No doubt you are aware of the importance of having your data backed up so that if something happens to your network or systems you can quickly restore that data and continue operations. There are, however, some common yet serious mistakes that companies make with regard to their backup and recovery process. Is your company guilty of any of these?

Are You Backing Up the Right Information?

As you know, there is more to backing up your data than making sure that your customer list is saved on an external hard drive somewhere in the office. However, you still need to ensure that you are backing up the correct items, and that can include applications and system settings as well as raw data. IT professionals often recommend having a system-state backup that will restore everything you need to get your company back up and running in the event of problems. Think about what kind of data and software your employees need access to continue operations with as little interruption as possible, and make sure that you back will make that accessible to them.

Have You Tested Your Backups?

Imagine, if you will, that something has occurred that forces you to resort to recovering your latest backup. Perhaps it was a natural disaster that damaged your offices, or malware that brought down your system. Its time for you to finally use that backup … and it does not work. The data is corrupted or incomplete, or perhaps the hardware you have been using to store the data does not work. By this time, it is too late to make changes to your backup methodology or select a more reliable means of storing your backup data. This is why testing is so very important; in fact, an untested backup is not really a backup at all. Before a disaster happens, make sure that backup software is storing the information that you want and that it is storing it correctly without errors and verify that the restore process works without errors or problems.

Are You Relying Too Heavily on Traditional Methods and Hardware?

One common mistake that too many businesses make is relying too much on outdated backup methods (think tape backups and the like). There have been massive improvements in the field of backup that have provided much faster, more reliable, and more secure methods to keep your data not only backed up but far easier to restore. For example, many companies, on the advice of IT experts, are turning to remote cloud storage for this purpose.  This can simplify both the storage and recovery process for your company, allowing operations to be restored much more quickly.

Did You Fail to Have a Backup of Your Backup?

When it comes to backup and recovery, it is always good to have a plan B. If your backup is on-site, make sure to have one off-site in case your site is damaged by something such as a fire or a flood. If your backup is on physical media, then you should also have an extra copy in the cloud in case something goes wrong with the hardware. Some (wise) companies use a 3-2-1 system for their backup: 3 copies of the data located in 2 different locations with at least 1 copy of the backup kept offsite. This is an excellent insurance policy against unexpected complications with your backup system. 

Conclusion

A robust backup and recovery system will have the right information (both in terms of the data itself and the type of information) backed up and will have been thoroughly tested on a regular basis.  It will not rely to heavily on antiquated technology and methods and will include redundancy so that if one backup fails there is another one to look to. If you make sure your company is not making these kinds of mistakes, you will be well along the path to having a reliable backup methodology.

Maryland IT Solutions

If you want a reliable backup and recovery system that avoids the common mistakes just discussed and includes powerful encryption to keep your data safe and compliant, contact Maryland IT Solutions today. We will work with you to develop a backup and recovery process that meets the needs of your company.

When it comes to network design, there are four critical considerations that you need to take into account if you want a network that is reliable, secure, and runs smoothly.These include embedded security measures, standardization of software and hardware, network resiliency, and redundancy. While this is by no means an exhaustive list, it does point out some oft-neglected aspects of computer network design.

What is Network Design?

Network design is the planning, design, and implementation of a network infrastructure that will meet the data transfer requirements of a company. Those data transfer requirements include the transfer of data within the network itself as well as outside the network (e.g., via the internet). Hardware involved includes the servers, desktops, laptops and printers, as well as the switches and routers that allow them to connect together.

Embedded (Built-in) Security Measures

One of the major considerations that is often overlooked during network design is not so much security but embedding security in the design of the network itself. Security should never be an afterthought, or just a tool or software package you add to the network once you are finished designing it.

A good example of built-in security measures would include segmenting your network so that customer areas are separate from employee areas so that an exploited weakness in one area could quickly be quarantined from the rest of the network with minimal disruption until it has been dealt with.

Standardization of Software and Hardware

One of the smartest things to consider if you want a smooth running network is standardization of both the hardware and software. If most of your employees use the same type of laptop or tablet, same type of printer, and same software packages, you will be amazed at how much you can reduce potential problems and the workload involved in maintaining the network (e.g., applying patches, installing updates, addressing issues, etc.). This is also true for the components that make up the network itself: servers, routers, switches, and other hardware should, as much as possible, be standardized.

Network Resiliency

A resilient network is one that can maintain an acceptable level of surface even when major problems arise that threaten normal operations. Problems faced could include targeted attacks, natural disasters, or simple misconfigurations. If you want to have a resilient network, then that must be considered during the design phase. There should be more than one way for data be transferred both inside and outside the network. Your IT department should always have the option of routing around problem areas when it comes to data traffic. Network resiliency must be one of the major considerations during network design.

Redundancy

Redundancy is similar to network resiliency but a bit more specific. For example, redundant services and components should be in place for any part of your network that should not be down for more than an hour. No matter how small you company is, your network should include two identical servers: one online, and the other with a fail-safe switch so that if the first goes down it automatically comes online. 

Another aspect of redundancy is making sure that you data and systems are backed up. Too many people think of backup systems as a simple add-on once your network is in place, but a smart business owner will include make backup a major consideration during the design phase of the network.

Conclusion

You want a robust network that is secure and performs well, even in adverse circumstances. By taking into account redundancy, network resiliency, standardization, and embedded security measures, you are well on your way to that goal.

Let Maryland IT Solutions Design Your Network

At Maryland IT Solutions, we can design your network, whether you are a small mom and pop shop with a few workstations or a large enterprise with more complex security requirements and compliance standards. You can count on us to design a network that addresses all of the considerations discussed here, as well as other industry best practices that will keep it running effectively and keep your data secure.

If you deal with other people’s data and information, then data compliance affects you — whether you are a small business or a massive company. How you store, secure, and protect sensitive data is extremely important and we are going to discuss three key things not to do when it comes to data compliance, but let’s start by discussing what data compliance is.

What Is Data Compliance

If you work with the personal data of others — including data related to finances, health, education, or other personal identifying information — then you have a responsibility to protect that information. 

Compliance involves both the privacy of personal information as well as how it is stored and secured. In some cases, how you protect that data may be regulated by governmental entities (such as health information) or industry regulations (financial data). Even if you don’t answer to anyone outside of your company about how you use your data, there are certain things you should never do when it comes to compliance.

Don’t Pretend it Doesn’t Matter

First, never pretend that compliance does not matter. Even if there may be no outside organization telling what to do with your data, you have a responsibility to your customers to make sure that their information is not accessible to just anyone and that it is stored in such a manner that hackers cannot easily access it (and that includes your backup systems, too). 

If your company falls victim to a hacker and someone’s information is exposed, you will not only lose the trust of your customer base but will open yourself up to lawsuits and other related expenses. If your industry is regulated when it comes to compliance, failure to adhere to proper standards leads to fines and lawsuits. Compliance is not a subject to treat lightly.

Don’t Fail to Stay Up-to-Date With Requirements for Your Industry

You may be subject to compliance requirements and not be aware of it yet. According to INFOSEC, the U.S. Federal Information Security Management Act (FISMA), and Europe’s Directive on Security of Network and Information Systems (the NIS Directive) have developed regulations that contain over-arching directives and guidelines for nearly any company that handles data.  If your company processes credit card data, then the Payment Card Industry Data Security Standard (PCI DSS) establishes compliance rules.

Companies and organizations that work in education are regulated by the Family Educational Rights and Privacy Act (FERPA). If you work with data that involves minors, Children’s Online Privacy Protection Act (COPPA) is important. If your industry is healthcare, then you must comply with the HIPAA Act. For those in the finance area, there is the Gramm-Leach-Bliley Act and Basel II. And for those doing business globally, then General Protection Data Regulation (GPDR) will impact you. And these are just a few examples of compliance regulatory bodies that can affect how you do store data and what you do with it.

Don’t Underestimate the Repercussions

There are major repercussions for those who fail to adhere to compliance. There can be expensive fines and time-consuming audits. As already mentioned, a data breach can lead to even more fines, legal fees, lawsuits, settlements, and other expenses such as credit monitoring or identify theft packages for customers who were impacted. There is also the damage to your reputation, which may be impossible to restore.

Conclusion

Regardless of what type of company you are, data compliance is important and that importance will likely increase as time goes by. Don’t make the mistake of ignoring data compliance, not staying up to date on the regulations that apply to your industry, or underestimating the repercussions. You owe it to the clients and customers you serve to keep their data private and secure.

Maryland IT Solutions

If you would like to ensure that your data policies are in compliance with the regulations that affect your company, then Maryland IT Solutions would like to partner with you. As part of our managed IT services, we will assist you in keeping regulated data safe and private by assisting you in compliance policy development, encrypted backup services, and powerful anti-virus systems.

There are many myths and misconceptions with regard to web security, and they believing this myths can result in a serious threat to your own company’s network. Here’s a list of 6 of the most common misconceptions with regard to web security and cyberattacks.

My Company Would Never be a Target

You might be shocked to find out that no matter how small or little known a company may be, it can be a inviting target for hackers. A 2019 report from Verizon revealed that 58% of cyberattack victims were business with less than 250 employees. Hackers target small businesses because their security is usually easier to defeat. In fact, the notorious Target cyberattack from 2014 started with hackers accessing login credentials through a small HVAC company, which means that your company could become the launching point for a much bigger attack. Here at Maryland IT Solutions we help assess risk, but know that anyone can be a target.

My Website Has Never Been Attacked Before

You may think your website has never been attacked before, but that is because your firewall and antivirus software is doing its job. If you were to check the logs for your cybersecurity system you would likely be horrified at how many attacks it has deflected. And there are also attacks veiled in legitimate sounding emails (known as phishing) which many security software packages are able to filter out before they reach you. In addition, it takes an average of 196 days for a breach to be discovered, so you may already be a victim.

Everything is on the Cloud for My Company — We Are Fine

The cloud provides a host of benefits but it is not a solution for web security. The cloud actually increases your attack surface area, or how many different ways that your company can be attacked. The primary weakness of cloud computing lies in the configuration settings, which can expose your cloud system to attack if misconfigured. Many times an extra layer of security is needed to protect your cloud network from attack.

There Are Other Areas of My Company That Are More Important to Invest In

Web security may not be where you want to invest your company’s finances, but the financial aftermath of a security breach combined with how it can affect your company’s reputation can destroy it. You will lose the trust of your customers if their personal information is stolen, and things will get even worse if they become the victims of identity theft. There can be expensive lawsuits and hefty compliance that result, too.  Investing in web security is an investment in your reputation and the relationship you have with your customers. How much is that worth to you?

I Have Antivirus Software and a Firewall

Antivirus software and firewalls are an excellent first line of defense against hackers and other cyber threats, but they cannot protect from all the forms that cyber attacks can take. 

All it takes is missing one antivirus software update and your entire network could become vulnerable. Or perhaps one wrong setting in your firewall software opens up an avenue of attack you never thought of — but a hacker did. Even things such as using outdated WiFi routers can make your system a legitimate target for hackers. Web security is more than just installing an antivirus program and setting up a firewall.

Conclusion

Make sure that you are basing decisions about web security on facts and not on myths. Even small businesses are the target of hackers, and you would probably be shocked to know how many times your network is attacked in one week. And while you may think that having everything on the cloud protects you, that is not it’s purpose — there are some additional measures you need to take to ensure that your cloud-based system remains safe. And while web security may not seem like an investment with a high ROI, it is still critical to the survival of your company. Finally, keep in mind that having antivirus software and a firewall is not enough for robust web security.

Maryland IT Solutions

If you are concerned about the status of your company’s web security, then contact Maryland IT Solutions today. We will make sure that your network remains protected against the latest threats. We also offer antivirus and web filtering tools at a low monthly cost. Reach out to us – your first choice in Maryland IT Companies – today!

Your data and the information derived from it is extremely critical to your business. However, too many small business owners take chances with their data by not having a system for backing their data up. What follows are five good reasons why you need to back up your data regularly.

Basic Data Recovery

A simple and honest mistake on the part of an employee can wipe out critical documents and files. Your data is too valuable to leave at risk like that, which is another reason why you need to back up your data. Whether it was information on new leads gathered the previous week that someone accidentally deleted, your hard drive failed, or your customer database that has fallen prey to ransomware, a backup system is your best bet for recovery.

Online Threats

Another threat to your data is hackers. In the past, hackers were content to make copies of your data; however, those days are past. One of the most insidious threats to your data may be ransomware, where a hacker literally takes your data, encrypts it, and then holds it for ransom. Either you pay them the money they demand (usually in the form of e-currency like bitcoin) or your data will basically be scrambled. To make matters worse, there is no guarantee that the hacker will provide you the correct encryption key if you do pay the ransom. Besides a good online security package, your best bet to protect against ransomware is a data backup.

Lost Time

There are two ways you can lose time in connection with not having a good backup: the first is redoing work and the second is downtime.

As an example, let us suppose that an employee spent several hours creating a spreadsheet for modeling suggested changes to how you do business only to have it disappear from the shared file system. You could ask that employee to recreate the missing spreadsheet, but that would be wasting time when that employee could be working on something far more productive. On the other hand, with a backup in place, you could have that file retrieved.

There is also downtime associated with recovering from a data loss. And every second of that downtime costs money that you may not be able to recover easily. Downtime is very expensive, but a robust data backup system will minimize both the downtime and its impact on your bottom line.

Remaining Competitive After a Natural (or Unnatural) Disaster

Suppose a hurricane and its aftermath (flooding, power outages) were to take down you and your competitors. Whoever can get their system up and running and first will have a clear advantage. And you can be the one with that advantage if you invest in a robust backup system. Ideally, such a backup system would include not just your data but your operating system and applications as well.

Archives

Another key reason why backup systems are so important involves archival data. You never know when you might need access to certain files from the past — it could be a financial audit or a compliance inspection. You can’t afford to lose access to critical files and databases, and let’s face it: regulatory bodies don’t care why the data is missing when it comes time to levy fines against you. The most reliable way to archive files you may need later is through a backup system.

Conclusion

Servers fail, hackers scramble files, and disasters (both natural and unnatural) can take down your systems. You need a reliable data backup system to protect the files that are critical to your organization, both for today’s business and tomorrow’s audits. Backups provide peace of mind, minimize downtime and redundant work, and can provide you with a significant competitive edge when disaster strikes. It’s not a matter of whether you can afford a backup — it’s a matter of whether you can afford not to have a backup.

Maryland IT Solutions

If you need a backup system that is reliable and encrypted, then contact Maryland IT Solutions. Whether you prefer an on-site backup system or an off-site backup in the cloud, we can help implement a solution for you that includes industry-leading encryption and conforms to any compliance regulations that you follow. Contact us today!

According to Norton, the United States remains the number one target for malware attacks, accounting for 38% of attacks between 2015 and 2017. In fact, web attacks are up by 56% from previous years. The danger is real, and the more you know about malware the better prepared you will be to make informed decisions about your company’s cybersecurity.

What is Malware?

The Federal Trade Commission defines malware as “viruses, spyware, and other unwanted software that gets installed on your computer or mobile device without your consent.” It can wind up on your system through vulnerabilities in software like Microsoft Office or through an email with a link that results in a drive-by download once you click on it. Many times malware is inadvertently installed along with downloads of software and videos from less than reputable sources. It can also be installed on your computer network by a skilled hacker.

What Does Malware Do?

Malware might monitor your online activity, which can include screenshots and keystroke logging to capture sensitive login or financial information. It might take the form of a virus that basically scrambles your data and applications to the point that they become unusable. Malware could take over control of your computer system or device.  It could manifest as ransomware, where your data is encrypted and held ransom by a hacker. The intent behind malware, no matter what form it takes, is always malicious.

Malware Attacks are Expensive

As of April of 2018, Statistia reports that 53% of malware-related attacks cost an average of $500,000+ dollars while 30% caused an average of $100,000 damage, based on numbers reported worldwide. The aftermath of these attacks can be expensive to small businesses, including ransomware which cost an average of $1,077 to ransom but resulted in losses averaging $133,000.

Small Businesses Are Not Exempt

Statistics from SCORE indicate that 43% of malware attacks were aimed not at large corporations but small businesses in 2017, and that number is expected to rise. Small businesses make a good target for hackers because they are usually not as rigorous with online security measures, including firewalls, antivirus tools, and performing regular software and hardware updates.

What Applications are Most Vulnerable?

Statistia, using data from Kaspersky Lab, indicates that the most vulnerable aspect of most computer systems is Microsoft Office, responsible for 47.2% of vulnerabilities that can lead to hacking, followed by browsers at 23.5% and Android at 20.7%. Despite the warnings that are often associated with Java and Adobe Flash Players, they only account for 5.5% and 2.5% of vulnerabilities, respectively. However, in a different sense, email and web activity also pose vulnerabilities. For example, Norton Symantec’s Internet Security Threat Report indicates that 1 out of every 10 URLs is malicious, making unfiltered web activity very dangerous.

Conclusion

Malware is a very real threat to your company, and a malware attack can bring your entire company down. Vistage research, in cooperation with Cisco,  indicates that 60% of small businesses go bankrupt or otherwise fail within just six months of a cyber attack. Don’t let your company become one of those statistics — make sure your cybersecurity measures are protecting your network against the latest attacks.

Maryland IT Solutions

If you are interested in an aggressive solution to network security that is responsive to the latest malware threats, contact Maryland IT Solutions. We can provide your company with a security package that includes antivirus tools, a firewall, and both web and email filtering. Your cybersecurity system is carefully monitored and kept up-to-date. Contact us today to see what we can offer you in the way of network security!

Phishing refers to trying to lure someone into revealing sensitive information such as logins, passwords, and financial information, and other data. This is accomplished via email or text message by someone pretending to a legitimate institution, like your bank or a credit card company. Once they have lured someone in, they come away with all the information they need to either access your network or access your finances.

Common Types of Phishing Attacks

There are three basic types of phishing attacks, but all of them have one thing in common: someone is impersonating a legitimate website or institution in order to access your critical information.

Basic Phishing

The most basic type of phishing attack should be easy to spot: you or one of your employees receives an email with a link that takes them to a site asking them to log in. However, careful examination of the email reveals some details that just don’t add up, like serious spelling or grammatical errors, logos that look a little off or are outdated, and a link that you have to follow — a link that just does not look quite right. Once you have arrived at the website, you will be asked to log in or provide detailed account information.

Targeted Phishing

In targeted phishing, the intended target receives an email that has so much personalization (e.g., name, title, company, contact information) that it seems the email must be legitimate — but it is not. Much of the information used in targeted phishing is obtained from your employee’s business-oriented social media accounts (think LinkedIn) and possibly even your own company’s website. You will also likely see much higher quality spelling, grammar, and even graphics, which can make these more difficult to spot.

Filesharing Phishing

In this type of phishing attack, your employee will receive an email that seems to be from a well-known filesharing site such as Dropbox or OneDrive indicating that someone needs to share a file. When the link is clicked, it appears to take your employee to the real filesharing site where they must enter their login information to access the file.

Avoiding Phishing Attacks

You can avoid having you or your employees fall prey to phishing attacks through a combination of cybersecurity measures and employee training.

Robust Cybersecurity System

The first line of defense against phishing attacks is to have a robust cybersecurity system installed that can filter email and messages so that phishing emails and messages are blocked and never reached the intended target. However, some phishing may take place outside of email and messages and it is also important that security software can effectively detect and block phishing webpages that are impersonating legitimate institutions.

Know the Red Flags

As just discussed, there is cybersecurity software that can catch these emails and messages before they ever arrive in your employee’s inbox, but on the off chance that one should slip by it is vital that your employees should be educated on the existence of phishing attacks, how to spot them, and what the repercussions are for the company if they fall prey to such an attack. There are certain red flags to be aware of anytime you or your employees receive an email:

• CCs to people you do not personally know
• A sender with whom you have no business relationship
• The sender’s email address is from a domain that seems suspicious
• The email appears to be a reply to something that you never sent
• The hyperlinks or sender’s domain is a misspelling of an actual website
• If you hover the mouse over the hyperlink, the addresses do not match
• There is a hyperlink present but no other information provided
• The email insists that you must log in using your username and password after following the link
• The email seems to be from someone you know (customer, vendor, coworker) but its contents are very much out of character for that person
• The site it wants you to go to is not secured (e.g., starts with http:// instead of https://) or does not currently have a valid SSL certificate

Conclusion

In 2017, the FBI reported phishing as one of the top three reported cybercrimes, and every day millions of phishing emails are caught by email and messaging security filters. However, even the best filters may not be foolproof — which is why it is vital that your employees are trained to recognize the red flags of a phishing attack.

Maryland IT Solutions

If you want to avoid becoming an FBI cybercrime statistic, then you need a robust antivirus and web security system for your network. At Maryland IT Solutions, we can provide you just that: a cybersecurity protection system that is carefully monitored and kept up-to-date to protect your network from the latest online threats, include phishing attacks. Contact us today to see what we can offer you in the way of network security!