Posts

Celebrate Data Privacy Day with a Free Workshop

/in

Privacy RefYou may or may not know that International Data Privacy Day is January 28.  To celebrate, our strategic partner, Privacy Ref, is offering a free 2 hour workshop on Privacy Program Fundamentals.

Join us on January 25, 2017 from 1:00 to 3:00 PM EST for this valuable session.

Topics to be covered include:

  • Defining privacy
  • Foundational privacy concepts
  • Components of a privacy program
  • Privacy frameworks
  • Managing privacy risk
  • Metrics for privacy
  • Training & awareness activities

Please click here to register!

Interested in ensuring your business is protected?  Explore our Privacy Solutions, including our Privacy Assessment and Planning and our Privacy Training services.

 

The Cost of Ransomware

/in ,

The cyber criminals behind ransomware see their efforts as a volume business.  Charge too much, and victims will not pay. Targeting businesses and organizations in wealthier countries and in cities where people and businesses are most likely able to pay, the typical ransom is often about $500.  More recently, we have heard of ransoms between 1 and 2 bitcoin (about US$600 to US$1300).

The ransom is only part of the cost

Every victim loses productivity from the start of the attack until it is fully resolved. Whether or not you pay, you still need to conduct a full sweep of all of your systems to ensure the ransomware has been removed. Otherwise, you risk reinfection.

For organizations that pay the ransom, they still suffer the time and cost of decrypting and validating files, a process that can consume days or weeks of IT resources. If you choose not to pay, you have the cost of recovering data from before the attacks and re-creating lost information across all of your servers, systems, and applications. We recently spoke with a company that lost less than 6 months of data. After three months, they are still working to recreate lost files and transactions as they have no way of knowing if they have missed any.

A ransomware attack can cost tens of thousands of dollars to clean up. Attacks may also damage valuable customer and vendor relationships and result in higher bookkeeping, accounting, and legal fees.

A dollar of prevention ….

The costs associated with prevention and the ability to recover quickly (should an attack breach your defenses) is relatively minor. The value of prevention and preparation is well worth the cost.

Learn more …

You can protect your business against ransomware attacks. In our new eBook, a Business Guide to Ransomware, you will learn how malware spreads, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Hiding your head in the sand does not work, because today’s ransom seekers play dirty. Make sure your organization is prepared.

For a 1:1 consultation and assessment of your risk, contact us today.

A Better Cloud Admin Solution

/in ,

BetterCloud Logo
With over 200 new features add yearly, the capability of Google Apps is growing in features and capabilities. Across our customer base, we see adoption and use of these features by individuals and teams growing as well.

You want and need to understand how Google Apps is being used, and working, for your business. With more collaboration and data in the cloud, you want to ensure that documents are properly shared, with appropriate privacy and protections. At the same time, we want to keep administration simple and efficient.

We have a solution:

BetterCloud recently release a new tiered service designed to solve each of these issues, and you can try it for free.

BetterCloud Basic is a Domain Health Center for your Google Apps domain, letting you monitor activity, define alerts, and analyze usage.

BetterCloud Pro is a robust suite of administration and management tools for Google Apps that simply admin tasks with an expanded set of controls that save you time and effort.

BetterCloud Enterprise adds auditing, discovery, compliance, and data loss prevention features, giving you the ability to monitor, manage, and mitigate data permissions and exposures in real time.

 

You can try BetterCloud for free, and without obligation.  Here’s our offer:

We will …

  • Install BetterCloud Basic for free in your Google Apps domain
  • Activate a no-obligation, 30 day trial of the BetterCloud Enterprise and Pro Features
  • Over the course of the free trial, we will highlight and demonstrate key features, including running a basic data security audit report for your review

At the end of the the trial, you decide if the cost/benefit of BetterCloud Pro or Enterprise is appropriate for your domain, and we will keep you subscribed. If not, you can keep using BetterCloud Basic for free.

To keep it simple, you can request the trial with two clicks.  Click here* to open a request email, then click Send.  Our team will promptly respond and activate your free trial.

*If you purchased Google Apps directly from Google, or another partner, we can still provide the trial. We also offer license discounts and other incentives for moving your account over to us. Contact us if you are interested in the savings and/or our services.

 

USPS Data Breach: What SMBs Can Learn

/in


As a small or mid-size business, you probably do not worry about hackers and data breaches. Your information is safely stored in-house or in a secure cloud service.  You do not have trade secrets or intellectual property coveted by foreign governments or industry. You accept credit cards, but those transactions are processed, saved, and secured by the credit card processor … you do not even have credit card numbers in your files or systems. It is not unreasonable for you to think that you are not a data breach target.

You are wrong.

The recent data breach at the US Postal Service should, however, serve as a wake up call. Hackers breached USPS systems not for customer data or credit card information; the hackers stole HR records for hundreds of thousands of postal employees and retirees (customer data was just a bonus). And, while the hackers were not able to go on an immediate debit-card spending spree, they captured all of the data necessary to steal identities — names, addresses, social security numbers, and more.

Regardless of your size, any personally identifiable information in your possession is an incentive for criminals. And you don’t need to be big to be caught. A stolen laptop, compromised account, or lost USB stick can enable data breaches in systems you think are secure.

Malware is the inbound marketing tool for hackers and identity thieves. 

When malware spreads, it makes its way onto business computers that the hackers may never have known existed. Malware often sits in wait, capturing passwords or other information and communicating the information to servers half way around the world. Hackers can then use this information to assess the value of the target and to gain more access to even more data. Hackers may also sell this information to other criminals.

Your business needs protection in place, and awareness of the scope of the problem is the first step.  Permissions monitoring and management, web filtering, device protection, endpoint protection, mobile device management, and user data protection may all be components of your solution.

Please contact us for a complimentary review of your current data protection coverage.

 

Restore Google Drive Files Offers Some (but not enough?) Protection

/in ,

google drive
Among the myriad of new features and upgrades announced at Google I/O this week, Google added the ability to restore users’ Drive files that have been deleted from the Trash folder.

While offering some protection, the feature is limited in its scope.

  • You cannot restore individual files; you can only restore all files deleted within a date range you provide.  The minimum date range is 1 day (24 hours).
  • You can only restore files for individual users, one at a time.
  • You can only restore files that were deleted from Trash within 25 days.
  • When restoring files, the permissions are not restored.  Only the user will have access to the files.

With these limitations, we do not expect the ability to restore a user’s Google Drive files will be of great use to most organizations.  With a limited retention period and lack of granularity, the tool provides a big shovel when most users need a spoon.

The solution also depends on users’ ability to recover information from the Trash folder, a process we find difficult at times due to the limited ability to search Trash in Drive.

True backup/recovery solutions give users and administrators that critical features that deliver more usability and effectiveness:

  • Flexible retention:  Allow organizations to implement policies related document and records management, including extended retention and removal of data past retention windows.
  • File-Level / Item-Level Restore: Most data loss and restore needs result from human error or action and impact fewer than 5 files.  Acceptable restore capabilities include the ability to restore individual files (or entire accounts) and should include the ability to select file by version or point in time.
  • Protect Meta Data:  Protect the meta data as well as the files themselves.  File ownership, permissions, etc. should be preserved and recoverable with the file.
  • Data Export:  Provide the ability to export data so that it may be migrated to other accounts and/or other systems.
  • Administrative Control:  Identify and allow backup/restore administrators that are not full domain administrators.

Absent many of these features, the ability within Google Apps to restore a user’s Drive files is a limited feature that will not meet most organizations’ needs for data protection.

Third party backup/restore solutions are still a necessary and appropriate component of a robust Google Apps environment.

Feel free to contact us if you would like to explore backup/recovery options and solutions.

Surprising Stats on Cloud Data Loss

/in ,

Yes, you can lose data in the cloud!

Our friends at Backupify recently conducted a study, Protecting Data in the Cloud: The Truth About SaaS Backup, which revealed some very interesting results based on how IT perceives the safety and security of their cloud-resident data.

54% of IT professionals have implemented some form of SaaS applications

81% of IT pros that use or plan to use SaaS apps categorize the data stored in their SaaS apps as “very to extremely important”

52% of IT pros don’t currently back up their SaaS data (or even plan to)

79% of IT pros believe their SaaS application is being backed up by their solution provider

1 out of 3 companies using SaaS lose data

47% of SaaS data loss occurs from end-user deletion

17% of SaaS data loss occurs when an employee overwrites data

13% of SaaS data loss occurs when a hacker deletes data

47% of IT pros back up SaaS data with a manual export

15% of IT pros back up SaaS data with cloud-to-cloud backup

If you want to learn more about protecting your SaaS and cloud data, please send us a note.

Note: This post is based on a Backupify Blog Post, which you can see here.

 

Picking a Backup Solution is Missing the Point!

/in ,

Data Protection
A 2013 study by The 2112 Group titled “”2013 State of Cloud Backup” found that small and mid-size interest in robust backup solutions more than triples after a significant data loss event, only 54% of SMBs felt that improved data recovery, business continuity, and IT reliability were sufficient motivators to deploy a new or improved solution.

Our perspective, is that focusing on backup misses the point entirely!

As we have blogged in the past: backup is easy; recovery is hard.  More accurately, the ability to recover and restore defines the value proposition.  Everything else about “backup” solutions — including the technology and methods — is irrelevant until you define the value of recovery and restore.

Stop thinking about Backup!  Instead, think about:

Continuity:  The ability for you company to continue to operate at an appropriately effective level during events that disrupt normal operations.   For some businesses, this means zero downtime.  For others, answering the phones and access to email may be sufficient for hours or days, or as an interim state until line of business systems come back online.  Still other businesses may need all systems up and running with 1 or 2 business days.

Recovery:  The ability to gain access to data and systems that became unavailable due to damage or failures.  Whether your disk array fails, a pipe bursts above your servers, or a virus eats through your files, recovery requires repair or replacement before systems and data can be restored.

Restore:  The ability to retrieve a prior version of data or a system.  Most restores are a result of user action or minor system issues.  How far back you need to go and the availability of past versions defines how long it will take to both retrieve the information and for the user to replace lost work, if any.  For some, a daily version meets the need.  For others, going back a day means resource-consuming rework so multiple versions each day are appropriate.

Focus on a building a Data Protection Solution and your required “Return to Operation” (RTO) time.  Remember that different parts of your business, different systems, may have different RTO requirements.

  • Assess your continuity, recovery, and restore needs and priorities
  • Understand the likely and not-so-likely risks to your systems and your business and create a “use case”.
  • Looking at each use case:
    • Identify changes to your IT infrastructure that could mitigate risk
    • Identify the type of solution that can provide the needed continuity, recovery, and restore services
  • Collate the use cases and solution types as your requirements

With requirements in hand, evaluating data protection solutions, technologies, and services becomes a manageable process.  Keep in mind, the data protection solution may include a mix of backup/restore, backup/recovery, archiving, disaster recovery, and other components.

 

Cloud File Sync & Sharing: Risks and Solutions (Part 3)

/in

Secure Cloud
This blog post is the third in a series on the data risks and solutions available for file sync and sharing services.

In the first two posts in this series, we focused on some of the risks and basic concepts for file sync and sharing services.  In this post, we focus on ways to mitigate risks.

Provide Employees with an Approved File Sharing Service. As we have noted in our prior posts, if you do not provide an approved service, employees will sign up for and use one of their own.  The difference?  With an approved services, you have access to your employees’ data and clear ownership of the information.  You can also monitor and manage for adoption, usage, and (if desired) adherence to policies.

Have a Clear Policy. Let employees know that personal and company data and systems are to remain separate, and why.  Provide a list of approved file sharing and sync services, as well as a clear an concise statement which other services may not be used (i.e., all others) and why.  The policy should include consequences for violations, along with a means for approved exceptions.

Block or Blacklist Unauthorized Tools. For many organizations without decent web filtering services in place, this recommendation will be difficult to implement.

Audit Workstations for Unauthorized Use.  Beyond application monitoring, when you scan workstations for application inventories, look to see if sync service agents have been installed.

With a moderate planning effort and reasonable monitoring and enforcement efforts, businesses can take advantage of the conveniences that file sharing and sync services offer, without exposing data to unnecessary risk and loss.

 

Cloud Backup: Small Businesses Hesitate at their Own Peril

/in

Cloud Backup
According to a recent survey of IT service firms conducted by The 2112 Group, small and mid-size businesses (SMBs with up to 250 employees) do not respond to most marketing efforts.  The lack of interest appears to be due to underlying concerns about data security, bandwidth, availability, and recurring costs.

Not surprisingly, SMBs become interested in cloud backup after a data loss or downtime. Having experienced disruption or loss, SMBs better understand the cost of a failed recovery compared with the cost of adequate protection.

Businesses that move to cloud backup sited their primary motivations as:

  • Improved data protection and business continuity (34%)
  • Better overall IT reliability (20%)
  • Reduced IT costs (16%)

The challenge for us, as a cloud solutions provider, is to meet our customers’ objectives while addressing issues of security, bandwidth, availability, and cost.

The challenge for SMBs, as our customer or prospective customer, is to recognize the value of cloud-based backup before a crisis.  And, understand that by offering a range of solutions, we can ensure data integrity while keeping costs in-line.

 

Cloud File Sync & Sharing: Risks and Solutions (Part 2)

/in

Secure Cloud This blog post is the second in a series on the data risks and solutions available for file sync and sharing services.

Your employees are using file sharing services. Ignoring reality or denying its existence will not change the fact that today’s tech users want to easily share files, and that they will circumvent IT if needed.

Understand the Technology.  Many organizations are using file sync services to share and backup files.  A poor understanding of how file sync services, however, can result in data corruption and loss.

Sync Basics. Most sync services keep a copy of your files on your local machine and in cloud storage, with synchronization happening for files saved in specific directories on your local machine.  In other words, you open and work on files locally.  When you save them in a sync folder (or folder tree), the file will be synchronized with the version in the cloud.  Files may also be used and saved using more traditional upload and download techniques. If you share a file with another person, they will download, or sync, a copy of the file to their local desktop.  This means that if you both are editing a document at the same time, you are both working locally on different copies of the file.  While some sync services offer basic file locking, most will allow the conflict to occur.  Data may be easily lost as each person syncs and overwrites the changes of the other. Better sync services offer multiple level or permissions, allowing you to restrict access to view versus edit.  Some services will also prevent downloading and printing.

Sync versus Backup. File sync is NOT backup.  If you overwrite or delete a file, those changes are synced to the server and to other users.  While some sync services offer version control with a limited ability to retrieve prior versions, most sync services quickly propagate errors and deletions. As such, sync is not a reliable technology for data restores.

When to Sync? Sync and sharing services can be part of a robust business continuity strategy. With near-real time updates, a local or remote service outage does not mean loss of access to files, or loss of operating data. Sync and sharing services are also useful for sharing files with outside parties, provided your users understand the limitations of the service. If you allow the use of sync and share services, however, make sure your team is using a company-owned and managed account and a business grade service.  We will discuss why this is so critical in our next installment.

Previous Post in the Series

library

Google Workspace Encryption

/in

Whitepaper | Source: Google —
Security is a key consideration for organizations that choose Google Workspace. This paper describes Google’s approach to encryption and how it keeps your sensitive information safe.

Read more

Google Security Whitepaper

/in

Whitepaper | Source: Google — Google fully understands the security implications of the cloud. Google services deliver better security than on-premises solutions.

Read more

Securing Your Digital Transformation

/in

eBook | Source: Cumulus Global

Read more

SaaS Protection Buyer’s Guide

/in

eBook | Source: Cumulus Global

Read more