TPx Blog

By Nancy Ridge of Telecom Brokers

As a technology adviser, I often consult with small and medium business (SMB) owners who recognize the importance of technology to the growth of their companies but don’t have the time to stay on top of the latest products and services available to them. As a result, I spend much of my time keeping business clients up to speed on today’s rapidly changing technologies, new players and viable solutions. Lately, I’ve been talking a lot about TPx UCx solutions.

Those of us in California have known TPx, formerly TelePacific, as the provider that set the standard for quality of service and commitment to customers for the past two decades. The company has a proven history of focusing on relationships as much as technology, which helps us deliver a range of solutions to meet the evolving needs of business users and take care of those users long after implementation. Over time, TPx has evolved into a national managed services carrier whose UCaaS, SD-WAN and managed IT solutions help SMBs drive workforce productivity, improve the quality of products and services, and attract and retain new customers.

I say this as an impartial industry observer and representative of dozens of carriers and other service providers. Our company, Telecom Brokers, works with hundreds of independent sales agents to provide all manner of technology solutions to business clients across the country. In the past, our agents’ discussions with clients frequently focused on phone service, Internet access and network connectivity. That’s still a part of the conversation, of course. But increasingly our agent partners are talking to clients about addressing functional challenges that cause them to be inefficient, serve customers poorly or lose business.

Increasingly, our agents are leveraging TPx products to present new ideas to SMB clients. For example, rather than define collaboration, mobility and cloud as separate domains, TPx enables us to present them as integrated components of its UCx solution. UCx supports file sharing and makes it easier and more secure for mobile employees to stay connected on the go. UCx also gives businesses the ability to transcribe voicemails that can then be read and stored as email, and connect customer service reps in an internal call center that’s integrated with their CRM to deliver pertinent customer information.

With UCx, there also is no need for a separate conferencing service. Indeed, UCx conferencing services perform well and offer features and controls not available with many other systems. That pleases a lot of SMB clients, but they are most excited to learn that they can combine UCx with SD-WAN for Quality of Service (QoS) and failover, even for a single location. In other words, they don’t have to fear moving to VoIP even if they’ve previously experienced poor quality with well-known VoIP brands.

I’ve only touched on a few of the advantages of UCx, but it’s these kinds of capabilities that make life easier for our SMB clients. The challenge for technology distributors like myself is that clients aren’t aware of all the benefits. But that’s a challenge I’m happy to take on if it helps my clients do business better.

About the Author

Nancy Ridge is executive vice president for Telecom Brokers, a full-service technology distributor with a portfolio of products which includes phone service, Internet, MPLS, cloud computing, security and other communication related products from over 150 global service providers. Ridge has served national and key accounts in the telecommunications and utility industries for more than 27 years, serving in senior management positions. She also is past president and co-founder of Women in the Channel, a past board member for Technology Channel Association. Ridge has been recognized as a 2013 nominee for Orange County Women in Business award, and was honored by a 2015 Silver “Stevie” award from the American Business Association for her work with Women in the Channel.

stay secure on a limited budget

The ambition and dedication of small and midsize businesses (SMBs) drive the modern U.S. economy. These businesses face special challenges in the IT space because they don’t have the staffing, institutional knowledge and financial resources that larger enterprises do.

The Threat Landscape for SMBs

99.7% of all U.S. businesses have fewer than 500 employees. That huge footprint makes SMBs a prime target for cyberthreats, cybercrimes, and data breaches and theft – and an attack can have a devastating effect on an SMB’s viability.  The small to midsize business is an increasingly attractive target to malicious actors and cybercriminals because it is often unable to maintain the tools, skills, knowledge, and staff required to adequately defend the business.

According to Barkly, 57% of SMBs reported an increase in cyberattack volume in the last year. However, even though cyberattacks are becoming more sophisticated, only 36% of SMBs expect to be willing or able to increase their cybersecurity budget in FY2019.  These numbers point to a chilling existential risk to the survival of SMBs that rely on access to their data.

The Securities and Exchange Commission (SEC)’s Public Statement plainly states:

Cybersecurity is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses. The reason is simple: small and midsize businesses (“SMBs”) are not just targets of cybercrime, they are its principal target. In fact, the majority of all targeted cyberattacks last year were directed at SMBs.

Why Are SMBs Being Targeted?

The same SEC Public Statement also indicates that many SMBs cannot handle a cyberattack effectively on their own.  A survey in the same report indicated that as many as 27% of SMBs have no cybersecurity protocols at all, and as many as 60% of them did not respond to a cyberattack correctly.  These conditions are exactly what a cybercriminal or malicious actor needs to continue perpetrating their attacks.

The question of “why” SMBs are being targeted at such high rates is easy to define.  It’s much harder to change the characteristics that make SMBs a high-priority target.  However, one thing is certain: money is a primary motivator for cyber adversaries. Cybercriminals are either trying to steal the SMB’s money directly, or they’re looking for data that they can sell for a profit on the black market.

Whether the discussion about how to assist SMBs in their cyber defense is about training, education, tools, skilled employees, around-the-clock monitoring, or using the most up-to-date technology to mitigate threats and vulnerabilities, the sticking point is always about the budget, the financials, and the overall impact on the business plan.

Managed Solutions for SMB Cybersecurity

Some SMBs will attempt to “go it alone.”  According to a report from Trustwave and Osterman Research, in 2014 SMBs spent $156 per user on security solutions (software, hardware, services and other technology), compared to $72 for enterprises.  Of this spend, only about 19% was dedicated to managed or cloud services.

The conclusion of this report indicates that security solutions for SMBs are often too expensive to purchase outright, which is why Managed Service Providers (MSPs) have been a financial relief to them.  Investments in inclusive infrastructure solutions, software solutions, computing solutions, or expert staff are cost-prohibitive for most SMBs.  MSPs provide these solutions at a fraction of the cost.  MSPs have the knowledge to monitor for, assess, analyze, report on, mitigate, and remediate cybersecurity threats and vulnerabilities for many customers at once, without having to undertake the onerous financial burden that an SMB would undoubtedly face on its own.

Some of the solutions a Managed Services Provider can offer include:

  1. Triage – Underskilled and undertrained IT staff face an insurmountable task when looking at the sheer quantity of passive and active attempts to infiltrate a network or device. Every SMB has specific data that is important to its business plan, and has unique and proprietary systems that require protection.  Additionally, there are often industry standards, regulatory compliance requirements and customer data protections that dictate what can or can’t be done.  MSPs can implement prioritization techniques that analyze the severity of attack attempts and appropriately implement policies that thwart them.
  2. Automation – MSPs can purchase more state-of-the-art tools and appliances, allowing them to implement automated tasks and alerting. This gives MSPs an advantage that many SMBs cannot afford to implement.  A streamlined and automated workflow of alerting, reporting, mitigating, or even remediation can result in large financial savings rather than waiting on a human being to perform the same tasks.
  3. Education and Training – Cybersecurity training and education is a never-ending task. MSP security analysts and engineers undergo constant training on tools and appliances, and they continue to accumulate security certifications in quantities that SMBs would likely never be able to afford.  Additionally, MSPs can provide user training to inform their customers of the dangers in the cybersecurity landscape.  Some of these dangers include opening unknown emails, clicking unknown ads, implementing poor passwords, connecting to unsecured WiFi networks, and browsing dangerous websites.
  4. Up-to-Date Technology MSPs have the budget and the business plans to purchase high-quality products from specialized vendors in the cybersecurity space. As a result, MSPs can offer SMBs a top-grade solution that would otherwise be unattainable for them.  Next-generation firewalls, backup and recovery, endpoint detection and reporting are all tools that are now available to SMBs through MSPs at a fraction of the cost of implementation.

By working with an MSP, your business can reduce the costs of downtime and business interruption, while spending less on salaries and minimizing turnover. You’ll also save on related costs like training, education, and specialized equipment and services which come with the MSP’s extensive in-house teams.

Ready to see how TPx can help you stay protected while cutting costs? Talk to a TPx specialist today.


About the Author

Adam Weber leads the development of TPx’s security product offerings. He has more than 15 years of experience in security and cybersecurity, both in the public and private sectors. He is a 12-year U.S. Army veteran in communications and was deployed to two combat zones. He has also worked with U.S. government agencies like U.S. Transcom (U.S. Military Transportation Command), DISA (Defense Information Systems Agency), and NGA (National Geospatial Agency). In his spare time, he is a computer and technology hobbyist who enjoys building his own networks, servers, labs, and security infrastructure. Adam holds an MBA from McKendree University and CISSP, CASP, CEH, and Security+ certifications.


5 Common Backup Mistakes Businesses Make

Imagine that you’ve suffered a data loss or system failure. How would you feel? Many business executives and IT professionals can tell you that only a few things compare to that sinking feeling you get when you realize it’s time to restore from backup – because very few are really prepared.

While many SMBs say “we already have a backup solution,” the harsh reality is that most are not adequately prepared for a disaster. In fact, according to Small Business Trends, 58% of SMBs are not prepared for a data loss at all.

Through consulting with SMBs around the country and across many different industries over the past 25 years, I can attest to the fact that by the time they find this out, it’s too late.  Data loss due to security breaches, system failures, human error, or natural disasters can have devastating effects on a small business.  While it’s true that establishing an appropriate backup and disaster recovery solution takes some effort, it doesn’t have to be an overwhelming burden. It is well worth the time and investment to ensure that your business avoids the significant problems that can arise if you are not properly protecting your systems and data against loss.

Not sure where to start?  Let’s look at some of the common mistakes organizations make regarding their existing backup solutions.  If you find out you’re making them too, it’s time to up your backup and disaster recovery (BDR) game.

Mistake #1: Not understanding your business objectives

Performing a Business Impact Analysis (BIA) can help you understand your Recovery Time Objective (RTO) and Recovery Point Objective (RPO) so you can invest in the right BDR solution. Confused?  Let’s translate this tech lingo into “plain English.”

The first step in evaluating any BDR solution is to understand the impact that system failures or data loss can have on your business.  Ask yourself these three questions:

  1. What data do I need to protect?
    Do you have mission-critical data such as customer records, inventory, or accounting information?  Identify where this data is stored and which systems run the apps that use it.
  2. How much data can I afford to lose in the event of a failure?
    This is your RPO.  If you lost your sales transaction records, shipping data or case files that were created or updated over the last hour, how would that impact your business? What if you lost that data for a whole day, or even a week?
  3. How long can I afford to be down in the event of a failure?
    This is your RTO.  If you couldn’t process sales transactions, access inventory or get that important RFP delivered on time, how much would your business suffer?  Would you lose revenue? Customers? Reputation?

Ask yourself these three questions, and use the answers to establish your goals (for example, “I need this system back up and running in 4 hours” or “I cannot lose more than 2 hours of this data”). Then you should be able to understand whether your existing BDR solution allows you to meet these goals.  Don’t guess – know – how much time and how many resources it would take to restore a file, a database, and a complete server.

Mistake #2: Focusing on the backup, not the recovery

It’s called backup and disaster recovery for a reason.  Yes, your data is important and you need to have it backed up.  However, the real value is when the data is available to you so that you can run your business.  That means you need to be able to quickly and efficiently restore failed systems and lost data to truly meet the business goals you’ve established in your Business Impact Analysis.  With many traditional onsite or cloud-only backup solutions, restore time may take many hours or even days. Make sure your solution isn’t one of them.

Consider this example:  Your main application server experiences a hardware failure and crashes.  You contact the manufacturer, who will be there the next business day with the parts to get the server back up and running.  Let’s presume the work is completed by midday the day after the failure. Now you must restore the operating system, the application files, and all the data on to that server before you can conduct business again.  You are in for at least another several hours of time to complete this.  At this point, you’ve been down for at least 2 days. Does that meet the business goals you established earlier?  Today’s backup solutions offer advanced technology and capabilities that can get you back to business within minutes or hours, instead of days – which can translate to thousands of dollars in savings.

Mistake #3: Not protecting data offsite

Protecting your data onsite is a must, right?  This makes for faster and more efficient restores of files, folders, and even complete systems.  But what would happen if your entire site were impacted by a fire, flood, or other disaster?  If your production systems and your backup data are in the same location, you could lose everything!  Modern BDR solutions deliver automatic and secure replication of data, and in some cases complete system images, to the cloud.  This ensures that your data and systems are available when you are ready to get back to work.

Mistake #4: Not actively managing your backup

Merely deploying a great BDR solution does not ensure that your business is protected over time.  Backup jobs fail.  Data, systems, and applications change. An effective BDR solution requires focused attention from skilled resources to configure backup jobs as needs change, monitor backup job success, resolve failures, and maintain the technology.  This is a challenge for all businesses, but especially SMBs, who typically have limited IT resources. If these important functions are not addressed consistently, it can lead to failed or corrupted backups, missing backups, or other issues that can prevent you from restoring the data that you need.  To solve this challenge, many SMBs are looking to outsource backup and disaster recovery to a Managed Service Provider (MSP) like TPx.

Mistake #5: Not testing restores

As I mentioned earlier, the majority of SMBs are not prepared for data loss – they only figure this out after a disaster hits and they cannot successfully restore their data.  You can alleviate this concern by testing your backups ahead of time to ensure that they are recoverable.  Unfortunately, fully testing backups can be a complex and expensive endeavor, which is why SMBs very rarely perform regular testing.  Today’s leading backup and disaster recovery solutions address this issue by leveraging advanced technologies such as screenshot verification, which automatically boots up a backup copy of a protected server as a virtual machine on the backup appliance and takes a picture of that login screen so you know the server can be restored.  That’s great peace of mind for any business executive to have!

Ensuring your business has an appropriate backup and disaster recovery solution in place should be at the top of your to-do list.  Avoid these common mistakes and seek the advice of an experienced provider like TPx to help you get there.


About the Author

Joe Royer is the Product Manager for IT/Cloud services at TPx. He has 25 years of industry experience in sales, consulting, and product management for several leading MSPs.


Cybersecurity trends in 2019

In today’s business landscape, it’s not a matter of if you’ll be hacked, but when. Cyber adversaries are using more sophisticated methods and attacks are becoming more commonplace. With our greater dependence on technology, it is unlikely that we’ll see this trend reverse anytime soon. More companies are starting to realize that cybersecurity prevention is not optional – are you?

While no protection can ever be foolproof – as we know from the legions of breaches and hacks in the headlines – preparation and risk management are still key. Businesses need to not only think about strengthening their defenses via security policies, controls, people and processes, but also figure out how to minimize exposure and damage control in the aftermath of a cyberattack.

It’s against this backdrop that we can see five major trends in cybersecurity forming for 2019.

1. Increased Awareness and Spending, Including by SMBs

Given the volume of cyberattacks that the average company faces, organizations are carving out ever-larger portions of their budgets to devote to cybersecurity. In fact, Cybersecurity Ventures predicts that global spending on cybersecurity products and services will exceed $1 trillion cumulatively by 2021.

SMBs are no exception to this, despite being more resource-constrained than other business segments. They’re taking it seriously, and putting aside more budget than ever before to address security.

2. The Cyber Workforce Shortage Will Only Get Worse

With cyber threats on the rise, it also increases the demand for the experts who can deal with them.

There’s a significant cybersecurity workforce shortage in the United States, and it looks like it’s going to get worse over the next few years. According to CompTIA’s Assessing the Skills Gap report, nearly half of companies say the IT skills gap has grown in scope and depth over the past two years. And on a more quantified basis, the Center for Cyber Safety and Education says that there will be a projected 1.8 million unfilled positions by 2022, which is an increase of 20 percent in just two years.

3. Good and Bad Guys Will Make Greater Use of AI

Artificial intelligence (AI) and machine learning are increasingly being deployed to better pick out anomalies amongst behavioral norms and spot potential attacks faster. The system takes some time to observe the environment and determine what normal behavior is, then establishes a baseline – so that it can pick up on deviations from the norm by applying algorithmic knowledge to a data set.

This can have big implications for security personnel, especially for SMBs. All too often, companies simply don’t have the resources to search through the haystack of anomalies for the proverbial malicious needle.

However, there are also downsides to the emergence of AI. For one, the technology has been leveraged by cybercriminals to do things like scan for open and vulnerable ports. It has also been used to automatically generate emails that have the exact tone and voice of the company’s CEO, learned over time by 24×7 eavesdropping. In the not-too-distant future, cyber-drones could emerge to attack other machines. This may all sound like science fiction, but it’s happening right now and will continue to evolve in the near future.

4. We’ll See More Fileless Attacks

In a disturbing trend, fileless malware attacks rose 94 percent between January and June 2018. It now represents 42 out of every 1,000 attacks on computers, according to recent analysis of 2018 data.

As the name suggests, fileless malware infects computers without leaving any files on the local hard drive, which in turn makes it harder for traditional antivirus solutions to notice it. Typical fileless attacks exploit vulnerabilities in browsers or use phishing to entice a victim to click on an attachment. When it’s executed, the code runs in the computer’s memory and uses the programs already on the system to carry out its dirty work.

5. Managed IT Services Are On the Rise

With so many proliferating attacks, the managed IT services market is taking off. It’s expected to be worth $257 billion by 2022.

Services like managed endpoint security can ensure that patches and updates are always installed, and can provide integrated anti-malware and anti-virus technology. Managed security can also include firewalls and intrusion detection, with 24×7 monitoring, and troubleshooting and repair.

For SMBs in particular, managed IT services can provide the answer to a lack of in-house personnel and budget. Managed services give them their own cybersecurity department in a cost-effective, pay-as-you-go model – and those services are always up-to-date to address the latest threats.

SMBs are realizing that they can’t go it alone as the escalating risk of cyberattacks tops the agenda. Attacks are getting more complex, and the number of attacks is growing – and so is the skills gap for cybersecurity staff.

With 2018 coming to an end, a good business resolution would be to put your cybersecurity matters in order so you can avoid unpleasant surprises in 2019. TPx has a full range of state-of-the-art cybersecurity protections and mitigation services, all offered on a cost-effective, managed basis. Request a free consultation today to find out how we help you navigate the always-evolving threat landscape.


About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.


10 Things SMBs Need to Know About Cybersecurity

Remember the time when we didn’t have an Internet? Now most of us can’t imagine living without it. But along with that wealth of information at our fingertips comes an abundance of cyber threats that now looms over every business today. SMBs are especially vulnerable, so knowing the basics of cybersecurity is a must for every small business owner.

Here are 10 things every SMB should know about cybersecurity:

1. There are many attacks you need to watch out for

The most common attack method for cyber adversaries remains an email. Cybercriminals have come a long way with their email skills. We’re well past the days of the annoying male performance enhancement emails and the ever-humorous Nigerian prince scams. These days, you’re more likely to receive very believable and sophisticated emails that seem to come from trustworthy sources, like your bank or UPS – but they contain attachments that will place malware on your system in seconds.  These general phishing emails are getting trickier to spot, and as a result it’s not uncommon to get malware on your systems by email spoofing and customized spear-phishing campaigns.

Beyond emails, companies also should be concerned about websites that appear to be legitimate but have embedded malicious code to infect your computer.  An interesting New York Times article described one example of this type of attack: “Unable to breach the computer network at a big oil company, hackers infected with malware the online menu of a Chinese restaurant that was popular with employees. When the workers browsed the menu, they inadvertently downloaded code that gave the attackers a foothold in the business’s vast computer network.”

Of course, there are other attack methods including physical removable media (like USB drives), hacking public facing websites, and the ever-popular remote desktop.  The threats are all around us and the situation will worsen as the number of people online continues to increase.  By 2020, Microsoft estimates that:

2. Small businesses are the primary target of cybercriminals

We often hear about the major breaches in the news.  It started with Target and has continued with a string of high-profile hacks: Facebook, Home Depot, Yahoo, Sony, Experian, Anthem and Equifax.  The problem with all the high-profile cases is that it often masks the real target of cybercriminals, which are small businesses.  In last year’s Manta poll of 1,420 small business owners, 87% didn’t think their business was at risk of experiencing a data breach, because they didn’t think they had anything worth stealing.  Do NOT make the same mistake. Last year more than 55% of small businesses were hacked.  In fact, the Securities and Exchange Commission wrote in a 2015 report, “Cybersecurity is clearly a concern that the entire business community shares, but it represents an especially pernicious threat to smaller businesses. The reason is simple: small and midsize businesses (‘SMBs‘) are not just targets of cybercrime, they are its principal target.”  Why is that?  Well, first of all, SMBs have more computers than individuals but less security than large enterprises.  The other reason small businesses are appealing targets is that hackers know these companies are less careful about security, partly because they don’t think they are at risk.  SMBs also generally lack the time, budget, and expertise to properly address network security.

3. Security is getting more expensive and difficult to manage

As attacks grow in size and complexity, it is hard for SMBs to keep up.  Only a third of organizations believe they have adequate resources to manage security effectively, assuming they can afford the systems in the first place.  Then they have to worry about hiring people to manage these systems and watch for compromises.  This is no easy task given that there is a 0% unemployment rate in the cybersecurity field.

Adding to the challenge is the fact that organizations now have an average of seven different agents installed on endpoints, each requiring its own monitoring and expertise along with a constant stream of software updates.  Simply put, the majority of organizations feel like they’re underwater when it comes to cybersecurity.

4. Who is behind cyberattacks and what are they after?

The days of single individuals in hoodies trying to hack you are long over.  How long did it take for Matthew Broderick’s character in the movie War Games to figure out the password was “Joshua” anyway?  Today, well-organized crime syndicates are responsible for much of the cybercrime.  Sure, there are hacktivists and nation state actors and the like, but the real threat are the crime organizations.  Why are they so interested in cybercrime?  The same reason why a robber robs a bank – because that’s where the money is!  If the end goal of a cyberattack isn’t to directly steal money (which they can do by stealing credentials to access banking accounts), it’s to steal employee details or customer data (including credit card information or social security numbers) which they can quickly turn around and sell on the dark web.  Did you know the cyber adversaries can also take over your computer and use it to mine for crypto currency, all without you knowing it?  Cyber-crime pays, and it pays handsomely.  In fact, it pays so much that criminals are incentivized to constantly invest in developing new ways to infiltrate data-rich environments.  There are 111 billion lines of new software code being produced each year — which introduces a massive number of vulnerabilities that can be exploited – and cybercriminals want to be the ones to exploit them for their financial gain.

5. The most common types of cyberattacks are…

While the threat landscape is constantly changing, it is important to understand the most common types of attacks out there right now.

6. The cost of a network breach continues to go up

While the number of data breaches have gone up recently, the costs associated with them have also risen significantly over the past two years. For small and medium businesses, the average financial impact of a data breach now stands at $120k for SMBs, a 36% increase from 2017.  What makes these breaches so costly?  There are many factors that play a contributing role, including downtime when compromised devices are taken offline, theft of data, productivity loss, damage to infrastructure, lawsuits and fines, and reputation damage.  All of these factors can add up to devastating consequences that go far beyond the initial compromise.  In fact, 60% of small businesses go out of business within 6 months of an attack.

7. Prevention is cheaper than the cure

Another reason why SMBs are not properly securing their networks and data is the perception that security is too costly.  More than half of businesses cite cost as a reason why they aren’t doing more for their security.  When you look at the costs of a breach and compare it to the costs of protecting data and networks, it is clear that prevention is cheaper than remediation.  Most companies that suffer a large-scale breach end up paying thousands, sometimes even millions of dollars to fix all the damage – and monetary damage is not the only thing to repair. A damaged reputation can put a company out of business just as easily. The Benjamin Franklin axiom thus holds true here: an ounce of prevention is worth a pound of cure.

8. Network security requires a comprehensive approach

When trying to protect your data and networks, it is important to know where your key assets are.  Since price is a concern for businesses, knowing where the sensitive data is can help companies focus their limited resources where they are needed most.  A perimeter firewall is a must-have for any business seeking to secure their network, along with an anti-virus solution on their endpoints.  Email is another important asset that needs to be protected.  These three areas make up what I like to call the “security trinity.”  Beyond that, businesses should look to encrypt their sensitive data in case there is a breach.  Also, two-factor authentication is a great way to combat brute-force password attacks and confirm identities on the network.  Because threats are constantly changing, regular patching of systems and computers is necessary to limit vulnerabilities.  Finally, a backup solution can ensure that whatever may happen on the network, critical data and systems remain accessible at all times and avoid that costly downtime.

There are also some approaches that can help protect data that don’t necessarily cost businesses any money.  The most important thing anyone can do is to use strong passwords.  Companies that enforce a strong password policy will be better protected than those who don’t.  Along with passwords, companies can restrict access to sensitive data and systems to only those who need access.  This can also be done with permissions, but because we know that credentials can be stolen, it is often more important to use access control lists to restrict even the ability to get a log in prompt.  Systems should not be reachable via the public Internet whenever possible.  Network segmentation is another way to restrict access and will also help reduce lateral movement in case there is a compromise.  Most importantly, businesses need to educate their employees on security.  The human factor is by far the greatest factor when it comes to breaches, and it is best dealt with through education.

9. Security is not a set-it and forget-it type of thing

Network security threats are constantly evolving, and businesses need to transform their security along with it.  If what was true 5 years ago still applies today, now there are at least ten times more things to worry about.  One of the most significant trends we’ve seen in 2017 and 2018 is the ongoing shift to fileless attacks.  This type of attack doesn’t install new software on a user’s computer, so antivirus tools are more likely to miss them.  In 2017 over 40% of US businesses were compromised due to fileless attacks and exploits. To address the rise of fileless attacks, many businesses are looking to augment their traditional anti-virus solutions with an Endpoint Detection and Response (EDR) solution, which looks at the processes running on a computer to determine if something malicious is happening.  Businesses also need to update their old firewalls with more robust Next Generation Firewalls (NGFW) that can more easily adapt to changing threats.

Just remember – you simply can’t just implement security and forget about it.  In the cybersecurity industry, things change rapidly and businesses need to change too.  You need to review and modify firewall policies, patch your systems and update permission lists regularly and often.  You also need to constantly evaluate your endpoint protection to ensure it is meeting current threats.

10. There’s no silver bullet to security

In the end, every business needs to understand that there is no silver bullet when it comes to cybersecurity.  No single system or approach can fully protect a network, and even the most secured networks may be compromised.  If an attack does happen, it helps to detect it as soon as possible so the damage can be minimized.  The compromised host may not be where the sensitive data is, so you’ll need to stop the intrusion before it can get there.

It is important that businesses are prepared in case there is a breach.  Visibility and logging of network traffic can go a long way in helping to get ahead of the problem when it does occur, but this means nothing unless there is someone watching the logs or monitoring the network.  The famous breach against Target triggered alerts that a breach had occurred, but no one acted on it. As we move forward, we are likely going to see the rise of cyber insurance as another means for businesses to augment their security.

If all of this sounds pretty bleak, don’t despair – there is good news.  All of this has led to the development of more robust security offerings as a service.  Even better news is that a Managed Service Provider (MSP) can help you handle your security needs for less than if you were to do it all by yourself.  TPx has invested in state-of-the-art technologies and seasoned security professionals who help thousands of clients nationwide with cybersecurity. You have enough to worry about – let TPx deal with your security challenges so you can focus on your core competencies and grow your business. Request a free consultation today.


About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.


Want to learn more? Here’s a video with 10 more things you should know about cybersecurity.