News From the Edge

Tech Tips and Advice from the Experts at Dynamic Edge

How Strong Relationships Between Your IT Support And Team Keep Your Business Safe

June 21, 2017 • 9:29 am

Hands down, relationship-building is a key to success in any organization. And that includes IT Support! If our team isn’t engaging with users, making them feel comfortable with us, don’t you think their experience with technology at work—specifically in ways they can help keep your business’ network secure—suffer?

it-security-relationships

If they are in fact concerned about your security, most IT Departments and Managed Services Providers stress out over the nuts and bolts—hardware and software—on your networks. Some may send out impersonal emails warning users of the latest attack (if you’re luck!), but without getting to know users and establishing a healthy working relationship with them, your business may be turning your biggest assets (your team members) into your biggest liabilities (phishing victims, password violators, sensitive data leakers) without even realizing it!

First, what do I mean by a strong relationship?

When I train my team to interact with clients, what my goal is for them to connect to your users on a personal level. Aside from alleviating computer headaches and making sure they are trained to identify threats to your network, I need them to establish understanding and trust with each and every user.

Once they forge strong relationships with your team—especially establishing a foundation of trust—getting users to open up about their issues at work with technology and getting them to understand and modify risky behaviors that open doors to hacks and attacks, will your business be functioning the way you want it.

User satisfaction actually increases productivity— the numbers reveal that happy people are more productive. One of the most frustrating about work is related to technology and mediocre or insufficient tech support. By creating an environment where users feel comfortable and self-assured that their issues will be resolved quickly AND by people they consider more than simply the help desk guy, we help make technology less frustrating for your team and eliminate their computer headaches so they can focus on their responsibilities.

 

User engagement improves network vulnerabilities— telling someone what to do doesn’t always lead to them doing it well. This is definitely the case when telling users what NOT to do on your network. Rather, by engaging your team during every interaction—on site or on the phone and connecting with them, we have seen network risks nearly eliminating at our client sites. Users are more involved in their security because they understand what’s going on, they trust the technicians working on their network and they are more eager to help us help keep your business safe.

User trust improves your operations— trust is the product of forging and maintaining relationships with your users. We have found that user trust not only keeps your network safer, but also improves your overall operations. Users that trust their IT Support team will submit tickets and report issues faster and will rely on our expertise rather than trying a DIY approach to resolve tech issues, which not only prevents them from fulfilling their responsibilities, but also risks them poking holes in your network security.

More often than not, IT companies focus on issues, but never even think about making connections with users.

IT technicians need to establish trust and make users feel comfortable working with us. If not, we often waste time because communication barriers will prevent them from getting at the heart of issues quickly and may leave users uninformed as to the latest security risks.

How do we build rapport with our users?

While for many people in the healthcare field, building rapport comes naturally, in information technology relationship building takes work and training. While technicians are naturally interested in resolving computer issues, they often overlook the human side of IT support—communication, empathy and helpfulness that considers user situations. What we do is develop these skills within technicians so they can each build rapport with your entire team.

At Dynamic Edge, our core values engrain a team-wide mentality to gain user trust above everything else. Trust not only makes users feel like we’ve got their backs—preventative maintenance, security patching and firewall protection to protect against the latest malware attack, but also that assures them we will handle their issues—large and small—if one were to arise.

To give you an idea of how we integrate our core values to focus on your users and their experience with us, below is how our 6 core values relate to user trust:

We Are Enjoy Helping

We Are Excellent Communicators

We Are Tenacious

We Prevent Emergencies By Eliminating Time Bombs

We Learn From Our Mistakes

We Are Disciplined

How do we build momentum within our team to ensure they are focusing on users and sticking to our core values?

The entire team acknowledges and commends customer-centric acts that represent our values. On a daily basis, emails and shout outs are given to team members that have helped clients (and peers) by channeling our core values. We all have responsibility to hold everyone accountable to up hold Dynamic Edge’s reputation of completely eliminating user issues. And a big part of figuring out heart of problems is sticking to core values and relating to our users.

Empathy is a critical component to making our team successful (and your team safe and assured). Relating to users is critical before diving in and resolving an issue. A minute of conversation can make all the difference—help our techs figure out the nuances or issues and gain user trust that we have the ball resolving their issues, rather than being annoyed or irritated that they’ve been on hold or are just another number in the system.

Even more important than initiating foundations of a trusting relationship between technicians and your users is maintaining that relationship across our team. We make sure our entire team focuses on People Process AND Technology. Having the ‘best’ software and hardware is meaningless if we aren’t thinking about how people utilize it. By identifying ways to better connect and communicate with users, our aim is to focus on creating an environment that emboldens users.

IT Help Desks should try to relate to users on a personal level— one of my favorite TV shows is Cheers. Why? I loved how everyone in the crowd was special and unique. How we got to know every single customer in the bar. That’s how I think of IT Support. We need to get to know every face in your organization. We emphasize face-to-face interactions with your users and encourage our team to find ways to relate to your users so that they feel like they’re part of our family (NOT just another ticket number that needs to be closed by the end of the day or another problem that needs to be fixed).

Over-communication as a way to make users understand their issues are being handled— we’ve found that reaching out to users by phone to talk through and identify the root of an issue is much more effective than simply using user descriptions as a means to diagnose a problem. More often than not, your IT Support team will use a user’s description of a problem to resolve an issue. The problem with this method is technicians may never understand why a user has an issue or why a problem is recurring. They don’t understand the context to the problem, which makes it near to impossible to resolve. Most IT Support companies don’t train their teams to over communicate with users—to find learn about a user’s issue in detail and to communicate updates with them—out of fear they don’t want to be bothered.

Business Technology Managers as client advocates— when your business has to deal with IT Support, you often have a point person within your company managing that company. That point person has your best interest, but other than the sales guy from your managed service provider—who talks a good talk, but has no clue how to walk the walk—you have no one that really takes your interests to heart. We have found that having someone on our team, whose mission is to represent your interests, attend your monthly, quarterly or annual strategic sessions and make sure your IT infrastructure and support is meeting your business objectives, makes all the difference to your business success.

Most IT Support companies have sales guys pitching more stuff, but leave you unsure whether you really need it. Or they tell you one thing and do another. Having seasoned technology experts that understand strategy and keeping our team accountable to giving your team exceptional service helps us with our mission to deliver incomparable service.

Does Your IT Support get to know your users? Do your users trust what they have to say and that when they say they’ll get something done, they actually follow through? Are you confident that they are doing everything they should be to keep your business network safe? Contact Us TODAY for a FREE network assessment!

What Does A Heuristic Firewall Actually Do And Why Should You Have One Protecting Your Network

June 14, 2017 • 9:10 am

With all the cyberattacks lately, how can you expect one IT guy to catch up? Cybersecurity threats are growing by the day—a 450 BILLION dollar industry has made it easy to recruit. And many budding criminals are getting on the job training on the most effective attacks.

cybersecurity-firewall

In fact, there’s little more than ordering a kit nowadays—that include all the steps on how to initiate a successful cyber campaign. That means, criminals don’t have to be the computer wiz to get some really lucrative attacks (attacks that are hitting businesses like yours!).

While having cybersecurity or security conscious IT Support is definitely a necessity to help combat all of the attacks bombarding American businesses, having good IT support and security prevention is only part of the solution. Another very effective component to your business security is having a heuristic firewall that not only recognizes attacks, but evolves as attacks get more sophisticated or when behaviors of attacks or viruses change. Today I wanted to walk through why we use heuristics in protecting client networks (and why you should consider using a smart, heuristics-based firewall for to protect your business’ network!).

First, what does heuristic mean?

It sounds like something your math teacher might use. Your firewall should use heuristic modeling to keep up-to-speed with the types and diversity of attacks confronting businesses. That means your firewall is smart enough to look at what types of attacks have happened to other businesses (or have attempted to strike businesses) and determine a large array of attack types that may be target specific components of your network.

Essentially this smart firewall is kind of like your immune system—it is always learning about new viruses and bugs that are trying to get in and blocks those (and similar kinds of viruses) from getting past your defenses.

Why does your firewall need teaching and training? Doesn’t it have everything perfect the first time?

I’m sure having worked in any Microsoft product, you’ve come across features that don’t work well. Maybe it’s something the software can’t do or maybe it’s something it should do but hasn’t been working properly. If you didn’t have an evolving firewall that sees the latest attacks and is smart enough to identify or predict the next type of attack, it likely wouldn’t be of much value.

Since hackers are always conceiving new ways to break into your networks, having a static firewall that simply provides you with 5-year old methods (rather than learning and evolving as the attacks are evolving), your firewall is likely not doing you much good (if any!).

Learning to Walk

You can think of a smart “learning” firewall like a human learning how to walk. You start out with some innate ability to move around.

When you’re born, you can move your arms and legs, but you’re not strong enough to do anything else. Over time, you continue to go through a process of crawling, standing and walking (none of which is done all at once).

Similarly, your firewall starts out with only so much understanding of the threat landscape. Over time, it learns to identify more sophisticated (or different) methods of attack. As it builds a database of exposures, your business becomes more and more protected against a greater variety of threats than if you were to simply have a static firewall.

Your business benefits from ALL attacks from thousands of businesses—rather than simply learning from attacks your business encounters. Note: the average company is exposed to over 200,000 attacks daily—that means a smart firewall encounters millions more attacks than your business would ever be exposed to in any given day.

To demonstrate how easy it is to succumb to an attack nowadays, here’s a TRUE STORY:

It was Tuesday afternoon at 1 o’clock and all of a sudden one of your team members says he can’t access their documents. A little while later, people across your office are reporting that documents are no longer opening on the network.

Come to find out your receptionist was doing research to find good prices on office supplies and stumbled across a website infected with a virus. But this virus wasn’t just any virus. This virus walked your entire network and locked EVERYTHING down on your network. Now you have to restore from backup—a process that normally takes at least a few hours.

How could this all have been avoided?

Having a smart firewall that (1) looks at where traffic is going and (2) what that traffic is carrying can save you time, headache and a bad reputation of being vulnerable to network hacks and infections.

You see, when your receptionist went to that office supply website, she clicked on a link that had a payload in it. If your firewall was smart, it would have stopped that payload and kept your company from being infected.

And even if it missed the payload, when your receptionist’s computer reached out to get the encryption key—a special key that ransomware like this uses to lock down the data—it would have blocked it because all of a sudden your receptionist’s computer is going to a place it has never been before: maybe Russia, Croatia, or China.

What you need is a smart solution. One like fitSecure. That’s capable of identifying and recognizing dangerous content. Blocking and alerting a team of experts to come in and save the day in case of someone actually getting an infection.

fitSecure:

  • Automatically blocks addresses and ports coming from suspicious geographic regions.
  • Identifies and locks down network traffic using heuristics and continues to seek out indicators of attacks to identify previously unknown cyberattacks.
  • Proactively stops attacks by inspecting code, messages and websites.

fitSecure benefits are obvious:

  • Check off your IPS/IDS requirement for HIPAA or PCI compliance because your data is safe.
  • Don’t worry about downtime from viruses—ransomware and cryptowall.
  • Get to your network from anywhere—safely, with secure Virtual Private Network access for your team.

Our no-hack guarantee is simple: if a hacker figures out a way into your systems, we will recover your data, computers and network for FREE. Why react to infections after they’ve already done their damage and cost your business? Why not get smart business security with fitSecure? Contact Us TODAY to find out how easy it can be to protect your client data, your team and your business from malicious attacks

Why Managed Security and Compliance May Be More Difficult To Find Than You Might Have Thought

June 6, 2017 • 9:11 am

Like it or not, if any computer on your network is connected to the internet, your ENTIRE network is vulnerable to cyberattacks.

With the hidden costs of a cyberattack on the rise and with more and more aspiring criminals salivating over the potential to hack into your business network and steal or ransom your data, your organization’s network needs to be more careful (and secure) than ever before. And a part of being secure is having someone on your IT support team that really understands your businesses current security risks and the steps to take to alleviate any time bombs that might trigger a disastrous event down the line. What your IT support critically needs now more than ever before is a cybersecurity expert trained, certified and up-to-speed on latest security vulnerabilities and exploits criminals are using to get into business networks.

The Problem Is That Well-Trained Cybersecurity Experts Are Hard To Find

One of your biggest IT security dilemmas now more than ever before is that cybersecurity experts—people that will make sure you have taken proper preventative measures to prevent hacks and cyberattacks—are increasingly hard to come by. Here are a few statistics, just to make you aware of how hard it will be for your current IT support to get good workers expertly trained in cybersecurity:

The US faces a massive shortage of cybersecurity experts— with a shrinking unemployment rate and less qualified workers to service IT sectors, makes the likelihood you’ll find qualified cybersecurity experts to protect your networks very unlikely. Businesses are resorting to either (1) hiring people without testing their knowledge and capabilities, learning later on that they really do not have the capacity for cybersecurity—even at the most basic of levels—or (2) are spending nearly their entire IT budgets recruiting, hiring and retaining talent that often leaves for better opportunities after a couple of years. Even if you hire a managed IT services company to manage your IT infrastructure, the majority either cannot or are incapable of handling your specific security compliance demands. Often IT Support companies fail on compliance and security because the simply don’t have processes in place to handle it.

Demand has risen compensation— even if you’re interested in hiring a security officer for your office—whether you have HIPAA, PCI, NCUA compliance demands or simply want to make sure your employee, client and business data are secure—the cost to hire a trained cybersecurity expert has more than doubled in the past two years. That means that you likely are spending the majority of your IT budget simply to recruit and retain for a position that doesn’t meet all of your IT needs. And if you are using a managed service provider, you likely are NOT getting even getting your basic security standards covered because many IT Support companies are not capable of running network security.

Most people that say they have you covered don’t even know the basics of cybersecurity— worst of all, the majority of IT Departments and IT Support companies will say they are keeping your data safe, but it turns out you’re at risk for the next cyberattack. Because of being overwhelmed or incapable to meet your security needs, many IT guys aren’t telling you the full story when it comes to your data being protected.

Even when you have someone qualified to oversee your cybersecurity risks, do they have devoted attention to it?

Most IT guys are too busy fighting fires daily. Everyone on their team is dealing with user issues, leaving no one to think about your preventative maintenance, your changing IT demands, and especially your IT security. At Dynamic Edge, we treat security as a DAILY necessity and have trained experts on our team exclusively focused on IT security and compliance. And if you have compliance demands from NCUA, HIPAA or PCI, we run your risk assessment, communicate risks with you and come up with a plan of action to address any issues—even if the issues are with secondary parties or associates.

 

Is Your Business Data Really Safe? Are you certain all of your ducks are in a row when it comes to security? Give us a call TODAY for a FREE network security assessment.

Does Your IT Support Back Up Your Critical Data?

June 1, 2017 • 9:31 am

critical-data-backup

85% of the time I audit a prospective client, I find that they either (1) have no backups or (2) have backups, but when we test them, they fail! If your business doesn’t invest time into backing up your network regularly, you may find any type of disaster—natural or human—will cripple it.

AND even more worrisome: Your Business Likely Has No Plan of Recovery

Your business likely relies heavily on one person that has a great depth of institutional knowledge and have no idea of how they can help. Many businesses continue to run with no recovery plan—plans to get the right materials to rebuild. Here, I’m not talking about bricks and mortar. There’s a lot more to disaster recovery and prevention than rebuilding a store front. When confronted with disaster, if you only have one or a handful of people “in-the-know” and no plan for your entire team, you risk a hard up-hill recovery, if recovery is even possible.

What’s particularly vulnerable in modern businesses is the technology integrating operations, sales and all of your customer and business-related data; the technology makes your business run smoothly day to day. Without computers, most of us nowadays couldn’t imagine tracking all of the pieces of the business puzzle that make things run.

Computers and other technology resources make managing and running your business much more manageable. What many in business today lack in preparedness is having a plan to get their hardware that is vital to business operations rebuilt. Most have no contingency plan—no place for staff to work after a disaster strikes and no way for people to effectively communicate. Their systems are inflexible to natural or man-made disasters and their businesses may one day be crippled or even worse, ruined, because of their lack of preventive measures and preparation for worst-case-scenarios.

Your data is now gone—once stored on a server that crashed and irreparable. You no longer have important passwords, lost important phone numbers and contact information and have no idea how to get in touch with someone who can help because that information, too, was undependably stored on that one server as well. You probably have taken some precaution to routinely— possibly monthly— back up your own data, so not all is lost.

But having a backup of just the data might not be sufficient to get things running even close to how they were. More often than not, there’s some critical data stored on a workstation somewhere that for some reason—is not where you thought it would be.

You won’t have any archival information if it was kept on site. This means you won’t be able to reconfigure your systems and risk prolonged downtime. In truth, there are 4 essential data components that need to be recovered: operating system (OS), configuration files, software and data files. If you’ve made a simple data backup, you likely are missing one or several of these components are left in a worse situation than you ever had imagined.

Often times, even if you have “the data”, you can’t even access it without the software and software configuration files. You’re almost as well-off as being stuck in a complete power outage.

And even if you’ve backed up more than just the raw data, you likely have never tested your backups! Assuming that a backup is successful and will completely recover your essential business information is too risky. You need to, if you haven’t already, identify and have in place the proper tools to read your backed-up data. You need a plan that has all the critical steps and bases covered—not one that missed an important piece—for instance, overlooking to easily access the encryption file password.

Cybersecurity has been around for almost 20 years. Why Have CyberSecurity Risks Gotten Worse?

May 23, 2017 • 1:09 pm

After almost 20 years of tackling network security—amounting to billions of dollars in investments, it seems like organizations large and small continue to struggle with cybersecurity.

wannacry-hackers

What’s Worrisome: The cybersecurity problem is getting WORSE, not better. Why haven’t we been able to nip cyber threats in the bud?

The answer is much more than a technical one. While technical issues persist to be a big part of why cybercriminals are able to penetrate your business networks (simply no one knows how to write bug-free code), resolutions to technical issues alone will not fix cybersecurity threats for three reasons:

Cybersecurity is not simply a technical problem— while most tech guys would have you believe that cybersecurity is simply based in tech, a good chunk of cybersecurity is intertwined in many aspects of society. Hackers and cybercriminals often play off of human emotion and our natural instincts to distract and deceive our users. This problem can often be seen as a multi-faceted problem that spans disciplines of the likes of economics, psychology, government and computer science (likely many others). While addressing the technical aspects of cyberattacks can effectively eliminate threats from known vulnerabilities on your network, it does not take into account all aspects of social and human awareness that are important to understand the stemming reasons for a need of cybersecurity in the first place.

The rules in cyberspace are different than in the physical world—rather than abiding by societal rules, cyberspace simply relies of the laws of math and physics. And physical boundaries and constraints—such as proximity and physical delineation—won’t stop an attack, whether it was initiated 10 miles or 10,000 miles away. The hard truth is that our physical world models of brick walls, locks and fences do nothing to protect us in a cyber world. Instead, your network’s borders are marked by routers, firewalls and other gateways. The weaker these check points, the more likely you are to avoid having security issues.

Laws directed at cybercrime have not been fully developed— Police have jurisdiction based on physical boundaries. Cyberspace allows for a criminal to attack your business from wherever they please. Many countries haven’t even addressed cybersecurity in their legal systems—let alone enforcing those laws! No matter whether you live in a city, state or country that has proposed or enacted cybersecurity laws and agencies to oversee cyber security as a top priority, the likelihood that your business is safer today because of government protection is likely a false sense of security. On top of that, cybersecurity is such a new topic for lawmakers that many don’t even know where to start. There are too many issues lawmakers should be investigating—including those of who to hold responsible for crimes and who has the authority to pursue criminals— that effective legal action is likely not coming anytime soon.

Latest WannaCry ransomware is a perfect example of our vulnerabilities!

The attack was rooted in a technical problem— Windows operating systems were found to have security vulnerabilities, which allowed for hackers to easily penetrate networks AND spread their virus to all machines on the network. These vulnerabilities had been identified and address by Microsoft, but because many businesses fail to update patches on their networks, these vulnerabilities persist to leave doors wide open to criminal attack.

There was little government could do to stop the attack—outside of finding a way to slow the initial virus and encourage users to update their systems with latest patches, there really is little to no way government was able to stop an attack like WannaCry. No government was able to specifically identify the culprits of the attack—in fact, there were reports that government-run agencies had paid ransoms simply to restore their data.

With a WannaCry2.0 variant that worked around a solution identified by industry researchers, the virus continued a second weekend in a row to plague and infest business and government networks.

Cybersecurity experts believe the attacks originated in North Korea—with little trust and comradery between North Korea and the United States, legal action in the US or other nation states affected by the virus will directly prevent other attacks from occurring. The WannaCry virus is not believed to be a nation-state-sanctioned attack, but rather has a signature of a cybercrime campaign. It is unclear what legal action within the US or other affected nations will do to stop a continued barrage of attacks from areas with little to no regulations on cybercrime and surveillance.

So what should you do?

Eliminate time bombs by eliminating vulnerabilities—make sure your networks are patched and updated regularly. This is one of the most overlooked part of IT, but the most costly in the event of a data breach! Dynamic Edge routinely updates patches, monitors client networks for suspicious activity and utilizes smart heuristic-based firewalls to prevent intrusions like WannaCry.

Train your users—while an unpatched network is likely the easiest way for hackers to crack your network, the door opens when a user clicks on a link, opens an email or dispels sensitive information (for example: passwords and credentials) to the wrong people. Dynamic Edge makes sure that its clients have opportunities for security training—PCI, HIPAA, cybersecurity or NCUA training—knowing that your users shouldn’t be your biggest security liability, but often are the source of attacks through phishing campaigns!

How sure are you that your business’ network is secure?

Have you checked your patches recently? Is there suspicious activity on your network? Are you sure your business’ data is secure? Contact us TODAY for a free security assessment to find out how to prevent the next big attack!