Category: IT How To

Do You Know the 4 Ways IT Outsourcing Improves Business Success?

Many small and mid-sized companies underestimate the drawbacks of not having top-tier IT professionals in place. These 4 benefits highlight the need for change.  

Are a business decision-maker wondering about when the best time to outsource your IT needs? It was yesterday, and you are already late to enjoy the benefits of working with a third-party tech outfit that specializes in IT managed services.

It’s not uncommon for small and mid-sized companies to operate under the assumption that modest IT needs do not warrant creating a budget line-item on their behalf. Some designate an in-house person with seemingly good computer skills to run virus scans and update applications. Other outfits hire a single technology person to handle the responsibility of overseeing their entire network. Both of these policies are inherently flawed for a variety of reasons. After reviewing the following 4 ways IT outsourcing helps your business, you may gain clarity as to why working with a third-party expert is in your best interest.

1: Removes Peripheral Distractions from Profitable Goal Achievement

As upstart organizations begin to grow into mid-level outfits, the visionaries that propelled their success forward are increasingly beset by issues that detract from primary goals. Budget management, contract negotiations, and supply chains are top-tier items that further a company’s profit-enhancing goals. Tackling these items tends to be a good use of time and energy. If industry leaders are also tasked with maintaining and repairing the tools of the trade, essential issues cannot enjoy the laser focus they deserve.

When an organization shuffles computer and network duties to an employee or even a designated in-house tech person, network problems become part of routine oversight. An experienced third-party managed services provider takes proactive measures to maintain and repair your devices and network without you lifting a finger. Your vision drives the organization. That’s why it’s crucial to all of the key stakeholders involved that IT distractions are a non-factor.

2: Improves Network Efficiency and Productivity

Imagine traveling the road of handing off-network duties to an untrained employee or a designated tech person. Now imagine they call in sick during a critical business productivity cycle. Imagine further, they take a two-week vacation. What happens when your network starts to suffer glitches or goes dark altogether? The answer is simple: You lose revenue.

The reality of owning or operating a business in the technology age is that networks never sleep, they don’t call in sick, and they don’t go on vacation. Maximum productivity and efficiency require organizations to have 24-7 managed IT services in place. When you negotiate an ongoing services agreement with an experienced IT contractor, they can conduct remote updates, scans, and effect problem solving anytime your network runs amok. But that will happen a lot less frequently because high-level maintenance is usually part of the outsourcing package. Experienced IT experts deliver the laser focus to systems that help make your organization successful.

3: Reduces Risk of Cyber Threats and Financial Losses

According to reports, more than 317 million pieces of malware were created in 2018 alone. To put that staggering number into perspective, nearly 100 infectious threats were developed daily. Now add that business risk to the fact that companies suffered financial losses above $600 billion in 2018 and that figure upticked by $100 billion from 2014.

Compounding the genuine risk of doing business with technology is that too many small and mid-sized organizations incorrectly assume that cybersecurity breaches are almost exclusively targeted at large corporations with vast assets. The common misconception may be attributed to heavy media coverage of the massive violations suffered by household-name corporations.

While billion-dollar cybertheft makes splashy headlines, the overwhelming majority of cybersecurity thieves targets small and mid-sized outfits. Hackers, who may be sitting in an internet café halfway around the world, search for subpar network defenses and attack. In plain terms, you are the low-hanging fruit ripe for the plucking.

Outsourcing IT security to a third-party provider improves your cyber defenses from among the weakest links to the strong. Having the latest anti-virus, anti-malware, and next-generation cybersecurity protections in place quietly takes you off hacker hit lists. If these nefarious computer thieves are anything, it’s lazy. They’ll move on from your network and attack someone less secure.

4: Keeps Technology on Cutting Edge

An effective business network enhances employee engagement and productivity. If that sounds like a pie-in-the-sky idea about working on computers, consider the alternative.

When emails are slow to download, or that tedious “buffering” icon spins around, employees tend to disengage from work-related tasks. One moment they are plugging along on your company desktop, the next they are checking text messages, and social media posts on their phone. When that happens, employee engagement and productivity is not diminished — it’s non-existent. It may be even more unsettling to know that experts say that it can take more than 20 minutes to get back on track after task disruption. Sadly, that unnecessary loss of productivity could have been avoided by outsourcing your IT needs to a professional.

Here Are Top Questions to Ask Potential IT Service Providers

Discover the most important questions to ask about products, quality, expertise, competency, security and breadth when selecting an IT service provider.

Business leaders who want to cut operating expenses, improve efficiency and leverage the newest technologies turn to IT service providers. With the right technology partner, a business can see considerable gains in productivity, communication and data security.

Choosing the right IT service provider is an important decision. Here are a few of the questions to ask to help you make the right choice.

How Do We Know If an IT service provider is a Quality Business?

Determining if a business is run well and according to best practices is often a difficult assessment. Here are some things to look for:

• Staff Size. If you have extensive needs, a large staff with specialized areas is usually better equipped to handle complex clients. However, a smaller company may get lost in the shuffle of a large organization only focused on the largest clients.
• Technology Partners. IT service providers cannot do everything by themselves. That’s why the best rely on partnership agreements with high-quality tech companies to deliver specialized products and services. Ask for a list of their partners; strong connections to top companies is a good sign.
• References. If you encounter an IT service provider that refuses to provide references, walk away. Ask for references from clients that are the same size, in the same industry or facing similar challenges as yours.

What Do We Ask to Determine if an IT service provider is Technically Competent?

You rely on your IT service provider to have the technical expertise to address your needs. How can you assess their technical abilities? Ask about the following:

• Competencies. Certifications and preferred partner status are good indicators of technical quality and where the IT service provider’s strengths are. Especially in small shops, an emphasis and expertise in Linux may mean they’re not as strong at Windows. Use this space to ask about professional development for their staff and their training commitment.
• Out of Scope. If you are paying a flat rate for managed services, you need to know what’s included and what isn’t. There are plenty of services that could be included in a package, including network security monitoring, ISP troubleshooting, software and firmware upgrades and patching, hardware installation and server upgrades. Be sure to shop around and know what’s covered by your plan and what is either an extra charge or not available.
• Disaster Recovery. If a natural disaster or hacker attack hits your company, you need a business continuity and disaster recovery plan in place to reduce the damage and impact. It’s a common service for an IT service provider to offer. But you need to know what your IT service provider’s own disaster recovery plan is. If your IT service provider can’t be up and running quickly after a disaster, they are unlikely to be able to help you.
• Compliance Coverage. More and more businesses face compliance challenges at the federal, state local and industrial level. Foreign entities are also demanding compliance with mandates, often concerning securing and using personal data. Ask your IT service provider about their experience with the compliance requirements, such as HIPAA, GDPR, PCI or FSMA, that your company has. Inquire about a service level agreement (SLA) that guarantees compliance with the mandates you are required to fulfill.
• Automation. Advances in automation have taken the place of lots of manual tasks. Your IT service provider should be committed to using automation and AI solutions wherever possible, freeing their staff to work on higher-level projects. If they are not using the most cutting-edge technology, how will they advise you on how to leverage new solutions?

Can We Measure the Service Quality of an IT service provider?

Service is critical when choosing an IT service provider. You want a partner that’s attentive, responsive and effective when you have a critical need. Ask the following:

• Internal vs. Outsourced. Your IT service provider will promise to deliver an extraordinary range of products and solutions. However, it’s important to know who will be doing the work on your account. Ask your potential IT service provider what work is done internally by their employees and what is outsourced (and why).
• Strategy and Advising. Some IT service providers focus exclusively on selling you technology solutions. Others take a comprehensive approach. You want an IT service provider that can act as a virtual chief information officer, providing help with technology strategy, budgeting and growth that aligns with your present and future business priorities.
• Scalability. As your company grows, you need solutions that can scale rapidly as new customers, data and technologies emerge. Be sure to ask how scalable an IT service provider’s solutions are, how they will help improve efficiency, how they will reduce costs and how they will reduce workload.

Thoughtful questions asked consistently of each potential IT service provider puts your business in the best position to select the right technology partner.

Why is Effective Business Continuity Management Important?

Business continuity management (BCM) denotes how organizations plan for and respond to risks. Mission-critical functions must continue to run after disruptions such as bad weather or hackers.

A business continuity plan documents how your organization will continue to operate after a natural or man-made disaster, severe market conditions or sudden changes in leadership. This could be anything from a stock market crash to a hurricane to the death or dire illness of a key leader. BCPs are hot topics thanks to growing legislation and increased risks related to data security and other events. Every organization would benefit from adopting some kind of BCP framework, however modest.

What is Business Continuity Management?

Business continuity management (BCM) denotes how organizations plan for and respond to risks. Mission-critical functions must continue to run after disruptions such as bad weather or hackers. Smart planning also makes it possible for employees to return to business as usual quickly.

How Does Business Continuity Work?

The most effective way to achieve transparent, seamless risk management and disaster recovery is via a business continuity management system. This may require some outside assistance since any BCMS adopted should follow international standard ISO 22301 requirements. All businesses can begin the first phase themselves, however, by building a continuity plan that identifies and minimizes risks.

What’s the Big Deal With ISO 22301?

ISO 22301 lays out a road map for an effective BCMS and is the most credible resource for successful business continuity management. Becoming ISO 22301-certified signals to clients that your company has a game plan in case disaster strikes — certification helps clients decide that your firm is a solid investment for their business.

This certification proves to prospective clients that your organization will continue to provide the products or services they need, even if an emergency arises. It also gives you an:

• Independent evaluation of your business continuity management, providing assurance or offering areas for improvement
• Accredited certification with regular audits to ensure continual improvement
• Oversight of regulatory requirements to ensure legal compliance. This could include the EU General Data Protection Regulation (GDPR) or new state and federal privacy regulations impacting customer data collection and storage.

What’s is Disaster Recovery vs. BCM?

People are often confused by the difference between these two terms. They aren’t synonyms. Business continuity deals with relocation and business functions while disaster recovery, which is a subset of business continuity, deals with the technical recovery of systems and resources.

Disaster recovery outlines how to recover technical functions, sites, operations and applications. A business continuity plan may contain many disaster recovery plans.

What Are the Key Components of a BCP?

A successful business continuity plan includes the following:

• Succession plans for key employees
• Identification of critical functions with priority identified
• All employees’ contact information and role in the plan
• Tested backup strategies

Mitigate Disaster with a Comprehensive Business Continuity Plan

When you create a detailed business continuity plan, you can keep disaster from disrupting your operations. See how to get started here.  

When disaster strikes, disruptions to your operations could negatively impact your construction projects, pushing them past the deadline and over budget. And it is not just natural disasters you have to worry about, either.

Everything from serious IT problems to the loss of important team members has the potential to wipe out your operations. That is, unless you have a smart business continuity plan in place. With this plan, you can keep your operations moving along like normal, helping ensure the success of all your construction projects.

Importance of Having a Business Continuity Plan

In optimal conditions, there’s no doubt everything runs like clockwork, as your team works hard to complete their individual tasks. If anyone fails to come through, however, everything could grind to a halt. Furthermore, without writing it out, only a few in your company may know just what everyone should be working on and how it all comes together.

Therefore, you need a business continuity plan just in case serious disruptions leave you without certain team members, equipment, or workspaces. In many ways, this plan is a big-picture overview of everything that goes on at your construction firm. It also identifies all the workarounds you can use when faced with disruptions caused by different disaster scenarios.

Above all, your plan should detail who is in charge of each department in the absence of key players and all the ways they can keep moving forward in their daily duties. With that approach, you can keep major disruptions from throwing your workforce off track or preventing them from completing their tasks.

How to Create a Continuity Plan for Your Business

Without knowing what is on the horizon, there is really no time to waste in creating your business continuity plan. Thankfully, you can easily approach this process by using the following steps.

Take a Complete Inventory of Your Company

Taking inventory of your workforce, contacts, and equipment is the very first thing you must do to create your plan. You will likely need to take a big step back from your construction company to complete this step.

To start, create a list of all your employees, noting the major players in each department. Add their contact information in full, so you can find how to reach out at a glance. Then, create similar records of your material suppliers, clients, and other important contacts.

Next, you can move onto creating a complete inventory of all the equipment used on each of your job sites. Make sure to include their make, model, and serial numbers, so you can find parts or file claims as needed to keep things moving along. In addition, note any local parts suppliers, repair techs, and equipment dealers for those brands to complete your log.

Outline Existing Processes and Highlight Critical Areas

With the completion of the inventory step, you will need to look at your operations. Go from department to department, look at the duties of each employee and how they support other departments. Along the way, busy yourself with creating flowcharts for all the distinct processes used to run your construction company.

Throughout this process, identify your key operations and the major players you depend on to get the work done. Then, see who can fill in if those individuals cannot make it work. Also, add ways employees can workaround specific disruptions and continue to fulfill their core duties.

Identify Temporary Workstations and Keep Them Updated

If your core employees cannot get to their normal workstations, everything should not grind to a halt. But it will unless you have already identified temporary workstations and made the effort to keep them updated.

The workstations should have all the equipment and software normally used by the team and be completely ready for their use. So, create an update schedule and make sure the temporary workstations are included whenever you complete a major equipment or software upgrade. Furthermore, ensure your employees know about the existence of these workstations and how to access them.

Create Your Plan for Maintaining Critical Operations

With your understanding of your core operations, you can create a plan for each of your employees, helping them mitigate the effects of the disaster. Working across all departments, you will need to indicate who is responsible for getting each system back online and up to their normal operating levels. They should have a clear direction on the steps to take and the tools they will need to complete the assigned tasks.

Your plan should cover not only the construction tasks you are responsible for in that moment, but also all the administrative ones. You need to let your payroll department know how to proceed, for example, to ensure they can continue to process payments for all your employees.

Once you are finished creating your business continuity plan, store the main copy in a secure location and provide each department with their own copies.

Don’t Wait — Create Your Business Continuity Plan Today

So, now that you know what to do, there’s really no reason to wait. Start building your business continuity plan today to protect your operations from disaster. Otherwise, your employees could be left without the knowledge needed to keep your business afloat until everything returns to normal.

Why You Should Choose a Local IT Services Company

Learn about 6 advantages to hiring a local IT services company to support your technology needs, including knowledge of the local economy and proximity when you need support. 

Having a technology partner that understands your business, its needs and its priorities is vital. Technological advantages can differentiate your company from the competition, improve efficiency and improve the bottom line.

One oft-overlooked criterion when choosing a technology company is its location. You want a technology partner that is close to your business and can be available when you need support, guidance or advice.

Here are 6 reasons why choosing a local IT company is the right decision.

1. Faster Response Times

When there’s an emergency, you need to make sure your company’s networks, devices, software, data and connections are available, working and uncompromised. While technology allows many IT issues to be handled remotely, in an emergency, you may want or need in-person expertise to address the issues.

Geographical proximity is also an advantage if you’d prefer someone come on-site to provide an expert assessment.

2. Local Personnel on Your Account

Having a local account manager overseeing your account is a tremendous asset. Having an account manager and other lead staff members locally allows for more physical interactions that allow for better working relationships, strategy development and a stronger long-term relationship.

3. Knowledge of Local Business Market and Climate

By choosing a local organization to support your IT, you’re partnering with a fellow member of your local business community. A local IT services provider knows the makeup of businesses in your area, the strengths and challenges of working in your community and the opportunities available due to location. If your business is in an industry that has many companies working in the same geographical area, your local IT support partner will know about the industry standards and expectations. The local IT company also will be aware of the technology infrastructure available, such as access to the Internet and Internet speed. Armed with that knowledge of the local business scene, your MSP can recommend customized solutions that fully leverage the local characteristics in which you do business.

4. Budget Advantages

Having a local It services provider can save you money. For one, you will not incur large travel costs; usually, the clock starts on onsite service time charges as soon as a tech steps out of the building. Having a long-distance MSP means more downtime for your business while waiting for a technician or consultant to arrive.

5. Same Time Zone

Having a local IT company in the same time zone as your company has an advantage. While ideally, you will partner with an MSP that provides 24-hour support, it’s more convenient to have a partner that has more staff working and available during the same work hours your business is operating. That can make a big difference in terms of responsiveness and resolution time.

6. Peace of Mind

A local IT services company makes life easier on so many levels. With a business partner you can contact easily, can respond to your needs faster, understands your local economy and technical infrastructure and is a member of the same community, you will have more peace of mind. A local MSP provides more reliability and availability when you need it most.

Having a local IT services company as your strategic technology partner is a smart choice.

Australian Democracy is Protected by New Cyber Security Service

Microsoft has opened up its new Defending Democracy Program to Australian entities in the security and political arena to help protect against cyber attacks.  

With the threats of cyber attacks during global elections, it’s a good time to think about how important democracy is to all Australians as well as taking stock of how good the security is when it comes to democratic rights and institutions. In 2018 in the United States, Microsoft launched AccountGuard, a special security service designed to offer additional critical cyber protection to users operating in a political sphere. This service is a key component in their initiative Defending Democracy.

AccountGuard Available to Australian Organisations and Individuals

In March 2019, Microsoft announced that its AccountGuard service was available to eligible individuals and organisations in Australia. In recent times, forces disruptive to democracy have used technology to game political systems. In February, Australians were reminded of this new threat to Australian institutions when the Australian Government revealed that a well-thought-out cyber attack had been launched against the people and systems in Parliament House. It was revealed further that the cyber attack was also directed at major political parties in the Australian Government by the same malicious entity.

Defending Democracy Initiative

Microsoft has developed AccountGuard as a part of a broader response under the Defending Democracy Initiative, a program to defend against growing threats of foreign interference in the country’s democratic processes in Australia and around the world. After the well-publicised allegations of foreign-sponsored interference in the United States 2016 Presidential elections, multiple additional reports have presented other attempts by nations, individuals and entities to damage, attack, and undermine the critical democratic infrastructure and institutions.

The Australian Government has responded by offering the AccountGuard service at no cost to political parties and candidates who use Microsoft Office 365. AccountGuard provides notifications about any cyber threats which include attacks by known foreign nations, personal accounts of the political organisations’ staff and leaders, and across email systems used by eligible organisations.

Microsoft AccountGuard is now available to all political candidates, campaign offices, and parties which operate on a state or national level. It is also being made available for eligible Think Tanks and other associated entities. If you or your organisation is eligible to install Microsoft AccountGuard, you can go to https://www.microsoft.com/accountguard to ask for an invitation to learn more or enroll. Australia now joins the United States, India, Canada, Ireland, the United Kingdom, and 12 more European countries in having access to this security service.

From Microsoft, “while AccountGuard does not replace existing security solutions and best practice, it is a useful tool in political parties’ kitbags to protect them and their candidates from unwanted interference.”

From Microsoft’s Website

Microsoft AccountGuard is a new security service offered at no additional cost to customers in the political space. The service is designed to help these highly targeted customers protect themselves from cybersecurity threats.

Specifically, the service provides:

• Best practices and security guidance specific to those in the political space.
• Access to cybersecurity webinars and workshops.
• Notification in the event of a verifiable threat or compromise by a known nation-state actor against the participant’s O365 account.
• Notification to both the organisation and, where possible, the impacted individual if a registered Hotmail.com or Outlook.com account associated with the organisation is verifiably threatened or compromised by a known nation-state actor.
• Recommendations to the participating organisation for remediation, if a compromise is confirmed.
• A direct line to Microsoft’s Defending Democracy Program team.

Australian Businesses Closed Due to Phishing Freight Scam

Several Australian businesses have become the targets of a phishing freight scam losing an average of $30,000 to $100,000.  

Phishing is on the rise as a method of online criminal activity focused on businesses. Victims are being scammed out of tens of thousands of dollars via this email phishing scheme. Right now, scammers are directing their fraudulent activity at IT and electrical businesses. Several Australian companies have shut down after becoming victim to a freight forwarding email according to the Australian Cyber Security Centre (ACSC). These victims are losing an average of $30,000 to $100,000 after sending their products to the scammers who request delayed payment credit terms from the victims.

How Does The Freight Scam Work?

The scammers trick victims into participating by spoofing internet emails, domains and signatures of executives of large Australian companies and universities to legitimise their communications. An example of how they work is they send their email from lendleases.com.au instead of the actual website lendlease.com.au. One of the fraudulent emails that the ACSC released is supposedly from a Chief Procurement Officer at the University of Sydney.

On each purchase order, the scammers request laptops, hard drives, cosmetics, defibrillators and environmental monitoring equipment, all items that can be easily resold. The targets are asked to ship the orders to a freight forwarding company which in turn, then sends them on to another fraudulent entity who acts as a middleman. Then the freight forwarding company becomes a second victim when their bill is paid using stolen credit cards or using an established credit line.

How are Fraudulent Orders Identified?

In this case, the scammers are requesting shipments to many locations including Singapore, Dubai, Dagenham, Kuala Lumpur, Malaysia and Deira according to the ACSC. Businesses should never automatically trust any unsolicited order of goods with credit without further investigation. However, it’s possible for these orders to slip through the cracks if you don’t have a strict policy for your approval process on every transaction. The ACSC requests that all organisations should do due diligence on any new customers or unusual orders, and investigate any customer before granting credit. They also suggest that businesses should check the domain of websites and emails that are referenced on a purchase order. A good follow up is to contact customers by phone to confirm that they are a legitimate company, and have placed the recent order. Lastly, it’s important to verify the shipping address over the phone.

What is Phishing?

Phishing is one of the most commonly-used cyber attacks in Australia. Statistics from the Office of the Australian Information Commissioner show that phishing accounts for 39 percent of all breaches reported. Therefore, it’s important to be aware of how to protect yourself at home and at work from phishing.

How Does Phishing Work?

The victim receives an email that is simple in format and generally personalised and potentially from a known sender. It may look like an official email from a known organisation or company, and it invites the victim to click on an embedded link. Wording varies, but it may say, “click to learn more” or “click to see the image.” After clicking, the victim is redirected to a web page and asked to enter their user name and password or for other personal information. Once the personal information is filled in the attacker then sends emails to everyone in the victim’s address book and the cycle repeats.

What are the Dangers?

While having spam email issued from your own email account is annoying and a problem, the larger issue is that the victim has given the attacker their user name and password. With an email and password, the attacker can easily hack into anything the victim uses that email and password for. Most people repeat email and password data for multiple accounts. In the world of cloud storage, this can be several accounts including email, CRM, file storage, banking, and proprietary applications.

Australian police ended a telecom scam in NSW closing the door on millions of dollars in theft. 

The New South Wales Police has shut down a Sydney-based syndicate with members who posed as telecom technicians and persuaded victims to enable remote access on their home or business computers in order to “fix” a security flaw in their internet. NSW authorities arrested the alleged leader of the syndicate, a 25-year-old man originally from South Wentworthville, and closed the operation after receiving intelligence from the Fintel Alliance run by Australian Transaction Reports and Analysis Centre (AUSTRAC) which has the big four banks as members. The Fintel Alliance reported that it was able to provide the NSW Police Department with financial intelligence about an elderly customer who had $20,000 stolen from his bank account.

Banking Scam Syndicate

The syndicate “used a variety of methods to gain access to the financial accounts of victims and transferred the funds into accounts controlled by them” according to the NSW Police.

“The most common method involved members of the syndicate cold calling victims and asserting to be technicians from their telecommunication company,” AUSTRAC said in a statement. The syndicate convinced the victim there was a security flaw in their internet access and the victim allowed the syndicate to control their computer via remote access.”

National Australian Bank Security Assisted NSW Police

National Australia Bank had a role in this particular case. “We work hard to protect our customers, and by working closely together on issues like this we are able to deliver better outcomes for customers and the broader community” NAB enterprise security officer David Fairman said. “The threat landscape is constantly evolving and we continue to invest in both detection and prevention to protect our customers.”

NSW Police renewed calls to avoid providing any banking information to someone over the telephone unless you’ve taken steps to verify who the person calling and requesting is after the arrest and dismantling of the syndicate.

“Additionally, government agencies and most telephone and internet providers will not request you make payment via iTunes or Google Play or similar gift cards,” NSW police said.

Who is the Fintel Alliance?

The Fintel Alliance is a public-private partnership, launched in 2017, that brings together a wide range of organisations that are involved in the fight against terrorism financing, money laundering and other serious crimes. Remote-access scams like the one recently shut down are used to steal millions of dollars out of Australians. In May 2019, the Australian Cyber Security Centre reported that someone who was impersonating Australian Government cyber security personnel was trying to persuade individuals into revealing bank information and compromising their computers.

How familiar are you with all of the types of cyber attacks your company can become a victim of? 

The list of companies who have faced a cyber attack recently is long and growing longer. Equifax, British Airways, Cathay Pacific to name just a few. In 2018 alone, the Ponemon Institute measured the costs of these data breaches at $3.86 million per incident globally. Recently, a cybersecurity trends discussion for 2019 with Check Point stated that it would be another year of hard-hitting cybersecurity attacks and breaches.

Security companies such as Check Point, a multinational provider of combined hardware and software products for security, is based in Israel. And they are searching for new ways to better secure IT. Their global chief of threat detection, Orli Gan, states that the solution will come from manufacturers, law enforcement and government, not from companies like Check Point. The cybersecurity company predicts that every company will become a victim of a cyber attack in 2019.

Gan stated to Verdict: “You can just choose whatever name you want, any company in the world and they either were, or are, or will be hit by a cyber attack.”

Fastest Growing Crime is Cyber Crime

When comparing cybercrime in 2019 to the popular heist film series Ocean’s 11, Gan stated that cybercrime is far more lucrative and less risky way to make money than a heist. Cyber attacks come in two formats:

• Attacks that are to make money
• Attacks to make a point (hacktivism)

When the cyber attacks are instigated by nation-states, they are morally ambiguous. It’s hard to know who is the good guy or bad guy.

Cyber Attacks by Nation-States

• September 2018 – Check Point discovered an Iranian state-sponsored mobile surveillance operation against Iran’s own citizens called “Domestic Kitten.” Iran claimed that the attack was begun in 2016 and was using decoy content to get people to download mobile apps with embedded spyware. Those apps then collected sensitive information about targeted citizens including Kurdish, Turkish and ISIS supporters.
• Lazarus, North Korean cyber hackers, are also politically motivated. In September 2018, a report showed that its worldwide attacks on U.S. and South Korean websites including Sony looked to be funded by the Kim Jong-Un regime.
• 2016 Election hacking in the U.S. from Russia caused concerns for democracy in several countries.
• In October 2018, the UK government reported that Russian military intelligence was the actor behind a string of cyberattacks.

As a result, cybercrime experts advised to strengthen cybersecurity capabilities instead of using political sanctions. Despite warnings, it looks as if Russia will attempt cyberattacks in 2019 and 2020 elections.

Cryptomining Overtaking Ransomware

Routine, day-to-day cyber attacks are designed to earn money for the cyber criminals. This is becoming more used than ransomware which was bigger in 2017. One virus, WannaCry ransomware virus, infected computers in businesses, hospitals and schools in 150 countries.

“We see a quite steady decline in 2018 in the use of ransomware. It’s definitely not gone but it’s slightly more targeted these days towards companies that are more likely to pay significant amounts of money for the data they stand to lose,” Gan reported.

Instead, cryptomining is on the rise into 2019. This malware allows cyber criminals to hijack the victim’s central processing unit (CPU) to mine crypto currency, using up to as much as 65 percent of the CPU’s power. This type of attack was the leading attack in 2018, with 42 percent of global organisations hit between January and September, over double the 20.5 percent hit in the second half of 2017. The opposite of a ransomware attack, cryptomining is a stealth crime as it’s perceived by victims. Criminals like it more than ransomware, because it’s easy to begin, hard to trace, and has a long-term earning potential.

Crypto Currency Monero

The top three most common malwares seen in 2018 were crypto miners mining the Monero currency, says Check Point. Monero is preferred over Bitcoin because unlike the more well-known cryptocurrency, Monero is effectively untraceable and can use typical computer hardware very effectively for mining, while Bitcoin requires custom-made and optimised chips.

The cryptocurrency Monero has privacy features that cloak its transactions. When someone sends you Monero, you can’t tell who sent it. If you send Monero the recipient will not know who it is from. Bitcoin isn’t anonymous; people can trace every Bitcoin block, address and transaction. Bitcoin is not truly anonymous, so people can search for and trace every Bitcoin block, transaction and address.

Phishing in 2019

Phishing, one of the most common online fraud tactics, can easily get ahold of private information including credit card details, usernames, and passwords through email. In the third quarter of 2018, RSA detected 38,196 fraud attacks worldwide including phishing scams. Even with an awareness of phishing, many people still fall for these fraudulent attacks to get personal information. These crimes increase during the holiday season when many people are online shopping, especially Black Friday (Friday after American Thanksgiving) and Cyber Monday (Monday after American Thanksgiving). Without the proper malware attachments, these phishing emails often slip through other cyber defences. In fact, cyber security company Agari found that 54 percent of email phishing attacks use a well-known brand’s name to deceive recipients including Amazon, Microsoft, and Bank of America.

How Can an Organisation Protect Itself?

If you own or work for a company looking to protect itself, there isn’t a single approach that will guarantee success.

“You have to understand the complexity of the problem, you have to address the different angles in different capacities, and you always have to have multiple advisories and engines that combined can give you that accuracy that you require from a product that you’re actually going to use. Accuracy is number one in order to be practical because when you’re not, the reality is that people in the organisation will start getting angry – ‘I needed that email but it was blocked by your security system,” according to Gan.

Can We Win the War Against Cyber Crime?

With the rapid development of technology, that question is difficult to answer. Check Point is skeptical that cyber security can eradicate cyber crime. Gan states that the solution should be a three-part defence that involves government regulation, law enforcement, and manufacturers. We must regulate manufacturers of electronic devices to require them to use operators that comply with security requirements. And law enforcement has to hunt down and punish cyber criminals.

The cloud may still feel like a new technology – but in reality, it’s been around for more than 10 years now.

Does that make you feel old?

Let’s be clear about something – the cloud is here to stay. In recent years you may have still heard the occasional “industry insider” suggest that the world may be moving too quickly to an untested and unsure platform in cloud computing, but no more. The cloud is now an integral part of daily life for private consumer and business users alike.

What Is The Cloud?

The cloud is a network of technologies that allows access to computing resources, such as storage, processing power, and more. That’s where the data is – in these data centers all around the world. Which data center your data is in depends on what cloud service provider you’re working with.

The Cloud’s Many Layers

Public Cloud

Ideal for small businesses that may have trouble budgeting for any other type of cloud deployment, a public cloud is simple and cost-effective. Your data is stored in a “communal” data center, which, while not offering the best possible security or compliance guarantees, is often sufficient enough for organizations that aren’t required to maintain regulated compliance.

Private Cloud

A secure, dedicated environment to ensure maximum performance, security, and functionality for your business applications and employees. This is usually deployed for complaint-driven businesses such as healthcare and finance.

A Hybrid Cloud

This is like a dedicated cloud computing resource on Office 365 and Azure Stack with an extension to on-premise resources for maximum performance, control, security, and functionality. This is for businesses that require maximum control and scalability.

Instead of entrusting your legacy solutions to a public or private cloud, many businesses are opting for a hybrid cloud. They use a mix of on-premise, private and third-party public cloud services because this provides an infrastructure where one or many touchpoints exist between the environments.

Using a hybrid cloud gives you the freedom to choose which applications and resources you want to keep in the data center and which ones you want to store in the Cloud.

The Cloud Isn’t As New As You Might Think…

Would you say the cloud is “new”?

To some, this may seem like a question with an obvious answer, but it’s not that simple.

The way in which we think about technology can lead to something feeling new for a lot longer than would make sense otherwise.

After all, the cloud is more than a decade old, but a lot of people still think of it as a new technology.

For context, it was 2006 when Google and Amazon began using the term “cloud computing” – not necessarily the beginning of the cloud, but as good a point to choose as any.

In that year, the now woefully dated Crash won Best Picture at the Oscars. The Tesla Roadster was still two years from hitting the streets. Netflix was more than a year away from launching its now prolific streaming services.

Does that put it in perspective?

How Is The Cloud-Delivered?

SaaS (Software as a Service)

Software as a Service (SaaS) applications are being adopted at a much faster pace today than in the past. These are productivity applications like Microsoft Office 365, cloud-based practice management solutions, accounting programs, and more.

Your SaaS provider helps you identify and select line of business applications that will run well in the cloud. They can migrate your data and integrate it with software platforms in your current premise or cloud technology stack, or help you implement new ones.

PaaS (Platform as a Service)
This is whole cloth delivery of web applications that are based in the cloud, all via a comprehensive platform. The idea is that, in accessing this platform, you can utilize, develop and even deliver applications based on resources that you don’t need to maintain on-site.

IaaS (Infrastructure as a Service)
Infrastructure as a Service (IaaS) delivers IT infrastructure on an outsourced basis and provides hardware, storage, servers, data center space, and software if needed. It’s used on-demand, rather than requiring you to purchase their own equipment. That means you don’t have to expend the capital to invest in new hardware.

Why Should You Use With The Cloud?
For the same reasons that thousands of other businesses around the world have already adopted cloud computing:

• Computing Power: The cloud has the ability to activate tens of thousands of CPUs. This unparalleled power can quickly perform deep analytics of your data, and process nearly any ad-hoc queries that you require.
• Reliable Costs: The cloud services subscription model offers the strategic advantage of low-cost, low-risk opt-in combined with a simple, predictable monthly fee.
• Easy Scalability: Cloud services have the unique strategic characteristic of being able to stretch or shrink to suit your current level of demand. This is especially useful for businesses of scale or companies that go through seasons of activity.
• Real-Time Collaboration: With cloud technology, your staff doesn’t have to wait for each other to be done with their part of the document or project in order to tackle their own aspect. They can all work on the same project at the same time to maximize productivity.
• Remote Work Capability: This cloud feature allows you and your employees to work remotely as need be, which will give your business members the flexibility they desire to have a more balanced home/work life.

You Need To Keep An Eye On Your Cloud

As beneficial as the cloud can be, it’s important to note that it can also pose risks if it isn’t managed properly. It all comes down to the classic binary relationship between convenience and security.

The cloud gives you unparalleled access to your data from anywhere with an Internet connection. That means that external parties (including cybercriminals) can have undue access to your data as well if you don’t take the necessary steps to secure your environment.

That’s why you need to monitor your cloud. No matter who you entrust your data to, you should ensure that you or someone in your organization is given appropriate visibility over your cloud environment. That way, you can guarantee that security and compliance standards are being maintained.

If you don’t have the resources to manage this type of ongoing monitoring, then it would be wise to work with the right third party IT services company. Doing so will allow you to outsource the migration, management, and monitoring of your cloud. You’ll get the best of both world – security and convenience.