Prime Telecommunications Leverages State-of-the-Art Cybersecurity Techniques and Tools to Protect Customers

Prime Telecommunications, Inc., a leading provider of unified communications, announced today that the company is leveraging state-of-the-art cyber security techniques and tools to protect customers from cyber attacks that have become a daily occurrence in the small to mid-sized business marketplace. The company has been at the forefront of cybersecurity for many years and has taken their expertise to an entirely new level, well beyond their competition. Prime Telecommunications protects businesses from several key cybersecurity threats.

The first threat facing organizations is phishing. Phishing is essentially, using fake links to lure users into offering up sensitive information, by posing as an authority. Hackers can embed malicious links into emails, attachments or images, which usually lead to another page that requests the sensitive information, which will later be used against the user. One of the most creative ways hackers have found to attack SMBs is to call in and impersonate IT staff or Network Administrators, asking for specific information off the employee’s computer to resolve a potential “virus.” The employee will usually comply and supply the information, giving the hacker the exact keys they need to infiltrate the system.

The next area of concern is mobile security. As web traffic continues to migrate from PC to mobile, hackers have followed suit by redirecting their efforts to mobile attacks, as well. At an organization, whereby users are encouraged to BYOD (bring-your-own-device) to the network, this increases the exposure for network attack exponentially. SMBs need to be on the lookout for attacks from third party apps, mobile malware and unsecured public Wi-Fi locations. For example, employees will use their phone at an unsecured Wi-Fi hotspot to work but they won’t realize that the network is rigged to enable hackers with easy access to sensitive apps, data and information on any phones connected to that particular unsecured Wi-Fi hotspot. In many cases, users will be attacked without even realizing that the attack has happened.

The last area for an SMB to monitor is malvertising. This threat is where hackers embed malware within advertisements, landing pages or even directly on reputable websites. Sites that offer advertising on a massive scale, such as Facebook, have a tough time regulating online security throughout the buying process. Facebook can do its best to ensure that the links on Facebook aren’t malicious; however, they have no access to monitoring the pages that those advertisements lead to, once the user has left Facebook. Malvertisers can embed a code on an advertisement which leads to a dummy checkout page or a fake application page, which phishes all of the sensitive information that the hacker needs to launch an attack.

“These threats all point to the importance of SMBs consulting with an expert in the cybersecurity field,” stated Vic Levinson, President at Prime Telecommunications. “We are well-equipped to deal with threats like these, in addition to the new threats that will undoubtedly arise over the coming years. For any business that leverages technology as one of its key productivity drivers, it pays to have a team like Prime Telecommunications to face the hackers of the world.”

10 Key Considerations When Picking a Managed Security Services Provider

Once, managed security providers were small companies who offered select few larger companies the option to store their data remotely. Now, that market has grown into a widely utilized industry, where providers navigate security issues, compliance regulations, and the importance of data protection for you.

But with this burgeoning enterprise comes the difficulty of deciding between the many competent players. When choosing the company that will defend the security of your data and manage your ability to access it, it’s important to look closely at several aspects of each provider

Track Record. The ideal MSSP to handle your company’s sensitive data will be able to show a strong history of quality information management over a significant period of time.

  1. Response Time and Analysis. An MSSP must be able to easily determine security threats from false alarms. Your provider should be able to respond immediately after analyzing and interpreting large amounts of network security.
  2. Operation Centers. The best MSSP will have state-of-the-art security operations centers at multiple locations, allowing for cross-monitoring and double-checking compliance with security standards.
  3. Global Awareness. To really be prepared, security experts must be able to monitor threats to data not just domestically, but from around the world. International eyes and ears allow for proactive handling of threats and real-time alerts.
  4. High Level Management. Management personnel in the best MSSPs will often have backgrounds working in military, security, or government: an indicator of success.
  5. Range of Services. Particularly for larger businesses, MSSPs must be able to provide a variety of services, including real-time monitoring, firewall management, intrusion detection systems, virtual private networks, and more.
  6. Security Procedures. Ask for documented standards and policies that are in place, from handling of unusual operations to common threats. Look for an MSSP that offers a variety of notification options for optimal staff awareness.
  7. Third-Party Validation. Whatever these policies and procedures are, make sure that the MSSP has had them validated and certified by a third-party auditor.
  8. Range. For best brand-specific protection, find an MSSP that employs specialists who have certified experience working with a variety of security providers and in a wide range of products.
  9. Reporting. Detailed reporting is essential for a company to truly trust the MSSP. Be sure that the reports are based on information drawn from various platforms, include recommendations, are open about latest threats, and are clear about any security changes that have been made.

Your data is only as secure as the company trusted to protect it. Take your time and consider all aspects of the business and relevant details of your own company before deciding.

 

Network Security

Improving Security & Reducing the Risk of Data Breach

It’s a parallel that seems to represent a negative product of change: as technology advances, so do security threats. In a world where data breaches make headlines, security is of utmost importance—especially for companies that have critical assets such as customer data, intellectual property, or proprietary corporate data.

Despite the progress that has been made to improve security, there are still instances of data breaches over the cloud. However, by taking the right measures, businesses can utilize the cloud to prevent data breaches and reduce the inherent stress perpetuated by security threats.

Below are five tips on utilizing security in the cloud.

1)    Be aware of your cloud apps. We all love the various services that apps can provide. However, it is important to know the business readiness of app and which ones encrypt data stored on the service. It is important to know which apps render you more or less prone to a breach. If you employ cloud services, you should know exactly what is provided, and how your company utilizes them.

2) Transfer users to high-quality apps. As you already know, cloud-switching costs are minimal—which means that switching to better apps is possible. Choose apps that are best suited to your business needs; shopping around for the best apps is advised. If you stumble upon unsatisfactory apps, talk to your vendor or even switch. Our current technological makeup is dominated by a preponderance of worthy apps—utilize them.
3) Ask yourself: where is my data going? Look at your data in the cloud: review uploads, downloads, and data. Check if you have personally-identifiable information (PII) or unencrypted confidential that is in—or moving to—the cloud. Be aware of where your data is going.

4) Identify user activity. It is essential to understand not only which apps you utilize, but also your user activity. Which apps are used to share information? According to a VentureBeat study, one-fifth of tracked apps enabled sharing—ranging from customer-relationship management to finance and business intelligence. Knowing who is what sharing information—and with whom—will enable you to implement the right policies.

5) Reduce risk through granular policy. Begin with business-critical apps and implement policies that will help your business in the case of a breach. Some ideas: blockthe upload of information, block the download of PII, or block access to vulnerable apps when necessary. Preparation is key—and knowing where your information is at all times is paramount in mitigating risk.

Preventing data security breach is possible—it relies on your careful attention to cloud apps and user activity. Knowing your data is crucial in preventing risk. Analyzing your apps takes time, but is a worthwhile task. Contact us today to learn more about security and minimizing your cloud and data risks.

Get more information here!

increased_security

Plug It – But Change the Password Before You Play It!

In today’s technology environment, whether personal or business, every device and most software packages come with default passwords. When these devices are installed, users frequently leave the default passwords in place. When default passwords are left unchanged, any person with less than perfect scruples (read: MALICIOUS HACKERS) can access your device and gain access to other devices on your network.

Although it sounds absurd, many people do not think about changing their passwords on their routers, on their firewall appliances or on their MAC addressed devices. Using easily available tools on the Internet, the type of device can be easily determined. Other sites have published default passwords or administrative passwords for commonly installed devices and appliances. This potentially puts millions of devices – with IP addresses and MAC addresses- at risk for exploitation.

Some examples that you may not think about: smart TVs, gaming consoles, refrigerators, industrial control systems, business phone systems and voice mail systems. This is in addition to the regular favorites – routers, wireless access points, firewalls and computers.

According to the US Computer Emergency Readiness Team (US-CERT) a hacker with knowledge of the password and network access to a system can log in, usually with root or administrative privileges. The consequences depend on the type and use of the compromised system. Examples of incident activity involving unchanged default passwords include

  • Internet Census 2012 Carna Botnet distributed scanning
  • Fake Emergency Alert System (EAS) warnings about zombies
  • Kaiten malware and older versions of Microsoft SQL Server
  • SSH access to jailbroken Apple iPhones
  • Cisco router default Telnet and enable passwords
  • SNMP community strings

The first thing that you can do to address this problem is to always – ALWAYS- give a device a unique non default password. Recommended passwords should be strong- meaning that the include both alpha numeric characters, capitals and symbols (!,@,#,$,% & ).

If you manage technology for others – coworkers, clients, family members or friends- always enforce a password changing policy when you set up new devices. Always change passwords from default passwords.

More importantly, restrict access to your network. Make sure that only those users who should be allowed on the network are allowed on your network. With the amount of cyber attacks growing at an alarming rate, the safety of information on a network is only as good as the passwords restricting access to the network.

If you are interested in seeing how secure your network is, there are a number of legitimate sites that will show you how to scan your network for vulnerabilities and secure the access.

For more information on how you can put together all of the pieces of your business’s IT puzzle, visit http://www.primetelecommunications.com/data-solutions. Other great sources of information are the US Computer Emergency Readiness Team at http://www.us-cert.gov/ncas.

10 Steps to Recovery from a Disaster: “Hark I hear the cannons roar!”

My father once told me a story about an out of work actor. He got a one line role in a Broadway performance. He had to say “Hark, I hear the cannons roar”. He dutifully practiced his lines every day for hours until the scheduled performance. Finally, at the opening night, it’s time for him to go on stage and recite his line. He practices it once more. He goes on stage and hears a loud boom. Instead of saying his line, he says, “What the hell was that!”. Recovery from a disaster can be like that if you are not prepared. Here are some steps to mitigate the “What the hell was that” factor when disaster strikes.

• Take a quick inventory of all your IT related business processes.

This includes everything from financial applications, logistical functions, email, outward facing functions and more. Remember the regulatory /compliance environment you are in (HIPAA, PCI or Sarbanes)

• Rank them for recovery priority.

Think about which applications are necessary for your company to generate revenue or are critical to business continuity?

What data can’t your customers do without? What’s critical to running your internal accounting and finances? And what is required for compliance? Now, create a list in in descending order to establish your DR recovery sequence. This is the dress rehearsal for your performance. It makes the “what the hell was that” factor diminish significantly.

• Establish a Recovery Time Objective (RTO) for each function.

Ask yourself, “How fast do I need to recover this application?” Email and transaction based applications that people inside and outside the company depend on at all times will probably be near the top of this list, whereas applications that are less frequently accessed, such as a human resources applications, may be low on the list because they’re ancillary to your immediate business continuity requirements. Be realistic in your estimate of the recovery time objective.

• Establish a Recovery Point Objective (RPO)

How much data can you afford to lose for business process? How important is the data that you could lose? Applications related directly to business continuity, where data changes significantly every day, will top this list. Back office processes may be lower on the list. Is it a day’s worth of data? Is it an hour’s worth of data?

· Create a “Break Glass in Case of Emergency” plan. Define where you want to keep your DR data and systems.

If you are located in an area that could be hit is regional weather events like hurricanes, floods, or wild fires, then select a secondary location outside of your region that you can fail over to when disaster strike at your primary location. Your choice could include cloud-based recovery.

• Determine which of your RTOs and RPOs can be supported by your existing backup and recovery scheme.

This will allow you to figure out pretty quickly which of your processes are going to “fall through the cracks.” Certain applications, like very heavily used SQL or Exchange applications may need to be backed up even more frequently, and if your current backup scheme can’t support anything more frequent than once daily backup, you may wish to consider investing in a newer, more aggressive disaster recovery solution.

• Consider your DR options.

If your current system is not up for the job, select a Disaster recovery solution that best meets the business and recovery objectives you have developed in the previous steps of this plan (see below in the next section for more information). Once it’s installed and in production, make sure your staff is trained how to use it.

• Assign responsibilities so everyone knows what to do when a disaster strikes.

Assign everybody involved in the DR plan a specific task. Don’t expect the relevant personnel to always be at the disaster site or to be in control immediately. Implement necessary duplication and redundancy for people, just like you would do with computers.

• Test, test, test!

One of the worst feelings an IT administrator can have is discovering a backup is corrupted in a disaster recovery scenario. Why wait to find out when it’s too late to do anything about it? Test your backup data for corruption when you back it up. Newly developed software allows you to test for recoverability automatically. Use these available tools.

• Practice, practice, practice!

The more experience your team has successfully carrying out a simulated disaster recovery, the more comfortable and quick they will be to succeed when the real thing happens.
Your business is dependent on technology. Even the smallest disruption to your systems can impact operations. A backup and recovery strategy is essential, yet most companies lack the expertise or resources to implement one. With Prime’s unmetered managed backup and recovery service, our certified engineers manage the process for you. Visit us at http://www.primetelecommunications.com/backup-disaster-recovery/ to learn more.

Why Cloud Computing Offers Affordability and Agility

Hit the ball out of the park

I love sharing articles that I have read that just make sense and hit the point right away. Bernard Golden in Networkworld hit the ball out of the park yesterday.

By Bernard Golden, CIO
June 18, 2013 09:35 AM ET
CIO – When I was a kid, Miller Lite ran an endless series of commercials in which former sports greats debated the merits of the beer. One would assert that the best thing about the beer is its smooth, rich flavor. No, the other would respond, the best thing about the beer is that it’s light. They’d go back and forth:

“Tastes great!” “Less filling!” “Tastes great!” “Less filling!”

This would go on until the voiceover announcer would settle the matter by noting that what’s really great about Miller Lite was that it’s less filling and it tastes great. In other words, it was special because, unlike every other beer on the planet, it could square the circle and deliver two previously incompatible characteristics. What was fantastic about Miller Lite was that it combined two contradictory qualities: flavor and low calories.

I’m reminded of those commercials when I hear people talk about cloud computing benefits. One person will say that cloud computing is less expensive than traditional IT, contending that on-demand pricing, efficient provisioning and scale make it possible for cloud providers to deliver IT capability much less expensively than established practices.

After a couple of minutes, someone else will say, “Well, I don’t know if it’s less expensive or not, but what’s really great about cloud computing is its agility.” Because cloud providers offer self-service and immediate provisioning, companies can now respond to business opportunities or threats far more quickly than the old, manually-provisioned practices of IT can support.

Click here for the full article. It’s worth the read!

 

Are you an IITM? The VAR Guy told me that SMB’s Lose 24 Billion Dollars per Year In Productivity from Winging IT Management

This morning in our management meeting, we were discussing migrating some of our critical apps to the Cloud (onto a secure hosted platform). You would think that as a “Cloud evangelist”, I would make the decision immediately without thinking twice right? Wrong! As a responsible (read: due diligent, resource constricted, tight fisted) business owner, I feel that we need to review all of the options open to us. How much would it be if we kept the application and server in house (so I could reach out and touch it whenever I felt like modifying something or just gazing at it) versus how much would it cost to host it?  What other costs are there- beyond the apples to apples calculations of typical premise/cloud costs? It dawned on me that what is really happening is that instead of focusing on my core competency (helping my clients, sales, managing my staff, marketing – all of the things that a business owner does during the average day), I had become the defacto involuntary IT manager – or IITM. (You know I hate three and four letter acronyms- but, hey, I will use them to illustrate a point). Is there a cost for that?

I came across an article from one of my favorite columnists – The VAR Guy- and he introduced me to the IITM concept and its impact on my business. The full entry is available here: http://thevarguy.com/business-technology-solution-sales/smbs-lose-24-billion-productivity-annually-winging-it-management.

SMBs Lose $24 Billion in Productivity Annually From Winging IT Management

Tue, 2013-04-30 07:15

A new Microsoft (NASDAQ: MSFT) backed research study discovered that SMBs worldwide fritter away some $24 billion in productivity annually by assigning non-technical personnel to manage their IT environments. Read between the lines, and the study makes the case for small businesses to more effectively leverage VARs and cloud computing.

The study, conducted by researcher AMI-Partners, examined the impact of so-called involuntary IT managers (IITMs) at SMBs in North America, Latin America and EMEA tasked with handling their companies’ IT solutions. In particular, the research focused on the impact on business productivity of IITMs in the U.S., Australia, Brazil, Chile and India.

The $24 billion lost annually results directly from IITMs taking time away from primary business activities to perform IT management functions for which many are ill-prepared, according to the study’s findings. AMI surveyed 538 IITMs in small businesses with 100 employees or less and, from that data extrapolated that 3.8 million SMBs in the target countries manage IT internally with non-technical personnel.

While SMBs in the study invested $83 billion to equip their businesses with IT and communications equipment, they lost $24 billion in productivity trying to internally manage their IT environments. When asked about a solution to the problem, IITMs in the study believe that cloud-based solutions can ease some of the burden of managing IT.

“Many small businesses don’t have the budget for formal IT support, so they rely on the company’s most tech-savvy individual to manage their technology,” said Andy Bose, AMI Partners founder, chairman and chief executive. “As our research shows, relying on an Involuntary IT Manager can have an adverse impact on small businesses’ productivity, which can negatively affect revenue and translates into a very high opportunity cost.”

Other than pointing out how much productivity SMBs lose from fussing with managing IT operations on their own, the study’s findings indicated a movement to cloud services by SMBs. Indeed, some 33 percent of IITMs said they are likely to shift more IT spending toward hosted or cloud solutions while 36 percent are interested in a productivity and collaboration suite.

“The cloud when delivered right is a game-changer, providing small businesses with the IT solutions they need to solve their most challenging small-business technology concerns,” said Thomas Hansen, Microsoft SMB worldwide vice president.

Some highlights of the study’s findings:

  • On average, IITMs lose about 300 hours per year of business productivity while managing IT
  • 36 percent of IITMs feel that IT management is a nuisance
  • 26 percent indicated they don’t feel qualified to manage IT
  • 60 percent of IITMs want to simplify their company’s technology solutions to alleviate the difficulty of managing IT day-to-day

 

PS-ALI Do I need it? Getting it for free.

I received an email from user who is having some problems interfacing with his carrier regarding PS ALI service, and was starting to question if his information was incorrect, or had he reached a customer service representative that was talking about a subject they really knew nothing about. Since I do run into this from time to time throughout the year, I thought it would be appropriate to provide a rundown on PS ALI for my readers.

Before we dive into the complexities of ANI and ALI, let’s put some definitions around what were talking about.

By definition, ANI is the telephone number associated with the access line from which a call originates. It is used by the PSAP to retrieve the ALI of the caller. ALI is the automatic display of the PSAP of the caller’s telephone number, the address or location of the telephone, and supplementary emergency services information of the location from which the call originates.

Private Switch ALI, also known as PS ALI, is a service option which provides enhanced 911 features for telephone stations behind private switches. E.g. PBXs.
But, do I need PS ALI?

This is where the confusion comes in the play. Let’s assume that, legally, every real telephone number is entitled to its own ANI and ALI record. ANI and ALI records are managed by the dial tone providers, such as the LECs. Changes and updates are provided to the Database Management Service Provider (DBMSP) through Service Order Input (SOI) transactions, which is a file of completed service order updates sent to the DBMSP by all service providers.

As you would expect, NENA has defined the standard formats and protocols for ALI data exchange, ALI response and GIS mapping, and makes that information available in the NENA 02-010 document,

Referring to the NENA 1.0 data format structure, the record is a 240 character fixed length record, and positions 108 through 127 provide 20 freeform alphanumeric characters that can describe location. Under the NENA 2.1 data format structure, this 512 byte record allows for 60 characters in positions 128 through 187.

This example is your primary argument to your LEC that you are only asking them to perform a service that they are mandated to provide using the standard mechanisms already in place.

What they will try to sell you at this point, is their service, which allows you to manage your records in the database. This is commonly referred to as PS ALI, but is often marketed under localized service names such as Pinpoint, PS ALI Connect and various others. The services, as well as their monthly recurring fees, provide customers with the GUI that enables them to manage their entries, and even update the location field in the records.

So your question back to the LEC is “Why should I pay for the ability to update a database that I will never update?” and “Aren’t you already being paid to handle 911?”

The line I like to use on the customer service rep is “I’m already paying you a monthly fee for 911 services on my phone bill. But if I don’t want to manage my numbers, and the information is going to remain static, why again do you need to bill me more money?” I then like to remind them that the telephone number they provide to my home address as specific address information on it, and yet I don’t have to maintain PS ALI service for that. At some point in time, you’ll get escalated to a supervisor, and at that point, you use the exact same logic on them, until they agree to provide you with access to make a one-time update to an existing record, or they escalate you further up the chain.

At some point, you’re bound to reach either someone that knows what they’re talking about and can fix the problem for you, or you’re going to get someone to just make the change.

So in the end, your argument points are:

  • You are already paying monthly service charges for E911 on all of your numbers
  • You are asking for the ability to make sure that the information associated with each of those numbers is correct.
  • You are not asking for a system to manage those records on a daily basis
  • If the LEC refuses to correct the information, ask them to provide you with a liability waiver that states they acknowledge your concern about location granularity, the fact that their database is not correct, and that they are refusing to assist you to fix the problem.

Document everyone you speak with, and keep a journal entry, including any research that you do on the Internet, including this blog. If you can’t convince your local carrier to play nice in the sandbox, at least you’ll have a nice discovery file to hand to your lawyer.