VPN's and Your Business

Ralph is a small business owner with a team of 10, most of which are in the field. They work off their phones, tablets and personal laptops from wherever they may be. Ralph has seen that more and more hacking attacking on small businesses are taking place, and knows that by his team using public wifi, they are more exposed to these malicious actors. Due to the nature of their work, everything from where they browse, to their write ups, and the files they send to each other are proprietary information that he wants

to keep safe for the sake of his business and his customers. Ralph talked to his MSP partner and they recommended he get a VPN.

WHAT IS A VPN

VPN stands for virtual private network. This is a network that while accessible from anywhere with an internet connection, is a more secure connection for a user to access the internet. A VPN is encrypted, meaning that a key is needed in order to be able to actually see the information. It serves as a cloaked portal between the user and the internet. Many people use VPN’s at home to do things such as change their location to watch foreign streaming services, or access Tor browsers to reach the dark web. While these benefits

can help your enterprise if you have remote workers abroad who can’t otherwise access your network, there are a few key benefits to a VPN for your business.

SECURITY

Public wifi servers are just that, public. This means that anyone can sign onto them regardless of the credentials. Once in, hackers can use this to access and mirror other users computers, allowing them to view your data as well as steal data and other credentials. A VPN stops these actors from being able to do so. A VPN is a cloaked portal, which means that it is encrypted. This encryption makes it impossible to view the data without a proper key to unlock the encryption. This means anyone trying to spy on yourself or your employees’ devices will only see illegible chunks. A VPN is akin to an invisiblity cloak, making it a more secure way for your teammates to enter your network from anywhere, any time with any devices. This is also the case for Peer-to-Peer file sharing amongst teammates. While services such as Dropbox, Google Drive etc do offer some security measures, often times those alone are not enough and files can be intercepted. However, with a VPN service, your employees and your customers are cloaked and protected, with these files being protected by the same encryption as the traffic.

ACCESSIBLITY

When the pandemic hit, many had to migrate their workforce from the traditional in house model to a remote, work from home model. While many companies had already migrated data to the cloud, they didn’t always have an easy way for their employees to access this data. This is where a VPN comes in. It doesn’t matter if the employee is down the street, two states away or in a country that doesn’t even allow free internet access, with a VPN, anyone with the proper credentials can get into their network and get their projects

accomplished. What’s more, VPN’s allow companies to segment data, so only specific users can access specific data if necessary. Everything from usernames to passwords to even IP addresses can be used as identifiers of who should be in, and who should be in, your network.

SAVINGS

This is a tricky one but depending on your business can be one of those great “hacks” that could be helpful to your bottom line. Businesses offer different pricing in different countries. This goes for everything from consumer goods to flights and hotels, to equipment for your business. VPN’s allow you to disguise your country. By doing this it enables

you to access these discounts for your business. This could mean cheaper hotels and flights for traveling representatives, cheaper equipment for your company

and other great savings that you would never be able to access otherwise.

CHOOSING THE RIGHT VPN

VPN’s are not all created equal. Just like many other subscription tech services, VPN companies offer a variety of add-ons and other tools for your business. The need for these obviously vary based on the nature of your enterprise. With that said, there are four main things that you should look for when choosing your VPN provider. Speed is crucial to how your business runs. You want to ensure that you at least get the same connection speed as you do from using an uncloaked network. VPN providers offer an array of different

pricing, so be sure to choose the right one for your business. Just like anything else, you never want to pay for features you do not need. Reliability is key. A reliable VPN will ensure that you don’t deal with costly and frustrating downtime issues. The final thing is ease of use. Not everyone who works for you is a tech expert. Regardless of the level of expertise, you want them to be able to access your network and be productive team members. Look at things such as the interface and how to access the VPN and ask yourself “Can my IT team and my janitorial staff both understand how to use this?"

Ralph listened and did his research. He knew that he could work with a trusted MSP, such as Delval Technology Solutions, to find the right VPN with the right features for his business. Now he knows that be it the field or the office, his team can access his network safely and securely, ensuring that the work keeps flowing and unwanted downtime is avoided.


Ransomware, The DC Police & The Colonial Pipeline

Cyber attacks have been on the rise across the board between 2020 and 2021. In fact this year, there has been a 102% rise in ransomware attacks carried out by hacker. This past week we have seen, and many of us have felt, two major ransomware attacks and their fallout. What was once something that was regulated only to businesses and smaller institutions have become big business to hackers, with companies paying out millions of dollars to get there networks back in order and mitigate damages.

WHAT IS RANSOMWARE

Ransomware is software that is designed to shut down a company or institutions network, till a monetary demand is paid. Think of it like digital kidnapping. Hackers use different methods to implant malicious software and access a system. From there they will encrypt the data it contains and lock out authorized users, until the demanded ransom is paid. Oftentimes these are sold as a service from one hacker to another, and usually target businesses or data reliant institutions such as schools and hospitals. 

While at times, in the case of WannaCry, an early ransomware program, these issues can be handled without paying the ransoms, there can be consequences. In one case, a hospital dealing with a ransomware attack had to reroute an ambulance with a critical patient over 20 miles away, causing the patient to die in transit. At times, these hackers will threaten to

delete the data. Other times, they will threaten to leak the data to both the clear and dark webs, putting personal and proprietary information in jeopardy.

These attacks are proving to be more costly as time passes, as the ransoms paid have increased 171% averaging over $300,000 per payment. The two most recent cases of ransomware are also two of the most concerning examples, as they targeted both infrastructure and security. These attacks have caused massive panic in some cases, and in others, have put lives in jeopardy of those sworn to serve and protect the populace.

THE DC POLICE RANSOMWARE ATTACK

Early this week it was revealed that the Washington DC Metro Police department was hit with a ransomware attack that originated in Russia. The attack occurred late last month, and the threat was simple. The hackers demanded 4 million dollars in ransom to unencrypt the files they had. They were clear, if they were not paid, they would begin to release sensitive data on officers, including background checks, full names and information of officers in the field including undercovers, psych evaluations and improprieties that

had been brushed under the rug.

The attack was carried out by a group calling themselves Babuk. While they are relative newcomers to the ransomware world, this isn’t their first rodeo. Babuk made headlines last year by launching a ransomware attack on the Houston Rockets. Ironically, the Houston Rockets, a professional basketball team, had security protocols that were able to minimize their damages. The Washington DC Police, were far less equipped. Last week the department offered their counter offer, $100,000 dollars in exchange for getting their data back. Babuk was not having any of that however. In response, they leaked troves of information into the world. They released documents pertaining to hiring, including candidate

interviews and reviews, information that the police had on street gangs and other criminal organizations, and daily intelligence briefings that were meant for the police commissioners eyes only. On top of that, dozens of officers medical records, addresses, and financial records have been released as well.

While the ransom has not yet been paid, Babuk has gone a different, far more frightening route. They have decided to release their ransomware code to the dark web, so any hacker can use it. Analysts have conflicting opinions on this. Some are stating the reasoning for this is that the code is faulty, it deletes files whether the party demanding the ransom wanted them deleted or not. Others have stated that this “retirement” is due to the the fact they hit a high-profile target and become headline news, leaving themselves open to retaliation from law enforcement.

THE COLONIAL PIPELINE ATTACK

If you are reading this, I imagine you are familiar with the Colonial Pipeline attack. The internet has been flooded with memes and images of people filling up bags with gasoline. Long lines, shortages and panic buying have been seen up and down the East Coast. The White House, and President Biden have had to publicly address this multiple times last week. What happened though? Last week, hackers encrypted over 100 GB of internal data in order to hold the operators of the Colonial Pipeline hostage. The pipeline, which carries gas to much of the southeastern US, had to shut it’s systems down in order to stop the ransomware from spreading.

The ransomware was designed by a group called Darkside and sold to a secondary operator. This operator had a two fold plan of attack, hold the information hostage, and threaten to release the data, similar to how the DC police attack occurred. The fallout from this was nearly instantaneous. It caused the biggest gas shortage of the twenty first century, causing panic amongst customers, and legitimate shortages across the southeastern US. The panic however, spread across the east coast. In fact, this writer personally witnessed

three gas stations in PA that were without gas, not because of the pipeline, but because of panic buying.

Darkside, the group who created the malicious software, specialize in what is known as Ransomware as a Service. They are not the ones who carry out the attacks. They create the software, and also run a help desk to aid in negotiations and victims getting their information back. Even they were not expecting the fallout from this. In fact they released a statement that in effect served as an apology claiming they never intended for their product to be used to shut down infrastructure and would, in the future, better vette potential customers and add parameters to what the software could be used for.

While initially the administrators of Colonial denied paying the ransom, it was later revealed that they paid over $5 million dollars in Bitcoin to the hackers in order to shut down the attack and save their data. As of this writing, operations have restarted at the Colonial Pipeline, adverting a long term shortage. Ransomware is a problem that is not going away. However, these attacks have illustrated how we need to be prepared, both as citizens and as a nation to protect ourselves from the damaging attacks, and hackers who wish us harm for their own personal gain. In the wake of these attacks, the White House has announced the Industrial Control Systems Cyber Security Initiative.

It is now understood that these vulnerabilities must be recognized and protected to ensure that this pipeline attack is not the tip of the iceberg. These attacks are widespread and could potentially ruin their victims. It doesn’t matter if you are a local municipality, government agency, small business or major corporation, security should be your top concern. If you are interested in protecting yourself from these attacks, make sure to stay on top of your patches, and be sure to reach out to a security minded MSP, like Delval Technology Solutions


How to Take a Proactive Approach to Cybersecurity

Moving forward, we can expect to see a wide variety of sophisticated and complex cyberattacks, including social engineering, ransomware, DDoS attacks, third-party exposures and exploitation of cloud computing vulnerabilities. As suspected, many of these attacks and their devastating impacts can be linked back to when there were unsecured gaps that developed when companies and their employees were thrust from their secure on-premise IT infrastructures to remote networking capabilities. 

The key here is that, at a time when organizations are at their most vulnerable and trying to take their first steps back to their office environment, malicious actors are continuing to ramp up their efforts. To combat an ever-evolving range of cybersecurity threats and compliance requirements, it’s time to invest in a plan of attack that combines new technology and integrations with tried-and-true best practices.  

In this article, the experts at Company Name will cover several best security practices to protect your network today and into the future. If you’re interested in protecting your team with reliable cloud security, mobile device management, and more, contact us today.   

Step 1: Determine Where Your Vulnerabilities Lie 

Do you ever wish you had a way of identifying potential threats and how they could impact your organization before they occur? With a comprehensive security risk assessment, not only can you identify and mitigate potential threats, but you can pinpoint the source of the threat, understand that the threat will likely materialize, and recognize ways you can remediate vulnerabilities in your organization. Common tasks performed in a risk assessment include the following:

  1. Review the adequacy of your organization’s existing security policies and procedures 
  2. Analyze threat and vulnerabilities, including likelihood and impact 
  3. Review agreements involving products or services from vendors 
  4. Review logical access and other methods of authentication  
  5. Check the configuration, usage and maintenance of firewalls, servers, and remote access systems 
  6. Create a report that documents the assets at risk, their corresponding threats, likelihood of occurrence and potential impact for future decision-making 
  7. Develop an assessment policy that defines what your organization must do to address and mitigate the identified risks 

Step 2: Adopt Proactive Cybersecurity Solutions 

Once you’ve identified the current and emerging threats posed to your organization, it’s time to invest in a cybersecurity strategy that covers all of your bases, including cloud security, network security, VPNs, firewalls, data backup and mobile device protection. This typically involves gaining an in-depth understanding of the assets your organization is expected to protect. Then, you need to determine the appropriate level of risk exposure for your organization and get to know the threat landscape. Lastly, you will need to create a multi-layered strategy that addresses the vulnerabilities of your current security measures.  

Step 3: Turn to Your Employees 

When it comes to mitigating cybersecurity threats, your enterprise and all of its stakeholders need to be savvy. The basis for preventing a cyberattack of any kind starts with knowledge of cybersecurity best practices and the role you play in defending the organization from risks. When employers prioritize cybersecurity awareness training to address constantly evolving threats, it helps mitigate one of the most prevalent risk factors: human error. Some of the largest data breaches have occurred as a result of one employee falling prey to a phishing scheme that popped up in their inbox. Whether your method of prioritizing cybersecurity awareness involves creating a bulletin of cybersecurity news or routine sessions on secure browsing practices, it’s important to keep new and emerging cyberthreats in your line of vision at all times.  

Step 4: Partner with a Dedicated Technology Partner  

Last but certainly not least, you’ll want to work with a dedicated technology partner that can help ensure you accomplish all of your IT and cybersecurity business goals with ease. No matter whether you’re looking to ramp up your cloud security or double down on ransomware prevention and response, Delval Technology Solutions is here to provide you with a strategy customized specifically for the technology needs and compliance requirements of your business. No stress, no hassle, and no strings attached. Contact our team of security experts today. 


AWS vs Local Cloud Providers: Who's Best for Your Business

It has been said that we live in an era of infinite choice. From the foods you eat, the shows you watch, to  the goods you purchase, the possibilities are endless, and at times so is the confusion. Oftentimes our choice comes down to who is providing the service and where we are getting it from. Do we pick giant platforms backed up by industry titans like Hulu, Spotify and Whole Foods? Is supporting small businesses, such as buying from Etsy stores, watching independent films, and shopping at farmers markets, important to your decision making? It can be a lot to process, at times to the point of anxiety and frustration.

The cloud has gone from a novel idea to upload your personal photos to, to a must have when it comes to backing up your business data. It has been said that over 6 million hard drives crash each year, so not having a cloud backup is basically no longer an option. Choosing a cloud service provider for your business is no different than any of these choices. Do you go with the multi-billion dollar corporations such as Amazon, Microsoft and Google? Do you choose the personalized and localized approach of a company such as Delval

Technology Solutions? Well, it depends on you and what you are looking for. Today we are going to focus on the head to head between your local service provider, and the monolith of business and consumerism that is Amazon.

WHAT IS AWS

AWS stands for Amazon Web Services. Like everything that Amazon does, when they start to see they are spending to much money on an outside service, they move it in house, and then lease it out to others. After encountering problems with the United States Postal Service, they created their own shipping fleets. After realizing they were spending huge sums of money on server fees, Amazon sprung into action and purchased server farms around the globe. From there, to expand on their revenue base, they launched the subsidiary known

as AWS. Using these massive server farms they acquired, Amazon began offering cloud services for businesses of all size across the globe.

WHAT DOES AWS OFFER

AWS is known for it’s ease of use. Similar to Amazon’s other services, they pride themselves on not being to tech heavy and their ability to be understood by businesses ranging from tech novices to experts. Following the playbook utilized by their parent company, AWS strives to be a one stop shop for companies, offering a variety of software, network and analytic tools, and other products to bolster their cloud services. They also offer unlimited bandwidth, which makes scalability much easier, and security services to ensure that

working with them, your data is protected.

WHAT ARE THE ISSUES?

However, Amazon Web Services also has it’s drawbacks. One of the biggest, is their billing system. As a business owner, when you get an invoice, you want to know what you are paying for in an easily digestible manner. It can be frustrating to open up your invoice and see things that you weren’t using being charged to you, obtuse explanation of charges, or being charged for things that you didn’t know were add-ons. These are all complaints that AWS customers have made in regard to their bills.

In the past few years, data mining has gone from a relatively unknown industry term to a part of the cultural lexicon in regards to tech. Privacy concerns of the average citizen when it comes to big tech are mostly, in fact, based on the practice of data mining. As you know, your data is the lifeblood of your business, and is something that you must protect at all costs for the sake of your company and your customers. Unfortunately, one thing AWS doesn’t protect you against is data mining. In fact, they are usually the ones mining your data! Amazon is set up to mine customer data to gauge usage, buying and reviewing habits, geography and income. AWS mines your data in the same way, using their own analytics tools that they are reselling to you. Also, Amazon and AWS have found loopholes that allow them to sell your data to foreign corporations and governments, the same way that personal

consumer data is shown.

Another important thing to remember when it comes to AWS is the scope of the company. AWS has millions of subscribers around the globe. While this can be a good thing on certain issues, it also means that the chances of dealing with someone who knows you, your business, and where your data actually is are slim to none.

WHAT CAN A LOCAL CLOUD PROVIDER DO FOR YOU?

Think of your local cloud provider, such as Delval Technology Solutions, as your favorite family-owned store. While they may not have the same stock of a Wal-Mart or Amazon, they provide other things that these giant conglomerates can’t.  Your favorite deli remembers that you want hot peppers, but you hate pickles. The local hardware store owner helped you

handcraft your new deck. Your favorite bartender, well you don’t even have to order, your drink is waiting for you as soon as you make eye contact. A local MSP is no different than any of these local businesses. When you build a relationship with them, they get to know you and you get to know them, personally. More importantly, they get to know your

business. You aren’t just a code on screen being forwarded to some far away call center. You can walk into their office, shake their hand, and speak with them about tech issues that are important to your business. When it comes to advising you on your next steps, your local MSP is doing so with intricate knowledge of your business and your needs, something you can’t get from a giant company.

A company like AWS has server farms all over the globe. While this has it’s benefits in terms of operational scope it has it’s drawbacks as well. One of which is for bringing new clients to the cloud. It can take a new customer more time and headaches to migrate to a gigantic cloud than to a localized cloud. It’s also an issue of comfort. After all, this is your

network, the lifeblood of your business. Not knowing where it’s located can be a cause of anxiety for many. However with a local MSP such as Delval Technology Solutions, knowing where your data is stored and who is watching it is a transparent issue.

Chances are, you aren’t a technological expert. You are however an expert in your field, trusted by your client to handle their needs be it legal, financial or otherwise. It’s fair to say that you want your cloud service provider to be an expert as well. While a company such as AWS may have thousands of employees, they do not have thousands of experts. This can pose an issue while looking for solutions to complex problems regarding your network. A local cloud provider is different. They are experts at their systems, and due

to having a hands on approach, are teeming with solutions to any issue you may face, many times before you even have them.

Finally, and to many most importantly, is cost. Your local cloud service provider understands your budget and works to keep you inside of it while providing you the most “bang for your buck”. They can make sure you are only being charged for what you need, not things you may possibly need in the future.

When it comes to a cloud provider, there are many factors to take into account. What matters to you and your business can be many things. For some it's cost, for others it's comfort. Do your research, weigh the pro's and cons. This will help your business live a long life and not die "death by infinite choice."


Threats To Look Out For in 2021

2020 and the Covid pandemic not only changed the way a lot of companies do business, but it also changed the way hackers attack those businesses. Last year, cyber attacks were up over 200 percent, and this trend shows no signs of letting up. More people are working from home, utilizing mostly unsecure home wifi networks to access their company clouds. While many of these attacks being used by attackers have been used in the past, their methods are getting more sophisticated. What follows are the biggest threats to look out for in 2021. Protect yourself from these with proper software and protocol, and a security minded MSP such as Delval Technology Solutions.

SOCIAL ENGINEERING

Social engineering attacks are those that use your employee’s and even yourself to exploit your network. The most notorious of these is Phishing. Phishing attacks use misleading texts, emails and even phone calls to convince the recipient to execute an action that can range from inputting your email and password into a mirrored site that takes your data, to downloading a file that is full of malware, to even sending money to the culprit. These are done using emails and texts that look like they are for legitimate reasons from legitimate

sources. In 2020, phishing attacks rose by an astounding 600%.

An offshoot of this is called spear phishing, which is a more targeted form appearing to come from trusted sources such as CEO’s and HR departments. Pretexting has also been

on the rise. Pretexting relies on both trust and empathy. These criminals acted as a person known to the victim, maybe their boss calling and saying he is stuck and needs some help in the form of gift cards. While phishing is a more basic form, such as “You have just won a million dollars”, pretexting is more complex, with a believable story and a repour. However, regardless of how they are doing it, a social engineer’s goal is to get into your system, and get valuable resources, such as money or data.

RANSOMWARE

Over the course of 2020 into 2021, ransomware attacks have soared. Many are familiar with the WannaCry attack that nearly shut down the UK’s National Health Services.  Ransomware occurs when hackers access a system and hold data for ransom, locking authorized users out of the system until the ransom is paid. Most recently, the Washington DC

Police Department was hit with a staggering ransomware attack. Over 250 gigabytes of data, including personnel files were held for ransom by a dark web hacking group out of India. While many other attacks have been prevalent, ransomware is perhaps the most concerning. There is no guarantee that if you pay the ransom you will get your data back. This is why proper encryption of your files and proper backup protocols are critical, as to not be left vulnerable and have your system open to attacks.

DDoS

DDoS stands for Distributed Denial of Service. While the acronym may seem a bit confusing, the attacks are straight forward. A DDoS attack sends hundreds of thousands if not millions of requests, emails and data packets aimed to overwhelm a corporate server, in the hopes of shutting down it’s function. These don’t just shut down e-commerce sites or email servers, but they attack your entire network. One of the things they slowdown is referred to as SNMP, or simple network management protocols. These are the protocols

attached to your entire network and can shut users out of your system, and even throw your hardware out of wack. Last year, Amazon Web Services was hit with a massive DDoS attack that caused major headaches, even for a billion-dollar organization with high end security protocols. School districts in Massachusetts and a university in Canada were among those hit last year. However, all three chalked it up to a network failure, only to discover later that it was hackers who took down the network.

FILELESS MALWARE ATTACKS

Traditional malware requires the attacker put implant a code into a system. This doesn’t make it any less dangerous, however it does make it easier to detect. However, we have seen an uptick in a new form of malware that requires no code. It uses operating tools within the network to work against your system and steal your data. The approach is also known as “living off the land”. The social engineering, we spoke about before is a method that is used to get into the system by these malicious actors. Once in the system, the

fileless malware usually is implanted into the registry or memory, making sure it runs every time that the system is opened. There is no file to detect, only self-writing

code that is hidden deep in the memory, stealing whatever the hacker sees fit, tricking your network into working for the criminals, against your business.

These often are used for cryptomining attacks, in which a hacker can transform an entire network into a cryptomining outfit, slowing down the network, jacking up energy bills, and potentially destroying hardware due to system overloads. Last year alone saw a nearly 900% rise in these attacks.

ZERO DAY EXPLOITS

In March, Microsoft announced that the Exchange server system was hit with a massive worldwide Zero Day Exploit. A zero-day exploit is named as such as it occurs immediately when a vulnerability is discovered. Hackers work long and hard to find these weaknesses in major software, and when they do it’s off to the races. These exploits can take months for the attacked developer to realize, in Microsoft’s case it took almost 3 months from the original exploit until it was discovered and patched. Usually, the developer isn’t even

the party that realizes the exploit occurred. For the most part, a security watchdog firm or a hacked end user is the first to realize that the exploit is occurring, and in most cases after the damage is done.

These are just a few of the threats that we will be hearing a lot about in 2021. How they effect you is all about how you handle your security. The best thing you can do, partner with a security minded MSP such as Delval Technology Solutions. This gives you access to a team of experts, world class security technology, and most importantly, someone who has your back. On top of that, regular system maintenance, routine vulnerability checks, and staying up to date on your firewalls and anti-virus software will keep the headaches and the hackers at bay, allowing you the piece of mind to run your business in peace.


3 Ways Cloud Services & VoIP Technology Can Enhance Business Collaboration

Over a full year after a monumental shift to work-from-home, a number of companies are heading toward a hybrid workplace where employees have the flexibility to rotate in and out of the office and access what they need through cloud services. One potential roadblock to a successful hybrid workplace model is the upfront investment in tools and systems that can support a blended workforce. In this blog, we’ll discuss a few of these investments in greater detail and why it’s so important to implement them as soon as possible. 

For more ways technology can change your workplace for the better, reach out to the experts at Delval Technology Solutions.

#1 Enable a Digital Workplace with Tools to Conduct Business Anywhere

If you want to harness the power of mobile collaboration, it’s important to make sure that your team has the right tools to sustain a successful mobile experience. Are your workers able to do the same work from their laptop or cellphone as they can from their desktop computers? If not, invest in technology that can make key applications accessible. 

To boost collaboration, you’ll want to set your team up with a digital toolset that can bring your entire staff together through email, video calling, group chat and synchronized calendars.

#2 Take Your Collaboration Tools to the Next Level with the Cloud

In past years, enabling your business with advanced collaboration technology required complex, time-consuming and expensive infrastructure. But now, with the rise of cloud technologies and cloud-hosted applications, advanced collaboration is well within reach. Whether you’re looking to collaborate in real-time through virtual meetings or asynchronously through shared workplaces and files, innovative cloud services are sure to take your collaboration tools to the next level. 

Cloud-based business applications are easy to deploy, maintain and access. Even better, your critical data and files are automatically synced and accessible from any of your internet-ready devices. No more confusion over which file version is the most recent or frustration over who can’t access a file off site. Some common cloud-delivered collaboration services worth looking into include Dropbox, OneDrive and M-Files. 

#3 Integrate VoIP with Your Existing Tools and Applications Integrate VoIP with Your Existing Tools and Applications

Voice over Internet Protocol (VoIP) is a technology that converts voice into a digital signal, allowing you to make phone calls over a broadband internet connection as opposed to a traditional landline. And VoIP technology can integrate different multimedia so you can turn an instant messaging thread into an impromptu virtual meeting. Better yet, there’s no need to purchase extra hardware or software from yet another vendor. With VoIP, you have more options than ever for real-time collaboration, all with your existing equipment. 

Are You Ready to Grow Your Business? 

If you’re ready to deploy a forward-thinking technology plan that integrates tools essential to real-time collaboration, such as cloud services and VOIP, it’s time to partner with the technology experts at Delval Technology Solutions. You’ll receive ongoing support, up-to-date insights and all the tools you need to set your business up for success.  


The In's and Out's of PCI Compliance

Paul runs a distribution company. They package, send, and deliver orders all over the area, and most of the transactions they deal with are electronic. Their servers are teeming with data from these transactions, including bank account and credit card numbers. Two weeks ago, Paul had to fire someone in the warehouse. The employee felt the need to get even, so he copied scores of credit card numbers that were in an unsecured folder on an office desktop. This compromised Paul’s entire operation and he knew he was going to face

consequences. He had been to lax on protocol for his network, and knew that when asked if he validated his PCI compliance the answer would be no. What happens, and what can you do to avoid being a Paul? Read on to find out.

WHAT IS PCI?

PCI, or PCI DSS, stands for Payment Card Industry Data Security Standard. It was enacted in 2006 by the PCI Security Standards Council, which includes major credit card companies including Amex, Discover, Visa and Mastercard. Due to the rise in E-commerce and the subsequent rise in account breaches, it was put into place as a set of guidelines to ensure that customers account information is safe and to protect these companies against heavy losses. PCI has six goals, each with separate requirements for merchants

and businesses to follow.

WHAT CAN NON-COMPLIENCE COST

Noncompliance can be a very costly thing. These fines on the regulatory side can be between $5,000 to $100,000 dollars per month depending on the violation. The fines are collected every month until compliance is reached. On top of that, your business will most likely face steep penalties from the card providers to cover their damages as well. While these charges may be manageable for big businesses, for small to mid-size businesses, these can be death sentences.

HOW TO REMAIN COMPLIENT

As stated before, the PCI SSC put together a list of 6 goals for your business with 12 steps to follow. They wanted to make these as easy as possible to implement as the goal is not levying fines but protecting businesses, customers, and themselves from cyber criminals.

GOAL 1- BUILD AND MAINTAIN A SECURE NETWORK

The first goal is to “build and maintain a secure network.” This involves setting up security measures such as firewalls to protect data from being leaked. It also requires businesses to use custom passwords and change them regularly to further keep your network safe from intrusion. This is a very easy to manage step that can be implemented either in house or with a compliance forward MSP such as Delval Technology Solutions.

GOAL 2- PROTECT CARDHOLDER DATA

This goal is about protection of the data when sending through a network. We all know how credit card processes work at this point. It starts with the vendor and the information is transmitted to the financial institution for processing and approval. Different vendors have different networks, so encryption is the focus of this goal. Card information should only

be stored for necessary regulatory, business or legal purposes. When you do keep the data, you must block out key information such as cardholder name and the first 12 digits of the card. By properly encrypting your data, you can protect yourself and your customers from data-thieves and keep yourself within PCI compliance.

GOAL 3- MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM

No network is impenetrable. In fact, the best offense against being hacked is awareness and defense. A proper vulnerability management plan is key to this. Always make sure your anti-malware and anti-virus software is up to date and running. Regular tests and assessments should also be run in order to spot any new vulnerabilities and ensure your network is

properly protected.

GOAL 4-IMPLEMENT STRONG ACCESS CONTROL MEASURES

A big part of securing your network and maintaining compliance is making sure that only approved parties within your enterprise can access credit card data. This has to operate on a need-to-know basis, making sure that your employees only have the least amount of relevant card data to do their jobs. If it does not have to be seen, it should not. In addition, you need to employ robust passwords, which are defined as at least seven digits and have numbers, letters, and characters. Multifactor Authentication needs to be in place, making sure that anyone trying to access the system is verified via a second step. Finally, just as you have to separate your trash from your recycling and put it out to the curb on a certain day, you have to follow specific rules for holding and disposing credit card data. Unless otherwise stated by law, you must dispose of this information after 90 days, and must be destroyed after that point.

GOAL 5- REGULARLY MONITOR AND TEST NETWORK

This may seem like goal 3, but this refers to your transaction network. Any endpoint or transactional system you are using needs to be monitored and tested on a regular basis. Transaction logs must be put on a central server and kept for one year. These logs should be reviewed daily to ensure that any potential breaches can be identified. On top of this, penetration tests should be run regularly to find vulnerabilities within your system.

GOAL 6- MAINTAIN AN INFORMATION SECURITY POLICY

We make plans for everything we do. We have maps and routes for trips, plans to meet friends, blueprints for buildings and just about every other facet of our lives. Your network needs a plan that is both thorough and easy to follow. You must have protocols for how to handle every part of the process of completing a transaction, for how to store, process and dispose of data, and to protect your network. Having this policy not only helps you and your team follow proper steps, but also helps any regulators looking track your work, making everyone involved life easier.

In the end, Paul had to shut down his business over this issue. Had he partnered with a focused MSP such as Delval Technology Solutions, or followed these guidelines, he would still be fulfilling orders. Don’t be Paul. Follow these simple guidelines, align yourself with a great MSP who can handle your compliance issues, and remove a major headache for doing business. You can thank us later!


Is it Time To Break Up With Your In-House IT?

The world of business changes at a pace that is unmatched. In the past year we have seen companies move from an office-based workflow to a work from home model. Software that used to have to be purchased yearly every time it updated has been replaced by subscription services. Onsite hardware to back up data has been replaced by the cloud. One thing that has not changed, however is the need for IT support. While many companies still employ the traditional IT guy or gal, others have found that going the MSP route works

much better. What is best for your business? Having a dedicated IT person certainly has it’s merits. They are employed by you, making your business their primary focus. Your IT person knows the ins and outs of what you do and have a relationship with both you and your employees. They are a specialist, which can be a good or bad thing, which we will touch on in just a bit. Let’s unwrap some of the gaps that can be caused by an in-house IT person, and why an MSP may be better for you.

COST

Having a good to great in-house IT guy will normally run you in the six-figure range. This is not to say they are not deserving of such a salary, but it certainly can be a big dent in the yearly budget for a small to midsize business. With an MSP, your costs are shared by multiple businesses also using that MSP, meaning you get IT expertise at a fraction of the cost. What is more, many MSP’s also offer packages that include much of the subscription software you use, giving you access to the best technology at a much lower price. This is one of the key benefits to an MSP such as Delval Technology Solutions, you get all the talent of an in-house IT person, at the fraction of the price.

RISK

When you have a single person handling your IT, you are beholden to them, even if you are the one employing them. They are the single source for expertise of your network and are just one person. If they get sick or go on vacation, well you can end up having your whole network stuck at a standstill. What if they leave? If that is the case, you have to find a

replacement, train them, get them acclimated with your network, and this process can take weeks if not months, leaving your companies needs vulnerable. With an MSP such as Delval Technology Solutions, you have a team working behind you, not just one person. If one person leaves, or goes on vacation or gets sick, nothing changes, you still get the same great service without all that pesky downtime.

EXPERTISE

We have all heard the phrase “jack of all trades, master of none”. This refers to someone who is versed in many different avenues but doesn’t have a clear area of expertise. Most people in the corporate world fall into either that category or that of a specialist, highly versed in one area, but lacking in many others. This is no different for IT. Your in-house IT guy

may be a whiz at programming, but how are they at security? Your network is a multi-faceted system, that when working in harmony, can help propel your business to the next level and save you time, money, and anxiety. When it’s out of whack, it can have devastating consequences. Think of your IT staff as a doctor. You walk in with a broken foot to your general practitioner, who while familiar with feet, is not an expert. So what does he do? He refers you to a podiatrist. This is because the podiatrist specializes in feet. Now, if you were to walk into a major hospital, they have teams of specialists on hand, at your service depending on your ailment. That is the difference between employing an IT person, who is

akin to the general practitioner, vs hiring a managed service provider. A proper MSP, such as Delval, is like the hospital staff, teaming with specialists and experts for all of the moving parts of your IT needs, from helpdesk to security and systems management, for a fraction of the cost of a dedicated IT person.

EFFICENCY

As the old saying goes, time is money. When you experience a problem with your network, you need it handled as quickly as possible. Your IT person can handle this, if only one thing goes wrong. However, bugs, viruses, and attacks do not factor in your IT person’s capabilities when they happen, they just happen. Picture this, you have a system error that your IT person is rushing to fix. While they are handling that, you have two employees locked out of an account, potentially delaying them from reaching a deadline for a client.

On top of that, someone just opened an email they shouldn’t have and may have just compromised your server. These things happening one at a time can be bad

enough for an IT person to deal with, but if they happen all at once, that’s a recipe for disaster. With an MSP, you have a team at your disposal who can multi-task

and troubleshoot multiple problems at once. This saves you valuable time, which in turns, saves you money.

We get it, your IT person has been with you for a while. You probably have a bit of an emotional attachment to them. They know you, you know them, you are friendly. However, this is business, and at times we have to take a hard look at the facts and the numbers. Ditching your IT guy in favor of an MSP can do wonders for your enterprise. You will save money, as you are paying for a service that doesn’t need things like vacation days and insurance. You gain a variety of expertise as opposed to having one specialized employee handling a

network that has many different facets to it. You get a seamless experience without having to worry about a transition that usually comes with a ton of downtime, and you get the efficiency of a team working behind you. Is it time to drop your IT person and move to an MSP? Probably.


Tips for Optimizing Your Home Wi-Fi

I want you to imagine for a minute you are a salesman. You are in a zoom meeting with a potential client worth millions of dollars. You worked painstakingly on your presentation, dressed in your best suit, and practiced your pitch in the mirror till you were saying it in your sleep. The time for the meeting comes and just as you are getting in your groove, your

screen freezes and you get bumped from your own meeting. This is at best embarrassing and can take you out of your groove. At worse, it can ruin your chances of making a life changing deal.

In the Covid and Post Covid era, working from home has gone from something enjoyed by a select few, to over half of the workforce. Many employers have found that their fear of a productivity dip was misguided. In fact, over 70% of employers have stated that they will continue to encourage remote working as they have seen a productivity increase, not the expected decrease. That is not to say that working from home is one giant bed of roses. It has it’s perks and it’s drawbacks just like anything else. One of the biggest factors in one’s ability to work from home is their home wi-fi network.

TEST YOUR SPEED

We live in an age of high speed internet, but what about those who live in rural areas, are working in parts of their homes far from their routers, or are otherwise having wi-fi issues? The first thing you can do to make sure that your wi-fi is giving you it’s all to check your wired connection. First bring your laptop over to your modem. From there, grab an ethernet cable and plug one end into your modem and the other into your laptop. Depending on the age of your laptop, you may have to get a converter for ethernet to HDMI. From there, run a speed test. There are many sites available via a simple Google search that can test the speed of your connection. If you have an issue, such as getting less bandwidth then you are paying for, call your Internet Service Provider to get it resolved. Why you have them on the line, check if it’s possible to upgrade to a higher bandwidth service. Usually this can be done without even having to change out your hardware!

LOCATION MATTERS

Check where you have your router in the house. Is the signal being blocked or obstructed by a cabinet it may be in or thick walls? While it may seem like an overly simplistic fix, remember that the signal needs to effortlessly pass through your space to achieve optimal wi-fi. Moving it to an unobscured section of the house could drastically change the quality of your signal. You can also try changing the channel on your router. Like the walkie talkies used by security forces, construction companies, and children around the globe, your router has multiple channels. If one has to many signals passing through it, it can slow your wi-fi signal to a crawl. Think about it like driving to work. You see that one route is full of traffic and will make you late. The alternate route however gives you a clear path to work with far less congestion. Your wi-fi signal is no different, so pick the

path of least resistance as often as you can.

UPDATE YOUR ROUTER

If these steps do not work for you, you may need a hardware update. Usually, a new modem can be obtained from your ISP for no charge, or a small increase to your monthly bill. Routers are technology just like anything else and are updated and upgraded on a consistent basis from the manufacturers. You can also pick up a wireless antenna from an electronics store which allows you to direct the signal. You can even choose between a multidirectional antenna or one that points the signal into the direction of your workstation.

BUY AN EXTENDER

While these steps may help those, who have an issue of placement of their router or their signal direction, it is not going to help those who have offices on the other side of the house. It’s also not going to work all that well if there are a lot of walls to pass through in order for the signal to reach you. In these cases, the best thing you can do is invest in

either a wi-fi extender or a wireless mesh system. These are more costly options than those listed above. However, they are powerful tools for extending the range of your signal when all else fails. A wi-fi extender does exactly what it says it does, stretches your wireless signal so it reaches the far ends of your house, no matter where your router is. It does this through acquiring you signal and rebroadcasting it. The strength of your signal in this case diminishes slightly as anything being received through the extender because you

are not receiving the original signal.

UPGRADE TO MESH

If the extender is not doing the trick, the best solution in your Wi-Fi optimization bag of tricks is something called a mesh system. The mesh system does not work in conjunction with your router like an extender does. It replaces your router. While a router signal comes from a single unit, a mesh system is made of multiple pieces, called nodes. One node plugs into

your modem, similar to how your router is set up. From there, the other nodes are placed throughout your house. They work as sort of an air traffic control system, routing the signal effortlessly throughout the house from node to node. This causes the signal to be spread out over your house, like an invisible blanket of wi-fi. This system makes a mesh your best option for those with larger floorplans or large amounts of walls to pass through.

Working from home can be daunting enough as it is. The last thing you need is to lose a deal because your connection decides to drop right when you are hitting the peak of a presentation. Utilizing these tips, you can work through your day without worry that you’re going to drop an important call or miss vital information. After all, between your kids, pets, and significant others, working from home can be daunting in and of itself. By optimizing your wi-fi, you optimize your workday, and maximize your productivity and potential.


Work From Home Security: 5 Types of Cyberattacks That Target Remote Workers and How to Defend Against Them

Remote work is a way of life for many businesses across the globe. The opportunity to see productivity and workforce satisfaction increase encouraged many employers to keep either partial or fully remote workforces. However, the drastic shift towards remote work left many companies with IT infrastructures that weren’t built to handle work from home security and business data privacy. According to the FBI, cybercrimes have increased by 300 percent since the beginning of the pandemic! This article will explore the most common cybercrimes businesses encounter due to remote workforces and how to properly implement data security protocols to ward of cyberattacks.

#1 Social Engineering:

A study by the Ponemon Institute concluded that cybersecurity prevention measures can save businesses up to $1.4 million per attack! But what exactly is social engineering and how does it affect your remote workforce?

Social engineering is tricky because it can be performed both in person and via digital strategies. This form of cyberthreat is the extraction of critical information or breach of security through psychological manipulation. This threat could appear as harmless as a conversation at a coffee shop or a hacker posing as a potential client.

The Defense:

Just like a conversation with an employee can compromise your data security, it can also protect it. By hosting workforce training, you can reduce the likelihood of human error and help your employees spot warning signs of potential social engineering attempts. As an extra layer of protection, you should also establish the use of a Virtual Private Network (VPN) to act as a gateway extending your private network across a public one. This keeps malicious activity that could threaten private information security isolated at the source.

#2 Cloud-Based Vulnerabilities:

In Q2 2020 alone, McAfee reported seeing a steep 7.5 million external attacks on cloud accounts, a growth of over 250 percent from 2019. These attacks especially targeted cloud servers that weren’t password protected. While motivations once the cloud security was breached vary between ransomware, brute-force entry, DDoS attacks and more, the results are all ones to avoid! With businesses utilizing cloud-based systems more with remote workforces, this is an area of work from home security that oftentimes needs attention.

The Defense:

As the vulnerability above illustrated, simply adding a unique, random character password that changes regularly can be enough to halt many attacks on data security. Finding cloud-based systems that provide extra layers of data security can also protect your data privacy. An additional measure you can take with remote employees is requesting cloud collaboration tools only be accessed on secure, company-based devices and that all files are securely stored in the cloud system. You should also work with an IT expert to ensure regular updates are being maintained on all software and technology, as unpatched technology leaves a door open for hackers to enter otherwise secure systems. By taking these steps, your cloud system’s security will be far more reliable.

#3 Ransomware and Malware:

For 2021, Cybersecurity Ventures predicts that businesses will be attacked with ransomware every 11 seconds. Even worse, a study by the Ponemon Institute calculated out that the average cost for a business to clean up the aftermath of a cybersecurity breach to be approximate $690,000 per small business, and over $1 million for middle-market companies! With your private information security and ROI on the line, it’s critical to bolster work from home security to prevent these costly attacks to your profit, brand reputation and data privacy.

The Defense:

There are a few strategies you can implement in unison to provide your business with 360-degree protection from ransomware and malware threats. The first strategy is the provision of company-owned devices rather than allowing employees to use personal devices. This allows you to control the security measures in place and monitor access points from potential hackers. Another strategy is the use of Data Loss Prevention (DLP) plans. When an IT expert is consulted, a DLP is a robust defensive plan that can tighten preventative security measures, backup valuable data, isolate potential attacks from the main network and react swiftly to active threats and data breaches. These plans should be disseminated to all employees so that everyone is on the same page regarding appropriate digital behavior, potential risks and how to react if they see something suspicious occurs or arises.

#4 Password Attacks:

This is a simple vulnerability that many businesses can potentially overlook. If you reflect on your own password usage, odds are you use a specific set of passwords that you’ll remember across many of your digital accounts. This could be your social media passwords, subscriptions, billing accounts and workplace device passwords. However, this is a worst-case scenario for businesses if an employee’s personal account information becomes compromised. This can create an entryway into your business’s secure network, servers and data that can wreak havoc before anyone realizes it’s happening.

The Defense:

Luckily, as easy as it is to overlook, it’s a quick fix. Establish security protocols surrounding passwords, like random character strings, the use of varied symbols, letters and numbers, a set timeframe that all passwords are required to be updated and the prevention of using old passwords for account access. If you want to take your security to the next level, you can also require things like multi-factor authentication and session locking mechanisms. These will aid in detecting suspicious traffic and activity within your network and deter hackers from infiltrating your system.Coupled with a vigilant team, data loss prevention (DLP) strategies are measures that can be set in place to preserve your data in the event of a natural or manmade disaster striking. These plans work to prioritize data, learn risks, closely monitor data movement and ensure that backups are regularly implemented to swiftly restore order back to your business.

#5 Business Email Compromise:

Business Email Compromise (BEC) comes cloaked in various forms. BEC could be executed through phishing attempts, spoof domains, malware or many other hacker strategies, all with the intent to obtain entry into secure networks, money or private data. And with remote employees, they can be targeted in calculated ways that many aren’t expecting. In fact, IBM noted across their studies that human error is the leading cause of 95 percent of cybersecurity breaches and the average time businesses took to identify data breaches was 207 days! Once the hacker enters a secure network, they can do anything from establishing wire fraud, SQL injection, DDoS attacks, session hijacking and more! This information should be startling, considering Cisco predicts that DDoS attacks alone are estimated to reach 15.4 million by 2023!

The Defense:

External network security with remote access to secure, cloud-based tools and VPNs should be staples in a business’s work from home security strategy. Also, employees should be instructed on vigilance and precautionary measures when using public networks, such as coffee shops or co-workspaces. The ability to isolate a hacker’s breach to a single device allows your business to respond quicker to the threat! Another action step you can take to improve data security, especially if your employees are required to travel, is mobile device protection. This, again, can be done either by the provision of the device or by crafting a mobile device management solution that can take control of any lost or stolen devices.

Preventative Measure for Work From Home Security Success

While this information seems straightforward, it can be challenging to implement and maintain for businesses. Bringing on a team of technology experts whose sole focus is to provide exceptional managed IT services, 24/7/365 support and innovative thought leadership can remove the stress and worry from your digital security implementation. Many of our clients enjoy the luxury of being able to focus on the success and growth of their businesses, knowing that we are standing behind them as their partner against cyberthreats. If you’re interested in learning how your current cybersecurity measures stack up, potential vulnerabilities and ways you can effectively implement advanced technology solutions that won’t break your budget, give us a call or contact us for a free assessment today!