Tech agility: A must-have for crisis survival

Tech agility: A must-have for crisis survival

It is a known fact that survival of any species depends on its ability to adapt to change. One major change for businesses in 2020 was the need to switch to the work-from-home model to keep things running during the time of pandemic. When countries all over the world started imposing lockdown restrictions, companies had no choice but to switch to remote operations if their line of business allowed them to do so. This blog post discusses the key challenges faced by businesses that had failed to adopt the latest technology on time.

Access to critical data and applications

For businesses that didn’t store their key data and applications in the cloud, this was a huge challenge. How do you ensure each of your employees have access to all the business data, programs and apps they need to operate efficiently? Companies that had already adopted the cloud as their core data storage means they didn’t face this challenge: everything was cloud-based and accessible from anywhere, using any internet enabled device (laptops/PCs/tablets/smartphones, etc., )

Cybersecurity concerns

With employees working from home, businesses’ fears of cybersecurity incidents were increased. Cybercriminals, on the other hand, knew full well all the security lacunae that existed in a hurried remote working environment setup and exploited them to the fullest. Industry reports showed that the initial few months of the pandemic saw an increase in cybercrime and related attacks on businesses.

Data loss

For businesses that didn’t operate in the cloud, data loss was another angle to look into. How do you ensure data backup and recovery when your staff is using their personal devices for work? Also, how to ensure they are taking all the precautions necessary to keep the data they are storing on their devices, safe?

Hardware issues

Some businesses provided their employees with work devices at home. For example, employees in some companies were allowed to take their office computers home for work use. But, that still didn’t solve the backup and recovery or cybersecurity challenges entirely, because the management still lacked ways to maintain control over the devices.

Phones

With employees working from home, it was a challenge for many businesses to manage their phone numbers–especially for client facing employees. Businesses with VoIP phone systems could make this transition easily, whereas those still relying on the traditional phone setup had to resort to cell phones and couldn’t use their business numbers for a while.

Key lesson: Move with the times, adopt new technologies, adapt to newer ways of working

/by

What the COVID-19 crisis taught us about the cloud and business continuity

What the COVID-19 crisis taught us about the cloud and business continuity

The COVID-19 pandemic has changed life as we know it, in many ways. While its impact on our day-to-day lives has been huge, the impact has been even more severe from a business perspective. The social distancing norms, staggered operating hours so as to limit crowds, the masks, shields, barriers, and what-not! From the business continuity perspective, companies have had to adapt themselves to the new normal very quickly.

During this global crisis, one technology that truly came to the rescue of business big and small was the cloud. The cloud made it possible for businesses to keep their operations running even with staff working remotely. With all critical data stored online, all that was needed was a compatible device with an internet connection and it was business as usual…well, almost.

Here are some core business challenges that were resolved due to the cloud.

  • Access to core business data and software programs that were needed for smoothd day-to-day operations
  • Data security concerns, though not entirely non-existent due to the use of personal devices, were largely taken care of, thanks to multiple layers of security offered by the cloud service providers
  • There were no “hardware hassles”…companies that were already on the cloud didn’t have to worry about the logistics of providing office computers to their employees working from home. With all the data stored online, they could use their home computers or tablets to get the work done.

Earlier what was perceived as an advantage for employees (the permission to work from home) was now mandatory for survival of the business. Even businesses that allowed employees to operate from home before the pandemic had a tough time migrating their entire setup to the work-from-home model.

/by

What’s your argument against an SLA with an MSP? Part-2

What’s your argument against an SLA with an MSP? (And why it doesn’t hold water) Part-2

In our last blog post, we discussed 3 reasons SMBs usually cite for not signing a service level agreement with an MSP. In this blog post, we suggest how an SLA with an MSP will add value to your business, irrespective of your business size, budget and the presence of an in-house IT team.

Reason#1: Our IT requirements are limited

IT is not a one-time thing where you can follow a set-it-and-forget-it approach. Want this to run smoothly? IT needs regular maintenance– a service level agreement with an MSP is the answer. Regular data backups, timely security patch application, software updates, etc, are all important and won’t happen unless you have a dedicated resource working on them. Plus, there’s the issue of network latency. Services like periodic network monitoring offered by MSPs ensure that any latency issues are identified and taken care of before they result in a major system failure.

Reason#2: We are tight on budget

Agreed that SMBs may not have the kind of revenue inflow as expected in large organizations, but that’s no reason to skimp on your IT requirements. Skimping on IT needs and diverting the funds elsewhere may sound tempting, especially when your IT infrastructure is running great, but this can cost you a lot more in the event something goes wrong. Let’s take a look at a malware attack scenario, for example. If you don’t have an SLA in place, you are most likely to reach out to an IT expert or MSP on a transactional basis. It will not only result in a sky-high bill, but also, there’s no guarantee that you will be immediately attended to: customers with SLAs get preference over transactional ones in the event of an emergency. Plus, every minute your IT infrastructure is down, you are losing potential revenue–through online or even offline sales. In the event of a data leak or a compromise in customer/vendor data due to the malware attack, you are liable for penalties and may be even sued by your clients. So, saving a few bucks here and there by cutting back on IT expenses can prove much more expensive later.

Reason#3: We have our in-house IT person/team

So, you have in-house IT personnel? Great! But there are ways in which an SLA with a managed service provider can still add value to you. This kind of setup is called the co-managed IT model. By bringing an MSP onboard when you have an in-house IT team, you B

  • Benefit from their expertise and enrich your in-house IT team’s knowledge
  • Enjoy flexibility in terms of meeting your IT needs as you can scale your IT up or down based on your business needs
  • Reduce payroll expenses incurred as result of hiring new IT staff in-house
  • Help your in-house IT team focus on more important tasks by outsourcing the mundane IT processes to the MSP
  • Get an extra hand to assist your in-house IT personnel in the event of a major IT issue
  • Have 24/7 IT support, something that may not be viable with a small in-house IT team

Having a service level agreement with a managed service provider adds value to businesses under all circumstances, and should be considered an essential, not an option.

/by

What’s your argument against an SLA with an MSP? Part-1

What’s your argument against an SLA with an MSP? (And why it doesn’t hold water) Part-1

Managed IT services are becoming more popular by the day. Businesses, big and small, are bringing managed service providers onboard to handle their IT requirements. The bigger IT players like IBM, Accenture, CISCO act as MSPs to larger organizations, while the typical managed service provider is often hired by SMBs. However, there’s a question that crops up time and again–Do SMBs really need an MSP? SMBs are sometimes in two minds when it comes to bringing an MSP on board and typically use one of the following justifications.

Our IT requirements are limited

A lot of businesses in the small to mid-size range believe that their IT needs don’t warrant a full-time service level agreement with an MSP. They believe the only times they need to invest in IT is at the start of their business or when rolling out new technology. As a result, they don’t see much value in signing a service level agreement with an MSP.

We are tight on budget

SMBs also tend to cut on the IT budget and invest those funds elsewhere–generally in areas where they see tangible results, such as hiring new customer-facing staff or a new advertising campaign. So, when SMBs find themselves a little tight on the budget, the IT department sees the cut.

We have our in-house IT person/team

Businesses with an in-house IT expert or even a small in-house IT team feel that is sufficient for handling any IT needs and an SLA is just an added expenditure.

So, did your reason make it to the list? Stay tuned for our next blog post, where we will discuss how an SLA with a managed service provider can add value to your business.

/by

Equip your business with the IT foundation it needs to compete and win

Equip your business with the IT foundation it needs to compete and win

In a recent industry survey, it was found that one of the biggest factors holding back small and mid-sized firms from achieving their business goals was IT. One may argue that smaller businesses lack the capital that the bigger players have to invest in their business, but even with all other aspects being more or less equal, the difference brought about by their lack of investment in IT was found to be a key differentiating factor–far more than other elements such as marketing, human resources and even industry expertise.

There’s no denying that IT plays an important role in keeping any business running. Ignoring your IT infrastructure can prove disastrous, but maintaining an in-house IT team to take care of it can be expensive–especially for SMBs. By outsourcing IT to a trusted MSP, businesses can benefit from significant cost savings that arise from not having to hire an entire IT team in-house.

The second instance where having an Service level agreement (SLA) with an MSP helps is where you don’t have an in-house IT team. Calling on an IT service provider when there is a crisis or a there is a one-off event may mean significant surcharges

When businesses have SLAs, the MSP will be regularly monitoring their IT infrastructure. A typical service agreement will cover regular backups, periodic network monitoring for latency issues, timely security updates and patch application, etc., This means the chances of severe IT issues will be drastically reduced. Most of the time, the problem can be identified much sooner before it becomes a full-blown issue. And, in the event of an IT emergency, a client having a service agreement will be prioritized by the MSP. One time emergency requests fall to the end of the line.

Irrespective of the size of business, MSPs can add tremendous value by bringing scalability, flexibility and innovation to the standard IT set-up and help build the IT foundation it needs to compete effectively and efficiently in the industry.

/by

Transitioning from average to best-in-class with IT

Transitioning from average to best-in-class with IT

Many small or mid-sized businesses don’t focus much on IT as they should. For a lot of them, the focus is on customers, ensuring they have enough staff to meet their client needs, expanding their business and driving revenue by selling. IT comes into the picture initially when the business is being set up. Once they have their IT infrastructure up and running, it tends to take a backseat. The typical mid-sized or small business owner seems to prefer the firefighting approach to IT–meaning, they reach out to an IT service provider only when they have an IT problem.

Interestingly, this is the key difference between the average SMB and best-in-class SMBs. The best-in-class SMBs tend to adopt a more proactive approach towards IT. They either have an in-house IT team or sign-up with a Managed Services Provider to take care of their IT needs on a regular basis. In contrast to the average SMB, the best-in-class almost always has a Service Level Agreement (SLA) with a reputed MSP.

Businesses that have service contracts with MSPs have access to the latest technology. The IT industry is constantly evolving and managed service providers are well aware of the changes. They know it first when a new technology is gaining widespread adoption across various industry verticals and can advise their clients accordingly. On the other hand, the in-house IT team may be too busy handling the day-to-day IT requirements to be able to focus on new technology and the various ways in which it can be applied to benefit the business. This specialized focus of MSPs also makes them a great asset to have on board when implementing new technologies or deploying new IT projects within the business.

Having a dedicated MSP-partner to take care of all IT needs helps businesses give 100% to other areas that help the business grow. With IT issues off their shoulders, management can focus more on clients, brand and market expansion.

/by

Cyber hygiene: The key to your business’s good cyber health

, ,

Cyber hygiene: The key to your business’s good cyber health

We all know that basic hygiene is a must to lead a healthy life. Did you know that the same rule applies to IT as well? There’s something known as cyber hygiene that plays a key role in keeping your business healthy from the IT perspective. So, how do you ensure your business doesn’t fail when it comes to cyber hygiene? Here are a few tips.

Follow industry benchmarks and standards
Remember that if an IT practice has gained industry-wide recognition and adoption, it is because it certainly offers some benefits. Protocols like the HTTPS implementation, SSL security certificates, CIS Benchmark, etc., are examples of industry standards that you must follow to maintain good cyber hygiene. Following these standards enhance your cybersecurity quotient and also play a positive role in helping you win your customer’s trust.

Stronger IT administration
The role of an IT administrator is very critical in any organization. IT administration involves exercising control over most of the IT activities with a view to ensure the security of your IT environment is never compromised. Make sure your IT admin rules and policies are clearly formulated and covers everything including-

 
  • Clear definition of user roles
  • Permission levels for each user role
  • Restrictions regarding download/installation of new software
  • Rules regarding external storage devices
IT Audits
Conduct regular IT audits to spot vulnerabilities and gaps that may threaten the security of your IT infrastructure. During the IT audits pay special attention to-
 
  • Outdated software or hardware that is still in use
  • Pending software updates that make an otherwise secure software vulnerable
Fix what you can and get rid of what is too outdated to be made safe.

Password policy adherence
When it comes to cyber hygiene, passwords are the weakest link as often, people compromise on the password policy for convenience’s sake. Here are a few things to look into at the time of your IT audit to ensure your password policy is being adhered to.

 
  • Check if passwords are strong enough and follow the standards set for secure passwords
  • Discourage password repetition or sharing
  • Ensure multi-factor authentication, where apart from the password, there is at least one more credential, such as a secret question, a one-time password (OTP) sent to the user’s mobile phone, or a physical token or QR code, to verify and approve data access
Ensure basic security mechanisms are in place
As a part of your cyber hygiene check, ensure you have all the basic security mechanisms in place. These include
 
  • Anti-malware software programs
  • Firewalls
  • Data encryption tools
  • Physical security and access control tools like biometric access

Pay attention to what happens with obsolete data
How do you get rid of data you no longer need? Even though old data may not be of any use to you from the business perspective, a breach of that data can still hurt you legally. Ensure you get rid of old data safely. It is a good practice to deploy data wiping software and also create policies for the safe destruction of physical copies via shredding or other methods.

Strong cyber hygiene practices can keep your data safe from cybercriminals lurking out there. However, consistently following up and ensuring these best practices are being adhered to, can be taxing on your internal IT team. It may be a good idea to bring an MSP on board who is well versed in cybersecurity to assist you with cyber hygiene.

/by

Free Internet Access? Don’t fall for this one

, ,

Free Internet Access? Don’t fall for this one

One of the popular internet scams that has been doing the rounds since 2017 is the one about “Free Internet”. This scam seems to resurface and somehow manages to claim quite a few unsuspecting victims. Here’s how they catch you.
 
  • Ads are created on Google, Facebook, popular search engines and social media platforms advertising free internet hours.
  • The ads look professional and show up on general searches and on social media when surfing. This offers a sense of validity.
  • Once you click on the ad, you will be taken to their website, where you will be asked to perform an action, such as

    1. Filling out a form with your Personally Identifiable Information (PII)
    2. Sharing your credit card information, and though you will be promised that your card won’t be charged, you may end up signing up for something or subscribing to a service for which your card will be charged later.
    3. Sharing a few email IDs or phone numbers–basically contacts with whom you will be asked to share the message in return for free internet service.

How to stay safe?
As always, remember no one offers something for free. Whether it is free internet access or tickets to a concert, if it is something of value, then you will be expected to provide some value in return. Steer clear of offers that seem too good to be true. If you receive a message from someone you know and trust, please let them know that their link may be a problem. No matter what, don’t open a link from anyone if you aren’t entirely sure the links are valid.

/by

Online shopping? Watch out for these red flags

, ,

Online shopping? Watch out for these red flags

Who doesn’t like online shopping? Online shopping has opened up a whole new world to us. Get whatever you want, whenever you want, without wandering from store to store. It doesn’t matter if it is too hot to venture outside or if there’s a blizzard out there, you do your shopping from the comfort of your couch and the stuff at your doorstep. You get great deals, some are better than in-store specials. But, did you know cybercriminals love the concept of online shopping as much as you do. Cybercriminals are exploiting the growing popularity of online shopping to cheat unsuspecting buyers through techniques such as phishing, malware injection, etc. Here are a few tips that may work to keep you safe from being a target of cybercriminals as you shop online.

How to determine if the ad or shopping site is genuine?
As you browse the web, you will come across various ads targeted at your interests. Businesses engage in ‘Retargeting’ which means they use cookies to target you with very specific ads until you buy something. For example, look at a wallet and, you will see ads for wallets on various other sites you browse even if they are not shopping sites. Are those ads genuine? Before clicking on any ad you see online and making a purchase, be sure to verify if the ad is genuine. The same goes for shopping sites. Before you shop, you need to ensure the site is genuine, especially since you will be sharing your credit card details or Personally Identifiable Information (PII) such as your address. Here are a few things to check before you make that online purchase.

English: Keep an eye out for grammatical errors or spelling mistakes in the ad. Fake ads and sites may look a lot like the actual ones, but spelling mistakes or grammar errors may tell the true story. Scammers don’t have content writers to write great sales content!

Check the URL: When at a shopping site, always check the URL in the address bar to ensure it is genuine. For example, if you see www.1amazon.com or www.amazon-usa.com, you should know it is not the same as www.amazon.com. Checking the URL also lets you detect website cloning and phishing. Website cloning is one of the most popular methods used by scammers to fleece consumers. As the term suggests, the cybercriminal first creates a ‘clone’ site that looks exactly like the original one, barring a very minor change in the URL.

Don’t Get Phished!
Phishing is when you receive a message, usually through an email or a text message asking you to take an action, such as clicking on a link, filling out a form, logging into an account, etc., Such messages look as though they are genuine. But, the form fill, account login, or link will take you to a spurious site where your information will be captured for bad use. Checking the URL will help you detect phishing frauds as well.

Check before you download anything: Sometimes you may receive a link and asked to download a coupon or a gift card that entitles you to a sizable discount. It may be a fraud. In fact, it probably is.

Download only from legitimate marketplaces: With so many shopping options it is tempting to download every new app that you come across. But, only download from authorized marketplaces like Google Play Store for Android or the App Store for iOs.

At the end of the day, remember, there is no free lunch. If something seems too good to be true, it probably is.

/by

DNS Cache poisoning: What every SMB must know

, ,

DNS Cache poisoning: What every SMB must know

In one of the most common poisoning attacks, the attacker poisons the DNS Cache with the aim of leading visitors to a fake website. In a DNS cache poisoning case, the attacker gains control of the DNS server and then manipulates cache data such that anyone typing the URL of the actual website is redirected to the fake one. This could be a phishing site where the attacker would have carefully laid out a trap to capture the unsuspecting victim’s personal data or secure information. For example, the visitor thinks they are logging into their bank’s website online, but are actually on the attacker’s phishing site, where they enter the login credentials.

Protecting yourself against DNS poison attacks
Here are some ways to protect yourself and your customers from becoming victims of DNS poison attacks.

 
 
  1. As discussed before, one of the most common poisoning attacks is the DNS attacks. Cybercriminals try to corrupt your DNS server using theirs. You can prevent this by bringing a trained professional onboard for your DNS server set-up. An expert will know to set up your DNS server such that it has a minimum relationship with other, external DNS servers, thus limiting your attacker’s ability to corrupt your DNS server using theirs.
  2. As a best practice, ensure that your DNS servers only store data related to your domain and not any other information. It is harder to corrupt the system when it focuses on a single element.
  3. Another best practice is to ensure that you are up-to-date on all DNS security mechanisms and are using the most recent version of the DNS.
  4. Ensure your site has, in layman terms, an SSL certificate and make sure it is HTTPS. Using encryption, a site with HTTPS protocol allows for a more secure connection between its server and the internet and is better at keeping cybercriminals out. Having an SSL certificate also ensures your site’s name shows up alongside the URL in the address bar. This is an easy way for visitors to identify if they are on a genuine site or not, thus helping them steer clear of phishing attacks and clone sites.

Data poisoning is one of the lesser-known and hence less talked about forms of cybercrime. But, it can inflict great damage–perhaps even more damage than the other obvious threats such as viruses and ransomware, because, unlike a Denial of Service (DoS) attack or a Ransomware attack where you know the moment the malware has hit your system, in a data poisoning attack, the malware is incorrect data that slithers into your system quietly like a snake and changes its overall functioning before delivering the big blow.

/by