21 MarBlog

Why these 5 cybersecurity threats should concern any IT team

This article was originally published on TechRepbulic – click here to view

Cybersecurity changes rapidly, but one thing remains constant. Threats don’t seem to slow down. If your network and security tools aren’t up to the task of protecting your organization now, it’s not likely to get better going forward. Cybercrime is an industry unto itself, with new business models and tactics being developed all the time.

If you’re still struggling to integrate and manage a collection of single-purpose products, the resulting complexity and lack of visibility is likely to leave your organization vulnerable. You should work to address security gaps as quickly as possible and take note of these five threats. They may target different areas, but each is cause for concern.

Attacks on Linux Systems – Remember when everyone said we should all ditch Windows and move to Linux because it was never attacked? It’s true that up until recently, Linux was generally ignored by cybercriminals. But sadly, that’s no longer the case anymore. Attacks against Linux operating systems and the applications that run on those systems are becoming as common as attacks on Windows systems. You might be used to defending against Windows attacks, but you might not be familiar with how to protect Linux from malware. One example of a Linux attack is a malicious implementation of the Beacon feature of Cobalt Strike called Vermilion Strike. It can target Linux systems with remote access capabilities without being detected. More botnet malware is being written for Linux platforms as well.
In addition to being yet another vulnerable area to worry about, attacks on Linux systems are particularly concerning because Linux runs the back-end systems of many networks and container-based solutions for IoT devices and mission-critical applications. And even worse, Linux environments often have valuable data like Secure Socket Shell (SSH) credentials, certificates, applications usernames, and passwords.
Here’s something else to consider. Microsoft is now actively integrating Windows Subsystem for Linux (WSL) into Windows 11. WSL is a compatibility layer used for running Linux binary executables natively on Windows. You can be sure that malware will follow.
Most organizations just aren’t used to protecting Linux systems. Furthermore, many Linux users are power users and these systems are frequently sitting in parts of organizations that are providing critical services.
Attacks in space – Space may be the final frontier, but it’s no longer safe from cyberattacks thanks to the increase in satellite internet. New exploits targeting satellite Internet networks will increase, and the biggest targets are likely to be organizations that rely on satellite-based connectivity to support low-latency activities. These activities include online gaming or delivering critical services to remote locations and remote field offices, pipelines, or cruises and airlines. As organizations add satellite networks to connect previously off-grid systems such as remote OT devices to their interconnected networks, it will increase the attack surface.
Attacks on Crypto Wallets – Just as a pickpocket can run off with your money in the real world, in the digital world, crypto wallets are now at risk. Attackers are creating more malware designed to target stored information, so they can steal credentials such as a bitcoin private keys, bitcoin addresses, and crypto wallet addresses. Once an attacker has vital information, they can drain the digital wallet. Many attacks begin with a phishing scam with a malicious Microsoft Word document attached to a spam email. A Word document macro then delivers the malware that steals the crypto wallet information and credentials from a victim’s infected devices.
Another scam involves a fake Amazon gift card generator that targets digital wallets by replacing the victim’s wallet with the attacker’s. And ElectroRAT is a new remote access trojan (RAT) that targets cryptocurrency by combining social engineering with custom cryptocurrency applications. ElectroRAT can perform keylogging, take screenshots, upload and download files, and execute commands.
Attacks on Critical Infrastructure – Over the last year, ransomware attacks have been on the rise, but now they are increasingly targeting critical infrastructure. Instead of going after smaller targets, cybercriminals are waging larger, more public attacks that affect more people. The convergence of information technology (IT) and operational technology (OT) networks has made it easier for attackers to access OT systems. By accessing compromised home networks or the devices used by remote workers, they can access IT and then OT systems. The rise of ransomware as a service means that attackers don’t need to have specialized technical knowledge anymore. They can simply buy attack kits on the dark web to attack OT systems.
Some of the incidents that target critical infrastructure have been called “killware,” even though the attacks don’t directly target human lives. However, the malware differs from regular exploits in that it disrupts hospitals, pipelines, water treatment plants, and other critical infrastructure that directly impacts people.
Attacks on the network edge – The increase in the number of people working remotely has led to an exponential expansion of new network edges, which has significantly expanded the attack surface and exposed corporate networks to many of the threats to residential networks. Because of this increase in network edges, there are more opportunities for “living off the land” threats. This type of threat involves using malware created from existing toolsets and capabilities, so the attacks and data exfiltration appear to be normal system activity. Living off the land attacks are sometimes combined with edge access trojans (EATs). The malware located in these edge environments uses local resources to observe activities and data at the edge and then steal, hijack, or ransom critical systems, applications, and information.

Be prepared

All of these threats amply show why organizations must prioritize cybersecurity. Threats aren’t going away, so organizations need an integrated, coordinated approach to security instead of attempting to assemble a collection of point products. Instead of adding yet another security product to solve a problem, organizations should consider a cybersecurity mesh platform approach to security for unified visibility, automated control, and coordinated protection.

14 MarBlog

Five Common Mistakes Made Hiring Technical Staff

Hiring the right technical staff can be a daunting process these days. Competition for good IT talent is at an all-time high, and it can be extremely costly to bring someone on that doesn’t have the proper requirements or doesn’t match company culture. Here are some mistakes to avoid when bringing on technical staff.

Focusing too much on Education Background – This may seem sound like an oxymoron, but focusing too much on a candidates education background can leave you filtering out top-notch IT talent. There are plenty of great engineers from established universities, but there are also plenty of engineers that learned to code at a community college that worked their way towards becoming expert coders and technically savvy. Engineers no longer need to have four-year degree accreditations to prove they are capable of being excellent IT resources. Take the time to vet each candidate thoroughly and not get too caught up on university degrees.
Not Utilizing Contractors – Hiring multiple developers can be a lengthy process, unless of course you are a tech titan, like Cisco or Microsoft. So if you are in a pinch and need to hire an engineer immediately, it is pertinent to hire a contractor. There are amazing contractors out there and ready to work at a moment’s notice. Yes, this can be costly at times, but as long as the team you are comprising isn’t massive, then it shouldn’t burn your budget too much.
Not Being Authentic – As mentioned in point #1, there is a surplus of opportunities for candidates with technical backgrounds. While this is great for the candidate since they have their pick of the litter of opportunites, this can be very limiting for employers. Companies need to stand out during the interviewing process and prove their authenticity and values as employers, or candidates will move on to a better opportunity.
Not Hiring Talent Fast Enough – This goes back to point #4 that there are an abundance of options for the talent pool, but tech talent have lots of options for finding a company to work for. If the recruiting process is taking too long, or there is little to no communication between the interview process, talent will simply move on to the next position. It can be very tricky for employers to find the right balancing act for hiring tech because they want to make sure they vet a candidate properly. Employers need to be able to thoroughly research and vet candidates, but if they take too long or overcomplicate things, the talent will simply walk away, leaving employers scrambling.
Not Testing Talent – As we mentioned above, it can be a difficult balancing act between making the hiring process seamless for candidates whilst also ensuring it is challenging enough that you are getting quality candidates. Employers may find that the candidates they are interviewing match company culture, but employers also need to make sure that candidates are also technically capable of doing the job. A good rule of thumb is to test candidates in the early phases of the screening process to determine if coding skills and technical knowledge are up to par with the demands of the job. By getting these portions of the interview out of the way early on, you can focus on the interpersonal aspects of the interview.

Hiring anyone can be a daunting process, but it is especially difficult now to find top tech talent. By adhering these five steps, you and your business will be able to find the right candidate without scaring them away and also ensuring that they match the needs of the company as well as the candidate.

09 MarNews

Microsoft, Ukraine, and the Future of Cybersecurity Amidst Global Conflict

Last Wednesday, Microsoft’s Threat Intelligence Center alarms blazed as a never-before-seen piece of malware appeared aimed at Ukraine’s government ministries and financial institutions. Amazingly, Microsoft was able to update its virus detection systems and were updated to block the malicious code which was built to ‘wipe’ data on computers in a network.

Why this matters?

Typically tech giants do not involve themselves in global disputes or conflicts, however, Microsoft was asked by European nations to provide tthe updated code to prevent the malware attacks so that Ukrainian and other Baltic regions would be safe from Russian cyberattacks. This is a significant boundary to cross as Washington for years has discussed the need for public/private partnerships to thwart destructive cyberattacks.

What Microsoft has to say.

Brad Smith, Microsoft’s president had this to say about the recent attacks, which highlight the change in tone from what is a normally a neutral response to global, political matters: “We are a company and not a government or a country.” “[Yet] These recent and ongoing cyberattacks have been precisely targeted, and we have not seen the use of the indiscriminate malware technology that spread across Ukraine’s economy and beyond its borders in the 2017 NotPetya attack. But we remain especially concerned about recent cyberattacks on Ukrainian civilian digital targets, including the financial sector, agriculture sector, emergency response services, humanitarian aid efforts, and energy sector organizations and enterprises. These attacks on civilian targets raise serious concerns under the Geneva Convention, and we have shared information with the Ukrainian government about each of them. We have also advised the Ukrainian government about recent cyber efforts to steal a wide range of data, including health, insurance, and transportation-related personally identifiable information (PII), as well as other government data sets.

How will this impact the future of IT?

Cyberwarefare has been around since the Cold War, but there have been no regulations within the Geneva Convention over who can be targeted. The recent attacks on Ukrainian insitutions like their emergency response systems, humanitarian efforts and agricultural program raise serious concerns.

Conclusion

Cybersecurity will continue to be extremely important during both war and peace time, but the recent events surrounding the cyberattacks on Ukraine will begin to muddle the future for how tech giants position themselves during global conflict. We could very likely see private companies play a pivotal role in conflict, similar to how Ford Motor Company provided Humvees during World War 2.

02 MarBlogNews

Compulink now listed on Poly OGS Contract PM69215

Compulink Technologies is proud to announce that we are now listed to the Poly OGS contract (NY PM69215). The Compulink-Poly duo has successfully enabled NY SLED Agencies to empower and upgrade their video conferencing and telecommunications infrastructure with Poly’s advanced hardware solutions.

As work-from-home and hybrid work become more relevant, it’s become crucial for businesses to provide their employees with powerful video-conferencing equipment, headsets and web cameras that allow them to stay focused and communicate effectively with team members

Poly is one of the leading manufacturers of voice and video solutions and they have been leading the front to help organizations ‘unleash the power of team collaboration.’

Compulink and Poly share the same vision of providing flexible, advanced solutions to businesses to prepare them for the influx of digital transformation for hybrid and remote workers.

23 FebNews

IT Strategies for Cloud

Scott Sinclair wants to debunk two myths associated with cloud computing. The first is that cloud is a zero-sum game in which apps that once ran in the data center are simply relocated to the public cloud, says Sinclair, senior analyst at market research outfit Enterprise Strategy Group (ESG). The second is the idea that eventually all applications will run in the cloud, and data centers will be phased out.

IT strategies for hybrid cloud

“Digital demands are increasing so much that, no matter how fast the cloud is growing, people are still investing in their data centers,” Sinclair says. In ESG’s latest research on data infrastructure trends, respondents report the average expected growth rate for data in the public cloud was a staggering 39% year over year. But that doesn’t mean that the amount of data stored on-premises is declining. In fact, the estimated growth rate for data centers is comparable—35% year over year.

“If we think about a large modern enterprise, we may have two, three, four data centers; three, four, five public cloud providers; dozens, if not hundreds of edge locations,” says Sinclair. “And we have data moving and apps moving everywhere all the time.”

For example, the London Stock Exchange Group has dozens of data centers, hundreds of applications, and a presence in Amazon Web Services, Google Cloud, and Microsoft Azure, according to Nikolay Plaunov. He’s a director and technologist in the infrastructure and cloud division of LSEG, the diversified company that runs the stock exchange and also provides data-based financial services. Its portfolio includes virtualized applications running on-premises, containerized apps running in the cloud, and legacy apps running on mainframes.

“What is really hitting people today, versus probably five or 10 years ago, is this idea of, ‘I have these things in my data center, and I have these things I’ve moved to the public cloud and I need to manage a lot more things,’” adds Sinclair. “Now, I’m living in a world where not only do I have to manage a lot more things, but I am constantly dealing with data and apps moving in all directions.”

One of the most significant effects of the 2020 coronavirus pandemic from an information technology (IT) perspective has been the sudden, unplanned migration of applications to the cloud, as organizations moved quickly to accommodate remote workers and the surge of online shoppers. Today, companies find themselves with one foot in the cloud and the other still in the on-premises world, facing significant challenges in terms of how to manage this mixed IT environment, how to secure it, and how to keep costs under control.

A hybrid cloud IT infrastructure, in which resources are distributed across on-premises, private cloud, and public cloud environments, enables companies to accelerate time to market, spur innovation, and increase the efficiency of business processes. And companies are keen on its promises: more than a third (37%) say hybrid is an investment priority over the next year and a half, according to a 2021 ESG survey of 372 IT professionals.

But the complexity of managing a hybrid cloud presents challenges that can bedevil chief information officers, including compatibility with legacy equipment, cybersecurity concerns, and cost issues associated with moving data and managing data access.

To successfully manage a hybrid cloud environment, organizations need a specially designed hybrid cloud management plan that includes the right tools and strategies. These approaches can be as varied as the types of businesses out there, but some guidelines apply across industries—the need for a central control plane, for example, using automation to manage IT operations, and transitioning from managing infrastructure to managing service-level agreements with vendors.

It all starts with applications

Russell Skingsley, chief technology officer for digital infrastructure at Hitachi Vantara, says most customers started their cloud journeys with somewhat unrealistic expectations. They initially believed that all apps would eventually end up in the cloud.

What they’re finding is “there are things we can move, there are things we might move, and there are things we definitely can’t move,” Skingsley says.

Sinclair adds that while the rising tide is certainly lifting enterprise apps from the data center to the public cloud, there’s a countercurrent in which organizations are moving some applications from the cloud back to the data center. Some of the reasons cited by organizations speak to the complexity of hybrid cloud management: these include data sensitivity, performance, and availability requirements.

To effectively move applications to the public cloud, organizations need to set up a systematic methodology, almost a factory-style assembly line that analyzes each application in its portfolio and then decides which ones to “lift and shift” as-is to the cloud, which ones to re-factor or rewrite to take full advantage of the cloud, and which to keep on-premises.

The first step is conducting an inventory of the application portfolio. This can help organizations eliminate duplication and identify apps that no longer serve a business purpose and can be de-commissioned. The next step is to analyze applications through the lens of business outcomes. Then, organizations need to make decisions based on factors like time, risk, cost, and value.

At London Stock Exchange Group, Plaunov is constantly balancing cost with business criticality. Every application is different and requires its own specific calculation. “I’ve seen several applications that were lifted and shifted to the cloud, and in some cases, it’s relatively simple to optimize them and to optimize their costs.” In other cases, it can be expensive to convert a monolithic app to the public cloud because it entails breaking the app into smaller components.

This article was created and originally published on Technologyreview.com

Click here to Read the full article

17 FebBlog

What Are NFTs?

What are NFT’s?

“Right click, save as.”

NFT’s have exploded into the pop-culture lexicon over the past year. In fact, Meriam Webster’s dictionary named it the most popular word of 2021, but just what exactly makes these digital pictures unique from other jpegs, and why are they going for millions of dollars and being adopted by some of the world’s biggest celebrities, athletes and influencers?

The Blockchain

NFT’s exist on what’s called a ‘blockchain.’ There are several types of blockchains that are composed of different cryptocurrencies (like Bitcoin), the most popular of which is the Ethereum blockchain. These blockchains record transaction information on a ledger and help identify the owner of a particular NFT, basically like a digital receipt.

What’s an NFT

NFT stands for ‘Non-fungible token’ which means that more or less whatever NFT you possess is completely unique and cannot be replaced or replicated by anything else. NFTs are basically jpegs with transaction ID’s that point to the owner. Sure, you can “right click save-as” to save an NFT to your computer and use it as your profile picture, but that digital receipt on the blockchain will always point back to the original owner.

So why the heck are these pictures so valuable, what gives?

It really comes down to what people perceive the value of an NFT to be, just like any other piece of art. However, there are a lot more variables that go into what the value of an NFT can go for other than just its art design like its utility.

What does the future of NFTs hold?

The future of NFTs is fascinating. You will probably see tickets for events become completely digitized as NFTs in the next few years. It sounds crazy, but almost anything could be an NFT in the future, from car titles, to album covers to plots of physical land.

WAGMI or Rug Pull?

The current landscape of NFTs is murky. There are countless scams, or “rugpulls,” where users are swindled out of their money. NFTs have been compared to Ponzi schemes, and critics also argue that they are bad for the environment and are used for money-laundering schemes.

Like many recent web3 developments, at its core, NFTs give power back to the people. Underpaid graphic artists can become overnight millionaires and same with savvy investors. Ultimately, NFTs are like any other investment, and like any investment, people need to be prepared to only spend whatever they are willing to risk and to do their own research. Like the early days of the Internet, NFTs are in the ‘wild-west’ phase- there are very few regulations, and little understanding; but like the wild west, the opportunistic may strike gold… or lose it all trying.

03 FebBlog

What is Web3?

What is Web3

By now you may have heard the term web3 thrown around. But what exactly is it? To get to the bottom of this question, we first need to do a quick history lesson to understand.

The first iteration of the Internet was known as web1 and was the beginning period of the Internet, where people could access information, but could not interact with the content. This early phase of the Internet comprised when URL’s and homepages were being created and laid the foundations for the next phase of the world wide web.

Web2 arrived next and in the form of of customizable content and social media platforms and blogs. Now, Internet users could “read and write” (referencing the computer code that this was built on) content as well as pull files instead of just viewing them on a static page. Once the majority of the general public understood and adopted mainstream social media platforms like Facebook, content sharing took off to new heights. Public sentiment around these platforms has soured in the last few years, and people are wary of how these tech titans are harvesting their data and information. Facebook in particular was fined over $5 billion by the FCC for their role in breaching data privacy roles, and there is a growing sentiment amongst the public that they do not actually have control over their data and content.

Enter Web3

This is where web3 enters the conversation. Web3 is considered the read/write/own phase of the Internet. “Rather than just using free tech platforms in exchange for our data, users can participate in the governance and operation of the protocols themselves. This means people can become participants and shareholders, not just customers or products. [source]”

In web3, users aren’t just consumers, they are contributors and investors, thus allowing a larger portion of the population to be able to take control of things, rather than the major tech corporations that are currently the majority power. “Web 3 makes the proliferation of cooperative governance structures for once-centralized products possible. Anything at all can be tokenized, whether it’s a meme, a piece of art, a person’s social media output or tickets to Gary Vee’s conferences. [source]”

While web3 sounds like a positive development, because in theory it gives power back to the people, others argue that this is a false narrative that is great in theory, but does not actually hold up to its standards. Former Twitter CEO, Jack Dorsey, made headlines when he said that the blockchain networks are “decentralization theatre,” stating that only a few key people actually hold the power and control over the hundreds of millions of dollars.

While these criticisms are somewhat valid, web3 has the tremendous potential to bring power to the masses. Whether or not this will actually happen remains to be seen. At one point, social media was only used by a small majority of early adopters, but in time it became mainstream to all generations. Expect web3 to follow a similar trajectory.

28 JanBlog

Best IT Procurement Practices

What is IT Procurement?

IT procurement is the process of sourcing and acquiring information technology assets to drive your business or organizational operations. IT procurement can include hardware and software products as well as IT services, such as cloud services, cyber security services, as well as strategic and administrative responsibilities.

The objective of any IT procurement strategy is to fulfill your organization or business’ needs, getting the maximum value out of your spending as well as protecting you from many different forms of risks (e.g. regulatory, cyber security, etc).

A recent Deloitte survey of Chief Procurement Officers (CPO) in 36 countries says as many as 79% of CPOs are focused on achieving cost reduction in their IT procurement strategies.

To achieve that, CPOs must undertake the following tasks through their IT procurement work:

issuing requests-for-proposals (RFP),
requests-for-information (RFI),
leveraging partnerships with IT industry original equipment manufacturers (OEM),
researching options on the market,
negotiating with OEMs on pricing and support,
and managing internal stakeholders.

Top 4 Business Priorities for CPOs graphics

Every business and organization is different. You must factor in company/organizational size, your industry, unique regulatory and compliance requirements and other factors. Each business must manage their IT procurement in a way that fulfills its needs and respects its constraints.

This reality is felt across the IT hardware (e.g. devices, routers, servers), software (e.g. apps or licensed software) and services (e.g. cloud) you could procure.

Thus, a correctly designed and implemented IT procurement effort is vital to maximizing the value of your spending. The failure to do so will be felt beyond just your IT, but in your business or organization’s core activities.

We review the industry’s best practices for IT procurement. We also examine how you could benefit from IT procurement and overcome its challenges.

IT Procurement Best Practices

IT procurement specialists must strike a balance between cost savings and meeting organizational needs. Below is a list of goals that they seek to achieve during the process.

1. Acquire Technology That Aligns With Organizational Needs

All too often, technology purchases are made in the hope that the cost value will be worth the trouble of the organization having to adapt to the equipment.

In fact, the reverse is true; the acquired technology should be strategically procured so that it fits in with and supports business goals. Having to engineer workarounds and modify your IT environment — or larger processes or workflows — can lead to both inefficiencies and integration problems.

2. Forming Strategic Relationships

Forging a close relationship with specific vendors and/or IT providers offer numerous advantages to the IT procurement process. Not only will this result in cost savings by leveraging economies of scale and established logistical practices, but the right provider can also help to:

Resolve adoption problems more efficiently
Eliminates rogue buying and integrates with existing ERP systems like SAP, PeopleSoft, Oracle, and more
Allow for the establishment of service level standards and agreements
Create a framework for both parties to work together to improve the relationship

3. Involve Stakeholders

As part of a strategic sourcing process that attempts to glean as much information as possible before making a purchase decision. It’s important that all relevant stakeholders are involved in the IT procurement process.

This will allow your procurement personnel to understand the organizational needs, budget, and how all the intended acquisitions will impact operations.

4. Minimize Risk

All asset acquisitions come with an element of inherent risk — and IT is no different. From technology that fails to support the company’s needs to potential financial or compliance issues down the road, a procurement specialist will work with risk mitigation and security in mind.

Some of these practices include:

Conducting a full risk analysis
Determining the probability of financial losses
Roadmapping, planning for future projects, and implementing plans to reduce their impact

5. Acquire Assets With an Eye Toward The Future

Many organizations seek to lower their capital acquisition costs and therefore make purchasing decisions based on short-term needs and upfront price.

However, top companies choose to look at total cost of ownership when making acquisitions.

Instead of getting quotes from vendors, today’s IT procurement specialists, like those at Insight, will identify how much the technology will cost to operate and eventually dispose of; ensuring that the most cost-effective option is selected that will pay dividends over its lifespan.

Understand Your IT Infrastructure

Before approaching IT procurement, we must review the benefits and difficulties your company likely faces in managing its IT infrastructure. This is an important discussion because, ultimately, your IT procurement efforts are aimed at improving the effectiveness of your IT infrastructure.

Your IT infrastructure certainly includes at least two of these three core components: hardware, software and services. For most, hardware and software are a given (e.g. word processing from a laptop).

In today’s environment, IT infrastructures include more than simply computers and productivity applications. You also have networking infrastructure connecting your company to the web and internally between different computers, printers and on-premise servers.

Likewise, your productivity suite includes email which could be based on Exchange, Google or a proprietary suite as well as customer relationship management (CRM) and other apps.

It is when these systems age and lose relevance (with current as well as emerging trends and behaviours) that IT procurement becomes an issue.

Factors such as current hardware and/or software falling out of compliance, not having the right features, higher cost-of-ownership and others make IT procurement key.

The Difference Between Hardware and Software Procurement

What is Hardware Procurement?

In terms of hardware, your IT procurement efforts may focus on replacing aging laptops and/or workstations, routers, printers, mobile devices and in case of in-house or on-premise hosting servers.

What is Software Procurement?

Software procurement can include renewing licenses for productivity applications, e.g. Microsoft Office, Adobe Creative Suite, Citrix, etc. Instead of software-as-a-service (SaaS) solutions, you may also look to build custom applications. In-house development would also be procurement.

Your IT procurement process must fulfill your operational requirements. However, they must follow your compliance standards, meet your cyber security needs and drive strategic business goals (increasing profitability and market-share).

In effect, you will not have developed a sound IT procurement strategy if you fail to achieve all of your business or organization’s requirements (not just daily operations, but compliance too).

It would be a waste of resources otherwise, be it directly (through the purchase of the wrong or unwanted systems) or indirectly (resulting in underused or insufficient capacity).

What is an IT Procurement Process?

The IT procurement process is the combination of numerous tasks and responsibilities, namely:

defining your IT requirements,
managing vendors, negotiating and implementing your contracts,
existing asset management
and verifying the quality of products and services provided.

Every business and organization must have a clearly defined IT procurement strategy in place.

This is to ensure that IT procurement is done correctly and to secure internal stakeholder e.g. upper management support. The latter is important because business executives want to see IT as a driver for profitability instead of a costly overhead

You must demonstrate how IT procurement will help with reducing time spent on certain tasks, increase output and other net-revenue-focused goals. You must also show that the spending is essential and is being put towards solutions that generate maximum value.

The infographic below showcases how strong internal stakeholder support from executives is integral to IT procurement:

You must also stop excessive or unauthorized spending. The IT procurement strategy serves as a guard for preventing ‘maverick spend’ IT spending that occurs outside of your process.

Dark spending is also a threat as it undermines the trust upper management have in your IT. You risk looking like a black hole for money (i.e. a costly and cumbersome overhead).

You can prevent both maverick and dark spending by building accountability mechanisms (such as a system of approval) throughout your IT procurement process.

You could also separate the “buyers” from those in-need of systems (“requesters”). This ensures that the one requesting IT solutions can’t approve the sale for themselves on their own.

It’s also possible to prevent the conditions that lead to maverick and dark spending by selecting the right IT OEMs. Ensure (before the implementation phase) that your requirements are being met across every scenario (e.g. having a scheduled replenishment policy for printer cartridges).

IT Procurement Benefits

By implementing IT procurement best practices, you will leverage major improvements in both operations and strategic goals.

Operational Efficiency

With new hardware, recent software releases and/or IT services (e.g. cloud services), you can accelerate your daily operations.

For example, you could equip your sales representatives with new mobile apps connected to cloud-hosted databases. This lets your sales rep to input, view and manage data from the palm of their hand. At present, they might be pulling-up a laptop and manually connecting to the web, which consumes more time and effort.

Compliance & Security

IT procurement offers an opportunity to replace IT systems that don’t comply with your industry’s regulatory requirements. Doing so ensures that your organization is shielded from current and emerging cyber threats. These threats can cause extremely costly data breaches.

Similarly, ensuring that your IT system compliance and cyber security measures are up to par with current and upcoming regulatory standards shields you from expensive government fines.

You will notice that in most cases, compliance and cyber security are intertwined. Following one (in alignment with industry standards) should lead to following the other.

Security

This can include:

replacing routers that aren’t equipped to support today’s encryption standards;
moving your data to a cloud hosting provider that provides HIPAA-compliant encryption,
on-site security and network monitoring services;
and switching to up-to-date software builds.

Compliance

Businesses and organizations are beholden to government, industry and vendor compliance standards. For example, you can move your data to HIPAA-compliant data centers (available through public or private cloud-hosting providers) to ensure that your data is being managed in compliance with privacy regulations such as the General Data Protection Regulation (GDPR).

IT Procurement Challenges

It’s not easy to correctly implement a IT procurement strategy.

Negotiating with OEMs

In theory, you can negotiate with IT industry OEMs to secure favourable pricing, strong after-sale support and warranties. However, the practical side isn’t simple.

In terms of negotiating with OEMs, it’s best to have strong industry partnerships, e.g. Microsoft Gold Partner, Cisco Gold Partner, IBM Business Partner, etc. These partnerships are a sign of the OEM trusting you to implement their best practices (e.g. in configuration).

Such partners are in a better position than non-partners for understanding the OEM’s offerings and for negotiating favourable pricing, support and guarantees.

Internal Talent & Skill Gaps

Purchasing IT equipment is only one side of the IT procurement process. Your internal IT team must also have competency for properly implementing the strategy.

According to Deloitte’s study, “60% of CPOs still believe their teams lack sufficient capability to deliver their procurement strategy.” This is reflected in knowledge and training:

Businesses are reporting severe (e.g. 50%+) gaps in skills across many IT procurement areas, including procurement strategy and operations and sourcing.

Planning & Implementation

A big problem with internal knowledge gaps is that it weakens the planning and implementation phases of your IT procurement.

Basically, your IT procurement team might not have enough knowledge to properly identify your organization’s IT requirements. This could lead to improper purchasing, potentially needless or excessive spending (or, on the other hand, missing key requirements).

Implementation problems can include delays in receiving, installing, configuring and validating new IT systems. Likewise, your IT procurement team might not have incorporated enough or correct training for your company’s employees.

This besides trouble using new systems can open other problems, such as a lack of trust in new systems and sticking to the old.

Understanding IT Procurement Risks

There are many IT procurement risks. Many of them occur due to your IT procurement team not having enough knowledge and experience.

We’ve compiled a list of these risks below:

Incorrectly Defining Requirements

Your IT procurement team may understate or overstate your company’s IT needs in certain areas, e.g. procuring too many laptops or workstations and not enough software licenses.

In such cases, not only do you risk failing to meet your IT requirements, but you could end up with an inaccurate cost-estimate. Buying too many hardware systems will drive your costs up and lead to the waste of funds (procuring too little can result in a falsely-low figure).

Misinterpreting User Requirements

When there’s a knowledge gap, there’s a high risk of your team missing the mark on spotting the actual needs of your company.

For example, your sales team might require a CRM suite. However, your IT procurement team may select one that doesn’t have the features they need. In this case, the purchase will result in the loss of time, money and productivity across the board.

Insufficient Funding

You might have a strong IT procurement team, but they can’t do much good there isn’t enough money. The lack of funds generally leads to delays and, if you had already tendered but failed to procure, a reset of the tendering process.

Imagine your IT procurement team had already selected systems for your company and were close to signing a deal. Walking away from that deal may damage your reputation with IT OEMs.

Unrealistic Time Frame & Implementation Risks

Your IT procurement team might expect the supplier to deliver in a very short period of time.

Tight timelines might push many potential vendors away from your bid, reducing your options. You also risk implementation problems if the winning supplier is unable to deliver on those tight deadlines.

The supplier’s failure to deliver your IT systems on time will lead to delays at your end and set your IT programs back. In some situations, such as sales teams needing CRM, this can result in productivity drops.

Next Steps: Get Help in Building an IT Procurement Policy

You can prevent the challenges discussed above by incorporating IT procurement best practices into your IT procurement policy. Basically, you should anticipate these problems ahead of any IT procurement effort. In other words, you should prevent these problems from occurring.

This article was originaly published on Insight, click here to view the original article.

14 JanBlog

How to Support Remote Workers

Did you know the remote workforce has grown by over 44% in the last five years? The change in the way we conduct business now has been a huge obstacle for many employers, and it has been difficult to provide the remote staff the tools they need to succeed and to be productive. Providing the IT support workers need can be difficult, but not impossible. Here are some tips to provide the remote IT support your workers need for 2022 and beyond.

IT Support always available 24/7/365 – If you have remote staff, there WILL be technical difficulties that arise. Most of these issues will usually be small and easy to fix, but sometimes there are problems that require the assistance of a trained IT help desk to prevent work stoppage.
Cloud Technology – Embracing cloud technology is a key component to help create a robust remote-workforce. Not only will the cloud help reduce costs, it is also a easy way for employees to store, share and save company files and documents.
Create and enforce security policies – Ransomware attacks are extremely common and they can happen to almost anyone at any time. Employees working from home need to understand basic security threats like phishing scams so they do not cause a potential security breach. Host an hour meeting with a cybersecurity professional and make sure your remote workforce is trained and understands what some of these cybersecurity attacks look like and create a policy that enforces strong passwords and periodic password changes throughout the business cycle.
Digital Communication tools and devices – The biggest disadvantage of remote work is the limited ability to communicate with coworkers, but there have been tons of technological innovations over the last few years that make it simple to quickchat, video conference and collaborate. Make sure your employees have powerful webcams and microphones and invest in some decent software like Cisco WebEx so you can get premium conferencing features. You can find these products on our E-Store.
Ensure Employees Have Proper Equipment – If your team just transitioned to a remote model of work, they might not have their own computer or a computer that matches the CPU requirements they need for their job. Graphic designers, engineers and video editors all need powerful CPU’s to get their jobs done properly.

05 JanBlog

What Is Ransomware-as-a-Service

Ransomware is a term that strikes fear into business owners and IT teams, and rightfully so. “In Q3 2020, ransomware attacks have increased globally by 40% to 199.7 million cases. [source]” But why exactly have these attacks increased so much? The answer is simpler than you might think, and it all goes back to ransomware-as-a-service.

Ransomware-as-a-service is a subscription-based model that works similarly to saas, or software-as-a-service. Essentially, ransomware developers will create a ransomware tool, and they will lease that tool to individuals that pay money to use the ransomware they created. In the past, hackers needed to have some coding experience to be able to successfully target and hack vulnerable systems, but with the implementation of ransomware-as-a-service, people with little to no technical experience can launch massive cyber attacks with ease.

How does it work?

For the raas model to work there are a few components that need to be in place:

Expert-coded ransomware developed by ransomware experts (the individuals that design this software need to be reputable individuals in the ransomware space to generate outside interest)
Monthly subscription for a flat fee
One-time licensing fee with no profit sharing
Pure profit sharing

Once someone has enrolled in the program, they are onboarded with documentation that contains step-by-step instructions on how to use the ransomware for coordinated attacks. There are even some ransomware providers that provide affiliates with a dashboard solution that helps them monitor how the ransomware is working. Crazy, right? It gets crazier. To recruit these affiliates, ransomware providers will post their tools on the dark web. From there, interested buyers can read through user reviews, view screenshots of the tool and then ultimately purchase the tool with the use of cryptocurrency, like Bitcoin.

How do the attacks work?

Most ransomware attacks are through phishing scams. Phishing is the method of stealing sensitive data through a seemingly innocent source- most of the time through email scams. When an unsuspecting party clicks on links from a phishing email, they expose part of their network to the hacker, which then leads to the penetration of their entire network. Once the attack has been executed, the extortion begins. Hackers will send a .txt file to the victim’s computer informing them that their information has been encrypted along with a ransom fee to obtain the files- like the image below.

What can I do to keep my network safe?

This might sound obvious, but the best possible thing you can do to protect your network is to NEVER click on links from unknown sources. This is easier said than done because some of these phishing emails will try to replicate someone within your organization. However, they will not have the same email address, which is the number one red flag to look out for if you are unsure of where the source of an email is coming from. Another important practice to prevent ransomware attacks is to keep strong passwords that have multiple special characters and numbers and to repeatedly change passwords once a quarter.

Conclusion

Unfortunately, ransomware is here to stay. There are always going to be nefarious actors looking to exploit security, and that is why it is so crucial to have strong cybersecurity systems in place. Fortunately, Compulink offers state-of-the-art security solutions and services. If you are concerned about your business’ IT security, contact a sales team member for a free consultation, and we will help reinforce you network and ensure you and your business are protected.