5 Critical IT Services For 3PL Organizations

As an IT company for Utah and Idaho small businesses, we specialize in providing IT Services for 3PL organizations (Supply Chain Logistics & Fulfillment Center). For the past four years, we have managed Elite OPS‘s network and have identified 5 critical IT services that every successful 3PL company should have.

  1. API integration to offer 100% customization
  2. Experienced personalized network management
  3. Clear WiFi coverage throughout warehouse
  4. Strategic network configuration for times of growth
  5. Business to business cybersecurity

“We are a supply chain management business in the Greater Salt Lake area and offer outsourced logistics. We would highly recommend [Integrinet IT] to any company in need of IT services.”

Elite ops

1: API integration – 100% customizable

Firstly, API Integration is one of the most critical services 3PLs should have. Elite OPS seeks to be 100% customizable to their customers. Every one of their clients has customized branding, software, and business operations. In order for their customers to manage business finances, operations, and customer relations, they use a variety of software and services. For example – their CRM software: some use Amazon Prime Seller Fulfilled, others use Magento, and still others use Oracle NetSuite to name a few. Elite OPS manages these integrations with a state-of-the-art warehouse management system. It translates the orders coming from each of these CRMs so that Elite OPS can efficiently process them.

That is to say, it takes a lot of strategy behind the scenes to allow the different network configurations and software packages to play nicely together. Incompatibilities between unique businesses with unique computer networks are inevitable. API, or Application Programming Interface, is a tool that connects two or more applications and allows them to exchange data. In other words, it enables Elite OPS and other fulfillment centers to organize the multitude of incoming orders and outgoing shipments. And that increases their productivity. If you haven’t yet taken advantage of these technology tools and want to learn more about them, here are 2 videos and one article:

“One of the greatest benefits of using API technology in a 3PL business is that APIs are capable of transmitting data back and forth across the supply chain in milliseconds, making real-time supply chain management a reality.”

Elite Ops

2: IT services for 3PL organizations require experienced personalized network management

Secondly, like most logistics companies, Elite OPS has a complex network with many moving parts:

  • 450,000 sq ft warehouse
  • Wireless Internet network (warehouse-wide)
  • Warehouse management system
  • Data center with several servers
  • Internet and WiFi
  • Switches
  • Firewall
  • Printers
  • Scales
  • Hand-held Scanners
  • Mobile devices
  • 150+ Workstations (computers, keyboards, mice, monitors)

In order for Elite OPS to get the most out of their infrastructure and warehouse management system, they need all of these components to work together seamlessly. They need them to be consistently up and running. For this reason, Integrinet IT’s service engineers work behind the scenes to manage their network. They know downtime is revenue lost and work hard to prevent it from happening.

Our engineers monitor their systems 24/7, provide onsite and remote helpdesk services, ensure their WiFi coverage is clear and consistent, back up their data regularly, and tighten their security. When we first started taking care of Elite OPS, our engineers spent months getting to know the ins and outs of their infrastructure. They created network maps to document their extensive configurations. So, when something happens (and it always will), they can more efficiently troubleshoot it.

We Provide Elite OPS with:

  • IT Consultancy
  • Onsite & Remote Services
  • Hardware Care & Procurement
  • Cybersecurity Protection
  • Email Health & Maintenance
  • Data Backup & Business Continuity
  • Personalized & Professional Pro-Action Team

If you don’t have an IT company with expert service engineers that get to know your computer network personally, you most likely are experiencing a lot of unnecessary pain.

Check out our Managed IT Services

Read about our Customized IT Solutions

3: IT services for 3PL organizations must include clear WiFi coverage throughout their entire warehouse

Thirdly, most supply chain organizations have huge warehouses to manage their customers’ inventory. Elite OPS has a 450,000 sq ft warehouse with 60 ft Ceilings. They also have huge 30 ft shelves to safely store their customers’ goods. But these shelves end up blocking WiFi signals generated from low-level access points. And while large spaces and shelving units are perfect for their fulfillment services, they always present a challenge for WiFi coverage.

When we first began services for Elite OPS a few years ago, they didn’t have WiFi coverage at all. So one of our first major projects with them was designing and building a powerful wireless network. It provides them with Internet access at every square foot of their space. Mounting several access points from the 60 ft. ceilings has enabled their teams to stay in continuous communication with their customers, their management system, and each other. We implemented tools to remotely monitor the hardware on the ceiling to keep it fine-tuned, ensuring it works with all devices. Rarely do our technical engineers need to physically get up there to service them.

If you don’t already have a powerful wireless network that reaches every square foot of your fulfillment center warehouse, you need to find a good IT company to design and build it for you.

Read more about Integrinet IT’s WiFi/Internet Solutions:

WiFi solutions for a Boise manufacturing company

Customized High-Speed Internet For Your Unique Business: Case Study

4: Strategic network configuration for times of growth

Fourthly, with the E-commerce, logistics, and distribution boom over the last year, 3PLs have experienced an intense spike in growth. While this has been an exciting journey for Elite OPS, it has given them a lot to manage. Our service engineers worked long hours to assist them with their rapid expansion of services. They recommended and installed new hardware, software, cabling, security, and WiFi system in their new Georgia warehouse.

“Since we have been with Integrinet our business has quadrupled in size and we have expanded into another state – we added an additional warehouse in Georgia. Integrinet has been with us throughout our journey and has facilitated our growth with innovative solutions every step of the way.”

Elite OPS

So, if your 3PL business is expanding exponentially, you need an experienced managed IT service provider that has already set up the infrastructure for other businesses like yours. Choosing an IT company that is familiar with your specific industry’s needs and has actual experience taking care of 3PL organizations will reduce the time it takes to set up your network and thus your costs.

Free Crash course in Office 365: How it can help you grow your business

5: IT services for 3PL organizations & business-to-business cybersecurity

And last but definitely not least is cybersecurity. As a large 3PL company, Elite OPS interacts with countless businesses. They have the responsibility to keep their confidential and proprietary data safe. With ransomware attacks on the rise, it is more important than ever to fortify your network to safeguard your business as well as your clients’ and partners’ businesses. Integrinet IT’s service engineers and remote tools are working 24/7 to secure Elite OPS’s network. We monitor their servers 24/7, ensure they have a strong backup and disaster recovery plan in place, and administer employee security training.

Additionally, we perform security patches, operating system updates, hardware drive/firmware updates, and server monitoring. Server monitoring includes weekly checks of event logs. We ensure their hard drives have plenty of disc space to store data and data backups. Our service engineers watch for alerts that signal it’s time for equipment replacement. They make recommendations to purchase new equipment before the old fails or warranties expire. This minimizes downtime and cost. In the event of a crash or hard drive failure, they are covered by their warranties and backups.

Because you do business with other businesses, you need to keep your network cyber secure. Cyber gangs are working 24/7 to hack into large and small businesses. Don’t make it easy for them. Did you know that if you are hacked, they can potentially hack into your customers’ networks through your portal as well?

If you don’t have a strong defensive cybersecurity strategy that consists of multiple layers of protection, make the move now to reach out to an experienced IT company to help you get started.

Backup Solutions Decrease the Severity of a Ransomware Attack

IT Services For 3PL Organizations

In conclusion, while we haven’t been the reason Elite OPS has been exponentially growing, we have been behind the scenes supporting and securing their network so that they can.

“It’s important that our IT network runs at peak efficiency at all times so we can keep up with the demanding process this industry requires. Integrinet IT does that for us. They have been our managed service provider since 2017. Our service engineers are the best that we have ever had. They keep us at the top of our game.”

Elite OPS

If you are a Supply Chain Logistics & Fulfillment Center and in need of IT Services, give us a call.

Utah (385) 316-7202

Idaho (208) 510-0967

Backup Solutions: Decrease the Severity of a Ransomware Attack

With our Backup Solutions, we can help you decrease the severity of a cyberattack and minimize the impact on your business operations and proprietary data. Consistent off-site data backups will reduce the monetary impact of system and data recovery if a cyberattack is successful.

If you have been watching the news, you know about the recent onslaught of ransomware attacks on businesses. Due to cybergangs’ advanced strategies and widespread incidents, we highly recommend that you have an offsite backup solution. It is no longer just larger companies and billion-dollar enterprises that these gangs are targeting. They are now going after smaller companies like ours and yours.

Latest Ransomware Attacks

While cybersecurity solutions significantly increase our defenses, bad actors are out there searching 24/7 for any vulnerability they can use to penetrate our networks. Some of the most security-diligent companies have recently been attacked. There are even several local small businesses that these gangs have infiltrated.

How Cybergangs Work

When cybergangs find a vulnerability in your business’s network, they hack in, encrypt your data, and lock you out. In every file they have encrypted, instead of finding your data, you will find a .txt note that might begin like this: “Your files – photos, documents, and confidential data have been encrypted.”

The only way to recover your data is to enter a unique key that the cybercriminal gang will provide once you pay them an enormous fee – we’re talking $40K and up. If you pay, sometimes they will restore your data. Other times they won’t. And sometimes they will publish confidential files online or sell them to third parties who will use them for their own nefarious purposes.

  • REvil (also known as Sodin or Sodinokibi) is a ransomware gang that hacks into businesses’ networks and encrypts their valuable confidential data and then holds it for millions of dollars ransom. If the company doesn’t pay, the gang either permanently destroys their confidential data or publishes it online.
  • DarkSide is a cybercriminal gang that encrypts sensitive data including backups through Recovery as a service (RaaS).
  • Conti ransomware uses a double-extortion technique to encrypt data on an infected machine. Attackers from this group usually send a phishing email from an address that the unsuspecting employee trusts.

Backup Solutions: Tighter Security & Cloud Backup

After a breach, the outcome is never good, but we can help you decrease the severity of it by implementing tighter security and cloud backup solutions. If you have offsite cloud backup, you can at least recover your data without having to pay their ransom demands.

Because your current environments, quantity of data, and budget vary, the backup solutions we recommend are different. We strongly encourage you to talk to your service engineer today to identify the solution that will increase your defenses against these ruthless attacks.

Why Is Security Awareness Training Important?

Why Is Security Awareness Training Important?

Malicious emails are up 600% since the onset of COVID-19 and organizations are actively searching for solutions on how best to implement security awareness training for their teams. Business Managers are struggling with the following questions as they consider implementing a plan to train their teams:

  1. How do we train our teams?
  2. What is their current awareness level?
  3. How can we motivate them to take the training seriously?

The Root Cause of Security Breaches

The root cause of security breaches is a lack of awareness. Cybercrime groups are always looking to penetrate a network through our natural weaknesses and vulnerabilities. The frequency, cost, sophistication, and size of cyberattacks have been dramatically increasing over the past few years. Human error is the number one cybersecurity threat to businesses in 2021. It was a major contributing cause in 95% of all breaches.

Phishing Email Statistics

As mentioned before, malicious phishing emails have gone up 600% in the last year. Cybercriminals choose to use this technique because they know that most companies are not yet up to speed with security awareness.

The bad news is that the statistics aren’t looking any better for 2021. The trend continues with breaches such as the Colonial Pipeline, Marriot, and Nintendo.

So, cybersecurity is a serious issue for organizations in today’s world. Unfortunately, even one small click on a link in a phishing email can lead to crippling consequences. The costs are too high to ignore. Security awareness training should be one of an organization’s highest priorities.

Call us to learn more about Security Awareness Training.

Utah: (385) 316-7202
Idaho: (208) 510-0967

Backup Solutions: Decrease the Severity of a Ransomware Attack

Why Do We Resist Updating Technology?

Updating technology is a major concern for today’s businesses. Technology has rapidly developed over the last 40 years. And these days, it seems like tech companies are coming out with a new hardware or software version before we’ve even learned how to use the previous one. It sometimes feels like we are being manipulated into buying the newest fandangled devices and software features even though we don’t really need them. While it’s true that some of the new features solve real workflow issues, there are others that don’t seem to make any significant improvements.

On top of that, software updates usually outpace the need for hardware updates. There always seems to be a tradeoff when it comes to updating: If I update now, will my desktop computer, laptop, mobile phone, or tablet be able to handle it, or will I have to buy a new one?

And even with all the tech companies now offering monthly plans with “free” software updates, replacing hardware can get pretty expensive. This is why most of us resist updating our technology.

  • We don’t want to spend money on something before we actually need it.
  • We want to put to good use, for a good long time, the investment we have already made in our current technology.
  • We remember all too well how much we shelled out for it.

Plus, we like to stick with processes we know. And it’s usually not just us that have to learn the new system. Our entire staff needs to learn it too. Learning a new way of doing things initially slows down our productivity even if it later improves it. So, long story short, there are many opportunity costs to taking the time to retrain everyone.

The real reason for updating technology

The truth of the matter is, there is a balance between hanging on to the old and buying the new. That balance amounts to 3-5 years. Holding onto devices longer than five years means significantly increased issues, repairs and patches, and security vulnerabilities. This basically adds up to increased costs and slower, clunkier workflows

Here is why this is the case: Software applications are meant to interact with other software applications and hardware. And computers are designed to interact with other computers and devices. When there are incompatibilities between them, things get messed up. The result: Network Vulnerabilities. And cybercriminals are always searching for these vulnerabilities. That’s how and where they hack into our network to steal our valuable data.

Computers keep us connected

Computers connect us with the rest of the world – our clients, customers, partners, wholesalers, resources, and every other person we interact with and do business with. Because this is true, we have to keep our computer network compatible with the computer networks that belong to those people.

It is also the hard truth that if our competitors are updating technology, and it increases their speed and decreases their delivery time, our potential customers get used to being treated that well. They will come to expect that of businesses in our industry. And they usually come to expect it of businesses in every industry. This may not be a pretty picture, but it is the way it is. We all know it because we also play the consumer role in many of our relationships.

So, the bottom line is that we all are reliant on each other for personal and business relationships. We do a lot of interacting and communicating through technology. This is especially true in business. We conduct most business transactions over computers, phones, email, and the Internet. Speed and quality of communication and delivery are highly dependent on our level of technology. To achieve a high level of efficiency, it’s important that our hardware and software remain compatible with each other’s. Incompatibilities slow and break down the lines of communication. They also create vulnerabilities in networks.

Read about how communication increases net profit: Business Communication Increases Net Profit

Signs: Is it time to update technology?

Many of us (myself included – proud owner of an iPhone 7) avoid updating because we like to keep it simple and we don’t like to make purchasing decisions based on the latest craze. But now that we know that updating isn’t about that, we can make smarter decisions. (After writing this, I think I’m going to update to the iPhone 12 or maybe wait for the 13 coming out in September.)

There are actually signs we can watch for that indicate it is time to update technology. Three to five years is still a sizeable window. And four to five years is usually pushing it. Within this window of time, it would be good to know when our hardware is getting to what they call “End-of-Life” or EOL. When hardware or software reaches EOL, it means that the companies that design them stop making the parts and security patches for them. And again, most software companies now offer monthly plans which provide automated updates. So, our real concern is when to replace our desktop computers, laptops, tablets, smartphones, and other network devices.

The signs to watch for

  • The device is regularly running out of storage.
  • Updates cause your computer to have increasingly more issues (e.g., white, black, blue, green screens of death, colored stripes in places they shouldn’t be).
  • There are strange lovely noises coming from your computer.
  • You can’t even install the updates for your critical software.

Because we’re all on this ride together, we need to keep our technology current. So, hang on to your technology for the full three years before replacing it if everything is working fine. In years four through five, be extra vigilant in watching for the signs. Incorporate the necessary technology updates into your budget. One idea is to replace a percentage of your devices each year so you don’t have to replace everything at once.

If you need help with monitoring your software and hardware, choosing good machines, and keeping them fully functional within their life spans, give us a call: Idaho (208) 510-0967 or Utah (385) 316-7202.

Read more about the signs you need to watch out for: How Long Do Computers Last? 10 Signs You Need a New One

Phishing Email: A Comprehensive Guide to Protecting Your Data

Your IT staff can lock down your network like Fort Knox, but it only takes one accidental click in a phishing email to give a hacker the keys to walk right through the front door.

What is a phishing email?

Have you ever received an email that prompts you to do something like change a password or provide credentials, phone numbers, or email addresses? These are clues that the email may be a phishing email.

A phishing email is a scam email. It is “the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords, credit card numbers, or other sensitive details by impersonating oneself as a trustworthy entity in a digital communication” (Wikipedia).

Typically, phishing emails appear to be from a trusted source like Microsoft or your IT department. They might claim an account has been compromised or that it needs to be verified. If you click on a link in the email, it takes you online to the attacker’s spoofed site, which then prompts you to enter your credentials. If you fall for this, you put your own credentials right into the hands of cybercriminals.

Phishing emails pose a growing threat to enterprises as well as small businesses worldwide. The increasingly sophisticated strategies of threat actors make it difficult to recognize them. These types of attacks are some of the most virulent security threats out there. Clicking on one little link in an email or downloading an attachment may not seem like a big deal, but it could potentially cause considerable damage to your data, your business, and its reputation.

Differentiating a phishing email from an authentic email

It is especially important to be able to identify these fraudulent emails. Threat actors strategically design them so that it is difficult to tell them apart from authentic emails. If you are not sure something is real, get a second opinion from your manager or IT service engineer. It is better to be safe than sorry.

Below is an example of a phishing email that can be very believable.

Don't be fooled by phishing emails that appear like they are from a trusted source

Can you identify if this email is real or fake? It looks like a real Microsoft notification. However, you will notice the sender address is:

“department-service_msn@outlook.com.”

This email is not from Microsoft and should be deleted and ignored. Here is another example:

End User Security, Protect Against Email Phishing

The above image is a screenshot of a real phishing email that was received a few months ago. Although this email was easy for the recipient to identify as a scam, it is a good example of what you can look for. The red comments point to each of the clues that identify it as a scam.

Is it real or fake? Check out these clues

  • The sender appears to be within your organization, but you have never heard of him/her
  • You or your team do not use the services they are claiming you do
  • You trust the source, but the message is unexpected
  • The sender’s message does not make sense or uses poor grammar
  • The name of the sender is someone you know within your organization, but the email address is strange
  • The email looks official, but it is coming from outlook.com or gmail.com
  • The sender is asking for sensitive information
  • The email claims to be from someone within your organization, but the style and manner do not match routine communication protocols

A Phish Story

Recently, a business was hit hard by a phishing email opened by a single user. The scammer that sent the message logged into an employee’s email and sent an email to not only his coworkers but also his clients. The hacker said he was in a bind and needed someone’s help who had an Amazon account. He configured the email account to forward all emails to a spoofed email that was similar to the victim’s account using the same name and contact information.

Unaware of the situation, many of the recipients responded that they did have Amazon accounts. The scammer sent out another email to these individuals asking them to buy a $500 gift card for him and he would pay them back. Fortunately, someone figured out what was going on and the employee’s email account was recovered before anyone sent a gift card. But still, there was damage done.

Part of this business’s services included collecting and safely storing their clients’ financial data. When the clients realized that this company had been hacked, they feared their financial data and email addresses were not safe with them.

This was a hard lesson for the business owners to learn. Anyone can get hacked. But you and your team can reduce the chances by becoming more educated about phishing emails.

You have a part to play in fighting against email phishing

Your IT company secures your company using firewalls, data backups, antivirus, and a host of other tools. But these cannot protect your business against breaches caused by end-user vulnerabilities.

You and your team have a part to play in proactively protecting your organization and its data. As a team member, you are given privileges that, in the wrong hands, could cause a lot of potentially irreparable damage to your business and day-to-day workflow.

Crucial action steps to protect your company

  • Create and follow guidelines for communication within your company
  • Identify what should be communicated through email, phone, in person, or in text messages
  • Never give anyone else your password outside of the strictest circumstances
  • Emails from Integrinet IT will always be from integrinetit.com or integrinet.net
  • Emails from your team members and other departments within your company should only come from known email addresses at your domain name (i.e., yourdomainname.com, yourdomainname.org, etc.)
  • Watch closely for the clues mentioned in this article that alert you to phishing emails
  • Report suspicious email to your management and team
  • Participate in end-user security training
  • If you are unsure if what you are facing is a threat, avoid responding, clicking on suspicious links, or opening attachments and contact your management or service engineer.

If you feel your organization is not doing enough or needs help in securing your network from potential threats like phishing emails, contact your service engineer and start a conversation about it. We are always here to help and want to work with you to ensure your digital work environment is safe.

Microsoft Exchange Server Zero-Day Exploit: Update Now!

Starting in early January 2021, another pandemic in the form of a zero-day exploit has been taking advantage of on-premise installations of Microsoft Exchange Server. Threat actors have been attacking business networks around the world as quickly as COVID-19 attacked our global health.

What is a zero-day exploit?

A zero-day exploit is when attackers find an unknown vulnerability in software or hardware and then leverage it before security teams detect it and create a defensive patch. It goes unnoticed until attackers send their ransom note.

In this recent zero-day exploit, attackers searched for and found vulnerabilities in Microsoft Exchange Servers that many businesses use on-premise. The attackers exploited these vulnerabilities to access emails and obtain long-term access to business networks. Once inside a network, they withdrew valuable data and stored it in their own cloud servers.

The four flaws in Microsoft Exchange Server

CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065

Stealing Passwords & Searching for Vulnerabilities

Cyber attackers usually get into networks by stealing passwords. But they sometimes get in by searching for vulnerabilities as in the case of this zero-day exploit. Firewalls and antivirus software don’t detect the infiltrators because they basically steal the digital identity of someone who should have access. They can then create remote access to control the server and steal data from the company’s network.

Their end goal is to steal information. They scramble the organization’s valuable data so they can no longer access it. Then they use it for ransom. They may even destroy the network and data permanently.

National cybersecurity groups suspect a Chinese nation-state group, Hafnium, to be the source of these attacks. Microsoft engineers worked 24/7 to create the needed patches. They used out-of-band emergency patches. Out-of-band patches are fixes created and sent out immediately instead of waiting for the next scheduled update to issue them to the public. This means that Microsoft considered this threat to be very dangerous. All businesses should apply the update ASAP.

Hafnium’s Attack on Microsoft Exchange Server

Hafnium rents servers in the US even though the individuals themselves are based in China. They usually target organizations in the United States such as medical research organizations, law firms, universities, DoD contractors, and non-government organizations.

Even though this group is responsible for the initial exploits, there are many other bad actors that are moving in like vultures to take advantage of the situation.

Security Patches – Shields Up!

IT companies around the globe have been moving as quickly as possible to apply the updates and protect their clients.

The government department in charge of homeland cybersecurity reported worldwide exploitations. They have ordered all businesses and other organizations to apply Microsoft’s patches or disconnect email servers that are at risk. The direction has been to treat all organizations as if they have been compromised. If IT companies can’t find signs of the infiltration, they should disconnect the Exchange Server and rebuild it. Additionally, organizations should install and run security updates as an administrator as opposed to running them in normal mode. If you have made the mistake of doing this in normal mode, Outlook (for those who access it through their browser) and the Exchange Control Panel may stop functioning properly.

It has been a busy few months for our cybersecurity teams as well as others around the world.

One of the most important ways you can protect your technology is to keep it updated with patches and newer versions. This applies to all your computers, devices, machines, software, and servers. If you don’t keep them updated your vulnerability to cyberattacks increases.

Usually, Microsoft doesn’t provide patches for older versions of Exchange because businesses are responsible for keeping their technology patched and updated. But because of these global attacks, Microsoft has worked tirelessly to create more patches to protect those that still had older versions.

Give us a call if you need our help.

Read more about what’s been going on:

Emergency patch addresses MS Exchange Server zero-days

Mysterious Hades ransomware striking ‘big game’ enterprises

Microsoft Exchange attacks: Now Microsoft rushes out a patch for older versions of Exchange

What is a Zero-Day Exploit?

Is Your Business Network Vulnerable?

Is my business network vulnerable? That’s a question that keeps many business owners awake at night. Penetration tests for business networks often show that a network is most vulnerable from the inside. For example, it is not unusual when people write down their passwords and put them on their desks. I see it all the time.

Awareness of Local Exploitation

It’s important to be aware of the fact that there are vulnerabilities that can be exploited locally by individuals with the intent to steal data or cripple a business. Some might pose as a repairman or janitor. Some might be dumpster diving searching for information like account numbers, contact names, and numbers. And they want to breach your business to access your data.

The Value of Your Data

Your company’s data is the meat on the bones. It’s the most vital part of your business. Everything but the data can be replaced. So, if hackers can access your network and take your data, that can be devastating to your business. Too many businesses don’t realize how crucial it is to have their servers and networking equipment physically secure with a locked door or cabinet.

My Experience with Business Network Vulnerability

In my previous experience, I performed work for a large business that worked with sensitive, protected data. I brought it to the attention of management that the building’s network had a physically exposed element that could have been exploited by a hacker posing as a repairman or janitor.

This is why I continue to encourage the clients I work with to secure their network.

The following article (and video) is a great resource to understand how businesses can increase their network security. In non-techy language, it explains the most common network vulnerabilities. It even includes things like shoulder surfing, tailgating, and dumpster diving.

Read the full article: Common Types Of Network Security Vulnerabilities In 2020

At Least Put a Lock on the Door

The above article says businesses should have biometric authentication (fingerprint or face recognition) and access cards to protect servers. While I agree with this one-hundred percent, it is better than nothing to at least have a lock on the door and managers holding the keys.

A Construction Company Gets Hammered by A Keylogger

Every business needs #cybersecurity regardless of how small it is. This case study reported by the National Cybersecurity Alliance increases our awareness of this fact: The owner of a small family-owned construction company was notified that an unknown source initiated a $10K ACH transfer. They contacted the bank and learned that cybercriminals had made six transfers in one week from the company bank accounts, totaling $550K. How? Read the full story here. We are here to make sure you are protected from these kinds of attacks. Give us a call if you are in need of a free security assessment.

Read More…

A Firewall Is Critical for Business Security

Having a reliable firewall is extremely important in today’s environment. In the first half of 2019, 59% of MSPs reported Ransomware attacks on the companies they managed, according to a recent Datto Survey. The average ransom is $5,700. That is up 37% from the year before. You can see how essential it is to protect your server.

You must keep your guard up to keep nefarious actors out of your network. Your guard is your firewall. It protects your servers and infrastructure. There are many on the market and most are pretty good. Some last for years.

Keep Your Firewall Up to Date 

Keeping up with the latest technology is the best way to know which firewall to choose for your company. When researching, it’s important to know what you are doing because it can get pretty technical. Read the reviews and shop according to your budget. You should consider not only the purchase price but also the yearly services and support costs. Some businesses like the DIY option, but others prefer consulting with an IT Service company.

Fight Viruses & Hacking Exploits Floating Around in the Wild 

Maintaining a service subscription for your firewall will keep it up to date, which keeps your business safe from viruses and hacking exploits floating around in the wild. When you keep your subscription current, it will update your firewall with the latest version of firmware. Firmware is the software that runs the components in the firewall device and the software that runs it.

Prevent Business Operations Disruptions 

Support for your firewall allow you to call the manufacturer and talk to them about setup and repairs. If it has issues and you don’t have anyone who can log in and repair it, your Internet will go down. That disrupts your business operations, whether you’re working in the office or from home. This is happening more often than it should these days.

When Your Firewall Gets Too Old 

Your firewall is a critical piece of equipment. Keeping its support up to date is very important. Firewall companies only offer support for a certain period of time. After that period ends, you need to renew it. When the device gets too old, the manufacturer will no longer sell support for it. Once it fails, you will need to purchase a new one.

Without A Firewall for 30 Minutes – 699 Attacks 

Shipping times for new firewalls vary. You might have to wait for up to 3 days. That is a long time to go unprotected. We once tested what would happen to an Exchange server on the internet. It was password protected but had no firewall guard. Within 30 minutes, it was attacked 699 times by someone who was trying to hack through the passwords.

Understanding the importance of a firewall is paramount for a small business. If managed right, it will keep your confidential data safe from harm. We’re here to help you with that. Please give us a call to assess the state of your firewall. (844) 400-0616

Learn more about the Cybersecurity we offer!

Datto’s Global State of the Channel Ransomware Report 

Network Protection Best Practices – Maximize Your Value

Many small businesses don’t need an expensive complex data center to run their operations. But even with a small system, it is important to know about network protection best practices to maximize the value of your equipment.

Your network is composed of the interconnected computers, machines, and operations you use in your business processes to provide your clients with products and services. It includes hardware like your: 

  • Workstations 
  • Servers 
  • Switches 
  • Phones 
  • Access points 
  • Printers 
  • Firewall 
  • Routers 

There are some best practices you need to keep in mind to protect your company’s network and stored data. 

1. Create secure and clean spaces for network protection

Keep your server(s), switches, phone system, firewall, router in either a locked room or in a locked cabinet. Keeping them away from accidental bumps, knock-overs, or spills is just as important as protecting them from a breach. I have seen people knock over server racks that were not secure. I have seen people store cleaning products over servers that eventually spilled on them. No one needs these kinds of expenses when they can easily be avoided.  

2. Make sure these network spaces are well ventilated  

Choose spaces for your workstations, servers, and other network devices that are well ventilated. Heat is very hard on electronics, especially IT hardware. If you use enclosures, make sure they are well ventilated. Use containers with security screens, not those with sheer metal or wooden sides.  

3. Protect your network: connect it to an Uninterruptible Power Supply (UPS) 

Have a good business-type battery backup/Uninterruptible Power Supply (UPS). A basic home PC-type battery backup is not what you should be using on your server. Look for a Pure Sine Wave Device. Choose one that levels out the power as well as protects from surges. Dirty power that fluctuates constantly can be as hard on your equipment as power surges.  

4. Use Image-based backups for network protection 

Use an image-based backup, not just a data backup. An image-based backup will not only backup your data but also backup the operating system and its settings. If you have an image of the server, you can restore it much faster than if you only had a data backup. We are talking hours to restore, instead of days or weeks. If you are hit with ransomware which encrypts your data, you can wipe the server and restore the image quickly.  

5. Backup your network locally and offsite to reduce rebuild time 

Store backups locally and then offsite. If you only stream data to an online storage service, you can only retrieve it at the speed of the combined internet connections between their side and yours. I was working with a technician on a project once and he only backed up the data online and no image locally. They had a slow internet connection and only a data backup. It took about 2 days to rebuild the server internally with all the settings but then took over three weeks to stream the data from the storage service.  

6. Properly install firewalls to keep bad actors out without slowing business processes 

Use a firewall. They are not overly expensive to own. They keep bad actors out of your network. Have a professional install it so it doesn’t end up slowing down your business processes. You don’t want your firewall to get in the way of where you need to go. Most have content filters to keep your employees from going where they shouldn’t, which optimizes your productivity. 

These are some basic and best practices you should strive to engage in as a small business owner for network protection. None of them will break the bank. But neglecting them can eventually wreck you financially.  

Think ahead. Protect your network. The business you save will be your own. Schedule a free consultation with Joe if you’re in Utah or Fred if you’re in Idaho.

Cyberjacking – Security Alert

Cyberjacking has become a major problem for networks around the world. It is currently one of the top cybersecurity problems existing today. The term cyberjacking means hackers access your servers or workstations like parasites. They use your processing power to mine cryptocurrency. This exploit can be detrimental to your network and production. Because it uses your processing power, it slows down your network. A slow network decreases your productivity.  

This hack is difficult to detect and even more difficult to eradicate. It rewrites your server software and deeply embeds itself into your network. The best way to combat this type of malware is to wipe your server clean and restore from your image backups. That takes time and money.  

In one instance, I saw this attack come in through an email inside a PDF-looking document. When we investigated, the software was embedded inside a font. When an employee clicked and opened the file, the malware downloaded to the company’s network. Once running inside their system, it used the processor as part of their bitcoin mining operation. Servers keep logs of incoming and outgoing traffic. The cyberjacking malware erased these logs every minute to cover its tracks. It took over 2 ½ days to stop the attack and mitigate the damage. 

Protect your business from cyberjacking

It is important to protect your business from these kinds of parasitic attacks.

  1. Keep your firewall up to date with the latest virus and malware signatures.  
  1. Protect your email with filters either in Microsoft 365 or with another filtering service before it hits your onsite exchange.  
  1. Train your employees not to click on items originating from an unknown source. 
  1. Train them to validate even a trusted source to make sure requests for financial or confidential data transfers are genuine. 

Your due diligence is what keeps you safe. Give us a call for a network security checkup. Our service engineers are well versed on keeping your network secure.

This article on achieving PCI Compliance is also about increasing your cybersecurity in general: So You Want To Achieve PCI Compliance? Shields Up!

So You Want To Achieve PCI Compliance? Shields Up!

If your company accepts credit card payments, you know about PCI Compliance. Your network and system shields need to be up and secure when you handle your clients’ credit card information. Cybercriminals are always looking for ways to get past your shields.

The COVID-19 pandemic has pushed many businesses into increasing online and over-the-phone payment systems. While the virus is infiltrating our physical shields, criminals are seeking to infiltrate our digital shields. The pandemic has triggered the largest cybersecurity threat that we have ever experienced.*

When Shields Are Compromised

475%

Increase in malicious reports of cyberattacks related to the virus at the onset of the pandemic.*

41%

Of small businesses that have been breached paid more than $50,000 for resolution.*

60%

Of SMBs that suffer a data breach go out of business within six months.*

Just like we’re all putting our shields up by wearing masks and trying to social distance, we need to make sure we are shielding our systems and valuable data from the 4.57 billion people on the Internet (statista.com). (Can you see how this makes doing business with each other so difficult?)

These stats show why it is important to make sure your business is cyber-safe. Here are a few PCI DSS (Payment Card Industry Data Security Standards) tips to strengthen your shields and business continuity.

Achieve PCI Compliance by using strong passwords

Just like we have locks and keys to our homes, we need to have locks and keys on our network and systems. Create longer passwords with a mix of letters, numbers, and other characters (%$*&!@(). And change them often.

Read more about passwords and MFA

Patch your software

Make sure your IT service company keeps your software patched and up to date. Patching is fixing, improving, or updating a program with bugs or other security issues. Just like we strengthen our bodies with eating and exercise to prevent disease, your IT company strengthens your software applications with patches to prevent data breaches.

Encrypt all payment card data

Encryption creates another type of shield between the billions of people on the Internet and our data. Digitally scrambling data creates barriers that cannot be penetrated unless a user has the key. Selective shields, boundaries, locked doors, barriers, and walls are good. Sometimes they are a pain, but they are needed to sustain our physical and digital lives. And they are needed for PCI Compliance.

Remote access to your systems should be secure

Shields up! Our bodies stay healthy by having selective boundaries that keep some things out but allow other things in. Similarly, your business needs boundaries around your network. You want your vendors, employees, and customers to access your system from their businesses, homes, and mobile devices. Viruses and cybercriminals target these access points. Your IT service company should make sure your associates are using strong passwords and multi-factor authentication before your system lets them in.

Firewalls Are A Big Part of PCI Compliance

Shields up! Make sure your IT company has a firewall shielding your network from the Internet. This is like a cell wall that monitors all incoming and outgoing substances. Many of these substances have to have special keys to get in. A competent IT company will configure a strong firewall for your business among multiple other layers of shields.

Beware of phishing email

True to viruses in nature, hackers are evolving. Their attacks are more deceptive. They send emails that appear completely legit. If you haven’t expected a request for confidential data or information, don’t hand it over until you call and verify first. Your ability to differentiate is another layer of security.

For Compliance, Your partners should also be secure

We all know how easily the COVID-19 virus has spread. The same thing is true of digital viruses. If they are hacked, you could be too. The hackers can get into your system via the same portal your partners entered it.

Cybercriminals are always looking for ways to get past your shields. If you work with e-commerce, your shields need to be strong and secure to achieve PCI Compliance. But whatever your business, let’s work together to keep our clients, partners, and businesses safe.

Schedule a free security risk assessment with either Joe Nice in Utah or Fred Bauerfeld in Idaho

*Stats from: PCI Security Standards Council & U.S. Security, Exchange Commission, and Panda Security

Powered by Integrinet IT | © Integrinet IT 1998 - 2021