17 Nov

How to Keep Business Data Secure While Working Remotely

We can all agree 2020 has not been the year we had hoped for last December. Far from it!

From the way we live our daily lives, to the way we shop for groceries or do our jobs, everything has been disrupted. As more and more businesses move their employees towards remote work, online security is becoming an ever-growing concern.

What started out of necessity is turning into a new business model. And this has been the trend for years now.

According to an analysis performed by FlexJobs and Global Workplace Analytics (GWA), a research and consulting firm based in San Diego, California, between 2005 and 2017, there has been a 159% growth in remote work.

Remote Work Growth
Source: “Remote Work Statistics: Shifting Norms and Expectations”, February 2020, accessed November 9, 2020 at www.flexjobs.com

This trend has accelerated even more as a result of Covid-19.

According to a recent survey by the Global Workplace Analytics (GWA) and Iometrics, a workplace services firm based in Irvine, California, work from home during Covid-19 has increased from 31% to 88%.

Remote Work Growth
Source: Global Work-from-Home Experience Survey, 2020, Accessed November 9, 2020, at www.globalworkplaceanalytics.com © 2020 Iometrics and Global Workplace Analytics

Here at SoftSys Hosting many of our employees work remotely as well. I myself have been working remotely for 10+ years now. While more and more businesses are making the shift towards remote work, we are also seeing concerning increases in online security threats.

With this in mind, we have compiled a list of seven tips you should follow to keep your data secure while working remotely.

7 TIPS TO IMPROVE THE SECURITY OF YOUR DATA WHILE WORKING REMOTELY

ONLINE SECURITY TIP #1: HAVE A CYBERSECURITY POLICY IN PLACE

If you are a business owner, you need to have a data security policy for your organization. Your cybersecurity policy should provide you and your employees’ guidelines on how to keep your data and your customers’ data secure. It should also provide recommendations on how to manage cybersecurity risks.

A good place to start is the National’s Institute of Standards and Technology (NIST) Cybersecurity Framework which includes best practices to help businesses manage cybersecurity risks. The framework has been used by 30% of US organizations, according to Gartner, and the usage was projected to increase to 50% by 2020.

Cybersecurity Framework
Source: Cybersecurity Framework, NIST 2015, Accessed November 10, 2020, at www.nist.gov | Image Credit: Natasha Hanacek/NIST

The Cybersecurity Framework consists of five high-level functions that are applicable to risk management in general, including cybersecurity risks. The five core functions depicted are: Identify, Protect, Detect, Respond, and Recover.

Start by assessing your organization’s ability to maintain data security. What data is being collected in your company, how are your data stored by your employees (on local devices, on internal company systems, in the cloud, etc.)?

Ensure that your employees are following workplace security policies. There are some self-evident rules that should be followed in any company (don’t use your work computer to access sites unrelated to your work) but you need to state them in a documented cybersecurity policy.

Once you have documented the policy, share it across your entire organization, and make sure your employees understand and comply with the rules.

ONLINE SECURITY TIP #2: SECURE YOUR WEBSITE WITH AN SSL CERTIFICATE

A Secure Socket Layer certificate (SSL certificate) does exactly that! It will encrypt, or conceal if you will, your data from hackers and bad actors. It’s basically a small data file that will digitally bind an encrypted key to a company’s details.  

In addition to encrypting data between your browser and the end server, the SSL certificate will also authenticate the server. In other words, it makes sure that your information is shared with the correct server hosting the website and not with a hacker who tries to steal your information.

While there are some free SSL certificates, such as Let’s Encrypt, we generally recommend a commercial SSL for any website that collects sensitive information. There are several reasons for that, but one good reason is free SSL certificates such as Let’s Encrypt offers no warranty if something goes wrong. All commercial brands will include a warranty. The vetting performed for a commercial SSL is also much more stringent.

At SoftSys Hosting we offer several trusted SSL certificate brands including Comodo, GeoTrust, Symantec and more.

Bottom line, if you collect sensitive information on your website, make sure to protect your customers’ data by using a trusted SSL certificate. By the same token, pay attention what website you and your employees are accessing. These days most browsers will show a warning if a website is not HTTPS secure.

ONLINE SECURITY TIP #3: USE STRONG PASSWORDS

Most of us dread setting up a password. We have so many of them and often times, out of convenience, we tend to either use a common word for a password (like our pet’s name) or use the same password for multiple systems.

According to a study performed by Digital Guardian on password security habits, 10.8% of the responders reuse the same password across all their accounts.

Source: Uncovering Password Habits: Are Users’ Password Security Habits Improving? (Infographic), 2020, Accessed November 11, 2020 at digitalguardian.com

However, I’ve heard of numerous cases where online systems were hacked due to weak passwords. According to a 2020 research by PreciseSecurity.com, 30% of ransomware infections in 2019 were caused by weak passwords.

I myself have been the victim of this when a hacker got into my Netflix account and changed my password. I guess the need to binge-watch Netflix can drive people to do strange things??  Luckily, I was able to fix that issue within minutes and none of my data was stolen.

I got lucky that time. Lesson learned!

Both NIST and the FBI recommend using passphrases over passwords for enhanced security.

“A passphrase is a memorized secret consisting of a sequence of words or other text that a claimant uses to authenticate their identity. A passphrase is similar to a password in usage but is generally longer for added security.” NIST Special Publication 800-63 Revision 3, Digital Identity Guidelines

As a business you need to ensure your employees use passphrases or long passwords with at least 8 characters in length, when accessing your systems. And if you have a lot of passwords, like I do, you might want to use a password manager. Some examples of password managers are 1Password, KeePass and BitWarden.

ONLINE SECURITY TIP #4: AVOID CONNECTING TO PUBLIC WI-FI

You can work remotely from anywhere if you have a quiet place and a good internet connection. Access to public Wi-Fi has been an enormous aid to remote employees these days. You can find free public Wi-Fi in coffee shops, restaurants, hotels, sometimes even in outdoor public spaces. But the truth is they’re not always secure. Sometimes though you might have to travel for work, and you might not have any other options but to use a public Wi-Fi.

In those cases, try to avoid Wi-Fi networks that don’t require a Wi-Fi Protected Access (WPA) or WPA2 password. Between the two WPA2 is more secure. You should also ensure that you have logged out from your systems when you finish working.

If you regularly use public Wi-Fi you can have a secure connection, even when using public Wi-Fi, by using a VPN service. A VPN can be configured in multiple ways. One popular way to configure a secure VPN service is as a Remote Client VPN (also known as Remote Access VPN).

This type of VPN configuration will encrypt traffic between your local device and the system/business software that you are accessing. Note that a Remote Client VPN won’t encrypt everything that you access through your computer. Only those specific systems for which the VPN has been configured will be secured.

The VPN will create a secure tunnel all the way, regardless of what Wi-Fi connection you are using.

There are multiple popular VPN solutions like VyOS, Vyatta, OPNSense, and more. Be aware though that some VPN providers might be the target of cyberattacks themselves. That is the case with unpatched Pulse Secure VPN servers who have been the target of malicious attacks.

ONLINE SECURITY TIP #5: KEEP YOUR COMPUTER SECURE

In today’s technological world we use our computers, laptops, smart phones every single day. In fact, what are you doing right now?

Most of us store work-related information on our local devices: client proposals, website descriptions, accounting information, login credentials, you name it! Hackers, scammers and other bad actors are becoming more and more clever these days. It’s almost as if their only purpose in life is to find new ways to steal your data.

From malware and ransomware to spyware, hackers will try anything to get their hands on your credit/debit cards, PayPal accounts, and other sensitive information.

According to a survey by Positive Technologies in the last quarter of 2019 credit/debit card information made up 32% of all information stolen. In other words, one-third of the information stolen by hackers was payment card information!

Source: Cybersecurity threatscape: Q4 2019, Figure 1. Attackers’ motives, Accessed November 11, 2020, at www.ptsecurity.com

What can you do to prevent hackers from gaining access to your sensitive data? Start with an antivirus. Some popular antivirus solutions are Malwarebytes, Avast, and Bitdefender.  You should set up regular automatic full system scans using a reliable antivirus solution.

But an antivirus is not enough! It will not protect your computer against malware and other types of malware attacks. You need a solution that’s specifically designed for that.

At SoftSys Hosting we have partnered with Acronis to bring you Acronis Cyber Protect, a security solution that integrates backups, disaster recovery, a next-generation anti-malware and cybersecurity into one single affordable and easy-to-use solution. The Acronis Cyber Protect solution can be enabled on any local computer, mobile device (Android/iOS), Virtual Machine, cPanel/Plesk Web Hosting Servers and more.

Lastly, when thinking about the security of your local computers you should make sure all your software is up to date. Software vendors often time include critical security patches when releasing a new software version. If you use software that’s no longer supported or End of Life (EOL) as it is often called, you are only increasing the risk of getting hacked.

ONLINE SECURITY TIP #6: BEWARE OF SOCIAL ENGINEERING ATTACKS

A social engineering attack is a type of email that aims to manipulate users into giving up sensitive information like passwords or bank account information. It typically aims to create a sense of urgency, fear, or manipulate emotions, and prompts the user to take some sort of action. This action could be clicking on a link or downloading a file on your computer.  

Two common types of social engineering attacks are:

1. Phishing – where the attacker pretends to be a legitimate business, like your bank or a popular retailer.

The term “phishing” was first used on January 2, 1996, and it’s an analogy to the popular sport of “fishing” because the attackers try to “lure” users into disclosing sensitive information. Since Covid-19 phishing emails have been on the rise as well.

In April 2020 Google disclosed that they’ve blocked over 18 million phishing emails and malware per day!

2. Email spoofing – is similar to phishing, except the attacker will “spoof” the email header. The email could appear to be from your bank, except the email domain will not be the bank’s email domain. In other words, the sender’s email will not match the sender’s name.

The Ohio Graydon-Toole Group has a great comparison between the two.

As a rule of thumb, your bank will never ask you to provide sensitive information via email. Most of these bad actors also have a lot of grammar errors, so pay attention! Most importantly you can configure an anti-phishing solution. If you use a commercial email service such as Microsoft 365 (formerly known as Office 365) there are multiple solutions available including Microsoft Office Advanced Threat Protection (ATP).

ONLINE SECURITY TIP #7: ALWAYS HAVE A BACKUP PLAN

You should always have at least one backup of your critical data! I cannot reiterate enough how important this is.

Most of us live hectic lives. There are so many things on our daily to-do lists, we often time forget (or ignore) the really important ones. Having an automated backup solution is not something that should be taken lightly!

But I never had a backup before and nothing happened! Why should I get one now!?

I’ve read about and seen countless cases of people losing their data and they would give ANYTHING to get it back. There are some fortunate cases, where they might find an old backup amongst their files, but I’ve also seen situations where everything has been lost.

If you get so unlucky to fall victim to a ransomware attack you might lose years’ worth of work if you don’t have a backup.

At SoftSys Hosting we offer Acronis Cyber Backup both as a standalone solution or bundled with our managed service package. Acronis Cyber Backup is a trusted backup and recovery solution that allows you to configure automated backups with an hourly/daily/weekly/monthly retention. And because backups are incremental you can take more backups without running the usage/costs high.

If you are interested in a managed backup solution, contact [email protected].

21 Oct

Increase the Security of Your Linux Servers With BitNinja Server Security

We are pleased to announce that we have partnered with BitNinja to bring you the ultimate server protection against WordPress, Joomla, and Drupal infections. 

The BitNinja server security solution has been around since 2014. It started as an in-house project when its CEO George Egri wanted to protect their own hosting company against malicious threats and cyberattacks. Today the company protects over 20.000 servers worldwide and their WAF has blocked over 40 million HTTP attacks.  

What Is BitNinja and How Can It Take Your Server Security to the Next Level?  

Security breaches can put your business at risk. Stolen databases, password hacks, malware, SQL injections, malicious scripts that can change your user’s passwords and gain access to your user’s accounts, you name it!   

Today’s digital world is full of security threats that can impact your business’ revenue and reputation.   

BitNinja server security helps you maintain a successful business by taking 100% responsibility of keeping your Linux server clean.  

“We were in search of an enterprise-grade security tool to provide all-round protection to our customers’ business servers. BitNinja turned out to be the perfect partner to help us address the ever-growing security vulnerabilities and hacks. We tune and tweak BitNinja based on our customers’ specific requirements and we are happy to say it has provided 100% protection! We are beyond excited to have partnered with BitNinja!” Ruchir Shastri, President & Founder @ SoftSys Hosting 

BitNinja Will Significantly Increase the Security of Your Websites! 

Here’s how BitNinja can help: it’s an all-in-one security solution that provides one of the BEST server security defenses available on the market today!  It’s supported on all popular Linux distributions (CentOS, Debian, Ubuntu, etc.) and requires zero changes to your server.  

Backed by machine learning technology that adapts to the latest threats, BitNinja combines a set of integrated defense modules into a single security suite that provides complete protection at the application layer, prevents your server from becoming part of a botnet, and protects you from incoming and outgoing DoS and DDoS attacks.  

Being a layered security system, BitNinja blocks server attacks at any threat level automatically, allowing you to protect your websites from unforeseen security threats and focusing on growing your business.   

Server Security

Easy to install and use BitNinja offers the following benefits:  

  • Improves your server’s load. 
  • Reduces spam. 
  • Protects your web application. 
  • Scans your web files for malware. 
  • Protects yourself from viruses (including email-based viruses). 
  • Detects and blocks port-scans. 
  • Protects yourself from Distributed Blacklists such as DNSBL. 
  • Proactively monitors malicious scripts & more. 

Protect Your Business and Customers from Security Breaches. Get Started with BitNinja Server Security Solution Today!

Achieve system stability and reduce the server load by activating the BitNinja proactive security defense shield and fixing your IP reputation for good.

The BitNinja security solution is available to SoftSys Hosting customers who own a Linux based VPS (fully managed or unmanaged) or a Linux-based dedicated server.  

The service can be added to a new or existing VPS account for as low as $16 USD per month. To help you get started we offer a 7-day free trial with full functionality. During this period, you can test it and see doing its magic. To get started with your free trial, please contact us at [email protected].

Once the service is activated, our team will install BitNinja on your server and provide you access to a dedicated dashboard where you can configure and manage your server’s security.

Secure Linux Server

If you’re not a SoftSys Hosting customer, and want to protect your business from hacks, data theft, IP blacklisting & more get in touch with us as well.

We’d love to help keep your business secure and profitable!

09 Oct

Why Online Security Should Be One Of Your Primary Business Concerns?

One doesn’t need to be a rocket scientist in order to understand why cyber security is important for your business. We are living in a digital age and we are so much dependent on the tech devices that we carry everywhere we go. The sensitive data on these devices can make your business and ruin it also. So, the data is always vulnerable to some extent.

Due to the COVID-19 pandemic, cases of cybercrime increased up to 600%, and October is marked as Cyber Security Month hence this is the perfect time for online businesses to take steps forward securing their business data.

In this blog post, we will discuss the types of various cyber-attacks and show you some serious statistics which will surely make you think about the importance of cyber security for your business.

Malware Or Malicious Software

Malware is software that is specifically designed to harm data and devices. There are different types of malware including computer viruses, trojans, spyware, ransomware, adware, worms, etc.

The total malware infections have been on the rise for the last five years:

  • 2014 – 308.96 million
  • 2015 – 452.93 million
  • 2016 – 580.40 million
  • 2017 – 702.06 million
  • 2018 – 812.67 million
  • 92% of malware is delivered by email.
  • Mobile malware on the rise with the number of new malware variants for mobile increased by 54% in 2018.
  • Third-party app stores host 99.9% of discovered mobile malware.
  • More than 250,000 unique users were attacked by Trojan-Banker.AndroidOS.Asacub malware application.
  • 98% of mobile malware targets Android devices.
  • Over the last year, MacOS malware has increased by 165%.
  • Malware development rates for Windows decreased by 11.6% since reaching an all-time high in 2015.

Ransomware

Ransomware is another form of malicious software. Unlike malware, ransomware threatens you with harm and by first encrypting your data to preventing you to access your data.

Ransomware attacks are usually deployed via social engineering tactics. Once a user falls victim to the attack, their data is encrypted and the attacker then demands a ransom from the victim, with the promise to restore access to the data upon payment.

  • Ransomware attacks worldwide rose by 350% in 2018.
  • Ransomware attacks are estimated to cost $6 trillion annually by 2021.
  • 50% of a surveyed 582 information security professionals do not believe their organization is prepared to repel a ransomware attack.
  • 81% of cyber security experts believe there will be more ransomware attacks than ever in 2020.
  • Ransomware costs businesses more than $75 billion per year.
  • The average cost of a ransomware attack on businesses was $133,000.
  • Businesses lost around $8,500 per hour due to ransomware-induced downtime.
  • 25% of business executives would be willing to pay between $20,000 and $50,000 to regain access to encrypted data.

Social Engineering

Social engineering is the act of tricking someone into divulging information or taking action, usually through technology. The idea behind social engineering is to take advantage of a potential victim’s natural tendencies and emotional reactions.

  • 98% of cyber attacks rely on social engineering.
  • Recent data breach statistics found that 63% of successful attacks come from internal sources, either control, errors, or fraud.
  • 43% of the IT professionals said they had been targeted by social engineering schemes in the last year.
  • New employees are the most susceptible to socially engineered attacks, with 60% of IT professionals citing recent hires as being at high risk.

Phishing

One of the most common types of online fraud is known as phishing, a term that arose in the 1990s. Put simply, phishing is a deliberate attempt to obtain sensitive information like login credentials or credit card numbers by masquerading as someone trustworthy. Targeted emails, or spear phishing, are reported by businesses to be used in 91% of successful data breaches and 95% of all enterprise networks.

  • 56% of IT decision-makers say targeted phishing attacks are their top security threat.
  • 83% of global infosec respondents experienced phishing attacks in 2018, an increase from 76% in 2017.
  • Business email compromise (BEC) scams cost organizations $676 million in 2017.
  • CEO fraud is now a $12 billion scam.
  • 30% of phishing messages get opened by targeted users and 12% of those users click on the malicious attachment or link.
  • Only 3% of targeted users report malicious emails to management.   53% of IT and security professionals say they have experienced a targeted phishing attack in 2017.

How To Ensure The Security

Cyber security solutions

Since cyber security is a major threat to all the small and large companies around the globe, the companies are now hiring professional cyber security experts, ethical hackers to fight with it, but small businesses still can’t afford to do it.

So here are some basic points which will help small businesses to tighten the security of their data.

  • Ensure the security of your staff information like passwords and usernames.
  • Arrange a proper training session and educate your staff about the precautions that they should take while using the company’s devices.
  • Keep your computers up-to-date and always use paid anti-virus and encryption software for maximum security.
  • Keep updating the security on employee’s devices.
  • Change your computer passwords and every account that you use every 60 days and ensure that the changed password is stronger than the previous ones.
  • Do not allow everyone to have access to the company’s sensitive documents.
  • If you can’t hire them permanently, at least hire the cyber security professionals on the contract base for 2 to 3 months every year so they can assist your IT security.

If you have any cyber security related issues, Softsys Hosting can address major part of them. Just take a moment and contact us.

04 Jun

How To Choose The Right Backup Service For Your Business Data?

Business data needs to be protected not only from ransomware or other cyber-attacks, but also from natural disasters. If your business isn’t well-equipped with measures that protect mission-critical data, then a single cyber threat can destroy your business in no time.

If your business falls prey to cyber attacks, loss of revenue can be as high as 20% and more. According to a recent cyber-security survey, 4 out of 10 businesses are certain to suffer huge losses and the number of businesses that are hit by cyber attacks is reported to be 29%.

Business can also suffer heavily in terms of its reputation, because it’s not just the revenue loss, but also the loss of loyal clients. Therefore, businesses need to design a robust strategy for data backup to ensure business continuity in the event of cyber-attacks or any natural disasters. In this blog post, we’ll outline some tips to choose the right backup service for your business needs.

Backup Security

Backup & Disaster Recoery

Needless to say that cybercriminals are becoming more and more sophisticated, so how safe is your business data in the backup server? Ask your backup provider how your crucial business data is protected on the backup storage. You should look for at least 256-bit Advanced Encryption Standard (AES) encryption in data storage and for Secure Socket Layer (SSL) while data being sent to and from the server. This will greatly minimize the risk that a hacker can intercept and steal the information being transmitted. Additionally, the backups must be taken on off-site data storage.

Backup Storage & Scalability

How much backup storage do you really need? Backup providers offer anywhere from 10 GB to unlimited space, giving businesses a wide range of options based on their requirements. Obviously, the amount of backup space offered is directly related to service costs. Hence, it’s best to determine how much backup space is needed so you can stay within your budget limits.

Also, find a backup service that offers scalability and agility so that your backup can grow as your business grows. While you don’t necessarily have to opt for unlimited space, your options include purchasing more space than you need or signing up with a vendor that offers flexible solutions.

Disaster Recovery

Hosting providers can make all the uptime guarantees they want, but the reality is that unforeseen events, such as cyber-attacks and natural disasters, can shutdown servers and render your data inaccessible. For instance, Amazon’s northern Virginia servers went offline due to severe thunderstorms, taking down major services like Netflix, Instagram and Pinterest. If large institutions like AWS can get hit, so can small businesses. While downtime is not always preventable, what’s important is to make sure the business data backup you choose provides an effective and efficient disaster-recovery plan to get you back online ASAP. This can mean anything from multi-location backups to cyber-attack mitigation.

Platform Support

A backup service doesn’t do much good if it doesn’t protect the data on all of your business devices, not just on servers or desktop PCs. In a typical environment, Mac and Windows systems comprise the bulk of laptops and workstations. Linux and Microsoft Windows Server are the most popular platforms for servers. Getting access to data from a mobile device is becoming not just popular but increasingly critical as mobile devices become more sophisticated and not only store more data but create it as well. At a bare minimum, Android and iOS devices should be considered as backup targets.

In many cases, organizations host virtualized infrastructure on-site as well as in the cloud and, since this is really just software, it should be backed up along with everything else. Therefore, you’ll need to ensure that your backup provider can support these requirements. Citrix, Microsoft Hyper-V and VMWare VSphere tend to be the most commonly used commercial products for creating and running VMs.

App-Specific Support

It’s equally important to consider app-specific options while choosing backup service. Some back-end business apps might need special capabilities when it comes to backup and restoration, especially complex, database-driven platforms such as big customer relationship management (CRM) apps and enterprise resource planning (ERP) solutions. Popular examples of such business apps include Microsoft Exchange, Microsoft SQL Server, NetApp, and Oracle, which all require special handling. The best options will have native support for backing up and restoring them. Otherwise, you will be left with trying to cobble together a backup solution that only works under the best circumstances.

Customer Support

Backup service providers’ product support varies widely. Customer support should be one of your service provider’s main selling points. By using a data backup service, you are entrusting your business’s operational foundation to a third-party provider. You want to know that they have your back when something goes wrong or you need help. While some offer excellent support, others may as well be nonexistent. Choose a vendor that can be contacted via multiple channels, such as phone, email, chat and even social media. Also, choose a service provider that will treat your data as if it was their own.

Our Recommendation

It takes a whole lot of research to select an appropriate cloud backup service for your business. It needs a balance of availability, configurability, price, security, and usability. In the end, the best cloud backup service will be the one that most closely meets your company’s needs because that’s the best way to ensure it’ll be easily adopted by your users.

Cloud Backup

Our datacenter engineers have tested a number of industry leading backup services and recommended Acronis Cyber Backup and Protection as the best choice among them all.

Acronis is a modern, quality cloud backup service having a number of uncommon features such as blockchain checks and ransomware monitoring. It also offers continuous backup and incremental backup features. It also offers you private, end-to-end encryption that is a very important security feature in this day and age. Unlike it’s rivals like Carbonite or Backblaze, Acronis is easy to set up and use. Here are some streaming features that we liked the most in Acronis:

  •   Multi-service management portal.
  •   Multi-tier cloud architecture.
  •   Comprehensive white-labeling.
  •   Straightforward pay-as-you-go pricing.
  •   12 data centers to choose from*.
  •   Extensive usage reporting.
  •   Feature and quota management.
  •   Single sign-on for multiple services.
  •   Backup operations dashboards and reports.
  •   Integration with RMM and PSA tools: Autotask, ConnectWise (Automate, Manage, Control), Kaseya, SolarWinds (Coming Soon).
  •   Integration with hosting control panels and billing systems: cPanel, Plesk, WHMCS, HostBill.
  •   Integration with marketplace providers: CloudBlue, AppDirect.
  •   A RESTful management API.
  •   User interface in 25 languages.

Key Data Protection Features

  •   Secure cloud backup storage from Acronis, Microsoft and Google.
  •   Flexible local and to-cloud backup options.
  •   Hosted self-service management portal.
  •   Full image and file-level backups.
  •   Data protection on 20+ platforms, including Windows and Linux servers, VMs, eight major hypervisors (vSphere, Hyper-V, Nutanix, Virtuozzo, Citrix XenServer, Linux KVM, RHEV, Oracle VM Server), PCs, Macs, iOS and Android mobile devices, Microsoft on-premises apps, SAP HANA, Oracle Database, Office 365, G Suite and websites.
  •   Initial seeding with physical data shipping.
  •   Customizable policies with backup schedule/frequency and retention rules.
  •   Wide range of recovery options: entire machine, ESXi configuration, single files and folders, databases, office 365 items, etc.
  •   Recovery to dissimilar hardware, including bare-metal, physical, virtual, or cloud environments.
31 Mar

Data Security Best Practices For Business

As per Gartner’s prediction, the number of cloud users will increase at a very rapid pace every year, and is not about to slow down. Today, more people and businesses utilize the cloud services in one or other form without even realizing they are doing so.

Unfortunately, being unaware of using the cloud also means that people aren’t always as protected as they should be. Just because you are using a cloud, be it AWS, Azure or Google, this is no way means that your data and servers are protected from hackers.

Business Data Security

These cloud computing services bring tons of changes to the business workflow, and as a result, companies require a new set of rules and a different way of thinking about its security. In this post, we’ll discuss some of the best approaches to secure your information on the cloud.

Install Robust Anti-Malware, Anti-Exploit & Anti-Ransomware

You might have heard of terms like, Spyware, Malware, Ransomware, Keyloggers, Rootkits, Adware, Backdoor shells, Hijackers and what not. The list of threats to server security is long, varied, and pretty scary. Even if you’re the most careful cloud user, malware can find a way to download itself onto your server.

For instance, an innocent looking email from your friend could in fact be a stealth method of exploiting security features, or it could be a widely spread ransomware encrypting entire file system. There are literally hundreds of ways in which your data can be compromised and entire operating system can be hijacked.

While most of the generic anti-virus software will do a good job of removing known threats from your

servers, intruders can still find loopholes to steal data, install backdoors to gain access, spy on your activity, hijack server resources to run malicious applications or encrypt sensitive information.

Difference Between Antivirus & Anti-Malware

Antivirus and anti-malware are two different cybersecurity concepts, and not to be used interchangeably. Of course, they both refer to cybersecurity software, malware is a more generic term while virus is more specific. The conventional antivirus software offers protection against classic computer viruses, but it cannot detect and address all types of infection like anti-malware software does.

To avoid your cloud instances from getting infected, it is necessary that you have an enterprise-class anti-malware, anti-exploit and anti-ransomware engine installed on your server which will provide real-time protection from viruses / malware entering your server.

In addition, you should also setup a full system scan by these engines at once every week so as to ensure that your system is completely secure and safe. We have a number of customers using “MalwareBytes” successfully with complete protection around-the-clock and our technical support staff is well versed to configure it appropriately for our customers. MalwareBytes adds an extra layer of protection to your cloud instances. It not only protects you from known threats, but keeps itself continually evolving for future threats.

Email Security

While you protect your cloud environment against advanced threats, a sophisticated enterprise-grade email protection is also an essential measure to secure emails against a wide array of threats. It’s proven fact that, 91% of hacking attempts are launched through email-based attacks. Taking stats into account, an email security must be the first priority for any organization.

Email Security

On top of your conventional email service, these email security provides protection against routine threats like spam, viruses and malware while also delivering the secure cloud email services. With this solution, your emails route through email gateway which enables you to improve security and system performance by thwarting known and advanced email threats before they reach your network.

It can protect your employee’s emails against advanced threats like spear-phishing, zero-day attacks, malware and spam. It uses keywords, pattern matching, file hashes and dictionaries to actively scan all email communications and attachments to stop data leakage and support compliance.

IDS / IPS – Network Level Security

When your cloud systems are online, this also opens up the possibility of hackers trying to get into them through known exploits or by using brute-force attempts. With growing security vulnerabilities across the web, it’s extremely important to have an external network security system in place which helps to protect your cloud servers. This network security system comprises of the below key components:

External Firewall

With external firewall in place, you can restrict access with fine-tuned rules to allow traffic from known sources or to allowed destination ports only. This also helps in ensuring that your server and website is PCI-DSS compliant to process secure transactions and store sensitive customer’s data including their credit card numbers.

Intrusion Detection System (IDS)

Intrusion Detection is a security management system for servers and networks which analyses each packet passing within a network to identify possible security breaches or intrusions. It can detect patterns typical of attacks or abnormal activity patterns and reports such activities to Intrusion Prevention System to protect it instantly.

Intrusion Prevention System (IPS)

After a possible security threat is detected by the IDS system, it is necessary to have a solution in place which blocks this access immediately to prevent systems from being exploited. Intrusion Prevention System (IPS) immediately creates rules to block this malicious access and keeps your system safe & secure. Both of these systems (IDS & IPS) work closely with each other to ensure complete security for your server & website. This also ensures that any / all traffic entering your system is scanned and free from any known vulnerabilities.

Web Application Firewall

A Web Application Firewall (WAF) is a firewall for HTTP applications that protects web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It applies a set of rules to protect web applications from common attacks such as cross-site scripting (XSS), file inclusion and SQL injection. It may come in the form of an appliance, server plugin, or filter, and may be customized to an application.

Web Application Firewall

By deploying a WAF in front of a web application, a virtual shield is placed between the web application and the Internet. While a proxy server protects the client machine’s identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server. A WAF runs upon the set of rules often called policies. These policies help to protect against vulnerabilities in the application by filtering out malicious traffic.

Remote Desktop Guard (RDPGUARD)

RDP (Remote Desktop) allows users to connect to a remote server from anywhere. Indeed RDP is a very useful feature, however it also has several security issues. When a malicious user launches the network/port scanners or RDP brute-force attacks on Windows servers, thousands of failed login attempts are generated and pages of events are being logged. Such attacks abuse your dedicated server resources (CPU, RAM, Disk Space and Network Bandwidth) and degrade the overall functionality of the server.

To prevent them, host-based intrusion prevention system (HIPS) like RdpGuard is implemented.  This protects servers from brute-force attacks on various protocols and services (RDP, FTP, SMTP, MySQL, MS-SQL, IIS Web Login, etc). It monitors the audit logs and detects failed login attempts. If the number of failed login attempts from a single IP address exceeds the normal limit, the IP address will be blocked immediately.

13 Jun

How To Ensure That You Choose Secure Web Hosting?

The Internet is full of exciting web hosting offers, all having their own set of features and pricing options. The main reason behind varying prices is the cost of latest hardware, server maintenance, and security. Some web hosting providers can offer hosting services at dirt cheap prices because they keep using outdated server hardware with no to little maintenance following poor security standards. That being said it’s important for you to choose the most secure web hosting available.

Web Hosting & Server Security

 

When you think of website security, the recent security breaches of major companies would come to your mind. Your site might not be that large, but whether large or small, secure web hosting environment is equally important for all. In this post, we’ll cover some key security features to look for in a prospective web hosting company.

Backups And Restore Points

While you look for web hosting services, a redundant backup is a mission-critical security feature you should check for. Simply, you can ask a potential web host about their backup/restore policy, backups retention, available backup set, etc.

Here are some of the questions you can shoot to a sales guy — How frequently backups are being taken, daily, weekly, or monthly? How many backup sets are available on any given point of time? How many backup restorations are allowed? Will the support reps help you restore your site from backup files? Do you provide account level backups or file/directory level backups?

Many web hosting providers include the daily backup service with the hosting plan, taking backup of your data on the daily basis. Whereas some web hosts offer weekly and monthly backups for free, but daily backup as an add-on service. Obviously, daily backups are the best option which allows you to restore the latest version of your website in case of data corruption or any other form of data loss.

An option of “manual backup” option is also offered, whereby you can take the backup yourself every time you have something updated on the website. It’s important to go through all the backup conditions before purchasing the hosting service. It would be good if backups are taken on secure offsite location rather in the server itself so you can always have trusted repository for the latest copies of data.

Antivirus And Malware Scanning & Removal

When sites are online, in a way there are exposed to online threats like hacks, malware, PHP shells, backdoors, spyware, viruses, and whatnot. There are fair chances your site also could get infected if sufficient security measures not taken by your web hosting provider. Sometimes, websites got hacked because of poor code, bugs, script/plugin loopholes or software vulnerability.

While you choose  web host, you should understand which protective actions they will perform to protect the site from these threats.  Ask the sales guy if their hosting server is installed with anti-malware, anti-virus software? Does the server run regular scans on the web files? Can customer run the scan itself from the control panel? In case your account is infected, can support help in identifying and removing the malware?

Most of the hosts provide real-time malware protection that can detect and quarantine the threat as soon as it is uploaded to hosting space. Real-time scanning keeps the sites secure and helps prevent site from being blacklisted in search engines.

High Uptime And Disaster Recovery

Uptime can be defined as the time a website stays online. Select a web hosting provider that can provide you with at least 99.9% (43 minutes and 12 seconds per 30 days) uptime or better. Note that a small outage is fine as long as you are just a start-up without many visitors. Typically, when web hosts fail to keep uptime promise, they pay you reimbursement for the downtime. Some host claim providing 100% uptime, which is not true in most cases.

Additionally, web servers must be equipped with the redundancy to protect against downtime caused by hardware, networking or power failures. In this setup, each device, server hardware, server cooling equipment, power supply matrix and networking devices run in pairs, with each one ready to take over the full load in case the other one fails.

Firewalls And DDoS Protection

Firewall & DDoS Prevention

 

Mostly of big and lucrative sites become the target of DDoS attacks. Distributed-Denial-of-Service (DDoS) attacks take place when a huge amount of traffic is sent to your site using cumulative resources of a number of zombie computers (online hacked systems). When this attack happens it renders the site useless to visitors. DDoS attacks can be prevented if web server is equipped with the hardware firewall at the edge of the network. However, there are limits to how well a firewall stops DDoS attacks.

Can your provider give you full DDoS protection? If yes what’s the capacity? Is it a hardware firewall or software firewall? At what stage will the network monitoring staff will inform you of potential problems that might affect your website?

If your web host offers all the features mentioned in this post, then you’re probably in good hands and they’re taking your network security seriously.

23 May

7 Steps To Ensure Your Business Is GDPR Compliant

Have you procrastinated and waited until the last minute (or past the GDPR deadline) to get your company’s data in order? We’ve broken it down into 7 steps to make sure you’re compliant:

Document Existing Data Policy

If you haven’t already, use this as a reason to get organized when it comes to your data. Create a folder on your company’s file system that will house all of the details regarding your data collection, processing, and storage.

We recommend starting with a data map to outline what data is collected by your business and where. From there, separate the data into categories so that you can more easily identify the lawful basis for processing each category of data.

Document diligently, as this could serve as proof in your defense if needed.

Understand The GDPR Requirements

Involve key stakeholders and executive leadership to place a high priority on cyber preparedness. These may include representatives from marketing, finance, sales, operations and any group that collects, analyzes, or makes use of customer data.

Make sure that everyone is on the same page in regards to the requirements of the new regulation and how your business must move to adhere to it.

Some key questions to ask:

  1. How will you have users give consent in accordance with the regulation?
  2. What is the process for deleting data?
  3. How will you ensure that data is truly deleted across all systems?
  4. How will you transfer data if requested by a consumer?
  5. What processes are in place to ensure that the person requesting changes is, in fact, the person they say they are?
  6. What is the outreach plan in the event of a breach?

Hire Or Appoint A DPO

Determine if you can simply add these duties to an existing position or if you’ll need to hire a new team member to do the job. Virtual DPOs are also an option as the regulation allows for a DPO to work for several companies as a consultant.

Identify And Correct Non-Compliant Processes

Compare your data audit to the requirements of the GDPR paying specific attention to privacy, rights and processes, data requests, data processing, and consent.

A large part of the compliance may be setting incident response plans. Under the GDPR requirements, businesses must report a breach within 72 hours of the incident. Make sure your team knows how to respond in the event of a security breach.

Conducting a risk assessment will also allow you to uncover Shadow IT. Matt Fisher, SVP at Snow Software, likens Shadow IT to an iceberg. “The iceberg effect poses a serious risk to organizations’ GDPR compliance as many are focused on the 10 percent of applications holding personal data that are visible at the water’s surface,” he says.

Other internal tasks to take on include:

  • Create a Password Policy.
  • Ensure your website is HTTPS.
  • Create a Data Retention Schedule and Destruction Policy.
  • Contact your contact base to prompt them to “opt in.”
  • Update your website’s Privacy Policy.

Communicate With Partners And Vendors

The risk of Shadow IT makes it critical to communicate with your third-party vendors and partners as well. Under the regulation, both data processors and controllers are liable in the event of a breach. That means, if you use a separate data processor who is not in compliance, your business is on the hook as well.

Report Your GDPR Compliance Progress

In Article 30 of the GDPR, it requires companies to complete the Record of Processing Activities (RoPA). This helps companies take inventory of risky applications and enables them to have a clear picture of how data moves throughout their departments and software.

Ask For Help (If Needed)

Feeling a bit overwhelmed? Ask for help. At Softsys Hosting, we’re fully prepared to help make sure you feel confident in your data storage and protocols.

23 May

The GDPR: Explained

As we near the enforceable date of May 25th, it seems that GDPR is the buzzword of the month. But what is it? And, more importantly, what does it mean for your business?

Doing your research and preparing now will not only help you stay compliant yourself, but also answer any questions your clients have about how you’re handling their personal data.

The Overview

In short, the GDPR stands for the General Data Protection Regulation and is a regulation in the European Union law. Developed in order return the control of data back to consumers, it also serves to simplify the regulatory environment around the world by simplifying and unifying the regulation within the EU.

While it may seem to be a recent focus for businesses and in the press, it was actually adopted over two years ago – in April of 2016. The renewed exposure is due to the fact that the regulation becomes enforceable on May 25th, 2018, after a two-year transition period.

The Details

The GDPR protects consumers’ personal data, which could be a wide-ranging list depending on how the governing body chooses to enforce it. In general, the GDPR aims to guard basic identity information (name, address, ID numbers), web data, biometric data, health and genetic data, racial or ethnic data, sexual orientation, and political opinions.

In order to protect that data, the regulation outlines the lawful basis for processing, definition of consent, guidelines to follow in the event of a data breach, among other requirements for compliance.

One example of a GDPR requirement is the right to be forgotten. This compels companies to erase personal data upon consumer request. The regulation also requires that data be stored “in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.”

Additionally, some companies are required to appoint a Data Protection Officer to oversee GDPR compliance and data security. The International Association for Privacy Professionals estimates that nearly 30,000 companies will need to hire a DPO.

Potentially the biggest area for concern lies in Articles 25 and 32. Here, the GDPR outlines the expectation of companies to be able to provide a “reasonable” level of data protection. However, the definition of “reasonable” is open to interpretation by the GDPR governing body.

The Impact

You may be thinking, “Whew – I’m not based in the EU, glad I don’t have to worry about compliance.” You may be right. However, if you have a presence in an EU country, process personal data of European residents, or have more than 250 employees, you are required to comply.

Furthermore, the GDPR holds both data controllers and data processors liable for compliance. That means that if you’re using a third-party processing service that is not in compliance, your business is not in compliance.

Ultimately, the goal of the GDPR is to force companies to change the way they process, store, and protect personal data. As a result of these requirements and fines, nearly 85% of US based companies believe that the GDPR will put them at a disadvantage to European companies, according to a study by Ovum.

The Enforcement

Governed by a group of Supervisory Authorities (one for each member nation), the GDPR gives these representatives the ability to conduct audits, review certifications, issue warnings, impose limitations, suspend data flow that is found non-compliant, and impose administrative fines.

Those administrative fines can be extremely high – in some cases as much as 4% of a business’ global revenue or $20 million, whichever is higher.

Management consulting firm Oliver Wyman predicts that the EU could collect as much as $6 billion in fines and penalties in the first year. Don’t let your company be among them!

27 Dec

Do I Need An SSL Certificate Installed On My Website?

You’ve probably come across that tiny green padlock in your browser’s location bar followed by the website URL. It indicates that the site you are browsing is equipped with the SSL certificate.

Being a website owner, you might also be wondering “Do I need an SSL certificate for my website too?”. But wait, before you get your question answered, let us know first what is an SSL certificate and what it does exactly?

What is an SSL certificate?

Secure Sockets Layer, shortly known as “SSL” creates a secure channel between your browser and the web server so that the information you transmit will be traversed in the encrypted form.

When the website you visit does not equip with the SSL certificate (web address starts with http:// only), all the information that your browser sends to the web server and receives is in clear text that anyone could read. So it’s possible that any malicious user (hacker or intruder) can intercept the web traffic to your website and could possibly retrieve the private user information.

When you set up an SSL certificate, your website URL starts with https:// ( mind the “s” for “secure”), so all the information sent and received is encrypted.  It’s vital when your site collects any sensitive data on your website like credit card information as you don’t want someone sniffing your customer’s private data like credit card numbers or personal information.

Do I really need an SSL certificate?

While not all websites require an SSL certificate, it is essential for certain types of sites. To find out if your site really needs an SSL certificate, go through these questions:

Do you run an ecommerce store?

If you run an ecommerce store, probably you’ll be accepting the payments through credit/debit cards.

In this case, an SSL certificate is indispensable to encrypt the customers’ credit card information.

Your customers submit very important information to your website, if an identity thief gets access to your customer’s credit card information it could be disastrous. So it’s your responsibility to secure the information you collect from your customers. When SSL is installed on your site, no one can intercept and misuse their credit card data.

Do you have login forms on your website?

Not all websites collect money online, some collect information. This information could be anything about related to your customers, like name, address, phone number and email address, etc.

Without an SSL certificate, these login forms can be intercepted easily. If you don’t want that information leaked, securing online forms with an SSL solutions is also a must.

Do you offer memberships on your site?

To become a member, your members are giving you their email addresses, names, and passwords, all of which they likely use on other sites. You should not take the risk of a security breach that could result in your members’ information being spread across the whole internet.

Are you serious about search engine optimization of your website?

During the last couple of years Google gives ranking advantages to websites featuring SSL protection. Those projects that don’t use SSL certificates are marked as unsecure in Google Chrome browser as well.

Conclusion

On the Internet, confidence is everything. No one would like to submit their sensitive information in plain text, right? Nowadays, visitors are also well aware of potential online threats and become more security conscious.

Many people would think securing a website with SSL is essential only if they’re selling products or collecting payment information. But they don’t realize that SSL encryption has other very important benefits. Such as your visitors will feel safer on your site when they see the green lock while accessing your website knowing it’s protected by a security certificate.

Also, the latest browser versions have started sending notices when you browse any website without SSL. So, it’s now important to ensure every website has an SSL certificate and is loaded via HTTPS.

01 May

How to Avoid Disaster Recovery

Avoid Server Disasters

While every business regardless of its size or its reliance on IT infrastructure should have a plan in place for disaster recovery, it is even more important to avoid or mitigate the damage from a business disaster in the first place. Business disasters can range from a data center fire to extreme natural disasters, such as a hurricane. Your IT infrastructure should be organized in a way that minimizes its overall exposure to business disasters and mitigates as much of their potential damage as possible if they do happen.

Here are the top 5 methods for protecting your company from needing to enact its disaster recovery plan in the first place.

Enterprise Hosting

Enterprise hosting is an increasingly common service that allows companies to outsource the hardware, maintenance and management of their software and applications. Many companies choose to use enterprise hosting services because it allows them to rely heavily on IT infrastructure to support their business without needing to develop their own expensive and complex in-house IT department. Enterprise hosting also allows a company to focus its IT efforts on product development and customer experience, while leaving the more mundane details of IT maintenance to a trusted and reliable third party with the resources and specialization to maintain the company’s software and applications for a much lower cost.

Using an enterprise hosting service also means that a large proportion of a company’s essential applications and software are hosted and maintained in a location that is not only separate from the company’s offices, but also designed to withstand accidents and disasters. Data centers are the most reliable locations for any form of IT infrastructure, which makes them the ideal place to safely run your company’s software and applications from.

The Latest Hardware and Technology

Using the latest hardware and technology for your IT infrastructure means that you have the most reliable support for your company’s network and software. Aging and outdated hardware and technology will be more prone to failure in the event of a disaster, which means that your company will be more exposed to data loss, network downtime and other similar IT infrastructure failures.

Identifying, acquiring and maintaining the latest hardware and technology for your IT infrastructure can be a very expensive challenge for all but the largest corporations. Most companies operate on dated, and even second-hand, hardware and technology, which leaves them extremely vulnerable to severe negative outcomes during disasters. By outsourcing as much of your IT infrastructure as possible, you not only ensure that most of your IT infrastructure is running on the latest hardware and technology at a professional data center, but it also provides you with the time and money to ensure that your essential on-site IT infrastructure is also able to use the latest technology and hardware.

Solid Network

A solid network ensures that your company’s IT infrastructure will continue to function effectively in the case of a disaster, allowing you to avoid any unnecessary and expensive restructuring, replacement and data restoration. Your company’s IT network is what allows all the different pieces of technology to communicate with one another and act as a secure medium for the operation of your applications and your company’s ability to communicate internally and externally. Weak networks are extremely vulnerable in the case of a disaster, which means that even otherwise intact IT infrastructure will be rendered useless as no individual nodes in your network can communicate with each other.

24/7 Service Monitoring (PRTG)

PRTG is a network monitoring software that provides unparalleled 24/7 protection for your network. PRTG is able to monitor the overall performance of your network and identify any potential problem areas long before they become an issue or cause any damage to your IT infrastructure. As advanced PRTG service monitoring may be, it does require professional oversight to understand the feedback and successfully apply remedies to your network. Professional data centers rely on PRTG to monitor all the company networks that they oversee, which means that outsourcing your IT infrastructure automatically ensures that you have 24/7 monitoring of your network by the most skilled professionals in the industry.

Data Center Certifications and Compliance

It is an unfortunate fact that not all data centers are created equally. Moreover, it is practically impossible for company owners or directors to be able to identify a good data center from a poor one based on sight and intuition alone. This is why the data center industry and regulatory bodies have developed strict requirements for certification and compliance standards, so that the end consumer can be assured that they are receiving a high quality service when they use an industry-certified data center.

Be sure that the data center that you use to outsource your IT infrastructure has all the latest certification from relevant industry bodies, which will ensure that your IT infrastructure has the greatest possible protection from business disaster. Data centers are designed specifically to protect the hosted IT infrastructure from damage and loss in the case of disasters and emergencies, and the certification ensures that you are receiving the highest possible level of protection for your IT infrastructure.

SoftsysHosting Offers All These Services and More

While it is impossible to keep your IT infrastructure completely safe from business disaster, you can ensure that it is as protected as possible by outsourcing most of it to a professional certified data center. Not only will your IT infrastructure have the best possible protection from business disaster, but you will also end up saving money, receiving higher quality IT services and allowing your in-house IT department to focus their efforts on product improvement and customer satisfaction, which is what ultimately drives sales and profit.

SoftsysHosting provides all of the above services and more for the most competitive prices in the industry, which makes them our top recommendation for protecting your company from business disasters and the need to enact your disaster recovery plan in the first place. There are many certified data centers and service providers, but SoftsysHosting stands above the rest for the quality of the services that they provide and the low price that they charge for these services.