Internal team or outsourced, managed services provider? How to choose the right IT solution.
IT outsourcing is when a business uses an external IT service provider to deliver some or all of the functions required by a company and includes managing infrastructure, IT strategy, and running the service desk. IT providers can take full responsibility for all maintenance and support. This approach is also known as fully managed services. They can also provide additional support to an internal team, an approach usually taken by larger organizations.
No matter the size of your business, the large majority of companies have some IT requirements. Many companies will find IT critical to the day-to-day of their business. Not only do you need to think about the business’s overall IT requirements, but each department within the company. It’s not uncommon for each department to have their individual needs – such as specialized programs, software or workflows.
Most businesses will need some dedicated IT resource. Still, the trouble comes in deciding whether to build your own internal IT team or opt for outsourced IT support. There are benefits to both approaches. However, the key to success is determining which is the best fit for your business.
In-house IT support
Hiring the right people with the right experience and qualifications can allow you to build a support team with in-depth and specialist knowledge that correlates directly to your company’s specific systems. If based on-site, they will most likely be available immediately and solve issues reasonably quickly. Some companies see this as invaluable for potential emergencies, such as security breaches.
However, it can take time, patience and significant capital to build an internal IT team. Businesses must also understand what skills they will require in the future to create an effective team, and even for the most forward-thinking business leader, this is not easy to predict.
One-off recruitment fees are not the only consideration. The average salary for an IT specialist, according to Glassdoor, is around $86,000. For an IT Manager, you could be looking at $108,000 or higher. You’ll also need to think about ongoing training costs along with salary considerations because you’ll want your team to stay up to date with current best practices and certifications.
Another con to working solely with an internal IT team is the need to rely on only one or two people to manage your entire IT environment. Even the most experienced IT specialist will have knowledge gaps. Relying solely on a small team could cause you problems with sickness or holiday cover or potentially lead your team members to become burnt out. What would happen in the event of one member of your two-person team being on holiday and the other falls sick? You also need to consider who will be responsible for covering issues outside of regular working hours. You cannot realistically expect a single person to be on call 24/7, 365 days a year.
Outsourced IT support
One of the most significant benefits of IT outsourcing is the financial advantages it offers. Generally, outsourced IT support is more cost-effective than an in-house team, and you can expect to pay a fixed rate. The exact price typically depends on the number of users and the level of support, but outsourcing tends to be the most cost-effective once you do the calculations.
With outsourced IT support, you have support whenever you need it, so you don’t have to worry about things like sick days and holiday cover. Most IT providers have a dedicated out-of-hours line to access support whenever you need it and can resolve many issues remotely, so you may not need a full-time team on-site at all times.
You will also have on-demand access to a broader pool of expertise. A quality IT partner will have staff with a range of experience and qualifications, and as such, should be able to find someone to help, whether it’s to assist with a quick fix or for long-term projects. With an internal IT team, they may lack experience in a particular area, which may mean you need to bring in a freelance consultant. While they may only be short-term hires, contractors often require higher day rates.
Some critics argue that a third party will never be as effective as an employee or be concerned about data privacy, data ownership and disaster recovery. However, with the right IT managed services provider, you can easily avoid most of these issues with agreements in place governing the quality of service you receive. Service Level Agreements outline and prioritize how to handle the problems that arise, response times and the penalties should they not be achieved. Customer retention rate and recommendations can also give you a rough idea of quality.
It can be challenging to decide which approach is the right fit for your company. The most important thing is to find the right IT service provider who understands your business needs.
Financial Services IT: Add Business Continuity to your Bottom Line
As a financial services firm, your clients depend on your guidance to help them make the most out of their fiscal decisions. From accounting to hedge fund management, your clients gain peace of mind when appropriately advised. These relationships require trust, often built over time. What would happen if that trust were threatened? How long could you keep your clients at ease if they could not retrieve information or make withdrawals? What would happen if you couldn’t get their tax returns filed in time? What would happen if someone’s identity were stolen and you couldn’t access their information to stop it?
In the financial industry, downtime can be detrimental to your ability to do your job and customer relationships. Nowadays, downtime threats are not only weather-related. Entire systems can fall victim to ransomware, and individual identities can be stolen. In these instances, your clients will turn to you for financial security. Being able to deliver that service is crucial to your reputation and business’ livelihood.
A False Sense of Security
While you may be taking some precautions, such as securing and backing up your sensitive data, sometimes that’s not enough. There is a common misconception that data is safe if backed up once a day. Still, this outdated practice is no longer sufficient for several reasons:
- If you forget to perform the backup or the backup process fails, you’re not protected.
- If you only back up your files once a day, you’re left vulnerable to the loss of an entire day’s work.
- If you don’t correctly validate your backup files, you could be in for an unpleasant surprise when trying to use those files to restore your company’s operations.
- If you only back up your files on-site, you could lose them too—leaving you with no way to meet client requests.
- If you only back up your raw data, rather than all your application and server configuration files, it could take several days to restore your practice —because you will also have to rebuild your servers, operating systems, applications, etc.
Some financial services firms turn to business interruption insurance to cover the costs to rebuild, restore, or regain lost income. While an insurance provider may write you a check for the cost of a server that gets damaged due to a broken pipe, it won’t protect you from damaged client relationships. Ultimately, your reputation isn’t something for which you can easily be compensated.
How Vulnerable Are You?
If your company identifies as a business that doesn’t have the IT resources to effectively recover from a significant outage, make sure you’re weighing all of the factors around the costs of downtime. Here are the facts:
- US businesses lose $12 billion annually due to data loss.
- 93% of companies that lose their data center for 10+ days file for bankruptcy within one year.2
Best Practices for Financial Services IT
In a 2017 survey by the Depository Trust & Clearing Corporation, 71% of financial services firms reported cyber risk among their top five concerns. Their concern seems justified as 2017 was a costly year for the financial services industry. The Ponemon Institute reported that the cost of cyber attacks in 2017 averaged $18.28 million per financial services company. These costly incidents seem to be on the rise, but there are some precautions you can take to safeguard your data:
- Outsource your company’s IT needs to an expert who has experience in the financial industry.
- Don’t sacrifice quality to save money when purchasing hardware. It will benefit you (and your bottom line) to have robust technology in the long run.
- Perform timely hardware and software updates, maintenance and backups.
- Establish, review and maintain system security of all practice technology.
Any company that has not recently re-assessed its backup and disaster recovery procedures should therefore do so to conform to these industry-standard best practices.
The Better Way: Business Continuity
Business continuity describes a complete solution for backup and disaster recovery. A proper business continuity solution will protect data on-premises and in the cloud. Whether data is on servers or in SaaS applications, it needs to be backed up. Business continuity goes a step further and offers you the ability to restore your data, which we call disaster recovery.
Whether a business is faced with a natural disaster or one human-made, a robust solution will have you up and running in minutes. Solutions that leverage the hybrid cloud can guarantee a quicker restore time as well. Why? Local backups are great to keep data stored on local devices, but what happens if something happens to that device? A hybrid cloud backup solution takes an initial backup on a local device and then replicates the backup to a cloud server. Cloud-only solutions are not as reliable on their own due to bandwidth issues. A hybrid model works to alleviate the vulnerabilities by implementing both processes to fill in the gaps. That’s intelligent business continuity.
At Hemi IT Solutions, we offer incredible Managed IT solutions for businesses in Calgary and Edmonton. Our focus is creating and maintaining partnerships with our clients based on trust, efficiency and follow-through. For over 10 years, we have engaged our clients through excellent service and pragmatic advice.
How to Ensure Your Team Can Securely Work From Home
As the novel coronavirus (COVID-19) continues to spread, many companies continue to assess how they can best prioritize their employee safety and maintain regular business operations. Many companies and governments recommend employees work from home, where possible, to avoid exposure to illnesses and the subsequent loss of productivity. This article will cover some of the ways your company and employees can work from home safely, securely, and productively.
How Businesses Can Securely Work From Home
With the increase in remote work, companies have to respond in various ways to avoid cybersecurity risks or interruptions to business. “When supporting a remote workforce, understand that security controls shift. Therefore, firewalls, DNS, and IDS/IPS could be ineffective when employees head home. Most environments that support VPNs should be able to protect the remote user, be sure to account for the bandwidth of users and remote desktop sessions,” said Dan Garcia, Senior Information Security Engineer II at Datto.
VPN Guidance from CISA
The Cybersecurity and Infrastructure Security Agency (CISA) released an alert to encourage organizations to adopt a heightened state of cybersecurity. According to the CISA, remote work options require a VPN solution to connect employees to an organization’s network. The CISA encourages organizations to review the following recommendations when considering alternate workplace options:
- Update VPNs, network infrastructure devices, and devices used to remote into work environments with the latest software patches and security configurations. See CISA Tips Understanding Patches and Securing Network Infrastructure Devices.
- Alert employees to an expected increase in phishing attempts. See CISA Tip Avoiding Social Engineering and Phishing Attacks.
- Ensure IT security personnel are prepared to ramp up the following remote access cybersecurity tasks: log review, attack detection, and incident response and recovery. Per the National Institute of Standards and Technology (NIST) Special Publication 800-46 v.2, Guide to Enterprise Telework, Remote Access, and Bring Your Own Device (BYOD) Security, these tasks should be documented in the configuration management policy.
- Implement multi-factor authentication (MFA) on all VPN connections to increase security. If MFA is not implemented, require teleworkers to use strong passwords. (See CISA Tips Choosing and Protecting Passwords and Supplementing Passwords for more information.)
- Ensure IT security personnel test VPN limitations to prepare for mass usage and, if possible, implement modifications to prioritize users that will require higher bandwidths.
In addition, managed service providers (MSPs) are recommending the following best practices and advice for how businesses can remain secure through remote work scenarios.
- Use a Secure WiFi Network: If possible, all remote workers should work on a secure, private home network instead of relying on public WiFi. Suppose employees send data through an unsecured WiFi connection. In that case, they lose the power of privacy, making it possible for cybercriminals to intercept data. Employees may be putting personal information at risk if they access email accounts or send sensitive data over a public WiFi network. It’s essential to ensure your network is secure by using a VPN and a strong password that isn’t easily cracked.
- Secure Home Workstations: Ensure everyone has fully patched and updated anti-virus and anti-malware software. It’s essential to follow the same best practices you would in the office and report any suspicious activity or concerns to internal IT or your MSP.
- Coordinate With Your Internal IT or MSP: When working remotely, it’s crucial to continue your typical cybersecurity best practices and reach out with any questions or concerns.
Protect Remote Workers from Data Loss
As small and medium-sized (SMBs) businesses worldwide continue to adapt to remote work, there has been a surge in the use of cloud collaboration apps. According to research from Techaisle, 74% of SMBs are using collaboration focused SaaS solutions.
In adjusting to a completely remote, digital workforce, businesses need tools to quickly and effectively enhance how they handle new compliance, security and data loss risks. Many companies have turned to cloud-based solutions like Microsoft 365 and Google Workspace. At one point, Microsoft Teams gained more than 12 million daily users in a single week – up 37.5% – and then suffered an outage due to the rapid rise in demand.
While Microsoft 365 and Google Workspace may make collaboration more efficient, data protection and management remain challenging. To address that threat, SMBs need a reliable solution for this growing reliance on the cloud and Datto’s SaaS Protection can help.
Microsoft 365 and Google Workspace Data are not Automatically Protected
SaaS data is not immune to permanent data loss. Both Microsoft and Google make no guarantees when it comes to restoring deleted data, whether it’s human error or a malicious ransomware attack. Also, the move to remote work has triggered a wave of new cyberattacks. Previously, only 12% of all malicious traffic was directed at remote workers. Still, according to ITProPortal, this has jumped to 60% during the pandemic.
Reduce Risk and Avoid Downtime with Datto SaaS Protection
An independent data backup separate from the SaaS app itself is necessary to avoid the most common data loss pitfalls. Setup, backup, and recovery can all be made remotely by your MSP, ensuring data is protected and managed efficiently. Want to learn more about our reliable SaaS backup and easy recovery? Contact our product experts today!
Services Protected by Datto SaaS Protection
Microsoft 365
| Google Workspace
|
Staying Connected & Productive When Working Remotely
Whether your team consists of members across different geographic locations or you have full remote employees, there are ways to work within the confines of temporary team member isolation. Here are some tips and suggestions for how your company can stay productive and communicative while working from home:
Communication tools need to be your go-to solution
- Video conferencing systems, like Zoom or Microsoft Teams, will be your best friend. Ask yourself, “Is this conversation better-suited face-to-face?” If so, book 15 minutes with someone over your video conferencing system instead of managing these communications over email or a messaging tool. It will go the distance to keep you and your teammates in sync.
- Slack and Microsoft Teams messaging tools are a great way to continue moving through processes and asking critical questions to team members. This is a quick way to get answers and to communicate small needs or changes with the group.
- Don’t be afraid just to pick up the phone and call someone. Share your phone number with your colleagues when you need to have a quick conversation.
Block off “Do Not Disturb” time on your calendar each day
- Communication tools, especially when remote, can become your entire day if you don’t manage your time appropriately. Establishing blocks of time where you request not to be interrupted to concentrate on your work is crucial.
- Utilize the “Do Not Disturb” feature to limit your notification overload. Getting constantly pinged can be overwhelming for anyone. Do your best to reduce distractions when you need to go heads down on problem-solving for an hour.
When you’re in a video meeting, turn on your camera and pay attention
- It’s easy to get distracted by other inquiries you’re receiving when you’re on a video meeting, especially when you can’t just close your laptop like when you’re in a conference room with team members. The only way to avoid this is to turn off notifications and focus on the session’s content.
- Turning on your camera allows people to read your expressions and interact with you more effectively. Additionally, it gives you the incentive to be present in the meeting instead of handling other issues during the call.
Working from home is about balance. Make sure you take frequent breaks and monitor your working hours as you would if you were commuting. It’s easy to burnout when you work from home, so talk with your manager if you feel that you are struggling to be productive. Use the tools you have at your disposal to continue being effective contributors and collaborators with your remote team members.
How to Confidently Protect Your Business from Ransomware
More and more, ransomware has emerged as a significant threat to individuals and businesses alike. Ransomware is a type of malware that encrypts data on infected systems, has become a lucrative option for extortionists. When the malware runs, it locks the victim’s files and allows criminals to demand payment to release them.
These people can impact organizations of all types and sizes. Still, small businesses can be particularly vulnerable to attacks, and the use of ransomware is on the rise. In the McAfee Labs June 2018 Threat Report, the number of new ransomware strains saw an increase of 62% in the previous four quarters. This increase brings McAfee’s total number of identified strains to roughly 16 million. Ransomware is distributed in various ways and is difficult to protect against. Like a flu virus, it is continually evolving.
There are ways to protect your business against ransomware attacks. In this article, you’ll learn how the malware spreads, the different types of ransomware proliferating today, and what you can do to avoid or recover from an attack. Hiding your head in the sand won’t work because today’s ransom seekers play dirty.
Ransomware Today
There are a few dominant types, or families, of ransomware in existence. Each type has different variants. New families will continue to surface as time goes on. Historically, Microsoft Office, Adobe PDF and image files have been targeted. Still, McAfee predicts that additional types of files will become targets as ransomware continues to evolve.
Most ransomware uses the AES algorithm to encrypt files, though some use alternative algorithms. To decrypt files, cyber extortionists typically request payment in Bitcoins or online payment voucher services, such as Ukash or Paysafecard. The standard rate is about $500, though there has been much higher. Ransomware campaigns typically focus their attacks in wealthy countries where people and businesses can afford to pay the ransom.
How Ransomware Spreads
Spam is the most common method for distributing ransomware. It generally spreads using a form of social engineering. Cybercriminals trick victims into downloading an e-mail attachment or clicking a link. Fake email messages might appear to be a note from a friend or colleague asking a user to check out an attached file, for example. Or, an email might come from a trusted institution (such as a bank) asking you to perform a routine task. Sometimes, ransomware uses scare tactics such as claiming that the computer has been used for illegal activities to coerce victims. Once the user takes action, the malware installs itself on the system and begins encrypting files. It can happen in the blink of an eye with a single click.
Another standard method for spreading ransomware is a software package known as an exploit kit. These packages identify vulnerabilities and exploit them to install ransomware. In this type of attack, hackers install code on a legitimate website that redirects computer users to a malicious site. Unlike the spam method, sometimes this approach requires no additional actions from the victim. This is referred to as a “drive-by download” attack.
Angler was a typical exploit kit used back in 2015. A study conducted by security software vendor Sophos showed that thousands of new web pages running Angler were created every day. The Angler exploit kit uses HTML and JavaScript to identify the victim’s browser and installed plugins, which allows the hacker to select an attack that is the most likely to be successful. In early 2018, a new strain of ransomware called GandCrab was spread using two separate exploit kits that target Internet Explorer and Flash Player vulnerabilities to launch JavaScript, Flash, and VBscript-based attacks.
Spam botnets and exploit kits are relatively easy to use but require some level of technical proficiency. However, there are also options available for aspiring hackers with minimal computer skills. According to McAfee, there are ransomware-as-a-service offerings hosted on the Tor network, allowing just about anyone to conduct these types of attacks.
Common Types of Ransomware
As noted above, ransomware is constantly evolving, and new variants are appearing all the time. So, it would be difficult, if not impossible, to compile a list of every type of ransomware proliferating today. While the following is not a complete list of today’s ransomware, it gives a sense of the major players and the variety in existence.
CryptoLocker
Ransomware has been around in some form or another for the past two decades but came to prominence in 2013 with CryptoLocker. The original CryptoLocker botnet was shut down in May 2014, but not before the hackers behind it extorted nearly $3 million from victims. Since then, the CryptoLocker approach has been widely copied, although today’s variants are not directly linked to the original. The word CryptoLocker, much like Xerox and Kleenex in their respective worlds, has become almost synonymous with ransomware. CryptoLocker is distributed via exploit kits and spam. When the malware runs, it installs itself in the Windows User Profiles folder and encrypts files across local hard drives and mapped network drives. It only encrypts files with specific extensions, including Microsoft Office, OpenDocument, images and AutoCAD files. Once the dirty work complete, a message informing the user that files have been encrypted is displayed on the user’s screen demanding a Bitcoin payment.
CryptoWall
CryptoWall gained notoriety after the downfall of the original CryptoLocker. It first appeared in early 2014, and variants have emerged with various names, including Cryptorbit, CryptoDefense, CryptoWall 2.0 and CryptoWall 3.0, among others. Like CryptoLocker, CryptoWall is distributed via spam or exploit kits. The initial version of CryptoWall used an RSA public encryption key. Later versions (including the latest CryptoWall 3.0) use a private AES key, further masked using a public AES key. When the victim opens the malware attachment, the CryptoWall binary copies itself into the Microsoft temp folder and begins to encode files. CryptoWall encrypts a wider variety of file types than CryptoLocker. When encryption is complete, it also displays a ransom message on a user’s screen demanding payment.
CTB-Locker
The criminals behind CTB-Locker take a different approach to virus distribution. Taking a page from the playbooks of Girl Scout Cookies and Mary Kay Cosmetics, these hackers outsource the infection process to partners in exchange for a cut of the profits. This strategy allows for achieving large volumes of malware infections at a faster rate. When CTB-Locker runs, it copies itself to the Microsoft temp directory. Unlike most forms of ransomware today, CTB-Locker uses Elliptic Curve Cryptography (ECC) to encrypt files. CTB-Locker impacts more file types than CryptoLocker. Once files are encrypted, CTB-Locker displays a ransom message demanding payment in Bitcoins.
Locky
Locky is a relatively new type of ransomware, but its approach is familiar. This malware spreads using spam, typically in the form of an email message disguised as an invoice. When opened, the invoice is scrambled, and the victim is instructed to enable macros to read the document. When macros are enabled, Locky begins encrypting an extensive array of file types using AES encryption. Bitcoin ransom is demanded when encryption is complete. Can you sense a pattern here? The spam campaigns spreading Locky are operating on a massive scale. One company reported blocking five million emails associated with Locky campaigns over the course of two days.
TeslaCrypt
TeslaCrypt is another new type of ransomware on the scene. Like most of the other examples here, it uses an AES algorithm to encrypt files. It is typically distributed via the Angler exploit kit, explicitly attacking Adobe vulnerabilities. Once a vulnerability is exploited, TeslaCrypt installs itself in the Microsoft temp folder. When the time comes for victims to pay up, TeslaCrypt gives a few payment choices: Bitcoin, PaySafeCard and Ukash are accepted here. And who doesn’t love options?
TorrentLocker
TorrentLocker is typically distributed through spam email campaigns and is geographically targeted, with email messages delivered to specific regions. Often referred to as CryptoLocker, TorrentLocker uses an AES algorithm to encrypt file types. In addition to encoding files, it also collects email addresses from the victim’s address book to spread malware beyond the initially infected computer/network—this is unique to TorrentLocker.
TorrentLocker uses a technique called process hollowing. A Windows system process is launched in a suspended state, malicious code is installed, and the process is resumed. It uses explorer.exe for process hollowing. This malware also deletes Microsoft Volume Shadow Copies to prevent restores using Windows file recovery tools. Like the others outlined above, Bitcoin is the preferred currency for the ransom payment.
KeRanger
According to ArsTechnica, KeRanger ransomware was discovered on a popular BitTorrent client. KeRanger is not widely distributed at this point. Still, it is worth noting because it is the first fully functioning ransomware designed to lock Mac OS X applications.
Petya
Instead of encrypting files on a victim’s computer, Petya overwrites the master boot record, leaving the operating system in an unbootable state. Petya commonly relies on phishing emails to spread its payload.
NotPetya
Initial reports categorized NotPetya as a variant of Petya, a strain of ransomware first seen in 2016. However, researchers now believe NotPetya is instead a malware known as a wiper with the sole purpose of destroying data and not obtaining any ransom.
WannaCry
WannaCry burst onto the scene in 2017 in a widespread ransomware campaign that affected organizations across the globe. Over 200,000 organizations in over 150 countries were impacted. The ransomware strain, also known as WCry or WanaCrypt0r, affects Windows machines through a Microsoft exploit known as EternalBlue.
Protect Against Ransomware
Cybercriminals armed with ransomware are a formidable adversary. While small-to-mid-sized businesses aren’t explicitly the target in ransomware campaigns, they may be more likely to suffer an attack. Frequently, small business IT teams are stretched thin and, in some cases, rely on outdated technology due to budgetary constraints. These constraints are the perfect storm for ransomware vulnerability. Thankfully, there are tried and true ways to protect your business against ransomware attacks. Security software is essential. However, you can’t rely on it alone. A proper ransomware protection strategy requires a three-pronged approach, comprising of education, security and backup.
Education
First and foremost, education is essential to protect your business against ransomware. Your staff must understand what ransomware is and the threats that it poses. Provide your team with specific examples of suspicious emails with clear instructions on what to do if they encounter a potential ransomware lure (i.e. don’t open attachments, if you see something, say something.).
Conduct bi-annual formal training to inform staff about the risk of ransomware and other cyber threats. When new employees join the team, make sure you send them an email to bring them up to date about best practices. It is essential to ensure that the message is communicated clearly to everyone in the organization, not passed around on a word of mouth basis. Lastly, keep staff updated as new ransomware enters the market or changes over time.
Security
Antivirus software is essential for any business to protect against ransomware and other risks. Ensure your security software is up to date, as well, to protect against newly identified threats. Keep all business applications patched and updated to minimize vulnerabilities. Some antivirus software products offer ransomware-specific functionality. For example, Sophos offers technology that monitors systems to detect malicious activities such as file extension or registry changes. If ransomware is detected, the software can block it and alert users. However, because ransomware is continually evolving, even the best security software can be breached. This is why a secondary defence layer is critical for businesses to ensure recovery in case malware strikes: backup.
Backup
Modern total data protection solutions, like Datto, take snapshot-based, incremental backups as frequently as every five minutes to create a series of recovery points. If your business suffers a ransomware attack, this technology allows you to roll-back your data before the corruption occurred. When it comes to ransomware, the benefit of this is twofold. First, you don’t need to pay the ransom to get your data back. Second, everything is safe since you are restoring to before the ransomware infected your systems. The malware can not be triggered. Here’s an example of how Datto saved the day for the international hotel chain, Crowne Plaza.
Additionally, some data protection products today allow users to run applications from image-based backups of virtual machines. This capability is referred to as “recovery-in-place” or “instant recovery.” This technology can be useful for recovering from a ransomware attack because it allows you to continue operations. At the same time, your primary systems are being restored and with little to no downtime. Datto’s version of this business saving technology is called Instant Virtualization. Instant Virtualization virtualizes systems either locally or remotely in a secure cloud in seconds. This solution ensures that businesses stay up-and-running when disaster strikes.
Ransomware and other malware shouldn’t hold you or your business hostage. If you’re ready to ensure, your business is protected in the event of an emergency, give us a call.