What’s the difference between vulnerability testing and penetration testing?

vulnerability testingAll networks, regardless of their size, are at risk from many cyber security threats.

To successfully protect your organization from these threats, you can’t rely on a single line of defense. For example, your cybercrime protection strategy should include both vulnerability testing and penetration testing. These terms are often confused with each other, but they are quite different. As Tripwire recently reports, “It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network.”

Vulnerability Testing, Explained

Vulnerability testing is the act of identifying known vulnerabilities in your network devices including firewalls, routers, switches, servers and applications. It’s usually performed by specific software, often set to run automatically and continually (antivirus software is a form of vulnerability testing). Because the scanners rely on published and regularly updated lists of known cyberthreats, vulnerability testing will only red flag vulnerabilities that are known, and that can be fixed. As you might imagine, there are many cyberthreats that aren’t known, or have no known fix. The latter is called a “zero-day vulnerability”—a vulnerability that is discovered but does not yet have a patch (It’s called “zero day” because developers have “zero days” to fix the problem since it could immediately be exploited by hackers). Google is just one of many companies who have recently reported a “zero day” issue (they reported a vulnerability in their Chrome web browser).

Due to the scope of organizational networks, vulnerability testing may require many different automated tools to manage a company’s assets, and many of those tests will need to be product-specific. For this reason, these tests are usually installed and managed by administrators or the IT team.

Penetration Testing, Explained

While vulnerability testing looks for known network vulnerabilities, penetration testing goes beyond that, examining sloppy business processes, lax security settings, or other weaknesses that a hacker could exploit. Issues that might be found include the transmission of unencrypted passwords, password reuse and forgotten databases storing valid user credentials.

Often, these tests take the form of authorized attacks, simulated on a computer system. The tests can determine if and how effectively an attack can be stopped. They can involve a script and exploit technology and people (including phishing strategies to trick employees). While they don’t need to be conducted as often as vulnerability testing, they should be done at least once a year.

While a vulnerability scan can be automated, a penetration test requires active participation. This usually means using a third-party vendor who can mimic the actions of an external hacker. While vulnerability testing can be done relatively quickly, penetration testing can take days or even weeks. Due to their more hands-on and involved nature, penetration testing costs can be much higher than that of vulnerability testing.

Security Testing Reports

Both vulnerability testing and penetration testing will produce reports detailing the problems found. Vulnerability testing reports are long but straightforward, listing the source of the problem, a description of the problem, and remedial action, which is usually to install a patch.

The report from a penetration test, on the other hand, will list fewer items and won’t be as straightforward. The report will describe what and how the attack was performed, but exact details may be vague. A remedy will be suggested, and while that fix could be simple, such as limiting team access to certain applications, it also may require a lot of time and effort, including staff training. A strong report will provide detailed recommendations.

A Third Party Vendor You Can Trust

When choosing a third party source for penetration testing, or to set up your vulnerability testing, you will want a team with significant breadth and depth of experience, especially in your organization’s area of business. At Single Path, we work with many organizations in such a capacity, with a particular expertise in small-to-medium sized businesses and schools and school districts. Our security solutions also include security risk assessment, data loss prevention solutions and more. We can help protect your organization in many ways.

Contact us for more information!

The Google Calendar Phishing Scam, and How to Avoid It.

While there are millions of phishing scams, every now and then a particular threat emerges that does more damage (and gets more publicity) than most. The recent Google Calendar phishing scam, which first gained attention last May, is the latest to gather national attention, and hurt more people and organizations than the average cyber threat.

What is the Google Calendar Phishing Scam?

A few months ago, cybersecurity firm Kaspersky Labs revealed how scammers were weaponizing the Google Calendar and other Google services. As Wired explained in a recent article: “Phishers have realized that they can take advantage of seemingly innocuous calendar settings to plant their own events laced with phishing links on victims’ schedules.”

In the Google Calendar phishing scam, scammers send a wave of calendar event invites to Google Calendar users, where they are automatically loaded onto each calendar. That’s why so many of us use a Google Calendar: it’s easy for anyone to invite you to a meeting, from an office mate to a friend (or a scammer). Once the invite is sent, you get an automatic calendar notification which further legitimizes the phony calendar event. Spammers use the location and topic fields of those invites for enticing text, such as informing you of an award or cash payment, with a phishing link. If you click on the link you are taken to a form asking for your banking or credit card information, often to “verify your identity” before you can claim your fake reward. These same notifications may pop up on your device repeatedly, until they are clicked or deleted.

As Maria Vergelis, a security researcher at Kaspersky explains, “The ‘calendar scam’ is a very effective scheme, as currently people have more or less gotten used to receiving spam messages from e-mails or messengers and do not immediately trust them. But this may not be the case when it comes to the Calendar app, which has a main purpose to organize information rather than transfer it.”

Phishers can use the same calendar strategy to invite you to a fake meeting and send you a link “to RSVP.” As TechRadar warns, “These fake invitations could include a malicious link that could not only be used to steal login credentials (like a standard phishing attack), but also to provide other sensitive information, such as how to gain access to a building where the ‘meeting’ is due to take place.”

Google is aware of this problem and is “working diligently to resolve this issue” according its online help forum. At the moment, however, there’s no estimated timeline for when people can expect a fix. 

How to Protect Yourself from the Google Calendar Phishing Scam

Google Calendar users can protect themselves against unwanted invites that are part of the Google Calendar phishing scam through the Google Calendar app itself.

  1. In Google Calendar, click the “gear” icon on the top right and select Settings.
  2. Scroll down to Event Settings and select the option “No, only show invitations to which I’ve responded.”
  3. Also, under View Options, make sure that “Show declined events” is unchecked, so those events don’t continue to show up even after you’ve rejected them.

Unfortunately, these precautions aren’t perfect, because they limit some Google Calendar functionality, but it’s better to be safe than sorry.

What Comes Around

In 2016, Apple Calendars were affected by a ploy that was a harbinger of the Google Calendar phishing scam. During the holiday season some Apple Calendar users received a flood of spam invites to holiday sale events for major brands including Ray-Ban®. There were warnings at that time that cybercriminals could use similar methods to send phony invites with links to viruses, and for identity theft. It took a few years, but it seems those predictions were right, but with spammers using Google Calendars.

Protect Yourself with Single Path

Being smart about technology is the first step toward protecting yourself and your organization from schemes such as the Google Calendar phishing scam. For example, our earlier article Have I Been Hacked? 6 Ways to Tell If You’ve Been Hacked can help you detect if your computer has been hacked. Also, if you know how to perform a routine cyber security risk assessment, you can figure out your technology vulnerabilities, and take proactive action now. At Single Path, that’s what we do every day: give training to staff, offer numerous security solutions to stay out of cyber-trouble, and provide consulting services on how to recover when cyberattacks happen. Let us help you and your organization stay safe, and scam-free.

Ask us how to get started.

Eight Negative Impacts of Technology

Negative Impacts of TechnologyAs a company that specializes in providing digital solutions for organizations of many shapes and sizes, we often witness the excitement generated by the access to new technology. But we also see the negative impacts of technology, especially with kids. As financial company Credit Donkey warns, “In a world of instant gratification and continual distractions, technology has the ability to make users easily distracted, impatient and continually bored. Technology can also make users forget important information, communicate in shorthand, and be incapable of deep thinking.” But of the many negative impacts of technology, we believe these are the eight most important.

1. Depression and Other Mental Health Issues

A University of Michigan study found that Facebook use led to a decrease in happiness and overall life satisfaction. The cause of depression may be exaggerated expectations triggered by online reality, and unrealistic social comparisons. Says Saju Mathew, M.D., a Piedmont primary care physician, “When we get on social media, we are looking for affirmation, and consciously or not, we are comparing our life to the lives of others,” he says. “As a result, we may not enjoy what’s in the moment.”

Also, research from the University of Gothenburg in Sweden found a link between heavy cell phone use in young adults and depressive symptoms. This is what some call “Chronic Smartphone Stress,” which is caused by constant anticipation of a message, email or other notifications, and the depression that might follow from the lack of them.

2. Lack of Sleep

Most adults sleep with their cell phones nearby, and so do their children. In fact, four out of five teens sleep with their cell phones in their room, and nearly a third of them sleep with the phones on their beds. Unfortunately, as The Washington Post reports, “The blue light emitted by the screens of mobile devices has been associated with poor sleep, researchers say, but mobile devices also can cause emotional stimulation—through violent games or engaging forms of social media—that also can impair sleep or simply delay the moment when people fall asleep.” A lack of sleep impacts your health and personality.

3. ADHD

As any school administrator can tell you, there has been a tremendous rise in ADHD over the last 15 years. In fact, there has been a 43% increase in ADHD or ADD diagnoses between 2003 and 2016 according to the Center for Disease Control and Prevention (CDC). While the exact connection between technology and ADHD is incomplete, a study published in the Journal of American Medical Association reports teens who frequently use modern digital media platforms, such as social media, also show an increased risk of ADHD. And a study done at Duke University found that, at-risk adolescents experienced more conduct problems and higher ADHD symptoms on days they used technology frequently.

4. Obesity

The increased obesity in children has been well documented. According to the CDC, 18.5% of America’s youth is now considered “obese,” compared to just 5% a few decades earlier. One cause of obesity is a lack of physical activity, and children who overuse electronic devices are less physically active. While play time has been shown to improve mood and increase self-esteem, sedentary activities (such as Internet use) not only lead to decreased physical activity, but have been linked to feelings of social isolation and depression.

5. Learning Barriers

As Credit Donkey reports, “Studies show that students, and people in general, are less apt to remember information because they know they can find it within seconds online. The study also shows that students are more likely to remember where to get the information rather than remembering the information itself.”

Additionally, a survey by antivirus company McAfee found that 21% of students admitted to using their internet devices to cheat, such as by texting a friend, looking up answers or even sending pictures of their exams to others. The same survey reports that 47% of those students reported knowing someone who used a device to cheat.

While the Internet can be a great source of learning, these reports remind us that they can also be a barrier to it, and one of the negative impacts of technology.

6. Decreased Communication and Intimacy

According to a Pew Research study, 25% of married couples admit to texting each other while home at the same time. Also, 25% of couples have felt their spouse or partner was distracted by their cell phone when they were together—and that number jumps to 43% for younger adults (18 to 29-year-olds). While the study reports that 74% of adult Internet users say the Internet had a positive impact on their marriage or partnership, 20% said the Internet impact was mostly negative.

7. Cyberbullying

You may already know that cyberbullying is the use of the Internet, cell phones, video game systems or other technology to send or post messages intended to hurt or embarrass someone else. A 2007 Pew Research study found 32% of teens were victims of cyberbullying. Nearly a decade later, a 2016 study by the Cyberbullying Research Center found those numbers were nearly identical. The National Crime Prevention Council puts that number even higher, at 43%. The NCPC also reports:

  • Nearly 20 percent of teens had a cyberbully pretend to be someone else in order to trick them online or get them to reveal personal information
  • Seventeen percent of teens were victimized by someone lying about them online
  • Thirteen percent of teens learned that a cyberbully was pretending to be them while communicating with someone else

Yet only 11% of teens speak with their parents about incidents of cyberbullying.

8. Loss of Privacy

With a few clicks, anyone can discover someone’s Facebook page and collect contact information, pictures and much more. The information can then be used for hacking and viruses. Anyone with email knows that hackers are constantly scheming to get people to reveal credit card information, social security numbers and so on.

Stopping the Negative Impacts of Technology

Many of those negative impacts of technology can be avoided with better and more open communication along with increased cyber education. This not only provides a greater awareness of one’s own actions, but helps users recognize the actions of others. As a leading provider of Internet security services, as well as cloud services and other technology solutions, we see the good and bad of technology every day. Technology can be a wonderful thing, bringing people closer together, delivering a nearly unlimited access to knowledge, promoting freedom of expression and providing countless conveniences from shopping to learning. And while the pitfalls are also numerous, so are the resources available to combat them.

If you have any questions about the negative impacts of technology, please reach out to us at Single Path. As experts on cybersecurity, we are always eager to share our knowledge and advice, just as we are always delighted to discuss the many services we provide for schools and businesses.

Contact us

The 17 Best Internet Safety Tips for Children

Technology moves fast. That in itself shouldn’t be surprising, and neither should the fact that most kids know more about technology than their parents. Unfortunately, that puts many parents in the awkward position of not understanding how to protect their children from cyber issues. Knowing the most critical Internet safety tips for children can be the difference between children using the Internet safely, or leaving themselves vulnerable to those with malicious intent. Because all children are at risk.

Tips for Parents: The Top Internet Safety Tips for Children

In a 2016 survey, 40% of children reported chatting with a stranger online, with 53% of them revealing their phone numbers and 6% sharing their home addresses. Those are some scary numbers. To help keep children safe, share these top 17 Internet safety tips for children with parents: 

1-Get smart about social media
You can’t teach your kids to ride a bike if you can’t ride a bike; and you can’t expect to teach them Internet cyber safety without being familiar with the social networking sites they may use, like Facebook, Twitter, Snapchat and Instagram. Social networking sites let kids (and adults) share photos and videos, and have conversations with friends and strangers. Know how to use these sites so you can discuss them with your children.

2-Remind your children, “Don’t talk to strangers”
Kids who are wary of strangers on the street don’t always use the same precautions online. Make it clear that people often lie about themselves and their ages online, especially predators. And under no circumstances should your children ever meet up with someone they met online without your permission (and if they do meet, you should go along).

3-Teach your kids to keep personal info private
It’s important that children understand what kinds of information shouldn’t be shared, and why. For example, they should never post personal information online such as phone numbers, addresses and credit cards, all of which can be used by criminals.

4-Set rules for social media use
Establishing rules or guidelines from the start is a great way to instill positive habits for your children on social media. You don’t want to be too strict, however, or you risk them breaking the rules behind your back. These Internet safety tips for children can be a great starting point for rules.

5-Keep your computer in a common area of the house
It’s more difficult for sex offenders and online bullies to harass your children when you can see what they are doing. Don’t let your kids go to bed with their laptops and phones.

6-Be aware of every computer your children use
Your children probably use computers at their friends’ houses. Talk to their friends’ parents about how they supervise Internet use.

7-Make Internet time, family time
Browsing the Internet as a family can be fun. You’ll learn more about your kids’ interests, and can guide them to age-appropriate websites.

8-Know their passwords
Help your kids set up their social media and email accounts, and make sure to get their passwords. Always be up front with your kids and let them know you might use their passwords to check out their conversations. You don’t want them to lose their trust in you by discovering you are secretly spying on them.

9-Watch for changes in their behavior
Look for signs that an online sex offender is preying on your kids, or signs your children are victims of cyberbullying. These signs include secrecy about what they do online, withdrawing from the family, and negative personality changes.

10-Look for unexpected gifts to your children
Sexual predators may send letters, photos or gifts to kids to seduce them. Ask your kids about any new toys or electronics they suddenly bring home.

11-Check your children’s browsing history
Open your children’s web browsers and look for “History.” This will show a list of websites they’ve visited. Also check their “Trash” or “Recycle” bins to see what files have been deleted.

12-Set rules, and enforce them
Don’t wait until something bad happens to start creating guidelines for your kids. Rules may include limiting their screen time and limiting what sites they can visit.

13-Keep an open conversation
Your kids could accidentally stumble upon a bad site, even if they’re doing everything right. Get your kids in the habit of talking to you about what they’re doing online, and they will be more likely to come to you if there’s a problem.

14-Protect your computer
Hackers can compromise your computer system and steal your family’s financial security and other private information. Regularly updating software on your phone or home computer can protect your family against scammers and other cyber threats.

15-Teach positive Internet behavior
Just like you don’t want other kids or people behaving inappropriately online to your kids, teach your children good habits. Talk to them about cyberbullying, and why it’s wrong. Discuss why certain posts can be hurtful. Also, if your children are aware of the signs of cyberbullying, they will be more likely to identify it and come to you if it happens to them, or to a friend. 

16-Download a general smartphone security checklist (PDF).
Most kids will interact with the Internet through a Smartphone than a computer. This helpful guide from the FCC has several smart smartphone security tips.

17-Start now
Don’t delay. Kids start using the Internet at very young ages. Discuss the rules, dangers and proper Internet behavior as soon as they start using the Internet, or their friends do. Says David Emm, senior security researcher at Kaspersky Lab, “I think one of the key things is to start the process of discussing online safety with your children at an early age, when they start to do anything that involves the Internet. They might still be using the computer with you, rather than independently and this offers an opportunity to highlight the fact that the online world parallels the real world and that there are both safe and unsafe things out there.”

We’re Here to Help

Any questions about these Internet safety tips for children? If you’re unsure, ask us. At Single Path, we’re happy to discuss cyber security and threats, no matter how basic a question, or how advanced. As experts on cyber security, including implementing, creating and assessing many security offerings for businesses and schools, we’d be delighted to review any of these Internet safety tips for children with you.

Contact us to get your school or business secure! 

The Why and How Behind Protecting Student Data and Teacher Data

In May of 2017, The Economist declared that data has replaced oil as the most valuable resource in the world. This means organizations that keep a lot of data, such as schools, are at significant risk from those trying to steal it. Districts and individuals who follow best practices for protecting student data and teacher data, however, can help stave off many threats.

The Numbers Behind the Why

In 2018 alone, K-12 schools reported 122 cyber attacks, resulting in “the theft of millions of taxpayer dollars, stolen identifies, tax fraud and altered school records,” per an article in Campus Safety magazine. Just one of those attacks affected 500,000 students and staff in the San Diego Unified School District, where names, dates of birth, Social Security numbers, mailing and home addresses, phone numbers, health information and legal notices were stolen.

Those 122 cyber attacks were just the successful ones. In May 2018, the K-12 Chief Information Officer at the Kentucky Office of Education Technology testified to Congress that four billion attempted attacks had been launched against Kentucky’s education data infrastructure over the last academic year. It was also reported that phishing attacks had increased 85 percent from the previous year (see our previous blog posts on phishing techniques, Part 1 and Part 2). 

Why Teachers are at Risk

Teachers are targets because of the vast amount of demographic and administrative data that the school or district collects including teachers’ names, addresses, dates of birth, photos, Social Security numbers, banking information, performance data, health conditions, education credit information, and work records. Stealing this information can lead to identity theft and financial fraud. For example, recently hackers infiltrated the Cleveland school district’s payroll system, and were able to steal a large number of employee paychecks. Hackers did the same to teachers in the Atlanta Public School district.

Why Students are at Risk

Like teacher data, student data is also vulnerable as schools collect an ever-growing amount of information to meet state and federal requirements. Protecting student data is important as it can be particularly attractive to hackers due to clean credit histories and the availability of hard-to-collect information such as students’ mothers’ maiden names. How profitable can hacking be? According to a report from the Parent Coalition for Student Privacy, a child’s Social Security number can be sold for $25 to $35 on the dark web. Multiply this by hundreds or even thousands of students, and one school’s data base can be worth six figures.

How To Start Protecting Student Data, and Teacher Data

Protecting student data, and teacher data, is an ongoing job that involves a lot of time and resources. At the very least, you should incorporate the following seven best practices for protecting student data, and teacher data, as soon as you can.

1.    Secure Devices

While network protection may seem like your first priority, protecting your physical assets is just as important. A stolen computer can include a goldmine of data. As we wrote in a previous blog post, “The mere presence of physical safeguards will strongly discourage malicious acts and provide peace of mind for those in the school.” Keep unused computers locked safely, and track all the hardware you have. You can’t protect what you don’t know you have.

2.    Encrypt Everything

Encryption scrambles text to make it unreadable by anyone other than those with the keys to decode it. By keeping back-up files as well as emails and shared files encrypted, hackers will be unable to read them, should they gain access to them.

3.    Make Strong Passwords

As we’ve reported previously, 60% of people use the same passwords for everything and 81% of data breaches are due to weak, default or stolen passwords. Too many people repeat the same password over and over, so if one password is stolen, many sites are compromised. Other users choose passwords that are easy to remember, but also easy to guess. A password manager can be a critical tool in creating impossible-to-replicate passwords.

4.    Back-Up Data

The easiest way to thwart a ransomware scheme is to have a back-up of your data. Back-ups also protect you from any sort of disaster, whether natural or hacker-originated. Cloud computing can make backing up data, and restoring it later, much easier. Complete cloud migration now can eliminate a lot of headaches later.

5.    Educate Staff

Most data breaches stem from human error. For example, the 2017 Equifax data breach, one of the biggest in recent memory, was blamed on a single employee failing to follow security warnings. Even the most senior IT professional can make a mistake, but the more someone knows about threats, the less of a chance they will fall victim to one. That’s why training your staff on best practices, such as how to spot a phishing email, or what not to divulge on social media, can make a big difference.

6.    Educate Students

Not all students may fully understand the criminality of cybercrime, whether they are attempting to hack a school’s network or conducting a DDoS attack as a prank (which is exactly what happened to the school district in St. Charles, Illinois). Per an article on educational tech news provider EdSurge, “Students could potentially piggyback onto unsecured WiFi networks without ever leaving school property, making them susceptible to cybercrime. Providing lessons in ‘digital citizenship’… can go a long way to help protect school assets and the student’s identity.”

7.    Call Single Path

Most districts have limited expertise or resources to plan, implement and share the processes needed to protect their teachers and students. Often, a third-party provider will best be able to monitor, manage and protect the school or district. At Single Path, that’s exactly what we have done for many school districts, such as Great Lakes Academy in Chicago. Our comprehensive suite of services, including managed cloud services and security offerings are designed for businesses and schools to assess, prepare and protect against risk. Let us help you start protecting student data and more.

Ask us how to get started! 

SharePoint vs. OneDrive for Business: Which is Right for You?

Nearly all North American organizations (97 percent) use the cloud, whether for back up protection or big data analytics. Cloud file storage in particular is popular due to its easy storage and retrieval of files, 24/7, from anywhere and on any connected device. Companies have many platform options for cloud storage, but two of the most popular are SharePoint and OneDrive, both from Microsoft. There is a lot of confusion over the differences between SharePoint vs. OneDrive for Business. Let’s evaluate the five key components of these two document management systems to help you make an informed decision on which is best for your organization.

But First, What is SharePoint vs. OneDrive for Business?

Launched in 2001, SharePoint provides storage and lots more, letting users collaborate on files, documents and projects. It comes with a large range of document libraries, task lists, calendars, workflows, wikis and other features, all from a shared company web portal. 

OneDrive for Business is, in essence, a simplified version of SharePoint. (There are differences between the personal and business versions of OneDrive, but we’ll focus on the business version here.) With OneDrive, files that would usually be saved to a folder on a user’s work desktop or laptop can now be stored on the cloud, without a lot of extra bells and whistles.

  1. Collaboration and Document Management
    SharePoint was designed specifically as team collaboration software for businesses that need multiple individuals and teams to work on documents and products at the same time. Features like a mailbox, custom lists and web pages are all part of the platform. Users access SharePoint via a branded company page that can include news, calendars, tasks and more. SharePoint provides countless options for integration and customization. 

    OneDrive is typically used by individuals and business teams who need a central location to store and access files, and not much else. As a user, you are assigned a personal account in which to keep your individual documents. When you want to share a document, you email links to your team members.

  1. Web Publishing
    Many companies use SharePoint’s engine to build and maintain their company website, internal documentation and even web apps. By publishing documents directly to the organization’s branded website, you can make them available for access and download by customers or employees. There are also internal analytics tools to build help documentation, FAQ pages, add customizable features and more 

    With OneDrive, while you can email links to documents, you cannot publish those documents directly to a web page from the OneDrive platform. You’ll need Office 365 or another CMS/website platform to publish your work publicly.

  1. Security
    SharePoint provides much greater control of user access. You can specify various access privileges to restrict which team members are allowed to view certain files or information. This is a great option for sharing information within teams or divisions, and restricting what information can be shared outside these groups. 

    With OneDrive, any user with the right link can access your files without logging in. This increases the chances of confidential data loss or theft.

  1. Setup and Training
    With SharePoint, you need the right expertise to set it up correctly. This means you may need to consult IT specialists who are more familiar with the software. SharePoint also requires training to fully understand it, and use it. 

    OneDrive is intuitive; most users with web or file sharing experience can get started immediately.

  1. Pricing
    SharePoint has high monthly costs, and the initial cost of infrastructure, license and customization can also be substantial. 

    You get what you pay for! While both OneDrive and SharePoint have subscription models, OneDrive fees are significantly less expensive.

SharePoint vs. OneDrive for Business–Which Should You Choose?

If you’re looking for collaborative document management system for your business, SharePoint may be the ideal solution. But if you’re looking for individual back up protection and storage only, OneDrive should do the job. If you’re still unsure when deciding between SharePoint vs. OneDrive for Business, it might be better to consult an expert. At Single Path, we regularly meet with small-to-medium size businesses, schools and other organizations to determine the optimal solutions for their unique needs, from managed cloud services to security solutions. We’ll find the best service providers, reduce costs, improve accessibility and back it all with attentive, personalized support. We help you make a smart choice when looking at SharePoint vs. OneDrive for Business, and more.

Ask us how to get started.

On-Premise vs. Cloud Storage: Which is Best for You?

On-premise storage means that you use your own server hardware and software, likely stored in your building, to house your data. Cloud storage, on the other hand, resides in remote servers across town or across the country. Which option is best for your organization? Let’s look at the advantages and disadvantages of on-premise vs. cloud storage.

Initial Costs

On-premise data storage necessitates high startup costs. Each server will cost thousands of dollars, and you may need to hire a professional IT company to set it all up. Evaluating, purchasing and installing the equipment may also be time consuming: it may take months to fully integrate a new server.

The cloud, however, demands far less of an initial financial investment, and can typically be launched immediately.

The On-Premise vs. Cloud Initial Costs Winner? Cloud storage. Easy.

Extra Costs

On-premise costs are unpredictable, such as repair costs, which can be excessive. Systems also must be upgraded regularly and require regular maintenance. Some companies delay or avoid that regular maintenance which can eventually lead to operational downtime and loss of data.

On-premise storage costs also include:

  • Powering a single server, for instance, can cost over $1,000/year, per server.
  • The cost of ongoing depreciation, and server replacement can be substantial. Servers typically last for about six years, after which they may become obsolete and need to be replaced.
  • Mainframe equipment, for example, may need a full-time IT professional or a team to manage servers and troubleshoot.

Cloud storage providers, on the other hand, have a very different payment model. They charge by the amount of data you need stored, charging you a set fee every month, like a subscription. Generally, that will be your only cost, as the provider is responsible for upgrading its technology and installing the latest security protocols, upgrades and advances. The savings can be substantial: SherWeb conducted a study in which it found the average cost of an on-premise server was $1,476.31 per month, while the average cost of a cloud server was $313.90 per month. But, high storage needs means high fees. Organizations that need several Petabytes of data storage often find monthly cloud services costs are so high they’re prohibitive.

The On-Premise vs. Cloud Extra Costs Winner? Probably the cloud, but It depends on how much storage you need.

Scalability

On-premise scalability can be difficult. If your data storage demand grows, new equipment may need to be ordered, paid for, and installed before the storage can be used. When you include labor, testing and downtime while making the upgrades, the costs and time add up. If you need to reduce your storage, you’re still stuck with the same equipment.

With cloud storage, however, more storage means simply purchasing more storage space, which you can use immediately. You can also reduce your storage needs, and monthly fees, when you don’t need as much storage. However, you’ll want to check that storage amount every now and then. Many organizations tend to overbuy their cloud storage space. A 2017 report from RightScale showed that $900 million of cloud storage spend was wasted every year.

The On-Premise vs. Cloud Scalability Winner? Cloud storage, but only if you buy the right amount of storage.

Security

On-premise storage may be more secure, but not always. First of all, no storage is going to be 100% effective at keeping data safe. But local servers are less accessible to hackers than cloud storage (breaches across the cloud are regularly reported by the media). And a survey from Nexsan found that only 58% of IT professionals “considered access to files away from the office to be ‘private and secure’.” And when it came to sharing files outside of the business, only 3% did. Local servers are also at risk from fire, natural disaster and theft.

Cloud security, on the other hand, can be impressive. According to the Annual Cloud Computing Survey (2017), U.S. businesses using the cloud rank its security as a top benefit. And nearly 70% of U.S. businesses that use the cloud feel more comfortable storing data there than on a legacy system. Encryption and other security tools can go a long way to making cloud storage more secure.

The On-Premise vs Cloud Security Winner? Clearly, it depends on who you speak with, but if you use a trusted vendor, like Single Path, to set up and manage your cloud storage, you should feel confident your cloud storage is just as safe as keeping it local.

Accessibility

In 2017, 43% of Americans spent at least some of their time working remotely (According to the NY Times), and that number is rising. The ability to work off-site has been shown to increase productivity, operational efficiency and business agility.

For on-premise storage, however, accessibility is limited. Getting and sharing files can be slow and difficult.

With cloud computing, accessibility is a major advantage. Since data exists “in the cloud” any gadget connected to the Internet can access it, anywhere, at any time.

The On-Premise vs. Cloud Accessibility Winner? This is an easy one. Cloud computing.

The On-Premise vs. Cloud Storage Winner Can Be You

While cloud storage has many advantages in many areas, this doesn’t necessarily mean it’s right for you. While most small-to-midsize companies will find significant cost savings with cloud storage, others may find their exorbitant amount of data makes cloud storage too expensive. If you’re unsure, call us. At Single Path, we help clients navigate their server options every day, including helping them get on the cloud, secure their data, and modernize their systems. We provide Managed Cloud Services for many organizations, from businesses to school districts. So, which option, on-premise or cloud storage, is best for you? Call us and let’s find the best solution.

Surviving a cyber breach – Free Webinar

It started as just a normal day . . . then you learn, you’ve been breached!  Now what?

Join us on June 26 from 10-10:30AM to walk through what can happen after a cyber breach, steps for recovery, and things you can do today to lower your risk.

ALL ATTENDEES RECEIVE A FREE BOOK:
Secure Enough?: 20 Questions on Cybersecurity for Business Owners and Executives, by Bryce Austin.

Register here

Have I Been Hacked? 6 Ways to Tell If You’ve Been Hacked.

Many of us are constantly worrying: why did I click that link? Why did I go to that site? Why did I respond to that email? While there are many things we can do to keep ourselves and our organizations from being hacked, everyone makes a mistake every now and again. But being aware of the telltale signs you’ve been hacked can change the up-all-night question from, “Have I Been Hacked?” to “What Should I Do Now?” And asking that question can make all the difference.

  1. My Gadget is Too Slow!

Your computer is working fine, zipping along, and then … you wait. And wait. Your software gets sluggish, or constantly freezes or crashes. The commands you type take a few extra moments to respond, and your apps take forever to open. If you start noticing some of these symptoms, your gadget may be infected with viruses, trojans or worms. “Have I been hacked?” Quite possibly. Malicious software usually runs in the background, eating up your gadget’s resources while it’s active, often slowing down your system to a crawl.

  1. Why Am I Getting So Many Pop-up Ads?

Did you know malware can add bookmarks to your web browser, website shortcuts to your home screen, and modify the pop-up ads that you get while browsing? And when you click on that pop-up you could download another virus or be taken to a corrupt website selling bogus products or services to get your credit card information. “Have I been hacked?” If you start noticing browser pop-up ads from websites that don’t normally generate them, then the answer is probably, “yes.”

  1. I Got a Ransom Message!

Ransomware is malware that makes your data inaccessible unless you pay a ransom, often in online currency. “Have I been hacked?” If you get a ransomware demand, it could be fake, but there’s also a significant chance your data is gone unless you pay up. If you have a good, recent backup, you can simply recover the data without paying the ransom. If you haven’t backed up your data, you are at the mercy of the hackers holding your ransom. They might send you an encryption code to unlock your data if you pay the ransom. Then again, maybe they won’t.

  1. My Online Password Doesn’t Work!

You’ve typed your password five times. It’s the same password you always use. You’re getting annoyed it’s not working, and so you ask yourself, “Have I been hacked?” Someone might have logged in to your account and changed the password. But how? Per a current article by CSO online, this is most likely to happen after you’ve responded to a phishing email that looked legit, but wasn’t. You get an email you think is from a coworker or a vendor, and you share personal information, and next thing you know a site, with your credit card information conveniently stored, is in someone else’s hands. This is also why using the same passwords on multiple sites is a bad idea. Contacting one website to report fraudulent use is a challenge;  trying to remember all the dozens of sites with your password may be impossible.

  1. I Got An Antivirus Message!

This scam was a bit more prominent a few years ago, but it still comes up every now and again. Typically, you will get an antivirus warning after your computer has been infected. Get protection now! Your system may be compromised! Danger, Will Robinson! “Have I been hacked?” You bet. Clicking on the link takes you to a professional-looking website where they ask for your credit card number and billing information. The hacker now has control of your system and your credit card. It’s win-win for them (and lose-lose for you).

  1. “Where Did This Program Come From?”

Sometimes malicious programs are disguised as legitimate software. But if you don’t recognize the program it may be malicious. Unwanted software is sometimes installed at the same time you install another program; free programs you download from the web are often to blame. “Have I been hacked?” It’s a strong possibility. Always read your license agreements–some free programs actually admit they will be installing spyware or malware onto your computer to avoid legal action against them. They assume you’ll never read the agreement. Most people don’t.

“Have I Been Hacked?” If the Answer is Yes, Here’s What You Need to Do Now

If you have been hacked, you’re not alone. Research company Vanson Bourn found that 44% of organizations they surveyed had suffered multiple hacks in the last year, with an average loss of more than $1 million per company. Have I been hacked?” If so, you need to act quickly and:

  • Change all your passwords. Do this from another machine, as hackers can capture your keystrokes (commonly called keystroke logging). Don’t repeat any password on more than one page.
  • Use a password manager. Coming up with memorable and hard-to-uncover password for every site is nearly impossible. A password manager will create secure passwords and store them for you.
  • Enable two-factor authentication. If you’re not already doing this, use two-factor authentication for all your passwords. A hacker will need both your password and access to a physical device, like your phone, to access a site.
  • Report fraud. Always report fraud right away. Contact your bank and put a freeze on all your vulnerable credit cards immediately.
  • Update your antivirus software. While not 100% effective, these do work. Use a well-known provider. Some antivirus software is created by hackers, and the software will infect your machine, not protect it.
  • Check for new accounts. Open your Inbox, Spam, Trash, and Sent email folders to see if your email was used to set up new accounts—such as emails with subject lines that say, “Your account was successfully created.”
  • Reinstall your operating system and back up files. Reinstall your operating system, wipe your hard drive clean, and retrieve your backup files.

Or, call Single Path

Ideally, before you say,Have I been hacked?” you’ll take action to avoid that problem, such as calling Single Path. We can help restore your system after a hack, or even better, help prevent one from happening. Our Security Offerings give you a line of defense that leave hackers frustrated and seeking easier prey. And our Managed Cloud Services give you access to leading technology with the most recent security patches, without the need for ongoing investments. So, instead of asking “Have I been hacked?” you’ll be saying, “I’m glad I called Single Path.”

Ask us how to get started! 

7 Pain Points That Cloud Migration Can Solve

The use of the cloud for data storage, sharing and communication continues to grow for both businesses and schools. In fact, virtually all North American organizations (97 percent) use the cloud one way or another, and it’s predicted that 80% of small businesses will solely rely on cloud computing by 2020. For many organizations, this is a positive development due to the many advantages that cloud migration provides. If you’re late on switching to the cloud, or only doing so for a small portion of your business, consider these seven pain points addressed by migrating your data to the cloud.

  1. Hidden expenses

Nearly two-thirds of small businesses and organizations are expected to buy new IT equipment this year, but the costs go beyond the hardware. For example, some organizations have rooms solely dedicated to servers, which not only takes up needed floorspace, but can demand costly cooling and electric bills. The organization may also face potentially high maintenance and repair bills, and will need to keep a larger IT team on staff to maintain the equipment. In fact, it’s estimated that 80% of an organization’s IT costs aren’t spent purchasing computers, but on aftermarket tech and labor costs. With cloud migration, however, many of these costs go away.

  1. Data security

One of the biggest concerns of every organization is data security, especially with data breaches and other cybercrimes continuing to grow, both at schools and businesses. These breaches can be devastating to an organizations’ bottom line, and its reputation.

Cloud providers have stringent cloud security requirements they must adhere to, and offer many advanced features that can ensure data is securely stored and handled. For example, some cloud security features can wipe a device’s data, and its access to data, in case the device goes missing. (We wrote about data security and other cloud advantages in our previous blog post: 12 Reasons to Move Your Business to the Cloud.)

  1. Lack of accessibility and mobility

The days of working on-site, and only on-site, are long gone. In fact, globally, 70% of employees work remotely at least once a week. After migrating your data to the cloud, resources can be easily stored, retrieved and recovered with just a few clicks from anywhere. Not only is data available even if your team members are at home or travelling, many applications can be run on Internet browsers. This means employees, teachers or even students don’t need access to expensive computers to run many routine, mission-critical apps.

  1. Work-life balance

Since the cloud is always on, employees can collaborate from anywhere, at any time. Cloud migration provides workplace flexibility in both hours and location; employees can work from a doctor’s waiting room, for example, rather than being forced to take an entire half day off. More and more employees expect a great deal of flexibility in their work lives; the ability to offer that flexibility can mean the difference between hiring and keeping a key employee.

  1. Scalability

Different companies have different IT needs, and those needs change as companies expand or shrink. With cloud migration, businesses can add or remove resources easily without the cost and risk of investing in physical infrastructure. This level of agility can give businesses a real advantage over their competitors. Global Dot, a leading web and cloud performance reseller, says: “Scalability is probably the greatest advantage of the cloud.”

  1. The carbon footprint

A 2014 study by New York City revealed that, on average, each student, teacher and staff member in their school districts uses 28 pounds of paper a year. The costs can be surprisingly high­–a school with 100 teachers can spend $25,000 on paper a year alone according to Edutopia. That doesn’t include toner costs and energy use: maintaining equipment, including cooling that equipment, can be even more costly. With cloud storage, that money can go right back into the budget.

But the green benefits may be even greater. According the Global e-Sustainability Initiative (GeSI), cloud computing can reduce global greenhouse gas emissions by 16.5%. While moving to the cloud is good for the environment, it may also prove to be good for business­–more than 66% of responders to a recent Nielsen study would be willing to pay more for products made by environmentally-responsible companies

  1. Disaster recovery

Data loss is a major concern for any organization. What happens to your data in the case of equipment failure, theft or even human error? Storing your data in the cloud guarantees that data is always available, and available anywhere. Cloud-based services also provide quick data recovery after emergencies such as natural disasters and power outages. Yet, despite the potential dangers and risks involved in the case of a disaster, 75% of small businesses have no disaster recovery plan in place according to IT service provider phoenixNAP.

Let’s Get Cloud Migration Started

Incorporating and committing to the cloud can save money, increase productivity and guard against disaster. But navigating your options, training staff on proper protocols, transferring data and more can take a lot of time and effort. That’s where Single Path comes in. Our Managed Cloud Services give you access to our seasoned expertise without high initial costs or ongoing investments in upgrades. We can provide lower costs, access to the latest technology, reduced risk, adaptability to changing business conditions and superior support. We work with many organizations, including businesses and schools, and are always eager to discuss your unique situation. Cloud migration can improve security, performance and communication. Ask us how to get started!