Category Archives: Blog

Posted on Author Atlantic Computer Services Categories Blog

3 steps you can take to protect your data in the Cloud

3 steps you can take to protect your data in the Cloud

Moving to the Cloud offers tremendous benefits for SMBs that range from lower IT costs to any-time access to data and certainly more reliability in terms of uptime. But, data in the Cloud is also vulnerable to security threats just like the data stored on physical servers. This blog discusses 3 things you can do to protect your data in the Cloud

Secure access: The first step would be to secure access to your data in the Cloud. So, how do you go about it? Safeguard your login credentials-your User IDs and passwords-from prying eye. Set strong password policies that are practiced across the board and educate your employees about good password hygiene. Also, do you have employees using their own devices to access their work-related applications and documents? Do you have staff working from home? Then, you also need to formulate strong BYOD (Bring-your-own-device) policies, so these devices don’t end up as the entry point to cybercriminals.

Educate your employees: What’s the first thing that pops into your head when someone talks about cybercrime? You probably picture some unknown person, a tech-whiz sitting behind a computer in a dark room, trying to steal your data. But, surprising as it may seem, the first and probably the biggest threat to your data and IT security in general, comes from your employees! Malicious employees may do you harm on purpose by stealing or destroying your data, but oftentimes, employees unwittingly become accomplices to cybercrime. For example, forwarding an email with an attachment that contains a virus, or clicking on a phishing link unknowingly and entering sensitive information therein or compromising on security when they share passwords or connect to an unsecured or open WiFi at public places such as the mall or the airport with a view to “get things done”, but, without realizing how disastrous the implications of such actions can be.

Choosing the right Cloud service provider: If you are putting your data in the Cloud, you need to make sure that it is in safe hands. As such, it is your Cloud service provider’s responsibility to ensure your data is secure and, accessible, always. But, are they doing all that is needed to ensure this happens? It is very important to choose a trustworthy Cloud service provider because you are essentially handing over all your data to them. So, apart from strengthening your defenses, you need to check how well-prepared they are to avert the threats posed by cybercriminals.

Complete Cloud security is a blend of all these plus internal policies, best practices, and regulations related to IT security, and of course, the MSP you choose to be your Cloud security provider plays a key role in all this.

0
Posted on Author Atlantic Computer Services Categories Blog

Google Forcing Accounts To Use Two Factor Authentication

Google recently announced that they’re planning to auto-enroll some 150 million user accounts into two factor authentication (2FA). The company prefers the term two-step verification (2SV).

The company had this to say about the planned move:

“…because we know the best way to keep our users safe is to turn on our security protections by default, we have started to automatically configure our users’ accounts into a more secure state. By the end of 2021, we plan to auto-enroll an additional 150 million Google users in 2SV and require 2 million YouTube creators to turn it on.”

If you’re not familiar with it, here’s how 2SV works in the Google ecosystem:

You start by logging in with your password. Once the system accepts that you’ll be prompted to confirm your identity via some other means. Here Google has done a great job and offers a number of options including text message to your phone, phone call with a temporary PIN, email with a temporary PIN, or screen tap with an associated smartphone. You can even use an associated iOS device.

This is just the latest move in a long term strategy Google is employing to make the web a safer place to work and play for the company’s legions of users. Although it will surely lead to a bit of grumbling virtually all privacy experts who have weighed in on the matter regard it as a good move and a powerful step in the right direction.

We can reasonably expect Apple, Microsoft, and other major tech companies to adopt similar policies. That means that nearly everyone else will follow suit.

Despite the fact that it’s a minor inconvenience it really is a good move that will make it significantly more difficult to hack into user accounts. It won’t solve the problem but it will put a serious dent in it and that’s a great start.

0
Posted on Author Atlantic Computer Services Categories Blog

Is the Cloud really risk-free?

Is the Cloud really risk-free?

The Cloud presents plenty of benefits that make it a very attractive choice, especially for SMBs who don’t want to be burdened with higher in-house IT costs, putting your data in the Cloud is not risk-free. Just as storing data on physical servers has its security threats, the Cloud presents certain security concerns as well. These include

  • Data breach: A data breach is when your data is accessed by someone who is not authorized to do so.
  • Data loss: A data loss is a situation where your data in the Cloud is destroyed due to certain circumstances such as technological failure or neglect during any stage of data processing or storage.
  • Account hijacking: Like traditional servers, data in the Cloud could be stolen through account hijacking as well. In fact, Cloud account hijacking is predominantly deployed in cybercrimes that require entail identity thefts and wrongful impersonation
  • Service traffic hijacking: In a service traffic hijacking, your attacker first gains access to your credentials, uses it to understand the online activities that happen in your domain and then uses the information to mislead your users or domain visitors to malicious sites.
  • Insecure application program interfaces (APIs): Sometimes, Cloud APIs, when opened up to third parties, can be a huge security threat. If the API keys are not properly secured, it can serve as an entry point for cybercriminals and malicious elements.
  • Poor choice of Cloud storage providers: A security lapse from the Cloud storage provider’s end is a huge security concern for businesses. It is very important to choose a trusted and experienced Cloud service provider who knows what they are doing.

Apart from the above, there are some common threats that apply to both the Cloud and traditional data storage environments such as a DDoS attack, or a malware attack where your data in the Cloud becomes susceptible because it is being shared with others and at other places.

Some Cloud security mechanisms that SMBs can invest in to keep their data safe

Cloud firewalls: Much like the firewalls you deploy for your local IT network, Cloud firewalls work to prevent unauthorized Cloud network access.

Penetration testing: Penetration testing is a sort of a Cloud security check where IT experts try hacking into the Cloud network to figure out if there are any security lapses or vulnerabilities that could serve cybercriminals.

Obfuscation: In obfuscation, the data or program code is obscured on purpose such that the system delivers unclear code to anyone other than the original programmer, thus mitigating any malicious activity.

Tokenization: Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.1

Virtual Private Networks (VPN): Another, more commonly used mechanism is the VPN. VPN creates a safe passage for data over the Cloud through end-to-end encryption methodology.

Investing in a good Cloud security system is a must, but, in the end, you also need to remember that Cloud security is not only about antivirus software, firewalls, and other anti-malware tools. You need to pick the right MSP and work closely with them to implement a Cloud security solution that works for you.

1https://searchsecurity.techtarget.com/definition/tokenization

0
Posted on Author Atlantic Computer Services Categories Blog

With Upcoming Release, You Can Sync Excel And Quickbooks

Are you a QuickBooks user? If so you’re going to be thrilled by the company’s recent announcement that Excel integration is coming soon.

You read that correctly. Soon you will be able to sync QuickBooks and Excel which should simplify your life a great deal. This is but the latest in a long line of similar moves Intuit QuickBooks has made.

Over the past few years the company has integrated their wildly popular software with a variety of other platforms like Bill.com, HubSpot, LeanLaw and DocuSign.

Alex Chriss is QuickBook’s Executive VP and General Manager.

He had this to say about the recent announcement:

Further reducing complex workflows through automation, coupled with powerful customization capabilities, will enhance performance and scalability and allow businesses at a critical point in their journey to reach a new level of growth…

Customers will be able to sync data between Excel and QuickBooks Online Advanced automatically. This much-requested capability will help businesses save time and further streamline data syncing at critical points in their business journey, whether they’re adopting accounting software or seeking enhanced reporting that delivers greater visibility into their operations.

Customers will be able to build custom reports, in a tool they already use, without compromising on convenience or accuracy of data.”

If you run a business of any size this is great news indeed. If you aren’t currently using QuickBooks and your current accounting software is leaving you underwhelmed now is a great time to give QuickBooks a try. It is a solution hundreds of thousands of business owners rely on. Given the large and growing number of integrations available it’s easy to understand why.

Kudos to QuickBooks for going the extra mile and working so hard to create added value for their customers.

0
Posted on Author Atlantic Computer Services Categories Blog

DDOS Attackers Are Targeting VoIP Providers

Hackers around the world are flexing their muscles.

For reasons that aren’t yet clear they have been launching distributed denial of service (DDOS) attacks against Voice over Internet Protocol (VoIP) providers and it is leading to widespread voice outages. VoIP provider Bandwidth.com is the latest company to fall victim to these attacks.

On the afternoon of September 25th the company began reporting a series of unexpected failures in their voice and messaging services. When the problem first began the company posted a notice on their status page that read as follows:

“Bandwidth is investigating an incident impacting Voice and Messaging Services. Calls and Messages may experience unexpected failures. All teams are actively engaged.”

In short order the teams leading the investigated uncovered the root cause. Threat actors were conducting a DDOS attack against them hoping to pressure the company into paying a Bitcoin ransom to make the attacks stop. The company opted not to pay and fought back to protect their network.

For now at least it seems that Bandwidth.com has won. However there is no guarantee that the attacks won’t increase in their intensity. David Morken is the CEO of Bandwidth.com.

Morken published the following on the company’s blog as the attack began to abate:

“Bandwidth and a number of critical communications service providers have been targeted by a rolling DDoS attack. While we have mitigated much intended harm, we know some of you have been significantly impacted by this event. For that I am truly sorry.

You trust us with your mission-critical communications. There is nothing this team takes more seriously. We are working around the clock to support your teams and minimize the impact of this attack. Our account managers and support teams have been actively reaching out to customers individually to address any issues. If you are experiencing problems and you haven’t heard from us yet, please let us know.

Real-time updates will continue to be posted at status.bandwidth.com. We will not rest until we end this incident, and will continue to do all we can to protect against future ones.

Thank you for your patience.”

Kudos to Bandwidth.com for their diligence and excellent handling of this incident.

0
1 71 72 73 74 75 236