Password complexity – why all the hoopla?
Since data is king, your passwords can be one of the main barriers between hackers and your assets, your reputation, and your personally identifiable information.
So, if you’re still using simple passwords just so you’ll be able to remember them, well, you’re doing yourself a huge disservice.
Dictionary and brute force attacks
Besides using phishing and other deceptive tactics to obtain credentials, hackers can use brute force attacks, which attempt to defeat an authentication mechanism with a barrage of possible passwords. Dictionary attacks, a form of brute force, use password possibilities that can be more likely to succeed; these are based off such things as dictionary words and previously used passwords.
So, depending on the complexity of the password, just how long would it take a hacker to break into your account? Below are some sample password complexities with an estimated time it would take to brute force them.
It’s important to remember this is just a guide. For instance, although the following password is technically complex, it won’t keep the hackers out for very long:
PassWord123456!
So, creating a fundamentally simple password that barely satisfies the complexity requirements is not a smart thing to do – and it’s vital to be smart with your passwords!
Fortunately, many apps and sites can gauge the strength of your passwords during account creation, providing useful guidance and comfort.
But as we all know, having too many accounts and associated complex passwords can be hard to manage. Some will start recycling these complex passwords or even share with co-workers. A password manager may help.
Thinking of using a password manager?
Have too many password to keep up with? A password manager may be a useful tool to help you keep up with all the complex passwords you’ve concocted.
But, you know what they say: Beware of putting all your eggs in one basket.
Learn the benefits and possible drawbacks of using password managers in this article from Thrive. Although the article is written for medical practices, the general tips and information in it are applicable to a wide variety of industries.
Connect with us on social media to stay informed of the latest threats and top tips, and be sure to regularly check the Thrive blog for new articles on cybersecurity and IT.
Password Managers – 4 Reasons You Should Use One for Your Medical Practice
Are you considering using a password manager?
When you think about it, a password can be the barrier that stands between a hacker and your important data, patient information, or even unwanted entry into your medical practice’s network.
Sure, there are several things you can employ to make it harder for cybercriminals, including multi-factor authentication. But the password is the primary obstacle.
Too many passwords to remember
Many people are aware they need to be creating and using complex passwords – but in reality, many aren’t doing this. Why?
Most business workers have to juggle numerous passwords just to maintain their job functions. Add to that all the other passwords they have to keep in mind from outside of work, and that typically equates to a large number of credentials to memorize.
Practice managers and physicians have a high responsibility to ensure they have hard-to-penetrate accounts and computers. Their systems have all manner of sensitive data, such as patient histories, medical billing information, personally identifiable information (PII), and more. You don’t want any of these getting into the wrong hands.
It’s no wonder password managers are gaining popularity. A password manager is an application that securely stores your passwords.
Here are 4 reasons why you might consider using a password manager for your medical office.
1. Password managers enable you and your staff to effortless wield complex passwords
When you have to memorize a password, many people will use strings of words or things they can remember – passwords a hacker may be able overcome with time or ingenuity.
With a password manager, you can use a computer-generated string of unrelated characters that can be nigh impossible to beat.
Medical practices can be big targets for cyber criminals. Stronger passwords across the board can help harden your overall cybersecurity.
2. Password managers can help cut down on password sharing
Does your staff members share passwords? This study regarding sharing credentials in electronic medical records seems to indicate that it may very well be an issue. Over 70% of respondents in that survey indicated they used a password from a fellow medical staff member.
With proper use of a password manager, your staff can be more confident in using their own credentials for EMR and other medical areas and functions.
3. Password managers help users maintain unique passwords for each of their accounts
As you get your staff (and yourself) to start using more complex passwords, you may start to reuse these complex passwords across more than one account because it’s just so hard to remember these longer passwords. This, of course, is not recommended.
If a cyber criminal gets a hold of one of these passwords on the dark web or some other means, they would be able to access your other accounts where you recycled the password.
By using a password manager, you can keep a completely unique set of passwords.
4. Less fumbling for passwords and password resets
It’s inevitable. You forget a password. At the most inopportune moment.
You try several incorrect passwords. Perhaps you lock yourself out of the account.
A password manager can simplify the process and allow you to remember just one set of credentials for all your work. As you go through your day and need to access multiple systems and applications, you can do so more confidently and securely, with less hiccups.
With great convenience comes some risk
Thinking about using password managers for your medical practice?
A password manager can certainly be a boon to your practice. But, as they say, be careful when you put all your eggs in one basket.
Be sure to have a very secure password for your password manager account. And, of course, make sure you can remember this master password and associated security keys.
If you do lose access, there should be a password reset feature, but it can be a bit of a headache.
Ready to use a password manager?
There are multiple password manager applications to choose from, and browsers can have their own. These can certainly make it easier to navigate through your day-to-day at the your practice, but be sure to weigh the risks and keep the drawbacks in mind as you evaluate whether to use password managers.
Whichever way you go, just remember that good passwords are paramount to the health of your practice’s network.
Business Email Compromise Schemes: 5 Ways to Stay Safe From ThemBusiness email compromise schemes sound like something you’d never fall for. But it happens. A lot.
Business email compromise (or BEC) occurs when a scammer targets a business or individual In order to fraudulently transfer funds. The scammer grooms the victim via email, sophisticated social engineering, and pressure. This grooming process can continue over a couple of days or even weeks. The scammer eventually attempts to fool the victim into transferring funds into the wrong hands.
It’s happening to businesses, large and small. And there are no signs of it slowing down.
First, what is social engineering?
Social engineering is one of the keys to the success of these BEC schemes.
In order for many types of fraud to work, a type of deception known as social engineering is employed. The criminals have done their homework, and they know the ins and outs of your industry and even your particular business.
The BEC emails can look like they’re coming from a trusted business partner, a co-worker, or even the CEO of your company!
These BEC emails can have language that jives with your industry and work function. The images, names, and even email addresses may look genuine. Thus, if you’re in a hurry, multi-tasking, or otherwise preoccupied, you may be susceptible to a BEC scheme if it hits your inbox.
It can take a keen eye, patience, and a healthy dose of skepticism to stop BEC dead in its tracks.
Increased use of cryptocurrency in Business Email Compromise schemes
The FBI released a public service announcement on their Internet Crime Complaint Center website regarding their observance of increased complaints involving business email compromise schemes and cryptocurrency.
What is cryptocurrency? According to the FBI’s public service announcement:
Cryptocurrency is a form of virtual asset that uses cryptography (the use of coded messages to secure communications) to secure financial transactions and is popular among illicit actors due to the high degree of anonymity associated with it and the speed at which transactions occur.
In the article, the FBI mentions cryptocurrency first started to be identified with BEC schemes in 2018 – this involvement continued to rise through 2019, eventually reaching record highs for reported numbers in 2020.
At the end of the public service announcement, there are multiple suggestions for protecting against these business email compromise scams, all of which are applicable to just about any type of financially motivated cybersecurity scam.
Below are some key takeaways from that list.
Business Email Compromise (BEC): 5 ways to protect yourself against this menace
1. Check that URL
If there’s a link in a questionable email, make sure the URL is genuine and associated with the business. Sometimes it’s easy to tell if the email or URL are fake – it may contain unrelated words or even gobbledygook. If the URL seems genuine but you’re not sure, don’t click on the link and try to go to the site directly. You can also consult with your IT department or Managed Service Provider before taking further action.
2. Avoid providing sensitive information via email
Emails that request login information are typically fraudulent – even if they look like legitimate communication. Remember, social engineering can mask fraud attempts, making them appear to be something from your line of business or directly from your co-worker, industry partner, vendor, or boss. Email spoofing can certainly make it difficult to discern what is legitimate, as an email can very well appear to be really coming from your partner or co-worker.
3. Take advantage of two-factor authentication
Utilize two-factor or multi-factor authentication as an additional verification method for account changes. These measures are certainly becoming more prevalent as an extra layer of cybersecurity to combat increasing fraud. Remember, although there’s no single piece of hardware or software that can defend against all threats, using multiple layers of security can help thwart even the most focused cyberattacks.
4. Regularly review your financial accounts
Not monitoring your accounts? It’s a good a idea to do so. Check for anomalies – like missing deposits – to ensure nothing fraudulent is going on. As soon as you see something odd, follow up with it immediately. Don’t put off something like this.
5. Be aware!
Awareness of potential attacks like business email compromise – and other tactics and threats, like ransomware, phishing, malware, email spoofing, and more – can go a long way toward protecting your business from fraud. Ensure you and your staff stay up to date on the latest types of attacks. And always think before clicking.
Read the FBI public service announcement to learn more about business email compromise schemes, the involvement of cryptocurrency with BEC, additional tips for protecting yourself against scams like this, and some suggestions if you fall victim to a scam.
Warning: Airline Booking ScamsWith summer approaching and with more and more people getting vaccinated, it’s inevitable that the travel industry will get a jump-start.
But beware of airline booking and travel scams.
Cybercriminals are opportunists, and they will jump on any trend, whether it be a specific holiday or the emergence of a new season.
One of our team members recently got an email confirmation for tickets he booked at a major airline… Sounds exciting, right?
Only thing is, he didn’t book the tickets.
4 things to look for when examining potential airline booking scams
While the fact he didn’t book them is reason enough not to click on any links or otherwise interact with this piece of communication, there are other signs the email is fraudulent.
- URL
The URL is a convoluted version of the actual airline’s web address. This is a huge red flag. If you’re unsure if the URL is correct, don’t click within the email. Open your browser and search for the specific airline’s website. - Nonsense
When unsure about an email, look for any nonsensical things. The email is pretty clean, with no misspelled words or blatant grammatical errors. However, the disclaimer at the bottom doesn’t make any sense. It states the email is a “customer opinion survey” designed to help the company better serve its customer. This is not something that would be seen on an airline booking confirmation email. - Attachment
When you get an email with an attachment – especially when the email is unsolicited – be extremely cautious. This particular email had a Word document attached, so that is a huge red flag. Official receipts are typically not sent in a Word document file. In fact, Word documents and other Microsoft Office files are a popular vehicle for macro malware. - Branding
Yes, the fraudsters have done a good job of mimicking the branding. Graphics and logo look genuine. But a quick trip to the company’s website (typed directly in a browser, of course, and not via any clicking with the email!) and you’ll see the website has a new branding style. The one in the email looks like it’s a generation or two behind. Not exactly an easy thing to notice, but an astute eye can assist in this discovery.
What Data Availability Means and How Your Business Can Achieve It
Maintaining data availability is essential for most modern organizations today. Luckily, by following data availability best practices, your modern business can take advantage of all the benefits sufficient data availability delivers. Learn more here about what data availability is, why it’s important, and how modern businesses can achieve it to align with consumer demands and stay secure.
What is Data Availability?
Data availability is the process of ensuring that data is available to end-users and applications, when and where they need it. Availability has to do with the accessibility and continuity of information, thus accessibility is a key component. It defines the degree or extent to which data is readily usable along with the necessary IT and management procedures, tools, and technologies required to enable, manage and continue to make data available.
Why is Data Availability Important?
Data availability is critical to your business and its reputation with customers. If consumers can’t access your online presence due to a deficit of data availability, they’ll likely go to a competitor’s site.
Ensuring sufficient data availability is also a smart financial move. Every moment that you’re down, not only are the obvious costs to your business there (customer loss, reputation damage, etc..) but it also costs your employees time since they can’t get their work done. In fact, studies point to the cost of data center outages being as much as almost $8,000 per minute!
Data Availability in Cloud Computing
It might seem odd to think critically about availability in a cloud scenario as we might presume the cloud has endless capacity. After all, isn’t cloud computing a solution to availability problems?
Yes and no. Virtually all cloud providers use effective data backup and restore solutions, but backing up and restoring data is only part of what you really need. Availability is a different area of focus, as this is needed before storage can happen.
When you’re selecting a cloud provider and service package, you must first define the value of service availability to your business. Here are some questions to consider:
- Is it better to lose the data permanently or have it fall into the wrong hands? This is a balance between availability and confidentiality.
- Is keeping the data tamper-free more important than unplanned data loss? The answer helps you decide whether to focus on integrity or availability, or to balance between them.
- Are all of these decisions unacceptable, and I need absolute confidentiality, integrity, and availability? If so, plan on spending time and money to make that happen. Such comprehensive no-compromise solutions are rarely cost-effective, even in a cloud scenario.
- How long can my company operate without access to cloud data and services? This question gets right to the point. If the cloud is down, does that result in a minor inconvenience or a profit-shaking catastrophe? Would you gladly risk your data going public in order to get access restored?
Top Tips for Achieving Data Availability in Your Business
To help achieve sufficient data availability in your business, follow these best practices below:
Have a Plan
Maintaining data availability should be a central element in your company’s disaster recovery and business continuity plan. This should include RPO (recovery point objective) and RTO (recovery time objective) targets that define, respectively, exactly which data must be restored, and when it must be accessible, for operations to resume after a disruption.
Utilize Redundancy
Having backup copies of your data ensures that the failure of a storage component, or the deterioration of stored data over time, won’t result in permanent loss of the information.
Eliminate Single Points of Failure
You should not only have multiple copies of your data, but also multiple access routes to it so that the failure of any one network component, storage device, or even server won’t make the data wholly inaccessible.
Institute Automatic Failover
When an operational disruption occurs, automatic failover can ensure continuous data availability by instantly swapping in a backup to replace the affected component.
Take Advantage of Virtualization
Since storage system functionality is accessed through software and is independent of the underlying hardware, you are less vulnerable to component failures or operational disruptions in a local facility.
Use the Right Tools
Rather than attempting to increase data availability in your IT infrastructure through home-grown initiatives, employ tools specifically designed for that purpose.
Data Availability Metrics You Should Be Monitoring
There are a few essential metrics to monitor when evaluating the data availability of your operations:
1. Security Alerts
Availability isn’t just about application monitoring and recovery – it’s also about ensuring your information is protected. If you aren’t monitoring security alerts and warnings, your applications may be running perfectly while your intellectual property is being stolen.
2. Idle Connections
Idle connections suck up resources and threaten to fill database pools, congest networks, and stymie performance. Furthermore, idle connections can indicate a problem in the application layer or database configuration.
3. Long-running Queries, Commands, or Jobs
This applies not just to database queries or jobs, but also to commands and backups. These types of digital actions can be an indicator of poor system health, slow disk speeds, CPU or other resource contention, or even deeper systematic problems.
4. Disk Input/Output
Disk IO typically refers to the input/output operations of the system related to disk activity. Tracking disk I/O can help identify bottlenecks, poor hardware configurations, improperly sized disk or poorly tuned disk layouts for a given workload.
5. Memory
Memory monitoring goes beyond measuring and looking at space that’s either free or used. Monitoring memory helps you look into traffic jams or leaks, identify improperly sized systems, understand loads, and spikes. In addition, knowing about memory-intensive patterns can help you anticipate availability demands.
6. Disk Space
Disk space monitoring is available in many forms, and utilizing it as a metric can prevent unnecessary problems and costly last-minute scrambles to add more space.
7. Errors and Alerts
Errors, alerts, and recovery messages in the logs are another good metric to consider. Adding log monitoring for FATAL, PANIC, and key ERROR messages can help you identify issues that your availability solution is frequently recovering from, such as database crashes, application panics or core dumps, or fatal errors requiring a cold restart.
8. Recovery Numbers
Similar to monitoring errors and alerts, the recovery numbers can tell you a lot about the quality and status of your system’s availability. If you are averaging more than one application recovery per week, you’re likely experiencing something more than your normal availability protection. And while the recovery was successful in restarting your application or system, too many of these false or even real recoveries aren’t normal and should be investigated.
Ensure Data Availability With Help From Thrive!
Ample data availability can have a direct impact on your business’s bottom line. To ensure your data is consistently available at the required level of performance, during the typical business day or a disaster, you need a cloud solution that’s a perfect fit for your unique organization.
For all your data availability needs, turn to the experts at Thrive! Whether you need a safe and affordable journey to the cloud, or looking to migrate your data to a CJIS-compliant data center, look no further than Thrive. Contact us today!
Data Backups: 4 Reasons Why They Are Essential for Your BusinessData backups are important these days.
But before we talk about data backups, let’s answer this question: what is data? It can be your customer and patient information, QuickBooks numbers, sales analyses, product photos, videos – all the various files and bits and pieces that essentially comprise the lifeblood of your business.
Losing it can be detrimental in a number of ways , from relatively minor annoyances (accidentally deleting important work and having to backtrack) to potentially business-ending catastrophes (data breaches and theft of customer data and information).
And then there’s Mother Nature and the mortality of hardware. An unexpected flooding, natural disaster, or even sprinklers ruining your equipment could be back-breaking without any backups to restore.
Read on to see why data backups are so important in this digital age.
1. Cybersecurity risks
You hear about it in the news all the time: cyber attacks causing havoc on businesses of all sizes the world over.
Whether it’s through social engineering, phishing emails, business email compromise, ransomware, brute force attempts, or any number of attacks, hackers are after your data, plain and simple.
Cleanup after a successful attack can certainly be costly. But there are other costs, both monetary and otherwise, that business owners may not be thinking about. These include compliance violations, losses due to downtime, and a hit to one’s reputation.
The sheer number of ways your network can be attacked makes it difficult to anticipate what can come. But awareness of the threats and trends, good digital hygiene, and layered cybersecurity can all help minimize the risks.
And having good backups can be one of the best ways to deal with cybersecurity threats. After a successful attack, you will have the option to essentially go back in time and restore a stable version of your data – and get back to business!
2. Natural disaster
Human adversaries may pale in comparison to the sheer destructive capabilities of Mother Nature.
A tornado, earthquake, or other calamities may befall your facilities, and your computers may be completely destroyed. This possibility underscores the need to have not just backups, but also off-site replication. If your backups are in the same location as your data, that data can be destroyed at the same time.
In the unfortunate event of total disaster, if you have backups off-site, you’ll be able to restore your data and systems to new hardware.
3. Hardware failure
Don’t overestimate your computers and hard drives.
They aren’t invincible.
Business-critical functions, customer data, and your staff’s work can be lost if a key piece of hardware decides to finally fail.
Having your data backed up can be the perfect “insurance policy” for your computers and hardware.
4. Human error
We’ve all done it.
Accidentally deleted files. Botched an update (or neglected to do one). Caused irreparable damage to an actual piece of hardware.
Humans aren’t perfect. Backing up your important data can be the perfect failsafe for potential blunders. And blunders will happen.
Ready to get on the path to good data backups?
With so many ways for data to get damaged, deleted, or outright destroyed, it’s important for businesses of all sizes to consider data backups.
Getting on the path of data backups is just the first step. You’ll also need to ensure you use the correct type of backups.
As mentioned above, off-site replication is critical to ensuring your data doesn’t get wiped out in one fell swoop. And backup verification is crucial. You must be sure all that data you’re backing up is error-free and ready to go should you need it.
You’ll want to develop an action plan for data recovery for your business, outlining a list of possible threats, your IT assets, policies, contingency plans – basically, what you need to take care of when disaster strikes.
Because there are numerous variables to contend with and options to consider – and careful, comprehensive planning to make – many business owners are choosing managed data backups from a good managed service provider.
Get help from the data backup experts at Thrive
Thrive is an experienced MSP. We’re nationally recognized and have many years of focusing on data backups for small and medium businesses. By honing our skills in SMB and within select industries such as healthcare, manufacturing, legal, and finance, we know the ins and outs of not just data backups, but also compliance and other related, significant matters.
Ready to learn more about managed data backups? We’d love to help! Contact us today for a free backup consultation.
How Government Agencies Can Benefit from DPaaSWith growing concerns regarding data loss, an increase in the need for data backups, and complex compliance requirements for government agencies, the global data protection as a service (DPaaS) market is expanding.
While the popularity of DPaaS continues to grow among managed service providers, government agencies are also realizing that DPaaS offers numerous advantages when providing secure IT services for internal organizations. To fully take advantage of this service, learn more about what exactly DPaaS is, why the market is rapidly expanding, and how government organizations can harness its value for the best results, continue reading below.
Why is Data Protection Essential for Government Agencies?
The current IT landscape is constantly evolving, with malicious attackers continually devising new ways to attack. Data protection safeguards data from compromise, loss, or corruption, which could include virus and malware attacks, identity theft, scams, and more. Since government organizations may contain sensitive information that is not intended for the public, a security breach could put the privacy of officials, clients, and sensitive data at risk.
With ever-expanding advancements in data protection technology, malicious attackers are also developing new ways to compromise information. In the first six months of 2019 alone, data breaches exposed 4.1 billion records. Since then, the need for data protection has only grown more apparent. With the COVID-19 pandemic further accelerating cyberattacks and data breaches, government organizations need the best protection to prevent a potentially devastating attack. A recent survey found that almost half (46%) of global businesses have experienced at least one cybersecurity incident since moving to a remote workforce due to COVID-19 lockdowns, while the FBI has reported that the number of attack complaints in their Cyber Division has reached as many as 4,000 a day – a 400% increase from pre-COVID-19 months. With malicious software continuing to grow as a threat, government agencies need continuously comprehensive data protection to prevent the risk of data being compromised.
What is DPaaS?
Data protection as a service (DPaaS) is what it sounds like, a cloud-based service for protecting organizational data. With DPaaS, organizations can secure archival data for long-term retention requirements and enable quick data recovery in the event of a disruption to avoid business interruption. The service also provides enhanced security and stability for when your data is most vulnerable.
When compared to buying storage hardware and paying to keep it operational, DPaaS is an affordable option. Organizations pay a monthly subscription for the peace of mind that they have everything they need to recover their data.
How Does DPaaS Work?
DPaaS can secure sensitive information by creating copies of the data and storing it in a separate location. This can include online in the cloud, or through an external device. Providers offering DPaaS may also include additional options to enhance data protection, including VPNs, firewalls, system health monitoring, incident response, and audits.
DPaaS is ideal for organizations facing the following challenges:
- Backups often fail
- Backup windows often run into the next day
- Multiple backup solutions need to be managed
- Backup space constantly needs to be freed up
Under the umbrella of data-related as-a-service offerings includes disaster recovery as a service (DRaaS), backup as a service (BaaS), and storage as a service (STaaS). These services offer government organizations the protection they need in an increasingly unpredictable world.
Top Drivers Growing the DPaaS Market
The DPaaS market is predicted to have accelerated growth as more organizations accept the cloud and services-based storage options, as well as the continued operational challenges due to malicious attackers. The service is predicted to reach nearly $29 million by 2022, with a CAGR of 31.5% from 2016 to 2022. Several drivers of the growing global data protection services market include growing concerns of data loss, the increasing need for data backups, and the integration of recovery and backup services.
Data loss due to disruption can be devastating for government organizations in terms of costs, and the consequences from lost sensitive data. DPaaS offers tools that can prevent loss and mitigate disruptions if they indeed occur and makes retrieving earlier versions of files much more efficient when compared to traditional backup methods.
These advantages have led to the increasingly rapid adoption of cloud computing and the soaring of the DPaaS market to be a $46 billion industry by 2024. As more organizations desire management and high scalability for their services, the DPaaS market will only grow.
DPaaS Benefits for Government Agencies
Government agencies, in particular, have much to take advantage of from DPaaS services. Here are some of the benefits of choosing DPaaS for government solutions. By encompassing backup and disaster recovery, data protection, and storage, DPaaS allows for a resilient data protection approach that can be scaled as your demands evolve.
Faster Backup & Recovery Process
Whether it’s due to a natural disaster, or a malicious human actor, disruptions are inevitable. When they do happen, government agencies need to be back up and running in no time! One of the most valuable benefits DPaaS delivers is a quick and resilient backup and recovery process to avoid extended downtime. Hosted cloud backups run continuously, enabling an accurate and quick backup when needed.
Reduced Overall Costs
When budgets are tight and you need to optimize what funds you have available for IT, you want to prioritize the areas that need it most. Choosing DPaaS as a cloud-based solution from a trusted advisor is an efficient and budget-friendly option. Instead of having to allocate large portions of funds to keep off-site facilities operational, DPaaS only requires a monthly service fee charged by a provider who manages the operation – freeing up your own internal team.
Enhanced Data Protection
Choosing DPaas services from a trusted provider allows your government organization to take advantage of resilient and agile data protection. In today’s current IT climate, managing data protection is essential, but many internal teams can be overwhelmed when balancing data protection and the organization’s own strategic initiatives. Being overworked or understaffed in IT makes your entire agency vulnerable.
Depending on what your unique needs are, your DPaaS strategy can include everything from:
- Both local and remote storage hardware
- IT support
- Licensing
- Regularly scheduled test restores
- System health monitoring
- Incident response (failed jobs)
- Request response (restores)
- Software and hardware upgrades
- Co-management
- Immutable copies to prevent data loss
- Reporting
- Audits to ensure all data is protected
Additionally, choosing a DPaaS provider not only allows your government organization to enjoy secure data protection, but also receive the expertise and vigilance of IT professionals who can help with compliance concerns and expert advice regarding your data.
Leverage DPaaS Powered by Thrive in Your Government Agency!
Thrive has been supporting government agency IT needs for years. Thrive’s Data Protection as a Service offering provides backup and restore capabilities of your data that are integral to your organization, including physical, virtual, NAS, office 365, etc. Wherever you store your data – on-site, off-site, in the private or public cloud, or even in hybrid environments – Thrive can deliver the protection you need. For systems of all sizes, Thrive ensures ready, reliable access to your sensitive information.
For more information on how Thrive can provide your government organization with the data protection you need for today’s ever-evolving IT environment contact our team of experts today.
5 Key Priorities for Technology in Social HousingTransforming The Role of IT
There is definitely a need for both the perception and the role of IT to change in organisations with a greater focus on the ‘digital’ agenda rather than a traditional IT management ‘cost centre.’ It is believed that IT needs a mantra of ‘digital first.’ They have to work closely with the business to identify disjointed processes and develop ways where a digital thread can connect teams and information together to drive far more efficient ways of working.
The IT teams need to be focused on creating a foundation infrastructure that is agile and fit for purpose and that will enable their organisation to change at pace in adopting new technology that can have a transformational impact.
Accelerate Cloud & SaaS Adoption
Whereas many social housing organisations have already adopted a ‘cloud first’ approach, the migration to cloud needs to accelerate. There is a need for a clear plan for cloud that breaks the perpetual cycle of ‘capital purchase’ and moves organisations forward to a scalable and flexible utility model where they purchase IT infrastructure on a consumption model.
This plan is likely to embrace a hybrid cloud model where some legacy systems are migrated to private cloud environments while the public cloud is utilised for new applications and to provide additional capacity and capabilities.
Core Infrastructure & Security
The move to cloud combined with the fact that post pandemic we will have a more virtualised workforce, is driving the need to address core network infrastructure to ensure that digital services can be delivered where they are needed.
Social Housing organisations will need to embrace the new software-defined world where services are more agile and can adapt faster to required change. SD-WAN will play a key role in linking decentralised functions and cloud-managed wireless networks will enable estates to be connected to drive digital inclusion and support field-based workers.
Embracing Strategic Partnerships
There was recognition from all those spoken to that it is not possible to drive the rapid change needed alone. Forging strategic partnerships with managed service providers is key in order to inject specific expertise when required and augmenting often small internal teams with the skills and capacity to execute change programmes.
Having the right partners in place is key and these partners need to have invested the time to truly understand the business and bring with them the important experience of working in the Social Housing sector.
Placing ‘Agility’ First
We have learned a significant lesson in 2020 and that is the need to be agile. What has been proven over a roller-coaster of a year is that rapid change can happen, processes that were believed to be ingrained in the organisation can be adapted at pace and new more efficient ways of working can be adopted.
The level of agility that has been shown in 2020 should not be lost when our world re-emerges from the pandemic. We should continue to have the same level of ambition and match this with an appetite to change and maximise technology to enable us to be agile.
What Factors Are Hampering Digital Transformation In Social Housing?When creating our recent report on ‘The Future of Technology within Social Housing’, the people within the sector we spoke to all had an appetite for change and clear views on the critical role that technology will play in digitally transforming the sector.
Some of their thoughts and collective vision was outlined in our previous blog ‘5 Predictions for the Digital Future of Social Housing’ which definitely sets out a path of exciting times for the sector. However, there are a number of factors that we identified in our research that are hampering progress and slowing the pace at which digital transformation can be achieved.
The consensus of those we spoke to is that the sector is not moving fast enough to embrace digitalisation and maximise the full potential impact of the technology available. There are many factors that are hampering progress that starts with the executive vision and cascades all the way through to the legacy infrastructure currently in place.
Executive Vision & Direction
Change is not something that just happens; it must be driven by clear vision, it needs ‘buy-in’ from all involved and people need to be missioned and resourced to affect change. Traditionally, IT has been seen as a cost centre across the Social Housing Sector and has not had a ‘strategic’ seat on the top table. As a result, IT spend is determined by the savings it can make within its function rather than being viewed in terms of the positive impact it can have on the wider organisation and service delivery.
Aversion to Risk
A common theme running through our consultations was that the Social Housing sector is inherently risk adverse. Where some of this stems from the origins of the sector and the need to carefully manage costs and deliver immediate value for money, a string of failed technology projects across the public sector has led to a more cautious approach. Although the sector does not need to be at the bleeding edge of technology innovation, it does need to be bolder in making technology decisions. A more balanced evaluation of risk is required that considers level of investment, potential risk but, more importantly, what the investment will enable you to achieve.
Legacy Infrastructure
It is felt that legacy infrastructure in place within the social housing sector is now fundamentally holding back the digitalisation of the sector. A consultant operating in the sector speaks of 9 out of 10 issues they come across pointing back to failings in legacy infrastructure that is neither agile, nor capable of coping with the demands being placed on it. New applications are being loaded onto servers that simply do not have the power to support these and legacy networks do not have the capacity to flow the amount of data required around the organisation. Creating the scalability and agility in the underlying infrastructure is critical to enable digitalisation.
Lack of Application & Data Integration
It is often said that organisations are data rich but information poor and this is a sentiment we found within social housing. Many organisations are utilising a diverse range of applications that operate in non-integrated silos. This means that data is fragmented and cannot flow seamlessly across the organisation which is critical to digitalising tenant engagement and automating processes. There is a very real need to focus on data and creating digital threads across the organisation and turning data into insights that can affect change.
IT Mission, Mindset & Capability
Probably the most fundamental area that is holding back the digital journey in social housing which came out from our study related to IT mission, mindset and capability. One of the participants spoke of the sector having more ambition (to improve services and systems) than it has the capacity and capability. There is a view that IT need a new ‘mantra;’ a mission and mindset that moves from just ‘keeping the lights on’ to one that is focused on digital innovation.
The Social Housing sector is at a critical cross-road that it cannot ignore. To move the sector forward and achieve their aim of meeting the demand for decent homes, they need to embrace digitalisation but in order to do this, they must first address those factors that are currently holding them back.
FBI Releases Annual Internet Crime Report, Outlines Record-Breaking Year of Cybercrime Complaints and Losses Amid PandemicThe 2020 Internet Crime Report was recently released by the FBI’s Internet Crime Complaint Center.
The Internet Crime Complaint Center, or IC3, provides a way for the public to report Internet-enabled crime to the Federal Bureau of Investigation, and to also provide awareness to both the public and law enforcement.
This latest annual crime report unsurprisingly delves into the effects the global pandemic had on worldwide cybercrime activity. From the report’s introduction:
“In 2020, while the American public was focused on protecting our families from a global pandemic and helping others in need, cyber criminals took advantage of an opportunity to profit from our dependence on technology to go on an Internet crime spree. These criminals used phishing, spoofing, extortion, and various types of Internet-enabled fraud to target the most vulnerable in our society – medical workers searching for personal protective equipment, families looking for information about stimulus checks to help pay bills, and many others.”
With many people working remotely from home or otherwise more dependent on the Internet for both business and personal needs, cyber criminals certainly took advantage of this increased Internet usage.
The IC3 received the highest number of complaints in a year, with 791,790 reported criminal acts in 2020 – with losses over $4.1 billion!
Some of the prominent attacks of 2020 were:
- Business Email Compromise (BEC) attacks represent the most costly. 19,369 BEC attacks were reported via the Internet Crime Complaint Center, with a whopping total loss of approximately $1.8 billion. Learn more about Business Email Compromise attacks.
- Phishing attacks are some of the most prevalent, with 241,342 complaints entered in the IC3. The losses from these phishing attacks totaled over $54 million. Learn more about phishing.
- Ransomware continues to be a menace; there were 2,474 complaints filed through the IC3, with losses totaling over $29.1 million. Learn more about ransomware attacks.
- Elder Fraud is still plaguing seniors; victims over 60 have encountered numerous scams because criminals believe they have more financial resources. Some of the schemes targeting seniors include tech support scams, computer or home repair scams, sweepstakes and lottery scams, romance scams, and more. Complaints from seniors on the IC3 website numbered 105,301, with total losses of over $966 million.
- No cybersecurity discussion centered around 2020 would not be complete without mention of COVID-related scams. The IC3 website received 28,500 complaints surrounding these. Internet fraudsters capitalized on people and businesses trying to get coronavirus aid and economic relief. There was also plenty of opportunity for criminals to phish for personally identifiable information (PII).
“As criminals continue to evolve their game, increasing the sophistication of their social engineering and cyber scams, the harder it can become to withstand these attacks,” said Brian Walker. “Awareness of these tactics is key to defending your home and business, especially when we’re dealing with other important matters like COVID-19.”
“Keep your staff informed of the various threats,” stressed Aaron Allen. “Cybercriminals are aware that people can be the weakest link in your network security. Don’t make it easy for them!”
“And when it comes to your actual network security and cybersecurity, layers are of utmost importance,” explained Walker. “There is no single piece of hardware or software that can block every possible threat. But layering your defenses can certainly make it harder for criminals to get in.”
Read the 2020 Internet Crime Report directly on the FBI’s Internet Crime Complaint Center.