Select Page
Hosted or SaaS ERP? Understanding the Differences

Hosted or SaaS ERP? Understanding the Differences

In the world of enterprise resource planning (ERP), companies spend a lot of time on the software selection cycle. Determining which application will best fit the needs of the business also brings deployment model questions to the table. Currently, many manufacturers and distributors are trying to understand the differences between hosted ERP and SaaS (software as a service) ERP. Whether you’ve already chosen your ERP or are in the process of selecting your software, understanding your on-premise and cloud deployment options is key to enterprise resource planning success.

Hosted or SaaS ERP Infrastructure with Cybersecurity Locks

An application’s functionality is understandably important. The best fit that a company can find with its ERP system will very likely lead to a better implementation, with lower costs and reduced risk surfacing as essential benefits. Ideally, you’ll build a solid foundation for all business activities that follow your ERP implementation. Your computing costs should go down, and time formerly spent on technology and software should shift into more time to spend on your business.

What is ERP deployment? 

A key consideration, one that I do not believe receives enough time and effort during the software selection phase, has to do with the deployment of the solution itself. The implications of such a deployment are life-changing for any company, and particularly influential in the manufacturing and distribution industries.

At the time of software selection, it’s important to understand how you intend to deploy your new ERP system. An application’s functionality is almost as important as the functionality itself. For this reason, you’ll want to ensure that the deployment model you choose successfully overlaps with the functionality that you need.

What is a deployment model?

By deployment model, I am not referring to the operating system or the underlying database management system, whether the system is Windows-or Linux based or whether it sits on top of an SQL server or Oracle database. Those are in themselves important considerations, but the deployment model has more to do with installation and accessibility. How will the application itself be installed and accessed by the customer?

What is cloud deployment?

There are two very general classifications of cloud ERP deployment models that you can make to try and understand your cloud options. I would classify these as SaaS (software as a service) and hosted deployments.

The Software as a Service Deployment Model

Software as a service, or SaaS, is the model in which the application lives somewhere in the vendor’s data center, and the consuming customer has no line of site to its deployment. The customer subscribes to the software and consumes the application on a client-only basis, often in the form of a web browser. There is no need to manage a complex installation or oversee the application’s administration. The SaaS deployment model limits your control by limiting your responsibility in regard to application management.

The Hosting Deployment Model

The other common deployment model you could classify broadly as hosting. In a hosted environment, the application is deployed to a known server architecture. This architecture could be an on-premise or a local host, or a colocation facility, but I’m seeing much less of that these days, except with larger organizations that are comfortable with large hardware investments. Most often, I find hosting to refer to some form of cloud data center hosting, where the resources are consumed over the cloud as a service. In this scenario, the software itself is purchased using a perpetual license model and deployed to and administered from a discrete platform.

Hosted & SaaS ERP: Two Roads Diverged

So SaaS and hosting are your two basic options for the underlying technology that will serve as the foundation for your ERP. If you are a customer in the midst of an ERP software selection journey, you need to understand what deployment options are available and how they differ, relative to the specific software you are evaluating. That said, I think some generalizations can be made regarding the two models.

SaaS itself can be divided into two categories. The first would be the family of applications that were built from the ground-up to be browser-based, web applications. Plex, NetSuite, and Salesforce are examples of purely web-based applications. 

Another class of applications would be vendors who are retrofitting their older, on-premise applications to be web-enabled and centrally installed and administered, like any other SaaS application.

In general, SaaS is a great option, especially for what I would consider lightweight applications. The software as a service deployment model provides the functionality you need with a costing model that your accountants will like, and it does this without a lot of administrative IT overhead. 

I say lightweight because I’ve found some challenges with some of the limitations of SaaS functionality. In my own efforts, working within various applications, I’ve found that SaaS applications provide a more limited functionality when it comes to the need for more robust capabilities. This is especially true in terms of reporting or administration, or in the construction of specialized business logic.

If you take a well-known software like Salesforce, for instance, and compare its capabilities to traditional on-premise enterprise systems, you’ll see some challenges or differences in the relative functionality of the two systems. An example might be the administrative tools provided to manage, load, and update data. The capabilities are somewhat comparable, but on-premise applications will almost always be more robust, easier to use, and more effective.

The Future of ERP Deployment Makes All the Difference

Currently, ERP software vendors understand this gap and are working to close it over time, but this process is years in the making. For vendors that offer both on-premise and SaaS versions of their applications, I’ve found that the functionality available in SaaS has a long way to go to catch up with their on-premise antecedents. If you were to purchase the SaaS version and the on-premise version of an ERP from the same vendor, you should expect the SaaS version to underperform compared to the on-premise version.

The resources on ERP deployment out there are not always very clear on what those differences actually are, especially when the information comes from the vendors themselves. 

For a hosted model, whether it is some form of self-hosting on top of an infrastructure as a service model, or a managed hosting situation, where a group is providing the entire platform, you can think of it as an on-premise installation without the risks and costs and overhead that come with an on-premise install. This is great from a functionality standpoint, as the control provides over the server architecture allows you to really leverage the full functionality available to you as a customer.

From my perspective, the difference between SaaS and hosted ERP really comes down to expectations with regard to functionality.

I have seen cases during the software selection cycle where the solutions engineers of various companies demonstrate the capabilities of their ERP systems using their full-bodied on-premise versions, only for the sales reps to actually sell the SaaS-based version of the application to the customer. 

This is done with the implicit assumption that the SaaS-based version contains all the rich features and functionality of its on-premise sibling. But as we’ve discussed, that this is not always the case, and I’ve known more than a few customers who express tremendous frustration over this experience—believing they are buying a luxury car, only to have the dealer deliver them the base model. 

How to Choose SaaS or Hosted ERP

If you are looking at a software that sprung from the web fully formed, like a NetSuite or a Plex, the question is a little more straightforward. There is no option to host the application, and from a functionality standpoint, what you see is what you get.

But if you’re working though the decision as to whether to purchase the SaaS subscription license or the perpetual license of an application, you really need to understand whether the functionality will be available in both versions. Essentially, you need to understand how the user experience might differ between the two versions, and then make your choice from there. 

Companies that need the robust functionality that comes with a perpetual license and an on-premise installation and can’t afford to lose that in moving to a pure SaaS or purely web-based architecture have hosting options. If you wish to avoid the liabilities and costs of an on-premise install, then you need explore some of the hosting alternatives available. There are plenty of benefits to be gained through leveraging the cloud:

  • the scalability
  • the dynamic consumption model
  • the benefits of adaptive computing

With these in mind, your cloud migration should also be done in a process that ensures that you are leveraging the full functionality of the software and not limiting yourself, your business, and your future in the process.

Cloud environments like hosted or SaaS ERP systems demand that your team is ready to handle everything from basic business processes to highly sensitive data. Cloud ERP is becoming the go-to jump, and a cloud based software solution could become a downfall without expert project management.

Software applications are becoming more complex, and your ERP solution will change regularly as your vendor adapts to changing technology. Are you looking for help understanding cloud infrastructure? Our cloud computing consultants have answers. Whether you’re trying to head out of community clouds or get lightning-strike level understanding of single tenant infrastructure, our EstesCloud team is here to help make your business run better.

Know Your Network, Know Yourself

Get a network assessment today

Don’t Avenge a Cyber Attack – Prevent It

Don’t Avenge a Cyber Attack – Prevent It

One cyber world story that captivated me as a youth was the character of “Ultron,” as depicted in comic books and in the movie adaptation of The Avengers. The character was a breed of artificial intelligence created with the intent of protecting the earth. But he turned against his creators, and against the earth itself, becoming a cyber super villain in the process. Origin story complete. Now queue the good guys.

Cyber Attack Encrypted Files Ransomware Attack

Such is the nexus of superhero narratives. A good intention turns violently wrong, necessitating radical intervention. Movies and comic books love to prey on fears of killer robots and cyber intelligence. It’s an archetype as old as the myth of Daedalus and Icarus: technology going too far and humanity in its arrogance flying too close to the sun, then landing on those old Led Zeppelin t-shirts instead.

Companies encounter similar, albeit less explosive, narratives when deploying cybersecurity solutions, in an attempt to lock down their networks. Often such solutions are deployed in the absence of a comprehensive infrastructure threat review. As such, they fail to provide comprehensive cyber protection.

This amounts to a technical placebo. The cybersecurity plan once implemented gives the impression of the cure without any real medicine provided. And while the attempt to paint over one’s data security problems is not itself an act of malice, it can nevertheless have deleterious effects to the organization in question. 

My own experience in the business world tells me that user oblivion is as dangerous as malice when it comes to cyber vulnerability. A corporate network with rudimentary cybersecurity and normal online hacking attempts, such as phishing scams or malvertising, can be more problematic than a secured network under a heavy cyber attack, such as ransomware.

A Cyber Attack from an ERP Perspective

While the tale of Ultron and the Avengers had itself a happy ending, the story of many businesses is not so optimistic. I once worked for a manufacturing organization that was on the cusp of an ERP (Enterprise Resource Planning) cutover. Painstaking work had been done to ensure that all steps were accomplished and that everyone was ready for a successful go-live.

Training, communication, data conversion—all of the pieces were in place. Cutover weekend went without a hitch; the steps in the go-live plan were executed without issue. The first day live went off without major problems. The normal hiccups associated with a new system surfaced, but nothing unexpected came the way of the ERP implementation team.

On the second day after the ERP go-live, users quite suddenly lost access to shared network drives. Soon after, they began receiving errors when trying to save ERP transactions to the database. Then they abruptly lost access to the application entirely. Amongst all of the communication, they hadn’t even realized yet that their email server had gone down and that they were therefore no longer sending nor receiving communication. Their network had been completely compromised. Chaos ensued.

When people think of the most common reasons for an ERP failure, they normally speak of over-customization, or a lack of management support. They rarely think of ransomware. But for the company in question, getting ransomed over cutover weekend was the first step to a cascading number of failures. In a panic, the company reached for paper-based manual processes while communicating to customers and suppliers over hotspot connections, using the employees’ own private email accounts. It was a cyber mess on all ends and resulted in late shipments, efficiency issues, unhappy customers, and months of work to resolve. Time and talents could have been spent on things other than cyber attack recovery—if only the company had been prepared through preventive measures.

Companies Running ERP Systems Can Avoid Ransomware

The moral of this story is less than heroic: there are no super powers that can save a network that is unprepared, or insufficiently prepared, for an attack. And there are no super heroes to jump in and avenge the wrongdoing.  

Avoiding a cyber attack entirely is always preferable to avenging it after it’s happened. Many companies believe they’ve taken the steps necessary to mitigate a cyber attack. Enterprise risk management needs to be an ongoing activity, however, with business owners and executives involved in designing, understanding, and implementing a cybersecurity plan customized to the vulnerabilities of the industry under attack—because every industry is ALWAYS under attack. 

A company’s greatest vulnerabilities are often the ones that they never realized they had. The greatest risks are the ones they believe they’ve already mitigated. The company in this tale of ERP implementation security chaos thought they had done everything internally to secure their network. But their efforts were done in a vacuum, without any impartial opinions or outside analysis. They weren’t out to create a monster, but their vulnerabilities created a monstrous problem. They didn’t feel they were walking on enemy ground because the villians were hidden and undetected by current cybersecurity measures.

The lesson to be learned here is that malice often masquerades as magnanimity. The most significant threats to an organization are often clothed in good intentions.

Is Your Business at Risk of a Cyber Attack?

Could cybersecurity be the biggest problem you didn’t know you had? I’ll spoil the plot—cyber vulnerability, particularly the risk of a ransomware attack, is the biggest problem currently lurking within most businesses. Manufacturers are at risk of complete shutdown. Distributors face supply chain attacks on a daily basis. And there is no type of business that isn’t under attack. Law offices, financial institutions, hotels, medical facilities—all are under the threat of a cyber attack.

Are you feeling the cyber risk and wondering what you can do to protect your business? Don’t avenge your problems—prevent them before they’ve occurred. Get a security assessment, identify your vulnerabilities, and assemble your future. Know the problems you had yesterday and predict the ones you might face in the future of cybercrime.

Manufacturing Cybersecurity by the Numbers

Manufacturing Cybersecurity by the Numbers

Old Cyber Risks, New Cybersecurity Rules

Longtime NHL coach and living legend Scotty Bowman once famously claimed that “statistics are for losers.” For a game filled with numbers, that was a pretty bold statement. Around the same time, business author Peter Drucker, a legend in his own right, argued the opposite point, saying “if you can’t measure it, you can’t improve it.” There is certainly something to be said for “the bottom line” — the final score of a game is ultimately the most important number.

But a compelling case can be made that a winning game, a winning team, or a winning organization is comprised of many discrete elements, and that by seeking to measure and improve these key elements, the overall system will benefit accordingly. Our contemporary Moneyball sports world rendered Bowman’s statement a quant anachronism. Similarly, in the business world, managers and executives increasingly look for metrics that help them understand their areas of responsibility.

Manager, Technical, Industrial, Engineer, Working, Control, Robotics, Monitoring, Manufacturing Cybersecurity Technology

“Running the numbers” is not a substitute for successful management, but can be a valuable tool in its execution.

On that note, the National Institute of Standards and Technology (NIST) published a list of “20 Cybersecurity Statistics Manufacturers Can’t Ignore” which details some of the critical numbers that separate winning companies and organizations lost to the nefarious designs of malware, hackers, ransomware and the varying forms of cybercrime. From this list, a few highlights immediately come to the fore. By listening to the information embedded in the data, organizations can act quickly to mitigate the biggest threats that they didn’t know they had. A good manufacturing cybersecurity strategy can address old problems, predict new ones, and keep all operations cyber safe.

Ransomware Remains a Primary Threat to Manufacturers

The impact of ransomware on businesses has been monumental. According to NIST, 1 in 5 small or medium-sized businesses (SMBs) report that they have fallen victim to a ransomware attack. This makes ransomware the number one threat to organizations. Ransomware is unique among attacks in that it does not seek merely to damage the resources within a network. Rather, a ransomware attack encrypts company files, making them inaccessible to the organization and its users. Access to the decrypted files is only provided once payment to the assailant has been made. 

The effects of ransomware are immediate. When a company gets ransomed, all operations affected by the encrypted files come to a grinding halt. This has a cascading effect across the organization as it struggles to stay open during the crisis. This often results in delayed production, late shipments, confused inventory levels, and frustrated customers. To cope with the outage, the company normally resorts to a handful of painful workarounds that are difficult to unravel and clean up once the ransom has been paid.

Ransomers Attack & Manufacturing Cybersecurity Teams Rally

In DoD environments where data cyber security is key, the impact to a company’s reputation can be detrimental. As such, it is no surprise that a ransom situation can cause an organization to go out of business entirely. Worse still, the costs are increasing. According to NIST, over the course of a single quarter in 2019, the average ransomware payment went up by 13% to $41,198. The impact on an SMB’s cash flow should be self-evident. Hackers know no limit when it comes to ransomware targets, attacking companies of all sizes. For that reason, there is no reason to believe that your organization can hide under the hacker’s radar. Therefore,  manufacturers across the nation are increasing their investments in enterprise risk management and security solutions.

Microsoft Office is a Primary Vehicle for Malware

Microsoft Office has been a mainstay of organizations large and small. But the security risks of Microsoft files in an unmanaged environment are considerable. According to NIST, 38% of malicious file extensions come from Microsoft Office formats such as Word, PowerPoint and Excel, making this the most common set of file extensions. Microsoft’s Office suite has long been entrenched in the daily life of SMBs and manufacturers. Shop schedulers frequently define and redefine priorities using spreadsheets, SOPs utilize document formats for process control, and presentations to a company’s staff routinely take the form of a PowerPoint presentation.  

While these file formats are common, they are far from invulnerable, and the robust capabilities that Microsoft created within each format provides opportunities to embed hostile code that can detonate once the files are saved within the network parameters of an organization. And file sharing across the manufacturing community is widespread. It is common, for instance, for vendors and presenters at manufacturing conferences and trade shows to hand out flash drives containing promotional materials. Manufacturing cybersecurity policies need to include these activities because should these files be infected, the consequences of introducing them to an unprotected company network could be catastrophic. As such, companies need to take care in managing the devices that connect to network, and the safety of the files they contain.

Social Media Accounts Become a New Target

Social media is widespread, and manufacturers are increasing playing along in order to get more visibility for their products and more interactions with their customer base. But with the proliferation of online social interactions comes increasing risk. In fact, 63% of MSPs anticipate that hackers will increasingly target social media accounts, according to NIST. Similar to Microsoft Office, social media toolsets have increasingly found their way into organizations. Initially thought of as a distraction, these toolsets have become embedded in many organizations, allowing for more collaborative communication between suppliers, customers, individuals, and groups.

Like the Microsoft Office suite, social media platforms have been enhanced and expanded, with new capabilities added on a routine basis. But a single compromised account can compromise an entire network when accessed from within the network’s parameters. Worse still, given the continually evolving nature of social media platforms, the threats are similarly evolving. Business owners need to understand what role social media will play in their organizations, and how these platforms can be leveraged without excessive risk. Manufacturing cybersecurity measures should take into account all accounts, including those on Twitter, Facebook, and similar online social meeting grounds.

Ghost Security Breach

When it comes to cybersecurity for manufacturers and SMBs,

the numbers don’t lie.

The correlation between successful IT threat mitigation and business success is well documented. Understand the numbers and take the necessary actions to put the odds in your favor. Manufacturers can avoid a cyber security breach by taking it one step further by partnering with industry experts: managed services firms with cyber specialists lead the way in cyberattack mitigation.

Ready to assess the current state of your cybersecurity practices? Get a free whitepaper on best practices for manufacturers and strengthen your security strategy today.

How Manufacturers Can Prevent a Cyber Security Breach

How Manufacturers Can Prevent a Cyber Security Breach

Cyber security solutions are technological processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access. Over the years, they have become a necessity in order for industrial firms to succeed. Manufacturing supply chains are often interdependent and integrated. Security within the entire supply chain will lessen any vulnerabilities that could impact the company as a whole. Manufacturers must prepare for a cyber security breach by way of proactive measures.

Cyber Security for Manufacturing Global Supply Chain Map

Has a hacker already gained access to your sensitive data?

All companies have private data that ranges from non-secure to highly secure information. This applies if you have one user, a million users, a million customers, or a supply chain with 500 million endpoints. This applies if your data is exclusive to networks outside of the United States or if you are global in reach.

Regardless of the size of the company, all companies include the following data within their protected systems, and this is the type of data that needs the highest level of endpoint security:

  • Social Security Numbers / Information
  • Bank Account Information
  • Personal Emails
  • Payroll Files
  • Account Information
  • Contact Information
  • Financial Records
  • Product Designs
  • Tax Records

Is your supply chain or customer data on the dark web?

If you have suffered a data breach in the past, the data included personal information, such as phone numbers or other personally identifiable information (PII). Leakage of such information could be fatal towards the growth of a company and its workers. Such sensitive information needs to be secured with proper cybersecurity measures. For companies that do not ensure these measures, the chances of survival within the digital world are slim. The only practical solution is developing ways to combat or prevent cyber risks.

Understanding Manufacturing Cyber Security 

In order to stay safe in a world where digitization is key to success, manufacturing companies have to stay prepared. The best way to prepare, understand and manage cybersecurity risks is by considering all areas that could be breached by an attack. By looking at such risks in a business, and from a legal standpoint, owners may aim to formulate regulatory procedures in order to avoid the damage that a cybersecurity attack can impose on their company. In order for a manufacturing company to not only exist but thrive, they must first UNDERSTAND:

Understanding the risk: First, one must understand that hackers aim to steal, exploit and disrupt the company’s work. This may not necessarily be a personal attack and therefore it must not be treated as one.

Narrowing down risks: Manufacturing companies utilize technology for a multitude of sectors within the company. Therefore, narrowing down where the weakest aspects of cybersecurity are would help avoid data loss or operational risk significantly. If an attack is successful, it is also helpful to know where the root of the problem may have begun in order to stop it.

Data access control: Data is one of the most important factors in cybersecurity. The reliance on a single password, as security for data information, leaves manufacturing companies unshielded from hackers. Implementing a series of security measures by ranking importance of data can establish a hierarchy that prioritizes confidential data. Making sure only limited personnel has access to the data will lower the risk as well.

Enterprising the risks: Since cybersecurity risk is such a prevalent aspect in technology, manufacturing companies must include a prevention plan in their enterprise. This includes spending the necessary funds to prevent any harm towards the company’s technology.

Readying for the worst: Another tactic is assuming that every cybersecurity breach will be crippling towards the company. This prepares staff through proactive methodology and technology.

Setting key roles in an incident plan: Defining roles in advance with a detailed plan will enable everyone to know exactly what is required of them in case of an attack. This will help in a time when it is necessary to move quickly. Everyone will remain organized and on task.

Training all employees: Manufacturing companies need to train all employees to know how to avoid human error, which is one of the highest risk factors within cyber attacks. Through training, proper communication can be established between IT (Information Technology) and OT (Operational Technology) workers. The creation of a community culture will enable proper guidance and action on security shortfalls.

Administering the company’s policies wisely: Cyber attacks in manufacturing companies range from light breaches to severe damages that shut down operations. Therefore, ensuring that effective policies are in place is essential. The entire company needs to understand the severity of even a small breach. Policies should be updated as new threats emerge. Staff should be informed of any backup strategies in place and also of planned disaster recovery steps.

Never forget the basics: Manufacturing companies should have a basic response plan in order to outline expected and anticipated actions. Routinely changing user passwords and checking all systems for vulnerabilities should be common occurrences.

Decoys for intelligence gathering: Deploying white collar hackers is another method that could prevent vulnerability to cyber attacks. Companies should place themselves in the mind of the attacker in order to gain more knowledge on how one may think. Therefore the company can counter the attack before a breach is successful. Using decoys allows manufacturers to actively identify and analyze trends in their system that need to be addressed.

The latest technology, including managed application hosting in the cloud, provides new openings for risk and reveals a general lack of effective security in companies of all sizes, across all industries. The manufacturing industry is particularly vulnerable due to complex applications and third-party software integrations. Manufacturers also have challenging compliance regulations that require intensive documentation and reporting. Small business IT solutions help manufacturers looking for partners who will help them grow without the burden of cyber risk.

Cyber security incidents put manufacturing companies at risk of shutdown

Zero-trust cybersecurity policies have become the most essential risk management strategy. The only way manufacturing companies can stay safe is by making sure they are secure on all ends. The first step is understanding the risks, then making the effort to make sure a security breach does not occur. This process utilizes security audits and penetration testing to gain full vision of all system vulnerabilities. In the chance that a data breach does occur, cyber protection and cyber insurance are critical for survival.

Prevent a Cyber Security Breach with Best Practices

 

 

Three Ways to Make Compliance Everyone’s Business

Three Ways to Make Compliance Everyone’s Business

Compliance acronyms often become the “inside jokes” of an industry, a sort of alphabet soup, but the language of business governance can quickly result in confusion. Clever letter combinations echo the rules and regulations of businesses, especially for companies in manufacturing and distribution. Compliance is a company-wide issue that affects everyone from owner to customer. With that in mind, here are three ways to reduce the stress of compliance management by making the rules of the road everyone’s business:

1. Know the compliance acronyms that affect your business

2. Optimize your ERP for reporting and metrics tracking

3. Bring in experts when compliance involves advanced cybersecurity, data privacy regulation, or highly sensitive record management

Business Compliance

Rules and regulations serve to keep your data protected. Here are a few of the most common regulations that govern business data:

GDPR (General Data Protection Regulation)

Information that leaves the European Union must comply with GDPR even in countries that are not part of the EU. With comprehensive regulations for security and privacy in data handling, GDPR essentially protects your company from a security breach. If you draw any traffic from the European Union, you must follow the rules of general data protection regulation (GDPR).

HIPAA (Health Insurance Portability and Accountability Act of 1996)

HIPAA compliance is very common, yet many medical facilities miss important steps necessary to meet the fine print of HIPAA laws. All organizations that interact with medical practices in any way must comply with HIPAA. Health and humans services organizations obviously fall within HIPAA privacy rule, but HIPAA violations are seen across industries as more companies host data subject to these health information laws. Small businesses often fail to comply because of limited in-house expertise, which is why 2021 is moving more and more owners toward partnership with a small business IT provider that offers compliance care.

Here are a few of the types of companies that must process data in ways that comply with HIPAA rules and regulations:

Here are signs that you are keeping up with HIPAA compliance:

Failure to comply with even a single HIPAA security rule has resulted in fines of 1.5 million for small companies and up to 16 million for large scandals. Large scale security breaches are common, and everyone handling or interacting with the medical industry needs to be ready for a cyber attack. Physical theft, such as mobile device theft, is also common, so in-house strategies must include data protection from employees and other on-site actors such as third-party consultants.

PCI DSS (Payment Card Industry Data Security Standard)

Payment data is sensitive data, and is therefore protected by advanced compliance standards. Fortunately, these regulations demand solutions that benefit all businesses. If you collect credit card information for any reason, you must ensure PCI DSS compliance. All credit card information must be encrypted. Data access must be limited and tracked so that information stays in trusted hands.

Information transmission requires firewall protection, cybersecurity software solutions, and proactive security management. The network must be accessed for vulnerabilities, and all software must stay updated, patched, and in compliance with the PCI DSS regulations. A penetration test is the best way to see if your company is at risk of a data breach.

EstesGroup can help you create a compliance plan for your business. Compliance acronyms abound, but the right IT solution will quickly make the rules and regulations of your industry as simple as saying the alphabet.

Get business compliance peace of mind by signing up for a security audit and network assessment today.

5 Takeaways from the Microsoft Exchange Server Attack

5 Takeaways from the Microsoft Exchange Server Attack

A Microsoft Exchange Server Attack Caused Hours of Downtime for Businesses Around the Globe

Last week’s Microsoft Exchange Server attack underscores the liabilities of on-premise architectures compared to their cloud counterparts. On Friday, March 5th, 2021, a zero-day Microsoft Exchange vulnerability was found being exploited across the globe. It affected on-premise Exchange servers, all versions, and allowed the attacker to read emails, exfiltrate data and run the “code of attackers” choice. Unfortunately, a zero-day exploit is one that usually doesn’t have any patches against it. In short, if you had an Exchange Server out on the internet, then it COULD likely have been compromised.

A computer popup box screen warning of a system being hacked, compromised software enviroment. 3D illustration.

Our Break-Fix Client’s Last On-Premise Exchange Server Was Compromised

Microsoft (thankfully) moved quickly, and released a LOT of information, much of it confusing, with many incorrect links. It took our team some time to weed through the chaff and get the actionable tasks from it. The patches are out now, thankfully. It might take your IT folks 4 or 5 hours to install them, and yes, it’s Exchange/email downtime to get them there.

What’s the answer?  I’d say “defense in depth”:

Here are 5 steps you can take to mitigate the potential damage of the Microsoft Exchange Server attack:

  1. PatchingPatch publicly exposed servers quickly and completely.
  2. Zero Trust – Once your servers are built, and before they are exposed to the internet, lock them down! Malware protection can help, but Zero Trust is the ultimate malware protection!
  3. Cyber Insurance – Offload the risk to the insurance company.
  4. Migration – Move the service to a more agile company. Microsoft Office 365 was not vulnerable to this exploit.
  5. Backups –  Enough said.

These 5 steps can be takeaway lessons for even those unaffected by this security breach. Cloud computing costs are decreasing while increasing cybersecurity availability via affordability. Talk to our IT specialists to learn more about how cloud technology can protect your business.

 

Worried about getting hacked?

Download our free guide to mobile cybersecurity.