09 MarNews

Microsoft, Ukraine, and the Future of Cybersecurity Amidst Global Conflict

Last Wednesday, Microsoft’s Threat Intelligence Center alarms blazed as a never-before-seen piece of malware appeared aimed at Ukraine’s government ministries and financial institutions. Amazingly, Microsoft was able to update its virus detection systems and were updated to block the malicious code which was built to ‘wipe’ data on computers in a network.

Why this matters?

Typically tech giants do not involve themselves in global disputes or conflicts, however, Microsoft was asked by European nations to provide tthe updated code to prevent the malware attacks so that Ukrainian and other Baltic regions would be safe from Russian cyberattacks. This is a significant boundary to cross as Washington for years has discussed the need for public/private partnerships to thwart destructive cyberattacks.

What Microsoft has to say.

Brad Smith, Microsoft’s president had this to say about the recent attacks, which highlight the change in tone from what is a normally a neutral response to global, political matters: “We are a company and not a government or a country.” “[Yet] These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack. But we remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises. These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them. We have also advised the Ukrainian government about recent cyber efforts to steal a wide range of data, including health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets.

How will this impact the future of IT?

Cyberwarefare has been around since the Cold War, but there have been no regulations within the Geneva Convention over who can be targeted. The recent attacks on Ukrainian insitutions like their emergency response systems, humanitarian efforts and agricultural program raise serious concerns.

Conclusion

Cybersecurity will continue to be extremely important during both war and peace time, but the recent events surrounding the cyberattacks on Ukraine will begin to muddle the future for how tech giants position themselves during global conflict. We could very likely see private companies play a pivotal role in conflict, similar to how Ford Motor Company provided Humvees during World War 2.

02 MarBlogNews

Compulink now listed on Poly OGS Contract PM69215

Compulink Technologies is proud to announce that we are now listed to the Poly OGS contract (NY PM69215). The Compulink-Poly duo has successfully enabled NY SLED Agencies to empower and upgrade their video conferencing and telecommunications infrastructure with Poly’s advanced hardware solutions.

As work-from-home and hybrid work become more relevant, it’s become crucial for businesses to provide their employees with powerful video-conferencing equipment, headsets and web cameras that allow them to stay focused and communicate effectively with team members

Poly is one of the leading manufacturers of voice and video solutions and they have been leading the front to help organizations ‘unleash the power of team collaboration.’

Compulink and Poly share the same vision of providing flexible, advanced solutions to businesses to prepare them for the influx of digital transformation for hybrid and remote workers.

23 FebNews

IT Strategies for Cloud

Scott Sinclair wants to debunk two myths associated with cloud computing. The first is that cloud is a zero-sum game in which apps that once ran in the data center are simply relocated to the public cloud, says Sinclair, senior analyst at market research outfit Enterprise Strategy Group (ESG). The second is the idea that eventually all applications will run in the cloud, and data centers will be phased out.

IT strategies for hybrid cloud

“Digital demands are increasing so much that, no matter how fast the cloud is growing, people are still investing in their data centers,” Sinclair says. In ESG’s latest research on data infrastructure trends, respondents report the average expected growth rate for data in the public cloud was a staggering 39% year over year. But that doesn’t mean that the amount of data stored on-premises is declining. In fact, the estimated growth rate for data centers is comparable—35% year over year.

“If we think about a large modern enterprise, we may have two, three, four data centers; three, four, five public cloud providers; dozens, if not hundreds of edge locations,” says Sinclair. “And we have data moving and apps moving everywhere all the time.”

For example, the London Stock Exchange Group has dozens of data centers, hundreds of applications, and a presence in Amazon Web Services, Google Cloud, and Microsoft Azure, according to Nikolay Plaunov. He’s a director and technologist in the infrastructure and cloud division of LSEG, the diversified company that runs the stock exchange and also provides data-based financial services. Its portfolio includes virtualized applications running on-premises, containerized apps running in the cloud, and legacy apps running on mainframes.

“What is really hitting people today, versus probably five or 10 years ago, is this idea of, ‘I have these things in my data center, and I have these things I’ve moved to the public cloud and I need to manage a lot more things,’” adds Sinclair. “Now, I’m living in a world where not only do I have to manage a lot more things, but I am constantly dealing with data and apps moving in all directions.”

One of the most significant effects of the 2020 coronavirus pandemic from an information technology (IT) perspective has been the sudden, unplanned migration of applications to the cloud, as organizations moved quickly to accommodate remote workers and the surge of online shoppers. Today, companies find themselves with one foot in the cloud and the other still in the on-premises world, facing significant challenges in terms of how to manage this mixed IT environment, how to secure it, and how to keep costs under control.

A hybrid cloud IT infrastructure, in which resources are distributed across on-premises, private cloud, and public cloud environments, enables companies to accelerate time to market, spur innovation, and increase the efficiency of business processes. And companies are keen on its promises: more than a third (37%) say hybrid is an investment priority over the next year and a half, according to a 2021 ESG survey of 372 IT professionals.

But the complexity of managing a hybrid cloud presents challenges that can bedevil chief information officers, including compatibility with legacy equipment, cybersecurity concerns, and cost issues associated with moving data and managing data access.

To successfully manage a hybrid cloud environment, organizations need a specially designed hybrid cloud management plan that includes the right tools and strategies. These approaches can be as varied as the types of businesses out there, but some guidelines apply across industries—the need for a central control plane, for example, using automation to manage IT operations, and transitioning from managing infrastructure to managing service-level agreements with vendors.

It all starts with applications

Russell Skingsley, chief technology officer for digital infrastructure at Hitachi Vantara, says most customers started their cloud journeys with somewhat unrealistic expectations. They initially believed that all apps would eventually end up in the cloud.

What they’re finding is “there are things we can move, there are things we might move, and there are things we definitely can’t move,” Skingsley says.

Sinclair adds that while the rising tide is certainly lifting enterprise apps from the data center to the public cloud, there’s a countercurrent in which organizations are moving some applications from the cloud back to the data center. Some of the reasons cited by organizations speak to the complexity of hybrid cloud management: these include data sensitivity, performance, and availability requirements.

To effectively move applications to the public cloud, organizations need to set up a systematic methodology, almost a factory-style assembly line that analyzes each application in its portfolio and then decides which ones to “lift and shift” as-is to the cloud, which ones to re-factor or rewrite to take full advantage of the cloud, and which to keep on-premises.

The first step is conducting an inventory of the application portfolio. This can help organizations eliminate duplication and identify apps that no longer serve a business purpose and can be de-commissioned. The next step is to analyze applications through the lens of business outcomes. Then, organizations need to make decisions based on factors like time, risk, cost, and value.

At London Stock Exchange Group, Plaunov is constantly balancing cost with business criticality. Every application is different and requires its own specific calculation. “I’ve seen several applications that were lifted and shifted to the cloud, and in some cases, it’s relatively simple to optimize them and to optimize their costs.” In other cases, it can be expensive to convert a monolithic app to the public cloud because it entails breaking the app into smaller components.

This article was created and originally published on Technologyreview.com

Click here to Read the full article

17 FebBlog

What Are NFTs?

What are NFT’s?

“Right click, save as.”

NFT’s have exploded into the pop-culture lexicon over the past year. In fact, Meriam Webster’s dictionary named it the most popular word of 2021, but just what exactly makes these digital pictures unique from other jpegs, and why are they going for millions of dollars and being adopted by some of the world’s biggest celebrities, athletes and influencers?

The Blockchain

NFT’s exist on what’s called a ‘blockchain.’ There are several types of blockchains that are composed of different cryptocurrencies (like Bitcoin), the most popular of which is the Ethereum blockchain. These blockchains record transaction information on a ledger and help identify the owner of a particular NFT, basically like a digital receipt.

What’s an NFT

NFT stands for ‘Non-fungible token’ which means that more or less whatever NFT you possess is completely unique and cannot be replaced or replicated by anything else. NFTs are basically jpegs with transaction ID’s that point to the owner. Sure, you can “right click save-as” to save an NFT to your computer and use it as your profile picture, but that digital receipt on the blockchain will always point back to the original owner.

So why the heck are these pictures so valuable, what gives?

It really comes down to what people perceive the value of an NFT to be, just like any other piece of art. However, there are a lot more variables that go into what the value of an NFT can go for other than just its art design like its utility.

What does the future of NFTs hold?

The future of NFTs is fascinating. You will probably see tickets for events become completely digitized as NFTs in the next few years. It sounds crazy, but almost anything could be an NFT in the future, from car titles, to album covers to plots of physical land.

WAGMI or Rug Pull?

The current landscape of NFTs is murky. There are countless scams, or “rugpulls,” where users are swindled out of their money. NFTs have been compared to Ponzi schemes, and critics also argue that they are bad for the environment and are used for money-laundering schemes.

Like many recent web3 developments, at its core, NFTs give power back to the people. Underpaid graphic artists can become overnight millionaires and same with savvy investors. Ultimately, NFTs are like any other investment, and like any investment, people need to be prepared to only spend whatever they are willing to risk and to do their own research. Like the early days of the Internet, NFTs are in the ‘wild-west’ phase- there are very few regulations, and little understanding; but like the wild west, the opportunistic may strike gold… or lose it all trying.

03 FebBlog

What is Web3?

What is Web3

By now you may have heard the term web3 thrown around. But what exactly is it? To get to the bottom of this question, we first need to do a quick history lesson to understand.

The first iteration of the Internet was known as web1 and was the beginning period of the Internet, where people could access information, but could not interact with the content. This early phase of the Internet comprised when URL’s and homepages were being created and laid the foundations for the next phase of the world wide web.

Web2 arrived next and in the form of of customizable content and social media platforms and blogs. Now, Internet users could “read and write” (referencing the computer code that this was built on) content as well as pull files instead of just viewing them on a static page. Once the majority of the general public understood and adopted mainstream social media platforms like Facebook, content sharing took off to new heights. Public sentiment around these platforms has soured in the last few years, and people are wary of how these tech titans are harvesting their data and information. Facebook in particular was fined over $5 billion by the FCC for their role in breaching data privacy roles, and there is a growing sentiment amongst the public that they do not actually have control over their data and content.

Enter Web3

This is where web3 enters the conversation. Web3 is considered the read/write/own phase of the Internet. “Rather than just using free tech platforms in exchange for our data, users can participate in the governance and operation of the protocols themselves. This means people can become participants and shareholders, not just customers or products. [source]”

In web3, users aren’t just consumers, they are contributors and investors, thus allowing a larger portion of the population to be able to take control of things, rather than the major tech corporations that are currently the majority power. “Web 3 makes the proliferation of cooperative governance structures for once-centralized products possible. Anything at all can be tokenized, whether it’s a meme, a piece of art, a person’s social media output or tickets to Gary Vee’s conferences. [source]”

While web3 sounds like a positive development, because in theory it gives power back to the people, others argue that this is a false narrative that is great in theory, but does not actually hold up to its standards. Former Twitter CEO, Jack Dorsey, made headlines when he said that the blockchain networks are “decentralization theatre,” stating that only a few key people actually hold the power and control over the hundreds of millions of dollars.

While these criticisms are somewhat valid, web3 has the tremendous potential to bring power to the masses. Whether or not this will actually happen remains to be seen. At one point, social media was only used by a small majority of early adopters, but in time it became mainstream to all generations. Expect web3 to follow a similar trajectory.

28 JanBlog

Best IT Procurement Practices

What is IT Procurement?

IT procurement is the process of sourcing and acquiring information technology assets to drive your business or organizational operations. IT procurement can include hardware and software products as well as IT services, such as cloud services, cyber security services, as well as strategic and administrative responsibilities.

The objective of any IT procurement strategy is to fulfill your organization or business’ needs, getting the maximum value out of your spending as well as protecting you from many different forms of risks (e.g. regulatory, cyber security, etc).

A recent Deloitte survey of Chief Procurement Officers (CPO) in 36 countries says as many as 79% of CPOs are focused on achieving cost reduction in their IT procurement strategies.

To achieve that, CPOs must undertake the following tasks through their IT procurement work:

issuing requests-for-proposals (RFP),
requests-for-information (RFI),
leveraging partnerships with IT industry original equipment manufacturers (OEM),
researching options on the market,
negotiating with OEMs on pricing and support,
and managing internal stakeholders.

Top 4 Business Priorities for CPOs graphics

Every business and organization is different. You must factor in company/organizational size, your industry, unique regulatory and compliance requirements and other factors. Each business must manage their IT procurement in a way that fulfills its needs and respects its constraints.

This reality is felt across the IT hardware (e.g. devices, routers, servers), software (e.g. apps or licensed software) and services (e.g. cloud) you could procure.

Thus, a correctly designed and implemented IT procurement effort is vital to maximizing the value of your spending. The failure to do so will be felt beyond just your IT, but in your business or organization’s core activities.

We review the industry’s best practices for IT procurement. We also examine how you could benefit from IT procurement and overcome its challenges.

IT Procurement Best Practices

IT procurement specialists must strike a balance between cost savings and meeting organizational needs. Below is a list of goals that they seek to achieve during the process.

1. Acquire Technology That Aligns With Organizational Needs

All too often, technology purchases are made in the hope that the cost value will be worth the trouble of the organization having to adapt to the equipment.

In fact, the reverse is true; the acquired technology should be strategically procured so that it fits in with and supports business goals. Having to engineer workarounds and modify your IT environment — or larger processes or workflows — can lead to both inefficiencies and integration problems.

2. Forming Strategic Relationships

Forging a close relationship with specific vendors and/or IT providers offer numerous advantages to the IT procurement process. Not only will this result in cost savings by leveraging economies of scale and established logistical practices, but the right provider can also help to:

Resolve adoption problems more efficiently
Eliminates rogue buying and integrates with existing ERP systems like SAP, PeopleSoft, Oracle, and more
Allow for the establishment of service level standards and agreements
Create a framework for both parties to work together to improve the relationship

3. Involve Stakeholders

As part of a strategic sourcing process that attempts to glean as much information as possible before making a purchase decision. It’s important that all relevant stakeholders are involved in the IT procurement process.

This will allow your procurement personnel to understand the organizational needs, budget, and how all the intended acquisitions will impact operations.

4. Minimize Risk

All asset acquisitions come with an element of inherent risk — and IT is no different. From technology that fails to support the company’s needs to potential financial or compliance issues down the road, a procurement specialist will work with risk mitigation and security in mind.

Some of these practices include:

Conducting a full risk analysis
Determining the probability of financial losses
Roadmapping, planning for future projects, and implementing plans to reduce their impact

5. Acquire Assets With an Eye Toward The Future

Many organizations seek to lower their capital acquisition costs and therefore make purchasing decisions based on short-term needs and upfront price.

However, top companies choose to look at total cost of ownership when making acquisitions.

Instead of getting quotes from vendors, today’s IT procurement specialists, like those at Insight, will identify how much the technology will cost to operate and eventually dispose of; ensuring that the most cost-effective option is selected that will pay dividends over its lifespan.

Understand Your IT Infrastructure

Before approaching IT procurement, we must review the benefits and difficulties your company likely faces in managing its IT infrastructure. This is an important discussion because, ultimately, your IT procurement efforts are aimed at improving the effectiveness of your IT infrastructure.

Your IT infrastructure certainly includes at least two of these three core components: hardware, software and services. For most, hardware and software are a given (e.g. word processing from a laptop).

In today’s environment, IT infrastructures include more than simply computers and productivity applications. You also have networking infrastructure connecting your company to the web and internally between different computers, printers and on-premise servers.

Likewise, your productivity suite includes email which could be based on Exchange, Google or a proprietary suite as well as customer relationship management (CRM) and other apps.

It is when these systems age and lose relevance (with current as well as emerging trends and behaviours) that IT procurement becomes an issue.

Factors such as current hardware and/or software falling out of compliance, not having the right features, higher cost-of-ownership and others make IT procurement key.

The Difference Between Hardware and Software Procurement

What is Hardware Procurement?

In terms of hardware, your IT procurement efforts may focus on replacing aging laptops and/or workstations, routers, printers, mobile devices and in case of in-house or on-premise hosting servers.

What is Software Procurement?

Software procurement can include renewing licenses for productivity applications, e.g. Microsoft Office, Adobe Creative Suite, Citrix, etc. Instead of software-as-a-service (SaaS) solutions, you may also look to build custom applications. In-house development would also be procurement.

Your IT procurement process must fulfill your operational requirements. However, they must follow your compliance standards, meet your cyber security needs and drive strategic business goals (increasing profitability and market-share).

In effect, you will not have developed a sound IT procurement strategy if you fail to achieve all of your business or organization’s requirements (not just daily operations, but compliance too).

It would be a waste of resources otherwise, be it directly (through the purchase of the wrong or unwanted systems) or indirectly (resulting in underused or insufficient capacity).

What is an IT Procurement Process?

The IT procurement process is the combination of numerous tasks and responsibilities, namely:

defining your IT requirements,
managing vendors, negotiating and implementing your contracts,
existing asset management
and verifying the quality of products and services provided.

Every business and organization must have a clearly defined IT procurement strategy in place.

This is to ensure that IT procurement is done correctly and to secure internal stakeholder e.g. upper management support. The latter is important because business executives want to see IT as a driver for profitability instead of a costly overhead

You must demonstrate how IT procurement will help with reducing time spent on certain tasks, increase output and other net-revenue-focused goals. You must also show that the spending is essential and is being put towards solutions that generate maximum value.

The infographic below showcases how strong internal stakeholder support from executives is integral to IT procurement:

You must also stop excessive or unauthorized spending. The IT procurement strategy serves as a guard for preventing ‘maverick spend’ IT spending that occurs outside of your process.

Dark spending is also a threat as it undermines the trust upper management have in your IT. You risk looking like a black hole for money (i.e. a costly and cumbersome overhead).

You can prevent both maverick and dark spending by building accountability mechanisms (such as a system of approval) throughout your IT procurement process.

You could also separate the “buyers” from those in-need of systems (“requesters”). This ensures that the one requesting IT solutions can’t approve the sale for themselves on their own.

It’s also possible to prevent the conditions that lead to maverick and dark spending by selecting the right IT OEMs. Ensure (before the implementation phase) that your requirements are being met across every scenario (e.g. having a scheduled replenishment policy for printer cartridges).

IT Procurement Benefits

By implementing IT procurement best practices, you will leverage major improvements in both operations and strategic goals.

Operational Efficiency

With new hardware, recent software releases and/or IT services (e.g. cloud services), you can accelerate your daily operations.

For example, you could equip your sales representatives with new mobile apps connected to cloud-hosted databases. This lets your sales rep to input, view and manage data from the palm of their hand. At present, they might be pulling-up a laptop and manually connecting to the web, which consumes more time and effort.

Compliance & Security

IT procurement offers an opportunity to replace IT systems that don’t comply with your industry’s regulatory requirements. Doing so ensures that your organization is shielded from current and emerging cyber threats. These threats can cause extremely costly data breaches.

Similarly, ensuring that your IT system compliance and cyber security measures are up to par with current and upcoming regulatory standards shields you from expensive government fines.

You will notice that in most cases, compliance and cyber security are intertwined. Following one (in alignment with industry standards) should lead to following the other.

Security

This can include:

replacing routers that aren’t equipped to support today’s encryption standards;
moving your data to a cloud hosting provider that provides HIPAA-compliant encryption,
on-site security and network monitoring services;
and switching to up-to-date software builds.

Compliance

Businesses and organizations are beholden to government, industry and vendor compliance standards. For example, you can move your data to HIPAA-compliant data centers (available through public or private cloud-hosting providers) to ensure that your data is being managed in compliance with privacy regulations such as the General Data Protection Regulation (GDPR).

IT Procurement Challenges

It’s not easy to correctly implement a IT procurement strategy.

Negotiating with OEMs

In theory, you can negotiate with IT industry OEMs to secure favourable pricing, strong after-sale support and warranties. However, the practical side isn’t simple.

In terms of negotiating with OEMs, it’s best to have strong industry partnerships, e.g. Microsoft Gold Partner, Cisco Gold Partner, IBM Business Partner, etc. These partnerships are a sign of the OEM trusting you to implement their best practices (e.g. in configuration).

Such partners are in a better position than non-partners for understanding the OEM’s offerings and for negotiating favourable pricing, support and guarantees.

Internal Talent & Skill Gaps

Purchasing IT equipment is only one side of the IT procurement process. Your internal IT team must also have competency for properly implementing the strategy.

According to Deloitte’s study, “60% of CPOs still believe their teams lack sufficient capability to deliver their procurement strategy.” This is reflected in knowledge and training:

Businesses are reporting severe (e.g. 50%+) gaps in skills across many IT procurement areas, including procurement strategy and operations and sourcing.

Planning & Implementation

A big problem with internal knowledge gaps is that it weakens the planning and implementation phases of your IT procurement.

Basically, your IT procurement team might not have enough knowledge to properly identify your organization’s IT requirements. This could lead to improper purchasing, potentially needless or excessive spending (or, on the other hand, missing key requirements).

Implementation problems can include delays in receiving, installing, configuring and validating new IT systems. Likewise, your IT procurement team might not have incorporated enough or correct training for your company’s employees.

This besides trouble using new systems can open other problems, such as a lack of trust in new systems and sticking to the old.

Understanding IT Procurement Risks

There are many IT procurement risks. Many of them occur due to your IT procurement team not having enough knowledge and experience.

We’ve compiled a list of these risks below:

Incorrectly Defining Requirements

Your IT procurement team may understate or overstate your company’s IT needs in certain areas, e.g. procuring too many laptops or workstations and not enough software licenses.

In such cases, not only do you risk failing to meet your IT requirements, but you could end up with an inaccurate cost-estimate. Buying too many hardware systems will drive your costs up and lead to the waste of funds (procuring too little can result in a falsely-low figure).

Misinterpreting User Requirements

When there’s a knowledge gap, there’s a high risk of your team missing the mark on spotting the actual needs of your company.

For example, your sales team might require a CRM suite. However, your IT procurement team may select one that doesn’t have the features they need. In this case, the purchase will result in the loss of time, money and productivity across the board.

Insufficient Funding

You might have a strong IT procurement team, but they can’t do much good there isn’t enough money. The lack of funds generally leads to delays and, if you had already tendered but failed to procure, a reset of the tendering process.

Imagine your IT procurement team had already selected systems for your company and were close to signing a deal. Walking away from that deal may damage your reputation with IT OEMs.

Unrealistic Time Frame & Implementation Risks

Your IT procurement team might expect the supplier to deliver in a very short period of time.

Tight timelines might push many potential vendors away from your bid, reducing your options. You also risk implementation problems if the winning supplier is unable to deliver on those tight deadlines.

The supplier’s failure to deliver your IT systems on time will lead to delays at your end and set your IT programs back. In some situations, such as sales teams needing CRM, this can result in productivity drops.

Next Steps: Get Help in Building an IT Procurement Policy

You can prevent the challenges discussed above by incorporating IT procurement best practices into your IT procurement policy. Basically, you should anticipate these problems ahead of any IT procurement effort. In other words, you should prevent these problems from occurring.

This article was originaly published on Insight, click here to view the original article.

14 JanBlog

How to Support Remote Workers

Did you know the remote workforce has grown by over 44% in the last five years? The change in the way we conduct business now has been a huge obstacle for many employers, and it has been difficult to provide the remote staff the tools they need to succeed and to be productive. Providing the IT support workers need can be difficult, but not impossible. Here are some tips to provide the remote IT support your workers need for 2022 and beyond.

IT Support always available 24/7/365 – If you have remote staff, there WILL be technical difficulties that arise. Most of these issues will usually be small and easy to fix, but sometimes there are problems that require the assistance of a trained IT help desk to prevent work stoppage.
Cloud Technology – Embracing cloud technology is a key component to help create a robust remote-workforce. Not only will the cloud help reduce costs, it is also a easy way for employees to store, share and save company files and documents.
Create and enforce security policies – Ransomware attacks are extremely common and they can happen to almost anyone at any time. Employees working from home need to understand basic security threats like phishing scams so they do not cause a potential security breach. Host an hour meeting with a cybersecurity professional and make sure your remote workforce is trained and understands what some of these cybersecurity attacks look like and create a policy that enforces strong passwords and periodic password changes throughout the business cycle.
Digital Communication tools and devices – The biggest disadvantage of remote work is the limited ability to communicate with coworkers, but there have been tons of technological innovations over the last few years that make it simple to quickchat, video conference and collaborate. Make sure your employees have powerful webcams and microphones and invest in some decent software like Cisco WebEx so you can get premium conferencing features. You can find these products on our E-Store.
Ensure Employees Have Proper Equipment – If your team just transitioned to a remote model of work, they might not have their own computer or a computer that matches the CPU requirements they need for their job. Graphic designers, engineers and video editors all need powerful CPU’s to get their jobs done properly.

05 JanBlog

What Is Ransomware-as-a-Service

Ransomware is a term that strikes fear into business owners and IT teams, and rightfully so. “In Q3 2020, ransomware attacks have increased globally by 40% to 199.7 million cases. [source]” But why exactly have these attacks increased so much? The answer is simpler than you might think, and it all goes back to ransomware-as-a-service.

Ransomware-as-a-service is a subscription-based model that works similarly to saas, or software-as-a-service. Essentially, ransomware developers will create a ransomware tool, and they will lease that tool to individuals that pay money to use the ransomware they created. In the past, hackers needed to have some coding experience to be able to successfully target and hack vulnerable systems, but with the implementation of ransomware-as-a-service, people with little to no technical experience can launch massive cyber attacks with ease.

How does it work?

For the raas model to work there are a few components that need to be in place:

Expert-coded ransomware developed by ransomware experts (the individuals that design this software need to be reputable individuals in the ransomware space to generate outside interest)
Monthly subscription for a flat fee
One-time licensing fee with no profit sharing
Pure profit sharing

Once someone has enrolled in the program, they are onboarded with documentation that contains step-by-step instructions on how to use the ransomware for coordinated attacks. There are even some ransomware providers that provide affiliates with a dashboard solution that helps them monitor how the ransomware is working. Crazy, right? It gets crazier. To recruit these affiliates, ransomware providers will post their tools on the dark web. From there, interested buyers can read through user reviews, view screenshots of the tool and then ultimately purchase the tool with the use of cryptocurrency, like Bitcoin.

How do the attacks work?

Most ransomware attacks are through phishing scams. Phishing is the method of stealing sensitive data through a seemingly innocent source- most of the time through email scams. When an unsuspecting party clicks on links from a phishing email, they expose part of their network to the hacker, which then leads to the penetration of their entire network. Once the attack has been executed, the extortion begins. Hackers will send a .txt file to the victim’s computer informing them that their information has been encrypted along with a ransom fee to obtain the files- like the image below.

What can I do to keep my network safe?

This might sound obvious, but the best possible thing you can do to protect your network is to NEVER click on links from unknown sources. This is easier said than done because some of these phishing emails will try to replicate someone within your organization. However, they will not have the same email address, which is the number one red flag to look out for if you are unsure of where the source of an email is coming from. Another important practice to prevent ransomware attacks is to keep strong passwords that have multiple special characters and numbers and to repeatedly change passwords once a quarter.

Conclusion

Unfortunately, ransomware is here to stay. There are always going to be nefarious actors looking to exploit security, and that is why it is so crucial to have strong cybersecurity systems in place. Fortunately, Compulink offers state-of-the-art security solutions and services. If you are concerned about your business’ IT security, contact a sales team member for a free consultation, and we will help reinforce you network and ensure you and your business are protected.

29 DecBlog

10 physical security predictions for the new year

To view the original article click here

Hard to believe it is that time again, but in a few short days the calendar will flip and we will be in 2022. I have been fortunate to work with virtually all parts of the physical security industry, from A&E firms, integrators, manufacturers, and multiple types of end users (ranging from multiple Fortune 100 organizations to a family-owned self-storage company); all which shared valuable insights throughout 2021.In this column, I’d like to share my perspective of what will likely be the key issues and challenges we all will face in 2022.

1. Cyber will bring physical security issues into the boardroom

Gartner predicts that by 2024, 75% of CEOs will be personally liable for cyber incidents. Cyber incidents involving physical security and IoT devices are on the rise, and the trend in threat actors exploiting these systems are headed toward more devastating consequences. Efforts like SIA’s recent certification program on cybersecurity (SICC) is a good start towards your team being prepared for those board-level discussions, but in 2022 security leaders must also ensure that they have data, processes, and tools to support cross-functional board-level interactions.

2. Bringing IT skills into physical security teams drives hiring

Clearly more IT skills are needed with modern physical security systems, but also clearly there are labor shortages that present challenges in accomplishing this. In 2022, this may force a new tier of physical security worker, with pay and responsibilities that are competitive with the broader IT market. Such workers will be needed to bring physical security into broader IT initiatives like Zero Trust. By creating career paths within physical security tied to the broader IT market will attract new talent that otherwise may have felt physical security to be too limited for them. If your organization is already doing this or headed in this direction, let others know about it through LinkedIn or at industry events.

3. New service models will emerge

The industry’s direction toward more managed services will continue and become a differentiator between integrators. Whether it is remote guarding, cyber hardening, service assurance, or compliance, the variety and “a la carte” managed services offerings will bring new customers to integrators. Many organizations that manage physical security with internal resources will see the benefits of offloading specific functions, like firmware updating, to an integrator offering that as a service. In 2022, the “as-a-service” concept should be evaluated across all parts of the physical security landscape, as it will lead to less expensive and more efficient ways of deploying and managing security operations.

4. Deepfakes will get more attention

Fundamental to use of video surveillance is the ability to use that data as evidence and being able to prove a chain of custody. The growing sophistication of deepfakes combined with lax procedures over that chain of custody is a recipe for 2022 to call into question whether video data can be trusted. To prepare for this organizations must ensure their devices and data have not been tampered with, including replacing real data with fake data. Methods that can track the integrity of the data being stored (and that the data is kept unchanged for the required retention period) will be needed to keep video surveillance data relevant and effective.

5. More focus on knowing your physical security asset inventory

As physical security teams become closer partners with the cybersecurity, IT and compliance functions within their company, the starting point for those relations is having a strong handle on what assets they have and what the status of those assets are. We saw in 2021 the need to remove certain brands from being used (under NDAA 889), and the difficulty in determining if those brands were present because of the multiple OEM and other rebadging of equipment that goes on. Even seemingly innocuous devices like inexpensive badge printers purchased on Amazon could be the Achilles Heel in your physical security network. It is imperative you know the source and integrity of every single device that is plugged into your network. In 2022, organizations should be better prepared by having up to date inventories including firmware versions being used and original equipment manufacturer.

6. More mandates from U.S. federal government that impact physical security

In 2021, there were multiple directives and mandates that touched physical security (NDAA 889, CMMC, CISA directives, etc). Likely in 2022 these will be added to, especially around firmware updates and password management. The fact that many physical security devices are not updated (let alone still use default passwords) creates an opportunity for them to be used in exploits like phishing attacks, delivery of ransomware and malware, and planting of deepfakes. The threats from this go beyond any single company, so having more government action and focus on these attack vectors will likely bring more requirements to operators of physical security systems. Prepare by making sure you’re able to update firmware quickly and have a process to track the firmware versions in all your devices.

7. Slowdown on facial recognition

2022 will likely be a year where organizations carefully evaluate and implement facial recognition solutions as the legal and operational aspects of this technology still get worked out. Facebook’s decision to shutter its facial recognition software (but still continue technology development of it) speaks to the need to match privacy and societal concerns to the deployment of new security technologies. However, there has been a marked rise in the development and deployment of face as a credential solution for highly accurate and secure touchless personal identification and authentication. In addition, laws like Europe’s GDPR (General Data Protection Regulation) put responsibility onto physical security operators to be able to remove or limit information on a specific individual – a task best served by the automation provided by facial recognition. If you don’t already, consider if your company needs a policy on legal and ethical use of facial recognition.

8. Training and certification of physical security salespeople will gain momentum

As physical security systems become more complex, so does the knowledge required to specify and sell systems. The front line of those efforts is the salespeople working with customers to define the best possible system for their needs. More focus on training and credentialing salespeople will become a differentiator between security integrators, and a path to ensuring physical security professional development for more people within the profession. If you’re an end user, ask your integrator if they’ve considered this, or if you’re involved with SIA and ASIS, recommend they pursue this.

9. More focus (and revelations) about who has backdoors in physical security equipment

For many years the source of physical security device components, who designed them, and how they are combined with software to make products like IP cameras and card access systems has been a non-issue. Yet in almost all parts of the supply chain there is now greater scrutiny over where and how vulnerabilities are introduced, making it likely that in 2022 there will be more revelations on what really is designed into physical security systems. The past couple of years there have been active bans on equipment from specific manufacturers because they are known to contain backdoors. Prepare for this by establishing a “zero tolerance” policy and by implementing fundamental best practices like changing default passwords on devices and updating firmware, to protect your existing investment in physical security cameras and other endpoints.

10. Insurance will incorporate physical security data in policy pricing

Many organizations have been faced with a significantly higher amount of data requested by insurers in order to price (or even be offered) cybersecurity and general business liability insurance; in 2022 this will also encompass physical security information and standard operating procedures (SOPs). For many organizations who work with integrators, engaging with them now and discussing how to maintain current information needed for insurers can help to get ahead of this issue. Best way for organizations to be prepared is to prepare documented SOPs, detailed inventories of devices, and metrics around their operations to show that your organization is in control.

22 DecBlog

What, exactly, is information technology?

Click here to view the original article

Information technology professionals provide hardware, software, and one-on-one device support. Although most people’s interactions with IT involve computer issues, the work extends far beyond that. IT departments usually have three areas of responsibility –- operations, infrastructure and maintenance, and management. IT operations generally encompass engineering, database administration, or development.

IT roles include:

Operations engineers: Operations engineers install, run, and manage networks, servers, and external services such as cloud computing.
Database administrators: These professionals create and maintain systems that store information.
Development operators: DevOps engineers combine software engineering with coding skills to build software, improve it, and perform software deployments.

Does IT include cybersecurity?

Some people within and outside of technology-related careers consider cybersecurity an IT-related job. As with other professions, job titles and responsibilities sometimes overlap. As a result, IT and cybersecurity workers may collaborate or handle some of the same responsibilities.

But when analyzing essential job skills and responsibilities, IT and cybersecurity professionals take different approaches to safeguard digital information. Cybersecurity tends to focus more on protecting the data itself than the infrastructure supporting it. As with cybersecurity, the number of people responsible for IT depends on a company’s resources. One person may handle multiple responsibilities –– or even everything IT-related.

Information technology jobs

More than 12 million Americans worked in the IT sector in 2019. The net employment of people in technology-related jobs grew by 307,000 workers, up 2.6% from 2018. Some IT positions require advanced degrees, while others have entry-level opportunities. Here we’ve featured some of the most popular information technology jobs.

CHIEF INFORMATION OFFICER

CIOs typically hold executive-level status and manage an organization’s overall IT functions. Their responsibilities include directing the IT staff to ensure technology and cybersecurity functions stay efficient, safe, and up to date. If there is no chief information security officer at the organization, the CIO may also oversee cybersecurity staff.

CLOUD ARCHITECT

These professionals design and implement cloud-based IT infrastructure for organizations. As part of that work, cloud architects must work closely with others to make sure the services meet an organization’s needs. They’re also responsible for cloud security and risk management.

COMPUTER SUPPORT SPECIALIST

Computer support specialists provide one-on-one technical assistance for computer users in an organization. People who do this job walk people through resolving computer issues. They may also provide support for overall IT or cybersecurity functions.

DATABASE DEVELOPER

Database developers create and operate computer databases that process and securely store information. They work with others to design database systems that support an organization’s needs. This may involve using coding to design systems and performing troubleshooting and maintenance.

IT SECURITY ANALYST

IT security analysts work to protect computer systems from cyberattacks by creating and implementing security strategies. Their responsibilities may include installing firewalls to protect digital data and developing disaster recovery plans in case of a major data breach or loss. They may also work with penetration testers to identify system vulnerabilities.

NETWORK ADMINISTRATOR

Network administrators are responsible for operating an organization’s computer networks. Their duties include installing and maintaining an organization’s digital networks. Their work also includes managing devices that use the network, and keeping apps, like email, working.

SYSTEMS ANALYST

Also known as system architects, computer systems analysts study an organization’s computer systems and procedures. Their responsibilities include setting up new hardware and software and working with managers to ensure IT is meeting the organization’s needs. A key part of this job involves ensuring the organization’s IT systems meet business needs.

WEBMASTER

Also known as web developers, webmasters are responsible for a website’s overall look and function. That includes designing the site’s user interface and handling technical aspects, like writing code or integrating graphics or video. Additional responsibilities include creating test versions of websites and updating published content. Entry-level work in this role typically requires a bachelor’s degree.

In conclusion

Information technology is a broad, diverse, and growing field. Although IT professionals might help reset an account password or install a new printer, their responsibilities extend far beyond these important but basic tasks. IT workers use a variety of skills and apply their knowledge to develop real-world solutions for all types of corporate and personal technology concerns.

What are some jobs in information technology?

Common jobs in information technology include database administrators, web developers, computer programmers, network architects, and computer research scientists.

Which IT jobs are in demand?

In-demand IT jobs for 2021 include database administrators, systems analysts, and mobile application developers. Other top jobs include software developers, network administrators, and help desk specialists.