MSPNetworks Blog

Businesses have a lot of data to protect and it’s not so simple as implementing a catch-all solution that can keep your data secure. In fact, it takes several solutions working in tandem to maximize data security. We recommend a combination of a unified threat management tool, a Bring Your Own Device policy, and a virtual private network solution. Let’s take a longer look at them:

Unified Threat Management

A unified threat management tool consists of several security solutions wrapped into one. They include the following:

• Firewall: A firewall looks at the data flowing in and out of a network to keep any threats from passing.
• Antivirus: If a threat manages to sneak past the firewall, an antivirus solution can identify and eliminate it.
• Spam blocker: Email is one of the more susceptible business solutions to attack, but a spam blocker can keep these messages from being threats and wastes of time by keeping them out of the inbox in the first place.
• Content filter: Content filters keep employees from accessing dangerous or time-wasting websites throughout the workday.

All of this combines to form a comprehensive security tool that can significantly decrease the odds of being infiltrated by the myriad of threats out there.

Bring Your Own Device

Businesses need to be wary of mobile devices in the workplace, as they can become a bridge between online threats and your organization’s network if left unprotected. This is why we recommend that all businesses implement a BYOD policy that employees must adhere to in order to use their personal devices for work purposes. A proper BYOD policy should prioritize security through a mobile device management system that whitelists and blacklists applications, as well as provides the option to remotely wipe the devices should the need arise.

Virtual Private Networks

Virtual private networks, also known as VPNs, are particularly helpful for businesses that have devices out of the office that still need access to important data. A VPN acts as an encrypted tunnel, connecting your employees to important data in a secure environment. This keeps onlookers from stealing any data while it’s moving about, and it’s invaluable for organizations with many moving parts.

MSPNetworks can help your business get its security options in gear. To learn more, reach out to us at (516) 403-9001.

Let me ask you a question… let’s say that you’re about one year from your projected retirement, when a ransomware attack encrypts all of your files. What do you do? Pack it in and retire early? This is precisely the situation that the practitioners of Brookside ENT & Hearing Services of Battle Creek, Michigan, have found themselves in - and it may not be over yet.

What Happened to Brookside ENT?

Typical of a ransomware attack, the malware began by deleting and overwriting all of the practice’s data - every medical record, bill, and upcoming appointment. A duplicate of each file was left behind, locked behind a password that the person or persons responsible promised to provide in exchange for a $6,500 wire transfer.

Under the advisement of an “IT guy,” Dr. William Scalf and Michigan state senator Dr. John Bizon didn’t pay the ransom, as they couldn’t be sure that the password would even work, or that the ransomware wouldn’t return in the near future. As their IT resource determined that the attacker hadn’t actually viewed any of the records, this event technically didn’t need to be reported as a breach under the Health Insurance Portability and Accountability Act (HIPAA). Nevertheless, without access to this data, the physicians saw little choice than to retire early.

Well, kind of. As they had no means of knowing who had an appointment scheduled, the physicians had little choice than to wait around the office for a few weeks and see whomever showed up.

Why Throwing in the Towel May Not Be Enough

From a purely academic point of view, it only makes sense that the medical industry would be one targeted by ransomware. Not only do its establishments rely greatly on the data they have stored, there is an urgency to this reliance that cannot be denied. Think about the possible ramifications if a medical practitioner was unable to properly diagnose a patient and recommend treatment because of some unavailable data.

Of course, the strategy that Brookside ENT has adopted to close up shop doesn’t leave its owners off the hook, either. They could still find themselves in plenty of regulatory hot water.

For instance, a ransomware attack (paid or not) could be considered a reportable incident under HIPAA, or even an instigation of a negligence-based legal action. Any patient could invoke HIPAA rules if their data was in digital form and have an investigation started by the Department of Health and Human Services’ Office of Civil Rights, simply by leaving a complaint.

How You Can Protect Your Business from Ransomware

While the best way to keep your business safe is to be able to spot ransomware infection attempts before they successfully fool you into allowing them on your system, statistically, you aren’t going to be able to spot all of them… so what can you do?

One great resource you have available to you is your team. Each uneducated user offers ransomware another way in, but each educated user is another shield to help protect your business.

You should also develop and maintain a comprehensive backup plan to help protect your data from ransomware attacks and other attempts against it. While it would be ideal to not need to use this backup, it would be far less ideal to need one and not have it. Make sure that you keep your backup isolated from the rest of your network as well, so that your backup isn’t also encrypted by a ransomware attack.

At MSPNetworks, we have plenty of experience in mitigating the damage that ransomware can cause, as well as in solving various other IT issues. For assistance with any of your business’ IT needs, reach out to us at (516) 403-9001.

Data backup can be the difference between a business that fails and a business that succeeds. After all, if an organization suffers from a data loss incident so bad that it has to deploy its data backup, it wouldn’t be able to survive without it. With a data backup and disaster solution, you can ensure business continuity. But what does this kind of system need in order to succeed, and how can you make sure your organization benefits from a data backup system in place?

We’ll discuss some of the most important parts of a data backup solution and how you can keep track of whether or not it will work to keep your business safe in the long run.

The Key Parts of Data Backup
The best kinds of backup solutions have three major aspects to them. They are all important to making sure that the solution can benefit your organization. Here they are:

• Snapshot-based backups: Your backups should be taken periodically throughout the workday so that you can keep data loss to a minimum on the off-chance that you ever encounter a disaster. Snapshot-based backups can be taken as often as every fifteen minutes to minimize data loss.
• Quick data recovery: You need to have a solution in place that can plan for rapid data recovery. Minimizing costs associated with downtime is critical to the success of any business continuity plan.
• Testing to ensure proper backups: How do you know your data backups work if you never test them? You should be testing your backups to make sure that they will work as intended when you need them most.

Why Testing Your Backups Is Important
Imagine that you’re in a situation where your business is having an ordinary workday, only to experience a sudden disaster scenario. It doesn’t really matter which scenario it is, whether it’s a power surge, tropical storm, or hacking incident--the point is that it’s a situation where you won’t last long without data backup of some sort. You try to deploy your data backup, but the files are corrupted or you don’t have an infrastructure to back up to. Now what? You’re stuck in a situation where your organization needs to recover, but it can’t.

If you fail to test your backups regularly, your business--and, by extension, the futures of both yourself and your employees--is at risk. Therefore, testing is something that you absolutely cannot ignore.

What You Should Do
If working with your business’ technology isn’t what you would call your strongest skill, working with a managed service provider can help you make the right calls concerning your organization’s future. To learn more about data backup and disaster recovery, reach out to MSPNetworks at (516) 403-9001.

Data recovery can make your break your business’ continuity plan, and you absolutely cannot underestimate how important this is for the future of your organization. There are countless ways your business could lose data, and if you encounter even a single one of them, your organization could be put at serious risk. We’ll take a look at operational data loss and how your organization needs to strategize data recovery.

Data Value in Business
First, you need to realize just how important your data is to your business. There is a field of study called infonomics that can place a dollar value on your business’ data, but there is a surprising number of businesses that don’t place tangible value on their digital assets. As time passes, however, it’s becoming more apparent that organizations need to find the value in their data if they want to be prepared for the future. In particular, they are paying attention to this for the purposes of insurance and accounting, assigning monetary value to their data so they can judge their losses more effectively.

Since analyzing your data can make for more efficient and profitable business practices, being able to evaluate the value of your data in the event of a disaster is incredibly valuable. Basically, it’s all about guaranteeing your organization’s future and improving redundancy in the face of impossible odds. Here are some questions to ask yourself when thinking about the value of your data:

• How much capital would it cost to replace lost data?
• How much revenue is dependent on that data?
• How much money could you make by selling or renting the data you have?
• How much capital will you have to spend to protect this data?

Data is the life’s blood of your business. Without it, whether it’s destroyed in a natural disaster or stolen during a hacking attack, you face certain demise. Therefore, you need a way to restore it.

Data Backup
The best way to make sure data restoration happens is with a data backup solution. MSPNetworks can equip your business with a strategy that promotes redundancy. We do this by helping you implement a strategy that involves data backups being stored both locally and off-site, giving you more options and more copies of your data in the event anything goes wrong. BDR initially backs up the entire network, and it takes incremental backups following this throughout the workday, minimizing downtime in the long run and keeping data loss at an all-time low.

Disaster Recovery
The best data recovery strategy is one that never has to be used, but it still presents value as a contingency plan in the event that something does go wrong. The best way to pull this off is by having a dedicated recovery platform in place that takes advantage of these two factors:

• Recovery Point Objective (RPO) - The interval of time that might pass during a disruption before the amount of data lost exceeds the maximum threshold that your business can weather.
• Recovery Time Objective (RTO) - The duration of time within which data or business process must be restored after a disruption before it can be considered a complete break in continuity.

With a thorough disaster recovery strategy, you’ll minimize the chances of your business suffering needlessly from future disasters. To learn more, reach out to us at (516) 403-9001.