Why The Broke/Fix Method is Broken

We have all heard the phrase “If it ain’t broke, don’t fix it”. While that is sound advice on certain things that we do in our lives, it also points to a problem many face when it comes to the modern business world. Many of us work on the thought process that the only time you need to concern yourself with issues is when something is broken, but that is an antiquated thought process in many aspects of enterprise. Your business IT, computer system and network fall into this category. You need to be proactive when dealing with

your tech, but unfortunately, many companies still rely on the old “broke/fix” method of waiting for something to go wrong before addressing it. This approach can lose many businesses productivity, and money.

WHY BROKE FIX DOESN’T WORK

The broke fix model makes sense for so many things that we use in our day-to-day life. Something in your house breaks, well, call someone to fix it. Your car breaks down, then head to a mechanic. Even some medical issues are better treated with broke/fix, after all you are not going to treat a leg that isn’t already broken.

Your network, however, is none of these things. The broke fix method worked fine thirty plus years ago, when your network was only interconnected within your office, and your computers were not always online. Back then, you had a problem, you needed a technician, but you really did not have to have one in house or on contract. Your phone lines were traditional copper wire phone lines. Most of your files and bookkeeping was done with massive piles of papers, filing cabinets, and ink. Your PC’s were mainly used for emails, word processing, and web surfing purposes, and were all attached to an in house server.

Just as with everything else in our world, your network, and therefore your network needs have evolved. High speed internet isn’t merely for giant corporations and institutions and are now part of daily life for most people and businesses. Those old, clunky servers have been left in the past in favor of the cloud. Filing cabinets are basically relics of the past, as basically everything is done on computers at this point. In addition, the notion of team members and employees only having access to the network and the data on it while at the office is an obsolete way to work at this point. Fluid workforces with multiple devices, working from everywhere has become the new norm, and for good reason.

However, it is not all a bed of roses so to speak. These new techniques and solutions come with new problems all their own. Think of your network as your office. In the past, there was only one door, which made it harder for people to come and go as they please, and easier to track who is there and who isn’t. As your office space grew, you added more doors. Now, while it’s far easier for your employees to get in, for your deliveries to be dropped off, it’s also easier for unwanted, unauthorized people to come in. It’s harder to track who is in the office, who just left, and where people are coming from. It’s necessary, but you should probably throw some cameras and keypads up to keep the office secure, right?

When you add new pathways for access into your network, and new software that requires access, you need more protection. When everything is online, and interconnected, you need more monitoring, and more expertise. Technology changes by the day, and business technology is ever evolving with new updates, new products, and new innovations that can propel your business even further. With all that comes new threats, new ways in, and requires you as a business owner to adjust your course. You can go broke by hanging on to the

broke fix model, or worse.

PROACTIVE IS THE WAY TO GO

The importance of having experts watching your network and therefore watching your back is one that cannot be overstated. In your business, each department is headed and staffed by people who specialize in their field, be it accounting, human resources, logistics, etc. Your IT needs are no different than your needs of these departments. These are full time departments, gears in the machine that is your business that need to constantly be in motion. This allows for proactive management of these functions. Having a

proactive approach to technology will keep your business better protected and more productive as it is far easier to be at the cutting edge with expert guidance.

What’s the best method to employ to find these experts? That can be dependent on a few things. Employing a full time IT professional can be costly, often times in the six-figure range. However, this does give you some piece of mind when it comes to having someone who is familiar with the ins and outs of your business, whose sole job it is to stay on top of your network. However, unless you are employing multiple IT professionals there are some drawbacks to this approach. One person can only house and execute so much information. This can mean gaps that need to be filled. Say Lyle is your IT guy, and Lyle is great when it comes to troubleshooting, but not as strong when it comes to

security. Then you need to hire a security expert as well. Well lets say both of them are lacking when it comes to advisement on trends, well then you need what is known as a CIO, or Chief Information Officer, whose job it is to specialize in what’s on the horizon and what is best for the company. This is all necessary, however I just named about 300 to 400 thousand dollars’ worth of personnel.

For most small to mid-size businesses the best approach they can take is partnering with an MSP such as Delval Technology Solutions. With an MSP you get all of the expertise, guidance, and technology that comes with employing a full time IT staff at a fraction of the cost. An MSP can serve as a guide through things such as what is the right tech for the right situation, cyber security, cloud migration and everything in between. You get a whole team of experts in different facets of the IT world, watching your back and helping you

move forward. Once more, many company such as Delval Technology Solutions offer Co-Managed IT. This means if you have an in-house tech, you are now giving them

crucial backing and bolstering their confidence and their performance, which at the end of the day helps your business and your bottom line.

Don’t wait for something to break that can possibly break you or your bank. Get proactive, have a plan, and most importantly have the tools needed to execute this plan.


2 Factor Authentication: Can You Afford NOT to Have It?

Fluidity has become a hot button issue for business owners. More and more, you need fluid streams of capital, fluid business models, and a fluid workforce, able to work from anywhere they need to, on any device they need to. This past year we as a populace have witnessed drastic changes occur to our day-to-day work lives, and more importantly, many of us have seen how much more productive this form of working can be for everyone involved. However, with new advances you end up with new issues, which is why we are

going to talk about a system that comes in a couple of forms, 2FA or two factor authentications, or it’s cousin MFA or multi-factor authentication. With the rise in cybercrime in the United States, a trend that is showing no signs of slowing down, it’s not an issue of whether you can afford to implement 2FA, it’s becoming evident that you can’t afford not to if you have a mobile or semi-mobile work force.

WHAT D 2FA AND MFA DO FOR YOUR BUSINESS

Let me tell you a story. Sylvia has a company that runs logistics for major trucking companies in the state. These companies rely on her business, at all hours of the day to make sure they are staying on the proper course, and the right materials are going to the right places. Sylvia knows she can’t afford to keep her office space open 24/7, but she needs her

agents to be working at the schedules of the truckers, so she has a large part of her workforce working from home. Unfortunately, her system got breached one day. While she was able to minimize her downtime due to her partnership with an amazing MSP, which let’s just call Delval Technology Solutions, some of her employee login information is still out there. Thankfully, she also opted into endpoint security for her business, including 2FA. Someone tried to login to one of her employee’s accounts, and they were notified when they got a notification from their 2FA system to authenticate the login. They called Sylvia to report the suspicious activity to her and were able to thwart the malicious actor in

their tracks. Her small investment into a 2FA system for her business just saved her thousands of dollars and the trust of her clients. It basically just paid for itself.

HOW DOES 2FA WORK

When users are remotely logging into your network, 2FA gives your business an extra layer of protection to ensure that the authorized person is the one entering the network. There are different tools to use when it comes to 2FA. Some send SMS texts, others use emails, and some use apps that require a push. Either way, the system works as such. An authorized user enters their credentials to log into the network. From there, a message is sent to them via one of the above-mentioned methods, that the user must complete the process, usually entering a code that has been sent, to get into the network. This ensures that no one can get into the network that isn’t supposed to. Best case scenario,

the person trying to access the system is the one who gets in. Worst case scenario, an intrusion can be thwarted by the authorized party receiving a 2FA message

saying someone is trying to get into their network using their credentials.

TYPES OF 2FA

The most common type of 2FA uses the authorized users SMS in order to authenticate them. Once a user inputs their login credentials, username and password, a code will be text to their device that they have to enter. The user then has a certain period (usually five to ten minutes) before the code expires in order to get into their network.

Email authentication is another form of 2FA. Similar to the SMS version, an email will be sent to your address. From there, you may have to click an authentication link, be given a code to input, or even use a QR code on a secondary device. While this is a more versatile form than the SMS based 2FA, it isn’t as widely used because of things like device lag time, and people’s ability to turn email notifications off, which many do if they are usually inundated with spam.

App based 2FA is becoming increasingly more prevalent, and also may be the best for overall security. First the user needs to download an app such as DUO Mobile, or Google Authenticator. From there, when they attempt to login to the network from a new device, or to get in certain parts of the network, they will receive a push notification to an app. From there they will have to enter a matching code to let the administrator and the app know that they are in fact the user. Apps have more features they can use to aid your

security. One aspect that is great for aiding in security is their ability to track the location of the user on both ends. This could be used to stop phishing attacks as the perpetrator is not usually anywhere near the IP of the person assigned to the login. While this may take some additional monitoring, it can be a great way to further protect your network.

Having the ability to be fluid with your work force can be a game changer for many business owners. However, you never want to compromise security for the sake of functionality. Utilizing a 2FA plan for your system is something that is a cost effective way to ensure that you know the person trying to get in is the person you want to get in.  While there is a cost to 2FA, it is far less than the cost of the consequences to your business. Contact Delval Technology Solutions and ask about 2FA today, because you never know what tomorrow will

bring to your network.


VPN’s and Your Business

Ralph is a small business owner with a team of 10, most of which are in the field. They work off their phones, tablets and personal laptops from wherever they may be. Ralph has seen that more and more hacking attacking on small businesses are taking place, and knows that by his team using public wifi, they are more exposed to these malicious actors. Due to the nature of their work, everything from where they browse, to their write ups, and the files they send to each other are proprietary information that he wants

to keep safe for the sake of his business and his customers. Ralph talked to his MSP partner and they recommended he get a VPN.

WHAT IS A VPN

VPN stands for virtual private network. This is a network that while accessible from anywhere with an internet connection, is a more secure connection for a user to access the internet. A VPN is encrypted, meaning that a key is needed in order to be able to actually see the information. It serves as a cloaked portal between the user and the internet. Many people use VPN’s at home to do things such as change their location to watch foreign streaming services, or access Tor browsers to reach the dark web. While these benefits

can help your enterprise if you have remote workers abroad who can’t otherwise access your network, there are a few key benefits to a VPN for your business.

SECURITY

Public wifi servers are just that, public. This means that anyone can sign onto them regardless of the credentials. Once in, hackers can use this to access and mirror other users computers, allowing them to view your data as well as steal data and other credentials. A VPN stops these actors from being able to do so. A VPN is a cloaked portal, which means that it is encrypted. This encryption makes it impossible to view the data without a proper key to unlock the encryption. This means anyone trying to spy on yourself or your employees’ devices will only see illegible chunks. A VPN is akin to an invisiblity cloak, making it a more secure way for your teammates to enter your network from anywhere, any time with any devices. This is also the case for Peer-to-Peer file sharing amongst teammates. While services such as Dropbox, Google Drive etc do offer some security measures, often times those alone are not enough and files can be intercepted. However, with a VPN service, your employees and your customers are cloaked and protected, with these files being protected by the same encryption as the traffic.

ACCESSIBLITY

When the pandemic hit, many had to migrate their workforce from the traditional in house model to a remote, work from home model. While many companies had already migrated data to the cloud, they didn’t always have an easy way for their employees to access this data. This is where a VPN comes in. It doesn’t matter if the employee is down the street, two states away or in a country that doesn’t even allow free internet access, with a VPN, anyone with the proper credentials can get into their network and get their projects

accomplished. What’s more, VPN’s allow companies to segment data, so only specific users can access specific data if necessary. Everything from usernames to passwords to even IP addresses can be used as identifiers of who should be in, and who should be in, your network.

SAVINGS

This is a tricky one but depending on your business can be one of those great “hacks” that could be helpful to your bottom line. Businesses offer different pricing in different countries. This goes for everything from consumer goods to flights and hotels, to equipment for your business. VPN’s allow you to disguise your country. By doing this it enables

you to access these discounts for your business. This could mean cheaper hotels and flights for traveling representatives, cheaper equipment for your company

and other great savings that you would never be able to access otherwise.

CHOOSING THE RIGHT VPN

VPN’s are not all created equal. Just like many other subscription tech services, VPN companies offer a variety of add-ons and other tools for your business. The need for these obviously vary based on the nature of your enterprise. With that said, there are four main things that you should look for when choosing your VPN provider. Speed is crucial to how your business runs. You want to ensure that you at least get the same connection speed as you do from using an uncloaked network. VPN providers offer an array of different

pricing, so be sure to choose the right one for your business. Just like anything else, you never want to pay for features you do not need. Reliability is key. A reliable VPN will ensure that you don’t deal with costly and frustrating downtime issues. The final thing is ease of use. Not everyone who works for you is a tech expert. Regardless of the level of expertise, you want them to be able to access your network and be productive team members. Look at things such as the interface and how to access the VPN and ask yourself “Can my IT team and my janitorial staff both understand how to use this?"

Ralph listened and did his research. He knew that he could work with a trusted MSP, such as Delval Technology Solutions, to find the right VPN with the right features for his business. Now he knows that be it the field or the office, his team can access his network safely and securely, ensuring that the work keeps flowing and unwanted downtime is avoided.


Ransomware, The DC Police & The Colonial Pipeline

Cyber attacks have been on the rise across the board between 2020 and 2021. In fact this year, there has been a 102% rise in ransomware attacks carried out by hacker. This past week we have seen, and many of us have felt, two major ransomware attacks and their fallout. What was once something that was regulated only to businesses and smaller institutions have become big business to hackers, with companies paying out millions of dollars to get there networks back in order and mitigate damages.

WHAT IS RANSOMWARE

Ransomware is software that is designed to shut down a company or institutions network, till a monetary demand is paid. Think of it like digital kidnapping. Hackers use different methods to implant malicious software and access a system. From there they will encrypt the data it contains and lock out authorized users, until the demanded ransom is paid. Oftentimes these are sold as a service from one hacker to another, and usually target businesses or data reliant institutions such as schools and hospitals. 

While at times, in the case of WannaCry, an early ransomware program, these issues can be handled without paying the ransoms, there can be consequences. In one case, a hospital dealing with a ransomware attack had to reroute an ambulance with a critical patient over 20 miles away, causing the patient to die in transit. At times, these hackers will threaten to

delete the data. Other times, they will threaten to leak the data to both the clear and dark webs, putting personal and proprietary information in jeopardy.

These attacks are proving to be more costly as time passes, as the ransoms paid have increased 171% averaging over $300,000 per payment. The two most recent cases of ransomware are also two of the most concerning examples, as they targeted both infrastructure and security. These attacks have caused massive panic in some cases, and in others, have put lives in jeopardy of those sworn to serve and protect the populace.

THE DC POLICE RANSOMWARE ATTACK

Early this week it was revealed that the Washington DC Metro Police department was hit with a ransomware attack that originated in Russia. The attack occurred late last month, and the threat was simple. The hackers demanded 4 million dollars in ransom to unencrypt the files they had. They were clear, if they were not paid, they would begin to release sensitive data on officers, including background checks, full names and information of officers in the field including undercovers, psych evaluations and improprieties that

had been brushed under the rug.

The attack was carried out by a group calling themselves Babuk. While they are relative newcomers to the ransomware world, this isn’t their first rodeo. Babuk made headlines last year by launching a ransomware attack on the Houston Rockets. Ironically, the Houston Rockets, a professional basketball team, had security protocols that were able to minimize their damages. The Washington DC Police, were far less equipped. Last week the department offered their counter offer, $100,000 dollars in exchange for getting their data back. Babuk was not having any of that however. In response, they leaked troves of information into the world. They released documents pertaining to hiring, including candidate

interviews and reviews, information that the police had on street gangs and other criminal organizations, and daily intelligence briefings that were meant for the police commissioners eyes only. On top of that, dozens of officers medical records, addresses, and financial records have been released as well.

While the ransom has not yet been paid, Babuk has gone a different, far more frightening route. They have decided to release their ransomware code to the dark web, so any hacker can use it. Analysts have conflicting opinions on this. Some are stating the reasoning for this is that the code is faulty, it deletes files whether the party demanding the ransom wanted them deleted or not. Others have stated that this “retirement” is due to the the fact they hit a high-profile target and become headline news, leaving themselves open to retaliation from law enforcement.

THE COLONIAL PIPELINE ATTACK

If you are reading this, I imagine you are familiar with the Colonial Pipeline attack. The internet has been flooded with memes and images of people filling up bags with gasoline. Long lines, shortages and panic buying have been seen up and down the East Coast. The White House, and President Biden have had to publicly address this multiple times last week. What happened though? Last week, hackers encrypted over 100 GB of internal data in order to hold the operators of the Colonial Pipeline hostage. The pipeline, which carries gas to much of the southeastern US, had to shut it’s systems down in order to stop the ransomware from spreading.

The ransomware was designed by a group called Darkside and sold to a secondary operator. This operator had a two fold plan of attack, hold the information hostage, and threaten to release the data, similar to how the DC police attack occurred. The fallout from this was nearly instantaneous. It caused the biggest gas shortage of the twenty first century, causing panic amongst customers, and legitimate shortages across the southeastern US. The panic however, spread across the east coast. In fact, this writer personally witnessed

three gas stations in PA that were without gas, not because of the pipeline, but because of panic buying.

Darkside, the group who created the malicious software, specialize in what is known as Ransomware as a Service. They are not the ones who carry out the attacks. They create the software, and also run a help desk to aid in negotiations and victims getting their information back. Even they were not expecting the fallout from this. In fact they released a statement that in effect served as an apology claiming they never intended for their product to be used to shut down infrastructure and would, in the future, better vette potential customers and add parameters to what the software could be used for.

While initially the administrators of Colonial denied paying the ransom, it was later revealed that they paid over $5 million dollars in Bitcoin to the hackers in order to shut down the attack and save their data. As of this writing, operations have restarted at the Colonial Pipeline, adverting a long term shortage. Ransomware is a problem that is not going away. However, these attacks have illustrated how we need to be prepared, both as citizens and as a nation to protect ourselves from the damaging attacks, and hackers who wish us harm for their own personal gain. In the wake of these attacks, the White House has announced the Industrial Control Systems Cyber Security Initiative.

It is now understood that these vulnerabilities must be recognized and protected to ensure that this pipeline attack is not the tip of the iceberg. These attacks are widespread and could potentially ruin their victims. It doesn’t matter if you are a local municipality, government agency, small business or major corporation, security should be your top concern. If you are interested in protecting yourself from these attacks, make sure to stay on top of your patches, and be sure to reach out to a security minded MSP, like Delval Technology Solutions


How to Take a Proactive Approach to Cybersecurity

Each year, the volume of cybersecurity threats continues to steadily climb, with more than one billion malware programs out there and approximately 560,000 new pieces of malware being detected each day. All the while, regulations, such as the General Data Protection Regulation (GDPR) are constantly evolving. This means even the most minor of security breaches can be incredibly devastating for your organization, leading to negative publicity, hefty fines and a loss of confidence in your brand.  

At Delval Technology Solutions, we can help you implement a proactive approach to cybersecurity that sees your business is protected on all fronts in a dynamic, complex and ever-evolving threat landscape. This means understanding your organization, including its systems, applications and user base, identifying where vulnerabilities lie and addressing security risks before an attack ever occurs. This article will delve into how to do just that with a dedicated technology partner by your side.  

Identify and Evaluate Risks for Assets That Could Be Affected by Cyberattacks 

A proactive approach to cybersecurity is all about understanding, managing and mitigating risk to your company’s critical assets. The easiest way to accomplish this mission and ensure any shortfalls in your IT infrastructure are properly addressed is to conduct a comprehensive risk assessment. Here are a few basic steps to ensure a smooth risk assessment within your organization:  

  1. Identify and Prioritize Assets: Here is where you will determine the scope of the assessment and decide which valuable assets attackers may wish to target.  
  2. Identify Threats: A cyberthreat is anything that could cause harm to your organization, such as hardware failure, natural disasters, human error and more.  
  3. Identify Vulnerabilities: This is where you’ll identify any vulnerabilities that could be exploited to breach security and cause harm or steal data from your organization. 
  4. Analyze Controls: These are any controls that are in place to mitigate or eliminate the possibility of a cyberthreat. They should be classified as either preventative or detective. 
  5. Calculate the Likelihood of an Attack: At this point, you can determine the likelihood of a given attack considering the current control environment your organization has in place. 
  6. Develop a Risk Assessment Report: Finally, you can develop a risk management report that supports management in decision-making on cybersecurity budget, policies and procedures.  

Invest in Preventative Cybersecurity Measures 

Just like there is not one security product that can completely encompass all your organization’s vulnerabilities, there is not a single cybersecurity policy that can sufficiently address all the needs of your business. Instead, it’s time to invest in a multi-layered, integrated cybersecurity strategy that covers many core areas of cybersecurity, including network security, cloud security, application security, Internet of Things (IoT) security and more. To lay the foundation for a solid cybersecurity strategy, it’s important to do the following: 

Understand the risks your organization faces on a daily basis Establish protective monitoring to detect and mitigate these threats 

Prepare secure data backups that keep your business up and running in the event of an attack 

Revisit your cybersecurity strategy as your organization changes and evolves over time 

Never Underestimate the Power of Cybersecurity Training 

A proactive approach to cybersecurity begins with awareness. While lack of proper training can leave employees more than vulnerable to releasing cyberattacks on to your organization, diverting resources into proper cybersecurity training could very well mean the difference between the success and failure of your business. The responsibility always lies on the employer to ensure that your employees have the knowledge they need to make the right decisions and where to turn if they have any questions related to cybersecurity. To prioritize cybersecurity training for your employees, we recommend getting executive buy-in, start training early and often and making the security health of your organization an ongoing, team effort. 

Stop Relying on Reactive Cybersecurity Measures Alone to Protect Your Business 

If your company’s current cybersecurity strategy is limited to firewalls, antivirus or anti-malware software, ad blockers and other measures put in place to spot the tell-tale signs of a security breach, there’s a good chance that you already have a reactive cybersecurity strategy in place. Unfortunately, reactive cybersecurity measures on their own are not enough to comprise a strong cybersecurity defense. You need to have a combination of both proactive and reactive measures in order to actively prevent data breaches and mitigate cyberthreats. For more cybersecurity solutions, include cloud security services, contact the experts at Delval Technology Solutions.  


AWS vs Local Cloud Providers: Who’s Best for Your Business

It has been said that we live in an era of infinite choice. From the foods you eat, the shows you watch, to  the goods you purchase, the possibilities are endless, and at times so is the confusion. Oftentimes our choice comes down to who is providing the service and where we are getting it from. Do we pick giant platforms backed up by industry titans like Hulu, Spotify and Whole Foods? Is supporting small businesses, such as buying from Etsy stores, watching independent films, and shopping at farmers markets, important to your decision making? It can be a lot to process, at times to the point of anxiety and frustration.

The cloud has gone from a novel idea to upload your personal photos to, to a must have when it comes to backing up your business data. It has been said that over 6 million hard drives crash each year, so not having a cloud backup is basically no longer an option. Choosing a cloud service provider for your business is no different than any of these choices. Do you go with the multi-billion dollar corporations such as Amazon, Microsoft and Google? Do you choose the personalized and localized approach of a company such as Delval

Technology Solutions? Well, it depends on you and what you are looking for. Today we are going to focus on the head to head between your local service provider, and the monolith of business and consumerism that is Amazon.

WHAT IS AWS

AWS stands for Amazon Web Services. Like everything that Amazon does, when they start to see they are spending to much money on an outside service, they move it in house, and then lease it out to others. After encountering problems with the United States Postal Service, they created their own shipping fleets. After realizing they were spending huge sums of money on server fees, Amazon sprung into action and purchased server farms around the globe. From there, to expand on their revenue base, they launched the subsidiary known

as AWS. Using these massive server farms they acquired, Amazon began offering cloud services for businesses of all size across the globe.

WHAT DOES AWS OFFER

AWS is known for it’s ease of use. Similar to Amazon’s other services, they pride themselves on not being to tech heavy and their ability to be understood by businesses ranging from tech novices to experts. Following the playbook utilized by their parent company, AWS strives to be a one stop shop for companies, offering a variety of software, network and analytic tools, and other products to bolster their cloud services. They also offer unlimited bandwidth, which makes scalability much easier, and security services to ensure that

working with them, your data is protected.

WHAT ARE THE ISSUES?

However, Amazon Web Services also has it’s drawbacks. One of the biggest, is their billing system. As a business owner, when you get an invoice, you want to know what you are paying for in an easily digestible manner. It can be frustrating to open up your invoice and see things that you weren’t using being charged to you, obtuse explanation of charges, or being charged for things that you didn’t know were add-ons. These are all complaints that AWS customers have made in regard to their bills.

In the past few years, data mining has gone from a relatively unknown industry term to a part of the cultural lexicon in regards to tech. Privacy concerns of the average citizen when it comes to big tech are mostly, in fact, based on the practice of data mining. As you know, your data is the lifeblood of your business, and is something that you must protect at all costs for the sake of your company and your customers. Unfortunately, one thing AWS doesn’t protect you against is data mining. In fact, they are usually the ones mining your data! Amazon is set up to mine customer data to gauge usage, buying and reviewing habits, geography and income. AWS mines your data in the same way, using their own analytics tools that they are reselling to you. Also, Amazon and AWS have found loopholes that allow them to sell your data to foreign corporations and governments, the same way that personal

consumer data is shown.

Another important thing to remember when it comes to AWS is the scope of the company. AWS has millions of subscribers around the globe. While this can be a good thing on certain issues, it also means that the chances of dealing with someone who knows you, your business, and where your data actually is are slim to none.

WHAT CAN A LOCAL CLOUD PROVIDER DO FOR YOU?

Think of your local cloud provider, such as Delval Technology Solutions, as your favorite family-owned store. While they may not have the same stock of a Wal-Mart or Amazon, they provide other things that these giant conglomerates can’t.  Your favorite deli remembers that you want hot peppers, but you hate pickles. The local hardware store owner helped you

handcraft your new deck. Your favorite bartender, well you don’t even have to order, your drink is waiting for you as soon as you make eye contact. A local MSP is no different than any of these local businesses. When you build a relationship with them, they get to know you and you get to know them, personally. More importantly, they get to know your

business. You aren’t just a code on screen being forwarded to some far away call center. You can walk into their office, shake their hand, and speak with them about tech issues that are important to your business. When it comes to advising you on your next steps, your local MSP is doing so with intricate knowledge of your business and your needs, something you can’t get from a giant company.

A company like AWS has server farms all over the globe. While this has it’s benefits in terms of operational scope it has it’s drawbacks as well. One of which is for bringing new clients to the cloud. It can take a new customer more time and headaches to migrate to a gigantic cloud than to a localized cloud. It’s also an issue of comfort. After all, this is your

network, the lifeblood of your business. Not knowing where it’s located can be a cause of anxiety for many. However with a local MSP such as Delval Technology Solutions, knowing where your data is stored and who is watching it is a transparent issue.

Chances are, you aren’t a technological expert. You are however an expert in your field, trusted by your client to handle their needs be it legal, financial or otherwise. It’s fair to say that you want your cloud service provider to be an expert as well. While a company such as AWS may have thousands of employees, they do not have thousands of experts. This can pose an issue while looking for solutions to complex problems regarding your network. A local cloud provider is different. They are experts at their systems, and due

to having a hands on approach, are teeming with solutions to any issue you may face, many times before you even have them.

Finally, and to many most importantly, is cost. Your local cloud service provider understands your budget and works to keep you inside of it while providing you the most “bang for your buck”. They can make sure you are only being charged for what you need, not things you may possibly need in the future.

When it comes to a cloud provider, there are many factors to take into account. What matters to you and your business can be many things. For some it's cost, for others it's comfort. Do your research, weigh the pro's and cons. This will help your business live a long life and not die "death by infinite choice."


Threats To Look Out For in 2021

2020 and the Covid pandemic not only changed the way a lot of companies do business, but it also changed the way hackers attack those businesses. Last year, cyber attacks were up over 200 percent, and this trend shows no signs of letting up. More people are working from home, utilizing mostly unsecure home wifi networks to access their company clouds. While many of these attacks being used by attackers have been used in the past, their methods are getting more sophisticated. What follows are the biggest threats to look out for in 2021. Protect yourself from these with proper software and protocol, and a security minded MSP such as Delval Technology Solutions.

SOCIAL ENGINEERING

Social engineering attacks are those that use your employee’s and even yourself to exploit your network. The most notorious of these is Phishing. Phishing attacks use misleading texts, emails and even phone calls to convince the recipient to execute an action that can range from inputting your email and password into a mirrored site that takes your data, to downloading a file that is full of malware, to even sending money to the culprit. These are done using emails and texts that look like they are for legitimate reasons from legitimate

sources. In 2020, phishing attacks rose by an astounding 600%.

An offshoot of this is called spear phishing, which is a more targeted form appearing to come from trusted sources such as CEO’s and HR departments. Pretexting has also been

on the rise. Pretexting relies on both trust and empathy. These criminals acted as a person known to the victim, maybe their boss calling and saying he is stuck and needs some help in the form of gift cards. While phishing is a more basic form, such as “You have just won a million dollars”, pretexting is more complex, with a believable story and a repour. However, regardless of how they are doing it, a social engineer’s goal is to get into your system, and get valuable resources, such as money or data.

RANSOMWARE

Over the course of 2020 into 2021, ransomware attacks have soared. Many are familiar with the WannaCry attack that nearly shut down the UK’s National Health Services.  Ransomware occurs when hackers access a system and hold data for ransom, locking authorized users out of the system until the ransom is paid. Most recently, the Washington DC

Police Department was hit with a staggering ransomware attack. Over 250 gigabytes of data, including personnel files were held for ransom by a dark web hacking group out of India. While many other attacks have been prevalent, ransomware is perhaps the most concerning. There is no guarantee that if you pay the ransom you will get your data back. This is why proper encryption of your files and proper backup protocols are critical, as to not be left vulnerable and have your system open to attacks.

DDoS

DDoS stands for Distributed Denial of Service. While the acronym may seem a bit confusing, the attacks are straight forward. A DDoS attack sends hundreds of thousands if not millions of requests, emails and data packets aimed to overwhelm a corporate server, in the hopes of shutting down it’s function. These don’t just shut down e-commerce sites or email servers, but they attack your entire network. One of the things they slowdown is referred to as SNMP, or simple network management protocols. These are the protocols

attached to your entire network and can shut users out of your system, and even throw your hardware out of wack. Last year, Amazon Web Services was hit with a massive DDoS attack that caused major headaches, even for a billion-dollar organization with high end security protocols. School districts in Massachusetts and a university in Canada were among those hit last year. However, all three chalked it up to a network failure, only to discover later that it was hackers who took down the network.

FILELESS MALWARE ATTACKS

Traditional malware requires the attacker put implant a code into a system. This doesn’t make it any less dangerous, however it does make it easier to detect. However, we have seen an uptick in a new form of malware that requires no code. It uses operating tools within the network to work against your system and steal your data. The approach is also known as “living off the land”. The social engineering, we spoke about before is a method that is used to get into the system by these malicious actors. Once in the system, the

fileless malware usually is implanted into the registry or memory, making sure it runs every time that the system is opened. There is no file to detect, only self-writing

code that is hidden deep in the memory, stealing whatever the hacker sees fit, tricking your network into working for the criminals, against your business.

These often are used for cryptomining attacks, in which a hacker can transform an entire network into a cryptomining outfit, slowing down the network, jacking up energy bills, and potentially destroying hardware due to system overloads. Last year alone saw a nearly 900% rise in these attacks.

ZERO DAY EXPLOITS

In March, Microsoft announced that the Exchange server system was hit with a massive worldwide Zero Day Exploit. A zero-day exploit is named as such as it occurs immediately when a vulnerability is discovered. Hackers work long and hard to find these weaknesses in major software, and when they do it’s off to the races. These exploits can take months for the attacked developer to realize, in Microsoft’s case it took almost 3 months from the original exploit until it was discovered and patched. Usually, the developer isn’t even

the party that realizes the exploit occurred. For the most part, a security watchdog firm or a hacked end user is the first to realize that the exploit is occurring, and in most cases after the damage is done.

These are just a few of the threats that we will be hearing a lot about in 2021. How they effect you is all about how you handle your security. The best thing you can do, partner with a security minded MSP such as Delval Technology Solutions. This gives you access to a team of experts, world class security technology, and most importantly, someone who has your back. On top of that, regular system maintenance, routine vulnerability checks, and staying up to date on your firewalls and anti-virus software will keep the headaches and the hackers at bay, allowing you the piece of mind to run your business in peace.


3 Ways Cloud Services & VoIP Technology Can Enhance Business Collaboration

Over a full year after a monumental shift to work-from-home, a number of companies are heading toward a hybrid workplace where employees have the flexibility to rotate in and out of the office and access what they need through cloud services. One potential roadblock to a successful hybrid workplace model is the upfront investment in tools and systems that can support a blended workforce. In this blog, we’ll discuss a few of these investments in greater detail and why it’s so important to implement them as soon as possible. 

For more ways technology can change your workplace for the better, reach out to the experts at Delval Technology Solutions.

#1 Enable a Digital Workplace with Tools to Conduct Business Anywhere

If you want to harness the power of mobile collaboration, it’s important to make sure that your team has the right tools to sustain a successful mobile experience. Are your workers able to do the same work from their laptop or cellphone as they can from their desktop computers? If not, invest in technology that can make key applications accessible. 

To boost collaboration, you’ll want to set your team up with a digital toolset that can bring your entire staff together through email, video calling, group chat and synchronized calendars.

#2 Take Your Collaboration Tools to the Next Level with the Cloud

In past years, enabling your business with advanced collaboration technology required complex, time-consuming and expensive infrastructure. But now, with the rise of cloud technologies and cloud-hosted applications, advanced collaboration is well within reach. Whether you’re looking to collaborate in real-time through virtual meetings or asynchronously through shared workplaces and files, innovative cloud services are sure to take your collaboration tools to the next level. 

Cloud-based business applications are easy to deploy, maintain and access. Even better, your critical data and files are automatically synced and accessible from any of your internet-ready devices. No more confusion over which file version is the most recent or frustration over who can’t access a file off site. Some common cloud-delivered collaboration services worth looking into include Dropbox, OneDrive and M-Files. 

#3 Integrate VoIP with Your Existing Tools and Applications Integrate VoIP with Your Existing Tools and Applications

Voice over Internet Protocol (VoIP) is a technology that converts voice into a digital signal, allowing you to make phone calls over a broadband internet connection as opposed to a traditional landline. And VoIP technology can integrate different multimedia so you can turn an instant messaging thread into an impromptu virtual meeting. Better yet, there’s no need to purchase extra hardware or software from yet another vendor. With VoIP, you have more options than ever for real-time collaboration, all with your existing equipment. 

Are You Ready to Grow Your Business? 

If you’re ready to deploy a forward-thinking technology plan that integrates tools essential to real-time collaboration, such as cloud services and VOIP, it’s time to partner with the technology experts at Delval Technology Solutions. You’ll receive ongoing support, up-to-date insights and all the tools you need to set your business up for success.  


The In’s and Out’s of PCI Compliance

Paul runs a distribution company. They package, send, and deliver orders all over the area, and most of the transactions they deal with are electronic. Their servers are teeming with data from these transactions, including bank account and credit card numbers. Two weeks ago, Paul had to fire someone in the warehouse. The employee felt the need to get even, so he copied scores of credit card numbers that were in an unsecured folder on an office desktop. This compromised Paul’s entire operation and he knew he was going to face

consequences. He had been to lax on protocol for his network, and knew that when asked if he validated his PCI compliance the answer would be no. What happens, and what can you do to avoid being a Paul? Read on to find out.

WHAT IS PCI?

PCI, or PCI DSS, stands for Payment Card Industry Data Security Standard. It was enacted in 2006 by the PCI Security Standards Council, which includes major credit card companies including Amex, Discover, Visa and Mastercard. Due to the rise in E-commerce and the subsequent rise in account breaches, it was put into place as a set of guidelines to ensure that customers account information is safe and to protect these companies against heavy losses. PCI has six goals, each with separate requirements for merchants

and businesses to follow.

WHAT CAN NON-COMPLIENCE COST

Noncompliance can be a very costly thing. These fines on the regulatory side can be between $5,000 to $100,000 dollars per month depending on the violation. The fines are collected every month until compliance is reached. On top of that, your business will most likely face steep penalties from the card providers to cover their damages as well. While these charges may be manageable for big businesses, for small to mid-size businesses, these can be death sentences.

HOW TO REMAIN COMPLIENT

As stated before, the PCI SSC put together a list of 6 goals for your business with 12 steps to follow. They wanted to make these as easy as possible to implement as the goal is not levying fines but protecting businesses, customers, and themselves from cyber criminals.

GOAL 1- BUILD AND MAINTAIN A SECURE NETWORK

The first goal is to “build and maintain a secure network.” This involves setting up security measures such as firewalls to protect data from being leaked. It also requires businesses to use custom passwords and change them regularly to further keep your network safe from intrusion. This is a very easy to manage step that can be implemented either in house or with a compliance forward MSP such as Delval Technology Solutions.

GOAL 2- PROTECT CARDHOLDER DATA

This goal is about protection of the data when sending through a network. We all know how credit card processes work at this point. It starts with the vendor and the information is transmitted to the financial institution for processing and approval. Different vendors have different networks, so encryption is the focus of this goal. Card information should only

be stored for necessary regulatory, business or legal purposes. When you do keep the data, you must block out key information such as cardholder name and the first 12 digits of the card. By properly encrypting your data, you can protect yourself and your customers from data-thieves and keep yourself within PCI compliance.

GOAL 3- MAINTAIN A VULNERABILITY MANAGEMENT PROGRAM

No network is impenetrable. In fact, the best offense against being hacked is awareness and defense. A proper vulnerability management plan is key to this. Always make sure your anti-malware and anti-virus software is up to date and running. Regular tests and assessments should also be run in order to spot any new vulnerabilities and ensure your network is

properly protected.

GOAL 4-IMPLEMENT STRONG ACCESS CONTROL MEASURES

A big part of securing your network and maintaining compliance is making sure that only approved parties within your enterprise can access credit card data. This has to operate on a need-to-know basis, making sure that your employees only have the least amount of relevant card data to do their jobs. If it does not have to be seen, it should not. In addition, you need to employ robust passwords, which are defined as at least seven digits and have numbers, letters, and characters. Multifactor Authentication needs to be in place, making sure that anyone trying to access the system is verified via a second step. Finally, just as you have to separate your trash from your recycling and put it out to the curb on a certain day, you have to follow specific rules for holding and disposing credit card data. Unless otherwise stated by law, you must dispose of this information after 90 days, and must be destroyed after that point.

GOAL 5- REGULARLY MONITOR AND TEST NETWORK

This may seem like goal 3, but this refers to your transaction network. Any endpoint or transactional system you are using needs to be monitored and tested on a regular basis. Transaction logs must be put on a central server and kept for one year. These logs should be reviewed daily to ensure that any potential breaches can be identified. On top of this, penetration tests should be run regularly to find vulnerabilities within your system.

GOAL 6- MAINTAIN AN INFORMATION SECURITY POLICY

We make plans for everything we do. We have maps and routes for trips, plans to meet friends, blueprints for buildings and just about every other facet of our lives. Your network needs a plan that is both thorough and easy to follow. You must have protocols for how to handle every part of the process of completing a transaction, for how to store, process and dispose of data, and to protect your network. Having this policy not only helps you and your team follow proper steps, but also helps any regulators looking track your work, making everyone involved life easier.

In the end, Paul had to shut down his business over this issue. Had he partnered with a focused MSP such as Delval Technology Solutions, or followed these guidelines, he would still be fulfilling orders. Don’t be Paul. Follow these simple guidelines, align yourself with a great MSP who can handle your compliance issues, and remove a major headache for doing business. You can thank us later!


Is it Time To Break Up With Your In-House IT?

The world of business changes at a pace that is unmatched. In the past year we have seen companies move from an office-based workflow to a work from home model. Software that used to have to be purchased yearly every time it updated has been replaced by subscription services. Onsite hardware to back up data has been replaced by the cloud. One thing that has not changed, however is the need for IT support. While many companies still employ the traditional IT guy or gal, others have found that going the MSP route works

much better. What is best for your business? Having a dedicated IT person certainly has it’s merits. They are employed by you, making your business their primary focus. Your IT person knows the ins and outs of what you do and have a relationship with both you and your employees. They are a specialist, which can be a good or bad thing, which we will touch on in just a bit. Let’s unwrap some of the gaps that can be caused by an in-house IT person, and why an MSP may be better for you.

COST

Having a good to great in-house IT guy will normally run you in the six-figure range. This is not to say they are not deserving of such a salary, but it certainly can be a big dent in the yearly budget for a small to midsize business. With an MSP, your costs are shared by multiple businesses also using that MSP, meaning you get IT expertise at a fraction of the cost. What is more, many MSP’s also offer packages that include much of the subscription software you use, giving you access to the best technology at a much lower price. This is one of the key benefits to an MSP such as Delval Technology Solutions, you get all the talent of an in-house IT person, at the fraction of the price.

RISK

When you have a single person handling your IT, you are beholden to them, even if you are the one employing them. They are the single source for expertise of your network and are just one person. If they get sick or go on vacation, well you can end up having your whole network stuck at a standstill. What if they leave? If that is the case, you have to find a

replacement, train them, get them acclimated with your network, and this process can take weeks if not months, leaving your companies needs vulnerable. With an MSP such as Delval Technology Solutions, you have a team working behind you, not just one person. If one person leaves, or goes on vacation or gets sick, nothing changes, you still get the same great service without all that pesky downtime.

EXPERTISE

We have all heard the phrase “jack of all trades, master of none”. This refers to someone who is versed in many different avenues but doesn’t have a clear area of expertise. Most people in the corporate world fall into either that category or that of a specialist, highly versed in one area, but lacking in many others. This is no different for IT. Your in-house IT guy

may be a whiz at programming, but how are they at security? Your network is a multi-faceted system, that when working in harmony, can help propel your business to the next level and save you time, money, and anxiety. When it’s out of whack, it can have devastating consequences. Think of your IT staff as a doctor. You walk in with a broken foot to your general practitioner, who while familiar with feet, is not an expert. So what does he do? He refers you to a podiatrist. This is because the podiatrist specializes in feet. Now, if you were to walk into a major hospital, they have teams of specialists on hand, at your service depending on your ailment. That is the difference between employing an IT person, who is

akin to the general practitioner, vs hiring a managed service provider. A proper MSP, such as Delval, is like the hospital staff, teaming with specialists and experts for all of the moving parts of your IT needs, from helpdesk to security and systems management, for a fraction of the cost of a dedicated IT person.

EFFICENCY

As the old saying goes, time is money. When you experience a problem with your network, you need it handled as quickly as possible. Your IT person can handle this, if only one thing goes wrong. However, bugs, viruses, and attacks do not factor in your IT person’s capabilities when they happen, they just happen. Picture this, you have a system error that your IT person is rushing to fix. While they are handling that, you have two employees locked out of an account, potentially delaying them from reaching a deadline for a client.

On top of that, someone just opened an email they shouldn’t have and may have just compromised your server. These things happening one at a time can be bad

enough for an IT person to deal with, but if they happen all at once, that’s a recipe for disaster. With an MSP, you have a team at your disposal who can multi-task

and troubleshoot multiple problems at once. This saves you valuable time, which in turns, saves you money.

We get it, your IT person has been with you for a while. You probably have a bit of an emotional attachment to them. They know you, you know them, you are friendly. However, this is business, and at times we have to take a hard look at the facts and the numbers. Ditching your IT guy in favor of an MSP can do wonders for your enterprise. You will save money, as you are paying for a service that doesn’t need things like vacation days and insurance. You gain a variety of expertise as opposed to having one specialized employee handling a

network that has many different facets to it. You get a seamless experience without having to worry about a transition that usually comes with a ton of downtime, and you get the efficiency of a team working behind you. Is it time to drop your IT person and move to an MSP? Probably.