Tag

data security Archives - Page 2 of 2 - thinkCSC

Nov 10
0

Protect Your Investment in Your Business: Invest in IT Security

By | Data Security

lock up your dataWhen you close your business for the night, you power down the equipment, turn off the lights,  and lock the doors as you leave. You don’t assume that no one will consider entering through the back door to steal merchandise or damage assets. You make sure that no one can get into the building; you may even have an alarm system and physical security in place to protect your organization.

So why, then, do organizations leave their IT networks vulnerable to attack when they are taking steps to protect valuable data?  Why do they leave their virtual back doors open to hackers? Unfortunately, many businesses do exactly that: They take some steps to protect their IT networks while ignoring other risks completely.

Here are some things to consider when it comes to IT security and protecting your business.

Don’t Just Lock Your Doors – Lock Up Your Data

Your data is the backbone of your business. Whether you’re storing client files or proprietary information about your operations, you need to keep your data safe. How? Take these 8 steps now:

  1. Develop and strengthen policies regarding who has access to your data. Use strong passwords, limit who is allowed access to certain data, and address employee departures immediately by revoking access.
  2. Require every employee to use strong passwords, and require those passwords to be changed regularly.
  3. Employ layers of security, beginning with firewalls and virus protection, but also include threat detection, malware filters, and remote wipe capability.
  4. Back up data early, often, systematically, and offsite.
  5. Develop strict mobile security policies, and engage mobile protection that works whether you are securing your device or those of your employees.
  6. Provide ongoing training to employees to help prevent the biggest risk – human error. Download our email security guide to help you get started.
  7. Use enterprise-level data sharing solutions, such as SyncedTool, rather than Dropbox.
  8. Use sender policy framework and hosted email to limit the risk of phishing and spoofing.

IT Security: Backup Data Early, Often, Systematically, and Offsite

Yes, this is redundant. But redundancy is often good and data backup is that important. If you have your data backed up offsite and you do it regularly, you’ll always have access to the information you need to operate your business – even if you inadvertently do leave the back door unlocked and someone breaks in and steals everything. Or your building burns down. Or an employee clicks on a link and installs ransomware across your network.

You wouldn’t leave the cash register open or the back door unlocked at your physical location, and you always do what you can to mitigate risk, by insuring your business against loss, adding security, locking doors, and more. Doing the same for your digital assets only makes sense. Your IT security investment is insurance against loss, protecting your business and ensuring that it remains profitable.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to your advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Oct 18
0

Security Concerns Will Drive IT Security Spending Over $100 Billion by 2020

By | BDR, Business, Data Security, Email Security, Managed IT Services

IT security spending is on the rise. For many years, organizations have argued that security budgets are already stretched to the max and that there is no more room for increased security. With costly security breaches impacting governments, social media platforms, the IRS, and more small and mid-size businesses than we can count, the investment in security suddenly seems like the least expensive option.

IT Security vs. Security Breach

Whether you increase your spending on IT security or simply find a better way to spend your budget, one thing is certain: what you spend on IT security is a predictable, planned cost that doesn’t send your shareholders into a panic, doesn’t make your customers question their loyalty, and doesn’t put you out of business. A security breach, on the other hand, can result in fines, lawsuits, costly recovery, and a loss of customers.

If your organization has decided to increase IT security, how do you make sure you’re getting the most out of your investment? We recommend focusing on these areas:

Email Security

Email is still one of the most popular ways for hackers to penetrate your security, because all it takes is one email on one employee’s system compelling them to open an attachment or click on a link to create a breach that will affect your entire IT infrastructure. People will always be the weakest link in security. Sender policy framework protocols, hosted email exchange services, and ongoing employee training are all essential. Download our email security guide to help your employees think before they click.

Endpoint Security

Every device that touches your network needs to be secure, whether it’s an employee-owned cell phone, vendor equipment, or a field tech’s laptop. It is crucial to identify every remote device that might potentially connect to your network; have a way to both detect that connection, protect that connection, and eliminate the connection if needed. Endpoint security is the solution.

Threat Detection

Enterprise threat detection uses predictive analytics on a powerful and global scale to recognize and block threats before they happen. Rather than relying on end users to determine the safety of a file or a site, it uses intelligence to stop threats by preventing malware-infected devices from connecting and by blocking phishing sites.

Backup and Data Recovery

Unless you want to be permanently locked out of your data or forced to pay a ransom to restore access, having an offsite backup and recovery service is essential. The email security, endpoint security, and threat detection efforts you implement will prevent many of the ransomware attempts from getting through, but all it takes is one employee clicking on one link in one email that sneaks through to create havoc.

IT Security Investing Keeps Your Organization Safe

Effective network security that keeps your IT environment efficient and stable is about applying layers. The initial layer is a solid backup and recovery solution, protected by an antivirus solution, and then guarded by a firewall. Enterprise threat detection, email security, and endpoint security are the shields that head off attacks on your business before they happen. It’s more than peace of mind: It’s good business sense.

At thinkCSC, we believe that in order to achieve maximum success, regardless of the size or type of organization, you must make IT an integral part of your overall business strategy and partner with IT professionals who not only understand how to leverage technology to your advantage but who are also committed to understanding your business goals and aligning your IT strategy to them. We pride ourselves on having the best business-savvy technical experts in the industry. If you would like to learn how to create an IT security strategy aligned with your organizational goalscontact thinkCSC for more information.

Aug 14
0

5 Reasons You Need Something More Secure than Dropbox

By | Data Security

 

Dropbox has over 300 million users, and while the company has made serious efforts to increase the level of security and make their service more corporate friendly, the fact remains that security continues to be an issue. There are options more secure than Dropbox.

If your business is considering adopting Dropbox for offsite file sharing and storage, thoroughly assess these risks first:

  1. Dropbox puts your sensitive information at risk. When sharing files or a folder through Dropbox, the link generated is a public URL that anyone can use. Even if you share the link privately, that person might forward it, may have little or no security on their email, or may simply be unaware of the risk. The link generated is not encrypted or protected in any way.
  1. Dropbox offers no retention of historical data. After 30 days, deleted files, any revision history, and other oft-needed data is deleted from Dropbox. For many businesses, especially ones that must follow specific rules for financial reporting, this lack of retention can put the business at risk of being out of compliance.
  1. Dropbox lacks encryption strength. Dropbox drops the ball on security when it comes to encryption, which is one of the most essential safeguards against hacking and security breaches. Dropbox does not provide a method for users to encrypt their own data.
  1. Dropbox deduplication technology is invasive. In an effort to reduce storage costs, Dropbox employs deduplication technology that recognizes if you’re uploading something someone else already uploaded, but the technology puts your operation at risk. Deduplication saves Dropbox money and you time, but the cost is too high.
  1. Dropbox may not be there if you need them. Dropbox does not offer live support, and the company has a history of security breaches, including one in 2012 that exposed Dropbox employee accounts and gave hackers access to customer email addresses, and another in 2014 in which a Dropbox outage caused errors in syncing.

At thinkCSC, we help businesses ensure they have the highest protection against security risks inside and outside of the company. One of the easiest ways to improve your security is to switch from consumer-grade storage services to enterprise-grade solutions. That’s why we’ve partnered with Anchor to provide SyncedTool.

One of the primary benefits of SyncedTool is that if you do have a functionality issue, you can call thinkCSC. A stranger isn’t hosting your data anymore, a neighbor is. Other offsite data hosting services may be free, but in the end, you get what you pay for. SyncedTool is an investment worth considering, empowering your teams to better collaborate without sacrificing security and compliance. When choosing between Dropbox and SyncedTool, there is only one choice.

Apr 08
0

Phishing Takes Advantage of Your Weakest Security Link

By | Data Security

phishing2Phishing is one of the most insidious data security threats to an individual and a business, taking advantage of your weakest security link: people. Phishing is the attempt to obtain personal and business security information by pretending to be a legitimate email communication from a trusted source.

Here’s a recent example of just such a communication that came in to our lead network engineer, Henry:

From: Apple Global Service Exchange <gsx_reply@apple.com>
Date: March 16, 2015 at 6:15:16 PM EDT
To: Undisclosed recipients:;
Subject: Your GSX account need update.

phishing

On the surface, the email looks legitimate and might immediately cause alarm to the recipient. But were you to click on “check your account,” the link would not take you to Apple; instead, it would take you to laflores.net, a website that looks like an exact replica of the Apple sign-in page. Had Henry fallen for the email and entered his information, laflores.net would have his Apple ID, access to whatever account information he had stored there, and possibly enough information to do real harm.

This is an example of a classic phishing attempt. From fake GSX requests to warnings from your bank that your account has been compromised, thereby encouraging you to log in and change your password, every individual who is duped into responding to one of these messages is putting personal and company information at harm.

How Can Your Business Protect Itself from Phishing?

The most important step you can take to protect yourself from phishing, or any cyber-attack, is to have the best network security and enterprise threat detection available. But as you can see from the email that Henry received, phishing emails are still going to reach your employees, so the other effort business leaders must make to protect themselves is to train employees to recognize and reject these emails.

Anti-Phishing Guide

Cybercriminals are insidious and will prey on fear. While emails are most common, pop-up messages warning you that something is wrong will also be used to create enough fear to get someone to click on the links. Some cybercriminals will even phone you to perpetrate the scam.

Teach your employees to watch for these indications of email phishing:

  • The email may not address you personally or refer to your specific user name.
  • The link will look legitimate on the surface but the url will go somewhere other than the company marketed. Hover over the link (without clicking) to see the actual URL. The link may even be very similar to the actual company URL, so be cautious. Rather than click the link, open a new browser and manually type in the actual link of the website in question if you need to check your account status.
  • Many phishing emails will contain syntax or grammar errors. They may have spelling mistakes. If you look closely at the sample above, you’ll see the grammar is off and there are punctuation errors. A professional organization would not send something like this.
  • The email may have a threatening overtone, making it seem that urgent action is required to protect your account.
  • Cybercriminals may even call, pretending to represent the company in question, then ask you for personal information in order to access your account. Most legitimate companies will not make outgoing calls to solicit this information. Hang up and call back to the company’s legitimate support number to verify.

Humans are easy targets because our emotions can be manipulated. A level of skepticism is required in order to keep your personal and business security intact. When in doubt:

  • Don’t click a link
  • Don’t open a file
  • Don’t provide personal information
  • Don’t download anything from unknown sources

Feel free to use this guide with your employees. If you are concerned about your business network security, contact thinkCSC to learn more. 

Jul 17
0

Secure Mobility Is the Key to Productivity

By | Cloud Services | No Comments

file0001376718168There is nothing like a sunny summer day to remind you of why you enjoy the flexibility of being able to manage your business away from the office.

Today’s technologies make it easier to work anywhere, but if you operate a corporate or government entity, it’s not enough to just consider convenience; you have to consider security too.

Having secure, adaptable tools that allow you and your team to work from anywhere can improve productivity, help you attract new talent and ensure that the work of your business is complete, even when the pleasant weather is luring you away from your desk. thinkCSC offers a variety of tools designed to increase your freedom without sacrificing security.

Cloud Services: Anywhere Can Be Your Office

Put mobility in the hands of your team without risking your data. From hosted email that you can access from anywhere and any device to mobile device management that ensures a successful BYOD program, thinkCSC cloud services provide your organization with the necessary protection to let you offer flexible work programs with peace of mind.

VoIP FollowMe: Receive Phone Calls Wherever You Are, Provide Better Service

VoIP is more than just a phone system. thinkCSC’s hosted VoIP is a complete customer service system as well:

  • Assign dial-in codes that put clients in touch with your on-call team.
  • Set up calls so that voicemail is delivered anywhere that is convenient, from your cell phone to your laptop.
  • Maintain consistency across multiple locations, by having a single number with assigned extensions that reach your team members wherever they choose to have the calls delivered.
  • Manage calls and voicemails without sacrificing security.

SyncedTool: Collaborate Securely and Access Documents from Any Device

Most organizations recognize the benefits of using collaboration tools, and Enterprise File Synchronization and Sharing (EFSS) is becoming the norm. Even with the newest updates to Dropbox that allow you to share read-only versions of documents, the risk of relying on such a solution is extremely high. thinkCSC’s  EFSS, SyncedTool, offers enterprise-grade security as a foundation to the document-sharing-and-collaboration solution, and it’s all housed on a private cloud that we manage for you.

Lync:

To take mobility to new heights, thinkCSC has introduced Microsoft Lync to its collaboration offerings. Lync incorporates all of your communication tools and enables you to communicate with your staff over a secure connection from wherever you are.

Don’t stare out your office window and let summer pass you by. Escape and enjoy – and let your staff do the same – without losing productivity or sacrificing security. thinkCSC mobility tools give you the solutions you need to be flexible.

Aug 07
0

Lose DropBox: Get in Sync with thinkCSC’s SyncedTool

By | Cloud Services | No Comments

anchorthinkCSC has partnered with Anchor, combining thinkCSC’s powerful hosting and managed services with Anchor’s sync, sharing and collaboration platform to give partners unprecedented collaboration on a secure, locally hosted network. SyncedTool provides a distinctive and secure way for you to do business. Implementing SyncedTool will allow businesses to eliminate the need for VPNs and FTPs, which can represent a significant cost savings.

SyncedTool is a true business solution.

Dropbox vs. SyncedTool: Collaboration

SyncedTool gives employees the ability to collaborate on documents, as files can be opened and revised simultaneously from multiple sites. It is a powerful and secure collaboration tool. Dropbox will recognize only one version of a file; therefore, there are no shared files, and employees working on identical files run the risk of overwriting one another’s versions.

Dropbox vs. SyncedTool: File Access

Many companies have moved their files to the cloud or are giving serious thought to making the transition to a cloud-based collaboration solution. Whereas in the past most companies have relied on local file servers to store and revise documents, this method has proven over time to be inefficient. Yet another drawback presented by local file servers is that, while users can access a file server via a virtual private network (VPN) or using file transfer protocol (FTP), there is no offline access. This prevents mobile access and forces users to email themselves files, which presents both a security risk and a risk that the most current version of the document is not available to the entire team. Furthermore, users provided with access to the file server may also have access to your system. Utilizing local file servers is not only inefficient; it is an insecure way of doing business.

Dropbox vs. SyncedTool: Security

SyncedTool can be scaled to the number of users who are required to work internally. If you have 50 internal employees and only 15 need to work offline, then you only need to have 15 users added to the service. Employees and guest users can be added as needed; however, you maintain control over what documents may be accessed by each user. When employees leave your company, access may be restricted as necessary. With SyncedTool, you can remove employee accounts from the system and remotely wipe file access from computers and handheld devices.

Google Drive and Dropbox provide ways to improve file access and efficiency, but they do not provide network security, nor do they allow users to work on the same file simultaneously. With these solutions, a stranger hosts your data, and everyone uses the same encryption key. There is no way to track employee data usage or document access, and there is no revision history.

Dropbox vs. SyncedTool: Secure Hosting

External hosting also means that your information will be stored on a remote, third-party server, without the benefit of local administration. And should the remote server go down, your documents go with it. There is no integration with your business environment or applications. Ultimately, these external hosting services control your data (deleting revisions and files without your consent) and provide no true means of backing up or restoring your files. These hosting services are consumer solutions, not business solutions.

One of the primary benefits of SyncedTool is that if you do have an issue, you can call thinkCSC. A stranger isn’t hosting your data anymore, a neighbor is. Other offsite data hosting services may be free, but in the end, you get what you pay for. SyncedTool is an investment worth considering to empower your teams for better collaboration without sacrificing security and compliance. When choosing between Dropbox and SyncedTool, there is only one choice.

Jun 09
0

Implement Security Before a Breach

By | Cloud Services | No Comments

security breachE-mail is a cornerstone of business communications, and obtaining your customer’s email address is a privilege that allows you to personalize your marketing efforts and learn details about your target market and gain insight that might otherwise be difficult to obtain. How do you assure your customers that their email address (and all the other information they share with you) is secure?

Right now, Sony is busy doing damage control over the security breach that occurred on the PlayStation 3 that let user information, including credit card numbers, escape their grasp. Last month, many financial institutions and retail stores were scrambling to reassure customers and apologize for a breach that occurred when their email company, Epsilon, was compromised and hundreds of thousands of names and email addresses were stolen. While only names and email addresses were accessed and not credit card information, there was a lot of placating to do to reassure uneasy customers. The month before that, Play.com admitted that their email provider had experienced months of irregular activity before revealing that their customers email addresses had been accessed and compromised.

As a business, ensuring the security of your internal email as well as the information you maintain about your customers has to be a primary concern – something you think about doing before there’s a risk for a breach. The question is, can you really create an environment that provides you with the security you need to offer the reassurance your customers and your investors want? It’s a matter of choosing the right hosted e-mail service that provides you the best possible security.

Here at thinkCSC, we have biometric security in place that ensures that only certain people can access the data center and firewalls. We run regular backups, but our backups are completely encrypted, so even the information stored on our back up server is safe from harm. Even if someone were to break in and physically steal our servers, the thieves would not have access to anything because all of the information on it is encrypted. We’ve literally locked out the hackers from the get-go.

We can actually run a piece of software from your location that encrypts your data before it is sent over the internet. When it gets to our site, even we can’t access it unless we have that encryption password. Most of the time, we are taking care of your whole network environment, so we will be the ones managing that password, and we have layers of security protocols in place that keep you protected. But we can also provide you with complete control, and can set it up so you’re the only who has the password.

The choice is simple: you’re either aggressively protecting your customer’s information by having the best email security available, or you’re preparing a letter to your customers to apologize to them after their information was stolen.