Archive for September, 2016

Employees Are Your Biggest Security Risk

Posted on: September 29th, 2016 by Jessica Diehl No Comments

Where is your biggest security risk?

The media convinces us that it is the Russian government.  Apparently, they got into the democrat’s email “system.” In a close 2nd place, we get told that “hackers” coming from the outside world traverse our firewalls and capture our data.  In third place are disasters and equipment failures.  Floods, leaks in the server room, cables get cut and access is lost all get a lot of attention from companies just like TNT.

Your biggest threat comes from within.  A 2016 study done by IBM revealed that 60% of all security attacks came from within your network.  Health care, manufacturing and financial services were particularly vulnerable.

To complicate matters, It’s not always intentional.  In fact, misaddressed emails, stolen devices, data sent to insecure home systems, and the other “oops” moments pose the same risk.  Your IT administrator’s complete access to your company’s data can turn a small mistake into a catastrophe, without ever meaning to.  In this case, intent really doesn’t matter.  Unintentional mistakes can be just as costly as malicious attacks.  And with insider threats often flying below the radar of many detection technologies, they can be particularly difficult to manage.

We suggest that you hire us to get extra help, instead of doing the same thing that you have been doing.  Here is what we will suggest

  • Guard your most prized possessions. Bad guys (even the ones working for you whom you have not yet identified) want the goods.  Identify those goods and put in the best defenses you can for them.
  • Monitor everyone, including your inner circle. Just because your peers double as friends, and you see no need not to trust, someone else might be logging on and impersonating them.  No one is above security monitoring.
  • Sweat the small stuff. New technology is exciting, but maintaining basic safeguards can have the biggest impact.  So keep applying software patches that automatically close windows, enforce strong standards for user identities and passwords, and collect all the data and forensics you can on every device that touches your network, among using other basic techniques. Train your people, test them, and then try to trick them with fake exercises. These basics require work and perseverance, but they make a tremendous impact.

TNT has offerings that assist with security of both mobile and office based devices.  Charges are per device, per month.  We can charge you a setup fee, or we can bundle it into your monthly recurring costs.  Either way, you don’t have to write big checks for IT, as you are used to.

So, when you read the next headline about a security breach by an external hacker, remember that these attacks account for less than half of the breaches out there.  And when they are successful, the hackers probably used the identity of an unsuspecting employee or contractor to make off with the goods. Take action to now to secure your organization from the inside out.

Click here to setup a meeting with our president.

Charlotte Unrest Raises Questions About Business Data Security

Posted on: September 23rd, 2016 by Jessica Diehl No Comments

*Image credit: Breitbart.com

Unrest in Charlotte is literally global news.  You have seen the pictures.  Protesters destroyed property, both public and private, in what appear to be indiscriminate acts.  According to WSOC-TV, some protesters even hacked the city website.

What is your response to this?   Most people sincerely think that they are “playing it safe,” by staying away from the disaster scene.  That is avoidance of the problem, and it is ill advised, if not even a little immature.

What if the protests come your way?  Most certainly, the damaged businesses didn’t think they were ever going to be damaged.  The Omni hotel is boarded up.  Do you think that there are contingencies in the business plan as to how to sustain revenue in those moments?

The real question is, “Are you playing it safe with your business?”   (And, let’s be honest, while large-scale violence like those in Charlotte are rare, break-ins and thefts are not.)  Specifically, what if your business got caught up in violence, and everything with flashing lights was taken or destroyed?   Pretend you have no functioning electronics in your facility, and you have to begin operations in a temporary location.  Everyone reports to someone else’s building.  And you are in charge of making sure operations continue.

How up-to-date would your data be?  Would everyone have access to everything that they needed?

Let’s start the answer to that question with another question.  What does it cost you to lose that access?  What does a lost day or a lost week of information cost you?  How important is your business data security?

It is our opinion that if you are in charge of answering these questions or making recommendations in regards to them, you are best served addressing the possibility some sort of violence will unravel your business BEFORE it happens, not afterwards.  Even the FBI has recommended companies work with security experts instead of trying to protect their data on their own.

TNT has a business data security offering that supports a loss of a single piece of equipment, or all of your equipment, in real time, in less than a single digit number of minutes.  Yes, all servers, all data, all virtual machines, running in the cloud, in minutes.  It doesn’t require very much capital expense, and it grows (or contracts) as you do.  Above all, it is cheaper than losing your business.

We have a construction customer who lost a server and its contents.  We had them operational, with all information intact, in a minute.

One minute.

Talk to us before violence invades your business.  Until then, avoidance of our unrest isn’t playing it safe.  It is avoidance of the problem, in a new format.  We can do demos for you as well as help you calculate the required return on investment to help you and your leadership see the value of protecting your information and your assets.

And, can you afford not to address it?  Your business needs to continue.

blog by: Jeff Gaura, President 

TNT President Works to Improve Minority Owned Businesses Access to Charlotte Bids

Posted on: September 15th, 2016 by Jessica Diehl No Comments

The City of Charlotte is working to ensure it’s supporting minority owned businesses to the best of its ability. As part of their efforts, they are studying what percentage of the City’s business is routed through minority owned businesses, as well as how many minority owned businesses are available in Charlotte.

The Network Team president Jeff Gaura spoke at the meeting about the challenges TNT (as a woman/minority owned business) has had working with the city.  Representatives from construction, pest control, LED lighting, and temporary staffing echoed the same issues.

Here is a transcript of Jeff’s talk.

“Thank you for creating a forum for business leaders who represent the under-represented to get a chance to voice their concerns.  None of the messages that I am presenting to you today are unique to Charlotte or our region.  Indeed, conversations such as this one are being held in municipalities around the country where there are disconnects between what we have always done and what we need to do.

It has been our experience that the City of Charlotte has spent time on trying to include MWSBE (Minority, Women, Small Business Entities) people like The Network Team via construction projects.  Construction represents a large portion of the total outlays on expenditures, and we are all grateful that the City has been able to create a program that gives us an opportunity to level the playing field.  Thank you for this.

That said, we believe that 20th century thinking with regards to information technology needs to be addressed.  Upon a recent conversation with a local project manager for a city project, we posed the question, “why isn’t information technology included in the RFP?”  Their answer was by no means scripted, but it accurately describes the geriatric culture in how IT is still viewed through 20th century glasses.

We were told that wiring in the walls is included, but nothing else.  We were told that IT, “is like furniture and wall hangings and the occupant is responsible for all of those sorts of things.”

Construction projects include all sorts of trades that are expected to be present and operating before the first full time employee enters the facility to report to work.  It is assumed that before anyone enters the building, water is running, there is power available for appliances and systems, heating and cooling are keeping the temperature regulated and the sprinkler systems that keep people safe are working.

All of these assumptions are smart and take public safety into account, but they are also very outdated.  Information technology is expected to work, Day Zero, and it is expected to be there, instantly.  Communications to support everything need to be a part of all new projects.

Can you imagine a new structure that didn’t have an Internet connection and a firewall in front of it, protecting all computer and mobile phone users from adware, ransomware and viruses?  Can you imagine a new facility that is expected to support employees for potentially multiple generations not having wi-fi in the building, all of it using a monitoring application to keep users safe?  Lastly, can you imagine a structure without a security system that includes video in appropriate locations and monitoring of key areas where access needs to be controlled?

The City has shown that they can imagine this.  These are critical Day Zero technologies that need to be in place before the first worker shows up.  However, they are not currently a part of the RFP process nor are they part of INClusion.

Well, they need to be.  Other cities have modernized their construction process to include adding critical IT services in their new construction RFPs.  Charlotte should do the same.

My 2nd point is in regards to how procurement is done.  TNT recently submitted a bid for $200K worth of networking equipment for a county entity.  We were told by our contact that we had the lower bid.  We had experience with the public entity and had proven our ability to assist with complicated networking issues.  Unfortunately, someone decided that all procurement of this nature had to use a State Level IT contract.  With good reason, public entities like the predictability of a state contract that requires no bidding.  However, this state contract discriminates against small businesses and minority owned businesses. Most importantly for all taxpayers, the state contract created a price that was approximately $40K more than our fixed price bid.

Indeed, today, there are no small or minority owned businesses on any of the state contracts that cover the technology in question.  We recommend that the City have its own IT contracts that include opportunities for The Network Team and other MWSBE to provide requested services.”

We’re eager to learn the findings of the study, and will share them once they are available.

 

Data Security: What the Hackers Know that You Don’t

Posted on: September 9th, 2016 by Jessica Diehl No Comments

This isn’t a joke about data security.

What if I gave you a link that included in it a presentation and tools that would allow you to bypass anti-virus software and internet filters at work?

Would you open it?

I asked two different TNT employees this question.  They both paused and said, “no,”

When I asked them, “why,” they couldn’t answer.  I had to answer for them.  The answer got down to two items

  • Fear: they were concerned that the worst might happen.
  • Uncertainty: They didn’t know what was there, so they didn’t want to click on it.

This is the conditioning of corporate America.  It affects small businesses as much as fortune 500 entities.  It alters the thinking of public sector employees and even IT professionals who are tasked with data security and preventing breaches from happening.

The link is real.  http://tinyurl.com/504-extra  Google it first, if you like.  There are several great resources there, all presented in English, not tech-ese (OK, some of them are for geeks).

There are some great resources about how to break into Windows devices.  I just ran a tool to hack one of our company servers as well as expose code in our router that connects to our phone lines.  Took all of about 1 minute to run the tool.  Sure, I am a techie, but I am not a security expert.

You need to prevent these “tools” from working in order to ensure data security, and there is no way you can keep up with all the recommendations.  You don’t have the ability to know when people are even trying to do these sorts of things.  When I hacked our server, I sent an instant message to our senior engineer responsible for our servers and asked him if he got anything from our server monitoring utilities that I got in without the use of any passwords.  He told me, “If no services go down on the server, I don’t get any alerts.”

Here is a real screen shot of the tools and presentations available to you.

Data Security

Hope to hear from you.

But I get it if I don’t hear from you.  “It is on someone else to deal with this.  And, it won’t happen to you.”

But if it does, I may hear from you.

But then, it would be too late, wouldn’t it.

 

by: Jeff Gaura, President