Security

DIY Security: Why It’s Usually a Bad Idea for Most Businesses

Do-it-yourself is a popular mantra among many people building websites, doing home renovations, or marketing artistic and cultural products.  Unfortunately, however, it is not an appropriate approach for some things; like network security.  Just like a home renovation DIY project gone horribly wrong, organizations taking on cybersecurity roles outside of their core competency could cause themselves ruinous, avoidable expense.

Some companies make the decision to be wholly responsible for their network security intentionally, perhaps due to cost considerations, or a lack of understanding about the frequency and harm of security incidents.  For some companies, it was simply neglected, or a tiny startup in stealth mode grew too quickly for management to keep up with all demands.

The cost of network downtime for enterprises is $5,600 per minute, which is close to $300,000 per hour.

According to Gartner research, the cost of network downtime for enterprises is $5,600 per minute, on average, which is close to $300,000 per hour.  Worse, Ponemon research found that the average total cost of a data breach in 2016 was $4 million.  Protecting against that kind of risk is a job for professionals.  Keeping a network secure can be easy.  You just have to have the right help.

The True Cost of DIY

A business that has succeeded so far at maintaining security and operational performance may have saved thousands of dollars, yet based on Gartner’s findings, lose those entire savings within a minute or two of a critical network failure.  For companies that suffer prolonged downtime, the cost of mitigation, recovery, and reputation management could mean a lost quarter, or worse; considering that for many, a dropped deal or missed opportunity could easily drive the cost of a lost eight-hour workday into the millions of dollars.

Companies that consider themselves unlikely targets for hackers should consider the proliferation of ransomware attacks, as well as the many reasons that hackers attack corporate networks, such as attack method tests or demonstrations.  According to Kaspersky Labs, one in five businesses suffered a security event as a result of a ransomware attack in 2016.  The average ransom demanded is $300, but it can be much higher.  Further, until the ransom is paid, or the system is otherwise unencrypted, the victim accumulates costs from downtime, and 20 percent of ransomware victims who pay do not have their systems restored in return.

Given the low bar for ransomware demands, any company can be targeted.  As your company and its profits grow, it becomes a more enticing target for hackers.  Because of this, professional network security has become in essence a form of insurance.  Considered this way, effective protection is easily applied and inexpensive.  Achieving small monthly savings with DIY security is not worth the risk.  It amounts to a bet made against changing odds, and the stakes could be as high as the continued success of your company.

Additionally, time spent learning and applying skills outside of the business’ focus is taken away from that crucial role.  Let your IT team serve its primary purpose of supporting core business operations; leave securing your servers to a dedicated provider like Atlantic.net.

The Better Option

Specializing in your business is part of what makes your IT team valuable, and likewise, premium security is part of the value delivered by network service providers.  A survey by Intel security (PDF) found that the cyber security skills shortage, reported by 82 percent of companies, has already driven 60 percent to outsource at least part of their organization’s IT security.

Maintaining uptime and keeping company data secure can be challenging for many organizations, but meeting complex regulatory requirements represent another level of responsibility and difficulty.  While outside of the expertise of even most skilled IT professionals, HIPAA compliant environments and PCI compliant servers are among Atlantic.net’s specialties.  That level of security expertise gives companies in need of assurances against costly incidents, but without compliance burdens, full confidence that their IT systems are protected.

Managed services offered by Atlantic.net, from Dedicated Private Cloud to HIPAA and PCI-compliant plans, come with a fully managed firewall and an intrusion detection system, as well as a 100 percent uptime guarantee.  Trend Micro’s industry-leading Deep Security Suite, including anti-malware network security, and integrity monitoring, provides additional protection.

Private Cloud plans give customers dedicated infrastructure and uplinks, while Atlantic.net manages the provisioning of virtual machines.  Security analysis, load balancing, and daily backups are also available to further ensure continuous system performance.

Compliance hosting plans provide further protection, like automatic encryption of data at rest, managed backup, and log inspection to meet the most stringent security standards. All solutions are hosted in Atlantic.net’s fully audited, SOC 2 certified data centers.

Upgrade Easily

Fortunately for organizations upgrading to professional IT security services to meet the new threat challenge, help is available not just to provide the service, but to help you choose and implement the right solution for your business.  Atlantic.net provides a wide range of options, as well as custom packages, with the support of a team of dedicated veterans, for whom making businesses’ IT environments work and their security maintained, is a core focus, and a point of professional pride.

Between the costs of security incidents, the advantages of an IT team focused on core competencies, and the availability of strong security, organizations stand to benefit the most by shifting from DIY security to a more modern approach sooner, rather than later.  Some companies experience a small security incident and have a chance to adjust.  Some companies are less fortunate, and businesses and lives can be dramatically affected by avoidable situations.  Cautionary tales abound in the media about companies with almost good enough security.  Do not be the next cautionary tale.

 

Your security-focused hosting partner

At Atlantic.Net, we offer enterprise-grade solutions through our fully-managed Atlantic.Net Firewall and Intrusion Detection systems and TrendMicro Deep Security. With features like anti-malware with web reputation, intrusion prevention, integrity monitoring, and log inspection, TrendMicro Deep Security is a full-featured and cost-effective option for any hosting environment. Contact our Sales team today for pricing and availability of our Managed Security solutions! [email protected] or 888-618-DATA (3282)



Two-factor authentication – Is it necessary? How do I get my employees to use it?

Contributing writer: Ahmed Muztaba

Why two-factor?

Today, nothing is more valuable than information. Because the majority of online content is behind the lock and key of the so-called “deep web,” it’s no wonder that hackers are more interested than ever in ferreting out secure information. Today’s great heist doesn’t require a cat burglar. A mouse is easier to maneuver.

Two-factor authorization (or 2FA) arose as a bulwark against the hijinks of Internet pirates whose Trojan Horses and phishing scams were netting easy prey. The premise is simple: by requiring a second layer of verification, it makes your data twice as hard to access illegally. You can see this everywhere; from the chip-and-pin credit card requirements to the “secret questions” that some websites require their users to answer.

By reducing the points of vulnerability in your company, both company and employee sensitive data can remain far less likely of being breached. Requiring strongly-typed password used to be enough, but with the increase in computing power and prevalence of botnets, a person or organization with malicious intent can have an immense amount of resources to harness. This means that once touch-to-crack passwords are now much easier to crack. By requiring a second layer of authentication that requires a code to be entered within a given amount of time before expiring, this can greatly prevent widespread damage.

Read More


The Beginner’s Guide to PCI Compliance

Introduction

If your business accepts credit cards and other types of payments cards, you may have heard about something called PCI compliance. Payment card industry compliance (PCI compliance) is the meeting of guidelines developed by the PCI Security Standards Council, an open worldwide body formed to focus on payment card data protection during and following transactions. This article will explain the basics of getting started with becoming PCI compliant.

Read More



What is a VPN and do I need one? Find out!

As we continue to rely more on technology, keeping our information safe is becoming increasingly difficult. With Wi-Fi being the standard form of network communication for most business professionals who are on the go, the need for secure data transmission has become even greater.  Public Wi-Fi locations like coffee shops, the airport, and even your home and office are not safe when sending and receiving data. According to idtheftcenter.org[i], in 2015 alone there were over 177 million cases of identity theft reported.

How do hackers access my data?

The two most popular ways of someone accessing your data over Wi-Fi are sniffing and rogue access points[ii].) Sniffing is when another user nearby captures the data your computer transmits over Wi-Fi, and then reassembles it to look for passwords or other unencrypted account information. The aptly named rogue access point is where someone will create a Wi-Fi hotspot that appears to be legitimate, like “Free Starbucks Wi-Fi,” or “Airport Public Wi-Fi,” and then waits for users to connect to it. Once the user is attached to the hacker’s hotspot, the users’ data transmission is all captured on the hacker’s machine. The hacker can then use specialized programs to reassemble the packet capture to reveal what the user(s) was looking at and if any sensitive information or passwords were used. One of the most effective solutions is to encrypt the traffic going between your infrastructure and your home computer/laptop, which is why VPNs were developed.

Read More


Ransomware: Malware That Makes You Pay

ransomware-title

What is ransomware?

One of the fastest and most damaging cyber security threats falls under a category called “ransomware.” Ransomware is malicious code that encrypts all the user’s files and is usually downloaded unknowingly. This type of malware gets its name from what it does when a user tries to open an infected file: it prompts the user to pay a ‘ransom’ within a timeframe to receive a decryption key, which would then allow you to decrypt your files.[1] Even if you choose to pay the ransom, there is no guarantee you will gain access to your data. In this article, we will explain steps you can take to protect and secure your environment.

The numbers

Ransomware is a real threat to any business that allows user access, as it depends on users to spread it. Different industries also have different risks, with healthcare usually opting to pay the ransom to protect patient data, while the education industry has the highest rate of infection.  Other lucrative targets include classified documents, financial documents, and intellectual property[2]. With names like Telecrypt, iRansom, FSociety, and CryptoLuck, the goal of ransomware is all the same for their creators: making money. According to Lavasoft, the CryptoWall 3 ransomware cost users $325 million just in 2015 alone.[3] As ransomware grows and evolves, they become even more costly. At the end of 2016, one of the most harmful ransomware is named “Cerber.” Not only does it lock your files from being accessed, but recent variations have incorporated the stealing of personal information and scripts that cause your machine to target other servers.[4]

Source: https://info.bitsighttech.com/bitsight-insights-ransomware Source: https://info.bitsighttech.com/bitsight-insights-ransomware

Read More


Intrusion Detection Systems Confront Cyber Security & Cyber Crime Risks

Responsible businesses with sensitive data know they need a firewall to control traffic and secure their networks. What seems less well known, however, is the role that complementary technologies play in a comprehensive approach to cybersecurity.  An Intrusion Detection System (IDS) enables organizations to take a proactive security stance, which is why Atlantic.Net offers one for its security-conscious customers.

Amid all the headline-grabbing data breaches of the past year, the vulnerability of companies in industries like health care may be overlooked.  Data breaches began costing healthcare firms over $5.5 billion annually shortly after HIPAA became law, according to the Ponemon Institute.

Once online criminals have found a profitable target, they tend to return to it with ever more sophisticated attacks.  A report recently indicated that over 75 percent of the healthcare industry had been infected with malware in the past year, and noted that a shocking majority of ransomware targets medical treatment centers.

Cliches like the typical hacker being a teenager living in his or her parent’s basement are persistent, and harmful because they misrepresent the situation to the potential victims of hacking.  The numbers clearly show that hacking is now predominantly committed by sophisticated criminal organizations. Utilizing an IDS is a proactive approach to meeting that threat.

An Intrusion Detection System, or IDS, is a software application that monitors the network and hosting environment and analyzes activity on it.  Any activity which is considered unusual is ranked according to how high risk it is considered based on information from global threat databases.

Read More


Why One CIO is Pleased with the Cloud

Adnan Raja September 24, 2016 by under Cloud Hosting, Security 0 Comments

Like many other top IT executives in the public and private sectors, a CIO at the National Institutes of Health, Alastair Thomson, is guiding his agency’s staff toward the cloud.

  • Science is Getting Bigger
  • Big Data Fueling Push toward Cloud at NHLBI
  • The Power of Invisibility
  • Hello, I’m Available
  • Security as a Priority

Science is Getting Bigger

Science is ballooning. According to two bibliometric researchers, Ruediger Mutz of the Swiss Federal Institute of Technology and Lutz Bornmann of Germany’s Max Planck Society, the amount of published science is growing at 8-9% per year. “That equates to a doubling of global scientific output roughly every nine years,” explains the British journal Nature. “Bornmann and Mutz find that global scientific output has probably kept up this dizzying rate of increase since the end of World War II.”

Publication is of course not the only way science is growing, as CIOs at science-oriented organizations are reminded on an everyday basis by the scope of their projects. The data used for research used to be discussed in terms of megabytes, then gigabytes. Today, it’s typical for a project to be working at the level of terabytes or petabytes.

Read More


How Do We Prevent Hacking on the Cloud Through Authentication?

Sam Guiliano June 21, 2016 by under Security 0 Comments

Failure to adopt two-factor authentication (2FA) or multifactor authentication (MFA) can be a major and costly mistake for those using cloud services. Adding security can make it less likely that you get hacked. Here are some tips to incorporate 2FA or MFA into your business.

  • Could Hacking End Your Business?
  • Factors to the Rescue
  • How Does 2FA Work Exactly?
  • 2FA in Action – 3 Steps of Access
  • Trusted for Years

Could Hacking End Your Business?

Getting hacked and potentially bankrupted is one of those things that, like a car crash or an illness, can seem to be an unlikely threat until it happens to you. The figures for small business, though, are incredible: one in five small businesses get hacked each year, and 60% of those that do are bankrupt within six months. In other words, a scary percentage of small businesses get hacked each year, and for the majority of those that do, it’s “game over.”

Read More


New York, NY

100 Delawanna Ave, Building 1

Clifton, NJ 07014

United States

San Francisco, CA

2820 Northwestern Pkwy,

Santa Clara, CA 95051

United States

Dallas, TX

2323 Bryan Street,

Dallas, Texas 75201

United States

Orlando, FL

2201 Lucien Way, Suite 401

Maitland, FL 32751

United States

London, UK

14 Liverpool Road, Slough,

Berkshire SL1 4QZ

United Kingdom

Toronto, Canada

20 Pullman Ct, Scarborough,

Ontario M1X 1E4

Canada