Rogue Wireless Devices – The Growing Threat to Your Organization

Rogue Wireless Devices – The Growing Threat to Your Organization

The primary goals of any corporate network are consistency and reliability. Consistent network performance helps avoid unnecessary downtime, improves productivity and reduces total cost of ownership (TCO), but threats to that reliability are coming from an ever-increasing number of sources.

With continued advances in wireless technologies, there are many more employees working remotely using personal devices. They may be at customer locations or a home office and some even work while on vacation. These personal devices access a variety of wireless networks outside your corporate network. There is no doubt that this wireless freedom increases productivity and provides a level of autonomy to employees, but with this access, there are increased risks to the corporate network.

Of all of the threats faced by your network security, few are as potentially dangerous as the rogue access point.  

What exactly is a rogue access point?

A rogue access point is an unauthorized device operating on a corporate wireless network. The device is often a cell phone or tablet. Potential problems arise when the device discovers the company’s wireless network which creates an access point. Although this can be considered a security breach, it typically is not implemented maliciously. These breaches usually come from an employee looking for a convenient way to use the company’s wireless network.  And, it is not just cell phones. A rogue access point could be a WLAN card plugged into a server or a mobile device attached to a USB that creates a wireless access point. Other unauthorized wireless devices may be hidden inside a computer or other system component, or be attached directly to a network port or network device, such as a switch or router.
For instance, an employee working at a customer site uses their cell phone to connect as a “hot spot” to their computer for a company presentation. They return to the office still connected not realizing their RF signal interferes with the corporate network. In another case, an employee puts an unencrypted wireless access point in the conference room for a customer project. It is well-intentioned; but they do not realize that their access point could be used by a hacker to enter the corporate network invisible to the company’s internal network monitoring. 
Although, not typically malicious these access points can open up the corporate network to security threats. For instance, an employee uses their cell phone at lunch to download a web app. The app contains innocuous malware designed to quietly collect information. This malware then reads stored data like emails, text messages, attachments, credit card numbers, and log-ins and passwords to corporate networks. The employee returns to the office, accesses the company wireless and unwittingly contaminates the corporate network.  

Increasing Risk

In addition to cell phones and tablets, the internet of things (IoT) is introducing new devices that are a growing risk to your network, including wearables like FitBit and Apple Watch. Although manufacturers’ security protocols are constantly being revised and upgraded, new IoT devices are constantly entering the market presenting new threats. According to research from Gartner, by 2020, experts estimate that more than 25 percent of identified enterprise attacks will involve IoT. Yet, IoT will account for “less than 10 percent of IT security budgets”.

Rogue access can occur in any type of organization and cause performance issues that are hard to identify due to the nature of wireless connectivity.  Many factors affect a wireless signal, including RF interference from signals using the same frequency as a wireless access point and the number of users connecting to an access point. Either of these can affect the overall throughput and performance of your entire wireless network.

Solving the problem

Threats from mobile devices are increasing and can result in data loss, security breaches and compliance violations. Solving the problem depends on the scale and size of the organization and can include risk assessment, policy changes, as well as technology implementation. To discover and monitor unauthorized access points, it takes diligent observation, the right tools, and a bit of intuition that comes from experience.

Rogue wireless devices threaten the quality and consistency of service to your customers as well as the reliability and security of your network. Do you have an unidentified network performance issue? You may need some expert help.

 

 

Navigating the Challenges of Outdated Infrastructure

Navigating the Challenges of Outdated Infrastructure

As industry challenges and competition escalate, businesses need to constantly evaluate their systems and infrastructure to improve efficiency and productivity. A competitive advantage means staying on top of technological advancements that impact your industry and implementing technologies, not just as a way to improve internal processes, but also as a driving force for business growth. 

Efficient use of data can help companies become more agile and better equipped to respond to ever-changing markets. This means scalability and systems that communicate with one another throughout the organization from operations to production to supply chain.

Enterprise resource planning (ERP) systems can provide these benefits including real-time capabilities, seamless communication and an overall increase in efficiency. However, since ERP implementation affects the entire organizational process, there are a number of challenges that companies may encounter when upgrading their network.

Our team of consultants, architects and integrators were brought in on a consulting engagement to help one of our clients navigate the technology upgrade options best suited for their particular business and environment.

One of the challenges we encountered was outdated infrastructure—a common issue today as technology continues to evolve rapidly and companies face a multitude of options as they plan for growth.

This client was a well-established company with multiple locations and business units across the USA. The company’s current systems that orchestrated every step in the production and operational process were either home-grown or stand-alone disparate systems acquired through acquisition. This led to a difficult environment where systems did not communicate with one another and the supply chain itself was not integrated.

The company wanted to consolidate all aspects of the supply chain and production into a single platform that would deliver shorter lead and production times, and a more consistent product at a lower cost to produce.

This manufacturing company was growing fast and needed to move beyond their home-grown systems with a new datacenter that was scalable, flexible and could support innovation and future growth.

Our initial approach was to assess the client’s current environment and growing corporate needs. We first delivered a series ZAG TechTalk workshops to educate the company on their options including hardware and servers, software upgrades, integration of new systems, and cloud services versus on-premise deployment platforms.

Cloud can be a great solution for some companies. Other company’s business needs lead to a more traditional on-premise solution. As experienced integrators, we are well versed in both, and we guide our clients to the best solution for their needs. In this case, based on the customer’s business requirements, it was decided to keep the infrastructure in-house.

We recommended new servers and deployed Cisco Nexus® datacenter switches, a fast and reliable switching infrastructure designed for high performance and increased data center efficiency. We also deployed a Nimble Storage Array that would allow for future scalability.

It took six weeks to get the new systems up and running—a fast transition for such an environment. To assure a smooth transition and in-house management, we trained an on-site engineer and continued to provide level 3 support.

The company realized immediate benefits through the automation of the supply chain, which lead to more transparency, less waste, better quality control, and ultimately a more profitable business.

The company was able to capitalize on the new integrated system efficiencies with improved product margins in every business unit, while differentiating itself from their competition by providing a streamlined process and continued high quality product delivery.

The challenges presented by the company were common issues in a unique environment but the solutions are ever-changing. New vendors, platforms and services are being introduced almost weekly.

As experts in IT integration, ZAG Technical Services, along with the support of our vendor partners, brings the latest options to every client. Our goal as experts in technology, is to be a reliable partner that enables our clients to succeed.

 

Business Continuity: Reducing Downtime

Business Continuity: Reducing Downtime

Experiencing IT downtime is inevitable for any business, but the threat of downtime can be reduced by having a Business Continuity Plan that includes Disaster Recovery. 

Businesses with any kind of IT infrastructure experience downtime in two ways: scheduled downtime and unplanned downtime. Scheduled downtime is important for executing updates and troubleshooting systems so that they run properly and as intended. Unplanned downtime is a system crash that leaves whole systems or machines out of action and unusable. This can be detrimental to organizations in many ways and can cause your business to lose money. 

The Cost of Downtime

Most IT environments will experience downtime at some point due to a variety of causes. For this reason, it is critical to have a Business Continuity plan for downtime, so your company does not stay down for long. 

For enterprises, the average hourly cost of an infrastructure failure is $100,000 per hour, according to an article on the Dev Ops website.

Organizations must also consider the cost of employee’s wages during downtime.

“If the company has 10,000 employees who are paid an average of $56 per hour including benefits, the labor component of downtime costs alone would be $896,000 a week, which works out at over $46 million per year,” according to a blog post by William Thompson.

Causes of Downtime

The Uptime Institute has reported that 88 percent of unplanned downtime is directly related to human error and mechanical problems.

This report states that 29 percent of downtime is attributed to UPS System failure, meaning the battery for these machines has gone out. Five percent came from IT equipment failure and 10 percent was accredited to generator failure.

Additionally, 24 percent of downtime is triggered by people-caused accidents, and only 12 percent is caused by weather incidents.

Disaster Recovery vs Business Continuity

Disaster Recovery is getting back up when you are knocked down by an IT disaster; Business Continuity allows you to only stumble after an IT Disaster and avoid getting knocked down by it.

Three out of four companies fail from a Disaster Recovery standpoint, according to the Disaster Preparedness Council, which means that even more lack a Business Continuity Plan.

Even the US government provides information on Business Continuity and templates to create your own along plan through instructional videos from FEMA.

Forbes has listed four main reasons to create a Business Continuity Plan:

  • Reduce Interruptions—rather than dealing with problems and issues individually, organizations can minimize downtime
  • Limit Damage—while you may not reverse the initial damage, you can prevent more data from being lost or stolen
  • Create Alternatives—if something goes down, there are set alternatives in place that can be used by employees and administrators to continue working.
  • Guarantee Employee Responsiveness—the most important part of any Business Continuity Plan is making sure your employees are all on the same page, or you may find that employees do not know how to react during an IT disaster.

Companies have to determine the amount to allowable data loss, or Recovery Point Objective (RPO), as well as the amount of time your company can realistically be down, or Recovery Time Objectives (RTO).

According to InfraScale, a Disaster Recovery as a Service company, 95 percent of businesses experience outages for reasons unrelated to natural disasters. Additionally, the average time it takes organizations to recover from a disaster is 18.5 hours. 

FEMA has reported that 60 percent of companies shut down six months after a data loss disaster.

Real World Scenario

Recently, a ZAG client had an extremely critical Citrix Server in their environment go down. When we investigated the problem, we were unable to definitively determine the root cause and could not bring that server back online.

In the past, we would have either physically rebuilt the server or recovered the server from a tape backup. Rebuilding could take over 24 hours to complete and would require much cleanup and troubleshooting; restoring from a tape backup would have taken at least 4 hours.

However, this client had a Datto SIRIS device in place, and we were able to recreate the broken server’s virtual hard disk. Using the Datto enabled us to bring the server online in under 30 minutes.

Businesses must understand that it is equally important to establish a system that can prevent disasters as it is to have a system in place that keeps your company running after and during a disaster. This is why ZAG always recommends having a Business Continuity Plan in place.

To learn more about Datto, or to set up a Business Continuity Plan, contact ZAG today for more details.