Why your small business needs a professional IT consultant

If your small business in Salt Lake City is like most, then its core proposition is not delivering top-notch IT services. If this is the case, it’s still likely that some of your first purchases would have been computers, and installing Wi-Fi routers may have been among the most critical tasks of your office setup. In other words, IT has become an indispensable business necessity, and small- and medium-sized businesses (SMBs) that plan to grow create IT strategies to make this happen.

This makes sense, considering businesses make plans for everything else, be they for marketing and sales, manufacturing, or distribution. The question then becomes, “Who creates the IT strategies?” Here are seven reasons why a professional IT consultant is the best person for the job.

IT has become an indispensable business necessity, and small- and medium-sized businesses (SMBs) that plan to grow create IT strategies to make this happen.

1. A professional IT consultant is cost-effective

For non-IT startups, a full-time IT specialist will be too costly. The specialist’s salary will likely be too high, and they won’t accomplish much since funds will be allocated to functions that directly fulfill the business’s core proposition instead of IT-centered initiatives. On the other hand, a professional IT consultant’s fees will be commensurate with the value they provide.

2. A professional IT consultant provides custom-tailored IT services

The IT needs of an online store will be different from that of a brick-and-mortar one. The first store will likely need more digital marketing tools than the second, whereas the second will require on-premises security systems more than the first store ever will.

A professional IT consultant will be able to help determine your company’s needs and recommend projects that will address those needs.

3. Professional IT consultants often offer services that help implement their recommendations

Managed IT services providers or MSPs are able to put their money where their mouths are. They are composed of teams of specialists who share decades of diverse knowledge and experience between them, which is why they can solve problems that in-house IT teams can’t. Additionally, they help businesses leverage the latest and best tech into their operations to achieve greater efficiencies, competitive advantages, and significant business growth.

4. Top-notch IT consultants are able to take the long view

More than being able to address a business’s short-term needs, professional consultants can envision how IT will support the company’s mission-vision for the long haul. With this mindset, their first projects are aimed toward creating a solid foundation upon which the business can build and grow.

5. Expert IT consultants optimize IT investments

Torn between prolonging the life of your existing IT infrastructure or installing new tech? Professional consultants will provide you with sensible options that factor in present conditions as well as considerations for the foreseeable future.

For example, sunsetting Windows 7 PCs may now be a much easier decision to make than it was a few years ago, but the tough question is what do you replace them with? Will you bring staff back to their workstations post-COVID-19 and provide them with thin or zero clients? Or will you let team members continue to work remotely and issue them laptops instead? These are the types of questions your IT consultants can help answer for you.

6. A professional IT consultant can help keep your data secure

Cybersecurity is an ever-expanding field, and in-house IT specialists will likely have difficulty keeping up since they’re bogged down by day-to-day tasks. An external IT consultant specializing in cybersecurity keeps tabs on the latest cyberthreat developments and is therefore better equipped to maintain your data’s accessibility, integrity, and security.

7. Professional IT consultants can anticipate shifts in the tech industry

With a finger on the pulse of cutting-edge IT advancements, IT consultants can anticipate trends in business technologies and advise companies accordingly.

Case in point: the Biden administration has unveiled plans to install countless roadside charging stations, while the private sector is taking care of edge computing and 5G connectivity. All of this points to the near-foregone conclusion that self-driving electric vehicles will replace combustion engine-powered vehicles in a few decades.

Beyond this, the spread of edge computing and expansion of 5G networks may mean many disruptive shifts in business, such as the increased use of land-based robots or drones for last-mile deliveries. Households, shops, and offices will have countless smart devices that collect and process data — and businesses will vie for that data to know their customers and anticipate their needs better. There are likely more disruptive developments than these, and IT consultants are the ones most capable of imagining these disruptions — as well as how your business can take advantage of them.

Businesses of all sizes in Salt Lake City trust the IT expertise of NetWize. For unparalleled professional IT consulting and services, request a free consultation or call us at 801-747-3200 today.

5 Most crucial components to include in your data backup strategy

Unless your business is a lemonade stand, your organization relies on data to operate, and losing that data may mean permanently going out of business. This is why more and more businesses in Salt Lake City and across Utah are developing and implementing their own data backup strategies. While these strategies may differ based on the company and their situation, the most effective ones all contain five crucial components.

1. On-site backups

If you’re using on-premises servers and one or more of them turn into high-tech paperweights, then having backups on-site is good practice. You can restore data immediately, or at least at much faster rates than if you used cloud or off-site tape backups most of the time. However, don’t just put all your eggs in one basket, because if an adverse event (such as severe flooding) destroys both your servers and your on-site backups, then you’ll have nothing left. This is why you also need…

2. Off-site backups

In a way, these can be thought of as backups of backups because they’re there in case the on-site backups fail. Off-site backups can be stored in the cloud or in physical media such as tape.

How many on- and off-site backups are implemented in a particular backup strategy will be different from organization to organization. However, the IT industry’s baseline standard is the 3-2-1 backup strategy. It calls for:

At least three copies of your data (i.e., the original plus two copies)
Backups stored in two different media
At least one backup kept off-site

3. Backup schedule and rotation scheme

Not all types of data are created equal. For example, customer account information tends to remain the same, which means that it does not need to be backed up often. On the other hand, GPS coordinates of goods in transit may change in real time, which means that such data needs to be backed up frequently. This is because the data will lose relevance and usefulness the staler it gets.

First in, first out (FIFO) backup rotation scheme

It is standard practice to overwrite stale data to save on backup media such as tapes. Let us say that a tape can hold a day’s worth of backup data. Having ten tapes means having backup data ten days deep. For the eleventh and every subsequent day, the newest data and files are saved on the tape holding the oldest backup. Before being overwritten, old data may be archived.

Grandfather-father-son (GFS) backup rotation scheme

FIFO is efficient, but it is vulnerable to data loss. To illustrate, if a data error is included in your backup for the day, then unless the error is caught beforehand, there is a chance that all subsequent backups will eventually contain the error.

As a safeguard against this potential outcome, you need a rotation scheme that lets you have an old but pristine (i.e., uncompromised) backup. This is what GFS is for. In a GFS scheme, instead of just doing daily FIFO backups, you will also do weekly, monthly, or other FIFO backup cycles. This means that if backups from the shortest cycle are compromised, then you’ll have backups from the longer cycles to fall back on.

4. Backup testing

To ensure the reliability of your backups, they need to be tested regularly. They must be able to restore your data to the point that they allow you to resume critical components of your operations. With that said, the testing does not only check the viability of the backups themselves, but also how quick and effective your IT staff members are in performing data recovery.

Beyond regular testing, you also need to screen your backups for malware infections prior to using them. Using compromised backups is a no-no because doing so may result in further data contamination or loss down the line.

5. Data security controls

Wherever you store your backups, you need to ensure that these remain in pristine condition. This means that backup processes must follow strict protocols. To illustrate, most procedures entail disconnecting servers from the company network and the internet to prevent backups from being tainted with false data or highly infectious malware.

Additionally, you and your third-party backup service provider must utilize security personnel, video surveillance, security checkpoints, and other means of protecting servers and other devices. Furthermore, you need to ensure power availability via uninterruptible power supplies and the like.

Last but not least, if you’re using off-site backups to restore data, you must encrypt it during transit to counter man-in-the-middle attacks.

When it comes to data backup services in Salt Lake City, no one does it better than NetWize. To learn more about our managed backup services request for a free consultation or call us at 801-747-3200 today.

Cybersecurity: Always keep in mind its human component

Protecting hardware and software against cyber threats may require a lot of highly technical skills but it is fairly straightforward, considering how direct the causal relationships are between IT vulnerabilities and data breaches. To illustrate, if a zero-day vulnerability is discovered by information security (infosec) experts, developers must find a way to patch it before cybercriminals can exploit it.

Indeed, IT departments have countless hardware and software protection tools at their disposal, such as anti-malware programs and network firewalls. However, they must always keep in mind that their biggest vulnerability by far is the human user. This is primarily due to three reasons: people make mistakes, people can be lazy, and people may not feel that they are part of the organization’s cybersecurity efforts.

People are prone to making mistakes

Fraudsters take advantage of staff members’ weaknesses all the time. For example, a phisher may send employees a fake email saying that company accounts may have been compromised in a hacking campaign. The email will go on to say that account holders must log in and change their access credentials to keep their accounts accounts safe from takeovers. Out of sheer worry, some email recipients click on the link provided and arrive at a spoofed login page.

Unbeknownst to them, as soon as they submit their login details, they’re actually handing over their credentials to the phisher. That cybercriminal will then go to the real login page, sign in using the stolen credentials, then change the username and/or password to lock the original user out of the account. The hacker is then free to pose as the victim, roam around the company network, and steal as much data as they can get their hands on.

Organizations must always keep in mind that their biggest cybersecurity vulnerability by far is the human user.

Zero trust: A way to cover people’s fallibility

There are plenty of ways to fool people, so one way to manage this risk is by minimizing the consequences of staff members falling for fraudsters’ tricks. In a zero trust security model, the organization assumes that their network has already been infiltrated, which means that mere entry no longer signifies trustworthiness.

Therefore, users who enter the network are only granted access to the data and apps they need to accomplish their tasks. This means that if a hacker overtakes a marketer’s account, they won’t be able to dive into the accounting department’s drives and steal from their folders. Rather, the hacker will be limited to what the authentic user has access to.

Machine learning-powered tools

Another way to cover for people’s fallibility is by being smarter at nipping hacking instances in the bud. To illustrate, identity and access management (IAM) programs can now identify the IP addresses of the devices on which logins are made. Thus, if a user normally logs in from Salt Lake City but suddenly pops up at Melbourne, Australia, then the IAM program can flag that instance as suspicious.

Additionally, there are now many machine learning-powered network monitoring tools that can be trained to identify normal and innocuous behaviors over time. Once behavioral baselines are established, the tools can identify suspicious activities that the IT department must investigate.

People can be lazy

There are many small things that require the barest of efforts but staff members fail to do out of sheer laziness. For instance, they’ll forget to lock their computers when they leave their workstations. This lets unauthorized users take over the station, launch browsers, and open tabs for email and other accounts that the authentic user are signed into.

At other times, people just tend to use the most convenient methods available to them. They’ll use short and easy-to-crack passwords or reuse passwords for multiple accounts if they can. And even when they’re required to change their passwords regularly, they may just use a base phrase for all of their passwords, then add month and year to make them unique from one another. While this may look ingenious at first, it actually introduces predictability. That is, if a hacker gets a hold of an expired password, they can easily guess what the current one may be.

Multi-factor authentication (MFA): Require users to submit more proofs of identity

The most popular solution to the problem of passwords is tacking on more steps during the login process. One may be asked to submit a one-time passcode from an authenticator app, or they may be asked to have their fingerprint scanned. Considering how password-based systems are currently the most prevalent identity authentication tools today, building on top of these systems is intuitively the next logical step because developing and implementing entirely new systems requires much more effort.

Passwordless authentication

As previously mentioned, it’s easier to add extra steps to existing processes, but MFA runs counter to the frictionless login experience that users want. This is why new methods such as passwordless authentication methods have been introduced, such as hardware security tokens and advanced biometrics.

People feel they’re not a part of the company’s cybersecurity efforts

According to a 2014 study, staff members often see themselves as outside of an organization’s cybersecurity efforts and are therefore lazy about cybersecurity or tend to do things without the company’s information security in mind. Reversing this mindset requires overhauling corporate culture, which is no easy feat. Another study suggests that companies need to take these five steps to improve their infosec culture:

Pre-evaluation: Analyze existing infosec policies and determine how aware employees are of such policies and infosec as a whole.
Strategic planning: Set clear metrics and targets when creating an infosec awareness program.
Operative planning: Involve managers so that security awareness and training programs become a regular part of their responsibilities. They must strategize with IT experts so that infosec becomes integral to the company’s culture.
Implementation: The steps laid out during the prior stages are executed. Actual performance metrics are recorded during this stage.
Post-implementation evaluation: Actual metrics are compared against expected results or targets to see if the organization is on track and where they must improve their efforts. Henceforth, the process of evaluation, planning, and implementation becomes cyclical.

What we’ve shown you so far is just the tip of the cybersecurity iceberg, which is why countless organizations in Salt Lake City and beyond rely on NetWize for their infosec needs. Let our IT specialists take care of your company, too. Request a FREE consultation today or call us at 801-747-3200.

3 Cybersecurity trends you can’t ignore in 2021

Now that we’re in the second quarter of 2021, it’s safe to assume that current cybersecurity trends will persist throughout the entire year. In this post, we’ll show you how these lead to grave outlooks for the rest of the year.

1. Ransomware still reigns as the top cyberthreat

For a couple of years now, businesses and institutions have been losing billions of dollars to ransomware. Just last August, the University of Utah paid a ransom of nearly half a million dollars. The payment was not for regaining locked-up data — backups took care of that — but rather to keep the school’s attackers from releasing student information online.

FYI: Here are reasons why University of Utah’s ransom payment was not a good idea:

When data has been encrypted by ransomware, the data is presumed to have been copied. Cybersecurity experts explain that ransomware gangs may use the data for spear phishing purposes or sell it on the dark web or other illegal marketplaces.
Cybercriminals are bad faith actors. It is foolish to trust that they’ll delete the data they stole just because they were paid the ransom. It is possible that cybercriminals may continue extorting victims who are willing to pay them.
Ransomware payments fund future ransomware campaigns. Running a cybercrime ring is just like running a business — investments in machines must be made and costs for human labor and utilities must be paid. Giving ransomware gangs money allows them to victimize more people.

Beyond the loss of funds, ransomware may cause loss of life as well. Personal health information is valuable to cybercriminals such as identity thieves, so ransomware gangs have been launching more and more campaigns targeting healthcare providers. In fact, one ransomware campaign in September 20, 2020 indirectly resulted in the death of a patient in Germany.

Because it was dealing with a ransomware attack that day, the Duesseldorf University Hospital had to turn away a female patient who was in urgent need of medical care. Tragically, the patient did not survive being rerouted to another hospital 30 kilometers away.

After the German police reached out to the ransomware gang, the latter withdrew their ransomware demand and gave the hospital the decryption key they needed to unlock their data. While the cybercriminals in this incident showed conscientiousness, other cybercrime rings may be far more cruel and have no qualms putting people’s lives on the line.

2. Infrastructure will be targeted by hackers

The recent attack on a water treatment facility in Oldsmar, Florida has alarmed the federal government because of how easily it was pulled off. A hacker infiltrated the plant’s control system by using TeamWeaver, a tool the plant’s engineers use to remotely monitor and adjust the facility’s machines. The hacker increased the water’s level of lye — an ingredient in drain cleaners — to lethal concentrations, but fortunately, a plant operator noticed the altered settings and manually reverted them to normal. According to state officials, if no one had caught the anomaly, hundreds of town residents would have fallen ill or died.

The attack on the water treatment facility was one of the main reasons why the US government has begun beefing up the cybersecurity of another infrastructure component: power grids. The Department of Energy will work with operators and owners so that power utility control systems are rarely connected or completely disconnected from the public internet and that no remotely issued commands will be executed. With the electric grid as its starting point, the government plans to upgrade the cybersecurity of other infrastructure sectors as well.

The US government has begun beefing up the cybersecurity of critical infrastructure by starting with power grids.

3. Some multifactor authentication (MFA) methods are being bypassed by hackers

Not all MFA methods are created equal — and cybercriminals are taking advantage of the weaker ones. SMS and automated voice call MFA are particularly vulnerable because the one-time passcodes (OTPs) they deliver aren’t encrypted. These OTPs can easily be stolen by cybercriminals via automated man-in-the-middle attacks. Additionally, in a SIM swap attack, phone network staff may be fooled into transferring a user’s phone number onto a hacker’s SIM card. Once a SIM swap is completed, OTPs meant for the authentic user are delivered to the cybercriminal instead.

If MFA methods can be bypassed, this does not look good for businesses that have come to rely on it. Institutions such as banks will have to write off unreliable MFA tech as sunk costs, and they’ll have to revamp their IT infrastructure and processes to accommodate better MFA methods.

This is why Microsoft recommends that users use hardware security keys or OTPs generated by authenticator apps instead of SMS and automated voice call MFA.

FYI: Another cybersecurity measure that Microsoft is pushing is going passwordless. Talk to our Azure specialists to learn more about Active Directory’s frictionless access methods!

NetWize is the IT partner you need to keep up with the latest and gravest of cybersecurity threats. To learn more about what we can do for you, drop us a line today or call us at 801-747-3200.