[featured_image]

By the DynaSis Team

With all the media coverage of data breaches, many companies and individuals may be asking themselves if cloud-based backups (or for that matter, cloud-based prime storage) are safe. The reality is that although cloud storage CAN be riskier than on-premise file storage (server and/or desktop), it can also be much more secure. Prudent companies can take precautions―beginning with vetting their cloud providers and solutions―to ensure their files are as safe, if not safer, in the cloud than anywhere else.

Following are a few protections you should require of any cloud backup or storage provider. DynaSis incorporates all these protections into its cloud-based solutions.

1. Encryption―Don’t accept anything less than AES 256-bit encryption, preferably in the Cipher Block Chaining (CMC) mode with 256-bit keys. There are no known methods to compromise this type of encryption. DynaSis’ cloud-based backup solution uses this type of encryption―and its “private cloud” file storage and sharing solution, DynaSis Blue, uses 448-bit Blowfish encryption (on-device and in-transit).
2. Intrusion Prevention System (IPS) to dynamically monitor and remediate security incidents.
3. Incident Response and Notification Plan.
4. The ability to provide access to security information on customer data in response to a customer’s regulatory request or internal investigation.
5. Cyber insurance liability policy to cover cloud-based losses, assuming there is a breach and customer records are stolen or otherwise compromised.

In addition to these protections, we recommend such administrative controls as customizable deleted-file retention periods, granular controls of user access and security, and continuous, real-time, multiple-folder backup, including revised-file backup. Of course, the solution must also incorporate sufficient bandwidth to enable rapid transfers and the ability to easily and dynamically increase your storage allocation if your current allowance reaches a pre-set percentage of capacity.

Managing data is a challenge in any organization. Taking it to the cloud adds a few additional considerations, but that doesn’t mean it necessarily adds complexity. Working with an experienced cloud provider, you should be able to enjoy more security and continuity of file backup and retrieval―with less involvement and fewer headaches―than your on-premise solution can provide.

Many companies choose to have their entire systems backed up, including not only data but also applications and other elements. Many cloud providers (including DynaSis) can use these whole-system backups to build an off-site server for a firm in the event that their on-premise equipment fails. At the minimum, we strongly recommend that companies backup their email files and folders to the cloud. This not only keeps the email archive in a central location, facilitating message search and retrieval, but it also builds a segregated archive that will help the company protect itself should emails be required in the event of eDiscovery or compliance requests.

To learn more about our cloud-based backups and other cloud solutions, please fill out our inquiry form or give us a call at (770) 569-4600.

[featured_image]

By the DynaSis Team

If you studied psychology in high school or college, you probably encountered Maslow’s Hierarchy of Needs―those elements that take humans from basic survival to self-actualization. Did you know there is a customer hierarchy of needs, as well? The terms for these needs change from one model to the next, but they all say basically the same thing.

At the most basic level, customers want accuracy and availability. They want things to work and they want to be able to obtain them. Above that, they want companies to meet their desires―provide ease of use; wide color selection; extended operating hours―whatever they desire in the product or service that isn’t absolutely necessary for them to use it. At this level, customers become loyal, and most companies are content if they achieve this “pinnacle.”

The cold reality, however, is that meeting customer desires and gaining loyalty do not place you at the pinnacle. That spot is reserved for meeting customers’ unexpressed needs―actually advising them of things they might want and making them available for them. It involves having a two-way dialog and showing that you are looking out for them.

At this level, companies gain evangelism―customers that tell everyone how wonderful a company is. Most firms never come close to achieving this level, because they are caught up in trying to reach or stay at the loyalty level. They waste the opportunity to become truly great and extraordinarily successful.

So, how do you get your customers to the level of evangelism? You must already have great products or services, of course. Your employees should love your company and what it represents, and they should be dedicated to providing passionate, caring service. To make that leap from this foundation isn’t effortless, but today’s technology is making it a lot easier than one might think.

What do you do with the data available to you? This includes, not only what your customers order, but what they ask about when they call; what they say about you to their friends on social media; even what they say about your competitors. All of this data is available to you, either through your own internal records or through social media analysis. You just have to harvest and analyze it to get a pretty good idea of what your customer might like you to offer them, next. (It’s also a good idea to participate in their conversations and let them know you are listening.)

Best of all, there are ready-made data gathering and analysis solutions that can do a lot of the work for you, even going as far as monitoring conversations about you and your customers across the entire spectrum of social media, so you can jump in and participate. They can even tell you who your key influencers are―the folks that persuade others to either like or dislike your products or services. (If you are old-school and this sounds like an invasion of privacy, consider this: it’s perfectly legal and your competitors are probably already doing it.

These solutions aren’t DynaSis’ specialty, although we can point you in the direction of someone who offers them. Because we care about your success, we just wanted you to know they are there. We also wanted to remind you that, before you decide to implement any solution that gathers and stores customer data and preferences, you should order a security analysis and ensure you have robust defensive mechanisms in place.

All the customer engagement and gratification in the world won’t build your business if a criminal steals those lovely pools of data that you collect, analyze and store. If you suffer a data breach like those of PF Chang’s or Target, your customers will become evangelists, but they’ll be telling everyone to run the other direction. If you’d like to request a technology assessment to see where you are, now―or discuss any aspect of technology and how it impacts your business―we invite you to fill out our inquiry form or give us a call at (770) 569-4600.

[featured_image]

By the DynaSis Team

As news of the data-breach class-action suit against restaurant chain P.F. Chang’s reverberates around the Internet, a recently released survey has confirmed what a lot of experts have been asserting—that corporate websites are nowhere near as safe as their operators might hope. (For those that don’t follow online security news or have been on vacation in Bora Bora, P.F. Chang’s suffered a massive credit-card data breach in June 2014.)

The report, released by the Online Trust Alliance (OTA), found that 71% of top consumer websites did not sufficiently adhere to online security and privacy best practices. The OTA branded them with the designation of “untrustworthy,” because they expose their customers to potential data leaks, security breaches and privacy concerns. (The OTA performs this audit yearly; it just happened to coincide with the P. F. Chang’s disaster.)

For this report, the OTA examined the privacy and security practices of 800 leading sites that target consumers, from Walmart.com to Ancestry.com, and assigned them a grade for “online trust.” For the evaluation, the OTA considered three categories of best practices―domain/brand protection, privacy and security―for both the sites themselves and any related mobile apps they offer. (Twitter scored the highest grade for privacy and security.)

Among the top sites, 28.8% made the Honor Roll, meaning they safeguard data in the three categories listed above. That sounds pretty good until you consider that 52.7% of examined sites failed completely in at least one category. Among news and media sites―which many, many people read both at home and at work―only 4% qualified for the Honor Roll. Of perhaps greatest concern, however, was that banking websites and the Internet Retailer 500 (the online retail “big boys) performed dismally as well, with 65% and 57% failing, respectively. (Those numbers really shocked us.)

Given that the TOP 800 sites performed so dismally, where does that leave Internet users? Likely, in pretty scary territory. So, what’s the takeaway for business owners? In our view, there are several.

1. Inform your employees about the report and urge them to avoid sites that failed, both at home and at work. The weakest link in everyone’s security chain is the human one.

2. Understand that not providing personal data won’t necessarily make a site safe, because some harvest information off any device that accesses the site.

3. Know that mobile apps are even more likely to harvest data―they tell users that up front, but most ignore the warning. Caution users about this issue and deploy a corporate solution that monitors device app usage (see last week’s post).

On a separate but equally crucial front, if you host a Website that collects or stores any sensitive data from your customers, we strongly urge you to have it evaluated for adherence to privacy and security best practices. Furthermore, if you accept, transmit or store credit card data, you must comply with PCI (payment card industry) guidelines. 

A large chain like P. F. Chang’s can likely weather the fall-out from a major data breach or the fines from failing to meet PCI requirements. It is a sad but honest fact that smaller businesses cannot.

If this entire discussion mystifies you, know that you are not alone. Many of our customers don’t have the time or technical expertise to explore these types of issues and take action. That’s why we are here. To learn more about what you can do to safeguard your website, your business and your workers, fill out our inquiry form or give us a call at 678.218.1769.

The DynaSis Team

[featured_image]

If you’ve ever wanted to see a plethora of stats about email, in a single place, then we have found the site for you. It’s called Email Monday and the marketing expert who runs it updates it each week. When we checked it recently, we noticed some statistics that are very pertinent to small and medium business (SMB) owners.

The foremost statistic is that 47% of email is read on a mobile client compared to 28% on a desktop client, as of March 2014. This is actually a few points lower than a peak that occurred in November-December 2013, but we ascribe this number to holiday shopping, vacations, and other out-of-office situations that occur during this period.

More importantly, the number is up, year over year (mobile email usage was only 15% in the first quarter of 2011), and webmail has climbed, as well, to 25% of all opens. In other words, only 28% of email is now being read on a desktop computer. That’s an important statistic for SMBs—especially those that do not have a secure mobile solution in place for their employees. (More about this in a minute.)

Another interesting stat is that 79% of smartphone users rely on their device for reading email—a higher percentage than those who use it for making phone calls. What’s the takeaway on these statistics? We believe it to be that whether or not you have defined and implemented a corporate email policy, your employees are likely checking corporate email on their smartphones. They are also likely checking personal email on these devices while at the office—across your Wi-Fi network.

Without effective security and access control in place at your firm, in the form of both user policies and technology-based monitoring, you and your employees could be putting your corporate assets at risk.

We didn’t plan to talk about security two weeks in a row, but we decided to do it because things are pretty scary out there, these days. Furthermore, an alarming number of SMBs (the companies we are dedicated to protecting) are not taking proper precautions. Mobility is absolutely critical to business productivity, as these numbers underscore, but without security in tandem with it, the negative impacts can wipe out those benefits.

DynaSis certified professionals can perform an affordable, non-intrusive network assessment that will determine whether or not your company is vulnerable, and then help you develop a roadmap to fix any issues they find. (We find problems on the vast majority of networks we examine—even those “protected” by other firm’s solutions.)

In case you are not convinced yet, we’ll leave you with one more interesting statistic. Android users spend far more time perusing email on their devices than do iPhone users. And, since Android is a far more vulnerable device platform, we can project what that means to your corporate security.

If you haven’t had your corporate defenses examined recently (or ever), or if you have worked with us in the past but are not protected by our end-to-end desktop and device security solution, we hope you will fill out our inquiry form or give us a call at 678.218.1769.

By the DynaSis Team
[featured_image]
One of the biggest pieces of news you might not have heard was that last week (June 10), for the first time ever, a computer program passed the “Turing Test.” This test determines if a computer can persuade 30% of questioners that they are engaging with a human being (and not a computer) during a five-minute, text-based conversation.

The tech world has been talking about artificial intelligence (AI) for years—painting a portrait of a world where computers can stand in for humans in any given situation, and no one will be the wiser. The possibilities are tantalizing—and the perils are alarming.

In this particular instance, the winning computer program, called Eugene Goostman, beat out several other AI programs and persuaded 33% of interrogators that a human was on the other end, crafting the responses. At the event, organized by the University of Reading at the Royal Society London, some participants and observers claimed “Foul!” because the program claimed to be a 13-year-old Ukrainian boy with a limited grasp of the English language.

Other successful attempts at passing similar tests have also been flawed, because they included pre-established topics or questions, which the Turing Test specifically disallows. This time, the restrictions related to the “speaker” and not the topics or questions. Such an approach is not prohibited by the test, but it is a bit questionable.

So, where does this leave us? Undoubtedly, even if this episode fails to persuade the scientific community that a computer has definitively passed Turing’s test, there’s little doubt that such a feat will be accomplished before long. When computers can truly be indistinguishable from humans, the ramifications for online communication and, for that matter, cloud computing could be considerable.

Already, more than 60 percent of Internet traffic originates from bots, per data security company Incapsula. Published reports indicate that any number of human chat-room visitors have been duped into thinking they are speaking with a human—even to the point of accepting an invitation for a date. Chat bots are also becoming increasingly common for customer service and tech support. None of us know how many times we might have interacted with a chat bot and thought it was a real person.

So, as the line between human and computer continues to blur, and the world waits for another, more robust demonstration of true AI, what should you and your company do? Our recommendation is watch and be vigilant.

Texting with a computer posing as a human is a lot different from talking to one on the phone, where we can catch vocal intonations and other nuances that clue us into “humanness.” Nevertheless, with an increasing number of communications happening by text and email in today’s business environment, companies and their employees cannot be too careful.

Warn your personnel of the dangers of chatting with strangers online, especially if they ask for personal or corporate information. Chat bots have stolen personal information from innocent victims (or sending them to Websites that did) after persuading them they were human.

Furthermore, make sure your firm’s digital perimeter defenses are strong enough that they will stop activity from suspicious websites and not let workers interact with them. The weakest link in everyone’s security chain is humans, and the next wave of assaults may be on the way. If you are not certain that your security is up to par, fill out our inquiry form or give us a call at 678.218.1769.

By the DynaSis Team
[featured_image]
With technology gurus and media touting the benefits and adoption rates of advanced technologies such as cloud computing, one might assume that everyone is jumping on the bandwagon. A new study from Ipsos Research (commissioned by Microsoft) shows that for SMBs (small to midsized businesses), that’s not the case.

Per the survey, conducted in early May 2014, only 30% of SMBs polled report adopting cloud computing, despite its obvious benefits. Other “hot” technologies such as tablets, payment technologies and social media apps also don’t rank highly, with only 34%, 34% and 31% considering of SMB owners considering them important, respectively.

Far more important to these business owners are laptop computers (68%), desktop computers (67%), smartphones (60%) and the supposed dinosaurs of technology—landlines (52%). More troubling, perhaps, is that it’s not that business owners don’t like these technologies. Of those polled, 86% said that keeping up with technology trends is important to their business (50% ranked it very important; 36% said it was somewhat important). Rather, they do not think their questions and concerns about these developments have been adequately addressed.

Specifically, the top three concerns of SMB owners regarding adopting new technologies were:
The expense of upgrading and/or maintaining technology (35%)
Security of new technologies (22%)
Mobility and access—specifically, the ability to work with content from multiple devices in any location (16%).

At DynaSis, we have long maintained that security, availability and mobility are the three pillars of success with technology, so we couldn’t agree with these business owners more. What these SMB owners (and others) may not realize is that it is no longer expensive or complicated to address security and achieve mobility and accessibility.

Furthermore, when SMBs develop technology plans that are aligned with their business objectives, the cost of upgrading proactively can be less expensive than dealing with equipment failures and outages as they occur. In fact, when the cost of downtime, lost business opportunity and company standing, and the productivity value of new technologies are factored in, unplanned upgrades and repairs are almost always considerably more expensive than making improvements at a measured pace.

With the survey also reporting that a substantial percentage of SMBs still manually collect and store data on individual hard drives (36%) and/or use filing cabinets and folders to collect, store and share files (26%), it’s evident that many SMBs are really missing out on the value of centralized (including cloud/online) storage solutions.

On the plus side, 40% of SMB staffers are now able to work remotely at least 50% of the time. That’s great news, but if they are still tied to hard drives and file folders, they are not working very productively.

If any of these statistics ring a bell with you, please fill out our inquiry form or give us a call at 678.218.1769. Our certified IT pros will come to your location, review how IT is (or isn’t) helping you achieve your business goals and objectives, and show you how it can be affordable to transition from outdated, insecure and impermanent technology solutions to a future where everyone works collaboratively and productively, from any location they choose.

By the DynaSis Team

[featured_image] Week of April 7, the tech world was in a frenzy with news of the Heartbleed bug. Websites scrambled to close the flaw and notify their users that they were protected. Some security experts proclaimed that everyone, everywhere, should change all their Internet passwords―but not until each site was safe. Internet users looked on with confusion, not sure exactly what they should do.

Here at DynaSis, because our servers use Windows SSL and not OpenSSL (the security protocol that is vulnerable), we didn’t need to worry about it. For the handful of our customers that are running the Linux operating system and have a secure (https) website, we patched their systems as soon as the fix came out. Those patches took only a few minutes to install, after which time we confirmed that they were working. Mission accomplished.

The Heartbleed bug―which was not a virus, worm or any other type of malware introduced by criminals, but rather a coding flaw in the software itself―highlights the importance of regular system updates and patches. These types of security flaws are not uncommon in software code, and vigilant developers issue “repairs” as soon as they become aware of them.

The patches and updates that we and others receive from software developers contain these fixes. At DynaSis, most of our services include what we call “proactive network and server management,” which includes application of all patches and updates, so our customers never have to worry about patching their systems. (This service also includes a host of other benefits, but that’s not the topic of this blog.)

The real question, of course, is should you be worried? A study released last week by the U.S. Energy Department’s Lawrence Berkeley National Laboratory says they cannot find any evidence of a Heartbleed-based attack since January 2014. The researchers also suggested that any attacks in the two years prior to discovery of the Heartbleed flaw would have been uncovered by now.

However, now that the bug has been so widely publicized, it may become a target for cybercriminals. The top 1,000 most heavily trafficked sites have patched their OpenSSL installations, but millions of smaller sites have not. Researchers at the University of Michigan are maintaining a Heartbleed Bug Health Report which lists the top 1,000 most vulnerable sites and maintains updates on activity surrounding the flaw. Furthermore, a handful of Android mobile devices use the version of OpenSSL that contains the Heartbleed bug. Those concerned about the security of their information on the Internet or their Android device can take a variety of precautionary measures, many of which are covered in this article.

If all of this sounds like too much to process, much less handle on your own, the technical experts at DynaSis will be happy to assist. Just fill out our inquiry form or give us a call.

By the DynaSis Team

[featured_image]The weekend before we posted this article, news broke that Google’s DNS server had been hacked. The DNS (domain name system) is a system that assigns and keeps track of the Internet addresses for every Internet-connected resource. A DNS server uses this information to translate the domain names we associate with websites into their numerical equivalent (called IP addresses) to allow Internet users to reach their destinations.

For 22 minutes on Saturday, March 15, Google’s DNS server was under the control of hackers, who had the ability to redirect traffic to any domain they chose. In this case, millions of users who used Google were redirected to British Telecommunications’ Latin American division in Venezuela and Brazil―but their connection could also have been routed through any other Internet server along the way, exposing their connections and information, en route.

This news comes at the same time the media are announcing that Target ignored advice from its cybersecurity firm before its historic holiday 2013 data breach, and shortly after Bitcoin exchange MtGox filed for bankruptcy, saying it had lost some 8.5 million Bitcoins to hackers. (Bitcoins are a form of currency used for various online transactions―users deposit real money into these exchanges to keep Bitcoins readily available in their accounts for later use. All of them may have lost their investments.)

These stories once again underscore the vulnerability of even the largest merchants, Internet providers and financial institutions. In the case of Target, the news also reinforces the notion that companies can be culpable in the event of bad decision making―possibly leaving them deeply liable for their negligence when security breaches occur.

For this reason, DynaSis urges all its blog readers―customers and others―to have security assessments done and to ensure their networks are as robustly defended as possible. Furthermore, based on the recent spate of news, we encourage companies not to consider large entities or their Internet sites and services to be “safe.” As this news illustrates, any company whose personnel used the corporate network to access Google for searches or Target to purchase office items could potentially have put company IT assets at risk. Stout security defenses may be able to prevent such redirection, and, if not, they can certainly prevent attackers from accessing company information during the redirects.

We also remind our customers to upgrade all their Windows XP computers before the end-of-support deadline on April 8, 2014. At that point, Microsoft will no longer provide security updates for that operating system (OS), exposing to attack both the Windows XP computers and the networks to which they are connected. Upgrading your office systems to a new OS may require hardware upgrades, as well, so companies should not wait until the last minute to engage in this effort.

Our technical experts can perform a network assessment for your company, complete with a full software inventory, to identify and let you address every instance of Windows XP running on your network. To learn more, fill out our inquiry form or give us a call.

[featured_image]By the DynaSis Team

Earlier this year, we offered some information and advice on malware and cyber-attacks, but the news surrounding these threats has become so concerning that an update is in order. Recently, a new Trojan horse named CryptoLocker surfaced. (A Trojan horse is malware that masquerades as beneficial.) CryptoLocker is especially crafty―it disguises itself as a legitimate attachment and then, when activated, it encrypts file types―such as Word documents and Auto Cad files―stored on your computer systems’ drives.

CryptoLocker stores the decryption keys for these files on its own servers, and infected users see a message that offers to decrypt the data and return access to it for a fee (usually around $300). It also warns message recipients that it will delete the key if a certain deadline passes. In November, a group assumed to be the perpetrators launched an online site that purports to unlock CryptoLocker-encrypted files after the deadline passes for 10 Bitcoin (more than $2000) per file.

For the encryption, CryptoLocker uses 2048-bit RSA public-key cryptography, which is virtually impossible to break. Removing the program is not difficult, but it does not afford companies access to their files, which remain encrypted. So, firms are faced with two choices unless they have a recent backup―pay the ransom or lose the file. Of course, no one wants to pay criminals ransom, but the alternative may be loss of important corporate data.

CryptoLocker usually spreads through a zipped (compressed) attachment to a seemingly safe email message (often appearing to originate from a legitimate company). Given that it only targets Microsoft Windows PCs, it presents a significant threat to U.S. companies, the majority of whom run Windows computers.

DynaSis is launching a new anti-malware service that will defend companies against CryptoLocker and other insidious threats. We are also following up on a new report, just released, that indicates many recent cyber-attacks may be shared development and logistics operations masterminded by broad consortiums of cyber-criminals.

If this is true, it increases the likelihood of attacks becoming even more frequent, ferocious and difficult to block. We will report on this issue in the next few weeks. In the meantime, to learn how we can protect you against these threats, give us a call.

By DynaSis

Anyone using a computer has heard the warnings about malware and viruses—and probably other, inscrutable names like "Trojan" and "spyware." What are these threats, and does each require a separate defense strategy?

The term "Malware" covers all of types of malicious software, including viruses, Trojans and spyware. If a program is harmful in nature—whether it captures information on your operations (spyware), masquerades as a helpful program but delivers a destructive payload (a Trojan) or corrupts your hard drive (usually a virus)—it is malware.

Researchers have created different names for the various types of malware because they work through different mechanisms and/or cause different problems. However, all are intended to be harmful and can potentially disrupt or destroy your business.

More important than these distinctions, for businesses and their users, is to consider that malware (and especially insidious spyware) is exploding at a nearly inconceivable rate. The AV-TEST laboratory—a recognized malware testing lab—records approximately 5 million new malicious programs every month.

To reduce their odds of becoming victims, companies—especially those that allow workers to use Android devices (where malware and spyware are rampant)—must enact a stringent defense against all malware—from spyware to viruses and everything in between. The good news is that a single, well-designed solution will protect against the great majority of malware threats, including the ones mentioned above.

DynaSis has always offered its customers protection against malware, and we are upgrading our protection package to make it even more vigilant regarding malware and spyware. Stay tuned for more information!