IT Strategic Planning for 2021 and Beyond

Strategic IT Planning is a collaborative process taken with clients to understand their business needs and goals, that ultimately allows the IT budget to appropriately align with the organizational priorities. As 2021 is quickly approaching, it’s time to start planning to ensure you hit next year’s IT goals. If you haven’t yet done any sort of strategic IT planning, check out these tips to help get you started before the new year 

 

#1 – Asset Management  

Identify what equipment is currently performing well and what might need to be replaced to continue ensuring that work operations are happening at maximum efficiency. This step typically involves gathering all your company’s hardware and software inventory information and completing an IT audit. From there, your internal IT department or an MSP like Five Nines can identify and fill in technology gaps to minimize downtime. 

#2 – Document End-of-Support vs. End-of-Life Dates  

An end-of-support date means the product provider has decided to no longer provide a support line, while the end-of-life date is a term to describe when a product is no longer for sale. Knowing and documenting these dates for all of your equipment will ensure future IT audits run smoothly and unexpected surprises do not arise. Surprises can range from compromised data security, decreased productivity, higher maintenance costs, non-compliance issues, and problems with scalability just to name a few.  

#3 – IT Risk Assessment  

The end of the year is a great time to run an IT Risk Assessment. In this process, you’ll look at what was effective and ineffective in your IT infrastructure this yearCreate a series of questions that assess your standards, guidelines, and best practices. Use the same assessment on an annual basis to begin to understand where the gaps are and how to best fill them.  

#4 – Consider your talent  

Whether it’s an IT services partner or an internal team member, decide who you need on your team to execute the strategy you’ve developed for your business. If you’re needing to bring in an external partner or new hire, you’ll want to include this cost in your overall budget and consider what the return on the investment may be. 

#5 – Budgeting  

With remote work being heavily prevalent right now, you should ask yourself these questions: do you feel like the year went smoothly from a technology standpoint and did your workforce transition seamlessly from work to home? If not, you may want to consider budgeting for more equipment or services that could alleviate some pressure from your teams. 

Topics: End of Life, Business Continuity, Strategic Planning, End of Support

Unplug over the Holidays - Leave "IT" to an MSP

The truth is, you can never really unplug from business if your IT infrastructure is not fully supported. With the holiday season right around the corner, we encourage you to unplug over the holidays and leave your technology in the hands of a capable Managed Services team. Continue reading to see what services you could count on by partnering with Five Nines throughout the holiday season and beyond.  

 

24 / 7 / 365  

Your company’s IT is not an 8-5 job and it never will be. Every single day of the year, it requires 24-hour monitoring so your organization can continue to drive revenue while reducing costs and risks. An on-call engineer is a great resource to keep an eye out for suspicious activity and minimize downtime for your organization. Knowing that your business' technology is being monitored for you will help you and your coworkers really unplug over the holidays.  

Controlled IT Costs  

IT spending is becoming more of a strategic move by most businesses and investing in the right technology is something you must plan ahead for. Your IT team should provide you with 1 – 3 – 5 year budgets so your organization isn’t faced with unexpected costs as you are budgeting for the next year throughout the holiday season. Long-term budgeting and planning will give you peace of mind towards the end of the year as the direction of your IT infrastructure is more controlled and defined.  

Focus on your Core Business  

As the end of the year approaches quickly, it’s essential to focus on the things that matter most before the new year – your core business. Leaving it up to the IT pros has become the common trend when it comes to specialized departments because organizations want to stay more focused on their day-to-day functions and finish the year strong. It can be extremely beneficial to have an MSP worrying about your business technology for you so you can really unplug during the holidays.  

Topics: Outsourced IT, Strategic Planning

Website Maintenance: Improving Security and Performance Going Into 2021

Website breaches can cost millions of dollars and thousands of hours to remediate. Joe Brown, Five Nines Director of Marketing Operations, knows firsthand. In his career, he has worked with businesses to remediate breaches where a small WordPress vulnerability was the culprit. If a couple of basic and relatively cheap steps were taken, the breach could’ve been prevented. Read more to see how you can improve your website security and performance before the new year!

 

Access Tips

Be mindful of who has access to the backend of your website and at what level. Think through the roles of your team and divvy up access from there. If your Marketing Specialist posts blogs, make them an author, if they post financial reports or change content on webpages, make them an editor. Admins can edit everything including users and credentials so you should be very selective when determining who should have that access. Another good rule of thumb is requiring two-factor authentications for all accessors. Joe suggests MiniOrange 2 Factor, which integrates directly with WordPress.  

Another access tip he has is to avoid using the default "domain.com/wp-login" WordPress domain for your login screen. This is one of the primary ways hackers attack WordPress sites. The WPS Hide Login plugin is how Five Nines avoids the threat of that basic login screen. In this case, if a hacker finds a user password, they will then need to find the login page which is now hidden.  

Lastly, CloudFlare is a paid filter for websites. It sits on top of the website and filters every single request your site gets. As a good practice, Joe does not allow users outside of the United States to access the website. This protects it from hackers originating from outside of the country that are hungry for your data. The unintended bonus of utilizing CloudFlare is that it drastically improves your site's performance and speed, especially on mobile devices.  

Maintenance Tips

Maintaining your website properly is the key to ensure no threats are originating from the inside. This involves many moving parts including plugins, a staging environment, and regular backups. If you are the webmaster (person accountable for the website) of your site, you need to prioritize these three things at a minimum.  

Plugins are one of the leading causes of breaches, broken websites, and information being leaked. At a minimum, plugins should be updated weekly. It's as simple as logging in, going to the Updates tab, and pushing “refresh." If there is an update, it takes one minute to put it in the staging area, test it, and push it live.  

The staging environment is a clone of your site where plugins can be tested in a safe environment before pushing it to production. Companies like Flywheel are a great resource to utilize when it comes to setting up staging areas.  

Lastly, backing up the contents of your site is imperative. If a plugin breaks or you need to make a change, you want the peace of mind to know that have the ability to revert to a previous version of your website.  

To hear further explanations of the concepts above, watch the recording of our Tuesday Tech Talk. 

 

 

 

Topics: Security, Webinars

5 Cybersecurity Tips to Keep You Safe at Home & Work

#1 – Practice Good Password Hygiene  

To practice good password hygiene, you will want to use strong and unique passwords and enable two-factor or multi-factor authentication. If you’re worried about having to remember a large number of unique passwords for all your accounts, Jessica suggests downloading the free password manager “Last Pass” on your desktop or mobile device.  

 

#2 – Know Your Risk Factors  

Be aware that there is a cybersecurity risk of just browsing the internet or having an email address – it’s low, but it’s there. Jessica suggests using haveibeenpwned.com to check if an email address, password, or website has been compromised and how frequently. From here, you can make more knowledgeable decisions on website subscriptions or update your accounts with higher-strength passwords.  

 

#3 – Perform Regular Updates  

Hopefully, your IT department is frequently performing these on your work devices, but it should be done on personal devices as well. For a Windows device, you can type “Windows Update Settings” in the search bar and check for updates. A good rule of thumb is every 30 days to ensure your device works as efficiently as possible.  

 

#4 – Have a Backup Solution  

Be proactive rather than reactive. If you don’t have something in place now, it will be too late when you do get hacked. Back up essential documents using cloud-based methods such as Google Drive or iCloud. If you are someone with a vast amount of data to store, Jessica suggests a paid backup solution: BackBlaze is only $6/month for unlimited storage.  

 

#5 – Think Before You Click  

Be wary of unsolicited messages – emails, texts, online ads. Hackers send these in hopes of gaining access to your credentials or to prove your domain is credible. Jessica suggests you do not respond, do not click on links, and always delete. Also, mark as spam, block sender and notify your IT department. It’s better to be safe than sorry.  

 

Topics: Phishing, Cybersecurity

3 Reasons Why Companies Consider Outsourcing IT

mimi-thian-tPxHQIZU2OQ-unsplash

You come to work with all systems operational: patients are being checked in. Nurses are filling out charts. Doctors are prescribing medicine. Everything in your hospital is working exactly how it should.

In an instant, that changes. Your system is down, and now patients can’t get checked in, nurses can’t access records and crucial information that might save a life, can’t be accessed.

Can you afford that?

Technology unites us all. From banks to hospitals, we’re living in a period where technology is not only evolving but so is the experience you need to maintain your daily technology operations and innovate. Where technology gains in efficiency and security, so to do the ways in which hackers and malicious cyberattackers decide to threaten it.

In the last 3 years alone, over 11.7 billion records were lost or stolen by hackers in the United States, according to an IBM Study, in 2019. And when data breaches happen, targets feel the burden for years.

Why do companies look to outsource their information technology needs?

With threats increasing and technology advancing, companies are looking to their internal teams to help protect them from high-level attacks and to secure their confidential information, on top of staying operational for day-to-day business. But when you are a small to mid-sized company, those resources might not exist or have the capacity to truly protect your environment.

Below are some of the top 3 reasons we see companies turning to outsourced managed I.T.

mimi-thian-R_jYS09sBMU-unsplash

  1. Accountability

    Imagine being able to walk into work knowing your systems will be operational. Imagine opening a new rotating line of credit knowing that the borrower’s information will be secure. Imagine having a plan in place for business continuity when the power goes out and you still must treat patients. Imagine that responsibility being on the shoulders of an outsourced partner.
    When done correctly, adding an outsourced managed IT provider should alleviate your pain and concern. This partner should act as an extension of your team, and know not only your environment, but your goals as a company, your mission statement, and understand what must work to be operational and within regulatory compliance. Shifting accountability means when a computer goes down, we fix it. When a server needs upgrading, we upgrade it. When a malicious email enters your environment, we block it. When your end-users need the training to prevent ransomware or phishing, we provide it. When you shift accountability to a managed service provider, you are shifting the burden you are feeling to an expert who doesn’t see it as a burden. We see it as what we do best. And you get to sleep better at night.

  2. Expertise

    Whether you are a rural bank or an attorney’s office in the middle of a thriving city, finding and maintaining talent can be nearly impossible. Think about your team. How many total employees do you have, not including your IT team? Divide your team by the number of IT employees on staff. If you have 100 employees and 2 internal IT, that means each IT employee is constantly responsible for the tier one issues of 50 employees. While those two employees are battling the tier one requests (my computer isn’t working, I need to reset a password, this program won’t open, my phone isn’t receiving calls), who is monitoring your servers? Who is creating and developing training to educate your employees on which emails are safe and which ones are disguised and are threats? Who is procuring your new servers or computers? Who is installing them? When you have a small internal team, your resources are limited. Adding an MSP not only shifts accountability but deepens the bench strength of your resources. When an MSP enters the picture, you now have separate teams working on projects for you simultaneously.

  3. Efficiency

    What happens when you start checking in patients quicker and they get access to the healthcare needed faster? What happens when your bank successfully sends more wires than you ever have before? What happens when your environment is protected and your team is down for less time, experiences fewer technological obstacles, and customers receive a better experience? Your business thrives. When you partner with an MSP, you are no longer worrying about accountability, staffing internal IT, or checking all the boxes. Instead, you are focusing on the day-to-day tasks that allow you to achieve your mission. Efficiency is the product of the technology marrying process. When your environment is healthy, operational, and experiencing less down time, you are operating in a more efficient way which empowers you and your business to operate at new levels.

    If you have been contemplating adding an MSP, you should start by evaluating the statements below.

    1. Our environment is completely secure, backed up, and we are not at a threat of being hacked or breached.
    2. Our regulators would look at our technology and processes and approve them without a second thought.
    3. Our internal team can maintain all tier-one requests while also addressing our network security, our employee training, our warranty on equipment, our procurement, and our reporting.
    4. Our bank/hospital/office is running at 99.999% uptime and never experiences outages or issues.
    5. We have a firewall and email encryption in place that would proactively prevent a phishing email getting to a vulnerable recipient.
    6. We receive quarterly reports (or more frequent) on budget, the health of our environment, strategic goals, project updates, and support ticket evaluations.
    7. Our employees are trained on secure behaviors.
    8. Our technology is a competitive advantage over our competition

    If you have concerns over any of them, send us a message and let us help you see why an MSP could help I.T. stop being a four-letter word.

Want to learn more about implementing multi-factor authentication for your business? 

LET'S CONNECT

Topics: Security, IT, Managed IT Services, Cybersecurity, Multi-Factor Authentication, anti-virus

Multi-Factor Authentication - What It Is & Why It Matters

photo-1486312338219-ce68d2c6f44d

We’ve talked a lot about the importance of changing your password and making sure you choose passwords that aren’t easily guessed. And while you should always beef up your password game, no matter how strong a password is, there’s still potential for attackers to gain access through a phishing scheme or an email interception.

photo-1484807352052-23338990c6c6

This is where multi-factor authentication can serve as another security control. Multi-Factor Authentication (MFA) is a security system that verifies a user’s identity by requiring multiple credentials. Instead of just asking for a username and password, MFA requires that a user provides two separate types of authentication from these three categories:

  • Something you are (fingerprint, facial recognition)
  • Something you have (security card, mobile phone, iPad)
  • Something you know (your password, passphrase, PIN)


MFA is typically set up to include the “something you know” (i.e. your username and password) with “something you have” (e.g. a one-time passcode from a device you own, such as your mobile phone).

In recent years, multi-factor authentication has become more common for personal use, and many online applications (Apple, Facebook, Instagram, Twitter, Google, and LinkedIn) have adopted MFA processes.

As businesses need to lock down additional programs and applications to protect their data, it’s important they strongly consider adding a multi-factor authentication process to their IT security plan.


1. While antivirus, firewalls, and password management strategies are a component of your overall IT strategy, you still want to make it as difficult as possible for attackers to even log into your systems. They not only take data, but can hijack systems, alter programs or introduce malicious code. If someone had easy access to all your company’s key data, imagine how they could use it to hurt your business and your bottom line.


2. Password theft will continue to accelerate. Cybercriminals are constantly innovating new techniques to steal the keys to your company’s gate. Adding MFA requires that all user identities are verified before they can log into corporate applications.


3. Today, more and more people are working remotely but still need access to their files and company-wide information. Since accessing remote environments does not require someone to be onsite in order to gain access, adding MFA creates a second layer of security to ensure that whoever is accessing the remote resources are really who they claim to be.

With the increase of cyber attacks on businesses, password strength alone cannot be relied on as the only layer of protection. Multi-factor authentication is a proven way to stop 99.9% of automated attacks that would otherwise succeed by using a compromised or easily guessed password.


Want to learn more about implementing multi-factor authentication for your business? 

LET'S CONNECT

Topics: Security, IT, Managed IT Services, Cybersecurity, Multi-Factor Authentication, anti-virus

IT Asset Management: What It Is & Why It’s Important

laptop-3174729_1280

It’s likely your company depends on several pieces of technology to consistently deliver a seamless product or service to your customers. When you consider that, protecting your technology assets and the IT environment that supports them for day-to-day business is a crucial aspect of your overall business strategy. 

technology-791297_1280

An IT asset is any company-owned information, system, or hardware that’s used during business operations. It’s data, devices, software, workstations —  all of the integral components of the IT systems and network infrastructure. 
 
Considering these assets are highly valuable to your company, setting up policies and processes for managing them can help your IT team keep track of it all, and stay ahead of the technology curve.
 
So, how do you do that? IT Asset Management (ITAM) is the answer. It’s a set of business practices designed to track all of your IT assets and optimize them for your business. It includes looking at financial requirements, inventory, and contractual functions, so your company can make smarter decisions with your budget and lifecycle management of your IT. It’s something your IT team internally can do or an IT services provider like Five Nines can take the lead (and eliminate the headaches) on as well. 
 
If what we just listed above sounds like a ton of work, we’ll be honest: it is. But, the process you go through to create an asset inventory and take stock of where you’re at with each piece of technology can maximize returns and significantly decrease the risk for serious problems down the line. This process also bridges the gap between your IT support team and the other people in your company, as everyone starts to understand what the value is of the technology. The goal of ITAM is to help create a centralized location to oversee all of the IT assets for the company. In other words, you’re taking stock of what you have and creating a place to store it all, so you can continually manage what you have.
 
While the process can vary from company to company, at its core ITAM strategy requires a complete IT inventory that gives an organization a snapshot of every IT asset they have. It roughly includes the process of verifying that each asset is:
 
· Up-to-date with security or software changes
· Protected and properly configured
· Working to protect your company from hackers or cyber attacks
· Not causing internal issues that could be slowing your team down or causing lag times
· Not costing the company exorbitant dollars in mismanagement 
 
For some larger companies, this means investing in third party software to track everything or bringing in the third party that can prioritize this critical task if your IT support team is needed in daily operations. When you consider what could be potentially overlooked, it’s well worth the time. You wouldn’t want to:
 
· Fall out of compliance in your industry and potentially get a violation or fine
· Have your business go down for a day because IT systems stop working
· Lose man-hours due to slowdowns caused by outdated assets
· Get cyber hacked because your systems have vulnerabilities 
 
These are just some of the key reasons why IT Asset Management is important as there’s a lot on the line when you're not managing these assets. And even when you have a plan in place, your IT services provider or your internal team (or IT support team) should still carry out an audit from time to time.
 
Need assistance with managing your IT? Five Nines is your IT support team for 2020. Let's talk about how to make sure you're prepared. 

Have questions on how this affects your business? 

LET'S CONNECT

Topics: Security, IT, Managed IT Services, Cybersecurity, anti-virus

Tools To Get The Most Out Of Office 365

office365logo

Cloud services have modernized the way company's work and allow for collaboration in any place, with any device. At Five Nines, we’re big fans of Office 365 applications, but there are so many features of the platform, that it can get confusing to understand which ones you should use, and how they integrate. Let’s break down some of our favorite applications and how you could leverage to improve your workplace communication and collaboration.

RE3RFyM

OneDrive for Business is a cloud service that allows you to store and protect your personal business files, and access them on any device. OneDrive also offers the ability to share documents and choose permission levels, such as read-only or edit access. You can also sync files back to the cloud easily when you’re connected to the internet.

SharePoint Online, on the other hand, is a more collaborative space to store documents. SharePoint allows for cross-team collaboration, and also supports company-wide employee interaction. Everything that’s saved to SharePoint can be automatically accessed by anyone that has permissions to the drive. Team members also have the ability to work on Office documents with other individuals simultaneously, and the changes are updated in real-time.

Now is when you might be thinking, why exactly would I need to have SharePoint and OneDrive if they’re so similar? You’re right, at first glance, SharePoint and OneDrive could be mistaken as the same applications and purposes, but we like to look at it this way:

Let’s say you’re on a team of 4 in a marketing department and work closely with other people across your organization.  You would want to use a SharePoint site to store approved marketing collateral, logos, and other resources that can be accessed company-wide. You might also have a team-specific SharePoint that’s used to store and work on documents that only the marketing team can access, like marketing plans and design files. You would also have OneDrive for files that you would use on a personal level, that doesn’t necessarily need to be accessed by anyone else. These files would still be secure and saved in the cloud so that you could share them if you need to, but can also be accessed from another device or when you’re not connected to the network.

Microsoft Teams is a chat-based workplace to facilitate projects, communication and meetings. The chat function on Microsoft Teams allows you to have threaded conversations, helping you store brainstorming sessions, conference calls, and other meetings into one, easy to find, place. You won’t have to go through pages of notes or thousands of emails looking for a certain conversation – with Microsoft Teams, you have it all at your fingertips. The feature also allows you to choose between team and private discussions, as well as audio and video chats with colleagues both inside and outside of your organization, if you have external access turned on. Documents that are worked on in teams automatically sync up to SharePoint Online.

Flow allows you to automate business processes by building specific workflows that are based on specific actions or triggers. For example, This could be as simple as getting an email alert when someone modifies a file or as complex as a multi-step workflow with approvals, alerts, and notifications that are based on an analysis of real-time data. You can create different types of "flows" that are either triggered by an event, a button or pre-scheduled. Microsoft provides a plethora of templates you can pick from, some of them designed for specific situations (productivity, sales, software development, etc.) to get started.

No two businesses are the same, and there is not a one-size-fits-all approach to collaboration, but with Office 365 there are many tools available to help make working with your teams more successful, whether you’re sitting in the same office, or across the country, or working from home. Interested in learning more about these applications and how we can help implement them? Click the button below and let's chat.

Have questions on how this affects your business? 

LET'S CONNECT

Topics: Security, IT, Managed IT Services, Cybersecurity, anti-virus

How To Prepare Your Team For A Cyber Attack: KnowBe4

knowbe4-logo

As we close out the end of the year and look ahead, it’s important to keep cybersecurity top of mind in 2020. As a business, taking the time to educate your team about cybersecurity can help create a security-conscious company culture, where people are not only aware of the risks, but they’re also able to spot them before they unknowingly create a costly mistake for the company.

hacking-2903156_1280

The Verizon 2019 Data Breach Investigation Report states that 34% of all breaches in 2018 involved people inside of the organization. The most common type of “insider threat” is when an employee unknowingly makes a mistake, leaving a device exposed or falling victim to a scam by clicking a bad link. Insider threats can, unfortunately, go undetected if an employee doesn’t realize what happened or understand that they fell victim to an attack and they need to report it to IT support.
 
The way to protect your company from this scenario is to deploy end-user security awareness training. The data backs up the fact that it’s cheaper to do this type of training, than deal with the consequences of a breach. The Ponemon Institute 2018 Cost of Insider Threats Study shows that the average cost of an insider-related incident is around $513,000. Insider-related incidents can cost a company up to $8.76 million a year. In North America, this number is even higher — up to $11.1 million a year. 
 
Why chance it? Train your internal staff now and partner with your IT support team, so that everyone is conscious of their actions when it comes to cybersecurity and thwarting phishing attempts.
 
At Five Nines, our IT support offers a subscription service that companies can use to train their employees called KnowBe4. It’s a security awareness training that was built by Stu Sjowerman, a serial entrepreneur and data security expert with more than 30 years in the IT industry. He was also a hacker himself. What sets this product apart: the new-school security awareness training is an interactive, on-demand browser-based platform that simulates phishing attacks and scams, so your employees gain firsthand knowledge on what they look like. Our IT support team helps companies take employees through a baseline test to show how Phish-prone each employee is to an attack and then we continue to reinforce the training through simulated phishing attacks that teach them how to respond.
 
The KnowBe4 platform is user-friendly and intuitive and more importantly, when training is implemented on a monthly basis, employees start to understand how to protect your most critical data and assets through vigilance. With platform metrics, your leadership team can even gain an understanding of what each employee’s Phish-prone percentage is and how they can improve their test scores over time. Through our subscription, we give you access to the world's largest library of phishing and email templates, so your team can continue to deliver real-world testing campaigns from brands your employees may think they can trust. After all, it only takes one click from a brand they think they recognize, to majorly compromise security.
 
Here at Five Nines, our IT support team can work directly with our clients to build and manage a completely custom security awareness training program for your staff. We've learned how to use the world’s largest security awareness training and simulated phishing platform to your advantage.
 
Interested in security awareness training for your staff but need more information from IT support experts? Check out this KnowBe4 guide and let’s talk!

Have questions on how this affects your business? 

LET'S CONNECT

Topics: Security, IT, Managed IT Services, Cybersecurity, anti-virus

You Can’t Depend on Anti-Virus To Stay Secure. Here’s Why

philipp-katzenberger-iIJrUoeRoCQ-unsplash

As technology continues to change, the number of ways your company can be targeted in a malware attack grows. At Five Nines, we put a major emphasis on educating our clients about what potential attacks could do to their operational systems, while also preparing their network to fight these attacks and keep systems secure as the designated IT services provider. While we do install anti-virus software for our clients, it’s only one tool in our belt, given that additional layers of security are needed now that hackers are more sophisticated. Before we get into why you can’t solely depend on anti-virus to stay secure, let’s define terms that are crucial to understand when we’re talking about anti-virus software and security. 

security-265130_1280

Malware is a broad term that really defines any malicious code or program that gives an attacker explicit control over your system. It may refer to all types of malicious programs including viruses, bugs, bots, spyware, etc. and even ransomware.

Anti-virus - Anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.  It’s the most commonly used weapon against malware.

Layered Security -- Layered security, also known as layered defense, describes the practice of combining multiple security controls to protect assets, such as resources and data. 

Now that we have some context, let’s talk about why anti-viruses can’t keep up with the increasing number of malware attacks. While there’s been thousands of cyber-attacks, one that really called attention to this growing issue of anti-virus protection happened in 2013. Over the course of three months, attackers installed 45 pieces of custom malware and stole crucial information from The New York Times. The Times — which uses anti-virus products made by Symantec — “found only one instance in which Symantec identified an attacker’s software as malicious and quarantined it.” The IT services team just didn’t catch it.

To get rid of the hackers, The Times, “blocked the compromised outside computers, removed every back door into its network, changed every employee password and wrapped additional security around its systems.” Ultimately, this is just one example of how hackers can create software that surpasses anti-virus software. They’re now able to design a piece of malware, run it on a computer with that anti-virus product to see if it will be detected, and if it is, then they can modify the code until the anti-virus software no longer detects it. What this means is that unless a traditional anti-virus software has seen a particular threat in the past, it won’t necessarily protect your computer. There are other new products that are able to ward off some of these new threats. For example, Cylance Inc. develops anti-virus programs with Artificial Intelligence to prevent, rather than re-actively detect, viruses and malware, this is also referred to as “Next Generation Protection”. So, what else can you do to stay secure?

  1. Keep Your Systems and Software Up-To-Date: One of the most common ways hackers launch attacks? Exploiting vulnerabilities in operating systems and software that are out of date. Simply put, when technology reaches its End of Life or End of Support date, patches, bug fixes, and security upgrades automatically stop, putting your technology at risk for an attack. Educating your team about when and how to update software and systems can keep you safe. Our IT services team works to monitor when these End of Life/End of Support dates as well.
  2. Firewall installation: You will want a business firewall to keep your company data protected.  You can implement a firewall in either hardware or software form, or a combination of both. Your IT managed services provider can help you set this up and monitor it for success on an ongoing basis.  There are next-generation firewalls as well. Unified threat management (UTM) provides multiple security features and services in a single device or service on the network. UTM includes a number of network protections, including intrusion detection/prevention (IDS/IPS), gateway antivirus (AV), gateway anti-spam, VPN, content filtering, and data loss prevention, just to name a few.
  3. Encrypting Information: If a hacker can infiltrate your system, encrypting your files can make the information useless if it is stolen. Encryption is the most effective way to achieve data security because it turns your crucial information into code. To read an encrypted file, someone would need access to a secret key or password that enables them to decrypt it. BitLocker, Microsoft’s easy-to-use, proprietary encryption program for Windows can encrypt your entire drive, as well as protect against unauthorized changes to your system such as firmware-level malware. 
  4. Password Management: We’ve talked about this before, and we encourage you to create a password protocol for your company. Changing passwords often and ensuring the passwords are difficult to guess are two ways to protect yourself. You can read more about our password tips here.
  5. Image-Based Backups:  It’s important to be in a position to recover your environment with backups if you encounter a breach. At Five Nines, we use image-based backups to keep your business running. Image-based backups are just what the name states: an image of your entire operating system, rather than individual files on your PC. 

The purpose of multi-layered security is to stop cyber attacks on different levels, so they never reach the heart of your system and affect essential information. While it’s crucial to use anti-virus software, it cannot be your only line of defense. 


Have questions on how this affects your business? 

LET'S CONNECT

Topics: Security, IT, Managed IT Services, Cybersecurity, anti-virus