Blog

August 31st, 2015

Security shopping cartIf your company is not fully compliant with Payment Card Industry (PCI) Security Standards, you could be at risk of a serious tangle with attorneys. Technically, PCI guidelines are not a hard-and-fast set of laws. However, merchants can still face hefty liabilities for not meeting them. Avoid these mistakes to keep your company out of hot water with attorneys:

1. Storing Cardholder Data in Noncompliant Programs

Many states have laws regarding data breaches and, depending on where you accept cards, you may be subject to many of them. For example, Massachusetts has 201 CMR 17.00, which requires companies keeping any personal data from Massachusetts residents to prepare a PCI-compliant plan to protect that data. If a company then fails to maintain that plan, the business may face state prosecution.

2. Fibbing on the Self-Assessment Questionnaire

If you have considered tampering with the reports from your company’s Approved Scanning Vendor, think again. Time invested now to fix any holes in your data security system could save you big-time from the penalties your company could suffer if there’s ever a data breach.

The same thing applies to simply “fudging the truth” on self-prepared compliance reports. Even if you think it’s a harmless stretch of the truth, don’t do it.

3. Not Using the Right Qualified Security Assessor

Many companies use Qualified Security Assessors to help them maintain their PCI compliance. Every QSA does not necessarily know as much as another, however. It’s important to select someone who both understands your business and stays up-to-date on the latest version of PCI Security Standards.

4. Trying to Resolve Data Compromises Under the Radar

You may be tempted to fix a customer’s complaint yourself if they inform you of a data compromise. Not informing credit card companies of data breaches, however small, can lead to you no longer having access to their services. Those credit card companies can then file suit against your company, costing you big bucks in the end.

5. Not Checking ID for Point-of-Sale Credit Card Use

Sometimes it seems like no one checks IDs against the credit cards being used, so merchants tend to be lax about doing so. Unfortunately, running just one unauthorized credit card could cost you a lot in the long run. Even if the state in which you do business does not have specific laws regarding PCI compliance, a civil suit may come against your company for any data breaches. The court will not favor you if you have not been PCI-compliant.

All in all, it pays to pay attention to PCI compliance – a little time invested today could save you big-time tomorrow.

August 18th, 2015

Put an end to your IT worries, and let us deal with your technology from A to Z.Data replication at the transaction level can now be protected. A managed backup service can be done remotely. Disaster recovery in a virtualized world is much easier if it happens by disk-to-disk replication. Testing disaster recovery becomes easier too in a virtualized world. Cloned virtualized machines (VM) can be used to test failover. This results in bringing the production environment up at a secondary site. VM testing has advantages because this type of testing is infrequent with physical servers because of the time required and disruption to the business.

Recovery Manager for Testing

This tool makes it even easier for tests. Integration with the storage management layer and automation with cross-site failover occurs in easy compliance. It also generates reports for auditing purposes. A good disaster recovery plan takes into account of a virtualized environment that have issues different from physical servers. One main consideration is working out and taking into account dependencies between applications. This means you need to replicate or backup dependent systems all simultaneously to ensure no data inconsistencies will result at the storage stage.

Replication Key to Safe Storage

Replication should be integrated at the hypervisor and application level for consistency during restore processes. The process itself should be prioritized by placing various VMs making up a service into the same LUN to enable failover or recovery within designated recovery time and point objectives (RTOs and RPOs).

Understanding Business Needs and Expectations

The VMs capacities are fully utilized when the technology is able to fill the requirements of the business, its expectations, and attempts to match to the technology. Providing realistic time scales for recovery sets success which is prepared by preventive measures where core systems are protected through replication every time there is change to the data (approximately about four hours on average).

Topic Security
August 8th, 2015

mobile devices secureSecurity, scalability, and performance are now available through IT transitions when our technology combined with our expertise to provide customers with state of the art technology. The full suite managed services can provide complete solutions platform to provide optimal levels of running your infrastructure.

Managed Storage Items

  1. Enterprise-class, fully-managed Storage Area Network (SAN) with the flexibility for your storage requirements.
  2. Static data is stored on more cost-effective storage option
  3. Managed data protection for critical files, folders, and application data are backed up 24 hours and retained.
  4. Your data can be stored locally for fast retrieval, replicated remotely for disaster recovery purposes.

Technology with Security Expertise

Myers guarantees assurance that your data is available, safe, and compliant. Managed security platform includes firewall, VPN, security information, threat management, and event management, operating system patch management and anti-virus protection. The firewall solution supports network uptime for high availability. This ensures the following:

  1. Complete customized security policies
  2. Ability to configure multiple security zones
  3. Stateful packet inspection
  4. Visibility into firewall configuration

Enterprise log collection and analysis platform can be fully backed by security and compliance experts to protect your critical systems and data. Sensitive data can be handled by Security Information and Event Management for log management, vulnerability scanning, monitoring, and more. There are tailored solutions to fit your unique and specific compliance requirements and your IT budget and cut costs, but not quality. Ensure your data is secure and protected as it is transmitted with Myers Network Solutions.

Topic Security
August 4th, 2015

laptop girl thumbs upResources required to protect and comply with standards include log management, vulnerability scanning, and more. A combination of technology and expertise, Myers can build solutions to fit organizational uniqueness and compliance requirements and IT budget.

Managing, Monitoring and Balancing

The robust monitoring platform gives customers full visibility into their infrastructure, assuring compliance with all SLA’s. Advanced monitoring is done through the installation of an agent, includes monitoring of all resources, memory, CPU, disk and network utilization as well as processes running on the system. There is also basic monitoring performed without an agent. Traffic management and network load balancing solution can provide you with the competitive edge to outperform your competition with our delivery of increased reliability, redundancy, and respond to your infrastructure. Fewer slowdowns and downtime insure your website is performing at optimal and peak levels.

Database Management

Basic maintenance, comprehensive monitoring or complete management and administration support your database, Myers Team can help. Database configuration, monitoring and maintenance, management and administration, and availability and disaster recovery are all available in Myers Network Solutions. Myers Team provides your business with resilient data center network, tech support, best security, zero downtime, and storage, all at affordable rates.

Preventive Measures

Network solutions can be easier when preventive measures are in tact. Monitoring and management are critical solutions for data backup and support. Your infrastructure is less vulnerable and more protected when scanning, screening, and full visibility with backup are combined in redundancy and responsiveness.

May 27th, 2015

Communication and Coordination Are Critical

In a crisis, communication and coordination of efforts are everything. Having a properly configured network and software communication system in place can turn a potential disaster into a reason for feelings of relief and even celebration.

Be Prepared So Your Business Reputation Isn’t Damaged

When the potential disaster is in the realm of customer relations, your business reputation is at stake.

In either case, coordination of efforts can have a synergistic effect. The net effect for good can be greater than the sum of all individual efforts.

What are the plans your business has to be used in various problem scenarios? If you have none, or they are limited and incomplete, your response will lack direction and will not accomplish what a well thought out and executed plan would achieve.

Some questions to have answered ahead of time include:

  • In each type of possible crisis who do you need to collect information from? Are they prepared to provide it quickly?
  • If customers may be affected, what questions will they be asking? What are the specific answers? Who in your organization provides them?
  • Who else may need immediate answers? – distributors, suppliers, contractors, news media, government agencies?

Internal Communication

Internal communication with all affected departments is critical. When it is a customer relationship problem, some ways to be prepared are discussed here: Keeping Customers – Marketing and Customer Relationship Management. More information is here: Cloud Computing Lets Your Business Interact More with Your Customers.

Why Cloud Computing is Often Part of the Preparation and Solution

Whether the problem is internal or directly customer related, cloud computing can often make you better able to respond. Basic advantages of cloud computing are discussed here: Some Fundamental Advantages of Cloud Computing.

A Virtual Private Network provides maximum security with cloud computing. VPNs are discussed here: What is a Virtual Private Network – How does it Protect Your Online Communications and Online Networking? Additional security precautions are here: Free Report download: What Every Small Business Owner Must Know About Pprotecting and Preserving Their Companys Critical Data and Computer Systems 3.

Let Myers Network Solutions examine your network set up to prepare you to handle any situation you may be confronted with.

May 13th, 2015

Here is a list of programs and services you probably didn’t realize are all cloud computing services:

  • Dropbox
  • Facebook
  • Twitter
  • Google Mail (gMail)
  • Yahoo Mail
  • LinkedIn
  • SalesForce
  • Pinterest
  • Microsoft Office 365
  • Amazon CloudDrive
  • Microsoft OneDrive
  • Evernote
  • Google Apps
  • Youtube
  • Cisco WebEx
  • iCloud
  • HubSpot
  • GoogleDrive

These are all cloud computing. In every case, the data you are viewing on your computer screen is on a server computer located somewhere on the internet. The data is not on your local computer or network. All of these services and more keep data on their servers for you to store, use, and view.

If you don’t use cloud computing you have different security issues than if you do use it. All computers and networks should be equipped with software and hardware firewalls, anti-malware software – antivirus, antispyware, antirootkit, etc., a good password set up, and so forth. More is here: How safe is your data in the cloud – tips to keep it safe.

Cloud computing has many benefits discussed here: Cloud computing lets your business interact more with your customers and here: what are the various cloud computing models – which is best for your business.

There are several security issues to be considered when using cloud computing. Most are common to non-cloud computing networks. Protecting your data is paramount.

Issues include unauthorized access and related password issues and data loss. With unauthorized access, data can be stolen, passwords can be used to access bank accounts. Confidential records can be accessed.

Sometimes the way multiple programs and cloud sites are connected to automate tasks can create more vulnerability. If the connections are not set up properly, a problem on one can affect connected accounts and data. For example, many programs can be set up to automatically save data to Dropbox. If a program connected to Dropbox gets compromised, everything in Dropbox could be accessible.

Precautions are necessary for safe cloud computing. Many of these are necessary for a safe network even without cloud computing. The ones that are useful in both instances are marked with an asterisk – *.

The interconnections of various apps should be audited regularly* so any vulnerabilities can be addressed.

Strong and varied passwords*. More detail is here: How to come up with effective passwords and what can happen to your network if you don’t.

Training of personnel to avoid social engineering* such as phishing discussed here: Why is phishing spelled that way and what is it?

Let Myers Network Solutions install the best anti-hacking solutions on your network*.

Keep passwords and access authorizations current*. Make sure access to sensitive data is allowed for only people who truly need it. Job duties sometimes change. Employees leave and are replaced.

Let Myers set up your network for automated continual back-up*. Having am up-to-the-minute backup as well as other slightly older backups protects you even if the worst happens. Data can be restored quickly.

If your business network has WiFi, security is sometimes overlooked. Having good security features enabled there greatly reduces vulnerability.

Further, if anybody is logging in to your network from the field and is using a public WiFi spot, that can make your network substantially more vulnerable unless good practices are followed. This is also true if they are logging in from home.

Myers Network Solutions is expert at protecting your network from vulnerabilities. We protect your data and your business.

April 27th, 2015

Does your company have staff in the field? Can they connect to your company network? There are many advantages to that set up. They include:

  • The ability for field staff to immediately update customer data so your information is always current.
  • The ability to keep job site progress data or order data current.
  • Sharing of documents and fillable forms.
  • Immediate order processing and printing after input from the field.
  • With the video features of most mobile devices, your staff can show you anything necessary to make your job more efficient. Often your visit to the customer site or construction site is made unnecessary.
  • You can have instructional or informational live conferences for customers and staff.
  • You can have archived instructional and informational videos available for both.
  • Many mobile devices can be equipped with the mobile versions of your company standardized software or front ends for server-based software for easy data exchange. Many of these server based programs have encryption as one of their features.
  • With automated up-to-the-minute backup, all data from the field is secure.

Security to Use When Mobile Devices Have Access to Your Network

The first and obvious security measure to put in place is passwords. You can have multiple passwords – one or more for each area of company data. Your staff will be able to access only the data pertinent to their job areas. Data is separated by department and / or sensitivity level.

Depending on software and / or operating system compatibility, the devices with access can be limited to certain models and brands or unlimited. In addition, there can be access from only company owned devices or from personal devices.

Most mobile devices have encryption software making use of a myriad of devices possible without compromising security. Some encryption software apps are available for multiple types and brands of mobile devices. That lends additional security and additional consistency of use. It also ensures that any company documents are never on a device without its own security features.

With standardized server-based programs and standardized encryption, usability and security are both maintained. Myers Network Solutions can help you ensure you have both.

 

April 22nd, 2015

How Cyber-Criminals Attempt to Break Security and Cheat You

Cyber-criminals use a number of methods to obtain user names and passwords. Using complex passwords protects you against one method. What are other methods to watch for and avoid?

Hacking Companies with Customer Databases

These receive a lot of publicity if the security break potentially affects a large number of people. Usually news outlets will suggest a password change.

A company that cares about their customers will contact you if you are potentially affected. To log-in and change your password, go directly to the company’s website to change your password. Don’t use the link in the email.

Database hacks at several healthcare networks, retail chains and others have been well publicized. Many are not publicized.

Phishing

Phishing is sending out fake emails that are designed to trick people into providing sensitive data. They can look like they came from your bank, UPS, FedEx, or anybody. Often they are from a company you don’t do business with. Those are the obvious phishing attempts. Other can look like they came from companies where you have a relationship.

This is one form of ‘social engineering.” Social engineering is a fancy term for criminals’ attempts to trick you.

If you receive one of these, don’t provide the information or log in through the email link. Go directly to the company website and log in that way if the request looks legitimate.

Recording Your Keystrokes

If your computer or network has been infected with a keylogger, your keystrokes are being recorded and sent to cyber-criminals. This data is scanned for websites you visited, user names and passwords you typed.

Keeping your anti-malware software up to date and running it often will prevent this type of ‘infection.’ It will remove it if you are already ‘infected.’ If it removes one or more, immediately change all of your passwords for safety.

How to Know If You Are Logged Into a Secure Website

Most websites start with http. However a secure website will start with https. The ‘s’ designates a secure website. Usually the s will appear only on the page(s) where you log in and pages you visit that require a log in to visit.

Working with Myers Network Solutions allows you to pass most of these tasks to our expert training. We can provide training to you and your staff. You do not have to become an IT expert.

Topic Security
April 21st, 2015

There are two main types of firewalls. One is hardware and the other is software. Both protect your computer and network from hackers and from some malevolent software.

Without any firewall anybody with internet access could get into your company network and computer data with only their internet connection and a little knowledge.

What is the Function of a Firewall?

A firewall is a filter. It blocks access to anybody or any software who is not authorized. Routers have a firewall built into their hardware. Settings can be adjusted for additional protection. There are also firewall software programs that add protection in addition to the routers. Because larger networks have multiple routers in place, computer traffic is checked repeatedly for redundant safety.

Another Firewall Feature

Firewalls can also be used to control outgoing internet traffic. That use of firewalls is less widespread. It can prevent access to certain websites or groups of websites that are considered non-business related.

What Do Firewalls Check?

What specifically is checked? Internet service providers have huge lists of unsafe website addresses and domains that are used to block known sources of hacking and malware. The list is always in flux. In addition, there are traits of packets of data that are characteristic to hackers and hacking. Those are found and blocked. They include specific words and combinations of words, port numbers and protocols.

Why Out-Sourcing Your Network Tasks Saves You Money and Gives You Peace of Mind

Computer and network security is a constant battle between cyber criminals and the rest of us. Anti-malware software – antivirus, anti-spyware, etc. – is always being updated as new threats are found and identified. In addition, routers sometimes have upgrades available.

Myers Network Solutions specializes in keeping your network running smoothly and safely. We stay updated on the latest threats and keep all hardware and software current so you are protected. You should be able to wear one less hat – the IT hat, or hire one less person – and spend more time running your business. Myers helps you do that.