Category: Blog

Will Business Operations be Disrupted When Moving to the Cloud?

Posted on by Elevate Services Group

Reduce Business Disruption When Moving Data To The Cloud

 

Business disruption when moving data to the cloud is inevitable but you can minimize the impact with proper planning and professional assistance from an IT MSP.

 

Cloud computing is fast becoming one of the most integral technologies in the business world and it’s not hard to see why. Cloud storage offers many benefits, including easy, secure access to business data, scalable storage that can be increased or decreased as needed, and significant savings as companies no longer have to purchase additional hardware and software to grow a business.

 

Even so, some business owners are hesitant to transition to the cloud because they are concerned their business operations will be disrupted while data is moved to a cloud server. This is certainly a valid concern as moving terabytes of data to the cloud will result in business disruption. However, there are ways in which a business can facilitate the transition process in order to gain the benefits of cloud computing without enduring long hours of downtime.

Know What Moves and What Stays

 

Many companies are moving 100% of their data and apps to the cloud but that doesn’t mean this is the best solution for every single business. Some businesses do best with a hybrid storage solution that allows some data to remain on office computers while other data and applications are moved to the cloud.

 

Once you have decided what to do with all your data and apps, it’s time to decide which type of cloud server you will use. Public cloud servers are ideal for many small to mid-size business owners as they are inexpensive, efficient, and have good cybersecurity standards. On the other hand, large companies and companies that need to remain compliant with strict industry regulations do best with a private cloud storage solution.

Pick a Good Moving Time

 

Once you know what moves and what remains, choose a transition time that best suits the needs of your suppliers and clients. Companies with peak seasons and slow seasons will naturally want to transition to the cloud during a slow season to avoid inconveniencing clients. Even companies that are busy year-round will find that certain times of the day are slower than others. Data transition doesn’t have to happen all at once; it can be broken up into different time periods to suit your company’s needs.

Make Sure Your Data is Encrypted as it Moves

 

Cloud security does not ensure your data is safe as it moves from your computers to the cloud. You will need an encrypted connection to keep your valuable information safe as it transitions; otherwise, cyberhackers will be able to access it while it’s being moved.

Get Professional Help

 

Moving large quantities of data to the cloud is no small feat. A lot can go wrong; in fact, more than 40% of companies experience a failed or stalled cloud implementation when transitioning some or all a company’s data to the cloud. Professional help from an IT managed service is one of the best ways to ensure the transition is efficient and successful.

 

Elevate Services Group is a leading IT managed service provider in Denver. We provide cloud transition and storage services in addition to IT network monitoring, email security and encryption, business continuity planning, and more. Give us a call at your convenience to find out more or to make an appointment with our IT team.

Chrome Users Need to Update Now

Posted on by Elevate Services Group

Why Google Chrome Users Should be Concerned About Security Patches

 

Does Your Organization Use Google Chrome? Find Out Why Recent Security Flaws Have Created an Urgent Need to Update Your Devices’ Browsers Immediately  

 

 

If users in your organization use Google Chrome, there is a high chance that several of those systems are creating an opportunity for hackers to install malware. Google recently identified a major security flaw with its Chrome browser that impacts Windows, Mac, and Linux-based devices. Although Google has released a security patch to correct the security vulnerabilities, the patch fixes two separate problems.

 

Security Vulnerabilities

 

One of the security vulnerabilities Google identified is Chrome’s audio component. The other vulnerability is tied to the browser’s PDF library. Both allow unwanted modifications or corruptions to memory data. This allows hackers to elevate privileges on the device or within applications installed on the device. If someone is able to gain administrative access to a system or software on a system, the individual could make unwanted changes or wreak havoc on the device’s operating system. There is also a high chance that a hacker could install malware or execute malicious code on the device.

 

Version

 

The version of the browser that fixes the security issues is 78.03904.87. Although the Chrome browser may be configured to automatically update itself in the background upon launch, it is a good idea to manually check each device. The browser can be manually checked by selecting the Help menu and then “About Google Chrome.” If there is an update available, the browser will automatically search for it and find it. The browser’s version will also be displayed in the “About” section. If the listed version is 78.03904.87 or later, then the device has received the necessary security patch.

 

If there are problems with the browser updating, it may need to be removed from the system and reinstalled. Some organizations have an automatic process to uninstall and reinstall applications from the server once the devices connect to the organization’s network. Reports can be run to see which systems still have outdated versions and technicians should manually check those systems to diagnose why automatic updates are not going through.

 

Other Considerations

 

A system that is not receiving automatic updates from Google Chrome may have other issues. Technicians should check for the following:

 

  • Is the anti-malware program up to date and running correctly?
  • Is the OS receiving approved updates and are these updates installing?
  • When was the last time the system pinged the network?
  • Has the system been restarted recently?
  • If the system has been disconnected from the organization’s network, how long has it been offline?
  • Has a malware scan recently been run? Were any malicious items identified and removed?
  • Are there are any suspicious executables or unauthorized programs installed?

 

Sometimes wiping a system and completely reinstalling the OS are the best courses of action. Signs that a device may be too infected, corrupted, or outdated include the presence of unauthorized or suspicious applications, more than 100 pending OS updates or a previous update date that is more than a month old, and an anti-malware program that will not update or run a scan correctly. Before wiping a system and reinstalled the OS, a technician should check for and back up any user data that may be installed on the device’s hard drive. However, the data should be carefully scanned for any malware infections prior to transferring it back onto the system.

How to Find the Best Microsoft Support in Denver

Posted on by Elevate Services Group

Microsoft Support in Denver

Discover how to find a top-tier IT managed service in Denver that offers Microsoft support and training in conjunction with other important tools and services.  

Microsoft Office usage is growing; in fact, there are currently over 155 million Office 365 business users in the world, along with 500,000 companies that use Microsoft Teams. These tools have a lot going for them; however, chances are you aren’t getting as much out of them as you could be with expert, customized support in your local area. The following are some ways in which Microsoft Support in Denver can help you grow your business.

Training

Do all your office staff members know how to use Office 365 properly? Are they aware of shortcuts that could make their work fast and easy? Do they know how to keep Office 365 files secure? If not, an IT managed service that offers Microsoft training can help your employees learn how to master the many features Office has to offer.

Elevate offers free Microsoft training to all its clients. The training sessions are done via webinar to allow your business to offer the training at the time and place that best suits your needs. Ongoing training sessions cover all aspects of Office 365 so your employees know how to use the most important features in any given program.

Avoiding Downtime

Office 365 has an uptime rate of well over 99%; however, that doesn’t mean you’ll never suffer downtime while using Office programs. Common causes of downtime may include a cyberattack, IT equipment failure, human error or a cyberattack. When downtime happens, the results can be devastating. Experts estimate that the average cost of downtime is a whopping $5,600 a minute.

One of the best ways to prevent IT downtime is to partner with an IT service provider in your local area. Localized IT MSPs offer 24/7 IT monitoring and assistance to keep your systems running at all times. If a problem occurs, experts will immediately come to your aid to not only fix the issue but also prevent it from reoccurring. Furthermore, IT managed service providers offer top-tier cybersecurity programs to keep your system safe from common cyberattacks such as phishing, ransomware, malware, and DDoS.

Introducing Your Microsoft Support Company In Denver

Are you looking for an IT managed service that offers Microsoft support in Denver along with other important IT services? If so, Elevate maybe your best option. The company offers a wide range of services, including:

  • Microsoft training and support
  • Cyber and network security
  • Scalable cloud storage solutions
  • A comprehensive technology assessment that enables you to see what needs to be done to improve your business IT in order to successfully grow your company.

Elevate is a Denver-based company run by experienced former business CEOs and CTOs who are not only familiar with cutting edge IT solutions but also the needs of small and medium-sized business owners. Get in touch with us to learn more or to make an appointment with one of our IT experts.

What Are Your Company’s Responsibilities Following a Data Breach?

Posted on by Elevate Services Group

 

Learn from Marriott’s Example: Notification Responsibilities After a Data Breach

 

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. Know the laws in your state.  

 

 

To answer this question, let’s start with the example experienced by Marriot International recently when a breach exposed the social security numbers of the hotel chain’s associates. Then, we’ll look at the federal and state requirements for notifying those impacted by a breach that involved their data.

 

How Did Marriott International Employees Fall Victim to a Data Breach?

 

Marriott International told some of its employees that their social security numbers (SSNs) had been exposed to an unknown person. The risk came from a vendor that handled documents for the hotel chain.

 

On September 4, 2019, Marriott found out that someone access information recorded on those documents, which included subpoenas and court documents. The notification, which came two months after the incident, merely stated that someone may have accessed the records, which is all hotel representatives claim to know. The potential breach impacts over 1,500 Marriott employees. On October 30, the hotel started sending notifications via regular mail for anyone it hadn’t been able to find.

 

Those impacted will receive free credit monitoring as well as identity theft protection for one year at the company’s expense. Notification and credit monitoring services are part of recent data breach laws, but one must wonder what took Marriot so long to notify the victims.

 

Why Did Marriott Have a Difficult Time Finding Victims?

 

Marriott received a list of those impacted, but most had no address. This may be the most significant factor in the delay. And, it’s not an unusual one. Company records breached by hackers may be incomplete in the best of circumstances, and this information was sitting in several external systems.

 

The unnamed firm said all Marriott employee data was deleted from its system. One of the problems in cases like this is storing data in multiple systems, which increases the risk of theft and data breaches. Marriott no longer partners with the vendor.

 

What Are Your Company’s Responsibilities in Case of a Data Breach?

 

The FTC recommends following these steps, some of which are legally required.

 

Secure your Operations

 

Move quickly to take whatever steps are needed to secure your systems. Otherwise, your data breach can result in a series of breaches. Mobilize or form a breach response team to shore up your network against further loss.

 

Fix Vulnerabilities

 

As part of the fix, you need to anticipate questions that clients, associates and the authorities may have. Put together clear questions and answers to post on your website. Direct communication may ease frustration and concerns, especially if it takes some time to identify those impacted, as in the Marriott cases.

 

Work with forensic experts to track to determine what records were at risk.

 

Notification

 

Most states, the District of Columbia, the Virgin Islands and Puerto Rico have passed legislation regarding notification of security breaches. You must notify the affected parties when personal information is involved. Check the laws in your state as well as the federal laws and consult with your legal team regarding your responsibilities.

Achieving Success with Information Technology

Posted on by Elevate Services Group

Why Organizations Need to View IT as Central to Success and Profit

 

Think Your IT Department is Simply There to Make Repairs and Solve Minor Problems? Find Out Why It Should Be the Center of Your Organization’s Long-Term Strategy. Information technology (IT) is more than a critical function. A well-run IT department should be integrated into an organization’s overall strategy. In fact, a comprehensive IT department should be at the center of organizational strategy. Within a firm, IT can include the following:

 

  • End-user computing devices
  • Networks and network infrastructure
  • Operating systems
  • Software applications
  • Data storage
  • Telecommunications
  • Internet service
  • Telephone systems

Using IT As a Strategic Asset

According to leading industry experts, even when leaders are aware of what constitutes the IT department’s purview and assets, there is a tendency to overlook IT’s potential. Yet, technology assets can be leveraged to ensure the organization runs as smoothly as possible. When an IT department and its assets are finely tuned, leaders can focus on identifying opportunities and innovative technical solutions. This includes innovative technical solutions that can be either used by the organization or leveraged by it. Consequently, the IT department and its assets become more cost-effective. With the right type and degree of investment, IT can help turn a profit for the firm.

 

Centralizing IT

When elevating IT and its assets to the center of organizational strategy, it is crucial to think about three areas. Those areas are:

  • Income
  • Growth
  • Strategic planning

 

IT can generate income through innovative solutions, but also by streamlining internal costs. This is usually achieved through the automation of processes and by increasing the efficiency of processes. Growth goes hand in hand with innovative solutions and increasing the efficiency of internal processes. By being able to meet client needs and drive market behaviors, an organization can use IT to establish a competitive advantage. Establishing and maintaining a competitive advantage to stimulate long-term growth is an essential part of any strategic plan.

 

Reasons to Leverage IT

The number one reason why it is important to leverage technology-related assets is due to the industry’s pace. Changes in technological advancements and capabilities happen at lightning-fast speeds. Without proper strategic planning, analysis and leverage of internal IT capabilities, an organization can simply not expect to succeed. IT can not only be a means of survival, but a point of differentiation. Technical expertise and advantage can reduce costs, create markets, better meet client needs, and make the entire organization more efficient. Neglecting IT or viewing the department and its assets as a necessary evil can backfire as others find ways to make technology generate revenue.

For those who deserve our utmost respect… 

Posted on by Elevate Services Group

November 11th is Veterans Day… 

A day where we stand united to honor those who are currently serving and those who have served – those who sacrificed for the common good of our country. 

 

And for all they’ve done, we say thank you. 

Thank you to those who have and those who continue to place themselves in harrowing situations in the name of protecting our freedom. 

However you’re planning on spending the day, remember to take a moment to think about these exceptional men and women.

Veterans Day

What Does Effective Cloud Security Look Like?

Posted on by Elevate Services Group

What is Effective Cloud Security?

Is your cloud storage service 100% secure? Here are some points that can help you keep your valuable business data safe from breaches now and in the future.  

Cloud Security

There are many good reasons for a business to use the cloud to store business documents. Cloud usage saves a company money, boosts productivity, and enables employees to communicate with each other with ease. Furthermore, the fact that it’s scalable allows a business to adjust the amount of cloud storage space used at any given time.

Even so, it’s imperative to ensure that all business data stored on the cloud is 100% secure at all times. Following is an overview of what effective cloud security looks like for your consideration.

Make Sure Cloud-Based Apps are Secure

Numerous businesses run one or more apps on the cloud. Common options include Microsoft 365, Salesforce.com, Google G Suite, Dropbox and GitHub. Make sure these are secure by patching security flaws as soon as they are discovered.

Pay Attention to Encryption

Good cloud storage servers will secure your data on the cloud. However, that doesn’t necessarily mean your data is secure as it travels to and from the cloud. An employee who uses an unsecured network may be exposing valuable data to breaches as he or she sends files to and from your company cloud. You can avoid this problem by having a reputable IT managed service set up a secure network and provide employee security training.

Limit Data Availability

How many employees have access to sensitive business data? Do all these employees need access to the data in question? These are important questions a business owner should ask on a regular basis. Most data breaches are caused by human error. Regular cybersecurity training sessions for employees can reduce the odds of a data breach but it’s also wise to ensure that valuable business data can only be accessed by those who absolutely need access to it.

Have a Security Plan

Every business should have a plan in the event cloud storage data and/or apps are found to be vulnerable to hacks or actually breached. Such a plan should include:

  • A way to remotely delete data so it does not fall into the wrong hands
  • A back-up solution so that data stored on the cloud can be retrieved from another source
  • A strategy for notifying customers and business partners about the breach

Cloud Security Solutions for Denver Organizations

The above-mentioned tips should not scare you out of using the cloud for your business. Research has shown that cloud storage is more secure than a physical data center; what is more, it is also incredibly cost-efficient and can boost a company’s profits and effectivity. At the same time, it’s important to remember that cloud storage is not 100% impervious to breaches and hacks. You need to take measures to keep your cloud-based documents and apps safe at all times and one of the best ways to do this is to partner with a reputable IT managed service in the Denver area.

Elevate specializes in offering cloud security solutions for Denver organizations, providing a wide range of tools to help you keep your IT system secure and running at an optimal speed at all times. Get in touch with us to learn more about our services or to make an appointment with one of our IT experts.

Stop Hackers Cold: Eliminate These Common Entry Points

Posted on by Elevate Services Group

 

Weak Points in Cybersecurity Hackers Love

 

Do you know where hackers are most likely to gain access to your private data? Discover the favorite entry points and how you can stop them.  

 

 

It seems like every week that there are reports of another massive data breach hitting the news. The number of users affected is almost unimaginable. Cybercriminals accessed 983 million records at Verifications.Io and 885 million records at First American Financial Corp., alone. Its scary stuff, but what’s even more terrifying is the majority of compromised companies never show up in the papers.

 

During the first half of 2019, there an average of 30 data breaches per day. So, how are hackers stealing so many records so quickly? They have their ways.

Four Places Cybercriminals Love to Steal Your Data From

 

1. Old Websites. The internet is a graveyard of abandoned and unprotected half-built sites which are the favorite hunting grounds for hackers who are on the lookout for easy and virtually risk-free hacking opportunities. Although it is true that most of these sites contain nothing more than a few email addresses and dummy accounts, every so often, a cybercriminal can strike goldmine. On occasion, legacy and demo sites for large businesses are still connected to the company’s servers and provide a nice backdoor to confidential data.

 

You can protect your business by completely removing old sites from online and limiting which sites have access to your servers.

 

2. Free Code. Many sites offer free code snippets that you can use for free on your website. All you have to do is download it and you can save hours of time and thousands of dollars. Good deal, right? Well, have you ever heard the Japanese saying, “There is nothing more expensive than something free?” When it comes to the code for your website, it is a motto you should take to heart. Using someone else’s free code for your company’s website could be the most expensive mistake you ever made. While clean, secure codes for free does exist online, the majority of what you will find is usually poorly written, and as solid as a sieve.

 

Stop hackers from using embedded backdoors in public code by not using it for mission-critical websites.

 

3. Unsecured Cloud Storage. Everyone is talking about the benefits of cloud computing and cloud storage, and it seems like businesses can’t wait to make the jump to working on the cloud. But before trusting your company’s confidential data to any third-party cloud storage solution, you better make sure the vendor has tight security. Many big-name companies like Facebook and Microsoft forgot to ensure their third-party vendors had the proper security, and the results were embarrassing and costly data breaches.

 

Carefully choose who you use for outsourcing and take an active role in protecting your data, even if it is hosted on a third-party’s server.

 

4. Unprotected APIs. Does your business use custom apps that utilize APIs? If the answer is yes, you may be exposing your confidential data to hackers without knowing it. While in-house app developers spend a great amount of time safeguarding your app itself, from exploits, the APIs you are using from an outside developer to power your app may be a gaping hole in your defense.

 

Review the end-user agreements for the APIs you use and conduct penetration tests to check for vulnerabilities.

 

In the end, protecting your data and the confidential information of your customers falls on your shoulders. No one can be perfect when it comes to online security, but every single business can do better.

Want To Drastically Enhance Your Small Business Cybersecurity?

Posted on by Elevate Services Group

 

No matter how secure you may be right now, you could always be doing more. Have you double-checked your cybersecurity lately? Review the best practices below to strengthen your small business cybersecurity.

 

When everything is going well, the last thing you want to do is think about what will happen when something goes wrong. It’s not necessary to dwell on the potential for a security disaster though – you know that it’s a possibility, so let’s just leave it at that. What’s important about this is that you know to cover your bases.

 

 

No need to assume the worst – just plan for it, so you know you’re protected. As that old saying goes, “An ounce of prevention is worth a pound of cure”.

 

Do what you need to do to “prevent” now, so you don’t have to pay for the “cure” later.

 

Use A Firewall

 

Your firewall is your first line of defense for keeping your information safe.

 

A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via hardware, software, or a combination of the two.

 

A firewall inspects and filters incoming and outgoing data in the following ways:

  • With Packet Filtering that filters incoming and outgoing data and accepts or rejects it depending on your predefined rules.
  • Via an Application Gateway that applies security to applications like Telnet (a software program that can access remote computers and terminals over the Internet, or a TCP/IP computer network) and File Transfer Protocol Servers.
  • By using a Circuit-Level Gateway when a connection such as a Transmission Control Protocol is made, and small pieces called packets are transported.
  • With Proxy Servers: Proxy servers mask your true network address and capture every message that enters or leaves your network.
  • Using Stateful Inspection or Dynamic Packet Filtering to compare a packet’s critical data parts. These are compared to a trusted information database to decide if the information is authorized.

 

Train Your Staff

 

Your staff can have a significant effect on your cybersecurity – either they know enough to keep your assets secure, or they don’t, and therefore present a serious threat to your security.

 

So, which is it? Do your employees and volunteers have the knowledge they need to spot cybercrime scams, avoid common pitfalls and keep your data secure?

 

If you’re not sure, then they may need training. Security awareness training helps your employees and volunteers know how to recognize and avoid being victimized by phishing emails and scam websites.

 

They learn how to handle security incidents when they occur. If your employees and volunteers are informed about what to watch for, how to block attempts and where they can turn for help, this alone is worth the investment.

 

How Do I Train My Employees For Cyber Security?

 

A comprehensive cybersecurity training program will teach your staff how to handle a range of potential situations:

 

  • How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
  • How to use business technology without exposing data and other assets to external threats by accident.
  • How to respond when you suspect that an attack is occurring or has occurred.

 

Strengthen Your Passwords

 

Passwords remain a go-to tool for protecting your data, applications, and workstations.

 

They also remain a common cybersecurity weakness because of the careless way employees go about trying to remember their login information. Weak passwords are easy to compromise, and if that’s all that stands between your data in the cloud and in applications, you could be at serious risk for a catastrophic breach.

 

That’s why protecting your login processes with an additional layer of security – multi-factor authentication – is recommended. Multi-factor authentication requires the user to utilize two methods to confirm that they are the rightful account owner. It is an available security feature in many popular applications and software suites.

 

There are three categories of information that can be used in this process:

 

  • Something you have: Includes a mobile phone, app, or generated code
  • Something you know: A family member’s name, city of birth, pin, or phrase
  • Something you are: Includes fingerprints and facial recognition

 

Protect Mobile Devices

 

Implement Mobile Device Management and Bring Your Own Device policies that allow employees to use their own devices in combination with the business’ without compromising your security:

 

  • Require password protection and multi-factor authentication for mobile devices.
  • Deploy remote access software that allows you to locate lost/stolen devices, and remotely wipe their data if need be.
  • Develop a whitelist of apps that are approved for business data access.

 

And don’t limit yourself to desktops, laptops, and phones – there’s more out there for you to take advantage of. Have you considered what the Internet of Things and wearable devices can do for workplace efficiency? Now’s the time to get on board – up to 20.4 billion IoT devices will be online by 2020.

 

Manage Account Lifecycles And Access

 

This is one of the more basic steps on the list, but no less important. It can’t really be automated or outsourced to any technological aids; it’s just about doing the work. You need to have a carefully implemented process to track the lifecycle of accounts on your network.

 

  • Follow a careful system for how accounts are created for new members, how their security is maintained and verified through their life, and how they are removed when no longer needed.
  • Implement secure configuration settings (complex passwords, multi-factor authentication, etc.) for all accounts.
  • Implement controls for login and use, such as lockouts for too many unsuccessful logins, unsuccessful login alerts, and automatic log-off after a period of inactivity

 

Protect Your Wireless Networks

 

Wi-Fi is a necessary part of doing business. Your staff cannot go without it, so it becomes your responsibility to make sure it’s secured, simple as that.

 

  • Turn off broadcast so that your SSID is not available for others to see.
  • Use WPA2-Enterprise security, which forces per-user authentication via RADIUS for access.
  • Double-check your radio broadcast levels at default to make sure they don’t extend outside your building.
  • Create a Guest Network that’s segmented and has a limited bandwidth so that those visiting your building don’t have any chance of access to your data.
  • Monitor your network, and log events to track any activity by your employees and other contacts with network access.

 

Limit Unnecessary Physical Access

 

Your cybersecurity measures won’t amount to much if your laptops, tablets, smartphones and other devices are left out in the open for anyone to take.

 

It’s one thing for a cybercriminal to hack into your system remotely. It can be significantly easier if they’re doing so directly on a business device.

 

  • Keep business devices under lock and key when not in use.
  • Maintain a detailed inventory of who has authorized use for specific business devices.
  • Don’t leave the login information on a sticky note on the keyboard of the device.

Follow Payment Card Best Practices

 

If you accept payment through credit and debit cards, make sure to follow established security policies and practices to mitigate any potential risks.

 

  • Work with banks and other financial industry contacts to make sure you’ve implemented the right cybersecurity tools and anti-fraud services.
  • Double-check your compliance requirements for FINRA, GLBA, and SOX.
  • Segment networks involving a point of sales and payment systems from any unnecessary aspects of your IT infrastructure. No unnecessary software or web access should overlap with these systems.