job. You have enough on your plate.

So how can you keep one step ahead of hackers without making cyber security your new career? To avoid the cost and limitations of hiring in-house, you might try a managed IT provider—an expert firm with comprehensive skills and experiences to draw on to give you top-of-the-line security without the burden on you and your company.

As a managed IT provider, Prime offers clients the benefit of many years of experience and knowledge from its data security team (not to mention others on our team who are experts in related areas). For this article, we’ve asked them to share some of their best advice over the most important steps you can take to make your organization less vulnerable to an attack.

1. Cyber Security Training

It doesn’t matter how tightly you have your data locked up if someone gives the keys away. Your security relies on every single employee being savvy about potential traps and scams. A managed services provider can train your team to be ready for potentially damaging attacks.

Many of these scams come through email, for example. The sender may pretend to be a trusted company or member of your organization, or they might claim to have compromising information about an employee (whether they truly do or not) and then use it as leverage to get what they want. Training employees to recognize these kinds of emails and when it isn’t appropriate to share information through email (even with someone they think they can trust) is essential.

After training is complete, you can send emails simulating these scams to members of your organization to test them. This will help you know for sure who is adequately prepared and who might need a little more education. Knowing these emails are being sent to catch them off guard helps keep people on their toes, so they won’t fall for a genuine scam.

2. Keep Everything Up to Date

Data 2-01

Security—especially cybersecurity—is an ever-shifting target. Attackers are always finding new loopholes, backdoors, and other ways of getting what they want. Fortunately, security experts are working equally as hard to close those vulnerabilities before they’re used for nefarious purposes. Keeping your software and equipment up to date will make you a much more difficult target for attackers, and a managed services company can keep you on that cutting edge.

The number one step your team can take to provide a secure system is shutting computers down at the end of every day and restarting them in the morning. While it may seem meaningless or time-consuming, completing these updates are doing more than just making things run better. They’re patching critical security vulnerabilities as they are discovered and preventing hackers from finding a way in. Shutting down and allowing updates to run is a fast, fundamental way to close security holes.

A managed services provider has experts on hand who continually track your security, and they can help you avoid pitfalls before you experience them. MSP engineers also can keep your security tools up to date, and they have the knowledge and experience to know what will help the most. Best of all, engineers can remotely schedule regular updates during a convenient time that when work computers aren’t in use.

Some companies work with individual software providers who keep their products safe, but it’s much safer to have neutral, dedicated security experts with your best interests at heart look at your entire system through a routine of repeated security checks.

3. Password Security

Nowhere is the push and pull between security and convenience more visible than password security. The most secure passwords are long and complicated—and, as a result, difficult to remember. It’s also much safer to have different passwords for every piece of hardware and software you use. Using the same password repeatedly is like using the same key for your house, office, car, and everything else. If someone manages to get access to that key, they have access to everything you wanted to keep safe.

A password manager software provides the security of long, complex passwords without anyone having to memorize long strings of characters just to use programs needed every day. This tool allows you to regularly change passwords without having to memorize new ones, which streamlines access for your team. You can add yet another layer of security through multifactor authentication, which requires further proof of a user’s identity and authorization before allowing access. Busy people are often resistant to using password managers, thinking it takes away valuable time. But those extra steps are also extra hurdles for potential hackers, so it’s a critical part of keeping systems safe.

Thankfully, password management doesn’t need to be an ordeal. A managed services provider can close the gap between convenience and highly secure passwords. For example, technicians can reduce the number of prompts needed for multifactor authentication and streamline the process, so your employees quickly get to the tools they need without sacrificing security.

4. Physical Security

Data 4-01

Of course, not all attempts to deprive you of your property are digital. Keeping facilities physically secure is also important for the safety of both real-world assets and data.

A card access system or other means of access control keeps you in command of who is in your building and when. Intercom systems confirm a person’s identity if they show up unexpectedly, and security cameras and intrusion detection tools can help stop a potential bad actor before he or she has a chance to cause harm. Training is also important for physical security. For example, people are inherently helpful and may want to hold a door open for someone behind them, but this is a common way for thieves to enter a building. Physical security training helps your people build good habits to keep everything secure.

Selecting, installing, and operating physical security equipment can be an especially daunting and time-consuming task, but working with a managed services provider alleviates much of that burden. These experts know which equipment has proven to work and which equipment doesn’t work as well. (Hint: The most heavily advertised systems may not be the most secure or easiest to use!) Your managed services technicians should have the knowledge and experience to easily install physical security equipment in your building—and they’ll probably be able to do it much more rapidly than your own team could. Physical security experts also provide critical basic services, such as reviewing security footage in the event of an incident and running regular equipment checks, so you know everything is working properly.

Managed Services Takes a Weight Off Your Shoulders

Of course, most people generally know the value of keeping data and assets secure. You probably know you could be doing more to improve security at your own organization. But the question for many organizations is, “Can we actually take the time to do all this, and do it well?”

The tools and steps listed above can get you started, but many organizations don’t have the time, knowledge, experience, or budget to hire a skilled team and plan a comprehensive strategy with no holes. (It only takes one crack in the door to let a bad actor in…)

A managed services provider solves all of these problems in one fell swoop. Through a managed services contract, your team of technicians lends you the full depth of their knowledge and breadth of their experience to both give you peace of mind and allow you more time to do the things you are an expert in—all at a fraction of the cost of forming your own dedicated security department.

If you’d like to know more about managed services, some of the tools we provide, and more tips to help you gain time and peace of mind, visit Prime Managed or call 402-289-4126.


Understanding Your Business Data: 4 Questions You Should Ask

The world is swimming in data! Even the smallest companies, after many years of networking and cloud use, can be harboring millions of megabytes of information — records, backups, past projects, website metrics and network use. It’s hard to get our heads around it.  Our use of data has become so sophisticated that universities now offer degrees in data management.

The analysis and use of data to make business-driven decisions is often referred to as “business intelligence.” This discipline includes initiatives such as reporting, analytics, user dashboards, event processing and data mining, as well as business performance management through disciplines such as benchmarking and data set comparison. If you own or manage a small or medium-size business, keeping all that data safe and applying proper business intelligence practices to it can be a serious challenge.

But, if you do figure out how to manage it well, there are gems of information and wisdom in your data that can help ensure your business thrives and stays as competitive as possible and improve efficiencies. 

The question is — how do you get to all that data? How do you keep it safe? And how do you determine how to best use it? A managed services provider (MSP) can help you establish a thorough business intelligence plan and provide management of it for you as an extension of your staff. Many small and medium sized businesses have some difficulty calculating ROI for this service—it seems cheaper to do it yourself. Some already have a provider and believe their data is being managed expertly, but the systems and processes the provider is using are outdated or incomplete. It comes down to this: Understanding the questions you should be asking about your data. This article outlines the top 4 questions you need to ask your Managed IT Provider. 

The 4 questions you need to ask:

1. Where is our data?

Data graphic 1-01

Most enterprises still aren’t aware of all the individual devices that contain data belonging to the business. It can be difficult to gain a clear grasp on how data moves from your on-site network to personal cell phones and computers, laptops taken out of the building, vendor networks and cloud folders. Prime Communications’ VP of Information Technology, Dave McCollough, explained, “If you don’t know where your data is or whether it is going ‘out in the wild,’ it could leave your sensitive information exposed to bad actors, and if it gets into the wrong hands, it could be costly.”

On the positive side, understanding where your data is and how to use it to your best advantage can give your organization a competitive edge. What data about your customers do you have sitting in the depths of your system that could be used to make your next marketing campaign more successful? How can you access the metrics for your business’ profitability to client loyalty?

Many small and medium-size businesses don’t have the expertise — or the time — to thoroughly catalog all their data and understand links to all devices. “It’s not cost-effective for a CEO to spend days managing data folders, even if they do have the knowledge,” McCollough said. “But the truth is, most CEOs and others who are given authority over data in small and medium-size businesses don’t really have the expertise to manage it well.” He explained that hiring a knowledgeable expert in-house can be too expensive for many smaller businesses—and those that do must then depend only on the skillset and experience of that one person.

Ask your MSP to write a clear data map showing all devices, all potential links, and how data moves through all of it. In addition, they should provide you with a plan for ongoing monitoring and management of all devices and depositories that could potentially be linked to your system.

2. Who can access our data?

It’s one thing to know where your data resides and quite another to understand exactly how hackers can get to it — or, when your team needs the data, how they might find it difficult to get. Successfully managing business intelligence requires both (1) protecting data from bad actors and (2) making it easy for you and your team to get to it and make decisions based on what’s in all your data depositories.

First, from a security standpoint, users are the weakest link in the chain, but technology offers many ways to control access. Multifactor authentication, for example, has become extremely important. Many business owners don’t realize how common it is for passwords that have been set by individuals to end up on the dark web, where they can be used by hackers. Justin Ekstein, Prime Communications’ Solution Engineer, explains: “With multifactor authentication, even if a password is leaked, the perpetrator won’t have your cellphone, which makes it much more difficult to get to your data.” 

Second, when it’s time for your team to access data, do they know how to get there? Creating a logical and easy-to-navigate data hierarchy, perhaps through a well-thought-out user dashboard, makes it easier for everyone in-house to get to the data they need and ensures nothing useful sits unused for years. Your data repositories should be periodically updated and cleaned out.

Ask your managed services provider to review and update your data hierarchy. Once your data is set up where it can be easily and safely accessed by your team, your MSP should be willing and able to provide thorough training, including security simulations.

3. How can we ensure our data is secure?

This is a topic unto itself, and we will address it more fully in an additional article about security and managed services providers. For now, think generally about how your data is secured. At the very least, you probably know you should have an antivirus system in place. However, according to Ekstein, many small and medium businesses are not aware that traditional antivirus programs often are useless now because they are outdated — or the hardware they are used on is outdated.

This is even more important at this time in history because of the proliferation of remote workers. Proper security of business data requires establishing regular best-of-class patching services and regularly updating software. You need to know how remote workers are connecting and how they are using the data. “Not knowing amounts to leaving the security of your system up to chance,” Ekstein said. “At the very least, when remote workers connect to your network, they might be bringing in some kind of sludge along with them inadvertently.”

Many companies still have basic antivirus programs that are based on definitions of viruses they’ve seen before and software packages that might be vulnerable. “In the last couple of years, there are so many new threats, and they are all so different,” Ekstein said. “You have to have a solution that has the ability to look at behaviors instead of whether it’s a good software package.” This type of security software is called Endpoint Detection and Response (EDR).

Part of having a well-appointed IT security system is determining whether you have robust backups to completely recover your system after a hack or even a physical disaster. “Just because you have backups, doesn’t mean they’re working,” Ekstein said. “They need to be regularly tested, and keep in mind that not all cloud services are backed up equally or are not easily restorable.” Don’t be fooled by the idea that your data is not important to anyone else and therefore a hacker wouldn’t be able to use it to make any money. If a hacker uses ransomware to lock down information that’s valuable to your organization, you could find yourself in a position where you must pay tens of thousands of dollars to retrieve your entire company history. The loss of customer information, for example, could damage your organization’s reputation.

Ask your MSP to identify specific programs being used to keep your network safe and then explain to you exactly how it all fits together.  To keep your network safe going forward, require your MSP to draft a plan for continual monitoring and disaster recovery. In addition to establishing a chain of command to make decisions about security, you should define actions you trust your MSP to take on your behalf immediately. “A disaster recovery plan needs to be a living document,” McCollough pointed out. “Don’t just write it and let it sit — test it on a regular basis.”

4. What's in it for you?

Data graphic 4-01

Small and medium businesses are known for their impressive resourcefulness and the ability of employees to wear many hats, learn new things and take on challenging roles. In fact, many small and medium business have seemingly achieved the impossible through sheer will! But these days a company’s data is too important to learn on the fly.

It’s easy to believe meticulous monitoring of your network is not that important. After all, you may tell yourself, you’ve been okay up to now, haven’t you? You may not have experienced a negative event yet, but the general consensus is that it is just a matter of time for any organization. You may already have a process in place for making data and business intelligence decisions, but if data is not your specialty you likely have gaps in your system that could cause devastating problems. Also, you have other things to do — how can you keep up with everything you need to know in the fast-moving world of data management and security?

Perhaps you already have an MSP that monitors your system. That’s a great first step, but don’t let it be a “set it and forget it process.” Learn enough about it to ask intelligent questions. Does your provider include training, data mapping and regular proactive reporting as part of its regular services? Is your MSP equipped to help you create a data access plan and easy-to-use hierarchy, so you can use your data to its best advantage? Don’t think of your MSP service as only “security services”—there is much more value to be tapped.

Ask your MSP to document exactly what you are getting from them. They should not only provide software, hardware and monitoring. They should help you strategize, then set everything up and administer it on a continual basis, helping you look at your data clearly and make good decisions. Backups should be checked daily. Security breaches should be continually ferreted out and fixed using the latest hardware and software, including training and testing your team. No useful data should linger unnecessarily in the depths of your network!

Benefits of Working with a Data-Intelligence-Equipped MSP

When was your data last backed up and reorganized? Is your antivirus updated? Many companies don’t address these issues until a disaster turns their attention forcefully to the inner workings of their business intelligence systems. But the exposure of data can cause irreparable harm in a company’s financial stability – and even its reputation if sensitive data such as customer information is lost.

“The best time to examine your data, business intelligence tools and potential exposures is before something bad happens,” McCollough said. “Every company should create a roadmap of its technology for the next three to five years.” If it can’t be done thoroughly in-house, using knowledge of the latest technology both for hacking and fighting against hacking, then you may want to reach out to an agile, professional MSP such as Prime Communications.

Both Ekstein and McCollough are members of a comprehensive new Prime MSP division. They bring decades of experience with them in a wide variety of managed services issues and solutions. Prime customers look to them as Chief Information Officers or Chief Security Officers on call. Working with an outside MSP team can be even better than hiring someone in-house; you get the benefit of a highly experienced team at a reasonable cost, as well as access to the best hardware and software—and the combined metrics of years-worth of multiple customers’ experiences with data and business intelligence.

“All of the services discussed in this article, and more are in our toolbox for Prime Managed clients,” Ekstein said. “We look at your specific situation and tailor a plan to your needs—we don’t just offer what is easiest for us to do.” Other Prime divisions support the MSP division with complementary targeted services in structured cabling and DAS-installations, physical security solutions, and network solutions. When you hire Prime, you get the benefit of a full team of professionals with specialties in many different network, security, and communications disciplines.

For more information about Prime Managed and a free initial meeting to discuss your data and business intelligence needs, call 402-289-4126 or email managed@primecominc.com.


When Ransomware Attacks - Be Prepared to Attack Back

Ransomware can be an unfamiliar term. But after 2020, more people have heard of  it than ever before. Dare we say it’s approaching household-word status due to high-profile incidents last year? Although IT security threats have always been part of online systems, bad actors are getting more creative and destructive, making them more impactful to organizations. These days, it doesn’t take experienced hackers long to shut down your systems and ruin your company’s reputation. But organizations are getting savvy and fighting back—often with the help of a good Managed Services Provider (MSP) at the heart of their defense.

Part of the problem is that remote software used by managed IT services and in-house IT managers has become a common “way in” for those who mean harm and believe you’ll pay to get your data back—even if your company’s data isn’t useful to anyone but you. As a result, it’s more important than ever to choose the right MSP. This article provides the background of these threats—and provides advice to help your organization “attack back”!

Ransomware Attacks are Rising — Traditional Antivirus isn’t Enough Anymore

According to a report from Harvard Business Review, ransomware attacks increased 150% in 2020 as compared to the previous year. And the amount paid to get data and network control back from the attackers has increased 300%!

 

Small to medium-sized companies are often the most vulnerable because they often depend on less-sophisticated or outdated MSPs and programs. Attackers know a loss of data could destroy your small company and you might pay a large ransom to keep it from happening. They may avoid larger companies that are more likely to have strong protections in place, with in-house professionals who keep a close eye on suspicious activity.

 

Prime Communications Inc.’s Solution Engineer, Justin Ekstein, urges every organization to take a fresh look at network security as soon as possible. He said, “At this point in the evolution of hacking and ransomware, there is no doubt what was good five years ago is no longer good. But the good news is you can fight technology with technology!”

In addition, Ekstein said, companies need to get serious about the human side of security. It’s no longer enough to install a firewall and let it run. “Automated programs help with early detection and auto responses, but human eyes should be on your network 24/7 to detect subtle suspicious activity before it becomes serious,” he explained.

IT threats have become more complicated due to the expansion of network technology—nearly every network now includes personal devices, freestanding applications, and automated connections that provide new “ways in.” Below are some of the highlights of the new nature of IT threats, followed by exciting new technologies and strategies you can use to overcome these issues:

Mobile Devices

Mobile devices with connections to your corporate network provide both a physical risk (when phones or tablets are lost or stolen) and a digital risk (through saved passwords and automated connections, among other things).

Old Antivirus Systems

Old antivirus systems focus on the software hackers are installing. They detect what they see as “a bad program” and then remove the program. However, by that time the damage may have already been done. Earlier detection is needed. MSPs that haven’t stayed up to date with their hardware, software and services expose your organization to the dangers of new threats.

Email Security Gaps

Email security gaps are more important than ever to understand and fix, because 90% of viruses and threats come through email daily. Although today’s email users have more experience than they used to and often can easily detect potential threats, it’s still not uncommon to mistake a bad email for a legitimate communication and click a link that suddenly exposes your entire organization.

Outdated Cloud Solutions

Outdated cloud solutions might be running on old systems that aren’t being backed up. It is surprising, Ekstein said, but even reputable MSPs may not be backing up your information. “Your cloud solution’s ability to deliver security depends on the vendor you’re working with. Some MSPs give you Microsoft solutions right out of the box, for example, which puts everything—email, documents, Sharepoint—on one drive. And they may be retaining your information for only 30 days after deletion, because that’s what the standard used to be.”

Old or Nonexistent Recovery Plans

Old or nonexistent disaster recovery plans leave gaps in your organization’s ability to respond, not only to ransomware attacks and other IT threats but to any disaster. Prime knows this first-hand from our own experience with a major flooding event at our headquarters in 2019. We had many systems in place that helped us recover, and we learned new strategies from our direct experience that we are now sharing with customers. Think about how quickly you’ll need your information back after a disaster and how the loss of data will affect your clients. Will your current plan make it possible to recover?

Untrained Personnel

Untrained personnel can make any threat worse, because, when your systems detect a threat, it’s imperative to act soon and do the right things. 

Tools to Outsmart Ransomware Thieves

Awareness of the issues listed above (and others) is the first step to “attacking back” against ransomware and other IT threats. However, you must take the next step to truly build a protective layer around your organization’s data and operations: you must take action. Here are tools you can put in place and actions you can take to attack back:

Layered Security

Layered Security includes a thoughtful, interwoven combination of hardware, software and human oversight of your systems. Ekstein said if any of these three layers is not present, your security strategy will not be effective. If your team doesn’t have the experience to analyze and implement the layers, look for an MSP that is a proven expert in this service.

Endpoint Protection, Detection and Response

Endpoint protection, detection and response are the calling cards of the latest antivirus software. These more powerful programs look at defined behaviors instead of just programs. They identify and analyze typical harmful behavior and distinguish it from harmless everyday actions, so you can detect potential threats earlier. 

Email Security

Email security can be addressed in several ways. Advanced security tools help identify and block new viruses and threats. Training in day-to-day email security is critical to help personnel see what threats look like. “You need to educate your staff at all levels and make their knowledge a part of your ‘security stack’,” said Ekstein.

24/7 In-Person Monitoring

24/7 in-person monitoring should be combined with AI to survey logs and check to see if any activity looks odd or cannot be ignored. Trained experts can make people in your organization aware of potential threats and help mitigate them before they become unmanageable. “AI saves a lot of time,” said Ekstein, “but it also makes decisions based only on data. You need human intervention to make smart decisions.” That may change someday when the technology is not so new, he points out, but we will still need humans to teach AI and show it what is good or bad.

Cloud Solution Agreement

Having a cloud solution agreement with terms and conditions will tell you exactly what you’re getting and what you’re paying for when it comes to backup. If you already have a solution, Ekstein said, check the fine print. If backup and essential services are not accounted for, consider changing vendors and solutions.

Preparedness

Preparedness is the name of the game when it comes to disaster recovery. Take time to write a custom disaster recovery plan and train personnel to respond to disasters appropriately. Ask us about Prime Communications’ safety training partner, Safe Passage Consulting.

Cyber Insurance

Cyber insurance improves your preparedness. Be sure you understand what your policy includes and how benefits will be delivered. It’s not a matter of if you’ll need it these days — it’s a matter of when something is going to happen to compromise your data. Insurance helps you overcome the fallout of your next digital disaster.

MSP Vetting and Selection

MSP vetting and selection is critical to any IT security plan. In fact, your provider can be the glue that holds your entire plan together. Choose a provider that is adaptable and flexible — knowledgeable in a wide variety of security concerns and capable of building a plan and providing tools that meet your unique needs. Don’t tie yourself down with a long-term contract, and make sure your vendor has the financial knowledge and experience to explain the difference between operational expense and capital expense. Your managed services and security expenses should be predictable, without unknown add-ons and surprises.

Meeting the Ransomware Threat Head-On

In today’s ransomware-persistent environment, it’s a requirement to be proactive. That means making sure you have all the tools in place to detect and respond to threats. If you aren’t sure how to bring the pieces together, lean on your MSP. The best providers supply you with a virtual chief information officer (vCIO) who can help you plan technology, think it through, identify what will most benefit your business, and give you a dedicated contact to consult regularly for guidance as a standard part of your plan.

 

Prime Communications Inc. is a corporate newcomer in this market and is excited to introduce the experts we have brought on board to help us provide the perfect MSP plan for our customers. MSP Director, Brandon Nyffeler, oversees all MSP operations and is joined by Ekstein, who provides expertise in network solution and safety.

 

With the experience and skill of these two new MSP principals, plus Prime’s proven technical expertise, services and personnel in digital security, integration and network management, we are excited to offer a depth of MSP service that’s hard to beat. 

“The good thing about the experience we bring to Prime,” Ekstein explained, “is that we’ve seen both the good and the bad over the course of our careers. We have come to Prime to put that knowledge into action for Prime customers, where we know we can do it better than anyone else.”

For more information about this exciting new offering from Prime Managed, call our office at 402-289-4126, or email managed@primecominc.com. Get ready to attack back!


Securing Security: The Top Vulnerabilities and How to Solve Them

If you work for a large organization where it’s assumed that the business security solutions have been investigated and researched carefully or a small company with limited resources, as a security professional it’s unsettling to read headlines like, Equifax Data Breach Settlement: What You Should Know. Whether you had the foresight and funding to protect yourself from potential threats at the start or had to quickly respond to a specific incident when it arose, you’ve studied and purchased cameras, card access, electronic locks and cybersecurity software to establish a secure environment. But have you researched deeply enough to discover unexpected vulnerabilities that could allow your security solutions to be compromised? You should be actively, continually examining your system to protect it.


6 Vulnerabilities Even Your Firewall May Be Missing – and a Free Solution

Firewalls have become a standard tool for stopping malicious network activity. We have become increasingly complacent with our firewalls to the extent that we often fail to see what they might be missing. As technology – and malicious activities – advance, it’s natural for older firewall technology to fall short in their ability to uncover the latest vulnerabilities. For that reason, it’s critical to reevaluate firewall activity periodically and ensure the equipment in place is keeping up with current threats.

Unfortunately, not all firewalls are created equal, and their size and capabilities tend to be misunderstood. Even the most vigilant IT departments can miss things if the firewall is not quite right. This article will flag several gaps in protection you may not know you have and spotlight a method of getting your wall of protection as tight as possible.