Tag Archives: security

Improve your IoT security.

Make IoT Efforts Worthwhile with IoT Security

Improve your IoT security.The biggest problem in Internet of Things (IoT) networks is just what makes them so powerful. IoT networks depend on dozens, even hundreds, of small devices that relay information back to a central point. The devices have to be simple; if they were complex they couldn’t be so easily deployed. The simplicity involved means that protection sometimes suffers, so the proper use of IoT operations comes with a clear focus on IoT security.

IoT Security Makes a Porous Network More Resilient

Shoring up that porous network can be a lot simpler than some might expect.

Consider regulations. Your customers may already be working under a set of regulations that dictate security measures to take. Generally, these will cover what’s needed for IoT security since that same data needs to travel the network covered by regulations.

Check your passwords. Let your customers know that proper network security starts with good passwords. Ensure the passwords in place use mixes of letters, numbers and symbols, and also consider the use of multi-factor authentication, like using a text message to an employee’s cell phone or the like.

Never use the stock password. If a device comes with a password, your customer should change it immediately. Hard-coded passwords can be used by outsiders, and by making a change as quickly as possible during installation, that improves the chances of keeping outsiders out.

Don’t leave everything on. Some IoT devices come with features that aren’t really necessary, and some of these can be used to circumvent security. Shut off automatic connection or buttons that allow password changes.

Consider your traffic. Your customers should check the software ports on your IoT devices; if they’re not already blocking incoming traffic, be sure those ports are restricted. Also suggest that your customer consider the use of a virtual private network (VPN) to further mask traffic.

Look into encryption. So much of security is about keeping outsiders outside, but why risk data security on that all-or-nothing ploy alone? Using encryption to protect data allows companies to get the best of all worlds. While perimeter defense works to keep hackers out, encryption makes their efforts ultimately fruitless.

Getting Started with IoT Security

IoT benefits are wide-ranging, but IoT security is vital to making sure your customers get the most out of the system without leaving themselves wide open to outside intruders. Learn more about IoT security by getting in touch with us at MicroCorp. We have a wide range of solutions available, including a complete slate of complex network solutions that includes over 80 different carrier and service providers.

How can you become the security expert your customers are looking for?

Security: Your New Secret Weapon in the Competitive Edge Wars

How can you become the security expert your customers are looking for?The competition is absolutely everywhere. How do you stand out and protect your own market share when rivals are offering similar pricing? One way is to be the go-to resource for one of the biggest problems a business faces: security.

How Do I Become the Go-to Resource for Security?

Being a resource in security is a great way to present a value proposition, and becoming that resource can be a simple process.

Learn the risks. Risks vary widely, and often change. Whether it’s the theft of privileged access credentials, assaults staged by insiders within the company, or issues over control of access, there’s a lot of risk out there. Even the burgeoning Internet of Things (IoT) market and the new endpoints—and potential points of weakness—that come with it mean a whole new set of risks some may not have even considered. Whether you’re talking about perimeter defense or internal data defense, there are risks all over the spectrum.

Learn countermeasures. It’s not enough to just know the risks, however, as you’ll need to learn how to address these risks. Securing endpoints, using encryption to protect data that’s already in the fold, and even how to make sure that security tools like the USB-based Rubber Ducky are used for their intended purpose only will help make you the first stop when businesses want better security.

Learn from peers and industry experts. You can train yourself until you’re blue in the face, but nothing will empower you to become the security expert your customers need better than connecting with those who are already experts in the field. Connecting with industry colleagues and folks who’ve been doing it a while can be the most valuable method of educating yourself. Learn more about MicroCorp’s Solutions Alliance program to connect with an ecosystem of providers and partners who can help you become an expert in security and more.

As a master agent, we work with a wide range of products and businesses, and can help make you the security force in your area that your customers are just begging to work with. So get started by getting in touch with us to build yourself into a security expert your customers can count on.

Infographic: SD-WAN In The Year Ahead: Waxing, Waning, and Changes

Like any innovative technology, SD-WAN evolves rapidly. For businesses utilizing SD-WAN or evaluating its implementation, there are a few considerations to keep in mind for the coming year.

Continue reading

Check out our ultimate guide on selling SD-WAN to learn more about the technology itself, how it integrates and supports other solutions, and how channel partners can take full advantage of it.

SD-WAN answers many of the challenges posed by security that demands a higher focus on networks.

SD-WAN Offers Answers to Network Security Problems

SD-WAN answers many of the challenges posed by security that demands a higher focus on networks.Enterprises often take a layered approach to security, deploying solutions for network, compute and application. With so many solutions increasingly being network-centered, such as Internet of Things components and cloud technology, many organizations are recognizing the need for a network-focused security strategy. In many cases, software-defined wide area network (SD-WAN) is able to address the challenges of network security.

Networks are the area to which there’s been the most change in recent years, so it makes sense that security is more advanced in this realm. Here are five recommendations for implementing secure SD-WAN:

  1. Add encryption to your WAN transport. When they choose SD-WAN, companies have access to low-cost broadband and can encrypt all Internet flow to each site without the need for administrators to make manual configuration changes to routers after each change to the network. It’s also important to note that SD-WAN is more secure than most private IP services because there can’t be a breach to the data even if the carrier network is threatened.
  2. Make sure your cloud connection is secure. It doesn’t matter how secure your client’s public cloud service is, whether they’re accessing Amazon or Salesforce. Every time they transfer sensitive data over the Internet to get to the cloud service, it’s an opportunity for a security breach. The SD-WAN provider may offer granular Internet breakout so that your client can distinguish between security mandates to move traffic through particular secure gateways. They’ll also have next-generation firewalls stationed at your branch or in the cloud or data storage center. All of the inherent risks associated with cloud solutions is mitigated by SD-WAN.
  3. Cover local branch security. Each of your client’s branch offices will require security, especially in cases where there is direct Internet access. The cost of buying and configuring physical appliances for each site can be prohibitive, and this method requires an engineer to travel to each site. SD-WAN allows your client to deploy VPNs, firewalls or WAN optimization from a central location by using network functions virtualization. This makes it convenient to provide security coverage for each branch location.
  4. Meeting requirements for compliance. The rules governing healthcare and financial services, including HIPAA or PCI data security fit perfectly with SD-WAN technology. SD-WAN allows the enterprise to create virtual overlays to segment applications traffic.
  5. Create secure segmentation. Segmentation allows the IT team to isolate applications traffic for security purposes or to work with specific performance requirements. While legacy networks could do this, it was time-consuming and challenging. Segmentation with SD-WAN allows for consistency of configurations and best practices defined and enforced through business intent policies.

With security becoming a growing IT cost, MicroCorp anticipates more customers selecting an SD-WAN technology to create a secure and manageable cloud-based environment. As the demand for more agile, cloud-based WAN-technologies accelerates, we continue to provide focus to the variety of WAN technologies available. Contact us today to find out the best solution for your business.

Check out our ultimate guide on selling SD-WAN to learn more about the technology itself, how it integrates and supports other solutions, and how channel partners can take full advantage of it.

Ransomware is one of many threats that force IT organizations to shore up their processes.

With the Proliferation of Ransomware, Is Bitcoin Your Only Option?

Ransomware is one of many threats that force IT organizations to shore up their processes.Do you have a bitcoin wallet? That’s not a question that was posed very often a few years back, but it’s becoming common lately as ransomware attacks have grown more prevalent. The question you may be asking yourself today is, “why should I pay a ransom?”

The reason most companies end up paying a ransom after they’ve been hit with a cyberattack is that they want to preserve their reputation, their data, and in turn, their clients. Businesses don’t have the luxury of not negotiating with malicious actors who demand payment in return for their own data. And whatever amount is paid will only be payable in bitcoin, because it’s untraceable.

One factor leading to the proliferation of ransomware attacks is that many IT organizations aren’t good at patching or updating their systems and keeping data backed up. This allows cybercriminals an easy way in, and since the organization has no backup, they’re left without access to their sensitive and valuable data.

Some IT organizations are good at backing up their data, yet that generally only corresponds to critical servers, not end user systems where much of the data resides. And this is where most of the attacks are aimed – at end user systems.

Even for organizations that excel in patching and backing up, there are serious challenges when it comes to managing identities and controlling access to systems. This allows the infected code to seep across the system, going unchecked because it utilizes real accounts to gain access.

For organizations that do not patch, back up, or control access, they create the perfect scenario for a ransomware attack. This is when it becomes critical to have established a bitcoin wallet in order to regain control of data.

Ransomware isn’t the only enemy – there’s also extortionware and a host of other wiper malware with the sole intent of erasing data.

At MicroCorp, our clients count on us to keep their systems up and running and safe from attack. We do our part while educating end users to make sure they’re doing theirs. Contact us today to learn more.

Disaster Recovery

The Increasing Importance of Disaster Recovery Planning

Disaster RecoveryHow secure is the cloud, and how much need is there to have a disaster recovery plan? These are valid questions as the Internet of Things (IoT) comes into full bloom and the world becomes increasingly digitized.

Recently, an outage of Amazon Web Services (AWS) brought some attention to cloud disaster recovery. For companies running critical systems in the public cloud, this outage made them more aware of the potential for problems. However, despite the human error that led to this outage, a public cloud infrastructure still has advantages to on-premise data centers. At the same time, cloud IT services aren’t impervious to issues, which is why it is critical to have a disaster recovery plan in place.

Whether you’re a company as large as Amazon, or a mom and pop startup operating in the cloud, you need to focus on business continuity and disaster recovery options. These strategies, when properly implemented, will help you protect your data.

Your strategy should center around backing up data at multiple, geographically disparate locations. Should a natural disaster occur and several data centers are wiped out, the data will still be available from a location that is far removed from that natural disaster.

The loss of data can come at a great expense for your company. Take British Airways as an example. The company experienced a computer failure that resulted in losses estimated around $200 million. The damage to the British Airways brand was significant as passengers around the world were left stranded. While the company continues to blame a power surge for the problem, it’s rumored that the fault was actually with a back-up system that was supposed to provide uninterrupted power to the computer system.

While cloud-based systems are most often a better choice than on-premise solutions, it’s not always the right answer in every situation. Cost for long-term use can be prohibitive for some organizations. Also, due to a shortfall in qualified individuals working in cloud infrastructure, security is sometimes suspect. While it’s true that some cloud types offer better security than others, organizations give up control over too much of their data in many cases.

At MicroCorp, we are a master agent that takes cloud security and disaster recovery very seriously. With many years of experience in offering multi-layer support services, we have our agents and their clients covered. Contact us today and let’s discuss how you will maintain control over your data while experiencing top-notch business continuity and disaster recovery efforts.

What are the Security Benefits of a Multi-Cloud Solution?

Learn about how disaster recovery, cloud storage, and more can help improve your cyber security.A multi-cloud approach works well for a large number of enterprises who’ve made a digital transformation. RightScale’s 2017 State of the Cloud Report found that 85 percent have a multi-cloud strategy. That is up from 2016 where 82 percent reported a multi-cloud approach.

There are several benefits to implementing a multi-cloud solution:

  • Disaster recovery: A cloud outage serves to demonstrate the potential pitfalls of a single cloud solution. Many companies haven’t fully thought through their disaster-recovery procedures, but multi-cloud does offer protection compared to a single point failure.
  • Prevention of lock-in: Enterprises are reluctant to lock in with only one vendor, and multi-cloud approach allows them the flexibility to switch vendors or take advantage of the benefits of each of a variety of vendors.
  • Workload performance: Enterprises like the ability to match the workload with the cloud provider that makes the most sense. For instance, Windows applications workloads match best with Microsoft Azure.
  • Cloud hydration: One of the challenges of digital transformation is the movement of data from traditional storage to cloud storage. A multi-cloud environment makes it easier to concurrently move data to new cloud platforms.

A couple of major, multi-hour cloud outages that occurred this year provided some guidelines for establishing an even better, more secure multi-cloud solution:

Store data in two locations. In case of a cloud outage, it’s a good idea to store data in two places so that you are never fully compromised on your ability to access data. There are several approaches to this, such as storing data both in a cloud storage solution and an on-premises server, or you can use a single-cloud solution with multiple access points.

Choose redundancy architecture: Duplicate your major applications in multiple locations. Whether you are employing public or private cloud, a hybrid solution or an on-site system, consider implementing redundancy policies so that you avoid lock-in with one provider or the risk of not being able to access your key software during an outage.

Check out the competition: Check out their competition, not yours. The increase in cloud providers means that you can use a multi-cloud solution to choose the applications that make the most sense for you, based on both cost and security features of the provider.

Choose native storage options: This means that you want to choose providers and storage solutions in which storage is a core feature, not an additional feature that’s “bolted on” to another application.

At MicroCorp, we come alongside you to help you design a secure multi-cloud environment that matches providers to your specific business needs. Call us today for more information.

Four Steps to Be Sure Your Security Isn’t at Risk Because of Your Vendor

Make sure your cloud provider isn't jeopardizing your cyber security.It seems like every day there’s a new security breach in the news. Some IT professionals have recurring nightmares of their company’s name splashed across the headlines and a pink slip in their mailbox. What isn’t often reported in these stories, however, is the vendor’s role in that security breach.

When you engage in a cloud provider/vendor relationship, you probably spend a lot of time making sure performance and contract compliance are priorities. For many companies, though, there’s not enough time spent on determining who is covering each aspect of security. Here’s what you need to know:

1. Put it in the contract. Your vendor contract should include specific and precise information about your responsibility and your vendor’s for security coverage. Include the following items:

  • Security reviews and periodic audits
  • Cyber insurance
  • Access controls
  • Incident response
  • Risk sharing

2. Schedule security audits on a regular basis. These can be questionnaire-based or they can include as much as an on-site audit, depending on the level of risk and investment you have with that vendor. You can also use a mix of approaches, with on-site visits occurring less frequently based on the responses you receive on the questionnaires.

3. Make SOC a requirement. While current System and Organization Controls (SOC) reports won’t provide you with insight about the risk level of your vendor’s security management protocols, there is a new SOC report framework — called the SOC for cybersecurity — that audits cyber risk security management. You should include provisions in your contract that require your vendor to perform a SOC audit each year or whenever there’s a significant change to their security structure.

4. Conduct access and security reviews:
 This should be a daily review by your team to determine whether there’s any unusual activity coming from your vendor. There are independent services that will conduct these reviews, and though you may generate some false positives at times, you do need to be regularly examining the activities of your vendor with your system.

Security isn’t likely to be the most exciting topic on your list when considering a migration to cloud solutions. If you’ve been through the implementation of a cloud application, though, you likely have seen the security-related problems that can come up.

Get out ahead of any security concerns by including specific provisions in your vendor contract. Decide who will cover each area of security and make sure that security is a prioritized part of the conversation, rather than an afterthought. You may assume that because a vendor offers the latest software available, that they also have a proactive security solution. As you’ve seen in the news, it’s your reputation on the line.

If you want to work with a partner that values your security, talk with MicroCorp. We take a proactive approach to our clients’ security and partner with you to make sure that your system and your data are protected. Make an appointment with us to talk about the right solutions for your company and the steps you need to take to protect them.

Security, SMB

SMBs Ready to Embrace Managed Security Services

Are you selling managed security services to SMBs?Small and mid-sized businesses (SMBs) have traditionally not been keen on outsourcing for a few reasons, but a sea change is occurring for SMBs when it comes to security and technology. Businesses using managed services to handle security needs have to hand over mission-critical control of their network infrastructures to service providers. A rising number of SMBs are electing to do this and more.


In-House Security Losing Steam

While managed security was initially popular with enterprises hoping to simplify and coordinate security across multiple locations, it is looking more and more attractive to one- and two-location business owners who realize these threats are indiscriminate in who they target.

With new security threats churning out at a fever pitch, it is almost impossible to stay relevant with security in-house. Even with just one location, adequate security needs to consider firewall management, intrusion detection, malware detection, compliance requirements, email encryption, user authentication, and, most importantly, active monitoring.

According to a study cited in CIO, 40% of businesses are using part time employees to manage their security. That is alarming. This setup compromises effective monitoring and cuts down on time to detect attacks from 24/7 to someone not even on the clock 9-5. The level of scrutiny and speed of reaction need to be looked at if you want to take your network security seriously. Outsource to a provider that guarantees around-the-clock monitoring in the service level agreement. Employees do not come with SLAs.


Security Specialization

The number and variety of security threats facing businesses today require true specialization to conquer. Although enterprise businesses led the charge for managed security, there is a multi-dimensional landscape of security concerns that affect businesses of all sizes. Skills and time are at a premium, and a greater number of business owners are finding security is not a piece of their business they want to gamble on.

What is your peace of mind worth? MicroCorp can connect you with a portfolio of managed security providers to find the right fit for your customer’s security vulnerabilities.

Hacker

Preparing for Today’s Generation of Ambitious Hackers

Make sure your cyber security strategy will protect your business against today's hackers.Online businesses are increasingly improving against their brick-and-mortar counterparts. With this success, however, has come a whole new threat: the rise of a cyber attacker who isn’t showing much restraint, even for the biggest targets.

Hacker Ambition on the Rise

In just the last couple years, hackers have been seen going after targets that even five years ago might have been unthinkable. While retail store breaches were standard fare, new cyber attackers pursued online banks, and some evidence suggests that hackers may have even targeted the 2016 U.S. Presidential Election, though to what extent is unclear.

The growth of the Internet of Things (IoT) has emboldened some hackers, who in another incident used connected devices as part of a massive botnet of semi-autonomous connected devices to engage in distributed denial of service (DDoS) attacks that shut down websites.

Surprising Weaknesses Appear

Perhaps the good news in the current hacking-filled environment is that it reveals just how insecure networks really are. Stolen credentials are only the beginning, and lower-tech attacks do plenty of damage as well. Business email compromise–essentially just highly-targeted phishing operations–caused $3 billion in losses over three years, according to Symantec.

More Cloud, More Problems

Perhaps worst of all, companies are contributing to their own downtime through everyday business processes. The growth of the IoT is putting more potential points of access into play, and many of these are poorly secured thanks to a faulty perception that a connected device is a low-value target. The device itself may be, but the network that it’s connected to is of much higher value.

Symantec’s reports were grim on this front as well; attacks on IoT devices doubled throughout 2016, and at the worst of it, there was one attack every two minutes on an IoT device. Increased movement to cloud-based systems was likewise bringing out fresh targets of opportunity for hackers.

Eternal Vigilance Is the Price of Liberty…Online

So what can be done? Proper security must be observed at every turn, even when doing so seems inconvenient or cumbersome. Furthermore, the tools to protect security must be improved; after all, tools that cause as many problems as they prevent aren’t worth using.

Tools like those found at MicroCorp can be a great start toward a process of continuous security improvement, helping users better protect systems against outside intrusion. It’s a project that requires everyone’s cooperation, from the end user to the security developer, and one that makes us all safer. For more information about how MicroCorp can help secure your business, contact us today.