The biggest threat to your IT infrastructure: Your own employees

 

The biggest threat to your I.T infrastructure: Your own employees

 

Did you know that your employees often unwittingly ‘help’ cybercriminals gain access to your system? Often, employees play a part in compromising the security of your IT infrastructure, even without them realizing it. For example-

When your employees use their own devices for work purposes such as to access emails, to connect to work servers or to work on office files. In the event their device gets infected by a malware or hacked, the virus or the hacker gets access to your data as well. Your employees may put your network at risk by connecting to unauthorized networks, downloading unauthorized software, using outdated antivirus programs etc, on their personal devices and then using it to access work files.Then, there’s the chance of them losing their devices such as smartphones, laptops or tablets putting your data at risk.

Your employees may also fall victim to phishing messages and scams and expose your network to the biggest risks out there, unintentionally. Plus, there’s always a slim chance that a disgruntled employee looking to make a few quick bucks may actually compromise on confidential business data intentionally.

 

So, what can you do to keep your IT safe?

 

• Train your employees through drills, workshops and classroom training sessions that help them identify possible IT security threats
• Establish clear IT usage policies related to password management, use of personal devices, data sharing and internet access
• Conduct timely audits and have positive and negative reinforcements in place to ensure policy adherence
• Install physical and virtual security mechanisms like CCTVs, biometric access, software programs to track employee activities when they are accessing your network and data, etc.,

IT is the lifeblood of your business and when you let your employees access your IT network, you are, in a way, trusting them with your business. Make sure they are trained and trustworthy enough.

3 things your Managed Services Provider (MSP) wants you know

 

3 things your Managed Services Provider (MSP) wants you know

 

Are you considering bringing a MSP on board? Or perhaps you already have one. Either way, for you to truly benefit from your relationship with a MSP, you need to build a solid bond with them. As a MSP who has been in this business for long, I can tell you the 3 important steps that will help you get there.

 

Share, share, share

 

Your MSP is your IT doctor. Just as you would share everything about your health with your doctor, you need to share everything related to your business that impacts your IT, with your MSP. Give us an overview of your business and answer questions such as

• What you do exactly as a business
• Who are your key clients
• Which industry verticals do you serve
• What are your peak and lull seasons, if you have them
• What are the core regulatory codes that apply to you based on the industries you work for
• What are your business expansion plans for the near future and in the long run

Sometimes clients shy away from discussing all these things because they don’t trust the MSP enough. There is a fear of the MSP sharing business plans and other confidential information with their competitors. As a MSP, I can tell you that we work best with clients who trust us. When you are trusting us with the lifeblood of your business--your IT infrastructure, you should be able to trust us with your plans for your business.

 

Let’s talk often

 

While it’s great that you outsource your IT completely to us, it is still important that we meet and talk. Your business needs may change over time and we don’t want to be caught off-guard. We know you are busy, but set some time aside every month or even every quarter to catch up with us and discuss your IT challenges and needs.

 

Take us seriously

 

Your IT is our business, and we take our business very seriously. So, when we tell you something, such as--to implement strong password policies, limit data access, upgrade antivirus, etc., please take notice!

Teamwork forms the core of any successful relationship. Same holds true for your relationship with your MSP. Trust us, pay attention to us and hear us out. We’d love that...and we’d love to work with you!

Don’t make these IT mistakes as you grow!

 

Don’t make these IT mistakes as you grow!

 

During the course of IT consultancy, we come across a lot of clients who are not happy with the way their IT shaped up over the years. They feel their IT investments never really yielded the kind of returns they expected and come to us looking to change the trend. When analyzing the reasons for the failure of their IT investment, here’s what we come across most often.

 

Not prioritizing IT

 

This is the #1 mistake SMBs make. When focusing on growing their business, most SMBs think marketing, sales and inventory, but very few consider allocating resources--monetary or otherwise towards IT. IT is seen as a cost-center, rarely prioritized and any investment in IT is made begrudgingly.

 

Going for the fastest, latest or even the ‘best’ technology--which may not be the best for you

 

This is in contrast to the issue discussed above. Many SMBs realize the key role that IT plays in their business success. But they tend to get carried away and invest in the latest IT trends without considering whether it fits their business needs well, or if they really need it. Sometimes it is just a case of keeping up with the Joneses. But, why spend on the fastest computers or largest hard drives when you get only incremental productivity benefits?

 

Your team is not with you

 

When you bring in new technology or even new IT policies, it is your team that needs to work on it on a daily basis. If your staff is not on the same page with you, your IT investment is unlikely to succeed. So, before you make that transition from local desktops to the cloud, or from Windows to iOs or roll out that new BYOD policy, make sure you have your staff on your side.

 

You are not sure how to put it to good use

 

The lure of new technology is like a shiny, new toy. Investing in something popular and then not using it to its maximum is commonplace. Make sure you make the most of your investment in IT by providing your staff with adequate training on how to use it.

IT can seem challenging to navigate when you have to do it all by yourself. It entails steep costs when taken care of in-house. Add to that the complex task of deciding what IT investment you will benefit the most from and then training your team to use it...all of this is pretty daunting when you have to do it all by yourself. A MSP has the experience and expertise needed to be your trusted partner and guide in these challenges, helping you make the most of your IT investment.

IT Red Flags to Watch Out For

 

IT Red Flags to Watch Out For

 

As someone running a SMB, you probably have a lot on your plate. You are the core decision maker, responsible for growing your business, keeping your clients happy and getting all the working done. Often, when you have so much going on, one area that gets overlooked is IT. When you are so busy looking into other things, the start of IT issues may slip your watchful eyes. In this blog, we discuss the IT red flags that you need to watch out for.

 

Adware ambush

 

This happens generally when your internet browser has been hijacked and an adware has been sneaked into your system. When you try to surf the net using a hijacked browser, you will find online ads popping up everywhere. And by that we don’t mean the few sponsored search results or a couple of ads that show up when you browse a site. We are talking about ads showing up just about everywhere on your browser. Even a simple link click will take you to an unintended page. It is so evident, you just cannot miss identifying an adware ambush!

 

Strange pop-ups

 

Much like the Adware ambush, strange pop-ups show up when you least expect them. For example, you may be trying to open a presentation or a document and a series of pop-up windows will appear before you are allowed access to the file. Watch out for these, as they indicate the presence of a malware in your system.

 

Spam/Fake emails

 

If, all of a sudden, you see a lot of spam emails being sent from your/your staff’s official email IDs, there may be a worm at work. Often email worms enter the IT system through the download of one infected file and then replicate themselves across the network via email. Worms do this by penetrating the victim’s email security and spread itself across all of the victim’s email contact list through automated emails that look as if they were actually sent by the victim. So, is Sam from Accounting sending you a lot of junk emails? Probably time to get his PC checked.

 

A lot of what used to work before is now broken

 

We all have minor software and hardware issues here and there. But, if all of a sudden, a lot of stuff that used to be up and running seems to be broken, it screams “Red alert”! It could mean that the malware is slowly taking over your IT system, one program at a time.

Bottomline--Surprises are good, but not so much in IT. If you find anything amiss, anything different, like a machine that suddenly slowed down, or a program that just doesn’t work anymore or a new plug-in added to your browser or a new homepage, it’s better to take a deeper look and arrest the problem before it spreads elsewhere wreaking havoc through your IT network.

Assessing your MSP in the first appointment

 

Assessing your MSP in the first appointment

 

Handing over your IT to a MSP is a major decision. Who do you choose and more importantly, how? While there’s no rulebook that will tell you exactly how to proceed, here are a few hints that can help you decide how invested your prospective MSP is into you.

 

How well do they know your industry vertical

 

It is important that your MSP truly understands the industry-specific IT challenges you face so they can help you overcome those challenges effectively. For example, do you have a commonly used software program or any governmental or regulatory mandates that you must be adhering to. Is your MSP knowledgeable on that front?

 

How well do they know you and your values

 

How well does this MSP know your business in particular. Have they invested time in learning a bit about you from sources other than you--like your website, press releases, etc.? Do they understand your mission, vision and values and are they on the same page as you on those? This is important because you and your MSP have to work as a team and when start to see things from your point of view, it is going to be easier for you to build a mutually trusting, lasting relationship with them.

 

References and testimonials

 

References are a great tool to assess your prospective MSPs. Ask them to provide you with as many references and testimonials as they can. It would be even better if their references and testimonials are from clients who happen to know you personally, or are in the same industry vertical as you or are well-known brands that need no introduction.

 

Are they talking in jargons or talking so you understand

 

Your MSP is an IT whiz, but most likely you are not. So, instead of throwing IT terminology (jargons) on you, they should be speaking in simple layman terms so you understand and are comfortable having a conversation with them. If that doesn’t happen, then probably they are not the right fit for you.

 

Were they on time

 

Did your MSP show up when they said they would? Punctuality goes a long way in business relationships and more so in this case as you want your IT person to ‘be there’ when an emergency strikes.

While there are many factors that go into making the MSP-client relationship a success, the ones discussed above can be assessed during your very first meeting. They are kind of like very basic prerequisites. Make sure these basic conditions are fulfilled before you decide on a second meeting.

Hiring seasonal staff? Here are a few things to consider from the IT

 

Hiring seasonal staff? Here are a few things to consider from the IT perspective

 

In many industries, there are seasonal spikes in business around specific times. For example, CPAs/Accounting firms, though busy all year, generally see a spike in business around the time of tax planning, IRS return filing, etc., the retail industry sees a boom around the Holiday Season, and so on. During such peak times, it is common practice in the industry to employ part-time staff to meet the immediate resource needs. While this works well in terms of costs and for handling additional work/client inflow, this poses a few challenges from the IT perspective. In this blog, we explore those challenges so you know what to watch out for before bringing part-time staff on board.

 

Security

 

When you are hiring someone part-time, security could be a concern. You or your HR person may have done a background check, but their risk score nevertheless remains much higher than permanent employees who are on your payroll. Trusting a temp worker with customer and business data is a risky choice.

 

Infrastructure

 

Having seasonal employees is a good solution to temporary spike in workload. But, there is still a need to provide your temps with the resources they need to perform their tasks efficiently. Computers, server space, internet and phone connectivity, all need to be made available to your temp workforce as well.

 

Lack of training

 

Your permanent employees will most likely have been trained in IT Security best practices, but what about your temps? When hiring short-term staff, SMBs and even bigger organizations rarely invest any time or resources in general training and induction. Usually brought in during the peak seasons, temps are expected to get going at the earliest. Often IT drills and security trainings have no place in such hurried schedules.

 

Collaboration needs

 

Often businesses hire seasonal staff from across the country or even the globe because it may offer cost savings. In such cases when the seasonal staff is working remotely, there is a need to ensure the work environment is seamless. High quality collaboration tools for file sharing and access and communication needs to be in place.
Having part-time or seasonal staff is an excellent solution to time-specific resource needs. However, for it to work as intended--smoothly and in-tandem with the work happening at your office, and without any untoward happenings--such as a security breach, businesses need to consider the aspects discussed above. A MSP will be able to help by managing them for you, in which case hiring temps will be all you need to think of.

3 Things to consider before you sign-up with a cloud services provider

 

3 Things to consider before you sign-up with a cloud services provider

 

More and more SMBs are migrating to the cloud and that is not a surprise considering the numerous benefits the cloud can offer them. For a SMB, the cloud is a cost efficient and secure answer to their growing data needs and IT security requirements. The cloud grows with them and lets them scale their business without worrying about a corresponding rise in IT costs. Plus, with the cloud, the important aspects of security and backups are mostly taken care of by the cloud service provider. And then, there’s the convenience of any-time-anywhere data access. With all these benefits that the cloud brings, what’s there to think about before signing up with a cloud service provider? While are a lot of benefits of storing your data on the cloud, but your data is still yours, so there are a few things you need to know and be comfortable with before you jump onto the cloud.

 

Data storage location

 

Ask your cloud services provider where, (as in the location of the data center) your data will be stored. Ask them if they have multiple data centers and if yes, then, will they be backing up your data and storing them at different places. It is great if your cloud services provider does that, since that ensures higher safety of your data.

 

How secure will your data be?

 

Yes. When you hire a cloud services provider, a major chunk of your data’s security responsibility is passed onto them. You don’t have to really worry about your data security, but, you still need to know how they plan to keep your data safe. Ask your cloud services provider for details regarding their data security procedure. Have them share all policies, SOPs and data security frameworks that they claim to have in place.

 

Past performance/data loss history

 

Everyone talks about their best projects in a sales meeting. What you really need to know are the worst ones. Ask your cloud services provider to share with you their data loss/downtime trends for the past one year. Observe the trend. How often does their system give way and how long does it last? This is important for you to understand, because this metric translates into loss of business for you.

And finally, don’t forget to ask for a client list. Like we said before, everyone highlights the good things about themselves in a sales meeting. If you really want to know how good your cloud service provider is, ask them for a client list--both current and past. Check how many of them are from your industry vertical. Try reaching out to those who are willing to talk. Find out what they like the most about your cloud service provider and what aspects they find negative. Find out why their former customers left them. Usually customers are pretty good indicators of the quality of service a business provides. Hope these tips help you finding a cloud service provider who fits in well with your needs.

Get smart about smartphones

 

Get smart about smartphones

 

With flexible working schedules, remote teams and Bring Your Own Device (BYOD) policies in force, it is has become commonplace for employees and business owners alike to use smartphones for work purposes. A quick reply to an email, sharing that sales presentation, glancing over that vendor proposal–all on a smartphone–is something we all do on a daily basis. But with this convenience comes great security risks.

 

This blog discusses what they are and how you can avoid them.

 

Mobile devices are lost/stolen more easily

 

Unlike desktop computers, your smartphones and tablets are easier to steal. O, you may even forget yours at the restroom in the mall or in the subway, and along with it, goes all confidential data.

 

Phishing: Avoid biting the bait

 

A smartphone user is more likely to fall for a phishing scam on two accounts--one, with messaging apps like whatsapp, facebook messenger, etc., chances of getting phishing links are higher. The smaller screen size can make it difficult to clearly verify the authenticity of the site being visited.

 

Free Wi-Fi = free malware

 

Free wifi makes everyone happy. The smartphone user, the shopkeepers and also malware distributors! Your smartphone literally travels everywhere with you. The mall, the coffee shop, the movies and then to work as well. Just like how humans can catch the flu and make everyone at work sick, your mobile device can get infected with a malware and spread it across your network in the office.

 

What you can do?

 

You have antivirus for your computers, why not for your smartphones and tablets? We all know how disastrous a malware attack can be to your data, devices and your brand, in general. Consider installing antivirus software in your mobile devices to safeguard them from such attacks.

How do you prevent misuse of your debit card? With a PIN number, right? You can do the same to your phone by protecting it with a passcode so the miscreant will not be able to use it to access your data. Also, there are apps that let you wipe out all the data from your smartphone remotely in case you lose your device.

Be careful when downloading data and even 3rd party apps on your phone. Double check URLs when browsing online using your phone and don’t click on messages with links that seems malicious. In such cases, remember, if something seems too good to be true, it almost always is. Chances are, you may have not won that million dollar lottery or that all-expenses-paid trip to Europe.

And, spread the word amongst your employees. Their phone has the power to damage your brand! Take care.

Ways to Solve for Enterprise Cloud Security Challenges and Risks

The clouds of Foundation as a Service (IaaS) show a fairly unique arrangement of security difficulties and hazards. Open clouds are prominent targets, so it's basically vital for cloud assets to solidify to the most extreme degree conceivable. While the same could also be said for the local assets of an expanding company, security within the cloud requires a quite different approach than what can be used for local assets.

For example, there are layers of secure foundations that cloud providers cannot open to the inhabitants. Meanwhile, cloud providers can also provide occupants with instruments specifically designed to help improve the security of cloud assets.

Whatever the specific configuration of your foundation, there are several things that IT stars can do today to alleviate cloud security vulnerabilities and maintain the security of information and applications from intruders.

·        Port rules for workloads in the cloud

One of the easiest things you can do to help reduce the dangers of dangers in the cloud is to anchor virtual machine occasions in the cloud to carefully consider the principles of the port. Most of the current frameworks have worked in the firewall, and the design of that firewall has been a standard practice for quite some time. Also, however, cloud solutions generally provide software firewalls that live outside the framework of a virtual machine.

AWS, for example, allows a security meeting to be related to each virtual machine case. Although the expression "security collection" has long been linked to access control records, AWS security groups are port-based pools.

From the point of view of security, it is a smart idea to add the virtual machine's chances in parts, and then create a security group for each part. For example, you can do a security collection for space controllers, another security for web servers, and so on.

·        Multifaceted authentication in your cloud

 Although cloud server services will allow customers to log in simply by using a username and password, the important cloud providers also reinforce multifaceted confirmation. Regardless of whether the calculated limitations prevent you from using the multi-faceted confirmation to anchor the accounts of the end customers, the supervisors must demand multifaceted verification for the root account.

·        Security in the cloud: look again at the access control

 Another thing to consider with regard to the solidification of cloud assets is that cloud providers can improve access controls through what they use for the facilities. Give me the opportunity to give you a case.

In a Windows server condition, principals have been weakened for quite some time by specifically granting client access to an asset. On the contrary, customers must be added to security meetings. These meetings could be allowed authorization to reach different assets. While in any case you can use this way to try to give customers access to cloud assets, from time to time there is access to accessible access control alternatives. The highlight of AWS Identity and Access Management, for example, gives you the opportunity to configure contingent access to assets. As in a case, clients cannot access the assets in view of their IP address, the season of the day and considerably regardless of whether their association has SSL enabled.

·        Audit of cloud storage permissions

 One of the huge differences between cloud storage and the capacity clusters that are located in the facilities is that cloud storage is specifically open from the Internet. Undoubtedly, effort systems are linked to the Internet, and in this way, it would be feasible for someone on the Internet to break through their system and, in the end, access a capacity exhibition. However, because of cloud storage, there is usually a URL that can function as an immediate purpose of the section in its capacity.

Given that it is so natural to access cloud storage, it is essential that administrator’s leave aside the opportunity to leave without any doubt the capacity level authorizations that have been established effectively. Specifically, consents must be established to deny it free of charge, unless there is a compelling motivation to do otherwise. If the community is required, then it is better to create a different storage cube for those assets, instead of combining the open and private information within a solitary accumulation.

·        Exploit Cloud Security Tools and Reports

 Real cloud server services believe that security is very important. These providers realize that huge clouds create huge goals. Since security is such a big need for cloud providers, they often provide endorsers with devices and reports that can be used to ensure the security of assets within the cloud. The security reports in the cloud are genuinely standard. These reports can be used to see who has been receiving what, or how the consents are connecting.

The accessibility of the security devices can usually differ starting with one provider in the cloud and then with the next. Amazon, for example, has an instrument considered a trusted advisor that can perform a security review to make it beyond any doubt those assets in the cloud are anchored to Amazon's best practices.

Conclusion

The way to configure great security in the cloud is to leave aside the opportunity to explore the security mechanisms to which you have access and discover how to use those mechanisms in a viable way. It is also essential to understand that, regardless of how large the security mechanisms are accessible by a provider, they do not discredit the legitimate security requirement of the operating system level in examples of virtual machines.

How Soma IT Help Your Business Reach New Heights

Consultants guide organizations in implementing new technologies, they support the implementation, train and clearly explain the benefits around these new solutions. Inevitably, today’s solutions are more cost effective, easier to understand and more user-friendly. IT Consultants main objective is to advise companies on how to best use Information Technology services that meet their business objectives.

A good IT consultant must have the following skills:

• Technical skills
• Excellent communication skills
• Management skills
• Commercial and advisory skills

IT Support Professionals or IT Departments are critical in today’s business world. From SME’s to Enterprise Level businesses there are new obligations around the protection of Client Data, Business Systems and Compliance that need to form part of Company Practices & Policy. The IT consulting firm or consultant you choose directly impacts productivity, flexibility, and even results.

Read more

How SOMA IT help you Safeguard your information and your reputation?

7 Effective Strategies to Keep Business Data Safe and Secure

If you’re the CEO of a company, then the security of your company’s data should be your first priority. Every day hackers are finding new and craftier ways of accessing or destroying your valuable data. It could be your financial records, marketing materials, product developments, or customer information. One security breach could result in all of your data being erased or stolen.

When vital company information is compromised, a business faces potential financial losses and bad publicity that can be difficult and, at times, impossible to overcome. It is, therefore, crucial to implement effective data protection strategies. No business can completely avoid an attack, but unrepairable damage can be avoided with the right strategies in place.

Read complete article