Don't Let Your Security Blow Away in the Cloud

Whether you use only one application in the cloud or you've shifted your entire infrastructure there, your security needs to cover your entire infrastructure — public, private, cloud-based, and traditional. But as companies mix on-site data centers with vendor-provided cloud services, they often fail to adjust their data security accordingly. So says a new study from the SANS Institute, which found that fewer than a third of organizations have a strategy that describes how their traditional and cloud computing models work together, which data and applications to send to the cloud and which to keep in-house, and how to establish appropriate safeguards for each external cloud provider.

Respondents said they had a hard time creating a data security strategy, in part because they lacked visibility into cloud provider practices, and also because cloud providers didn't cooperate enough in supporting the customers’ security technology.

Xantrion can help you establish appropriate security policies both on premise and in the cloud. We can also help you choose vendors that are happy to be transparent about their own security practices, because that's who we choose to do business with.

Mac Users' Security Honeymoon Coming to an End?

Apple laptop and desktop users don't have to worry about the constant threat of malware and exploits the way Windows users do — right?  Wrong.

That used to be more or less true, but with Apple's share of the desktop computer market now at about 17 percent, hackers are targeting OS X like never before. In fact, according to recent research, five times more OS X malware has appeared in 2015 than during the previous five years combined.

Granted, the researchers only found 948 unique samples of OS X malware this year, compared to the 400,000 new varieties of Windows-based malware that emerge every day. But the uptick strongly suggests that hackers are actively looking for ways to inject malicious code into OS X and circumvent its security mechanisms —possibly using iOS, which currently holds almost 40 percent of the global mobile OS market.

In short, if you use Apple products, your security safeguards need to include them. If you're not sure how, Xantrion is happy to help. We're experienced in protecting infrastructures that include Macs and iPhones — including our own! 

US-China No-Hack Pact: Good, or Better Than Nothing?

September saw a historic agreement between the US and China prohibiting cyber espionage for economic gain — stealing trade secrets and intellectual property. But how will it work out in practice?

In the worst-case scenario, China will pay lip service to the agreement while turning a blind eye to, or continuing to sponsor, attempts to steal US IP, says Kevin Mandia, president of leading network security firm FireEye. However, he believes it's more likely that China will scale back its participation in cyber spying attacks on US companies, and may even put a stop to it entirely — especially since the US is likely to start fining Chinese companies for it.

In the end, Mandia predicts, the US and China will team up to battle cyber crime for the sake of a stronger global economy. And that makes the agreement better than no agreement.

A Look at the Latest Lightweight Laptops

Laptops get thinner and lighter by the day. If it's time to upgrade your Windows laptop and you're hunting for something smaller than what you're currently lugging around, check out CRN's comparison between the two current leading lightweights: the 2.7-pound Dell XPS Touch and the 3.34-pound Microsoft Surface Book.

CRN gets into the details of processing power, graphics, battery life, and other specs, so we won't. The short version is that they're both sleek Windows machines that retail for about $1,700, and they both have features worth recommending. If you're trying to reduce weight, go for the Dell. If you want a laptop that converts to a tablet, choose the Microsoft. And if you want help making sure they work well on your network, choose Xantrion.

The Internet of Things: Boon, Bane, or Both?

You've probably heard a lot of talk lately about the Internet of Things (IoT) — the idea of connecting objects ranging from medical devices to kitchen appliances to the Internet so they can collect, use, and share data for better performance and greater efficiency. The IoT could change our lives dramatically, but experts have some serious questions about how to handle the amount of data the IoT will generate, who will own that data, and how to keep it both secure and private.

The evolution of the IoT is going to create new security vulnerabilities at home and at work that we've never had to consider before. Where will our data end up, and how will it be used? It's something we're thinking about a lot at Xantrion, and we think you should be, too.

The Health Care Industry Needs a Security Booster Shot

In early September, a Blue Cross Blue Shield affiliate in upstate New York revealed that hackers had compromised 10.5 million patient and business partner records in a data breach that had continued, undetected, for almost two years. It wasn't the first health care industry breach of 2015, and it probably won't be the last. It wasn't even the largest: back in January, hackers hit Anthem, the nation's second largest health insurer, and stole as many as 80 million people's records.

Medical records are a juicy prize on the black market, selling for as much as $70 each, as Jim Trainor of the FBI Cybersecurity Division told CBS News in February. NPR's "All Things Considered" even reported recently that it found a "value pack" of ten Medicare numbers selling for about $4,700. So if your company is in the business of health care, you are almost certainly in a hacker's sights, and your data security is due for an immediate check-up.

Your Bank Account's Safety is Your Responsibility

When fraud siphons cash out of your individual bank account, the law requires your bank to cover your losses in most cases. That's not the case for business accounts, even for one-person businesses. For the small business owner who gets stung by a cybercriminal, that can make a bad situation far worse.

We've discussed basic steps for avoiding cyber fraud before, but these recommendations bear repeating:

• teach your employees the early warning signs of fraud
• change passwords frequently
•  require two people to approve any funds transfers or changes to your list of authorized payees
•  perform all your financial transactions on a computer that's both password-protected and not connected to the rest of your network

If you have questions, or if you think you're being targeted, our security experts are here to help you protect your network — and your bank account.

Shortcut Keys for Windows 10

For those of you early adopters wanting to dive into Windows 10, click here for a two page guide from Microsoft that lists shortcut keys that you can use from the desktop in Windows 10.

Is Your Health Care Data Exposed to Cybercrime?

Health care's resistance to data breaches is at an all-time low, and the epidemic is getting worse. So says a recent study from Ponemon Institute, the leading data privacy and security research center. The numbers are intimidating: 90 percent of the country's health care organizations have had a data breach, such a huge percentage that it's affected more than 120 million people — one-third of the US population. Most breaches are due not to negligence, but to criminal attacks. And the pace of these attacks is accelerating: while 37 million health care records were compromised between 2010 and 2014, 99 million were compromised in the first quarter of 2015 alone.

However, the Ponemon study also offers some hope. More than two-thirds of health care data breaches are discovered during audits or assessments, and it turns out they're primarily caused by weak, stolen, or lost credentials and lost or stolen mobile devices — vulnerabilities that are relatively easy to address.

 If you're a health care company, it's time to apply some preventive care. Our security guide,"The 5 Critical Elements of Risk Assessment," will help you develop a treatment plan. After reading it, contact us for next steps.

Office 365 Bests Google Apps as Cloud Productivity Champion

Google Apps were a game-changer when they first came out, and they've owned the market for productivity software as a service ever since — largely because Microsoft's cloud-based versions of familiar Office applications lagged so far behind their on-premise peers in terms of features and functionality. Now that Office 365 has stepped up its game, Google Apps' market dominance is slipping, at least according to a new study.

The survey by cloud access security broker Bitglass shows that Office 365 tripled its adoption rate from 7.7 percent in 2014 to 25.2 percent in 2015. By comparison, Google Apps' adoption rate only climbed from 16.3 percent to 22.8 percent. Regardless of platform, though, the survey shows that worldwide, businesses of all sizes are giving up on-premise productivity suites in favor of cloud-based alternatives. Adoption rates have doubled in the last year and more than half of global businesses have now made the switch.

If you're considering moving your office productivity tools to the cloud, Xantrion can help you decide which tools to use and how to make sure they deliver the functionality and security your users expect and need.

Hack Me Once, Shame On You. Hack Me Twice…

In 2008 and 2009, Wyndham Worldwide Corp. was hacked three separate times, exposing more than 619,000 customer credit cards to more than $10.6 million in fraudulent charges. As a result, the US Federal Trade Commission sued the hotel chain for failing to take reasonable steps to protect consumer information.

Wyndham claimed it hired five different security consulting groups to audit its systems, but that none were able to find and fix the security hole that let the hackers into the company's systems. Wyndham's lawyers argued that these were reasonable steps, even though they were ultimately unsuccessful, but an appeals court ruled in August that the FTC could proceed in bringing enforcement action against the chain.

This suggests that in the future, the bar for doing enough to keep your customers' data safe is going to rise. If you aren't sure whether you need to do more, download our guide to "The 5 Critical Elements of Risk Assessment" and call us for a security audit.

Installing Windows 10: Not For Amateurs

We recently surveyed Xantrion engineers to see whether the free upgrade to Windows 10 was something that people should undertake on their own.  The answer is that, while Windows 10 is a fine operating system, most users won’t be able to complete the upgrade without some amount of professional troubleshooting. 

Our engineers have upgraded a variety of systems at this point ranging from custom gaming rigs to stock computers from major manufacturers.  The computers also ran the gamut from brand new to 6 years old running Windows 7 or 8.1.   Our experience has been that only 10% of computers upgraded without issue. 80% of computers worked fine after some troubleshooting.  Another 10% of the upgrades failed entirely with the computers needing to be rebuilt from scratch.  The 80% of computers that required troubleshooting could most likely be handled by retail support services from stores such as Best Buy.  Unfortunately, the troubleshooting is likely beyond what a typical user might be expected to handle. 

The bottom line is that Windows 10 is a good operating system and you should feel comfortable buying a new computer running it.  However, you should be prepared for a trip to your local repair shop to solve problems you are likely to encounter if you upgrade an existing system.

Cyberthreats: A Bullet Aimed at the Bottom Line

CFOs no longer believe that cyberattacks are exclusively a problem for the IT department to handle. In fact, a recent Deloitte survey shows they consider cyberattacks one of the greatest threats to a company's financial health. Meanwhile, a new Grant Thornton report on CFO involvement in security indicates that CFOs have ultimate responsibility for security at 38 percent of organizations. The same report shows that nearly half of executives think the biggest barrier to developing an enterprise-wide cybersecurity strategy is an inadequate understanding of cyber risks and their impacts.

If you're a CFO who believes the security buck stops at your desk, our guide to the 5 Critical Elements of Risk Assessment will help you develop a plan for staying on top of new threats while implementing protections that balance affordability and effectiveness.

Cyber Cons Are Getting Increasingly Clever: You Should, Too

Determined criminals are constantly inventing new ways to access your company bank account. Sometimes they try to break in. Sometimes they try to steal your passwords and account information. But some of their techniques are designed to get you to simply hand over the money — and these cyber cons are becoming even more common.

One con we recently became aware of involved a corporate controller who received what looked like email from the company's CFO forwarding a request from the CEO to process a wire transfer. In another case, a cyber con artist registered a domain name similar to that of a large manufacturer, then bribed an employee in the manufacturer's accounts receivable department. Click here for more on how to avoid cons like these.

Cybersecurity is a Top Management Issue

If the devastating and embarrassing hacks successfully perpetrated on Target, JPMorgan Chase, Home Depot, and other established brands have proved one thing, it's that top management needs to take responsibility for cybersecurity. However, a recent Ponemon study shows that most boards of directors don't understand the risks as well as they should. 

Smart C-level executives and boards of directors are starting to recognize just how much responsibility they have for protecting the safety, security, and integrity of their networks and data. They're finally aware that cyber risk is one of the most pressing threats to the business, right up there with credit risk, liquidity risk, and operational risk. But awareness isn't enough. It takes action:

1. Educating the board and C-suite about the company's cyber risk profile
2. Finding sufficiently expert advisors to provide ongoing insight and assistance
3. Conducting regular reviews of the company's cyber risk management plans and breach readiness status 

Xantrion can help you understand your organization's risk profile and improve your ability to manage the cyber risks you face. Contact us for help building an approach to cybersecurity that reaches all the way to the top.

Sorry, Windows Server 2003, We're Through

Microsoft officially stopped supporting Windows Server 2003 on July 14. That means no more patches or upgrades to fix glitches, bugs, and most importantly, security issues. That's not a great position to be in, considering that as recently as 2013, Microsoft issued 37 patches to Server 2003, an average of more than 3 patches a month.

We know breaking up is hard to do, even when you've known for a while that it has to happen. Your legacy applications may not run on newer versions of Microsoft Server, and your existing hardware may not support them. Not upgrading is not an option, though. For one thing, running an unsupported OS puts you out of PCI and HIPAA compliance. More importantly, it's now open season for hackers on Server 2003 — and if you're still running it, you're on your own. 

It's time to say goodbye to Server 2003. If you're still relying on it, or if you're trying to prioritize the changes that upgrading is going to require, let us help you make a plan to move on.

Public or Private Cloud? Wrong Question

 If you're considering moving some (or all) of your applications to the cloud, your first question might be "public or private?" That's a false choice, though. According to Verizon's latest State of the Market Enterprise Cloud 2014 study, the breadth of cloud services available today can't be broken down that easily. It makes more sense to choose an appropriate cloud service for each individual workload based on these three criteria:

1. the risk profile of the workload 
2. how the workload and associated data are divided between your premises and the cloud service provider's
3. the amount of cloud environment management you're willing to shoulder

We couldn't agree more with Verizon's conclusions for assessing which variation of cloud, if any, is appropriate for your various applications. Download Verizon's free study — you'll find the details on pp. 5-6.

You'll also notice that Verizon lists all the services a cloud project might require: consulting, application portfolio evaluation, deployment and architecture design, "business of IT" support, active management of both on-site and remote cloud hardware and software, user and helpdesk support, and services around other IT areas affected by the cloud. Xantrion offers all of these services, and we're ready to help you start designing a plan to use cloud services in the ways best suited to your business.

One Foolproof Trick for Better Passwords

So you're using a password management tool to keep track of all your passwords. What if that tool gets hacked? That's not a joke — it happened last month at LastPass, a web-based service that encrypts multiple passwords. Although LastPass users' actual passwords weren't compromised, their email addresses and password reminders were.

The LastPass incident is a valuable reminder that the most secure place to store your passwords is still inside your head. But can you remember the password for every website you use without making the security mistake of reusing passwords? We certainly can't. That's why at Xantrion, we recommend and use a simple trick that generates passwords that are hard to crack but easy to recall. It just takes three steps:

1.  Start with a word you won't forget, and spell it with at least one special character. For example, "apple," spelled "4pp!e." You'll use this "seed" password in all your other passwords.
2. Come up with a simple algorithm based on the site's domain name. For example, you could use the first and last letters of the name as the first and last letters of your password
3. Combine the two. In our example, then, your password for WebEx would be w4pp!ex, and your password for Salesforce would be s4pp!ee.

You can make the details as complicated as you want, but as long as you remember the domain name and your personal algorithm, it's easy to generate unique, high-quality passwords you still won't have to write down or store anywhere.

Spending Smarter on Security

Are you putting your cybersecurity dollars where they'll do the most good? Probably not. A recent RAND study found that organizations aren't as strategic about security spending as they could be — and that as a result, their security costs will rise 38 percent over the next decade. On the other hand, RAND says that an effective security staff can cut the cost of cybersecurity by 19 percent in the first year and 28 percent by the tenth year.

Xantrion's experiences align with the study's results and its recommendations. We see technologies designed to detect and isolate intrusions offer less protection with every passing year as hackers come up with countermeasures to circumvent them. After a decade, these technologies have lost as much as 65 percent of their effectiveness. On the other hand, we've found that improving overall security hygiene and reducing risk exposure through measures like network access control, firewall policy enforcement, and patch management remain highly effective.

If you're looking for experienced security professionals who can deliver the most bang for your cybersecurity buck, contact Xantrion. We'll help you keep your protection levels high and your costs low.

How to Harness the Power of the Cloud for Security Conscious Organizations

According to a recent study by Verizon, while individual figures vary from survey to survey, the trend is clear - the cloud is now mainstream. Verizon research found that 65% of enterprises surveyed are using the cloud, and they are increasingly trusting more complex and mission-critical workloads to it.  They also found that 72% expect to put more than half their workloads in the cloud, including SaaS, by 2017.  That's up from 58% today.

Read the full article here

Beware the Enemy Within

If you like suspense and horror movies, you know how often the plot hinges on one of the characters realizing that the threatening call is coming from inside the house. Similarly, your IT security might depend on recognizing that a threat is coming from inside your organization.

Employees who are disgruntled or just plain careless can do enormous amounts of damage to your finances, intellectual property, and/or business operations. A recent survey by SANS Institute shows that companies are increasingly aware of these internal threats, but that they're still not prepared to detect and deflect them. As author and SANS Institute fellow Dr. Eric Cole writes, "Insiders have access to critical information, understand how the organization is structured, and can bypass security more easily than outsiders. They can therefore be in the best position to cause harm to an organization. Many organizations are still not creating and implementing insider threat programs and need to aggressively increase their focus to better protect the organization."

The survey suggests that two-thirds of organizations either don't have a plan for responding to IT security events in place at all or don't have one that can account for insider threats. Don't be in that high-risk group. Contact Xantrion for help developing an IT security event response plan that covers all your potential threats, internal as well as external. 

The iPad: Still Not Quite Enterprise-Ready

While the iPad has been a game-changer in the consumer market, uptake in the enterprise market has been a lot more lukewarm. In fact, among Xantrion's client base, the iPad hasn't made any significant inroads at all, even as vendors like Microsoft and Lenovo pick up more market share.

There are several reasons why the iPad has failed to catch on at the enterprise level, but we think the primary problem is the lack of full-featured productivity tools. Windows-based tablets come with mobile device management, IT security tools, and Microsoft Office built in. The iPad, on the other hand, requires additional apps — at an additional fee.

That said, we recognize how much users love their iPads, so we aren't going to advise you to get rid of them if your employees are using them already. Call us and we'll help you set up, manage, and secure them appropriately.  

Which Hot New Smartphone Has Your Six?

The expression "having someone's six" means having their back. That's what we rely on our smartphones for, right? So does it make a difference which of the two big sixes — the iPhone 6 or the Samsung Galaxy S6 — you choose for a mobile sidekick? The answer, according to a recent head-to-head comparison, is no.

The two phones are so similar in features and functionality that the most notable differences between them, other than operating system, are the Samsung's wireless charging and curved screen. Unless you've just got to have one of those, it all comes down to whether you prefer iOS or Android. So pick the one you like best. Xantrion can help you manage your mobile devices either way.

Don't Skimp on Employee Security Education

You wouldn't expect your employees to master new skills without training. Why would you expect them to keep your network safe without security education?

We were shocked recently to read that certain leaders in the IT security industry don't believe in cybersecurity awareness and training for the average employee. If your employees don't understand why and how to protect your infrastructure and data, you're putting the entire burden on your hardware and software — and leaving yourself open to damage from preventable missteps. As our article about cyber con artists shows, human beings can be the weak link in your security posture, but they don't have to be. 

Xantrion believes user education is a critical part of a multi-pronged approach to security that also includes hardware, software, and IT pros who know what to do with the information your security tools generate. Call us for help developing a security strategy that's strong across all those areas.

Fighting the "TMI" Approach to Security

The CEO of a leading data security company recently criticized the security industry's current approach to breach detection. Basically, he said it suffers from a bad case of Too Much Information.

We couldn't agree more.

Detection tools generate an overwhelming volume of alerts and incident logs. Understaffed, overworked IT teams have to invest enormous amounts of time and energy analyzing this raw data to identify threats and determine the best way to address them. It's far more efficient and effective when security tools do the analysis for you and deliver prioritized recommendations for action. But how do you know what those tools are and whether their recommendations are trustworthy?

Let's face it: there are no silver bullets in IT security. The bad guys will eventually find a way around even the most cutting-edge technology, even as the good guys come up with a new way to block them. Nonetheless, experienced IT security pros can point you at tools that provide solid advice you can act on with confidence. If you're drowning in security TMI, call Xantrion. We'll help you focus on what's important.

3 Ways to Protect Against the Modern-Day Con Artist; the Cyber-Criminal

Con artists have been talking people into giving away their money from the beginning of time.  They found this was much easier than robbing a bank.  The modern day equivalent is cyber-criminals convincing people to give them the passwords and other information needed to hijack credit cards and on-line bank accounts.

Click here to read the full article:

Staying Dry in a Storm of Cybercrime

Your small to midsize business probably can't avoid a determined hacker - but that's okay.  The goal of cybersecurity isn't to prevent all intrusions, any more than the goal of an umbrella is to stop a rainstorm.

In the ongoing storm of hacks and attacks, you need a multilayered approach to security, including a contingency plan like the ones supply chain risk management groups put together.  Think of it as the equivalent of an umbrella, boots, a rain slicker, and maybe even a hat.  If you stay on top of the latest security threats, detect intrusions and attacks as early as possible, and create a mitigation plan to help you recover quickly from lost data and damaged systems, you'll stay (mostly) dry.

Xantrion can't do much about the weather, but we can help you create a mulitilayered strategy to mitigate your network security risks.  Call us today to get started.

The PCI Compliance Conundrum

Accepting payments with credit and debit cards means protecting customers' financial information in keeping with the Payment Card Industry Data Security Standard (PCI DSS). It's hard to achieve compliance with the Payment Card Industry Data Security Standard (PCI DSS). However, a recent survey by Verizon found that even when companies achieve PCI compliance, 7 out of 10 fail to maintain compliance for even one full year.

Companies that suffer data breaches may defend themselves by saying they were validated for compliance within the past year, but that only proves that they were compliant at one particular point in time. The only way to be sure you continue to meet all the requirements for PCI compliance on an ongoing basis is to pay attention to data security 365 days a year.

If you've worked hard to earn your PCI-compliant status, don't let your efforts slip away. Read our free recommendations for assessing and strengthening your security stance, then call us for help achieving and maintaining compliance.

Enough With the Security Doom and Gloom!

Do you feel like all the news about network security is bad?  Do you agree with a recent survey in which most companies assumed they would be hacked soon and repeatedly, and more than half felt they couldn't do much about it?

Don't despair!  Cybercrime might be getting more frequent and complex, but you don't have to resign yourself to being an easy target.  Thoughtful security policies and procedures can significantly reduce your risk.

We've developed a free guide to risk assessment to get you started.  It includes our top five recommendations for lowering your risk of a cyberattack.  For the next steps, call us.

Penton Technology Names Xantrion to the MSPmentor 501 Global Edition

 Xantrion is named for the 6th consecutive year

Oakland, California, April 14, 2015 /PRNewswire/ -- Xantrion has appeared on Penton Technology's eighth-annual MSPmentor 501 Global Edition, a distinguished list and report identifying the world's top 501 managed service providers (MSPs).  The  complete 501 list is currently available on the MSPmentor.  Additional lists include:

• The top ranked MSPs in North America
• The top MSPs in Europe, Middle East, and Africa
• The top MSPs in Asia, Australia, and New Zealand
• The top Small Business MSP list comprised of the top companies in our annual survey with 10 or fewer employees

"We're thrilled to be on the MSPmentor 501 list for the sixth time," said Anne Bisagno, President, Xantrion, Inc. "I attrbute our staying power to world class support and the ability to deliver relevant solutions like our Secure Cloud Service."

Each year, MSPmentor gathers information for its annual rankings through the participation of managed service providers and IT service providers in our annual survey.  The survey was conducted from December 2014 through January 2015.  Rankings are based on Penton Technology's unique criteria for MSPs such as annual recurring revenues, total revenues and more.

"We want to congratulate Xantrion and look forward to covering their growth strategies in the year ahead," said Marcia Parker, Executive Director, Penton Technology Group.  This year the top MSPmentor 501 companies recorded higher recurring revenues than ever before.  Combined, the total annual recurring revenues for all of MSPmentor 501 2015 companies reached a record high of $3.95 billion in 2014, up 26.5% year over year.

"Thank you to all the companies who participated in this year's MSPmentor 501 survey, and congratulations to the companies that ranked on our 501 list, our regional lists and our Small Business list," said Jessica Davis, Editor in Chief of MSPmentor and Executive Editor at Penton Technology.  "Your participation enables us to continue to provide you with high quality information about the most successful business models, pricing, vertical markets and other approaches to running your businesses in 2015 and beyond."

MSPmentor, produced by Penton Technology, is the ultimate guide to managed services. MSPmentor features the industry's top ranked blog, research, Channel Expert Hour Webcasts and Fast Chat videos.  It is the number one online media destination for managed service providers in the world.

Security Breaches Are Expensive; Our Guide to Risk Assessment Is Free

The hackers who hit Target at the peak of last year's holiday shopping season took thousands of credit card numbers.  The breach took down a CIO.  Now it's taking a bite out of the company's bottom line.  Target has agreed to a $10 million settlement that will award up to $10,000 to each individual who can prove direct harm from the breach.

Xantrion approves of the steps Target is taking to tighten its network security, including designating a chief information security officer (CISO), maintaining a written security policy, and regularly reviewing its processes and procedures for protecting customer data.  In fact, we think every company should do something similar.  That's why we developed our free guide to risk assessment.  Download it.  Read it.  And if you have any questions about implementing our advice, give us a call.

Security is a Bottom-Line Issue

A seemingly unending stream of high-profile breaches have made security a hot topic in the C-suite. It only makes sense for CFOs to get more involved.  After all, the potential ramifications of a security breach, such as downtime, lost productivity, and threats to intellectual property, all hit hard on the bottom line.

That's why we weren't surprised by a recent survey spotlighted in the Wall Street Journal's "CIO Report" showing that CFOs are stepping up their involvement in security issues.  Two-thirds of US tech CFOs surveyed said they're spending more to protect their networks and data.  Of those, almost half said they're bringing in external consultants to help — and that makes sense, too.  CFOs are responsible for making sure their companies invest in the best their budget can provide.

If you're thinking about bringing in an outside consultant to make the most of your security spending, out IT assessment service is a great place to start.  We'll thoroughly evaluate your current status, recommend improvements based on industry best practices, and help you develop a roadmap for improvement that fits both your needs and your budget.

Warning: Your Employees Have Your Data in Their Cloud

Our last blog post alerted you to the dangers of combining employees who take technology for granted with a weak (or non-existent) BYOD policy.  However, that's not the only risk a tech-savvy workforce can pose to your data.  A survey by security vendor CipherCloud found that a jaw dropping 86 percent of cloud applications being used in the enterprise, from filesharing, storage, and email to highly risky social media and publishing, were unsanctioned by IT.

If your employees are tempted by this "shadow cloud," give them credit for good intentions.  Cloud services have become so ubiquitous and easy to use that they're a convenient way to boost productivity and efficiency.  Unfortunately, they also put company data into the public cloud, where your IT team can't monitor or control it.

What to do?  Half the answer is to give your employees the tools they need instead of leaving them to develop their own workarounds.  The other half is to reinforce your control over where your data goes and how employees access it.  For expert advice on both, including alternatives to the public cloud and BYOD strategy, give us a call.

Millennials and Security: Are Your Newest Hires a Security Risk?

Hard to believe, with plenty of Baby Boomers still in the workplace, but the oldest members of Generation X start turning 50 this year.  And just as it's never too soon to start planning for retirement, it's not too soon to start adjusting your network security for a mostly Millennial workforce.

It's not that the generation now pouring into the workforce doesn't understand technology.  Just the opposite: they have no memory of life before the Internet.  Digital technology is the bedrock on which their lives are built, personally and professionally.  But maybe because they take tech so much for granted , data security isn't high on their list of priorities.  In fact, a recent survey from TrackIT reveals that 50 percent of Millennials bring personal apps into the workplace on their mobile devices — and that 60 percent of them aren't concerned about the impact of personal apps on corporate security.

We call this s wake-up call.  If you don't have a strong BYOD strategy, you need to put one in place before problems start popping up.  More than that, since the next generation of employees seems to think policies and procedures are primarily barriers to dodge, your strategy needs to rely heavily on technology.  If you aren't sure where to start, call us.  We have plenty of experience with our own Millennial employees!

Watch Out For These Security Threats in 2015

When WIRED magazine pulled out its crystal ball to predict the most serious threats to data security for 2015, we paid close attention.  Granted, our clients aren't likely to be targeted by hackers trying to steal state secrets or take over vital national infrastructure.  But some of the other threats on the list are directly relevant to the companies Xantrion supports.

1. Extortion - November's giant Sony hack was the first high-profile data breach that included threats to leak corporate secrets unless the company did the attackers' bidding.  How would you respond if someone threatened to leak your company's confidential information?
2. Data destruction - The Sony hack also highlighted a tactic that's been used before: not just stealing data, but deleting it or damaging it past the point of recovery.  What would you do if someone wiped your business-critical data?
3. Third-party breaches - As we've said before, hackers often target smaller companies as a way to access the larger, more lucrative companies with which they do business.  The hackers behind last year's infamous Target breach supposedly got in through the network of a heating and air-conditioning company that did business with the retailer.  What if your own lack of data security caused a catastrophic data breach for one of your vendors, customers, or business partners?

Fortunately, basic data security practices can provide the protection you need.  Contact Xantrion today for help setting up and maintaining proper backups, solid protection against viruses and malware, and a disaster recovery plan to restore your systems if the worst happens.  

Lessons From the Sony Hack

It's been hard to avoid the news about the massive hack of Sony Pictures Entertainment that shut the company down for a week in November and continues to spill corporate secrets, from embarrassing emails to confidential HR files for thousands of current and past Sony employees.  The FBI is pointing the finger at North Korea, but cybersecurity experts say it looks like an inside job.

Regardless of who started it, the powerful malware behind the breach is still out there, and it's designed not just to crack systems, but to destroy the data they contain.  The U.S. Computer Emergency Readiness Team (US-CERT) recommends that companies take precautionary measures that include the following:

1. Performing daily backups
2. Maintaining offsite backups of critical files
3. Tightening control over data access
4. Improving application security
5. Monitoring network activity
6. Developing a recovery plan

You may not be a major multinational corporation, but that doesn't make your data any less valuable to your daily operations.  Xantrion can help you implement any or all of the US-CERT recommendations.  Call us today to evaluate your risk and protect your business.

Use Case: Legal Firm

A growing law firm with offices in San Francisco and Washington was expanding its client base to include companies in defense and health care.  To serve these two highly regulated and security-conscious industries, the firm needed to minimize its own security risks.

Learn how the firm established security measures that addressed its most significant exposures to risk in a cost-effective way without burdening end users.

DOWNLOAD GUIDE 

http://www.itservices.xantrion.com/use-case-legal-firm.html