Don't Let Your Security Blow Away in the Cloud

Whether you use only one application in the cloud or you've shifted your entire infrastructure there, your security needs to cover your entire infrastructure — public, private, cloud-based, and traditional. But as companies mix on-site data centers with vendor-provided cloud services, they often fail to adjust their data security accordingly. So says a new study from the SANS Institute, which found that fewer than a third of organizations have a strategy that describes how their traditional and cloud computing models work together, which data and applications to send to the cloud and which to keep in-house, and how to establish appropriate safeguards for each external cloud provider.

Respondents said they had a hard time creating a data security strategy, in part because they lacked visibility into cloud provider practices, and also because cloud providers didn't cooperate enough in supporting the customers’ security technology.

Xantrion can help you establish appropriate security policies both on premise and in the cloud. We can also help you choose vendors that are happy to be transparent about their own security practices, because that's who we choose to do business with.

Mac Users' Security Honeymoon Coming to an End?

Apple laptop and desktop users don't have to worry about the constant threat of malware and exploits the way Windows users do — right?  Wrong.

That used to be more or less true, but with Apple's share of the desktop computer market now at about 17 percent, hackers are targeting OS X like never before. In fact, according to recent research, five times more OS X malware has appeared in 2015 than during the previous five years combined.

Granted, the researchers only found 948 unique samples of OS X malware this year, compared to the 400,000 new varieties of Windows-based malware that emerge every day. But the uptick strongly suggests that hackers are actively looking for ways to inject malicious code into OS X and circumvent its security mechanisms —possibly using iOS, which currently holds almost 40 percent of the global mobile OS market.

In short, if you use Apple products, your security safeguards need to include them. If you're not sure how, Xantrion is happy to help. We're experienced in protecting infrastructures that include Macs and iPhones — including our own! 

US-China No-Hack Pact: Good, or Better Than Nothing?

September saw a historic agreement between the US and China prohibiting cyber espionage for economic gain — stealing trade secrets and intellectual property. But how will it work out in practice?

In the worst-case scenario, China will pay lip service to the agreement while turning a blind eye to, or continuing to sponsor, attempts to steal US IP, says Kevin Mandia, president of leading network security firm FireEye. However, he believes it's more likely that China will scale back its participation in cyber spying attacks on US companies, and may even put a stop to it entirely — especially since the US is likely to start fining Chinese companies for it.

In the end, Mandia predicts, the US and China will team up to battle cyber crime for the sake of a stronger global economy. And that makes the agreement better than no agreement.

A Look at the Latest Lightweight Laptops

Laptops get thinner and lighter by the day. If it's time to upgrade your Windows laptop and you're hunting for something smaller than what you're currently lugging around, check out CRN's comparison between the two current leading lightweights: the 2.7-pound Dell XPS Touch and the 3.34-pound Microsoft Surface Book.

CRN gets into the details of processing power, graphics, battery life, and other specs, so we won't. The short version is that they're both sleek Windows machines that retail for about $1,700, and they both have features worth recommending. If you're trying to reduce weight, go for the Dell. If you want a laptop that converts to a tablet, choose the Microsoft. And if you want help making sure they work well on your network, choose Xantrion.

The Internet of Things: Boon, Bane, or Both?

You've probably heard a lot of talk lately about the Internet of Things (IoT) — the idea of connecting objects ranging from medical devices to kitchen appliances to the Internet so they can collect, use, and share data for better performance and greater efficiency. The IoT could change our lives dramatically, but experts have some serious questions about how to handle the amount of data the IoT will generate, who will own that data, and how to keep it both secure and private.

The evolution of the IoT is going to create new security vulnerabilities at home and at work that we've never had to consider before. Where will our data end up, and how will it be used? It's something we're thinking about a lot at Xantrion, and we think you should be, too.

The Health Care Industry Needs a Security Booster Shot

In early September, a Blue Cross Blue Shield affiliate in upstate New York revealed that hackers had compromised 10.5 million patient and business partner records in a data breach that had continued, undetected, for almost two years. It wasn't the first health care industry breach of 2015, and it probably won't be the last. It wasn't even the largest: back in January, hackers hit Anthem, the nation's second largest health insurer, and stole as many as 80 million people's records.

Medical records are a juicy prize on the black market, selling for as much as $70 each, as Jim Trainor of the FBI Cybersecurity Division told CBS News in February. NPR's "All Things Considered" even reported recently that it found a "value pack" of ten Medicare numbers selling for about $4,700. So if your company is in the business of health care, you are almost certainly in a hacker's sights, and your data security is due for an immediate check-up.

Your Bank Account's Safety is Your Responsibility

When fraud siphons cash out of your individual bank account, the law requires your bank to cover your losses in most cases. That's not the case for business accounts, even for one-person businesses. For the small business owner who gets stung by a cybercriminal, that can make a bad situation far worse.

We've discussed basic steps for avoiding cyber fraud before, but these recommendations bear repeating:

• teach your employees the early warning signs of fraud
• change passwords frequently
•  require two people to approve any funds transfers or changes to your list of authorized payees
•  perform all your financial transactions on a computer that's both password-protected and not connected to the rest of your network

If you have questions, or if you think you're being targeted, our security experts are here to help you protect your network — and your bank account.