Penetration Testing vs. Vulnerability Testing Your Business Network

Hearing “all of your confidential information is extremely vulnerable, we know this because…” is bad news, but whatever follows the ellipses determines just how bad. Consider two scenarios.

  1. “All of your confidential information is extremely vulnerable… we know this because a hacker took all of your customers’ credit card info and locked all of your files behind ransomware.”
  2. “All of your confidential information is extremely vulnerable…we know this because we did a vulnerability scan of your network, and have some suggestions on how you can improve.” 61% percent of small businesses are victimized by cyber attacks each year, and one in five victims do not survive. It is financially worthwhile to make sure that you end up being the person hearing the latter sentence.

Scenario 2 describes the statement after you have had a vulnerability test conducted. A vulnerability test is a comprehensive audit of security flaws that a hacker could exploit, and the possible consequences. This is the equivalent of a doctor giving a physical examination. This information will allow you to know what your risks are and plan your security policies accordingly.

Vulnerability tests should be conducted quarterly, and can be done by in-house IT or outside consultants.They should be done quarterly, or whenever you are incorporating new equipment into your IT network.

What is a pen-test: A pen-test is a simulated attack on a network to test the strength of its security. Usually, the pen-tester will have a specific objective (e.g. “compromise this piece of data…) A vulnerability scan tells you “what are my weaknesses?” and pen­test tells you “how bad a specific weakness is.”

How often should you pen-test: Different Industries will have different government mandated requirements for pen­testing. One of the more broad reaching regulations, the PCI DSS, for example, requires pen-testing on an annual basis. However, it is prudent to go beyond the legalminimum. You should also conduct a pen-test every time you have

  • Added new network infrastructure or applications,
  • Made significant upgrades or
  • Modifications to infrastructure or applications,
  • Established new office locations,
  • Applied a security patch
  • Modified end user policies.
Penetration Testing vs. Vulnerability Testing Your Business Network

Benefits of Using VoIP Technology

Benefits of Using VoIP Technology

Benefits of Using VoIP Technology

More and more businesses are implementing Voice over Internet Protocol or VoIP technology because of its versatility, flexibility and cost effectiveness. With new developments in this technology, the scope of its applications is widening. It is becoming more than just voice communications technology. That is why businesses of all sizes are migrating at an increasing rate. Here is a short list of some of the benefits.

Versatility/Flexibility: There are many VoIP service companies that have been working feverishly to enhance the use of this technology. They are bundling up other communication applications into a single unified communication platform to increase the efficiency for businesses. This means all modes of communication such as voice, fax, video, web conferencing and emails can be utilized, using a single software application. The ability of this application to convert voice into an email or fax into an email can bring a tremendous amount of efficiency to business operations. You don’t need to sign up for a separate service for a telephone or videoconference. An incoming phone call can be received on a mobile phone and regular phone simultaneously. That means there are fewer missed important phone calls, and less wasted time on ‘phone-tag.’ An employee can receive an important fax on a laptop while sitting in an Internet café or within range of a Wi-Fi hot spot, and can redirect it to an associate within minutes with a few keystrokes. The list of benefits goes on.

Reduced cost: There are many ways VoIP can lower communications cost thus significantly enhancing the revenue. Here are some of the financial benefits of implementing VoIP.

  1. Cost per phone call: Making long distance or international phone calls using landlines or mobile phones can be very expensive. Charges incurred at per-minute rate can add up quickly. When you conduct business from multiple locations VoIP applications allow you to make calls from PC to PC that are free if they are within the same network. That could be significant to eliminate long distance charges if two locations are hundreds of miles apart. You can also pay a low monthly flat fee and make an unlimited number of calls, including international calls. This means much less usage of your mobile phone-minutes.
  2. Operational costs: You don’t need separate networks for data and voice communications. Everything can be done using the data network. Specially designed phones with VoIP technology can be managed right from your desktops. There are a few things at work here. First of all, you have the potential to be eliminating traditional “phone” lines, usually a significant monthly fixed cost, in addition to the per minute usage costs. Paying per minute remains a major issue if you do any international calling, or have offices located in other countries, where per minute rates may not have dropped like those in the US. Another operational cost that goes away are the labor costs involved in moving employees from office to office. Reconfiguring numbers and phones can still require physical changes. Even if they are only software changes, there is a cost to pay the technician who handles these reconfigurations.
  3. Infrastructure cost: With this technology your infrastructure cost is greatly reduced. For example, you have to pay more for the telephone extensions using traditional PBX and key systems. Using VoIP allows you to run those extensions right from your computers. Dual-mode phones can be used with this technology after making minor configuration changes. That allows the user to switch the use of a dual phone from cellular to a local Wi-Fi environment, reducing the need to carry a regular phone and a cell phone. That means fewer devices to manage.

Summary: After our discussion, the significance of implementation of VoIP can’t be overstated. Every business strives for better revenue. This new technology offers many ways to cut costs and bring efficiency by unifying all modes of communication onto a single platform. Efficiency and lower costs are always synonymous with greater revenue. Get in touch with a Managed Service Provider and ask them how they can bring you on board with this great technology called VoIP.

Benefits of Using VoIP Technology

BYOD: Why is This Concept So Attractive to Employees?

BYOD: Why is This Concept So Attractive to Employees?

BYOD: Why is This Concept So Attractive to Employees?

Bring Your Own Device, or BYOD, to work was an idea a few years ago that is becoming a reality very fast. To use your personal smartphone, tablet or laptop for work seems increasingly natural. Employees are embracing this concept without any serious reservations. As more and more business activity becomes technology driven, to have electronic gadgets right by your side all the time make sense. According to a survey conducted by Logicalis about 75% of employees in high growth markets such as Brazil and Russia and 44% in developed markets bring their own devices to work.

Let’s examine all the factors causing people to want to use their own devices at work.

  • Familiarity: This may be the most relevant reason for someone to bring their own tablet or laptop to work. It may be the operating system, web browser, or other apps on their devices that they know so well and feel comfortable using.
  • Convenience: Companies have been providing their employees mobile phones for business use for a few decades. Now those employees have to carry two phones, since everyone also has a personal phone. This duality is a nuisance. It is hard enough to care for one mobile phone and now they have to worry about two of them. The reality is that companies expect employees to be in contact 24/7, so company devices can’t just be used at work. They have to be carried home, out to the store, etc. If the employees have a choice they would much rather carry just one phone, their own, enabling them to be reachable by family and friends anytime. Also it could be cheaper if their company offers to share the cost of using their device for business.
  • Productivity: Convenience can also result in better productivity. Having fewer devices means fewer distractions. Fewer distractions equals less wasted time. Saving time is always good for productivity.
  • Personal contentment: It makes employees feel good to be able to use their own devices at work. Higher employee morale is very important for any organization. Happier employees are more likely to work hard. A positive environment is also a factor in lower turnover. So if an employer gives its employees the liberty to bring their own devices to work it may have more satisfied workers.
  • Conclusion: People in the workplace are using their own devices so they can accomplish more in less time. It makes them happy to have their personal devices at work, and it makes them feel good about their job if they are allowed to use the devices that they are familiar with.
BYOD: Why is This Concept So Attractive to Employees?

VoIP: A New Dimension in Communication for SMBs

VoIP: A New Dimension in Communication for SMBs

VoIP: A New Dimension in Communication for SMBs

Voice over Internet Protocol or VoIP is about a decade old technology that is gaining popularity among individual subscribers and businesses. In conventional systems, phone calls are made using telephones or handsets that are connected by phone cables. These calls are routed using the Public Switched Telephone Network (PSTN,) carrying a signal from one telephone to the other. But instead of connecting telephones to the phone cables through phone jacks in the walls, VoIP uses the internet where phones can be connected to broadband devices, adapters or PCs using broadband. With this system, voice is converted into a digital signal and carried over the Internet. Let’s take a look at all the options that are available to make calls using VoIP.

Make Calls from a PC: Using this platform a call can be placed from your PC. Your computer is connected to the Internet via broadband. A specially designed software app allows you to place and receive phone calls right from your PC. When deployed, this software displays a dial pad. You can dial a number using a mouse or keyboard. You will need a headphone or speaker to hear and a microphone to speak. When your PC is connected to a phone or another PC on the other end, you can talk like you would on a regular phone. The software with video capabilities will let you see each other (you and the recipient of your call) if it is a PC to PC call and both computers are equipped with cameras. In this case you don’t even need a telephone handset.

Make Calls using a regular phone: You can make phone calls with a regular phone using VoIP technology, but for this you will have to have a service, such as Vonage, that provides VoIP access. You can subscribe to their service for a monthly flat fee or a per-minute rate. Your regular phone can be plugged into an adapter which is then connected to a broadband device. Some services will allow you to make calls within their service network only. But there are other services that will let you make calls anywhere. That means you can call local, long distance, international and through mobile devices.

VoIP telephones: There are VoIP service providers that provide special phones. To use these phones you don’t need an adapter. Their telephones are designed to work with your broadband device. You can connect this phone directly into your broadband modem using an Ethernet cable and use the phone like any regular phone.

Companies providing VoIP services are focusing on providing unified communication platforms that will include phone, emails, faxes, videos and voice mail capabilities. Their goal is to deliver these capabilities that can be used by all means of communication including handheld devices.

The Role of MSPs: Managed Service Providers or MSPs can help businesses with the installation of hardware and software, enabling VoIP technology. This will also organize their communication networks by integrating those networks into their IT infrastructure. Now SMBs can eliminate another worry (management of their communication systems) by outsourcing their IT services.

VoIP: A New Dimension in Communication for SMBs

SMBs: It is Hackers v. You – Don’t Let Them Score

SMBs: It is Hackers v. You - Don't Let Them Score

SMBs: It is Hackers v. You – Don’t Let Them Score

Selling stolen IDs and other personal data is a lucrative trade for hackers. They are always looking for sources where vital information is stored. As a small to midsize business you store your client’s personal information, collected from different sources, on your computers and servers. Your Point-of-sale (PoS) terminal and some website transactions can be completed by use of electronic banking, credit cards or debit cards only. Your customers have to key-in their pins or passwords to make payments. That information has to be saved. Also, depending on the kind of services or products you provide, you may be collecting Social Security numbers, addresses, driver’s license numbers and DOBs of your clients. Information that personal is as important as it can get. Any source of that information is like a gold mine for a hacker. All this means only one thing for you: A data security nightmare.

Here are the channels hackers can use to break into your IT infrastructure

  • Your website: Hackers have become very sophisticated in cyber attacks on websites. They can access specific information by targeting websites that have the information they are looking for. For example, if they want only financial information about their victims, they can use tools that will fish for the websites that carry that kind of information. Implementation of web-based applications has made it easier for cyber criminals to connect to your website data base. They are able to find the loopholes and hack into systems. They can then access your customer’s personal information, allowing them to steal from your clients by committing credit card and bank fraud. Or they can just sell your client’s info on the Internet.
  • Your computers and servers: Your computers and servers are treasure-troves of information. By sending malware into your systems they can steal your admin passwords, and then login to your servers and other network devices. These hardware devices are the ultimate prize for cyber thieves because these devices not only hold important information about your clients, they also have all the information about your business and possibly about your vendors and associates. There is nothing about your business that these hackers don’t know. Imagine how devastating this attack can be.
  • Mobile devices used by your employees: If you are one of those entities that allow their employees to use their mobile devices to conduct business, you have another security dimension to worry about. You don’t know how secure their mobile phones, iPads, laptops or tablets are. You don’t know how hard or easy their passwords are to crack. Breach of security into those devices will lead hackers right into your networks where they can steal data at will.
  • Unsecure Wi-Fi network: Most businesses keep their Wi-Fi networks well protected, but unsecured Wi-Fi is an open invitation to cyber criminals. If your Wi-Fi network is not secure, hackers are one step closer to breaking into your systems without even trying.
  • Your PoS systems: PoS systems are the prime targets for hackers who want to commit financial fraud. Cyber thieves know that PoS systems that come with pre-loaded software can be hacked using an unsecured Wi-Fi network. This fraud has a direct impact on an individual’s finances because a hacker can make unauthorized credit card charges quickly and move on before anyone realizes what happened. Ruined credit can take years to mend.
  • Your emails: Email is another venue that hackers use to infect computers with malicious software. They send viruses that replicate themselves in the host computers, performing various tasks such as denial of service to the users of your systems, spamming your contacts and accessing data without authorization.

Summary: After reading this article you probably feel like you are in cyber warfare with hackers and your IT infrastructure is the battlefield. You are absolutely right. Hackers are relentless and they are devising new methods all the time to steal from businesses. But this is one fight you can’t let them win. Protecting client data is not just a moral obligation. You are legally bound by the privacy laws to protect this information by all means. Breach in data security can ruin your reputation, and the financial liability to meet legal obligations may become too much to sustain.

So how do you fight this war in which you have to make certain that there is only one winner? Outsource your IT managed services to professionals who will monitor your networks 24/7 from a remote location. Your in-house IT management team may be able to fix problems, but it is important that proactive solutions are in place in case there is data loss as a result of a breach. Managed services can create solid data backup & recovery plans that will have your systems up and running quickly, so you can reduce downtime and protect your revenue.

SMBs: It is Hackers v. You – Don’t Let Them Score

Business Disaster: What Threatens Small Businesses the Most?

 Business Disaster: What Threatens Small Businesses the Most?

Business Disaster: What Threatens Small Businesses the Most?

There are many threats to the integrity of a small business, and not all of them are as dramatic as a cyberattack or a hurricane. Every small business needs to do a risk assessment to determine all the threats that exist that could bring harm. External threats are the ones that get the the most attention. These can be big snowstorms or hurricanes that bring down power lines and network connections. They can also be man-made. A power outage due to a grid failure, or an act of terror. Also in this category are phishing scams, cyber attacks and data theft from external sources.

All of these are the ones that make the evening network news, and every business needs to plan how to handle them. However, there are some internal threats that can be just as serious, but are far less attention getting.

For example, human error. Stolen data can occur because someone forgot about changing their passcode, or they left a smartphone containing critical data on the bus. These aren’t nefarious acts, but they can still have serious consequences. Have you looked at how you might wipe clean a lost phone? What about the person who forgot to do a backup the day before a server failed?

Another area where human error can occur is a technical oversight. Perhaps an overworked tech who did not recognize the existence of a single point of failure in your IT infrastructure.To learn how outsourcing some tasks such as proactive management and security audits can solve these problems, see “Outsourcing Isn’t a Dirty Word: Meet Managed Services, Your IT Team’s New Best Friend – Managed Services

Business Disaster: What Threatens Small Businesses the Most?

Data Protection and Bring Your Own Device to Work

Data Protection and Bring Your Own Device to Work

Data Protection and Bring Your Own Device to Work

BYOD refers to a firm’s policy of allowing employees to use their own personal phones, tablets and laptops for all their work applications.This is a pretty common policy, and it has many benefits, but it brings along risks. How are you addressing these risks?

Here are some of the issues raised by BYOD

  1. A lost device – If you issue company phones, you have the ability to remotely wipe the unit clean if it is lost or stolen. With employee’s personal devices, do you still have that ability. If not, your data is at risk.
  2. Software updates – Is the employee responsible for updating all the software and virus protection programs on their own devices? If that responsibility transfers to them, you are at the mercy of their willingness to keep track of such tedious tasks. If you accept responsibility for it, do you have the in-house staff to handle all the extra work?
  3. Back ups – with data being entered on many different devices, something must be done to ensure back up procedures are routinely followed.

In short, BYOD is probably an unavoidable approach to device management. It is unrealistic to expect people to carry around 2 different phones or tablets 24/7. But BYOD means extra work for the in-house staff of a small business. To learn more about these risks and a more affordable, comprehensive approach to BYOD Management, see our e-guide “Now you see it, There IT…Stays

Data Protection and Bring Your Own Device to Work