SharePoint vs. OneDrive for Business: Which is Right for You?

Nearly all North American organizations (97 percent) use the cloud, whether for back up protection or big data analytics. Cloud file storage in particular is popular due to its easy storage and retrieval of files, 24/7, from anywhere and on any connected device. Companies have many platform options for cloud storage, but two of the most popular are SharePoint and OneDrive, both from Microsoft. There is a lot of confusion over the differences between SharePoint vs. OneDrive for Business. Let’s evaluate the five key components of these two document management systems to help you make an informed decision on which is best for your organization.

But First, What is SharePoint vs. OneDrive for Business?

Launched in 2001, SharePoint provides storage and lots more, letting users collaborate on files, documents and projects. It comes with a large range of document libraries, task lists, calendars, workflows, wikis and other features, all from a shared company web portal. 

OneDrive for Business is, in essence, a simplified version of SharePoint. (There are differences between the personal and business versions of OneDrive, but we’ll focus on the business version here.) With OneDrive, files that would usually be saved to a folder on a user’s work desktop or laptop can now be stored on the cloud, without a lot of extra bells and whistles.

  1. Collaboration and Document Management
    SharePoint was designed specifically as team collaboration software for businesses that need multiple individuals and teams to work on documents and products at the same time. Features like a mailbox, custom lists and web pages are all part of the platform. Users access SharePoint via a branded company page that can include news, calendars, tasks and more. SharePoint provides countless options for integration and customization. 

    OneDrive is typically used by individuals and business teams who need a central location to store and access files, and not much else. As a user, you are assigned a personal account in which to keep your individual documents. When you want to share a document, you email links to your team members.

  1. Web Publishing
    Many companies use SharePoint’s engine to build and maintain their company website, internal documentation and even web apps. By publishing documents directly to the organization’s branded website, you can make them available for access and download by customers or employees. There are also internal analytics tools to build help documentation, FAQ pages, add customizable features and more 

    With OneDrive, while you can email links to documents, you cannot publish those documents directly to a web page from the OneDrive platform. You’ll need Office 365 or another CMS/website platform to publish your work publicly.

  1. Security
    SharePoint provides much greater control of user access. You can specify various access privileges to restrict which team members are allowed to view certain files or information. This is a great option for sharing information within teams or divisions, and restricting what information can be shared outside these groups. 

    With OneDrive, any user with the right link can access your files without logging in. This increases the chances of confidential data loss or theft.

  1. Setup and Training
    With SharePoint, you need the right expertise to set it up correctly. This means you may need to consult IT specialists who are more familiar with the software. SharePoint also requires training to fully understand it, and use it. 

    OneDrive is intuitive; most users with web or file sharing experience can get started immediately.

  1. Pricing
    SharePoint has high monthly costs, and the initial cost of infrastructure, license and customization can also be substantial. 

    You get what you pay for! While both OneDrive and SharePoint have subscription models, OneDrive fees are significantly less expensive.

SharePoint vs. OneDrive for Business–Which Should You Choose?

If you’re looking for collaborative document management system for your business, SharePoint may be the ideal solution. But if you’re looking for individual back up protection and storage only, OneDrive should do the job. If you’re still unsure when deciding between SharePoint vs. OneDrive for Business, it might be better to consult an expert. At Single Path, we regularly meet with small-to-medium size businesses, schools and other organizations to determine the optimal solutions for their unique needs, from managed cloud services to security solutions. We’ll find the best service providers, reduce costs, improve accessibility and back it all with attentive, personalized support. We help you make a smart choice when looking at SharePoint vs. OneDrive for Business, and more.

Ask us how to get started.

On-Premise vs. Cloud Storage: Which is Best for You?

On-premise storage means that you use your own server hardware and software, likely stored in your building, to house your data. Cloud storage, on the other hand, resides in remote servers across town or across the country. Which option is best for your organization? Let’s look at the advantages and disadvantages of on-premise vs. cloud storage.

Initial Costs

On-premise data storage necessitates high startup costs. Each server will cost thousands of dollars, and you may need to hire a professional IT company to set it all up. Evaluating, purchasing and installing the equipment may also be time consuming: it may take months to fully integrate a new server.

The cloud, however, demands far less of an initial financial investment, and can typically be launched immediately.

The On-Premise vs. Cloud Initial Costs Winner? Cloud storage. Easy.

Extra Costs

On-premise costs are unpredictable, such as repair costs, which can be excessive. Systems also must be upgraded regularly and require regular maintenance. Some companies delay or avoid that regular maintenance which can eventually lead to operational downtime and loss of data.

On-premise storage costs also include:

  • Powering a single server, for instance, can cost over $1,000/year, per server.
  • The cost of ongoing depreciation, and server replacement can be substantial. Servers typically last for about six years, after which they may become obsolete and need to be replaced.
  • Mainframe equipment, for example, may need a full-time IT professional or a team to manage servers and troubleshoot.

Cloud storage providers, on the other hand, have a very different payment model. They charge by the amount of data you need stored, charging you a set fee every month, like a subscription. Generally, that will be your only cost, as the provider is responsible for upgrading its technology and installing the latest security protocols, upgrades and advances. The savings can be substantial: SherWeb conducted a study in which it found the average cost of an on-premise server was $1,476.31 per month, while the average cost of a cloud server was $313.90 per month. But, high storage needs means high fees. Organizations that need several Petabytes of data storage often find monthly cloud services costs are so high they’re prohibitive.

The On-Premise vs. Cloud Extra Costs Winner? Probably the cloud, but It depends on how much storage you need.

Scalability

On-premise scalability can be difficult. If your data storage demand grows, new equipment may need to be ordered, paid for, and installed before the storage can be used. When you include labor, testing and downtime while making the upgrades, the costs and time add up. If you need to reduce your storage, you’re still stuck with the same equipment.

With cloud storage, however, more storage means simply purchasing more storage space, which you can use immediately. You can also reduce your storage needs, and monthly fees, when you don’t need as much storage. However, you’ll want to check that storage amount every now and then. Many organizations tend to overbuy their cloud storage space. A 2017 report from RightScale showed that $900 million of cloud storage spend was wasted every year.

The On-Premise vs. Cloud Scalability Winner? Cloud storage, but only if you buy the right amount of storage.

Security

On-premise storage may be more secure, but not always. First of all, no storage is going to be 100% effective at keeping data safe. But local servers are less accessible to hackers than cloud storage (breaches across the cloud are regularly reported by the media). And a survey from Nexsan found that only 58% of IT professionals “considered access to files away from the office to be ‘private and secure’.” And when it came to sharing files outside of the business, only 3% did. Local servers are also at risk from fire, natural disaster and theft.

Cloud security, on the other hand, can be impressive. According to the Annual Cloud Computing Survey (2017), U.S. businesses using the cloud rank its security as a top benefit. And nearly 70% of U.S. businesses that use the cloud feel more comfortable storing data there than on a legacy system. Encryption and other security tools can go a long way to making cloud storage more secure.

The On-Premise vs Cloud Security Winner? Clearly, it depends on who you speak with, but if you use a trusted vendor, like Single Path, to set up and manage your cloud storage, you should feel confident your cloud storage is just as safe as keeping it local.

Accessibility

In 2017, 43% of Americans spent at least some of their time working remotely (According to the NY Times), and that number is rising. The ability to work off-site has been shown to increase productivity, operational efficiency and business agility.

For on-premise storage, however, accessibility is limited. Getting and sharing files can be slow and difficult.

With cloud computing, accessibility is a major advantage. Since data exists “in the cloud” any gadget connected to the Internet can access it, anywhere, at any time.

The On-Premise vs. Cloud Accessibility Winner? This is an easy one. Cloud computing.

The On-Premise vs. Cloud Storage Winner Can Be You

While cloud storage has many advantages in many areas, this doesn’t necessarily mean it’s right for you. While most small-to-midsize companies will find significant cost savings with cloud storage, others may find their exorbitant amount of data makes cloud storage too expensive. If you’re unsure, call us. At Single Path, we help clients navigate their server options every day, including helping them get on the cloud, secure their data, and modernize their systems. We provide Managed Cloud Services for many organizations, from businesses to school districts. So, which option, on-premise or cloud storage, is best for you? Call us and let’s find the best solution.

Surviving a cyber breach – Free Webinar

It started as just a normal day . . . then you learn, you’ve been breached!  Now what?

Join us on June 26 from 10-10:30AM to walk through what can happen after a cyber breach, steps for recovery, and things you can do today to lower your risk.

ALL ATTENDEES RECEIVE A FREE BOOK:
Secure Enough?: 20 Questions on Cybersecurity for Business Owners and Executives, by Bryce Austin.

Register here

Have I Been Hacked? 6 Ways to Tell If You’ve Been Hacked.

Many of us are constantly worrying: why did I click that link? Why did I go to that site? Why did I respond to that email? While there are many things we can do to keep ourselves and our organizations from being hacked, everyone makes a mistake every now and again. But being aware of the telltale signs you’ve been hacked can change the up-all-night question from, “Have I Been Hacked?” to “What Should I Do Now?” And asking that question can make all the difference.

  1. My Gadget is Too Slow!

Your computer is working fine, zipping along, and then … you wait. And wait. Your software gets sluggish, or constantly freezes or crashes. The commands you type take a few extra moments to respond, and your apps take forever to open. If you start noticing some of these symptoms, your gadget may be infected with viruses, trojans or worms. “Have I been hacked?” Quite possibly. Malicious software usually runs in the background, eating up your gadget’s resources while it’s active, often slowing down your system to a crawl.

  1. Why Am I Getting So Many Pop-up Ads?

Did you know malware can add bookmarks to your web browser, website shortcuts to your home screen, and modify the pop-up ads that you get while browsing? And when you click on that pop-up you could download another virus or be taken to a corrupt website selling bogus products or services to get your credit card information. “Have I been hacked?” If you start noticing browser pop-up ads from websites that don’t normally generate them, then the answer is probably, “yes.”

  1. I Got a Ransom Message!

Ransomware is malware that makes your data inaccessible unless you pay a ransom, often in online currency. “Have I been hacked?” If you get a ransomware demand, it could be fake, but there’s also a significant chance your data is gone unless you pay up. If you have a good, recent backup, you can simply recover the data without paying the ransom. If you haven’t backed up your data, you are at the mercy of the hackers holding your ransom. They might send you an encryption code to unlock your data if you pay the ransom. Then again, maybe they won’t.

  1. My Online Password Doesn’t Work!

You’ve typed your password five times. It’s the same password you always use. You’re getting annoyed it’s not working, and so you ask yourself, “Have I been hacked?” Someone might have logged in to your account and changed the password. But how? Per a current article by CSO online, this is most likely to happen after you’ve responded to a phishing email that looked legit, but wasn’t. You get an email you think is from a coworker or a vendor, and you share personal information, and next thing you know a site, with your credit card information conveniently stored, is in someone else’s hands. This is also why using the same passwords on multiple sites is a bad idea. Contacting one website to report fraudulent use is a challenge;  trying to remember all the dozens of sites with your password may be impossible.

  1. I Got An Antivirus Message!

This scam was a bit more prominent a few years ago, but it still comes up every now and again. Typically, you will get an antivirus warning after your computer has been infected. Get protection now! Your system may be compromised! Danger, Will Robinson! “Have I been hacked?” You bet. Clicking on the link takes you to a professional-looking website where they ask for your credit card number and billing information. The hacker now has control of your system and your credit card. It’s win-win for them (and lose-lose for you).

  1. “Where Did This Program Come From?”

Sometimes malicious programs are disguised as legitimate software. But if you don’t recognize the program it may be malicious. Unwanted software is sometimes installed at the same time you install another program; free programs you download from the web are often to blame. “Have I been hacked?” It’s a strong possibility. Always read your license agreements–some free programs actually admit they will be installing spyware or malware onto your computer to avoid legal action against them. They assume you’ll never read the agreement. Most people don’t.

“Have I Been Hacked?” If the Answer is Yes, Here’s What You Need to Do Now

If you have been hacked, you’re not alone. Research company Vanson Bourn found that 44% of organizations they surveyed had suffered multiple hacks in the last year, with an average loss of more than $1 million per company. Have I been hacked?” If so, you need to act quickly and:

  • Change all your passwords. Do this from another machine, as hackers can capture your keystrokes (commonly called keystroke logging). Don’t repeat any password on more than one page.
  • Use a password manager. Coming up with memorable and hard-to-uncover password for every site is nearly impossible. A password manager will create secure passwords and store them for you.
  • Enable two-factor authentication. If you’re not already doing this, use two-factor authentication for all your passwords. A hacker will need both your password and access to a physical device, like your phone, to access a site.
  • Report fraud. Always report fraud right away. Contact your bank and put a freeze on all your vulnerable credit cards immediately.
  • Update your antivirus software. While not 100% effective, these do work. Use a well-known provider. Some antivirus software is created by hackers, and the software will infect your machine, not protect it.
  • Check for new accounts. Open your Inbox, Spam, Trash, and Sent email folders to see if your email was used to set up new accounts—such as emails with subject lines that say, “Your account was successfully created.”
  • Reinstall your operating system and back up files. Reinstall your operating system, wipe your hard drive clean, and retrieve your backup files.

Or, call Single Path

Ideally, before you say,Have I been hacked?” you’ll take action to avoid that problem, such as calling Single Path. We can help restore your system after a hack, or even better, help prevent one from happening. Our Security Offerings give you a line of defense that leave hackers frustrated and seeking easier prey. And our Managed Cloud Services give you access to leading technology with the most recent security patches, without the need for ongoing investments. So, instead of asking “Have I been hacked?” you’ll be saying, “I’m glad I called Single Path.”

Ask us how to get started! 

7 Pain Points That Cloud Migration Can Solve

The use of the cloud for data storage, sharing and communication continues to grow for both businesses and schools. In fact, virtually all North American organizations (97 percent) use the cloud one way or another, and it’s predicted that 80% of small businesses will solely rely on cloud computing by 2020. For many organizations, this is a positive development due to the many advantages that cloud migration provides. If you’re late on switching to the cloud, or only doing so for a small portion of your business, consider these seven pain points addressed by migrating your data to the cloud.

  1. Hidden expenses

Nearly two-thirds of small businesses and organizations are expected to buy new IT equipment this year, but the costs go beyond the hardware. For example, some organizations have rooms solely dedicated to servers, which not only takes up needed floorspace, but can demand costly cooling and electric bills. The organization may also face potentially high maintenance and repair bills, and will need to keep a larger IT team on staff to maintain the equipment. In fact, it’s estimated that 80% of an organization’s IT costs aren’t spent purchasing computers, but on aftermarket tech and labor costs. With cloud migration, however, many of these costs go away.

  1. Data security

One of the biggest concerns of every organization is data security, especially with data breaches and other cybercrimes continuing to grow, both at schools and businesses. These breaches can be devastating to an organizations’ bottom line, and its reputation.

Cloud providers have stringent cloud security requirements they must adhere to, and offer many advanced features that can ensure data is securely stored and handled. For example, some cloud security features can wipe a device’s data, and its access to data, in case the device goes missing. (We wrote about data security and other cloud advantages in our previous blog post: 12 Reasons to Move Your Business to the Cloud.)

  1. Lack of accessibility and mobility

The days of working on-site, and only on-site, are long gone. In fact, globally, 70% of employees work remotely at least once a week. After migrating your data to the cloud, resources can be easily stored, retrieved and recovered with just a few clicks from anywhere. Not only is data available even if your team members are at home or travelling, many applications can be run on Internet browsers. This means employees, teachers or even students don’t need access to expensive computers to run many routine, mission-critical apps.

  1. Work-life balance

Since the cloud is always on, employees can collaborate from anywhere, at any time. Cloud migration provides workplace flexibility in both hours and location; employees can work from a doctor’s waiting room, for example, rather than being forced to take an entire half day off. More and more employees expect a great deal of flexibility in their work lives; the ability to offer that flexibility can mean the difference between hiring and keeping a key employee.

  1. Scalability

Different companies have different IT needs, and those needs change as companies expand or shrink. With cloud migration, businesses can add or remove resources easily without the cost and risk of investing in physical infrastructure. This level of agility can give businesses a real advantage over their competitors. Global Dot, a leading web and cloud performance reseller, says: “Scalability is probably the greatest advantage of the cloud.”

  1. The carbon footprint

A 2014 study by New York City revealed that, on average, each student, teacher and staff member in their school districts uses 28 pounds of paper a year. The costs can be surprisingly high­–a school with 100 teachers can spend $25,000 on paper a year alone according to Edutopia. That doesn’t include toner costs and energy use: maintaining equipment, including cooling that equipment, can be even more costly. With cloud storage, that money can go right back into the budget.

But the green benefits may be even greater. According the Global e-Sustainability Initiative (GeSI), cloud computing can reduce global greenhouse gas emissions by 16.5%. While moving to the cloud is good for the environment, it may also prove to be good for business­–more than 66% of responders to a recent Nielsen study would be willing to pay more for products made by environmentally-responsible companies

  1. Disaster recovery

Data loss is a major concern for any organization. What happens to your data in the case of equipment failure, theft or even human error? Storing your data in the cloud guarantees that data is always available, and available anywhere. Cloud-based services also provide quick data recovery after emergencies such as natural disasters and power outages. Yet, despite the potential dangers and risks involved in the case of a disaster, 75% of small businesses have no disaster recovery plan in place according to IT service provider phoenixNAP.

Let’s Get Cloud Migration Started

Incorporating and committing to the cloud can save money, increase productivity and guard against disaster. But navigating your options, training staff on proper protocols, transferring data and more can take a lot of time and effort. That’s where Single Path comes in. Our Managed Cloud Services give you access to our seasoned expertise without high initial costs or ongoing investments in upgrades. We can provide lower costs, access to the latest technology, reduced risk, adaptability to changing business conditions and superior support. We work with many organizations, including businesses and schools, and are always eager to discuss your unique situation. Cloud migration can improve security, performance and communication. Ask us how to get started! 

The Importance of Email and IM Encryption for Cyber Security

IM encryptionThe average office worker receives about 90 emails a day, and sends 40 emails. Also, 97% of all Americans text at least once a day and 80% text for business purposes. Yet, while more and more team members are cautious about file sharing and data protection, many are still unaware how easily an email can be intercepted by a hacker, or how easily SMS texts can be monitored by outside parties. The solution is data encryption.

What is Encryption and how does it work?

Encryption is the process of encoding information to prevent anyone other than its intended recipient from reading it. Data encryption uses an algorithm (known as a cipher or ciphertext) to convert information into random characters or symbols. These are unreadable to anyone who does not have access to a special encryption key used to decrypt the information (we described this in more detail in the first of an earlier two-part blog post about data encryption).

Email Encryption

A single, intercepted email can provide a password, a confidential file or other private information to a hacker. But a hacker can also hijack your entire email account to read emails, send emails, gather confidential information and more. As reported in a recent PC World article, “If you leave the connection from your email provider to your computer or other device unencrypted while you check or send email messages, other users on your network can easily capture your email login credentials.” To keep your emails and email accounts safe, these three things should be encrypted:

  • The connection from your email provider. Encrypting the connection prevents unauthorized users from intercepting and capturing login credentials, and any email messages travelling server-to-server.
  • Your actual email message. Encrypting email messages means any emails intercepted will be unreadable.
  • Your stored, cached or archived email messages. Encrypting your stored messages will prevent a hacker from reading the saved files on your hard drive or network.

Instant Messaging Encryption

For many people on your team, the productivity advantages of Instant Messaging are enormous. The speed of delivery and response can far surpass other electronic communication options. But since standard SMS texting is unencrypted, conversations can be monitored by hackers or even law enforcement personnel.

Fortunately, many IM providers already implement a level of encryption. For example, the Messages app on an iPhone or macOS device incorporates end-to-end encryption. The WhatsApp messaging feature on many Android and Windows devices also uses end-to-end encryption

Other providers may not be as secure. Recently, popular collaboration hub Slack received some unwanted attention for just this reason. Slack markets itself as a place “where you and your team can work together to get things done … From project kickoffs to budget discussions, and to everything in between.” Slack has more than 10 million users every day. But according to a report by CNBC, executives are concerned about the commonplace sharing of sensitive data on Slack. “I love my people, but they never shut up on Slack,” said the CEO of a security company. “It’s very good for productivity, but the problem is we’re working on security, so we have to be careful about what we say.” About a quarter of corporate breaches are related to insiders, (per a report from Verizon) and they can easily use information gathered from collaboration tools like Slack and Dropbox.

Encryption Made Easy

Encryption applications for emails and SMS messaging are easy to find, but not all are equally effective or easy to use. In addition to security, a successful encryption program should be:

  • Encryption should take as few steps as possible, and be easily accomplished by the most non-technical user. For the most part, this means the email encryption application should be automatic.
  • Encryption should enable the safe delivery of messages to anyone, regardless of their email server or own security protocols (or lack of them). It should look and act just like regular email.
  • Content Agnostic. Your email encryption should also encrypt documents, sound files, spreadsheet, video or any other attachment.
  • Only you and your recipient(s) should be able to read the message, not even your encryption provider.

The Importance of Staff Training

With so many people in your organization dependent on email and IM, it is critically important that they are aware of the risks involved, and are open to incorporating best practices into their daily routines. Security Awareness Training should be a mandatory part of every team member’s basic training. Security Awareness Training conditions staff not to click or open anything that looks suspicious, and focuses on changing human behavior to make security part of workplace culture.

How To Implement Encryption For Your Cyber Security Program

If your organization is not currently encrypting instant messages, and insisting on the use of encrypted email applications, you are putting your organization at pointless risk. Single Path works with many different businesses and schools on their cyber security. We can train your staff, help you analyze, procure and implement the best security software and protocols, and work with you to put the processes in place to help you navigate safely through the dangerous online world. Our security offerings are as vast as they are effective. Safer and effective messaging through encryption is a great place to begin.

Ask us how to get started!

The Top 9 Cyber Security Myths and the Top 9 Cyber Security Truths

You might think your business is too small for a cyberattack, your security is too strong or your data is too insignificant. Unfortunately, we have some bad news: no organization is safe from the continually growing threat of a cyberattack regardless of size, industry or best efforts. Here are the top nine cyber security myths, and the harsh realities behind them.

  1. Cyber Security Myth: Only big organizations are at risk of a cyberattack.
    Reality: Half of all data breach victims are SMBs.

According to the 2018 Verizon Data Breach Investigations Report, 58% of data breach victims are small businesses. That’s because SMBs are often seen as more vulnerable than bigger businesses and as having fewer security protocols in place. A recent study by the Poneman Institute, The 2018 State of Cyber Security in Small and Medium Size Businesses, revealed that 70% of small businesses have experienced a cyberattack in the last 12 months. According to the report, only 28% of small businesses rate their ability to mitigate threats, vulnerabilities and attacks as “highly effective.”

  1. Cyber Security Myth: Hackers aren’t interested in my industry.
    Reality: Any organization with sensitive information is vulnerable.

Malware and viruses don’t discriminate; any machine or network can pick up a Trojan Horse or face a ransomware scheme. While financial services and healthcare are among those industries hit by the most cyberattacks, wide nets are cast and can land anywhere. Across the world, ransomware attacks are up 350% and IoT attacks are up 600%. If your business has a network or a computer, it’s at risk.

  1. Cyber Security Myth: I’m only at risk from outside cyberthreats.
    Realty: Insider threats are frequent and often harder to detect.

From rogue employees to careless ones, from third-party contractors to business partners, research suggests insider threats account for up to 75% of all security breaches. According to a recent article from Security Magazine, 32% of companies can’t even determine the root source of a data breach after 12 months–so that 75% could be even higher.

  1. Cyber Security Myth: Cyber security is the IT department’s responsibility.
    Reality: Cyber security is the responsibility of every member of your team.

According to some reports, more than 90% of malware is installed over email. If your employees aren’t trained on cyber security best practices, such as how to identify phishing emails and the risk of clicking on unsafe links, they could be leaving your organization in peril. Some email hacking ploys are quite sophisticated, and employees are not always on guard. Regular cyber security awareness training is critical.

  1. Cyber Security Myth: You’ll know immediately if your network is infected.
    Reality: Modern malware is stealthy and hard to detect.

It takes an average of 191 days for a business to detect a data breach, and then another 66 days to fully contain it. The longer a breach occurs, the more files may be compromised, the more data can be stolen (and perhaps sold on the black market) and the more likely your organization is to suffer irreparable harm.

  1. Cyber Security Myth: My anti-virus and anti-malware software keeps me safe.
    Reality: Software can’t protect against everything.

In 2016, the cybersecurity company McAfee says it found four new strains of malware every second. Who knows how many they never detect? There is no way updates can keep up with the evolution of cyberthreats. Making matters worse, many businesses don’t immediately install security patches, either due to ignorance of difficulty. As reported by online security site CSO, “People aren’t too dumb or lazy to install patches. They want to do the right thing. But patching can be difficult for a multitude of reasons, and those roadblocks explain why patching is performed so poorly in most organizations.”

  1. Cyber Security Myth: My passwords are strong enough.
    Reality: You need two-factor authentication.

When multiple employees have access to the same system, that system is only as strong as the weakest password. But even a strong password isn’t without risk: an employee can be duped into sharing a password via a phishing scheme, or re-use a password that is compromised somewhere else. Two-factor authentication can reduce much of this risk.

  1. Cyber Security Myth: Our organization has never faced a cyberthreat, so we’re safe.
    Reality: That’s what everyone says right before they go out of business.

Are you familiar with the Identity Theft Resource Center (ITRC) breach list? Every month this list is updated with newly reported business data breaches, most of which never make the front page. You won’t have to look long to find an organization like yours, whether it’s a business your size, in your industry, in your state, or all of those. This list also details how the breach occurred and what was affected. It can be eye opening for many small businesses, especially with 60% of small businesses folding within six months of a cyberattack.

  1. Cyber Security Myth: Complete cyber security is achievable.
    Reality: No, never. Which is why you need a partner like Single Path.

In 2017, a cyberattack cost small-to-medium sized businesses an average of $2,235,000 per attack. Keeping your business safe from cyberthreats is a critical job; it can also be a full-time one. That’s why you need a partner like Single Path. We have helped thousands of organizations like yours protect themselves. From employee training to managed cloud services, from hardware procurement to our full slate of security solutions, we can implement the protocols you need to have a safer, more cybersecure organization. Because the biggest cyber security myth of them all is that your organization is safe.

Ask us how to get started now.

Why DDoS Security is Critical for your School (and what is DDoS, anyway)?

If you regularly follow our blogs, you’ve read about the dangers of Phishing and Ransomware, but there’s a third method of cybercrime that can be just as damaging: a DDoS attack, or “Distributed Denial of Service.” A DDoS attack occurs when a hacker takes control of thousands of computers and aims traffic at a single server, overwhelming its network to knock it offline or slow it to a crawl. Without appropriate DDoS security protocols, an attack can cause mass and immediate disruption.

EdTech Magazine reports that DDoS attacks “are on the rise. For schools, the attacks can shut down websites, phone systems and prevent users from accessing the internet and applications.” Here are some recent examples of school-related DDoS security issues in recent years,:

  • The Miami-Dade County Public school system was unable to provide online testing for three days after a series of DDoS attacks crippled their new, high-touted computer-based standardized testing system.
  • Minnesota Department of Education twice had to suspend its state testing when a DDoS attack kept students from logging into its online assessment system.
  • The St. Charles, Illinois school district lost online access for employees and all of their 13,000 students. According to a report from eSchool News, “the hackers cut off the entire district’s internet access for four hours at a time and then repeated the process 10 more times over the following six weeks.” Eventually, two students were charged in the attack.
  • Rutgers, Arizona State and University of Georgia have all been victims of recent DDoS attacks. After an attack, Rutgers spent $3 million dollars and raised tuition 2.3% just to upgrade their DDoS security, and then became a DDoS victim again less than a year later.

The Simplicity of a DDoS Attack

Many schools, even those that are on the alert to cyberthreats, may not be paying much attention to their DDoS security. But it doesn’t take a cyber-genius to launch a DDoS attack. You can find relatively simple how-to videos on popular sites such as YouTube. The ease of launching such an attack, combined with inadequate DDoS security, makes this scheme popular with a wide variety of groups as a form of protest, as an act of “revenge,” as a distraction from another cyberattack, or even just for “fun.”

The lack of DDoS security can also harm schools through their vendors or partners. In September of last year, millions of families across 45 states were impacted by a DDoS attack on the app Infinite Campus, which provides a “Parent Portal” allowing parents and students the ability to check grades and other information.

How To Implement Your DDoS Security

Schools have become a target for cybercriminals, accounting for 13 percent of all data breeches in the first half of 2017, which involve nearly two billion student and parent records. But schools can incorporate numerous strategies to increase security, including their DDoS security, such as by switching to cloud networking, monitoring cyber-traffic for abnormal patterns, and adding backup internet service providers to keep networks up and running. School districts can also upgrade their firewall protection and their network architecture. Sounds like a lot of work? It can be.

That’s why Single Path partners with schools to help protect their IT technology from hackers, and to make upgrades and changes as easy and as turnkey as possible. We consult and implement, provide continual monitoring, and can also educate your staff on data security best practices. We also provide a wide variety of Managed/Cloud Services. DDoS security can be challenging, which is why you need a team like Single Path to help protect your organization from harm.

Ask us how to get started!

 

 

 

6 Ways to Improve Employee Cyber Security Awareness, for Businesses and Schools

According to Accenture’s Cost of Cyber Crime Study, the average cost of cyber crime in the United States reached $21.22 million per organization last year (compared to $17.26 million the year before). But you can’t depend solely on your IT department for your cyber security. After all, a chain is only as strong as its weakest link. Improving cyber safety means increasing employee cyber security awareness throughout your entire business or school.

Here are the 6 top ways you can get your employees on board to increase engagement and improve employee cyber security awareness.

  1. Education

Do your employees or staff know:

  • Working remotely using an unsecure Wi-Fi connection leaves computers vulnerable to attacks?
  • Using personal, unsecured devices for work can open the door to compromising an organization’s network?
  • What employees say and do on social media can be tracked by cybercriminals and used against them in the workplace?

Chances are, some if not all of those points may surprise some people on your team. Most experts agree that the #1 key to cyber security compliance at a business or school is educating staff on the risks. For example, in addition to the above bullet points, does everyone on your team know how to spot a Phishing email (see our earlier blog post, How to Spot a Phishing Email), or the risks of using a thumb drive (see our post, USB Security Risks: When Flash Drives Become Dangerous)? An educated team, with increased employee cyber security awareness, makes for a more secure organization.

  1. Assign Mandatory Training

Recently we came across an article in Forbes Magazine that recommended, “Employees and management from all industries should be assigned mandatory cyber security compliance training every year.” This requirement can be administered with computer-based training modules and tied into annual reviews. When implementing training you’ll want to ensure executive and management support, a way to measure success, and also consider incentivizing participation (for more information, check out our earlier blog post, We’re Only Human: The Importance of Security Awareness Training.)

You may want to work with an outside partner to implement training, such as Single Path. We’re well versed in educating and training staff in the most up-to-date cyber security best practices.

  1. Establish and Promote Simple Procedures

More often than not, employees are happy to follow procedures as long as they are aware of them, and they are easy understand. Create organization-wide procedures for your team to follow. Make sure they are functional, actionable and simple.

Once you have those procedures in place, figure out the best way to communicate them within the organization. Keep communication friendly, and avoid hard-to-understand cyberspeak. Says Ashwin Ramasamy, co-founder of marketing intelligence company PipeCandy, “We use comic book-like imagery and sci-fi and comic language in posters across the office that reinforces the message without being suffocating.” Choose a method of communication that will resonate with your team.

  1. Encourage Reporting of Incidents

The best-trained employees can still fall for a hacking ploy from time to time, such as opening a file or clicking a link without thinking. Even IT professionals fall for these tricks. But if a user feels foolish for falling for an attack, and are embarrassed, he or she is less likely to report it. Create a reporting system that rewards staff for reporting suspicious messages, and that allows them to share mistakes without penalty or stigma.

  1. Have Employees Manage Initiatives

Rather than protocols created only by management, make cyber security policy an employee-managed initiative. Create a committee with representatives from every department, and make it their responsibility to set procedure, communicate policy and enforce compliance. Department participation, where everyone feels included, helps ensure individual buy-in.

  1. Make Awareness a Part of New-Employee Orientation

Employees expect to learn rules and processes when they start a new job, and making cyber security a part of their new-employee orientation stresses its importance, and immediately lays the groundwork for your expectations. An employee handbook is also a great place to publish protocols and procedures.

Your Employee Cyber Security Awareness Partner

To implement an employee cyber security awareness program it helps to have a proven partner. Single Path has helped countless businesses, schools and other organizations create a robust, living program that connects employees and staff to best practices. We can help you create a functional and effective cyber-threat strategy for your school or business. Single Path Security offerings are extensive, collaborative and modern.

Ask us how to get started!

Five Top Cyber Security Threats for 2019

Cyber security concerns have been around for as long as there has been cyber-anything. The first computer virus was found infecting computers in the early 1970’s and the first malware author was convicted in 1988. Those early infections were primitive compared to today’s hacking threats, which continue to grow more complex and sophisticated. While it’s vital to be prepared against any contingency, no matter how remote, we consider these to be the top cyber security threats for 2019.

Cryptojacking Rising

Ransomware has grown by 350% according to a report by Dimension Data, and accounts for 7% of all malware. It has been reported that ransomware costs American businesses north of 75 billion dollars a year, with most attacks never publicly disclosed. The biggest increase in ransomware is expected to take the form of Cryptojacking, also known as “Cryptomining malware.” We discussed the problem of Cryptojacking in a recent blog post, in which we described how hackers can hijack computer processing power to mine cryptocurrency. We expect these cyber security threats for 2019 to continue to grow.

Software Subversion Expanding

As Security magazine reports, “While exploitation of software flaws is a longstanding tactic used in cyber attacks, efforts to actively subvert software development processes are also increasing.” In other words, the software you download may be infected, giving hackers a back channel into an entire network. Malware has even been detected in open source software libraries. Another variant is this: hackers may offer software that is spelled slightly different than a popular application (such as adding an “s” or leaving out a letter), with the only other difference being the inclusion of malware. So be careful what you download, even if it’s from a seemingly trusted source.

Cybercriminals Uniting

One of the top cyber security threats for 2019 is due to the expanding resources available to cybercriminals. Historically, many cybercriminals have worked alone, or in small groups. That’s starting to change. The proliferation of hacker forums and chat groups have launched a robust black market where cybercriminals buy and exchange malware, botnets and other criminal resources. The availability of these rogue offerings means that even inexperienced, or less able, hackers can launch sophisticated attacks. These “malware-as-a-service” opportunities will only continue to grow, which will result in an increased number of cyberattacks, especially in regards to identity and credit card theft. If you think the threats are numerous now–and they are–an aggressive and nearly overwhelming wave of attacks may be on the horizon.

Synergistic Threats Increasing

GandCrab has been in the news frequently. Discovered in January, GandCrab is a ransomware Trojan horse, encrypting files on a computer and then demanding payment to decrypt them. Just recently, the group behind GandCrab has targeted users visiting adult websites, asking for money to keep silent about their potentially embarrassing visits. This, however, is just a ruse to mask their real intent. When a user clicks on the email link, he or she inadvertently installs the GandCrab ransomware onto his or her computer.

GandCrab has grown to be so large, they are actually soliciting cybercriminals to partner with them. As McAfee reported, “At the end of September, the GandCrab crew started a ‘crypt competition’ on a popular underground forum to find a new crypter service they could partner with.” This will let the GandCrab organization expand its criminal activities in new, unforeseen, ways.

In 2019, many experts, including Security magazine, predicts attackers will continue to combine tactics to create multi-faced, or synergistic, threats. To combat them, organizations will also need to synergize their defenses.

Social Media Misinformation Mounting

The proliferation of Russian-originated Facebook pages influencing the 2016 U.S. presidential elections has been well documented by news sources across the world. So it shouldn’t be a surprise that cybercriminals are eyeing social media as offering rich opportunities for criminal enterprise, with posts and pages displaying an impressive degree of professional-looking design for dishonest purposes. Botnet operators are able to test messaging just like a marketer, including the use of hashtags, to determine the success rates of their misinformation.

Social media platforms are aware of the potential abuse, and are focusing their resources on stopping it, but with so many users, and so much data available on sites, criminals will further focus their resources on these big-scale platforms.

Protect your business from the Cyber Security Threats for 2019

These five cyber security threats for 2019 are just the tip of the iceberg. There are many more threats out there, many of which we may not even be able to imagine yet. The only thing an organization can do is to be prepared with smart, sophisticated technological resources and by adhering to best Internet safety practices. Consider Single Path your partner in anti-crime. Single Path Security Offerings run the gamut from employee training to insider threat solutions. We’ll help you be prepared for the cyber security threats for 2019 and also those still to come.

Ask us how to get started!