Month: September 2020

What’s the difference in Dell’s support plans?

Choosing the right warranty and support for your Dell hardware can be one of the most overlooked steps in the buying process. Choosing the wrong support can negatively impact your long-term productivity and your overall impression of the original equipment manufacturer (OEM).
But how do you choose the right Dell support?

As you know, especially in 2020, “life happens” and it is best to be prepared for those situations when it does. Below I have provided a quick overview on the three different levels of support.

Dell Onsite Basic Support
Onsite basic support provides access to a general telephone support queue for hardware break/fix troubleshooting. This phone support is available during regular business hours only (Monday through Friday from 6:00 AM to 7:00 PM) and excludes regularly observed holidays. Some exceptions exist for certain support products which offer seven days, 24-hour Basic telephone support and 24×7 access to online Support at www.support.dell.com.

Onsite basic support may also offer the on-site dispatch of a service technician and/or warranty parts to customer’s business location during business hours (as necessary and according to level of on-site service purchased) for repairs and resolution necessary. It must be determined that the issues are due to a defect in materials or workmanship on the Supported Product.

The final option may include mail-in service and support (as necessary and according to level of service purchased) for repairs and resolution necessary due to a defect in materials or workmanship.

For a full description of Dell’s Basic Support visit: https://www.dell.com/downloads/global/services/basic_hdw_support.pdf

ProSupport (Recommended for all laptops and critical hardware)

• 24×7 direct access to highly trained experts who provide enterprise-level, tech-to-tech support
• Remote and on-site support with four- and eight-hour parts & labor response options
• Incident-based third-party software assistance for data center and end-user applications, OS, and firmware troubleshooting
• Emergency parts and labor dispatch, in parallel with troubleshooting, for issues you identify as severity level One
• Access to secure online management of parts, convenient for servicing your own hardware
• Options to remotely monitor and manage your data center hardware
• Options for data and asset protection services. https://www.dell.com/learn/ly/en/lybsdt1/campaigns/support-prosupport-for-enterprise-ec

ProSupport Plus (Recommended for all Data Center Hardware)

This is the complete package for everything that is MISSION CRITICAL. Everything you need to support PCs and tablets ProSupport Plus is the most complete support service. ProSupport Plus combines priority access to expert support, accidental damage repair, and proactive monitoring for automatic issue prevention and resolution. It is designed to provide maximum support with minimal effort for you. As the first premium service for PCs and tablets that automates support, ProSupport Plus prevents issues before they occur and quickly resolves issues when they do.

Choose ProSupport Plus to receive:

• Priority access to ProSupport engineers 24x7x365 to quickly resolve hardware and software issues
• Predictive analysis for issue prevention and optimization enabled by SupportAssist
• Proactive monitoring, issue detection, notification and automated case creation for accelerated issue resolution enabled by SupportAssist
• Power to manage all your asset alerts from a single portal with TechDirect or use tools you already use like Microsoft SCOM, Remedy, KACE and OpenManage Essentials
• System repair after a drop, spill, or surge to protect your investment
• Hard drive retention after replacement to help secure your data
• Dedicated Technology Service Manager, a single point of contact for issue resolution and monthly reporting
For a full description of ProSupport Plus for enterprise gear visit: https://www.dell.com/learn/ly/en/lybsdt1/campaigns/support-prosupport-for-enterprise-ec

Recommendations

Basic support is the lowest level of support. At vTECH io we are more than happy to white glove service and warranty for customers but sometimes Dell basic support severely limits our options and is usually not enough.

If purchasing computers for the office, managers, remote workers, or C Level employees, we recommend having ProSupport as the minimum level of support. This will give you U.S. based support and a special phone number to call in on if you are having an issue. We will always tell clients to purchase ProSupport when buying laptops or critical hardware.

Anything Mission Critical hardware (servers, storage, networking) require ProSupport Plus. If you cannot continue to work without this Hardware you must go with ProSupport Plus. This will give you access 24/7/365 access to engineers as well as monitoring and analysis for issue prevention.

By Kevin Kaufman

Read our best practice guidelines for creating a new patch management policy that protects your network against common application vulnerabilities.

Creating a new patch management policy

Patch management enables code changes to be tested and installed on a device’s existing Windows-operating applications. It updates systems on the latest patches (codes) available and ascertains which ones to use, often to fix bugs and security gaps. This is a vital aspect of cybersecurity, especially within businesses of any size.

Why do I need a patch management policy?

It is crucial that patch management is an aspect of your cybersecurity measures. The service works in a preventative manner to detect vulnerabilities before it’s too late – if patches are not deployed soon enough, a network could be severely compromised. With constant monitoring, any threats that could jeopardize your company’s data and other sensitive information within your network will be discovered as soon as possible.

As patches can apply to almost every aspect of an endpoint (laptop, desktop, mobile or other internet-enabled device), it is essential that patch management is used for all business endpoints, to protect your workplace data. However, despite many businesses knowing the importance of the process, they don’t partake in patch management due to the scale of the project. With too many patches and patching often disrupting operations, the task can get left behind.

You should ensure that all relevant members of the business – such as IT technicians or security teams – are aware of your patch management process.

Manual patch management vs automated patch management software

There are two different processes for patch management. You can conduct manual patch management, which will entail creating a patch management policy. You can also use automated patch management software as a timesaving, accurate alternative. Even when downloading software, you may often find it is still worth having your own backup policy.

Creating a new patch management policy

There are several steps involved when creating a new policy, covering the patch management process template and patch management policy and procedures. Creating a patch and vulnerability management program can be straight forward, when you follow these steps:

Step 1: Create a categorized inventory of all IT assets

In order to begin your patch management policy, you should have a good understanding of all of your assets. Create a list of your endpoints, including servers, storage devices, routers, desktops, laptops and tablets. Once you have a good understanding of every asset you need to cover, categorize them by type and risk level. An example of an endpoint at high-risk is anything that you use to open emails. Low-risk endpoints include devices not connected to the internet.

Step 2: Rigorously test patch deployment in a test environment

The next stage is to create a test environment to deploy patches in. It is crucial to conduct patch testing before you deploy patches into the production environment, checking they are fully functional and will not cause any damage to your systems and applications.

Step 3: Back up existing data within the production environment

Ensure that all data in the live production environment is backed up in the event that it needs to later be restored.

Step 4: Roll out the deployment of patches to the production environment

Once you have made sure that all your devices and endpoints are backed up, you can then deploy the patches into the production environment.

Step 5: Maintain and evaluate patches regularly

It is important to continue maintenance of patches – regularly evaluate and monitor their performance after they have been deployed. This is vital for the security of any business, and it must be ongoing.

Best practice guidelines

There are several ways to maintain your patch management policy. Here are some patch management policy best practices we advise you follow:

Regularly update your inventory and software

All inventory data and software should be updated regularly – critical updates can help flag or fix and security flaws.

Keep a list of the most common vulnerabilities

If you keep a list of the most common vulnerabilities and your IT assets that are most at risk, you can refer back to this throughout the process. This will guide you of the most and least likely threats, and which endpoints are most susceptible to those threats, helping you prioritize your actions.

Make a note of how security tools are configured

You should also take note of the configuration of your devices and security tools, and how they work. This list can again be referred back to throughout the patch management process, especially if there are any issues regarding patch deployment post the test environment.

The benefits of automated patch management software

By downloading patch management software, you can save time by removing manual processes from your operations. An automated solution will regularly scan for missing patches and review those already in place, assessing if they’re appropriate to use. The service will remove the time and stress associated with conducting these tasks yourself, freeing up developer time that can be used for higher-priority tasks.

Avast Patch Management can improve efficiency and productivity within the workplace with its automated approach to scanning. The solution also removes human error from the process, bringing accuracy and breadth to patch scanning and removing guesswork. The software enables you to deploy any required patches across a range of endpoints from one central dashboard, while selecting the frequency of the scan to a schedule that suits your needs

Get automated Patch Management with Avast

Get Avast patch management, or try it for free for 30 days.

Author: Avast Business Team, 4 May 2020

All you need to know about file sharing for business, from transfer methods to strategies and tools for staying safe and secure

By now, most businesses have ditched paper in favor of digital files, making the most of paperless storage and more efficient workflows. However, file sharing has its downsides: it can be easy to get lost in multiple document versions, while security measures are often less than ideal, potentially putting sensitive data at risk.

In this article, we will look at how to ensure file sharing balances safety with ease of use to increase efficiency among the modern workforce.

Why is file-sharing security important for business?

A growing trend has emerged over recent years as millenials have shifted the expectations of what a workplace should be. Even before Covid-19, an estimated 43% of American employees work remotely on a regular basis.

Due to the enforced home working caused by the Covid-19 pandemic, the remote workplace has rapidly become essential for businesses to continue functioning effectively. In many cases this has demonstrated the viability of remote working becoming universally implemented, shifting perceptions of what it means to operate in a modern workplace.

One of the main reasons for such a seismic transition being so effective is the level of technology available to facilitate these changes. Video conferencing and file sharing mean that real-time discussions can be held regardless of who is physically in the office, reducing costs for the business and giving staff more freedom to sculpt their work/life balance, leading to improved wellbeing and productivity.

However, rapid change can often result in new or increased security risks. For example, there is a much greater chance of files being accessed on unsecured personal devices or devices being lost or stolen. Both could result in a data breach, damaging a company’s relationships with customers and partners.

Types of file sharing

USB storage

Physical drives may be a good option for large files, but the offline process of transferring them can only be completed on one device at a time and the USB device holds no record of which devices the data has been transferred to. The physical storage option also presents another risk – that the device itself could be misplaced, stolen, or damaged, making the data irretrievable.

It can also be an expensive mistake to make. In 2018, Heathrow Airport in the UK was fined £120,000 after a member of the public found a misplaced USB stick containing sensitive information.

Email

In its most simple form, email attachments are a form of file sharing. There are often file size limits which can make this method inefficient. Worse still, if a document is being shared, multiple threads containing different versions of the same documents could lead to confusion and the misplacing of files.

Email is also a common target for cybercriminals. Without effective endpoint security, sharing files via email could result in a data breach.

FTP

File transfer protocol (FTP) is a simple and effective way to transfer large files, such as archives. However, it is not very dynamic and not suitable for managing collaborative documents.

P2P

Peer to peer (P2P) file-sharing may still maintain a shady reputation due to its links with music piracy, but the format is actually a very secure method of sharing private files within a group. Rather than use a central server, P2P file transfers are shared among the network connections of a small group. This keeps files private, but can often be slow and also not useful for collaborative projects.

Cloud

Cloud services host the files on a central repository from which other users can access them. While they are hosted by a third party, access permissions can be controlled to keep documents protected.

Document Collaboration Tools

Third-party hosting allows for much more than storage and ease of access. By hosting a project’s documents centrally, multiple users can work in the same file simultaneously. This type of shared access means that genuine collaboration is possible from a range of devices and remote locations.

Benefits of file-sharing tools for business

While email attachments and USB storage have been the norm for many years, the digital transformation of workplaces has highlighted the flaws of these file sharing methods. Cloud-based services and project management platforms help to address these challenges. These file-sharing tools help to improve security and productivity, with many providing useful features such as: 

• Allowing multiple users to collaborate simultaneously on the same document
• Secure file transfer
• Cloud access to the latest versions of documents.

Project management and collaboration

While mobile working is popular, one of the major concerns that have made businesses wary about its wider use is the restrictions on efficient communication, making delivering projects especially difficult. While real-time collaboration is vital to the success of a project, an efficient file sharing system can bridge the physical gap, enabling campaigns with multiple stakeholders to be run effectively.

Security

Operating file-sharing provides security benefits over the alternative of sending documents back and forth via email. Holding a central version means that documents cannot be accidentally erased or lost. Varying access levels give control over who is able to see or interact with any given files and encryption can protect sensitive documents from being intercepted.

Automated syncing and backup

A cloud-based file sharing platform will help to manage thousands of disparate files, keeping them organized in central locations, automatically creating backups and revisions of documents should anything need to be rolled back to an earlier version. This means that every stakeholder has access to the latest version of the files regardless of where they are or which device they are using.

How to keep file-sharing secure

Despite the many benefits of secure file sharing for business, sharing data and files online always comes with some potential risks. For this reason, file-sharing tools should not be used in isolation and should be integrated into an existing holistic security strategy.

Use a VPN

A virtual private network (VPN) has long been a recommended security measure for protecting business data. With files being accessed outside the traditional physical office more than ever, a VPN is now essential for protecting files from being intercepted when accessed on public or unsecured networks.

Simply, a VPN operates like a tunnel by encrypting and concealing the data being transferred. This means that third parties are not likely to intercept data and even if they do, it would be encrypted and unusable.

Setting up an office VPN for users working remotely will ensure that files can be securely shared between virtual office spaces. This can be used in addition to any end-to-end encryption offered by your file-sharing services, adding another layer of security to shared files.

Password manager

A staple security mantra is that strong passwords are essential to effective security. This remains true but it is hard to police, especially if staff are working from personal devices. The sheer number of passwords that need to be remembered can lead to users opting for convenience over security and using simplified passwords, or repeating them across accounts.

This can easily be avoided by providing a password manager tool. These tools will remember all of a user’s passwords, meaning they only have to remember one for the manager tool. With a business account, you can also set permissions for shared passwords. Better still, many password managers will automatically generate new, secure passwords making it easier for users to remain secure on any device. 

2-FA/MFA

2-factor authentication (2-FA) is a useful tool for ensuring that access to data remains protected as users are required to verify their identity by another means beyond a simple password. For example, a user would be required to provide a unique code alongside a username and password to log into a shared network. This code could be sent to a separate mobile device or email account meaning that even if the password were to be acquired by cybercriminals, they would still not be able to gain access to the network.

Multi-factor authentication follows the same principle as 2-FA but could include additional authorization steps. This could be in the form of a pin number or a biometric identifier, such as fingerprint or facial recognition.

Further reading: How to use multi-factor authentication for safer apps

Limit access permissions

A simple, but often overlooked measure is to regularly assess and update access permissions for files and folders. Users should only have access to the files required for them to do their jobs. This can be split by department, seniority, or individually. By restricting permissions, the chances of files being accessed illegally are immediately reduced simply by having fewer accounts able to view them.

This is not a single-time task and should become a habit as part of seasonal security processes. Staff turnover and changes in campaign plans are just two of the reasons why permissions may need revising or revoking.

Run regular file audits

As important as monitoring the people who have access to files is monitoring the files themselves. Files that are outdated or unused should be removed as a precaution. This not only saves bandwidth but also ensures that the only files that are available to share are those that are actively required for staff to do their jobs.

Minimize human error

While there are numerous ways to better protect files with security software, human error remains the most common cause of a data breach. While some breaches could be malicious, the majority of human errors are likely due to a lack of awareness or training around best practices. This is especially true with unfamiliar software.

From making copies of files and changing access permissions to sharing passwords across accounts, providing sufficient training for staff is a crucial step in ensuring sharing business files online remains secure.

Ultimately, establishing secure file sharing within a business should be integrated as part of the existing cyber protection policy, allowing the tools to operate holistically rather than as standalone applications. Cloud file sharing is the most effective solution for collaborative working, but it is important that the chosen client’s service matches the day-to-day and security requirements of your business.

Unsure which antivirus product is right for your business? Check out the Avast Business Help Me Choose tool to find the best protection for your network and endpoints.

Author: Katie Chadd, 25 August 2020

Are your technology initiatives keeping pace with cybersecurity?

If you’re a small or mid-sized business (SMB), digital technologies may be the foundation of your operations — enabling you to scale, build your team, market your products, or take customer service to a new level. 

Whether it’s cloud solutions that empower distributed teams or advanced analytics that drive business insights, the digital economy is enabling SMBs to compete more effectively and move business forward.

In fact, 2020 data from SMB Group shows that by investing in digital transformation, SMBs are 1.9 times more likely to forecast revenue increases. A Deloitte study also indicated that digital tools have helped business performance for SMBs — 85% of SMBs surveyed believe the digital tools they are using have helped their business in some way.

While there’s no question of its benefits, digital transformation is also changing, often increasing, cybersecurity requirements for businesses. The reality is, as SMBs adopt cloud technologies, enable remote workforces, and more — security must also change and adapt. If security measures don’t match the digital pace, SMBs face cyber risks that can impact the success of digital initiatives. 

In our new SMB Guide to Secure Digital Transformation, we look at how the cybersecurity landscape changes with digital technology adoption and why this makes your business vulnerable to cyber risk. We examine strategies, approaches, and best practices to better secure and continually protect businesses as they make the digital transition.

Understanding digital transformation and its security impact 

The SMB Group defines digital transformation as “using digital technologies to create new or modify existing business processes, practices, models, cultures and customer experiences.”  The phrase itself is also gaining more recognition among SMBs. Data revealed that nearly 60% of SMBs are now familiar with the term and understand its meaning. This has nearly doubled from two years ago.

However you define it, digital transformation can mean many things to a business and it can drive different goals and outcomes. SMBs may also be in different stages of adoption, either fully transitioning to the cloud or putting specific digital strategies into place such as Office 365 or remote work policies. 

All have impacts on cybersecurity. As workers rely on the web and more data and applications move to the cloud, it creates opportunities for unauthorized network access and cyber attacks on web and email. These threats can happen from multiple factors — misconfiguration of cloud services, lack of policies to manage user identity and access, phishing attacks fooling users, and more.  

Reliance on traditional security can also lead to attacks as SMBs often lack the resources or IT knowledge to build layered security strategies to properly scan malicious web traffic and protect users accessing the cloud or working outside the corporate office. The changes driven by COVID-19 are one example, requiring businesses to quickly enable teams to work remotely, access cloud-based video meeting apps, and more. All of this added new risks and we saw new cyber threats emerge as attackers took advantage of insecure remote access and a growing, online workforce.

Adopting digital strategies while staying secure

The key to experiencing the full advantages of a digital economy is ensuring your cybersecurity strategies are in lock step with your cloud strategies and initiatives.

To help you pursue this safely and securely, we created The SMB Guide to Digital Transformation.  Download a complimentary issue today and start building a progressive and secure business.

Tracing apps could do good for states looking to safely reopen, but the associated risks may be severe enough to tip the scales.

Covid-19 contact tracing apps are becoming a hot topic these days, and the debate surrounding their use is going to intensify in the next few months. They’re a promising solution for society desperately trying to respond to the pandemic. But are the security risks contract tracing apps carry going to be severe enough to outweigh their potential benefits? And are consumers going to use the apps often enough for them to make a difference?

These are open questions that’ll be resolved when more apps hit the U.S. market. Three states – Alabama, North Dakota and South Dakota – have deployed or are developing apps that track who an infected person may have had contact with. Google and Apple have partnered to create a software framework for developers to create apps that’ll work on their phones. About 20 apps are currently in development.

So far, security has been a thorny issue. The North Dakota app, Care19, experienced a data leak right out of the box. State officials admitted that the app inadvertently sent users’ location data to Foursquare. Elsewhere, researchers found bugs in apps developed for Qatar, India, the United Kingdom, Australia and the Netherlands that would have exposed users’ locations, personal information and/or personal contacts. The Care19 issue was fixed, but what about the next one in line? The industry’s rush to get to market and the U.S.’s weak security oversight system make the whole contact tracing process vulnerable.

What’s more, the Avast Threat Labs team has reported on an Iranian Covid-19 app that collected sensitive information from users, including their real-time geo-location details. Due to the excessive permissions that it requires, the app was potentially being misused as stalkerware. During the month of June 2020, the app had 169 attempted installs in the U.S. alone. 

Clearly, hackers see tracing apps as a huge opportunity. As Politico recently outlined in a comprehensive piece, you could envision agenda-driven “hacktivists” trying to take down the apps get attention, cybercrime gangs stealing identities or a political group ID’ing a candidate’s secret contacts.

“While the apps are designed to help scale human efforts to do so, they’re also a double-edged sword when seen through a lens of individual privacy and security,” Kelvin Coleman, executive director of the National Cyber Security Alliance, told Politico.

Still, the question remains: Will the apps truly catch on?

For an app to stop an outbreak in a given community, 60% of the population would have to use it, according to a recent University of Oxford study. The same study suggested a smaller set of users, down to around 10%, could still reduce the number of cases and deaths. Other countries haven’t hit that threshold. France is lower than 3%, and Italy’s at about 6%. Care19 in North and South Dakota is in the low single digits.

When contact tracing apps hit your market, what should you do to protect your own information? For one thing, you have to choose to install it. Your information doesn’t transmit unless you install the app. You also can exercise the same kinds of good judgment you do when downloading any app: 

• Take a look at what information you’re potentially giving up
• Accept or deny certain provisions using discretion
• Make sure to look at what permissions you’re awarding before downloading the app
• Covid-19 Scams

Author: Jaya Baloo, 16 July 2020

Online learning presents a new set of risks for both families and educators

Back to school season is upon us. And this year, things look a bit different. Families and teachers alike are having to adjust to the reality of online and distance learning, often facing a steep learning curve in familiarizing themselves with various online tools, software and curricula. 

As if the transition to online education wasn’t enough, the prevalence of scams related to Covid-19 continue to put our online safety at risk. Cyber criminals around the world are on the move, trying to take advantage of the current pandemic.

As we’re now closer than ever online, this can spell trouble for our digital identities. Going back to school, it’s crucial that students, parents and educators ask themselves an important question: What exactly can we do to stay safe when we’re online? Here are five tried-and-true steps we can all take to be more cyber aware, both now and in the future.

1. Protect yourself through a VPN

Think your browser’s Incognito mode is protecting you from being tracked across the internet? Think again. Incognito or “private” mode is designed to keep your browsing history secret from anyone who’s trying to access your computer from your computer. So it’s great if you don’t want others to know what sites you visit, but not so great if you don’t want Facebook, Google, your boss, or the government to know what you’re doing online.

For that, you need a Virtual Private Network (VPN). A VPN creates a secure, encrypted connection so that any information you send or receive over the internet is protected from everyone from hackers to the government.

2. Use a reliable DNS

A domain name system (DNS) is the tool computers use to bring you to the sites you want to visit. So, for example, when you type, “facebook.com” into the bar at the top of your screen, your computer reaches out to the DNS, which comes back with a series of numbers so that your computer can bring you to Facebook. However, an unreliable DNS can send back fake information which brings you to a hacked version of the site you’re trying to access. A reliable DNS , on the other hand, protects your computer by always sending back the real version of websites. For a list of free and public DNS servers, check out this recent article by Lifewire.

3. Get to know your browser

Your browser has a lot to do with how safe you’ll be when you’re online, and with so many browsers to choose from these days, it’s important to know exactly how your browser helps you stay safe online. Our partner, Avast, offers Avast Secure Browser, which is focused heavily on privacy and security — features built in to hide and protect your personal info, prevent hackers from stealing your data, and block ads for faster browsing and online learning.

DOWNLOAD AVAST SECURE BROWSER

4. Update your software

One of the most important things you can do to keep yourself safe online is to regularly update your software. Software updates — from the apps you use every day to the operating system on your computer or phone — often come with security updates, large and small. If you don’t download the update, however, your device is open to attack from those security gaps.

5. Use a password manager

If, say, you fell prey to a phishing attack through email or social media, then how secure would the rest of your accounts be? If you use the same password for multiple sites, not very secure. That’s why it’s essential to create unique passwords for every login and every website.

But who has the memory to keep track of all of those? Certainly not me. That’s where password managers come in. Password managers are secure vaults where you can store every single password. All you have to remember is one master password to gain access to any login information that you need. They’ll also generate random passwords for you, either as a combination of letters and numbers or as unrelated words.

And if you want to create a password on your own, without the help of a password generator, one idea is to use three completely unconnected words — like, for example, zebraautohouse — words you can combine for a more secure password.

6. Make use of adblock

Today’s elementary-age students are incredibly technologically savvy. This allows them to learn to read and write, as well as interact with online tools, at an early age. While this development is significant for kids, it also means that they’re faced with digital threats before they’re properly capable of protecting themselves.

Since it can be difficult for children to identify suspicious content online, installing an ad blocker, as well as parental controls, can aid them in browsing the web and avoiding malicious sites.

The internet is amazing — but it’s also dangerous. It’s up to each of us to become more cyber aware and to share that awareness with others, so we can protect ourselves and stay safe while preparing for the upcoming school year. Follow these tips, and you’re off to a great start.

Author: Grace Roberts, 19 August 2020

Are your technology initiatives keeping pace with cybersecurity?

Part 1: Understanding the security impacts of digital transformation

If you’re a small or mid-sized business (SMB), digital technologies may be the foundation of your operations — enabling you to scale, build your team, market your products, or take customer service to a new level. 

Whether it’s cloud solutions that empower distributed teams or advanced analytics that drive business insights, the digital economy is enabling SMBs to compete more effectively and move business forward.

In fact, 2020 data from SMB Group shows that by investing in digital transformation, SMBs are 1.9 times more likely to forecast revenue increases. A Deloitte study also indicated that digital tools have helped business performance for SMBs — 85% of SMBs surveyed believe the digital tools they are using have helped their business in some way.

While there’s no question of its benefits, digital transformation is also changing, often increasing, cybersecurity requirements for businesses. The reality is, as SMBs adopt cloud technologies, enable remote workforces, and more — security must also change and adapt. If security measures don’t match the digital pace, SMBs face cyber risks that can impact the success of digital initiatives. 

In our new SMB Guide to Secure Digital Transformation, we look at how the cybersecurity landscape changes with digital technology adoption and why this makes your business vulnerable to cyber risk. We examine strategies, approaches, and best practices to better secure and continually protect businesses as they make the digital transition.

Understanding digital transformation and its security impact 

The SMB Group defines digital transformation as “using digital technologies to create new or modify existing business processes, practices, models, cultures and customer experiences.”  The phrase itself is also gaining more recognition among SMBs. Data revealed that nearly 60% of SMBs are now familiar with the term and understand its meaning. This has nearly doubled from two years ago.

However you define it, digital transformation can mean many things to a business and it can drive different goals and outcomes. SMBs may also be in different stages of adoption, either fully transitioning to the cloud or putting specific digital strategies into place such as Office 365 or remote work policies. 

All have impacts on cybersecurity. As workers rely on the web and more data and applications move to the cloud, it creates opportunities for unauthorized network access and cyber attacks on web and email. These threats can happen from multiple factors — misconfiguration of cloud services, lack of policies to manage user identity and access, phishing attacks fooling users, and more.  

Reliance on traditional security can also lead to attacks as SMBs often lack the resources or IT knowledge to build layered security strategies to properly scan malicious web traffic and protect users accessing the cloud or working outside the corporate office. The changes driven by COVID-19 are one example, requiring businesses to quickly enable teams to work remotely, access cloud-based video meeting apps, and more. All of this added new risks and we saw new cyber threats emerge as attackers took advantage of insecure remote access and a growing, online workforce.

Adopting digital strategies while staying secure

The key to experiencing the full advantages of a digital economy is ensuring your cybersecurity strategies are in lock step with your cloud strategies and initiatives.

To help you pursue this safely and securely, we created The SMB Guide to Digital Transformation.  Download a complimentary issue today and start building a progressive and secure business.

Author: Avast Business Team, 28 April 2020

There are a number of key data security issues to be aware of in cloud computing. Find out more about what they are and how to protect your data in the cloud.

With the proliferation of online activity, more and more information is saved as data every day, meaning that more is being stored in the cloud than ever before, opposed to hardware. There are three types of cloud: public, private and hybrid. Public cloud is the most common, in which resources such as servers and storage – including all hardware, software and supporting infrastructure – are owned and operated by third-party providers. Private cloud refers to resources that are operated by a single organization but may be hosted by third parties. Hybrid cloud amalgamates the two, offering the ability to move data between public and private clouds. Sensitive information can be privately hosted by the organization, while other services can be stored in other public clouds, external to the company.

Data security in cloud computing, such as antivirus for cloud systems, works to protect digital information from any threats that could jeopardize its integrity. Data that is stored online often holds private information – such as addresses, payment details and medical documentation – that becomes the target of cyber criminals. Security capabilities are put in place to combat cyber threats and vulnerabilities, ensuring data is not leaked which could endanger those whose private information has been released.

When data is in transit, meaning it is actively moving between locations, it needs to be protected. When data travels between networks – cellular, WiFi or other – it is often deemed as less secure as it can fall outside of a firewall, meaning cloud security and privacy are more at risk. When finding a security function to protect your information, you should ensure it also covers data when in transit. Many safeguarding features opt to encrypt data within the cloud infrastructure when on the move to protect it.

What are the security issues in cloud computing?

There are a number of security issues involved with cloud computing that can place data in danger and make it more vulnerable to attacks. For example, data in transit often falls at risk when, in the process of moving locations, it is no longer covered by a firewall. As the cloud was designed to be used by multiple users, this makes it more susceptible to attacks, as multi-user means multi-access. With more people – and more devices – having access to the cloud, the danger of cyber criminals entering the infrastructure increases.

Data breaches

When the safety of data is compromised within the cloud, this can lead to attacks such as leaked data. If the cloud service – or a connected device – is breached, sensitive data has been accessed. If a cyber criminal has access to this information, they could choose to distribute it. When the data in storage is transferred, either electronically or physically, it becomes leaked. As the cloud does not use hardware, cyber criminals can leak cloud data online or by remembering information and distributing it later. Also known as low and slow data theft, data leakage is a common danger in cloud computing.

Personal health information (PHI), personally identifiable information (PII), trade secrets and intellectual property are often the targets of data breaches and require some of the highest levels of security in cloud computing.

Data loss

Another common cloud storage security risk is data loss. As opposed to information being stolen and distributed, it is erased entirely. This could either be the result of hacking, a virus or a system failure – this poses an issue when data is not backed up, highlighting the importance of securing cloud services. However, if a cyber criminal is targeting specific data, they may target the backup as well.

Data loss can be damaging for a business – the information can be difficult or impossible to recover, and you may find recovery attempts use a lot of time, money and resources. Some data may have to be recreated, and others may be found in hard copy formats that need converting. Data loss can be very disruptive to workflow.

Cryptojacking

Cryptojacking is a form of threat that uses resources to mine cryptocurrencies. The threat can control cloud networks to hack web browsers and compromise endpoints. This can happen if there are weaknesses in security and the cloud infrastructure becomes vulnerable, enabling devices to be hacked without the user’s knowledge to mine cryptocurrencies.

While cryptomining is legal, this mining activity can then use up a lot of resources, hence why cyber criminals opt to mine on devices that aren’t theirs. You may find you have higher electricity bills, lower battery life and slower processes. Cryptomining can be a profitable business, however, in order to be successful, you will likely have to spend a lot in advance on the resources you use.

Other security considerations

Data laws vary across the world. In many regions, legislation states the responsibility for safeguarding data lies with the company storing it. In this case, you may be required to have the appropriate protection against cloud computing security attacks to avoid any issues with the law, such as compliance violations, as well as your own peace of mind.

Customer and client trust

As businesses are legally required to disclose if they have been subject to a data breach, clients will know how secure companies’ security measures are. This can have a huge impact on trust and retention, as 87% of consumers will take their business elsewhere if they don’t trust how a company with their data. By being able to showcase how secure your operations are, you are more likely to get new customers and keep your existing ones.

Revenue loss

As a direct result of losing clients, businesses may also face revenue loss. This could also be the result of the attack itself – paying compensation to those affected by the leak or loss of their sensitive information, the resources and technology used to fix the problem and updating the security platform. Other expenses could also include lawsuits and marketing campaigns to rebuild reputation.

The average cost of a cyber-attack reached $13m in 2018, increasing by $1.4m from 2017 – installing security software could end up saving you millions.

How do I protect my data in the cloud?

There are several key features that a strong antivirus can offer to provide ultimate data security in the cloud.

If working in real-time, a security solution can keep your data safe at all times. With advanced scanning and detection, the automated process can remove human error – saving time and improving accuracy. Real-time updates will alert of any issues as soon as they arise, allowing you to respond as soon as possible. Real-time software offers constant monitoring and response, leaving no gap in protection.

However, in the event that data is lost, it is important that data backup is featured in a business’ data policy. Enforcing a policy in which employees backup their work – either online or on hardware – can help save time, money and resources when managing data loss.

Arm yourself against the latest cloud computing security threats

Get protection to ensure your data is secure, or try it for free for for 30 days. Contact us for details.

Avast Business Team, 18 April 2020

Learn more about the role infosec plays in keeping businesses running smoothly and resiliently in the face of this global health crisis. 

In these times of the COVID-19 crisis, businesses must go back to the basics. And that means understanding how to provide the best-in-class customer service, taking care of their employees, and being resilient to this disaster. These all revolve around making sure that your business continuity is up to snuff. While it is possible that you may not experience any disruption, you might as well plan ahead.

In the old, pre-coronavirus, days, business continuity usually meant doing disaster recovery drills and setting up duplicate data centers that could come online in case the main data center was unavailable for a period of time. Those days are behind us now. Not to be alarmist, but we are living in different times, and we have to think of continuity in a new light. The notion of having a “headquarters” staff working “on your network” takes on different meaning.

In my blog post on 17 March 2020, I outlined what my own journey was like toward supporting this new working environment. But building a resilient business is a lot more than just figuring out how to set up a VPN and produce a few web conferences. 

At the core of continuity is ensuring that your processes and applications and data are intact, no matter what happens to your Internet connectivity or your servers. Do you even have a current list of your business-critical applications? Probably not. Just look at any of the number of ransomware victims over the past year: how many of them couldn’t get their systems restored because they forgot to do backups of one or two forgotten systems? We are operating on a larger scale and that means solving potentially more complex problems.

As I mentioned in my blog post on 21 October 2019, last year we discovered a network intrusion we called Abiss that began in May and wasn’t recognized for several months. Granted, this was a very sophisticated attack designed to elude our tracking systems. While no customer or sensitive data was compromised, it motivated me to examine all of our monitoring systems and resulted in redesigning them to improve our response times for future intrusions. But there are several other things we are doing to become more proactive and boost our resilience to provide better continuity. These include:

• Make sure your network and your employees’ can support remote working. I am noticing that a lot of companies have not sized their connectivity for remote working to encompass their whole workforce. The resulting stress on their network inhibits remote working. Just as challenging if it fails, do your employees have sufficient bandwidth to do their work. 
• Make sure your team is ready to work remotely. I am also seeing a lot of end user challenges. People do not have the right software, they don’t know how to access the applications they use, and they are not familiar with remote working protocols for VPN use, authentication, and application access. 
• Improve phishing awareness education and training.  One phished email can bring down an entire network, and all it takes is a few milliseconds to misjudge the email and malware has found its way to one of your endpoints. We have put together our own awareness training, and we do it often. This is because we know our own environment best and we can easily create very believable emails that can serve as a teachable moment for our staff. 
• Teach your staff to think like hackers. The more your own staff can understand how a hacker thinks and tries to worm their way into your network, the more resilient you will be. 
• Gamify learning. We have to make learning about cybersecurity fun rather than a chore. This means your staff will be more motivated to widen their knowledge and understanding of the issues. Not everyone is a cybersecurity specialist, nor wants to play one on TV. I also try to give our people tests sparingly — such as only when they have completed our training courses to see if the knowledge has stuck with them.
• Build a functional security operations center (SOC), not just a stage set. A SOC should support your people, not have ten thousand screens that are pretty to look at but that really say nothing. The utility of a SOC is to be able to provide subtle clues that something is wrong with your infrastructure. As an example, you may still have firewall rules that allow for malware to enter your network. Whether you have your own SOC or outsource it, its capabilities should match what is going on across your network. And critically, your SOC needs to also be remotely enabled as well. 

Improving your business resilience is a journey, not a destination. If you take these above steps, you can improve your cybersecurity and help ensure your business will not only survive but thrive in the future.

By: Jaya Baloo, Guest Contributor