Are Hackers Costing You Money?
Findings from “The First Annual Cost of Cyber Crime Study” were published this week on InfoWorld. The article explains that the study assessed 45 U.S. organizations, and found that cyber crime (web attacks, malicious code, viruses, etc) costs each organization $3.8 million per year, on average.
An average loss of $3.8 million, per organization!
Although these numbers don’t even seem plausible, the mean loss per organization was averaged from a low of $1 million to a high of $52 million. These dollar amounts represent the cost of coping with a cyber attack, not the costs of preventative care.
The Findings
According to the study, the types of cyber crime reported included:
- Stealing Intellectual Property
- Confiscating Online Bank Accounts
- Distributing Viruses/Malware
- Leaking Confidential Business Information
So What Can I Do?
Don’t just assume a firewall and an enterprise level anti-virus system is the solution. Although highly recommended, they are only PART of the safeguards your organization’s IT Services needs to have in place to reduce the susceptibility to cyber attacks.
Your organization SHOULD have a Privacy Policy that dictates how to handle intellectual property as well as how to safeguard confidential information from being leaked.
Your organization can also hire a technician to perform services such as:
- Security Audit - installs an application on the network that is designed to identify, classify, secure, monitor and report on sensitive data.
You need to make sure all Information Technology areas in your company are safeguarded to reduce your vulnerability to cyber attacks which will save your organization a lot of money, time, and aggravation.
For Immediate Release
NSK Inc Offers Summer Support for Tufts
Tufts Health Care Institute hires NSK Inc for development work while in-house staff on leave of absence.
Boston, MA, July 26, 2010 – NSK Inc, a Boston-based IT Consulting firm has been hired by the Tufts Health Care Institute (THCI) for an eight-week project to assist with IT and web support. The in-house developer for THCI is on paternity leave this summer, and the Institute contacted NSK Inc about filling in for two months.
The relationship between the two organizations is incredibly convenient as both share office space at 75 Kneeland Street, in Boston’s Chinatown neighborhood. Currently, NSK is providing four hours of development each week. Tasks have included entering and posting HTML content in online learning resources, updating scripts, and general IT support for THCI’s courseware and registration systems.
Project manager, Steve Papaccio says, “I’m excited to continue the relationship between NSK and Tufts Health Care. THCI has developed a strong set of web resources for their users and NSK is looking forward to contributing to and supporting that effort.” THCI Director of Content Development Ralph Halpern finds contracting with NSK to be an efficient and effective way to meet the Institute’s short-term need for IT support. “The NSK staff is both highly qualified and responsive to our requests. NSK offered flexible contract terms and did a good job of coordinating the handoff of work from our staff to their experts.”
About Tufts Health Care Institute
Tufts Health Care Institute (THCI) is a not-for-profit educational organization established as a collaborative venture of Tufts University School of Medicine (TUSM) and Tufts Health Plan (THP). Located in Boston, Massachusetts, the Institute develops and coordinates a variety of accredited educational activities, including live workshops and online courses, for practicing and prospective health care professionals. The primary content focus of THCI’s training is the cross-disciplinary competencies of Systems-based Practice, Practice-based Learning and Improvement, Interpersonal and Communication Skills, and Professionalism. THCI also provides administrative and infrastructure support to the educational activities of other groups and organizations. For more information, please visit http://www.thci.org.
About NSK Inc
NSK Inc is a leader in information technology consulting, with a focus on IT management for SMB companies. Headquartered in Boston, MA with an additional office in Palo Alto, CA, the company offers a wide array of IT services for business driven information challenges. They provide service and support for small and medium-sized businesses and groups working within large organizations. NSK Inc also creates custom software products for investment banks, equity management organizations, and other specialized industry areas. For more information, please visit http://www.nskinc.com.
Press Contact
For more information, please contact:
Cathie Briggette
NSK Inc.
(p) +1 617 303-0480
(e) cathie@nskinc.com
(w) http://www.nskinc.com
Even though it may be your job to handle sensitive information, how you handle the data is just as important as how well it is secured.
One of the best ways to avoid any sort of legal snafu is to have a privacy policy in place. The policy needs to be all encompassing, meaning it covers EVERYTHING accessed on the company’s network (i.e. email, network drives, Twitter, Facebook, VPN connections from offsite, etc).
The policy should mandate guidelines of acceptable computer usage while using company resources (including all data).
Another step would be to conduct a Security Assessment and Security Audit.
- A Security Assessment identifies vulnerabilities within an organization’s infrastructure and will then recommend solutions to secure the system.
- A Security Audit installs an application on the network that is designed to identify, classify, secure, monitor and report on sensitive data. A manager is then notified every time the data is accessed so organization’s can track who is accessing sensitive data and when and where the access happens.
If you aren’t sure of your organization’s policy in regards to sensitive data, ask them. If they don’t have a policy in place – inquire about initiating one. This will help to safeguard yourself as well as the data you are in charge of.
Microsoft Extends Life of XP, Indicators Show SMBs Should Move to Windows 7
In an odd turn of events, Microsoft this week announced that Windows 7 customers (those who purchased the Professional or Enterprise versions) have the option to buy Windows XP downgrade licenses until January 2020.
Many businesses were reluctant to upgrade from Windows XP as Vista was such a train wreck of an OS (personal opinion here). Windows 7 has been on the market since October and yet almost 75% of Microsoft’s business customers still use XP.
Daniel Ruby, a research director at Chitika Inc. stated in an article from CNN that most corporations will migrate to Windows 7 within the next two years. Even though XP licenses will be available until 2020, support for the operating system (Service Pack 3) is scheduled to end in April 2014. Technical support for XP Service Pack 2 ended yesterday.
Organizations have three options now: make the switch to Windows 7 now, wait until 2014 to upgrade, or continue to use licenses until 2020. Waiting until 2020 would mean using an operating system that will have had no technical support from its parent company for at least six years. Doesn’t sound so good, does it?
SMBs (Small and Medium sized businesses) should at least start thinking about migrating to Windows 7, as they still have about another four years of technical support from Microsoft (for XP SP3) available.
There are numerous benefits of switching to Windows 7. According to an article from InformationWeek, switching to Windows 7 reduces support costs by 65%. Deployment costs for the OS are reduced by 45% (roughly $40 per user). The operating system also has more enterprise friendly features such as increased system security and easier file recovery.
Oh, and did I also mention that Windows 7 is really pretty to look at?
iBusiness
Consumers absolutely love the iPad. Music, videos, documents and eBooks are all wrapped up in a sleek and very attractive package. However, can the iPad cross over into business territory or should organizations stick to using Netbooks while on the go?
The Benefits
- Portability: The sleek, all in one design is ideal for travelers. Instead of having to balance a keyboard and screen (which is difficult to do when the person sitting in front of you insists on reclining their chair all the way back), the iPad is one screen. Oh and did I mention the iPad weighs 1.5 pounds?
- The iPad also doubles as an eReader, ideal for reviewing business reports, dissertations, and white papers, as well as newspapers and magazines.
- Battery Life: The iPad has a 10 hour battery capacity – which outshines most Netbooks, which cap out at about 8 hours.
- Surpasses Smartphones: The iPad allows users to have the portability and power of a standard Smartphone, but with a much larger workspace. Ever try to send a company wide email on a Blackberry? Your thumbs will appreciate the iPad’s virtual keyboard.
- Built in 3G – eliminates the need to be in a Wi-Fi hotspot, which means it is always connected.
The Drawbacks
- Lack of a USB Port: Easy access to a USB port is ideal for transferring large files (i.e. content heavy presentations or videos) via a flash drive. Users can purchase a “dongle” adapter that converts the iPad sync port into a USB port or upload files via a Cloud such as Dropbox, MobileMe, or Gmail.
- Lack of Integrated Video Camera: Some tout the iPad as being an oversized iPhone. Unfortunately, the iPad lacks in the telecommunications department. There is no integrated video camera that could allow for video conferencing with co-workers while telecommuting or traveling.
- Capacity and Power: The entry level iPad comes with 16gb of internal storage and a 1ghz processor. Many Netbooks come with at least 1.6ghz of power and have variable hard drive sizes that range from16 to 160 gb of storage.
- Cost: Savvy shoppers can purchase a Netbook between $200 -$300. The lowest priced iPad costs $499.
The Bottom Line
It all depends on what your organization is looking for. If a large percentage of your employees travel or telecommute, iPads may in fact be the tool of choice as portability and convenience are some of the major attributes of Apple’s latest creation. However, if your organization doesn’t host applications or files in the Cloud where users are normally tethered to their desktop, it may be better to skip the iPad and rather rely on Smartphones or other devices for quick email updates when on the go.
Protecting your "Social" Security - Part 2
Survey results from Symantec have shown that half of all social networking at work is conducted for business purposes. Although bosses may cringe to hear that 50% of social networking done in the office is for pleasure, it may come as a surprise that personal social media in the office actually increases productivity (we'll get to that in a second). Although this is good news, many organizations don't have security policies in place to safeguard company activity conducted on social networks.
The Good
A recent article in the Boston Metro reported findings from a study conducted at the University of Melbourne. Researchers found that typical 9 to 5ers who spent about a fifth of their workday using the web for personal browsing were actually more productive than those who were on the web for strictly business purposes.
The article also stated that workers should "batch" their personal activities - recommending a twenty minute session per every two hours of work for optimal productivity.
InformationWeek posted similar findings. A report from Forrester Research (conducted this past January) found that 70% of IT personnel viewed Web 2.0 and social media as having a beneficial impact on their organization's productivity. 78 % believed it helped their organization provide improved customer service. 80% thought social media had a positive impact on their company's innovation.
The Bad
According to the InformationWeek article, many organizations don't have a policy regarding social media usage. Some (about 5%) outright block access to sites such as Facebook, Twitter, and MySpace. A policy to this extreme could result in less productivity, decreases in customer service, and create a sour workplace atmosphere.
Instead, companies should provide guidelines for employees and create a way to monitor how social networking is being used during office hours.
The Ugly
Without any policies in place, an organization is susceptible to a number of attacks including clickjacking, worms, spam, and phishing that can enter their internal network via social media websites.
The Bottom Line
If your office is in the Twitterverse, using Facebook, or posting pictures to Flickr, you need to have a set of rules or regulations in place to protect not only your employees' privacy, but your organization's privacy as well.
Hybrid Clouds - The Best of Both Worlds
The Cloud, SaaS, On-Demand, Private, Public, On-Site, Off-Site
How do you make sense of all of the buzz about the Cloud?
Our whitepaper outlines the basics of Cloud Computing including the difference between Private and Public Clouds. It also introduces the combined computing power of a Hybrid Cloud solution to help you make a better informed decision on how to get your organization in the Cloud.
Click here to download your copy of "Hybrid Clouds - The Best of Both Worlds"
Private or Public Clouds?
IT Wants Them Both!
InfoWorld just published an article about a recent survey conducted by the International Data Corporation (IDC). In the survey, IDC asked IT executives if they preferred Private Clouds in comparison to Public Clouds. The results showed that many companies expect to use a combination of both Public and Private Cloud services. The mixed use of Public and Private Clouds is also referred to as a Hybrid Cloud.
With a Hybrid Cloud, an organization has their own private (internal Cloud) with services running within their firewall. However, Hybrid Clouds allow users to access data that is stored off site via a Public Cloud.
This model is beneficial when an organization wants to have control over their data storage, but needs additional space for archiving data. They have the security and supervision of the Private Cloud in their network, but can store excess data in a scalable on-demand Public Cloud.
According to Frank Gens, an IDC chief analyst, "Virtually every customer, at least from the midmarket up, will have a mix of both [Public and Private Clouds]."
Additional information about Public, Private, and Hybrid Clouds will be available next week in the whitepaper "Hybrid Clouds: The Best of Both Worlds."
The End Of The Internet?
There has been a lot of buzz from people stating we are reaching the end of the internet's capacity. To be honest, all I can ever think of is the episode of South Park where the internet access starts to dry up. In the episode, the "internet" is actually a giant Linksys router and Kyle reestablishes the internet by resetting the device. Although hilarious, the probability of the internet disappearing is pretty low (notice how I didn't say impossible).
Fiction aside, the internet is in essence a network of networks that connects computers and other devices across the globe. The internet isn't one specific device but rather a combination of billions of components. Despite its seemingly endless coverage area, a recent article from CNN.com reported that the internet may be reaching its user limits. Soon we may not be able to add more devices to the current configuration.
Here's the kicker; it all has to do with the internet's current configuration. Right now the internet runs on what is called Internet Protocol Addressing Scheme version 4 (IPv4). Within this particular set up - IPv4 only provides slightly more than four billion IP addresses because it is based on a 32-bit format. These addresses are usually represented with decimal points separating the address into four parts (i.e. 192.0.0.000).
IPv4 operates on two basic functions: addressing and fragmentation. The protocol uses the IP addresses to transmit internet datagrams to their destinations (also known as routing). Then these datagrams are fragmented and then reassembled once they reach the destination address. (More information on IPv4 operations can be found in the IETF Publication RFC 791).
Anything hosted on an IP network (computer, printer, smart phone, etc.) is assigned its own unique IP address. Thanks to advancements in technology, ownership of mobile phones, net books, Ipads, and other web enabled devices has exploded. These new devices are gobbling up IP addresses at an alarming rate.
I spoke with Senior QA Associate Apollo Catlin, at NSK Inc, and he mentioned that a smart phone itself "probably has three different IP addresses associated with it." Numerous reports have speculated that within the next two years, we will run out of IP addresses. According to Catlin, when IPv4 was first instated in the 1970's there wasn't any thought of running out of addresses as "they didn't ever think people would have a personal IP address." Back then, IPs were reserved for mainframe computers used by large organizations not individuals.
So What Can Be Done?
The most viable option is to transition from the current IPv4 configuration to IPv6. IPv6 operates on a 128-bit system meaning there are trillions of new IP addresses available under this protocol.
Unfortunately content providers are reluctant to transition to the IPv6 protocol. Catlin states that the transition would require a complete overhaul of the Internet infrastructure in that the "entire middle structure of the system needs to be replaced."
Although tedious, this transition needs to happen soon. Otherwise in a couple of years, internet access may only be available to current users as we may not have any new IP addresses to hand out. The internet is open to everyone; let's not start having to ration it out.
Store Non-Critical Data For Less Using Reduced Redundancy
One of the biggest players in the cloud computing industry is Amazon Web Services (and yes - they are related to the other "big" Amazon.com). One of their flagship products, Amazon Web Services Simple Storage Service (Amazon S3) is a public cloud data storage system. Recently, Amazon launched a new lower-cost option called Reduced Redundancy Storage (RRS) making an already flexible storage system, even more scalable for customers.
RRS enables customers to lower costs by option to store their data at lower levels of redundancy than in the standard S3 version. Due to the fact that RRS stores objects on multiple drives and that it doesn't replicate objects as often as the standard S3, it is even more cost effective.
Using RRS
RRS is not an option for critical data, but for excess files that need to be stored for compliance or archival purposes. Examples include: old CAD files, completed project data, or even document scans. Anything that isn't mission-critical can be stored (at a lower price point) using RRS.
Alexander Straffin, a Senior Help Desk Associate and Virtual Infrastructure Manager at NSK Inc,
If there is one thing I've learned from being in this industry, it is that there is no such thing as a "one size fits all" solution. Every company has its own set of specific needs and challenges. Amazon knows this, and their awareness is evident with the release of this option. They are certainly heading in the right direction by adding levels of service, and degrees of redundancy. It enables us, as IT service providers, to offer more versatile technical implementations while keeping recurring costs down. The majority of our clients don't need such high levels of redundancy with their data. Our clients tend to care much more about their bottom-line. A 30% reduction in monthly costs is VERY attractive, especially since their SLA remains the same. I feel there will be a lot of businesses that will opt for RRS