Network Access May June 2019
News May/June 2019
Superhero or Single Point of Failure? THE DANGERS OF ASKING YOUR SOLE IT SUPPORT TECHNICIAN TO BE YOUR SUPERHERO
As the old saying goes, “Hope is not a strategy.” But for many organizations, hope is the strategy when it comes to their technical support staffing.
major disruption to the organization. Most employees wouldn’t be too thrilled to learn that an IT disturbance impacted the company’s ability to make payroll and delayed their payday. Sure, being on-call 24/7 is pretty much the norm for singular IT staff members. But with the above examples in mind, companies must ask themselves the following questions. • Have we created or evolved to a high-risk situation for our organization? • When we rely on one person or a few people, is this the best strategy to prevent our company from disruption 24/7, 365 days a year? • What kind of work-life balance are we providing these employees? • Are we relying on only one person’s expertise when it comes to designing, building, and maintaining our infrastructure? Quite often at Network Access, we talk to firms that only have one or two people responsible for providing IT support for the critical applications the company needs to function. However, augmenting your staff with support resources can greatly reduce the real and potential problems that come with having a small IT support staff. One of our clients recently shared with us that the reason his management approved the cost of our NetWatchman Managed Service is because they wanted to have more expert resources available in the event of an emergency. This was from a competent, 20-year veteran in the IT profession. We need people to put their families first, because when we employ people with those values, it drives their desire to be successful and loyal. If you’re still not convinced, consider having a discussion with us regarding your organization’s emergency support situation. • Are we burning our employees out?
At a large number of organizations, IT staff members are often asked to take on “superhero support” measures to keep the applications available 24/7. This could mean they work late nights and into the early morning to maintain the company’s critical functioning systems and drag themselves into work the next day. They must be available during an emergency or disaster, even when they have personal responsibilities. Many professionals put their work life ahead of their own family’s priorities, often taking work home over vacations and weekends. A recent visit to a local manufacturing company highlighted this phenomenon. I was meeting with the CFO, who had nothing but great things to say about the new IT staff member, Jeff, who was sitting next to me. After the CFO completed his introduction, I turned to Jeff and said, “Jeff, it sounds like you don’t have anywhere to go but down after that introduction!” We all laughed, and Jeff agreed. Joking aside, Jeff later informed me that he was the only IT staff member at the company. When I asked who his back-up would be if he were to get sick or go on vacation, the CFO interrupted, joking that Jeff is not allowed to get sick or take a vacation. We all laughed, but we also knew that Jeff was a single point of failure for that company and the critical applications they rely on, such as email and the company’s enterprise resource planning (ERP) software. The ERP application is particularly important because it integrates all of the business processes of the company, including accounts receivable and accounts payable. But its most dire function is to integrate payroll software. Needless to say, an interruption with the company’s ERP system would be a There’s no such thing as a personal life when you are the sole IT person for an organization.
“Quite often, at Network Access, we talk to firms who only have one or two people responsible for providing IT support
for the critical
applications the company needs to function.”
NetWatchman services offer managed services that can relieve your organization’s risk, vulnerability, and unplanned downtime .
–Jim Barnes
1
www.NetworkAccess.com
412-931-1111
Goodbye, Windows Server 2008 WHAT THE EQUIFAX BREACH CAN TEACH US ABOUT THE LOOMING END OF THIS PLATFORM
Cybersecurity in the Modern World Lunch and Learn Join Network Access for a cybersecurity cloud best-practice briefing on the latest trends in cybersecurity for the cloud and accelerate your understanding in the following areas:
Microsoft has announced that
support and services for Windows Server 2008 will end on Jan. 14, 2020, which will effectively kill
• • • • • •
What we are protecting
The likelihood that you will be hacked
Today’s cybersecurity threats
Understanding the hacking process
Incident response and reporting requirements
regular security updates for the program. As we near the nine-month mark of the countdown to the end of Windows 2008, businesses that utilize it as a server platform are preparing for migration. At Network Access, we know the end of a server program can creep up on businesses, but beginning the transition with a proactive plan as soon as it’s feasible can ensure your business is prepared for possible complications. As we learned in the 2017 Equifax breach, ineffective server migration can leave your business vulnerable and your customers scrambling for protection. In late summer 2017, Equifax’s security professionals discovered suspicious activity on its platform and Apache Struts’ server. Over the following weeks, investigations found nearly 150 million U.S. consumers had their names, Social Security and driver’s license numbers, birthdays, and addresses stolen through a major security breach. Hackers and thieves are becoming cleverer, but investigators soon found the breach could have been prevented with proper due diligence. Failure by Equifax to patch its servers months after Apache Struts patches were released left gaps in its security system. Essentially, when Equifax transitioned to the Apache Struts server program, its information technology (IT) department failed to follow up and patch it with the appropriate security measures. This left the company with large holes in its security system. Even worse, some businesses still haven’t learned from Equifax. According to Sonatype, a software analysis group, nearly two-thirds of Fortune 100 companies are using the malignant version of Apache Struts. In fact, nearly half of the Fortune 100’s health care and technology businesses, and more than half of the Fortune 100’s 26 financial companies, still cling to the damaged platform. Your customers are your most valuable asset, and you would never want to leave them in a vulnerable position, especially if your company must follow PCI Security Standards and Health Insurance Portability and Accountability Act (HIPPA) standards. Learn how the Network Access team of technicians can prepare and guide your company through a server migration by visiting NetworkAccess.com or calling 412-931-1111.
Cybersecurity best practices
• Methods for easy and secure password management • Cybersecurity protection essentials • Methods for secure assessments
All while achieving great savings!
Save the Dates Date: Friday, June 14, 2019 Time: 11:30 a.m. to 2 p.m. Where: 4580 McKnight Road, Pittsburgh, PA 15237 Register at NetworkAccess.com/Workshops or by calling Bob Famigletti at 412-931-1111 . Across the country and around the world, organizations just l ike yours are facing challenges protecting their assets from being hacked. During the Lunch and Learn, we’ll be reviewing these challenges in detail while discussing the acceleration and security strategies that IT practitioners are employing to improve their performance and productivity for their organizations. The moment to learn you are unprepared to prevent a hack should not be after one happens. Join us to learn more about cybersecurity, proactive measures, and response plans before it’s too late.
You are cordially invited to learn solutions that will improve your business security on Friday, June 14 .
For future Lunch and Learn dates, visit NetworkAccess.com/ Workshops.
2
412-931-1111
www.NetworkAccess.com
NOW, NOT LATER
Why Your Business Needs to Implement Two-Factor Authentication
A survey by Paychex recently found that 68 percent of small-business leaders remain unworried about their digital security. If you need proof, you can just look at the passwords they and their employees use. According to SecureAuth, a staggering 81 percent of Americans use the same passwords for multiple accounts, the majority of which are unimaginative old standbys like “1234567,” “qwerty,” and “password.” These trends, compounded by the fact that passwords generally aren’t very airtight, turn the typical login and password combination into a paper shield for hackers. Even stronger passwords that include multiple uppercase and lowercase letters, numbers, and other characters often only take a few hours to crack with an advanced brute-force tool. Once they’re cracked, they’re often posted on the darknet or sold to the highest bidder. Here’s where two-factor authentication (2FA) comes in. 2FA forces users to input more than one field of identification to access their account. If you’ve ever used your PIN at an ATM, you’ve already used 2FA, but many other forms exist.
When logging into your email, Google can send an alert to your phone that includes a login number, which you type on your PC to gain access to your account. Banks often couple passwords with one of your security questions. Whatever the tactic, it’s much sturdier than your average password. It’s still not foolproof, but it’s an excellent first-line defense against hackers. However, implementing 2FA into your own business isn’t the easiest proposition. You’ll either need to create a custom solution — a big headache that may not be worth it for your small business — or hire a technical company suited for the job. This doesn’t have to be expensive. It’s worth noting, though, that whenever you bring in an outside party, it’s a potential failure point for your cybersecurity. It’s vital to vet them properly and ensure they practice what they preach. 2FA can’t be the beginning and end of your cybersecurity strategy, but consider it a large first step toward protecting your livelihood. Trust us — when the digital wolves come knocking at your door, you’ll be glad you installed the door in the first place.
STRENGTHEN YOUR CYBERSECURITY VOCAB Word Search
Enter to win an Amazon Gift Card! Fill out this word search, snap a photo, and send it to info@networkaccess.com for the chance to win!
Ransomware Policy
Honeypot Malware Threat SIEM
Breech Exploit Intrusion Sdwan
Virtualization Monitoring
Deception Encryption
Antivirus Phishing
3
www.NetworkAccess.com
412-931-1111
4580 McKnight Road, Pittsburgh, PA 15237
PRST STD US POSTAGE PAID BOISE, ID PERMIT 411
According to Symantec’s 2018 Internet Security Report, the number of reported blocked phishing attacks increased by 92 percent over the last year. Many of those were due to Ryuk, a variation on Hermes, the first known ransomware plague. The malware has been targeting law firms, convenience store chains, and even medical facilities, netting hackers as much as $640,000. Then there are state-sponsored attacks hitting small businesses across America, funded by hostile governments. In addition, there has been a Facebook email scam going around, masquerading perfectly as an email from the massive company but leading victims to download malware. The same goes for false emails from FedEx, as well as Bank of America. Hackers have even begun offering false SEO services to get victims to click a link! Teach your team how to spot phishing attacks and stay vigilant. You never know when they might show up in your inbox. Hoping Your IT Specialist Is a Superhero? PAGE 1 What Equifax Can Teach Us About Windows Server 2008 PAGE 2 Join Us June 14! PAGE 2 2FA Is Essential to Business Security PAGE 3 Word Search Contest PAGE 3 These Recent Phishing Attacks Can Cause Your Business Serious Harm PAGE 4
These Recent Phishing Attacks CAN CAUSE YOUR BUSINESS SERIOUS HARM
The Ugly Truth About Apps Sharing Your Kids’ Data It’s always unsettling when apps secretly gather your data. But when it comes to apps for kids, that’s doubly true. Recently, the attorney general of New Mexico filed a lawsuit against Tiny Lab, which develops games for kids like “Fun Kid Racing,” and other companies including Google and Twitter. The suit alleges that numerous applications violated child privacy laws by tracking and sharing data for users under 13. The New York Times looked into it and found that dozens of other kid-targeted apps may be doing the same thing. Keep an eye on the apps your child is using, as well as the data they’re sharing. You don’t want them to become victims of this gross data-sharing.
discriminating against women or minorities, or just simply being ignorant of the policies that hurt or hinder their teams. At the core of all these problems, argues Donna Hicks, is the concept of human dignity. Her book “Leading with Dignity: How to Create a Culture That Brings out the Best in People,” focuses on the core of all successful human interactions: recognizing that every human being has inherent value and worth. By creating a safe, comfortable space for their teams, being fair to the entire organization, and accepting the particularities that make their employees unique, excellent leaders create an atmosphere where everyone is allowed to be themselves. Success follows pretty easily after that.
All Great Leaders Obsess Over This One Thing
There are tales abound in the news about leaders treating their employees like trash,
4
412-931-1111
www.NetworkAccess.com
Page 1 Page 2 Page 3 Page 4Made with FlippingBook Annual report