Security of technical systems and devices used in the office environment is an issue that is important to many companies. Businesses often go to great lengths to ensure that their systems are secure from external threats, yet often fail to take into account inner threats. One of the most common inner security threats is that employees have too much access to systems. A recent survey's findings have highlighted this problem too.

According to the survey, conducted by Viewfinity, 68% of the 600 IT professionals surveyed don't know who has administrative access to computers in their office. While this survey looks at the numbers from the IT viewpoint, it's highly likely that many managers don't know who has what access rights to computers.

The survey also found that 20% of all respondents noted that between 15% and 30% of users in their company had administrative rights. Is this a bad thing? Yes and no. Some users need to have full access to their systems, especially if they manage other systems, while others don't.

Is this a big deal? One of the biggest drawbacks of unnecessary access privileges is security. If users have more access than they need, the chance of a security breach is higher. For example, malware on a locked down system likely won't spread to other systems in the network without direct transmission. Similarly, if a user can't install programs because they lack the administration privileges, malware, for the most part, won't be downloaded and installed.

If a user with full administrative privileges and downloads a piece of malware, chances are high that they won't even notice it's been installed and it will be transmitted to other systems with ease. In fact, one of the main ways hackers gain access to networks is through exploitation of administrative rights. They first look for an unsecured computer with administrative rights, hack it and then follow the chain up to more vital network systems.

What can we do? While the survey was largely centered around IT professionals, business owners can learn from these findings too. They should take steps to audit their network and figure out who has access to what. Then they need to validate the findings and ensure that users have an appropriate level of access privileges. If some employees have no need to download and install programs, then they likely don't need administrative access privileges.

If this sounds like a chore, it's a good idea to work with a service provider who can help determine not only the type of access employees should have, but also the appropriate security and management that's needed to ensure a more secure organization. If you're unsure of who has access to what, please contact us, we may be able to help.

Security is a hot button issue, with nearly every company focusing on some form of security and many focusing on security related to the technology they use. This ensures company networks are secure from attack, and businesses often have drafted usage policies for employees to follow when using their computers. While this is a good step, there is one area that's usually glossed over - security of mobile devices. One common way to ensure these are secure is through the use of encryption.

Encryption is not a new concept, it's probably been used since the inception of communication. In standard terms it's the conversion of data into a form that can't be easily understood by unauthorized people. This form is commonly referred to as a ciphertext, or more commonly a cipher. Some people will call this a code, as codes are the same idea. Only the form is not meant to be secure and can be understood by other people e.g., binary code, Morse code, etc.

When data is encrypted, it can be sent to recipients, usually using normal transmission methods e.g., Internet or data connections. Upon receipt of the encrypted data, it needs to be decrypted (changed back to normal data). Decryption on mobile, and most computerized devices, is done using a key. This key is an algorithm that can understand both the encryption and normal data. It takes the encrypted data and essentially translates it to a form of data we can read or interact with.

Many businesses go to great lengths to ensure their data is encrypted both within the network, when sent amongst the network, or to trusted recipients outside the network. In a perfect world, all of your connection points - devices that connect to the network - would be secure. In the real world, employees using mobile devices that are unencrypted to store data or access company systems pose a big risk.

Take for example the CEO checking his work email on his own iDevice. Any emails sent between the company's email server and the phone's email program will usually be encrypted. However, when an attachment is opened with confidential news about an upcoming merger, a copy is usually downloaded onto the phone's memory. If the boss hasn't taken steps to encrypt the mobile device's memory, and the phone is lost then someone picking up the phone could turn it on and see this information. If the user can understand the information, they could create a ton of trouble for both companies involved.

Another scenario, one that's becoming more popular, is where the company's accountant has visited one of the increasingly popular drive-by-malware sites and malware has been installed on an unencrypted phone. The accountant might open work emails and download next quarter's financial projections, along with a document containing the password to a newly reset work account. The phone's memory is unencrypted, so the hacker who monitors the malware can come along and grab the information. Now, not only does the hacker have access to the system - through the password - they also have confidential numbers a competitor would likely pay a handsome sum for.

While these situations may seem extreme, they can and have happened. The risks can be minimized though. While the obvious answer to problems like this is to simply bar employees from accessing work systems from mobile devices, this solution runs counter to the way most people work, and will likely be largely ignored by nearly everyone.

The best solution lies in a mixture of different approaches, all centered around a solid mobile device usage plan. You should take steps to first figure out when your employees access office systems using a mobile device, why they are doing this and what are they accessing. From there it's a good idea to look into security options, vendors like us can help you with this step. It's also beneficial to establish a use policy that dictates when devices can and can't be used. Also, utilizing apps to encrypt memory on phones will help. At the very least, it's a good idea to encourage your employees to use a password on their phone.

Mobile device encryption should be an important part of your company's security plan. If you'd like to learn more, or implement a security system please contact us as we may have a solution that meets your needs.

The Internet is a magical thing; a gateway or connection to the rest of the world. Currently, the Internet is quick enough to do nearly anything without delay, and as such, companies have come to expect Internet connections to always be fast. The truth is, connection speed varies widely, and this can create problems for many companies.

Have you noticed that from time to time the Internet is a lot slower than it should be? If so, this could be because something is hogging all the bandwidth, which is the rate at which data is transferred in and out of one connection. Here are six of the most common bandwidth hogs.

1. YouTube. If you allow employees to watch YouTube or connect to other streaming services, and they are using it frequently, you’ll notice a significant decrease in overall Internet speed. Some companies have noted that 40 staff using YouTube will account for over half of the total bandwidth usage.
2. FTP sites. Some companies run FTP sites that host essential files that employees can download. When more employees are downloading/uploading files to the FTP site there’s less bandwidth available for other operations, so the Internet will be slower.
3. P2P. P2P covers a large number of aspects including video conferencing and sharing of files via programs such as BitTorrent. All P2P services use an incredibly large amount of bandwidth when in operation, slowing the Internet to a point where speeds from 10 years ago were faster.
4. Online backup. Backing up essential files will capitalize bandwidth leaving very little for other operations. It’s a good idea to conduct backups after office hours to minimize interruptions.
5. Encryption. In certain industries regulatory bodies require a certain level of encryption, or for companies to take certain steps to secure data. Any extra encryption or security features will slow sites down, however this usually cannot be avoided.
6. Spam/Virus/Malware. As many scams aim at stealing information the main way this is done is by sending the information over an Internet connection, that is your Internet connection. If you have viruses or other security threats you can guarantee that your Internet will be slower.

If you notice your Internet is slowing down at certain times, it’s a good idea to check and see if any of these six bandwidth hogs are in action. You can:

• conduct a virus scan to look for malware;
• ensure your computers aren’t backing up and if they are schedule the backup for later;
• turn off or block any and all sharing services, and schedule video conferencing for times when bandwidth isn’t needed by other functions; and,
• limit the bandwidth assigned to YouTube and other streaming services.

Before you tinker with any network connections though, it’s best to contact an expert . We may not just be able to help, but potentially provide an even better solution for you, speeding up your connection and your business success.

It seems that natural disasters are happening at a higher frequency than ever before. This could be because of climate change or the fact that news can travel around the world in seconds, or any other number of reasons. Business continuity - ensuring your business can stay operational during adverse times - should be an important part of your business. Many owners recognize this and take steps to backup their data. This is a good start, but it isn’t enough.

Here are five things you should be doing, aside from backing up your data, to ensure you're ready for anything.

• Where to work. One of the first things you should consider is where you're going to work if your office is inaccessible. Hotels, convention centers or other office buildings are viable locations. Whichever location you pick, you should pick at least two different places, as far apart as possible. You should also be sure to inform your staff and include maps of the routes to the locations you’ve chosen.
• Replacement equipment. It’s incredibly important that you know exactly what equipment you use and how integral it is to operations. For mission critical equipment (equipment your company absolutely can’t work without) you need to have a plan in place as to how you can quickly replace lost equipment, the cost of it and replacement time. For less important equipment, you should have a couple of vendors in mind.
• Communication systems. During adverse business conditions it’s vitally important that you and your employees are able to communicate both with one another and with your clients. You should look into a communication system that’s flexible, can be established wherever you are and allows you to keep your numbers. VoIP is a great system, telecommuting is another option as well.
• Coordinate staff. You’re staff drive your business, without them, your business likely won’t be able to run. With the continuity plan you develop, it’s important that you have hard and soft copies of the plan that are accessible to all staff, and staff know their role in the plan. When your plan is enacted you need to contact your staff and ensure that there aren’t any problems.
• Access to critical documents. If you have a good backup location, can set up equipment quickly and staff know their roles you may think your plan is perfect. You’re missing one key element: access to documents, employees won’t be able to work without them. It’s important to ensure that you can access your data backups, which means you should probably keep copies offsite and in the cloud if possible.

A continuity plan is important, hopefully you’ll never have to enact it. Nevertheless, you should plan for the worse. If you’re unsure of where to start, or feel your current plan is inadequate, please contact us.

Disasters happen on a daily basis. Sometimes they’re big, wiping out communities, other times they’re small, affecting one online machine or computer. No matter the size of disaster, it pays for businesses, especially small businesses, to prepare for the worst. The only problem is, many small businesses don’t prepare and pay the price.

When a disaster strikes, 25% or more of small businesses affected will fail. Why do they fail? It’s not because of defects in the physical location, it’s mainly because they didn’t take the necessary steps to ensure that their business’s technology and related data is protected.

Because the modern business relies so heavily on technology, it’s essential that businesses have a business continuity plan (BCP) to minimize the loss of vital data, or in many cases, not lose any data at all. This is an important asset that will, one day, minimize losses felt due to any type of disaster. Small business owners know this, but many don’t know where to start. If you’re one of these owners, here are six tips on how you can prepare.

1. Establish a backup regime. Data backup is one of the most important things you can do, be sure to regularly backup your corporate files, servers and user data files. A truly prepared company will have backups in a number of locations that can be easily accessed.
2. Ensure solid communication platforms. One of the first things people do in a disaster is try to communicate with each other to ensure everything is ok. You can guarantee that some customers and employees will be calling to check in, so you need to have communication lines that work.
3. Train employees. A BCP plan is useless if your employees don’t know their role in the implementation of the plan. It’s important that you train your employees on their roles, and that you communicate with them your expectations.
4. Contingency plans. Like storing your data backups, you should set up contingency plans with the involved parties in your business. You should know where to go to do your banking, what your vendors’ or suppliers’ plans are and how they affect you, and most importantly: you should have a few locations where you can set up your business if the physical property is damaged.
5. Review and practice all plans. Everything changes at one time or another, maybe an employee leaves or you adopt a new computer system. This makes it important to periodically practice your plans, review what worked and what didn’t, and update accordingly.
6. Work with an expert. Planning for disaster is a tough thing to do well, considering all the elements to focus on and work with. To ensure a viable plan for your business, working with a recovery expert can help ensure that you get a plan that works for you while taking the stress off.

If you’re worried about your business’s disaster preparedness, please contact us. We can work with you to develop a solution, or provide you with the information and contacts to set you on the right path.

Email is both a blessing and a curse. Sure it has made communication quicker and easier, but it's also a cause of undue stress. Think about how many emails you read on a daily basis, how many of them are actually high priority, and how many are spam? They usually all go into one folder - your Inbox - and you have to sort them out. Gmail users don't have to worry as they have a tool to help them sort their Inbox.

Priority Inbox is a tool that will automatically sort your Inbox, making important emails appear at the top. This makes it easier for you to sort through your emails and focus on the most important tasks.

The whole idea of Priority Inbox is that it highlights only the important emails. For example, when you get a new email that the tool deems to be a priority, it will notify you, while not showing notifications for messages that aren't a priority. This is also carried over to your mobile phone, which will only show a new email notification if a priority email comes in.

How does this work? It may seem a bit like Big Brother, but this tool watches and learns from your Gmail habits. When first activated, nothing will appear different, emails will still come in. But, Priority Inbox watches what you do with these emails. If you just delete newsletters or spam, overtime the tool will associate email from this sender as not important. On the other hand, if you reply to a sender as soon as an email comes in from them, the tool will eventually mark the sender's email as important and elevate them to the top of your Inbox.

It is important to be actively deleting/responding/opening emails as the tool learns from these actions. If you just leave a spam message in your Inbox, it won't be marked as unimportant. You should also not expect immediate results as it can take weeks or more than a month for results to show. Should Priority Inbox mark emails as important when they aren't, you can mark them as less important to move them down the inbox.

How do I set it up? To enable this app, simply hover your mouse over Inbox and click the downward facing arrow that pops-up. Select Priority Inbox and start opening/reading/replying to emails. If you want to manually mark important emails, you can press the star beside the email in your Inbox, or the big arrow below the senders name - it will turn yellow when marked as Important.

You can access your Priority Inbox at any time by clicking on Priority on the left-hand side of the Gmail window. This folder will be divided into three parts: Important (unread emails will be at the top), Starred emails below them and everything else at the bottom.

What's the best way to get Priority Inbox to learn? There are a number of things beyond simply reading/replying/deleting emails that you can do to encourage this app’s learning:

1. Set up labels and filters Labels are Gmail's version of files. You can apply labels to any email and always access them by pressing the corresponding label on the left-hand side of the Gmail window. For example you can attach an "Important customer" label to any email from a customer you deal with on a regular basis. When you click on Important Customer under your Inbox, any email with the relevant label will be shown. Filters can help you automate the application of labels.

You can set labels by:

1. Pressing More under Inbox on the left-hand vertical menu in Gmail.
2. Selecting Create new label
3. Entering a name for the label and pressing Create.

When you have an email you would like to apply a label to, you can open it and press the label button above the message and clicking the relevant label. You can apply as many as you like.

To create a filter which will automatically attach a specific label to incoming emails you:

1. Select a message from a sender that you want a label to be automatically attached to.
2. Press the More button which is located above the message, and select Filter messages like these.
3. Enter any relevant information like subject line, CC, BCC, etc. Note: This sets parameters that must be met before the filter is applied.
4. Click on Create filter with this search and followed by ticking the box beside Apply the label in the next window.
5. Press the box that says Choose label... and tick the relevant labels. Note: You can also press New Label to create a new one.
6. Click Create Filter. You can also tick the box beside the Create Filter button that says Also apply filter to XX emails, and the label will be automatically applied to existing emails that meet the parameters.

If the sender is important, also tick Always mark it as important, or Never mark it as important if they aren't important. Ticking either of these options will increase the speed with which Priority Inbox learns.

1. Actively mark emails as important/not important As stated above, if you actively mark emails as important/not important, this tool will learn quicker. You can mark messages accordingly by selecting it (click on it) and select More from the menu bar above the Inbox. Click Mark as Important or Mark as not important. This tool is great for busy managers whose Inboxes are overflowing and who find it hard/don't have the time to sort through emails. If you find that this isn't working properly, you can turn off Priority Inbox by hovering over Inbox and selecting another Inbox type. The most popular is: Unread first.

Looking for more ways how Google Apps can help you get your business under control? Contact us today.

Imagine this: it’s almost Friday, you’re scheduled to go out of town for the next two weeks on your first vacation in over three years. You wake up Friday morning with a sore throat, by Friday afternoon you are a mess. Viruses aren’t fun, they essentially render you useless, so you can imagine that’s why a devastating impact on your computer is called a virus too.The problem is, these virus terms have created some confusion over what exactly they are.

Here’s an overview of the most commonly used terms for malicious software.

Malware - Malware is a portmanteau of malicious and software. When we, or any other IT professional, talks about malware, we are generally speaking about any software that is designed to steal information, disrupt operations or gain access to a computer or network. In tech, and indeed many news articles, malware is used as a general term. It can also be referred to in legal circles as a ‘computer contaminant’.

Virus - A virus is a malicious code that is spread from one computer to another. Computer viruses are usually introduced to a system by a user downloading and opening an infected file. They can also be spread by any removable media including CDs, DVDs, USB drives, SD cards, etc. If an infected file is put onto say a USB drive, which is then plugged into a new computer and the infected file is opened, the virus will be introduced into the system. For malicious software to be labeled as a virus, it has to be spread through human action, usually in the form of the user unknowingly opening an infected file.

Trojan horse - A Trojan horse takes its name from the Greek story where a wooden horse was used to hide Greek soldiers who secretly entered Troy. In a similar way this computer virus is a program that is disguised as a useful program that when installed will do damage to your system. The severity of a Trojan horse varies from annoying to completely destructive, and while they are malicious, they will not replicate or transfer to other computers. Many modern Trojan horse programs also contain a backdoor (more on that below).

Worm - Worms are similar to a virus. In fact, many experts consider a worm to be a subclass of virus. Worms, like viruses, spread from computer to computer; the major difference being that worms can spread themselves. Computer worms also have the ability to replicate on a host system and send these copies to other users. The most common way of transmission is through email, or via a company's network, often causing computers to run slowly while using a ton of bandwidth, ultimately leading to a system crash.

Spyware - Spyware is a malware program that captures user activity and information without the user’s knowledge or consent. Some can even go so far as to capture every single keystroke a user makes - this is commonly known as a keylogger. Spyware infects computers either through user deception (i.e., “You’ve won 1,000,000,000 dollars” ads) or through exploits in programs. Some spyware has been known to redirect users to websites or even change computer settings.

Adware - The main purpose of adware is to show ads and gain the hacker ad revenue. These ads can be pop-ups, extra banners added to web browsers, or ads shown during the installation of third party software. While generally not a form of malicious software on its own, it can, and often does, come with spyware.

Rootkit - Rootkits are all about stealth. When installed they hide themselves from detection while allowing an unauthorized user to access and control your computer. Nine times out of ten, the unauthorized user will have full administrative access, which means that if they were malicious enough, they could really do some damage.

Backdoor - Backdoors are similar to Rootkits, in that they allow an unauthorized user to access your computer. Many Trojan horses install a backdoor for the hacker to access and remotely control your system.

Bug - Some users think that a bug in software is a form of malware, placed there by the developer to ruin the program or a system. In fact, bugs aren’t malware, they are an error or fault in the software’s code. It’s true that hackers have exploited bugs to infect systems, but the bug was the way in, not the malicious software itself.

In the early days of the Internet, viruses were often installed separately from Trojans and worms. With the rising complexity and effectiveness of malware prevention software, hackers have started to blend their attacks together, often using a combination of one or more types of malicious software to infect systems. These combination malware infections are normally complex, but have been incredibly effective.

While malware is usually malicious towards single users, a new form of warfare that utilizes malware has arisen. Cyberwarfare is rumored to have been used by governments and companies to steal information or completely disrupt a countries information networks. While most Cyberwarfare is conducted at the country or conglomerate organization level, it is only a matter of time before small to medium companies are targeted.

Tools like Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), which is meant to fix bugs in Internet explorer, as well as strong anti-virus measures, timely virus scans and an efficient Internet use policy will go a long way toward preventing malware from infecting your computers. If you’re worried about the security of your computers and network, please give us a shout, we may have a solution for you.

It used to be fire and thieves that destroyed or stole all your precious and important possessions. While these two things still happen, the more modern equivalent is having your various Internet accounts hacked, information deleted or confidential information stolen. There are two recent cases of this happening, both involving Apple and Apple’s products, which go to show that even Apple users can be targets.

Here’s a brief overview of the two high profile Apple security breaches and seven steps you should take to prevent these from affecting you.

Mat Honan’s problem Mat Honan is a writer for Wired, who in early August had nearly his whole digital life wiped off the map. His article on Wired is a fantastic and scary read, we highly recommend it. To summarize, he had the majority of his website accounts linked together, with one account linked to many. Hackers were able to get into his iCloud account by taking advantage of Apple’s lax password reset.

To begin with, the hacker wanted to take Honan’s Twitter account. They noticed that he had a Gmail account linked to Twitter, and from there was able to find that an Apple account was linked to the Gmail account, as a secondary account. To get access to the Apple account, they reset the password, which requires a billing address and the last 4 digits of the card registered to that account. The card number came from hacking into Honan’s Amazon account, which shows the last 4 digits of the card.

From there, it was a simple step of resetting the Apple account and shortly thereafter the Gmail password, sending the Gmail reset to the registered Apple account address (the secondary address on the Gmail account). Once in control of the Gmail account, asking Twitter to reset the password using the Gmail account and Bob’s your uncle, the hacker had access to the Twitter account.

Apple UDID leaks In early September infamous hacker group Antisec, related to the hacker group Anonymous, released over 1 million Apple UDIDs. A UDID, Unique Device Identifier, is the code Apple applies to all devices to be able to identify them. Upon the release of the UDIDs, Antisec announced that they had come from a breached laptop, owned by the FBI, and that the FBI was using the UDIDs to track users.

While it’s not known exactly where the breach came from, security experts have been able to prove, to a 98% surety rate, that the UDIDs came from Blue Toad, an app developer that had a digital breach previous to the release of the UDIDs. Blue Toad’s CEO has come forward acknowledging the leak and noted that the company is sure the info came from them, and not the FBI.

While it can be alarming that UDID were out there, users can be assured that passwords were not exposed, as the UDID tends to store information like account name, phone number and address. Yes, contact information is out there, which might raise concerns,  but don’t kid yourself, this information, or most of it, is already readily available on the Internet anyway.

With these two, fairly serious incidents, iPhone users are right to be a little wary, and should be taking steps to insure their information is secure. Related to these two events, here’s seven steps you can take to minimize the chances of this happening to you:

• Unlink all essential accounts from one another.
• Set up an email account that’s only used for other account resets.
• Regularly back up all your devices onto a secure hard disk.
• Change your password regularly and use two-factor authentication if available.
• Don’t have the same username or password for all accounts.
• If the information isn’t necessary for your account don’t provide it.
• Delete and never store any credit card numbers.

If you have any questions or concerns about the security of your accounts or systems, please don’t hesitate to call us.

Clark Kent: star reporter for the Daily Planet and always one of the first reporters to break the news. To many, Clark Kent is more commonly known as Superman. If Superman had an email address, it’d be a sure thing that he’d take steps to ensure it remains secure and out of the hands of criminals. Do you echo what superman would do and protect your email address?

Failing online protection from a superhero here’s five things you can do to ensure your email address is properly protected.

Give your email a disguise Superheros often protect their identity through the use of a disguise. We’re not saying you need to dress up in spandex, go out and search for spammers/scammers to beat down, or prevent from getting your email. Instead, you should be aware of how scammers operate - largely by writing programs that search websites for email addresses - and disguise your email from this.

Many programs look for traditional emails like imthebatman@gmail.com, so to disguise your email, spell it out: imthebatmanATgmailDOTcom or, imthebatman(DELETETHIS)@gmailDOTcom. People are smart enough to figure out that the AT and DOT are actually @, . or to delete (DELETETHIS). You’d be surprised at how much this will cut down on spam.

Protect your email’s identity Aside for a disguise, superheroes will often go to great lengths to protect their identity. You should do the same with your email address. When signing up for a new service, forum, or anything that requires a username, don’t use your email as the username. If possible, don’t use your email address at all.

You should also read the Privacy Statements of all websites you have accounts with. Yes, there is lots of legal speak and they are long, but thats to get the user to scroll to the bottom of the document and hit accept. Look for clauses regarding your email, and note any companies that say they reserve the rights to sell your email to advertisers or aren’t held liable for stolen information, as you can ensure that your email will be spammed.

Beyond that, many websites allow you to hide your email address from other users. It’s highly recommended that you do this and an option to do so can usually be found in the Account Options or Account Security sections of your user profile on websites.

Don’t respond to flashy requests When a superhero is not out fighting crime, they’re off cultivating and maintaining their alter-ego. They hardly do anything outside of their normal character, and normally won’t respond to flashy requests for super luxury balls (unless you’re Bruce Wayne or Tony Stark of course). If you get an email that sounds too good to be true, such as announcing that you’ve won something spectacular, it’s a good idea to not open or respond to it, as chances are near 100% that it’s a scam or simply aimed at getting your email address or other information.

Get your email a side-kick Some superheroes have sidekicks that help them fight crime or solve mysteries. We recommend that you get your main email a sidekick and sign up for a separate email that you use for online shopping, forum registration and basically anything that’s non-work/family/friends related.

Take a picture of your email In numerous Spider-Man story arcs, Peter Parker is tasked with taking pictures of Spider-Man. Of course, being Spider-man, all he has to do is take a picture of himself and people seem to be happy with that. As many spam programs don’t take information from pictures, it’s a good idea to make your email addresses into a picture that you place onto email signatures, or into the body of the email itself.

The easiest way to do this is open MS Paint, (if you have a windows machine), or an online image creator like pixlr and type your email address into the image, resize so it just fits the font and hit save. The best format to save it as is a .jpeg, as it can be easily read by Internet browsers and email programs. Most email programs will allow you to put an image into your signature, typically done under Settings.

You don’t have to be a superhero to protect your email, just take these precautionary steps and your important email addresses will be as safe as any superhero’s true identity. If you’d like to learn more about staying secure while surfing the Internet, please contact us, and we will come to your aid.

One of the main issues that puts off a large number of businesses is how secure their data is in the cloud. If a company uses a cloud service they have no choice but to trust the provider with their data, and recent attacks have shown that some cloud provider technology isn’t as secure as it needs to be, potentially putting your data at risk.

In this year alone, nearly every major cloud provider has had issues with their services. From natural disasters to hackers, companies have seen their data exposed or unavailable, and this isn’t the first time this has happened. In 2011, Sony Entertainment had nearly 77 million accounts hacked, exposing user’s information, Dropbox had numerous service outages, and Gmail had a 30 hour outage that resulted in 44,000 accounts being lost. The list goes on and issues since 2011 go to show that cloud providers and their systems aren’t invulnerable.

Despite numerous attacks and problems, many data centers where cloud providers have their servers are physically secure. Google’s recent security video is a good example of how secure the physical locations are.

When companies talk about cloud security however, they don’t just talk about how secure their physical location is, they also strive to protect against three other elements:

1. Service outages
2. Confidentiality of your personal information and control over who can access it
3. Privacy of banking details and other related information

By focusing on these four factors cloud providers are able to provide close to 99% security. However, many companies are still at risk when using the cloud and this risk actually comes from inside the company. Nearly every cloud service requires a password to access, but scammers know this and they can attack other services, or your company, to get you to give up your password. Once they have obtained this your data is compromised regardless of where it’s stored. This is what happened in a latest security issue with Dropbox.

If your company utilizes cloud services there are a number of things you need to be aware of when it comes to security:

• According to all cloud providers, liability for sensitive data stored in the cloud rests with your company, not the provider.
• Some cloud vendors provide reports written by a neutral third party on the security of their service. These should be taken into account when looking for a provider.
• As with anything online, you should be taking steps to backup data stored in one cloud to a secure physical location.
• You should establish a process that encourages your employees to change their passwords at least every three months.

Do you have cloud solutions in your company? If so let us know what your concerns are about security. If not, then let us know why.