Categories
Uncategorized

The Surprising Truth About Regulatory Compliance & Protection

To the common person, regulatory compliance is misperceived as an all-encompassing term that includes security. Some may even think it’s the same thing.

As a result, modern-day startups tend to fixate on meeting compliance standards. From GDPR and CCPA to ISO27001 and SOC 2, achieving compliance takes precedence to sustain operations and geographical expansion. However, IT protection is rarely a given.

Treating compliance and security as one and the same can be an expensive mistake. In truth, compliance infers that an organisation meets a minimum set of controls. In contrast, security contains wide-ranging practices and software that help address the risks associated with business functions.

To cultivate a fully compliant and secure computing environment, let’s start by understanding how it is possible. 

IT Security

We’ll start with IT security as companies need to maintain IT regulatory compliance. Like complying with regulations, security is an act of risk mitigation. And the risks are multi-tiered indeed.

Many young organisations are compliant while still being vulnerable in their protection status. For instance, let’s say a software company meets SOC 2 standards, requiring its employees to install endpoint protection on their devices. Even so, it has no strategy for enforcing employees to activate or update the software.

Plus, let’s say the company lacks centrally managed tools to monitor and report any endpoint breaches, when and how they occurred. This poses a problem, especially if said company is not proficient in quick responses and recovery.

What then?

Companies always have the risk of operational issues that result in downtime, such as system corruption from external attacks, internal threats to on-premise systems, central computing infrastructure, etc. Not to mention, every single endpoint device on the network is exposed to some extent.

So, IT security helps you dictate the actions necessary in line with the number of risks you face. Reacting to problems on the spot is never a viable option. When protecting your network from such threats, you will acquire a more comprehensive understanding than under even the strictest compliance standards.

IT Security

IT Compliance

While regulatory compliance also involves minimising risk, it entails following definite rules instead of securing your systems. Government entities or third-party security structures typically pass down these regulations. Customer contracts contain precise requirements as well.

Consequently, network administrators have their hands full with the obligatory tasks to complete in order to keep their company’s IT compliant with various mandates. In fact, some regulations only dictate the business purchase regulation-compliant hardware without addressing IT infrastructure.

Where Does Your Company Stand?

Although you may meet compliance standards, it is evident that security flaws remain. Startups are particularly vulnerable in the face of security breaches, which will eventually become extremely costly.

The danger for businesses in compliance lies in the false sense of safety. Of course, receiving a compliance certificate from auditors or revered professionals can evoke a sense of accomplishment. But that does not mean your security posture is covered.

You should always have a dedicated plan in place to secure all your digital assets aside from meeting your industry’s regulatory mandates. This cybersecurity strategy must prioritise ongoing training, whether for disaster recovery, endpoint protection or Software-As-A-Service (SaaS) protection.

Keep in mind that compliance only deals with defined terms and does not cover new circumstances that could arise. In an ideal world, compliance would equal security from the get-go, but it’s still up to you to enact protection on your digital assets.

Feel free to explore how Aegis can aid you in your cloud backup and disaster recovery needs for maximal security.

Categories
Uncategorized

No joke! Businesses still negligent about SaaS backup

The advent of cloud computing has presented businesses with revolutionary opportunities for firm footing in the global market. Amid cloud computing is software-as-a-service (SaaS), a breakthrough component.

Although it is not unheard of to back up SaaS application data, many organisations are still negligent about this concept. Here are some statistics to illustrate that this, indeed, is no joke!

As early as 2019, the Enterprise Strategy Group (ESG) started conducting reports titled ‘The Evolution of Data Protection Cloud Strategies’. This year, they found that 35% of survey respondents rely solely on SaaS vendors to safeguard their data despite intrinsic limitations.

Suffice to say, the evolution has barely budged.

What most SaaS users fail to grasp is that backing up data is not a standard feature provided. Given the vitality of Microsoft Office 365 documents and records, your organisation must take control of performing backups. Otherwise, data loss could lead to catastrophic consequences that should not be tolerated in the first place.

Defining SaaS

SaaS enables your business to install and run applications without needing a local version of your systems’ or data centre’s software. In other words, you can run software applications such as Office 365 and Google Workspace without the additional investments in necessary hardware.

Furthermore, SaaS facilitates application upgrades and delivers them to their subscribers efficiently. It should allow businesses flexibility (pay-as-you-go models), scalability, and of course, massive accessibility. It’s a wonder why these excellent services do not include backing up data.

The Problem with SaaS Vendor Backup

Did you know that one-third of SaaS users still report data loss in the cloud? The case with SaaS vendors providing data backup as a service involves many vulnerabilities, and unfortunately, very few incentives.

While the cloud is considerably safer than other onsite backup systems, it is not infallible. Older, more established organisations with experienced IT teams might know the importance of translating backup practices to the cloud. But newer businesses tend to believe that the cloud is infinitely safe and can do no wrong.

This misconception fails to consider user errors, accidental deletions, malware and other malicious corruption, be it internal or external. These factors can easily eliminate data located within SaaS storage packages or even cause it to become inaccessible and unrestorable.

Ultimately, the reality is that depending on SaaS data storage for protection is no different from relying on hard drives.

The Problem with SaaS Vendor Backup

Your Data, Your Problem?

Businesses must rid of the perception that the SaaS application provider will protect all their data. Even with built-in capabilities like a recycle bin function, SaaS applications cannot compare to data protection by a third party.

It comes down to your own responsibility for protecting your own data through backup. Whether you have fully migrated to Office 365 or not, you need a solid backup solution that will allow full access and control of the data at hand.

Your backup strategy should also facilitate recovery and restoration of lost data during disastrous events, either from on-premise backup or Cloud backup, and meet compliance requirements. After all, using a backup tool with advanced functions makes maintaining long-term retention policies much more effortless.

The Right People Miss Out on the Message

The problem lies not in the shortage of SaaS backup tools on the market but in informing the right people.

Customers who still think SaaS providers take complete protection responsibility on data restorability are not data management or security teams. Instead, they are outsiders who are inclined to question the criticality of SaaS app data or are willing to gamble against the likelihood of losing it.

Sadly, these people making the primary decisions aren’t close enough to the problem to recognise it.

A ransomware attack could cause compliance issues if personal data is compromised, and the blow to your company’s reputation could be fatal. What’s to happen to the future of your business then?

Consequently, leaders should loosen the reign on cutting costs, expanding and maximising profits—focusing more on protecting what they already have. If your company uses SaaS applications to stay relevant in the global market, facilitating frequent data backups is no longer a mere option.

Employing a Third-Party Expert

Aegis Cloud Office 365 Backup (COB)can help you eliminate the risk of losing access and control over your Microsoft 365 data. This includes data residing in applications like Exchange Online, SharePoint Online, OneDrive, etc., so that your data is always protected, accessible, and restorable.

Now, with Aegis’ limited time offer, clients can immediately save 50% of their subscription for Microsoft 365 cloud backup, with unlimited cloud backup storage. Don’t miss out! Feel free to contact us for more information while the offer is still valid until 30th September 2021.

Categories
Uncategorized

Why is disaster recovery moving to the cloud?

Before the pivotal contrivance of the cloud, protecting high-priority business applications involved building and maintaining a second on-premises data centre. This system was costly and, not to mention, an exhaustive operational exercise.

Today, Disaster Recovery solutions can augment data centres to the cloud for practicality in costs and expediency. Furthermore, modern organisations are increasingly leveraging the cloud for their DR needs.

According to Transparency Market Research, Disaster Recovery-as-a-Service (DRaaS) is growing steadily year after year. By 2020, approximately 90% of DR operations have since moved to the cloud.

Back up… What is DraaS?

As you may know from our previous article, DRaaS comprises replicating and hosting physical or virtual servers in the cloud. In times of disaster or disruption, companies must ensure failover can be granted to assume business functions.

A reputable service provider’s off-premises infrastructure can provide aid during seemingly trivial outages to havoc-wreaking natural disasters and cyberattacks. That way, your organisation can carry out its DR plan immediately and minimise excessive downtime, preventing data loss.

So, why is disaster recovery moving to the cloud?

The reasons for moving DR to the cloud are abundant, and you will reap numerous benefits such as:

1. Cost-efficiency with low upfront costs

Accordant with what we mentioned earlier, you no longer need to purchase equipment and build on-premises data centres. After moving disaster recovery to the cloud, companies gain significant savings on hardware, software, IT staff, facilities, utilities and the likes of other traditional expenses.

Cost-efficiency with low upfront costs
2. Flexible payment options

In case you weren’t aware, most computing programs and applications offer a subscription-based approach. Consequently, organisations have the freedom and flexibility to scale up or down, coinciding with their respective budgets and needs.

Likewise, it eliminates the possibility of a considerable upfront capital expense.

3. Relocate CapEX to OpEX

Employing a cloud solution also enables your business to move high capital expenses to operational expenses. Yes, this means it negates the hassle of managing and updating onerous hardware. As a result, your IT team can readjust their focus on driving more revenue.

4. Fast, secure and consistent recovery

With the ever-advancing technologies, cloud-based DR allows you to attain your RPO and RTO goals rather effectively. Even when the worst happens, you can quickly restore files and recover workloads from cloud backup.

5. Data encryption

Cybercrime is on the rise now more than ever, and data continuity should always be a top priority in your business continuity and disaster recovery planning. Establishing cloud-based DR ensures that your data is encrypted both in transit and when dormant.

Data encryption

Which DRaaS solution is right for me?

The answer to this is pretty standard. Essentially, you want your DR solution to protect your crucial company data and applications. It should recover your environment in line with your RPOs, RTOs, and budget, all whilst adhering to compliance requirements.

Upon implementing your solution, remember to include a thoroughly tested and managed DR plan, complete with 24/7 failover and instant recovery. That way, you make sure that you’ll be able to access it from any location without a hitch!

Choosing a Managed Cloud Disaster Recovery Service Provider that will meet your organisation’s disaster recovery objectives requires a reliable third-party technology partner. Aegis CDR 12 + 12 seeks to assist firms of all sizes in backing up their corporate data to the cloud easily, equipping them with unlimited DRaaS resources. 

Categories
Uncategorized

Cybercrime — The Effects of Cybercrime & How to Protect Yourself Against It

As cybersecurity practitioners would have it, ‘it’s not if, but when’ organisations will encounter cybercrime. Many small- and medium-sized businesses (SMEs), particularly, consider their cybersecurity budget secondary. Sadly, it’s these companies that get the short end of the stick.

Research has revealed that over 80% of data breaches involved using weak or stolen passwords. Through employees’ personal devices, cybercriminals can access corporate networks and applications, jeopardising enterprise security. 

The Rise of Phishing Attacks

One of the most commonplace security challenges that both individuals and companies encounter is phishing attacks. Hackers use emails, social media and phone calls to steal valuable data, from passwords to credit cards and other sensitive information.

Did you know that 91% of all cyberattacks begin with a phishing email? Despite extensive efforts to educate users on the dangers and methods of spotting these scams, the attacks have not subsided. On the contrary, they remain highly successful.

To help businesses fathom how they can avoid falling victim, we will first explore this topic deeper. Various phishing techniques that are the modus operandi for attackers include:

  • Embedding a link in emails redirecting employees to an insecure website that requests sensitive information.
  • Installing a Trojan via malicious email attachments or ads that allows the intruder to exploit loopholes and obtain sensitive information.
  • Spoofing the sender address in emails to appear as a reputable source requesting sensitive information.
  • Impersonating a known company vendor over the phone to obtain corporate information.
The Rise of Phishing Attacks

The Effects of Cybercrime

Considering that small businesses don’t have the best software and hardware investment capacity, they appear to be more vulnerable to cybercriminals. Therefore, they are more susceptible to attacks as opposed to larger enterprises. Without adequate protection and security, businesses may undergo many negative effects, such as:

1. Direct and significant financial disruption

The harsh reality points to most businesses shutting down within a year after a large-scale cyberattack. So, evidently, not only will cybercrime impact your company’s profits, it can create irrevocable damage. It can also cause a long-term impact on your company’s reputation and potential for growth.

2. Business disruption and lost productivity

Another debilitating effect businesses can suffer from is costly and time-consuming disruption. As a result, they must invest in repairing and improving IT systems and even retrain employees. After the immediate damage is dealt with, the fact remains that your organisation’s reputation has been compromised. Perhaps you lose contracts or client relationships. Ultimately, the business will have to rebuild its public relations.

3. Loss of reputation and credibility

On top of investing in new security, businesses may struggle with losing financial information or their confidential IP. This calls for auditing and moving financial accounts and attempting to recover the stolen IP. The value of these lost assets is difficult—sometimes impossible—to recover. Moreover, corporations can lose their required cash buffer to survive due to ransomware and more.

Loss of reputation and credibility

Ways to Protect Your Business from Cybercrime

So, what does this mean for you? If you own an SME and haven’t prioritised cybersecurity, there’s no time like the present to change that. Luckily, we’re here to discuss the steps you can take to protect yourself better, even when resources are scarce.

1. Conduct employee training

Employees untrained in proper security practices pose a huge liability. Thus, it’s wise to have a rigid system for reporting signs of an attack. Educate your employees on the warning signs and conduct training sessions with mock phishing scenarios.

In addition, cybersecurity training shouldn’t be a one-time thing but rather a regular undertaking to stay updated with the latest technologies and threats. You want to ensure that the risks are low in the first place!

2. Keep software updated

Outdated software can expose companies to vulnerable security flaws. Unsurprisingly, hackers often study the latest software updates to target businesses that are behind in adopting them. Thus, it is imperative to keep all systems current with the latest security patches and updates.

3. Develop a system security plan

It is also advisable to develop a security policy that goes beyond password expiration and complexity. With a system security plan (SSP) in place, you can identify features in a system like hardware, software, their respective security measures, training methods, and security breach protocols. This document should also detail how to limit authorised assess and ensure employees practice secure habits.

4. Enforce secure password policies

Recycling passwords is a big no-no. Passwords should be updated constantly, containing more than eight characters. Just remember, the more complicated your password, the better. Contrarily, the simpler it is, the bigger the field day for hackers as it will be easier to crack. 

5. Deploy software solutions

To go the extra mile, try employing a web filter to block malicious websites. You can also install antivirus solutions, signature updates and monitor the antivirus status on all equipment. Go even further by encrypting sensitive company data and require encryption for employees who are telecommuting.

6. Outsource disaster recovery

Managing cybersecurity issues yourself can get quite overwhelming. However, there are plenty of resources to turn to when you’re feeling lost. Besides outsourcing cybersecurity, you can employ Managed Cloud Disaster Recovery Services, a cloud computing and backup service model that helps prevent disruptions of applications and data during such events.

Having a copy of your important data backed up to the cloud will ensure a way for speedy restoration and minimised downtime. In turn, promising business continuity.

Running a business is stressful enough without having to worry about cybercrime adversities. Thankfully, Aegis CDR 12 + 12 aims to assist SMEs and big enterprises in backing up corporate data in a secure and cost-efficient way. With our help, you’ll be primed for success in no time.

Categories
Uncategorized

Veeam provides modern data protection for Lembaga Lebuhraya Malaysia to meet government compliance requirements for business continuity

 “Veeam protects the IT applications that support highway management and maintenance, so travel can be safer, faster and easier.” 

— Gs. Ts. Mohd Sukri bin Shuib, Assistant Director of Technology, Lembaga Lebuhraya Malaysia – 2021


 The business challenges 

Lembaga Lebuhraya Malaysia (LLM) plays an important role in the lives of many Malaysians. LLM constructs, manages and maintains highways and expressways that connect families and friends to each other and to employment opportunities, educational institutions, healthcare services, retail stores and more. By building, monitoring and renovating roadways, LLM contributes to the country’s wellbeing. 

Millions of people travel on Malaysia’s highways, but they’re probably not aware that LLM assesses every kilometer to improve safety, reduce traffic congestion and integrate automation. Several IT applications assist in this process, including an expressway performance indicator system, a highway construction monitoring process and a toll-road evaluation system. 

While travelers may not be familiar with these applications, many of them are familiar with LLM’s website because it provides helpful maps, construction updates, traffic status and toll-rate information. Protecting this website and the IT applications supporting highway management, maintenance and customer service is critical, so when the backup solution became more of a challenge than an asset, the IT Division searched for a replacement. 

“Our backup solution was becoming outdated,” said Mohd Sukri bin Shuib, Assistant Director of Technology at LLM. “There were times when backup was slow and recovery was unreliable, making it more difficult to meet recovery objectives in the business continuity standards required by our government.” 

To strengthen its backup and disaster recovery (DR) strategy, LLM’s IT Division contacted Infinity Consulting Technology (ICT), a Platinum Veeam® Cloud & Service Provider (VCSP) partner in Malaysia. ICT is widely recognized as a cloud backup and DR service provider in Malaysia, providing Aegis, the in-house brand of ICT, which focuses on delivering cloud disaster recovery services. Aegis manages and monitors customers’ daily backup operations, maintenance and support of customers’ backup and DR operations. Aegis also offers complimentary and unlimited DR resources, including dedicated drill personnel who assist customers when performing drills, so they complete successfully. Aegis obtained Disaster Recovery Certified Expert (DRCE) certification in 2012, giving it more than a decade of cloud backup and DR expertise. 

“Aegis is well respected among government agencies, and ICT is well known for matching organizations with the technology that best meets their needs, so that’s how we learned about Veeam Availability Suite™,” Mr. Sukri bin Shuib said. We quickly realized that Veeam and Aegis offer the most comprehensive backup and DR solution.” 

The Veeam and Aegis solution 

Veeam and Aegis modernized data protection so LLM can easily meet recovery objectives in the business continuity standards required by the Malaysian government. Veeam and Aegis also extend backups and replicas to a secure private cloud to increase ransomware protection. Moreover, they support compliance with the ISO/IEC 27001 Information Security Management System (ISMS) standard and reduce annual IT costs by 50%. 

“Our goal is to improve the country’s highways,” Mr. Sukri bin Shuib said. “Veeam and Aegis protect the IT applications that support highway management and maintenance, so travel can be safer, faster and easier.” 

Veeam backs up and replicates 10 TB across more than 20 physical and virtual machines (VMs) on premises and off premises to Aegis. Veeam Cloud Connect links LLM to Aegis, enabling the agency to extend data protection to the cloud without the cost and complexity of managing a second infrastructure. Backups and replicas are encrypted and secure, which increases ransomware protection. 

Mr. Sukri bin Shuib said Veeam offers several features legacy backup did not offer such as reliable backup and high-speed recovery that enables the IT division to meet recovery objectives more easily. Additional features in Veeam ONE™ include monitoring and reporting for resolving issues proactively and Veeam DataLabs™ for verifying the recoverability of backups and replicas. Scalability is another key feature because LLM’s data grows quickly due to a CCTV video that monitors traffic. Veeam is also hardware, software and storage neutral. 

“Veeam backs up any workload on any hardware to any storage, so we don’t have to invest in new resources,” Mr. Sukri bin Shuib said. “Veeam is also more affordable than our previous solution, which reduces annual IT costs by 50%.” 

Aegis helps LLM save money too. Instead of a costly capital expenditure to build and maintain a separate DR structure, LLM opted for an affordable operating expenditure for DR as a Service (DRaaS) from Aegis. In addition, ICT is ISMS-certified, enabling LLM to attain ISO/IEC 27001 compliance. 

“Veeam and Aegis make data protection easy and efficient,” said Mr. Sukri bin Shuib. 

The results 

Modernizes Data Protection to meet recovery objectives in government policy “Veeam and Aegis protect the IT applications that support highway management and help us meet recovery objectives in the business continuity standards required by our government more easily,” Mr. Sukri bin Shuib said. 

Extends backups to a secure private cloud to boost ransomware protection Veeam Cloud Connect offers a seamless and secure way to send backups and replicas off premises for DRaaS, so organizations like LLM can avoid the cost of managing a second infrastructure. 

Supports compliance with ISO 27001 and reduces annual IT costs by 50% “Veeam is more affordable than legacy backup, saving us a significant amount each year,” Mr. Sukri bin Shuib said. 

 Industry 

Government 

Company 

Lembaga Lebuhraya Malaysia oversees the design, construction, operation, maintenance and toll collection for highways and expressways spanning 1,820 kilometers countrywide. The government agency was established in 1980 under the Ministry of Works and employs approximately 400 people. 


Challenge 

When Lembaga Lebuhraya Malaysia discovered its backup solution was becoming outdated, the IT division replaced it immediately. Unreliable backup and slow recovery could make it difficult to meet recovery objectives in business continuity standards required by the government. 


Solution 

  • Veeam Availability Suite 
  • Veeam Cloud Connect
  • Secure Cloud Backup and Disaster Recovery (DR) Service from Aegis

Results 

  • Modernizes data protection to meet recovery objectives in government policy 
  • Extends backups to a secure private cloud to boost ransomware protection 
  • Supports compliance with ISO/IEC 27001 and reduces annual IT costs by 50%

About Veeam Software 

Veeam® is the leader in backup, recovery and data management solutions that deliver Modern Data Protection. We provide a single platform for cloud, virtual, SaaS, Kubernetes and physical environments. Our customers are confident their apps and data are protected and always available with the most simple, flexible and reliable platform in the industry. Veeam protects over 400,000 customers worldwide, including more than 82% of the Fortune 500 and over 60% of the Global 2,000. Veeam’s global ecosystem includes 35,000+ transacting technology partners, resellers, service providers, and alliance partners, and has offices in more than 30 countries. To learn more, visit www.veeam.com or follow Veeam on LinkedIn @veeam-software and Twitter @veeam


About ICT 

A world-class Disaster Recovery as a Service (DRaaS) and Infrastructure as a Service (IaaS) expert based in Malaysia, Infinity Consulting Technology (ICT) partners with the world’s leading software and platform brands to deliver cloud-based backup and recovery solutions to customers from blue chips to start-ups across a range of industry sectors. A Platinum VCSP, ICT aims to shape the future of cloud DR revolution. 

Categories
Uncategorized

Are Your WFH Employees’ Personal Devices Secured?

This crisis-ridden era has accelerated the work from home (WFH) business model as enterprises scrimmage to remain financially sound. Alas, this practice places company data in jeopardy of cyberattacks, even more so for employees unsure about the security protocols on their devices.

With 56% of employees using personal computers as their work device, leaders are scrambling to reexamine their cybersecurity. Since workers access sensitive accounts and data via their personal devices, securing your company network should be a top priority.

Otherwise, who’s to say if your WFH model is a viable, long-term solution?

Establishing a Secure WFH Network

The surge in WFH employees has prompted enormous pressure on IT departments at office-based organisations. Ideally, companies should provide work-issued laptops or computers that were vetted and secured by the IT staff. These machines should have endpoint protection, encrypted drives, antivirus software, etc., while the IT department can manage security updates and patches across the remote team.

However, not every business can afford to equip its remote workers with secured devices. Security professionals barely had ample time to create the required architecture for moving entire companies to remote status. To make matters worse, they’ve had to deal with a larger attack surface prompted by this work style.

Employees were left to rely on personal endpoints, accessing sensitive information from unprotected home networks. It’s also tricky to maintain governance over what your employees are doing and whether they follow the security guidelines provided. Regardless, implementing strict data protection ground rules is essential for safeguarding your business.

Establishing a Secure WFH NetworkEstablishing a Secure WFH Network

The Truth About WFH Security Concerns

As stated, the overnight transition forced most employees to use personal devices, which lack the precautions and security measures that corporate devices usually boast. Sometimes even the latter can put critical data at risk, as they are exposed to others in the household.

The amount of adware (games) and unwanted software on these devices increased tenfold, indicative of children use. This is further concerning because adware is the go-to delivery mechanism of highly nefarious malware on such gadgets.

Moreover, operating outside the office means utilising your own WiFi networks that have proven to be less sturdy than in-house connections. While crucial applications include Office 365 and Google Workspace (formerly G Suite), these apps present yet another avenue of security vulnerability.

At the end of the day, IT teams must emphasise being wary of suspicious emails, attachments, and pop-ups.

Network Security Checklist

The problem with home networks involves the sheer number of connected devices, causing vulnerability to cyberattacks and malware. Many homes have IoT devices such as connected appliances as well. Thus, the first step to securing home networks would be an employee checklist identifying every single device accessible to the network.

After that, remote employees should:

  • Change default passwords
  • Change the default IP address
  • Disable remote access to the home network
  • Regularly update their router and network devices’ software

What if your employees don’t own their routers and modems? Well, you can always insist on separating work and personal activities on the device by implementing split networks.

Try VPNs, MFA & Cloud DR

Virtual personal networks (VPNs) have benefits that go beyond bypassing geographical restrictions. They are powerful tools that grant robust online privacy. Secure VPNs create a private connection where data travelling from a VPN-connected device is encrypted and sent through, allowing for safer connections to business information systems.

Aside from that, multifactor authentication (MFA) helps ward off phishing attacks often targeted at employees’ email accounts. Hackers wield urgent-sounding emails directing users to change personal information on legitimate-looking websites, gaining access to passwords and security questions. On the other hand, MFA requires users to provide information beyond passwords, including:

  • QR codes on portable devices
  • Biometrics, i.e. fingerprint, face, retina scans and voice ID
  • Time-based, one-time passwords for authentication codes sent via email or text message
Try VPNs, MFA & Cloud DR

Lastly, it’s wise to have a Cloud Disaster Recovery (DR) plan in place in case of unexpected events rendering data loss, not forgetting to include a proper backup strategy for the business endpoints such as laptops and PCs. By backing up business data to the Aegis cloud, clients can quickly recover and restore what was accidentally or intentionally deleted, stolen or lost, ensuring business continuity. 

Find out more about the Aegis CDR 12+12 Program, a newly launched disaster recovery promotion that comes with complimentary Cloud Endpoint Backup plus installation and data migration. Whether you’re an SME or a big corporation, Aegis CDR 12+12 aims to offer more protection and value for your money with unlimited cloud backup storage.

Categories
Uncategorized

How COVID-19 Pandemic Impacted Data Backup

Remote working began as an interim arrangement for many businesses since the COVID-19 outbreak. However, this mode of work has persisted into 2021, and so has new backup and data protection trends.

The impact on business IT systems includes investing in more devices for remote staff and revamping networks and applications to allow access on a larger scale. Consequently, organisations have had to revisit data protection strategies as there are more environments to protect.

Is Remote Data Protected?

In terms of business continuity, it seems that IT initiatives resulting from the pandemic will prevail into the future. Considering that data centres and cloud-based applications are accessible, an organisation’s workforce can operate just as effectively from home.

But what does this mean for data backup and recovery?

While working off-premise disregards the need for physical disaster recovery (DR) planning, your backup systems might not be configured to run on these highly distributed devices. Before this, most people perceived supporting technologies like backup as less critical than line-of-business software.

Things have changed; COVID-19 has sparked an acceleration in cloud adoption, SaaS (software as a service) adoption, and ransomware. Microsoft Office 365, in particular, became an important application.  

Areas of Data Backup Impacted by the Pandemic

Areas of Backup Impacted by the Pandemic
1. Local backups & data compliance

Locally backing up data is never the go-to for IT teams, but it was the only option in the early period of the pandemic. Certain network-based endpoint backup tools cannot support remote users, and those that could had to work with limited bandwidth.

As supplier support for remote users improves, IT leaders can check the licensing of their backup software to ensure all endpoints are covered. Once a secure remote backup system is in place, employees can delete local backups to avoid data compliance problems.

2. Protecting SaaS applications

Another solution that helped businesses adapt to working from home is software-as-a-service. SaaS applications like Microsoft Office 365 has been on the rise for the past year among industry leaders. Many users often assume that their data is automatically backed up to the ‘cloud’, but this is a myth.

Despite the growing usage of SaaS applications, their backup capabilities simply aren’t enough. Third-party vendors backup typically cover the most popular SaaS applications. It is then up to the consumers to devise their own backup tactics to protect their data from accidental or malicious deletion or proceed with data recovery during outages.

3. Continued adoption of cloud-to-cloud backup

Now that cloud and SaaS-based data backup adoption have skyrocketed, experts don’t see this trend reversing. With the erratic economic climate, organisations turned to consumption-based pricing models for various aspects of IT.

Organisations are also increasingly opting for cloud-to-cloud backup, with more on-premise suppliers supporting backups for infrastructure as a service (IaaS) and so on. The migration of more critical applications from data centres to the cloud makes backup all the more vital.

4. Taking ransomware more seriously

Ransomware attacks have increased tremendously due to the pandemic — 485% last year, to be exact. Needless to say, no organisation is exempt from falling victim. Fortunately, backup providers are developing ransomware detection and “clean copy” recovery techniques to aid companies in recovering data safely.

Taking ransomware more seriously

What Aegis Can Do For You

Aegis Cloud Office 365 Backup (COB) is a comprehensive business solution that allows backup and restoration of Office 365 data. This includes applications such as Microsoft Exchange, Microsoft SharePoint, OneDrive and Teams. We are here to safeguard critical business data from security threats, retention policy gaps and, most aggravating of all, human error. 

Rest assured that Aegis COB ensures quick data recovery while providing unlimited cloud backup storage.  Find out more about our services on our website.

Categories
Uncategorized

Ransomware is on the rise, Are you ready for it?

Ransomware has been in the news quite a bit recently. You may have heard stories about Ransomware attacks on large companies, organizations, or perhaps government agencies. It has grown at an alarming rate, becoming a threat affecting thousands of businesses & organizations worldwide. Ransomware attacks can be scary, especially for small businesses that cannot afford to pay a ransom for their data.

To counter Ransomware is to have off site backup. Off site backup is the replication of the data to a server which is separated geographically from a production systems site. Except for Ransomware, the critical data of your business could also be threatened by other reason such as power failure, natural disaster, or even human error. However, having an offsite backup can ensures that your critical data is stored in one extra place and cannot be destroyed like physical storage devices. That is why it is important to backup one copy of your critical data off site, as a counter measure against Ransomware. With Aegis Cloud Disaster Recovery (CDR), your critical data is backup and replicated to dual disaster recovery sites located within Malaysia.

How many businesses are affected by Ransomware?

According to the study by Security Firm Sophos shown, it is safe to say that any business that uses a computer system is at risk because 51% of all surveyed businesses were hit by Ransomware in 2020. Furthermore, as shown by the annual report on global cyber security, there were a total of 304 million Ransomware attacks worldwide in 2020. This was a 62% increase from a year prior.

How much does it cost to recover from a Ransomware attack?

Most companies have a wrong perspective about paying the ransom to regain access or control to their data. According to one study by Security Firm Sophos, paying ransom will only double the cost of fixing the issue caused by Ransomware. For example, the average cost to pay the ransom was $1,450,000, with no guarantees of getting back your data safely. On the other hand, if the company chose not to pay ransom, the average cost to recover from the attack would be $730,000. The best way to evade paying ransoms is to make sure you have an uninfected copy of your sensitive data kept out from your office network so when the hackers encrypt your systems, there is no need to worry about it. You can just wipe those files infected and upload clean duplicates. With Aegis Cloud Disaster Recovery (CDR), victims can easily restore the data at the shortest time possible with no additional cost.

Why & How School & University will easily become the target of Ransomware attack?

For the past few years, financial corporations or banking institutions and healthcare industries were the target for hackers to make ransom money, but now their focus has change to schools. Today, technology in schools has empowered modern learning paths and brought a new level of innovation to the classroom. Several factors make schools and educators easy targets for Ransomware. One of the most obvious reasons is due to the Covid-19 pandemic, whereby most of the schools and universities rolled out virtual learning. Most of the schools and universities do not provide extra cyber security training for their students, workers, or lecturers, which cause the lack of cyber security awareness. The most common way for a school to be infected by Ransomware is when a workers or lecturer click an unknown email or download an unofficial app because they were not taught how to distinguish between what is safe and what is not.

Aegis Cloud Disaster Recovery (CDR)

Aegis CDR is a cloud backup and disaster recovery service, powered by Aegis 1PAT, that caters for on-premises or cloud and equipped with complimentary unlimited disaster resources. Aegis CDR puts your mind at ease with warm Disaster Recovery Standby Virtual Servers at remote sites. Aegis CDR also provides dual disaster recovery sites to ensure infrastructure redundancy, which is hosted in Cyberjaya and Kuala Lumpur. 

Aegis Cloud Disaster Recovery’s key differentiators can be divided into 3 parts: Aegis 1PAT, Aegis DRaaS, and Aegis Managed Service.

Aegis 1Price-Any-Techonologies (1PAT)

  • Provides the best mix of technologies that caters to different RTO and RPO requirements, which saves you from the need to purchase multiple different backup software. 
  • Eliminates the need to commit to a backup software.
  • Offers the latest technology where you would not be limited to only a few options of backup software. 

Aegis DR As-A-Service (DRaaS)

  • Equips with complimentary unlimited DR resources, which allows you to save cost on DR Software and Hardware. 
  • Assisted DR drills with dedicated Aegis DR professionals. 
  • Complimentary DR seats with the convenience of performing DR drills in an office space equipped with office facilities in Empire Tower, Subang. 

Aegis Managed Service 

  • Provides a fully managed Backup and Disaster Recovery service allowing IT personnel to be more productive and efficient. 
  • More than 10 years of experience in Cloud Disaster Recovery, which can guarantee successful high data restore rates, which would ease your burden. 

Find out more about Aegis CDR on our page

Written by: Boey

Categories
Uncategorized

IT Priorities 2021: Compliance and risk are top security concerns

Did you know that cybersecurity and risk management was the focal point for IT spending in 2020? Notwithstanding, a close runner-up would be cloud services.

Judging by the situation in Malaysia, remote working has become a permanent fixture for many businesses for the foreseeable future. However, the need to remain in control of compliance and risk management has not subsided but only grown more challenging.

How are Compliance and Risk different during the pandemic? 

Remote working is by no means exempt from less stringent security measures that are otherwise in place. As we’ve mentioned before, organisations should ensure that the same level of security is applied to endpoint devices and personal data.

Fortunately, IT professionals are starting to angle their priorities towards hybrid infrastructure management, application performance management (APM), and security management to optimise delivery. Hybrid IT has proven effective in breaking down silo mentalities, bringing core proficiencies across on-premise and cloud environments together.

In trying times like this, companies must shift focus unto skills development and alacrity in key areas:

  • Security
  • Cloud infrastructure
  • Application monitoring

While cloud storage dominates spending priorities, it is still secondary to security and compliance, according to studies. Consequently, technology experts can seize the opportunity to emphasise effective communication for performance now and into the future.

How are Organisations doing this?

How are Organisations doing this

In terms of compliance and risk-based security, the most popular strategy is enforcing end-user training. Educating and keeping end-users aware of the latest information on security threats can go a long way towards preventing major data breaches and mitigating future attacks.

Up next is overseeing Governance, Risk and Compliance (GRC). From an IT perspective, GRC is necessary for achieving the best possible infrastructure and operational environment. A well-structured and continuous approach to GRC ensures proper functionalities according to policies and procedures. Monitoring, reviews, assessments and updates are key.

Moreover, managing risk is increasingly essential as cybersecurity threats occur ten-fold in frequency and severity. As a result, an integral part of IT activity is identifying and managing operational risks, threats, and vulnerabilities.

Preventing data loss is also a top priority among consumers. Thus, most initiatives in operational security, endpoint security, and internet of things (IoT) security reflect more on compliance. 

In Conclusion

Evident in a broader trend, consumers are beginning to deploy various security initiatives through third-party providers. These measures include end-user training, email security, data loss prevention and more.

Aegis is an experienced cloud computing provider that can equip your organisation with backup services and Disaster Recovery resources. Our services help you hedge against cyberattacks and other disruptive disasters, ensuring minimised downtime and business continuity.

Additionally, Aegis offers complimentary unlimited DR resources such as DR VM, DR vCPU, DR vRAM, DR Security, DR bandwidth and DR Drills throughout the year for guaranteed high performance. Find out more about what we can do for you or contact us if you have any enquiries.

Categories
Uncategorized

Don’t let security concerns hinder your business

As businesses seek more flexible, innovative ways of working many workplaces are using more endpoint devices than ever before. Keeping these devices secure is essential, as each device represents a potential source of entry for security threats.

Remote working is now a permanent arrangement for a growing number of businesses after the Covid-19 pandemic pushed organization of all sizes to move to home working on a wide scale in a very short timeframe.

To know more about the importance of Endpoint Backup, Click here

Is it organization’s responsibility or user’s responsibility to backup endpoints?

It is a common misconception that many organizations have thinking that it is end user’s responsible to backup endpoint data, but it is not. It is organization’s responsibility to m*ensure* the critical business data is secure and backup. Why it is so important to back it up the endpoint devices? It is because these days, news of human error and data theft appear on the regular. Businesses are no strangers to other mishaps that lead to endpoint data loss. But with Aegis Cloud Endpoint Backup (CEB), organizations can better protect critical data on employee devices, mitigate data loss and data breach, and restore lost data quickly through best-in-class endpoint protection.

Watch the video below to see Aegis Cloud’s host Ai Vee and Carbonite + Webroot’s expert Johann discuss what is endpoint data protection:

After an understanding for endpoint data protection and why it is importance to an organization. It is time to know why we need endpoint backup and what are the common threat that causes the loss of endpoint data.

There are 3 common threats for endpoint backups, which is hardware failure, human error, and theft. How can we prevent this kind of disaster happen? With Aegis Cloud Endpoint Backup (CEB) easy deployment feature, your endpoint data will automatically and silently backup to the Aegis Cloud. it also allows users to create and deploy policies to backup data as frequently as every minute. And with a feature that grants remote data wipe to prevent any data breach.

If you wish to know more about the common threat for endpoint backup, Click here

Based on the above information, we can foresee that an endpoint backup will become a must for every organization. There is no time for you to think about it, before a bad things happen to your organizations, lets prevent it with Aegis Cloud Endpoint backup (CEB).

“Prevention is better than cure.”

Watch the video below to get a better understanding of why we need endpoint data protection: