Sales: 678.967.3854
Support: 866.252.6363
There are many kinds of disasters that can compromise your IT network. Fire, flood, and tornadoes are just a few. These can all bring your network down and your business to a standstill. But cybercrime, including data loss and theft, can also prove disastrous without proper IT support.
Recent surveys show that most small to mid-sized businesses have no disaster recovery plan in place. That’s a pretty scary scenario given that about 50% of all small businesses have reported some sort of data loss. In fact, according to the Association of Small Business Development Centers (SBDC), about a quarter of these businesses will experience a “crisis level” loss each year.
Think about all the electronic records in your business – customer contacts and purchase records, email, finance, etc. – now think about how devastating this kind of loss can be. You can lose some of your records or you can lose all your records. There have been many cases of total loss through ransomware attacks that lock up every file and that cannot be undone.
But even lesser losses can be problematic. Statistics show that the average data loss costs the victimized company more than $10,000. This includes lost business, lost future customers, the cost of reloading compromised files, etc. It builds very quickly. But these problems are unnecessary as worst case scenario prevention and recovery plans are affordable to the point where it is truly foolish to not explore your IT support options.
We are going to cover this area in some depth over the next few weeks and today we’re going to start with three of the key IT support metrics companies should be using in determining the level of risk they can tolerate, the level of data loss they can afford to suffer, and how quickly they must get back online.
Recovery Time Objective (RTO): This states the maximum time you are willing for your company to be down. “Not at all” is generally not an acceptable answer because, although such planning is possible, the cost of IT support doing so is generally prohibitive for most companies. The actual answer often depends on the type of company you are. If you are a manufacturer, it’s one thing. Quite another if you sell products online.
Recovery Point Objective (RPO): This is the point in time to which you need your data recovered, in other words, how much data can you afford to lose? Again, it’s a question of dollars spent in setting up your back-up / recovery process vs. dollars that will be lost.
Maximum Tolerable Outage (MTO): This is kind of a first cousin to RTO but looks more closely at loss of business relationships and the daily continuity of your business. Or, how long can you be down before the effect on your business relationships becomes a disaster?
Want to learn more? Check out our blog next week and the weeks after as we continue this discussion. Better yet, give DynaSis a call today at 770.629.9615 or contact us online. We have been providing IT support and IT security for small to mid-sized companies throughout metro Atlanta for more than 25 years.
Ever wonder what the “HTTP” or the “HTTPS” you see at the beginning of every website means? HTTP is the abbreviation for “hypertext transfer protocol” and describes the internet technology that enables the text you have been typing to be transferred to your recipient. When the letter “S” is added on the end to make HTTPS, the S stands for “secure”. The security feature is what IT companies call a “secure socket layer” (SSL), or “transport layer security” (TLS), and this is all enabled by the use of data encryption. This encryption provides security from hackers, whether it is for your personal email or sensitive banking information. In today’s world, making sure email and the files in them are secure is serious business.
The basic concept is simple. Your email, and the files within, are scrambled into unreadable text by an algorithm that must be unscrambled by a cryptographic key. So, how secure is this scrambling? Consider this: When the system was first introduced by IT companies in the 1970s, they were using a 56-bit key. In the ‘90s this was upgraded to a 128-bit key. That 128-bit key would take the most powerful computers of today 1,000,000,000,000,000,000 years to decipher. Today the keys are 256-bits and each bit doubles the time it would take to decode. We showed you the 128-key decode time because there simply isn’t enough space in this blog for all the zeroes in the 256-bit time frame. So, yes, the answer is that it is pretty darn secure.
There are essentially two types of data encryption. With symmetric encryption, a single key is used to code and decode. With asymmetric encryption, one key is used to encode and a different key is used to decode. Which type will be used depends on the level of security you are seeking as asymmetric is considered more secure.
While data encryption is critical to security, you may be asking yourself, “if the data is encrypted on one end, how does the recipient get the key for decoding on the other end?” Good question. SSL and TLS take care of that by providing the keys on both ends. The process is a bit convoluted and more complex than we want to deal with here, but it works…most of the time. Since “most of the time” isn’t good enough, code developers have taken encryption to a higher level using what we call “client-based encryption.” This is accomplished by using encryption tools such as Mimecast and Galaxkey. Mimecast is great when the main security issue is email, but when there is a broader security concern, Galaxkey is often the choice. If you would like to learn more about these tools, as well as more about data encryption in general, we suggest reading our recent article: The How & Why of Data Encryption.
Here at DynaSis, our security team is fully familiar with data encryption and the thought process that goes into the selection of the best tools for every client’s situation. We understand that every business is unique and the combination of security tools needed to protect each business can be different. Again, we recommend reading the article mentioned above as it presents much more information. Better yet, give us a call today at 678-373-0716.
Here at DynaSis, as a managed IT services provider, we offer prospective clients complimentary IT and Network Assessments. The assessment gives the business-person a good look at where the company’s IT infrastructure stands at that moment regarding a number of potential security issues as well as understanding where it stands in terms of updates and upgrades. We then ask people to consider four questions:
We’re not going to review these one by one because the answers are pretty obvious. What may be less obvious is where to start, and that is with the Assessment. The Assessment serves as a roadmap and without it, a managed IT services provider is likely to recommend unnecessary changes, and miss some that would be highly beneficial, in the end creating a framework that does not accomplish what you are looking for.
There are some basic yet important goals that your IT services company should be helping you accomplish:
Availability
Does 99% uptime sound good? Not by our standards. That is 1% downtime, or 5,256 minutes annually. Our goal between 99.99% and 99.999% uptime, or 5 minutes to one hour downtime per year.
Security
This is an important subject on its own and we encourage you to read a white paper we published earlier this year entitled Cyber Security 2018. As a managed IT services company, we are very much aware that the majority of cyber crimes are now committed against small to mid-sized businesses. Cyber criminals know that “enterprise” size companies have invested millions of dollars in protecting themselves, so small to mid-sized businesses have become the low hanging fruit.
Mobility
Everyone is on the go. Employees work from home, in airports, hotels, clients’ offices, even on vacation. Mobility today means a lot more than having a smartphone. It means being able to access your files anytime, anywhere. It means being able to collaborate with your team members no matter where they are. Again, this is a subject worthy of discussion on its own, and we would be happy to speak with you.
Productivity
People want to be productive and ensuring that your IT infrastructure is functioning at peak levels is necessary. In fact, studies show that millennials who are interviewing for all levels of management positions frequently inquire about the tools with which they will be provided to accomplish their jobs. An assessment will help here, too.
………………
What we have discussed in this week’s blog is merely the tip of the iceberg when it comes to the information that can be gleaned from an IT Network & Security Assessment. For a deeper look, we recently published a full white paper called The Value of an IT Assessment and we suggest you take a look. We believe you will find it eye opening.
At DynaSis, we have been providing managed IT services for more than a quarter century and we would love to start a discussion with you, so please give us a call at 678-373-0716.
The results of two recent surveys indicate that computer network support professionals working for “enterprise level companies” agree that a company’s own employees are often its weakest link in protecting against cyber-crime. (For specifics on these surveys and more information on the subject of employee training in general, read our White Paper on the subject.) So, as an owner of executive of a small to mid-sized business, consider this: if this problem is so prevalent in these enterprise level companies with large IT departments, where does this leave you?
It is well-known in computer network support circles that in this day and age of cyber-criminals who are relentless in their development of new ways to attack virtually everyone’s IT network that employee training is a key element. It is also known that careless and / or unintentional employee actions are the number one access point for these criminals. While all the other forms of network protection are still vital, employee education remains one of our best safeguards.
Here are some notes on areas that employees need to be taught, and then on which to be continuously reminded and updated:
Unbreakable Password Protection
Computer network support professionals are amazed at how many people still use easy to break passwords. Criminals use algorithms that can rapidly test millions of possible passwords, so if they have a reason to guess at part of a password, finishing it becomes a real possibility. Larger companies install protections against this, including automated requirements for regular changes as well as strong parameters. Try this. Current thinking among these computer network support people has changed from combining letters, number and characters, to letters only. Here’s why: if you combine three unrelated words of five letters each, (for example: househumanroses) those fifteen letters give you 1,677,259,342,285,730,000,000 possibilities. That’s 1.6 sextillion. And that’s only using lower case. Imagine if you mix upper and lower.
Downloading Unauthorized Software
Another activity that drives computer network support people crazy are the many software programs that can be downloaded for free with a simple mouse click. While many are truly useful, others may launch very destructive malware, including ransomware that can lock down an entire IT network.
Phishing and Spear-phishing – Social Engineering
These are tactics used to trick people into divulging sensitive information. You may not fall for the plea for assistance from the Nigerian Prince, but many people are fooled by realistic looking fake emails from banks, utilities, charities and others. One specific word of caution: the IRS never calls and never sends emails.
Social Media Scams
Fake Twitter Accounts: We all make typos. Studies show that a small percentage of people will inadvertently make mistakes and not correct them when typing. If you mean to send a tweet to a company called ABC123, but type ACB123, there may well be a fake account out there with that name, set up to trick you. These scam artists will set up hundreds of these accounts (ABD123, ABE123, ABC 123, etc.) to benefit from your mistakes.
……………………….
The reality is, there are too many ways that employees can make mistakes or be fooled to cover in this blog, so, again, we refer you to the white paper we wrote on this subject. Once you better understand the risks, you can set up training programs for your people. If you don’t have an in-house computer network support team to conduct employee training classes, speak with us here at DynaSis. We’ve been doing it since 1992 and would love to do the same for you. Call us today at 678-373-0716.
Most companies these days allow, or even insist, that employees use one or more of their own devices for work. Rather than causing resentment, the majority of employees actually prefer using their own phones, tablets or laptops, rather than having to carry two of the same type device. They are comfortable with the devices they understand and are probably upgrading them faster than the company network support team would be doing, thus giving both the employee and employer the benefit of more current technology.
That being said, there are concerns that many employees have, some real, some perceived, that must be addressed and, additionally, network support and security for devices the company doesn’t own can be challenging. On the employee front, those who are required to use their own devices often feel they are losing privacy, including the possibility that their personal information may be accessed. This can be overcome with adjustments on the network support side and explanations (in lay terms) to the employees.
We won’t get into too much technical detail here, but on the employer’s side the issue of keeping company data secure demands serious consideration. This requires the creation of an “Acceptable Use Policy”, but please keep in mind that policies like this are only helpful if they are enforced. (If you want more information about BYOD policies, check out our White Paper on the subject.) If you are going to allow or require BYOD, here are some guidelines on how to begin:
Pilot Program
Start small. If you only have a few employees, you may want to include everyone, but if you are mid-sized and growing, limit the participants until you’ve got the bugs worked out.
Involve All Constituents
A strong BYOD policy will involve every department in the company: sales, marketing, HR, finance, R&D, etc. Make sure people from each of these are involved in the set-up and roll-out discussions.
Employee Training
Employee training today is important in many areas of cyber security. Employee email accounts are the number one source of access for cyber intrusion of all types. BYOD is no different. This is an important network support issue.
Industry Specific Security
PCI, HIPAA, GLBA, DSS and others. You don’t want to be 100% in compliance in-house, then fail to keep employee devices adequately protected.
Device Level Security Isn’t Enough
Proper network support and security requires multiple defense layers. Hard as you try, you may not always be successful in keeping every device secure, so your network must provide protection for this.
Additional Costs
Yes, by asking/allowing your employees to use their own devices, there will be savings, perhaps substantial. However, there may also be additional expenses to install updated infrastructure technology. All in all, however, the switch should help your bottom line.
Again, if you would like to learn more, check out the White Paper, or, even better, give us a call. We have been providing IT network support for more than 25 years and would love to chat with you. Call us today at 678-373-0716.
Cybercrime complaints to the FBI exceeded 300,000 in 2017 with an estimated loss of almost $1,500,000,000. The thing is, the Department of Justice estimates that only 1 in 7 criminal incidents are ever reported. That brings the estimated totals to 2,100,000 incidents and $10,500,000,000 in losses. Why is that?
First of all, if you believed you caused the attack because of an error in judgment, chances are you aren’t going to be so fast in letting anyone know. Neither would your employees. Now, very few employees, fortunately, are going to actively work at allowing cyber intrusions into your network, but simply clicking on a deceptively realistic looking phishing or spear-phishing email can open the door. Companies with effective in-house or managed IT support providers can usually determine whose mistake it was, but for many small to mid-sized businesses, the unintentional culprit will never be found.
But in some ways, that’s beside the point. The point is that your employees should have been well-trained enough that they aren’t susceptible to this kind of fraud.
If you are the boss and you know about the cyber break-in, your attitude may be that it’s unlikely that the perpetrator will ever be found so why bother? You are also way more likely to pay a ransomware demand than report the crime. It just seems easier. Except that in about 20% of the cases, the de-encryption code you need to unlock your files either never arrives or doesn’t work. This 20% would have been much better off dealing with prevention than with trying to rectify a really tough situation.
There is another growing area of cyber-crime, although it is not committed through entry into your IT infrastructure. This is IT support fraud and in 2016 there were more than 10,000 cases reported. Again, law enforcement believes the 10,000 are the tip of the iceberg. The reported losses were $800 each on average. Most of these were perpetrated against individuals, not businesses, but in today’s work-world, with many people using their own devices for work, sensitive business information that resides on an employee’s personal laptop may be stolen and used for illegitimate purposes.
The gist of this blog is to encourage two things: first, report all cyber-crime. You can never tell which case will be the one to break open a crime ring. Second, make sure your employees are well-trained in cyber-crime prevention. Fact: most ransomware and other malware intrusions are caused by employee errors that can be prevented.
Need more info? Try this article we published not too long ago, or, better still, give us a call at DynaSis at 678-373-0716
Many people are surprised to learn that today’s number one cyber security threat is email. Deeply concerned about all levels of IT security, we recently published a white paper analyzing the various threats and how to thwart them, as well as how we here at DynaSis work to make our clients’ email accounts secure. In this white paper, we went over things like “zero trust” and how effective current phishing and spear-phishing techniques have become…and how to protect yourself by educating your employees.
Zero Trust as a Security Model
This is a critical part of email security in today’s world. Sorry. It might sound unfriendly, but when we trust no one, we are more vigilant. It’s not that we don’t trust people’s integrity, especially when it comes to our most trusted employees, it’s that we simply don’t have the luxury of trusting their judgment when they are up against brilliantly (unfortunately) crafted schemes designed to inflict harm. This is especially true in this world of BYOD (Bring Your Own Device To Work). Not only are the bad guys trying to work their way into your system through your company-owned devices, they are also working on getting in through the personally owned devices your people are using to access the company network.
In addition to phishing and spear-phishing (including expanded definitions), we go over email spam, viruses, malware, ransomware, social engineering and state-sponsored hacking. And we remind you, as we do here, that all this can start with a simple, single email.
Best Practices
But we don’t just leave you hanging. We review “best practices” and how they can be used to keep the bad guys out. We go over specifics like auto-listing, RFC check greylisting, global reputation checks, recipient validation & active directory, anti-spoofing, email firewalls, and policy controls. Whew! That’s a lot of stuff, but it’s all important.
Mimecast
As a managed IT support provider and after reviewing all the software available (and with 25 years-experience, we are experts at conducting reviews) we have chosen Mimecast for our clients. You can click here to check out Mimecast on our website, or here to read about it in our white paper. Check out our entire website at www.DynaSis.com, or better yet, give us a call today at 678-373-0716.
Yes, compliance can be a pain in the butt.
Yes, the current administration has been eliminating a lot of regulations so for some industries, compliance has become somewhat easier.
But, no, not all compliance regulations are not going away, and, no, not all regulations are evil. A world without any regulations would be a difficult place to do business and consumers and companies alike would be at the mercy of bad players with no recourse. Regulations are necessary, although we are not going to get into the debate of how many are good and how many are bad.
The question for you, as the owner or an executive in a small to mid-sized business, is how to not only follow the rules, but use the fact that you are in compliance as a competitive advantage. Look, you have to follow the rules anyway, so use them to your advantage.
Not long ago, we published a full White Paper: “Compliance as a Competitive Advantage”. In it, we looked at a number of ideas. We started with the riskiness of non-compliance and the negative press that can follow. We discussed the large fines that can be incurred, including a $50,000 fine to a hospice that had a laptop with unsecured patient records stolen.
We also talked about the Public Relations nightmare that can occur. No, if you are running a small to mid-sized business here in Atlanta, your compliance shortcomings aren’t going to make the CBS Evening News, but you can definitely expect them to make all the local affiliates at 4 PM, 5 PM, 6 PM, 11 PM and again at 5 AM and 6 AM the next morning.
You’ve heard that there is no such thing as bad publicity? Don’t believe it because the next thing that will be affected is the confidence of your clients/customers. Your company doesn’t have the staying power or the public relations budget of Home Depot, Sony, Target or the other major national and international firms that have been hit by these scandals. In fact, statistics show that up to 60% of SMBs that have been hit with compliance scandals (this includes data breaches, etc.) either never reopen or close permanently within six months.
We strongly suggest you read the full White Paper, then look at the series of Compliance web pages we also published recently. Start here: Compliance: Getting Started, and in the lower right corner you will see links to a whole series of short but highly informative web pages on a series of compliance-related subjects.
Here’s the thing about compliance: it should be one of those things that you just do and do right so that so that it never becomes a major issue. Here at DynaSis, as a managed IT support provider here in Atlanta, we have been helping companies with compliance for more than 25 years. Give us a call and we can discuss your needs. 678-373-0716.
When is Your Business Ready for the Cloud?
Simply put: Now!
Like we’ve been doing in recent weeks, we are taking another look-back at some recent white papers we have written that we believe are important enough to again bring to your attention. This blog refers to the white paper: Is Your Business Big Enough for the Cloud?
First, what exactly is the Cloud? The cloud (and the term is not something we would have chosen) is simply a cluster of servers that serve many businesses. These servers are usually located in a highly secure facility that offers protections that no small to mid-sized company could afford. The cloud is not some bizarre technology that only the most sophisticated businesses should consider. In fact, you are using the cloud right now: smartphone apps, mobile banking, Google Docs, Gmail, and lots more.
While the White Paper mentioned above goes into more detail, let’s just quickly take a look at some of the advantages of using a cloud (like the DynaSis Business Cloud):
Data Backup: there are few things in today’s technology world more important than good backups. There is so much that can go wrong, although proper IT support and planning can prevent much of this, that you need to be prepared. Sure, you can back up in your office, but the cloud is much safer. (Hybrid systems are also good options, where some backup work is done in your office and other is done in the cloud. Ask us.)
Mobility: Your people are on the road, working from home, in hotels, customers’ offices, etc. Your cloud service is much less likely to go down than is your in-office service. The last thing you want is your sales team that’s visiting a customer on the west coast to be unable to open important documents.
File Synching and Sharing: Actually part of Mobility, the cloud allows quick and seamless ability to share documents and synchronize them so everyone is on the “same page”.
Storage: As your needs expand or shrink, you can cost effectively increase or decrease storage capacity without buying new server equipment. If your business changes, you can download archive document to tape and decrease storage costs.
Always Up-To-Date: For apps like Microsoft Office 365 and others, online versions (which are in the cloud) are always updated, including fixes. Your people are always working on the latest versions with the most useful features.
There is a lot more to understand about the cloud, so download the White Paper mentioned above. Even better, give us a call. After more than 25 years as an Atlanta managed IT support provider, and having worked with the cloud since its inception, we have a lot of good information we are happy to share. Call us at 678-373-0716, or visit us at www.DynaSis.com.
For a long time now, we have been making the claim that “every company is a technology company.” It doesn’t matter if you are designing websites, building houses, or selling pet food and supplies. Do you have a website, an email account? You are using technology every day and in more and more ways every year. Therefore, it seems only natural that you will eventually need a CIO – Chief Information Officer.
Not so fast. Yes, it is entirely possible that a CIO may be the best thing for your company, but it is not something you should be jumping into. It can be very expensive and if the need isn’t really there, you may want to look at other alternatives.
We published a White Paper not too long ago titled: Does Your Company Need a CIO? and in it we examined the costs, benefits and other options.
Good technology people are hard to find and consequently command big salaries. For example, in the Atlanta metro area, the average salary plus bonus for a CIO is $327,000 (per Salary.com). You can save some with a Chief Technology Officer ($267,000) or an IT Director ($201,000), but for the average small to midsized business, that’s still a lot of bucks. (Check out the white paper for details, charts, and descriptions of the different positions. They do NOT all accomplish the same things.)
The answer: (again, read the white paper for details) Hire an experienced and qualified managed IT support provider that will cost you a fraction of the expense of a full-time hire, and will bring to the table a staff that includes professionals that can handle virtually any problem. “Virtually any problem”. That’s important because, with the breadth of technology out there today, no one person, no matter their training or background, can know everything about everything when it comes to the technology your company needs to grow and thrive.
Here at DynaSis, we have been providing managed IT support for more than 25 years. Concerned about cyber security? Ready to investigate the Cloud? We have a staff of well-trained and certified professionals…more than 60 team members…who are well-equipped to see small problems and fix them before they become major issues. We also have the people to work with your executive team to make technology plans and decisions for the future. And we have real live people on duty 24 x 7 x 365, awake and in our office, dealing with overnight patches and upgrades, who can deal with your issues day or night.
If you really want to learn more, give us a call at 678-373-0716 or visit us at www.DynaSis.com.
© 1993-2022
(Privacy Policy)
DynaSis HQ
950 North Point Parkway
Ste 300
Alpharetta, GA 30005
24x7x365 Technical Support 866-252-6363
Sales Inquiries 678.504.6486
U.S. based Data Centers
Alpharetta (Atlanta), GA
12655 Edison Dr.
Alpharetta, GA 30005
Brentwood (Nashville), TN
7100 Commerce Way #25
Brentwood, TN 37027
