Tag Archives: Data Security

Business, Contributed

Why Small Businesses Don’t Backup: Exploring Limitations and Solutions for Data Protection

Leave a comment

This article is contributed by Joanne Weng, Sales Director at Synology

In today’s digital age, backup solutions are more critical than ever before. Businesses of all sizes must ensure that their data is secure and easily recoverable in case of data loss or cyberattacks. One of the most commonly cited backup rules is the 3-2-1 rule, which suggests having at least three copies of data stored in two different formats, with one copy stored offsite. While this serves as a solid foundation for a backup strategy, it may not always be practical or feasible for all businesses.

Should we follow the golden rule of 3-2-1 backup?

The golden rule has its limitations, especially for small businesses with limited resources. Implementing a complete backup solution can be costly, as it requires additional hardware and offsite storage solutions. According to a 2021 report from Databarracks, “implementing the 3-2-1 backup rule is becoming more expensive, with the cost of storage and cloud services rising by around 10% over the past year” (Source: TechRepublic).

b13a809a 5189 4860 9724 22e4c773595a

For SMBs, prioritizing practicality in your office’s data protection plan is crucial, and identifying a suitable solution for your business is paramount. According to a survey by ITProPortal, 40% of small businesses do not have any data backup solution in place. Moreover, 34% of businesses have experienced data loss due to hardware failure or human error, and 25% have experienced data loss due to cyberattacks. Hence, the primary concern here is to implement this data protection strategy seamlessly and initiate it as swiftly as possible.

Reasons why small businesses don’t backup

Let’s delve into the reasons why SMBs often lack proper backup solutions. As previously mentioned, one of the primary limitations of backup is its cost. Budgetary constraints are consistently a major concern for most businesses. Backups might be perceived as both time-consuming and expensive due to hardware costs, recurring software license fees, and maintenance expenses.

Furthermore, constructing and managing a robust backup solution also demands significant effort, which many SMBs are unable to allocate. A dedicated IT team for setting up the necessary infrastructure is often lacking, leading to the outsourcing of such tasks.

Lastly, the recent adoption of hybrid working has resulted in office data scattered across different platforms and devices. This situation makes data centralization and management initially cumbersome. Additionally, data migration in such cases can give rise to security risks.

Backup solution with compatibility, capacity, and value cost

To overcome these challenges, small businesses need a data protection solution that facilitates scalable backup appliances, simplifies IT deployment and maintenance, as well as offers flexibility and secure integration across various platforms and devices.

Synology backup solutions are ideal for businesses, offering both on-premise and cloud-based backup solutions to cater diverse business needs. These solutions come with three key advantages: compatibility, capacity, and value cost. Unlike traditional backup appliances, there is no need to select corresponding backup software based on varying endpoint requirements and software compatibility. Synology’s hybrid-cloud provides a centralized backup appliance that spans across platforms, along with scalable storage. Utilizing enterprise-grade technologies such as global deduplication and changed block tracking (CBT), maximized storage efficiency with simplicity.

Moreover, the backup software licenses cover everything, from folder-level and bare-metal backups to VM and SaaS backups, and all of this is available at no cost—100% free. Synology’s public cloud backup service adopts a pricing method that only calculates storage space, instead of the number of devices or employees. This transparent pricing approach ensures there are no hidden costs associated with the backup package, setting it apart from other solutions available in the market.

Backup is not that hard: Deployment sizing recommendations for different usages

So, considering all the mentioned benefits, let’s focus on practicality: What is the ideal backup setup for small to medium businesses? Here are three recommended sizing for different segments of usage scenarios.

Smaller-sized businesses and startups

Starting from smaller-sized businesses, such as startups with around 30 employees. These companies require endpoint and SaaS backup capabilities to safeguard the data of their remote-working staff. Additionally, they might require storage scalability to accommodate future needs. Given that these businesses often lack dedicated IT personnel to formulate a comprehensive backup strategy, Synology’s Plus Series 4-bay or above model with cloud storage backup will be the most suitable solution.

Synology Advertorial Pic 1

For this context, the best approach is to employ Synology’s Active Backup for Business. This tool enables the automatic backup of office data from PCs, servers, and SaaS accounts (like Microsoft 365) to centralize all the data on the NAS. To further enhance the layers of protection for this centralized data, Hyper Backup can be adopted. This solution facilitates backing up the NAS, along with all its configurations, to options such as external hard drives, public clouds, or another Synology NAS device.

What’s more, the user-friendly intuitive UI, coupled with the setup wizard, allows the staff to easily set up the system. The powerful hybrid protection strategy comes at a cost comparable to that of protecting a set of individual PCs, making it undeniably a cost-effective backup plan.

Medium-sized businesses

Synology Advertorial Pic 2

Moving on, for a company size of around 200 employees, the deployment approach remains comparable to the one previously mentioned; however, a larger company size introduces additional factors, such as the need to back up virtual machines and the necessity for faster access speeds and greater storage capacity due to the increased scale.  Normally, businesses of this size would have an IT team for handling backup tasks, Yet, given the larger number of devices to be backed up, challenges arise in terms of cross-platform deployment and ongoing maintenance.

This is where Synology’s comprehensive backup software setups in to provide assistance. It not only supports almost all the common platforms in SMBs IT infrastructure but also provides a central management portal. Thus, Synology emerges as the most fitting choice for SMBs.

Similar to the Startups package, here we would recommend 8-bay or above Plus Series models along with C2 Storage for the data protection plan. This package could cover all the backup-needed platforms, and the storage can be easily expanded by providing flexibility in expansion in the future.

SMEs or Larger-Scale Corporations

Lastly, when considering larger companies, such as SMEs with approximately 1000 employees, the pain point would be similar to what SMBs face, but enterprises would require more complicated management due to the significantly larger number of devices. Furthermore, these enterprises would need more immediate recovery to minimize downtime. To meet the critical requirements in enterprises require, we can provide the corresponding one-stop backup solution with multiple-layer protection.

Synology Advertorial Pic 3

The highly scalable 2U rack models paired with Cloud backup prove to be an optimal choice. and in consideration of the recovery time requirement, it would be great to have another on-prem NAS for disaster recovery solutions so that enterprises can utilize Snapshot Replication for instant recovery. Even for large-scale enterprises, Synology would still become the best choice with flexible data protection deployment, including on-prem, cloud, and an extra DR site.

In conclusion, while the 3-2-1 backup rule is an essential starting point, it may not be enough to meet all business backup needs. Synology offers flexible backup solutions that can help businesses achieve reliable and cost-effective backups that suit their unique needs and risks. By taking a holistic approach to backup and regularly testing backup systems, businesses can ensure that their data is secure and easily recoverable in case of data loss or cyberattacks.

Business, Contributed

Unlocking Cost-Effective Data Management Solutions with Synology

Leave a comment

This article is contributed by Ms. Joanne Weng, Sales Director at Synology

In today’s business landscape, managing extensive amounts of data has become crucial for enterprises across various industries. Whether optimizing manufacturing operations, analyzing consumer behaviour in retail, safeguarding financial data, or dealing with rapid data growth in the media sector, the challenges of data management persist. To address these challenges effectively, businesses must seek cost-efficient solutions that offer scalability, ease of use, and robust security measures.

Banner

Synology, a leading provider of data management solutions, presents a comprehensive approach to addressing the demands of data storage and protection. Leveraging insights gained from serving over 150,000 clients worldwide, Synology offers tailored solutions that precisely meet the needs of businesses in Malaysia. Here are three crucial aspects for evaluating costs when implementing massive storage solutions:

1. Scalability: Anticipate Data Growth Patterns

Businesses must assess their current storage needs and anticipate future growth to select appropriate hardware without overspending. Synology identifies two main types of companies—those with substantial existing data or clear estimates of future storage needs for the next 3-5 years, and those with limited current data and uncertain growth rates, requiring gradual capacity expansion based on actual needs.

2. Ease of use: Prioritize Ease of Management and Software Integration

After selecting hardware to accommodate future data growth, businesses must also assess software compatibility and user-friendliness for both current and prospective IT operations and maintenance.

Synology Products

Numerous businesses opt for large-scale storage devices as their file servers or centralized data repositories for endpoint protection. These solutions necessitate diverse management features, login mechanisms, and platforms for user access or backup services. Nonetheless, not all solutions seamlessly integrate hardware and software, and some may incur additional licensing or subscription expenses, which can accumulate over time.

Synology tackles this challenge by crafting user-friendly data management and protection software applications, specifically designed to streamline the learning process for IT professionals. Furthermore, these applications come bundled with Synology’s hardware purchase, offering both budget flexibility and alternative deployment options for businesses.

3.  Robust security measures: Ensure Comprehensive Data protection

Lastly, when storing large and critical data volumes, businesses must ensure the security mechanisms to prevent breaches or loss due to accidents or malicious attacks. Synology emphasizes two key aspects: hardware availability and data protection measurements.

Businesses should consider whether the solution offers high availability mechanisms, multi-path redundancy, and support for Out-of-Band Management for remote access. Additionally, comprehensive backup solutions and advanced security features like Synology offers, Write Once Read Many (WORM) and immutable backup technology, are imperative to meet evolving cybersecurity requirements.

Toyota Motor Vietnam Selects Synology As Its Data Management Partner

The partnership between Toyota Motor Vietnam (TMV) and Synology serves as a testament to the highlighted benefits of implementing Synology’s solutions. By upgrading its data storage system to a petabyte scale, TMV enhances operational efficiency, data recovery capabilities, and system stability while significantly reducing data protection costs.

Toyota Selects Synology

“Synology’s storage solution has increased our business resilience” Mr Bui Ta Hoan, Head of Information Technology at TMV, attests to the effectiveness of Synology’s storage solution in enhancing operational efficiency and data protection. Through Synology’s technology, TMV ensures continuous production line operation, secures sensitive data and achieves substantial cost savings.

In an era driven by data, businesses in global as well as Malaysia require robust and cost-effective solutions to manage their expanding data volumes efficiently. Synology offers a comprehensive suite of solutions tailored to address the unique challenges faced by enterprises across various sectors, empowering them to thrive in the digital age.

Business, Editorial

Recognizing Third-Party Risks & Addressing the Gaps with Identity-Based Security

Leave a comment

Enterprises and businesses are well into their digitization journey. Many have adopted digital strategies and tools that align with their businesses and goals. However, in their swiftness to adopt software and tools that enable them to be agile, many may have overlooked one of the most crucial aspects of their data security – third-party access and control. The issue arises as a result of the adoption of multiple diverse tools and technologies needed for digitization, the acquisition of contract talent, consultants and third-party support. This rings true even for Financial Service Institutions (FSIs). In a recent report, Gartner stated that 59% of organizations experienced a data breach due to third parties and only 16% of them say they are equipped to manage these risks.

Boey’s Headshot 1x1

“Today, organizations can manage up to thousands of identities which means more access points that may present significant risks. In order to mitigate the risks of breach and protect digital identities, data and resources, enterprises need a comprehensive identity security solution for complete visibility into all user types and their related access, including all entitlements, roles, and attributes, to ensure employees receive the right access to the right resources to do their job.”

Chern-Yue Boey, Senior Vice President, Asia-Pacific, SailPoint

While it can seem like a daunting task for IT departments and CIOs to get a handle on the issue, the truth is that it’s a simple task of managing access on a “just-in-time” and/or “as-needed” basis. With an increasing number of such instances, it becomes a conundrum of how to dynamically manage these permissions. One emerging approach is to manage these permissions or instances as “identities”. Using this approach, it’s a matter of mapping these identities and the data they have access to. Essentially, a holistic view of who (identities) can access what data (what), is needed. While it can be a little complicated to administer this on a dynamic level, companies like SailPoint provide turn-key solutions fortified with artificial intelligence (AI) that allow just that.

An Increasing Concern for Financial Service Industries (FSIs)

As banks and other FSIs start embracing digitization and move towards becoming digital services, we’ve seen an increasing emphasis on data security and privacy particularly when it comes to user data. However, like many other enterprises, the digital infrastructure and tools that they have in place may pose a risk when it comes to data security. What’s more, when it comes to FSIs, the consequences of poor security can result in millions of dollars of loss for both the client and the institution itself.

hands holding a smartphone with data on screen
Photo by Tima Miroshnichenko on Pexels.com

In Malaysia alone, we’ve seen an increasing number of scams and data breaches in the past 5 years. This seems to have skyrocketed during the pandemic and is not showing any signs of slowing down. In fact, in the past year alone, we’ve had breaches of large service providers like Telekom Malaysia and Maxis. More worryingly, we’ve had breaches of FSIs like Maybank and iPay88. Of course, under the watchful eye of regulators, these issues are constantly being investigated and fines are dolled out for mismanagement.

Boey’s Headshot 1x1

“The reality is a large majority of cyber security breaches today occur as a result of non-employee identities. According to a research by Ponemon, 59% of respondents confirm that their organizations have experienced a data breach caused by one of their third parties and 54% of these respondents say it was as recent as the past 12 months”

Chern-Yue Boey, Senior Vice President, Asia-Pacific, SailPoint

That said, it’s important that these institutions move from a reactive approach to a more preventative and proactive one. This change has to happen with both policy and adoption of security technologies which give CIOs and data security experts a clear view of who is accessing what data and why.

Creating A Data Secure Environment for Business

FSIs like Maybank and iPay88 may point to their apps with features like SecureKey and their implementation of one-time pins (OTPs) as potent security measures. However, as Chern-Yue Boey, Senior Vice President at SailPoint puts it, “Authentication is like giving someone the keys to your front door, but identity security is where you can control whether this person can have access to your rooms and other aspects in your home.”

What’s needed is a system that can cross-check and verify if access to the information is allowed. Mr. Boey weighs in on this, “A complete identity security strategy involves understanding, controlling, and managing user identities and access to all resources holistically, in line with authentication methods. This means building an identity security foundation to enable authentication and comprehensive identity governance.”.

close up view of system hacking
Photo by Tima Miroshnichenko on Pexels.com

Identity governance will entail creating unique profiles to manage access to data. This also entails structuring data so that it can be accessed on an “as-needed” basis. While many systems for cybersecurity do include options for Zero Trust environments, the implementation of identity management ups the ante and creates an environment where small silos of data can be made available to external users and contractors. This will enable access to data on a restricted basis and allow CIOs and IT Departments to manage data based on job function, role and levels of access.

Mitigating Risk with Identity-based Security

This is where Identity Security can play a huge role for FSIs and even other corporations. The creation of these identities limits the potential exposure even if a breach occurs. That said, in order to mitigate the risk, it falls to the C-suite executives – particularly the CIO or CSO – to understand which job functions should have access to what data. Only with this understanding can they deploy solutions like SailPoint effectively.

Having this understanding – which can be fostered at every level of management – will help mitigate risks associated with third-party workforces. In fact, it helps with a key risk: unauthorized access to sensitive data. As access becomes limited, so too do the entry points for bad actors.

person paying using her smartwatch
Photo by Ivan Samkov on Pexels.com

That said, understanding is only one part of the equation, FSIs and other organizations will need better oversight over the identities in their system and the data being accessed across the entire distributed IT ecosystem. This includes the ability to grant or restrict access as necessary. Doing this will create a perimeter of security when it comes to pertinent, sensitive data.

Maximizing Security with Informed Access

This transparency and oversight will allow for better-informed decisions as CSOs and CIOs have access to a central repository of all users – third-party or otherwise – and their relationship to the organization. This includes their job functions and the data they have access to. It helps with managing risk when it comes to third-party access. IT Departments are able to assign risk ratings to individual third-party users based on who they work for, location, access level and other parameters as set by the organization.

It also allows them to better manage the onboarding and offboarding of employees and non-employees as they enter and exit the organization. Essentially, the visibility, relationship data and governance will necessarily give rise to a lifecycle for each identity in the organization. While it may seem like a simple matter of managing the current access of users to the data, it goes further than that with identity management. It gives granular control and visibility to a CIO, CSO and IT Departments allowing them to react effectively and in a timely fashion. It also allows them to automate compliance audits with minimal manual intervention.

A Necessary Measure for Dynamism and Agility

As much as it may seem like an added layer of complications and headaches for IT departments, the shift from managing data based on access vs. through identities is the difference between being reactive and proactive. Managing data access with Identity security is a necessary measure for FSIs and organizations to remain agile in operations as well as respond dynamically to a landscape of uncertainties.

News, Social Media

LinkedIn Breached! 500 million Accounts Compromised

Leave a comment

It seems like this week is becoming a very worrying week for social media. Earlier this week, news broke of 533 million Facebook users having their data compromised after a data breach. The latest social media network to join the club? LinkedIn.

It looks like LinkedIn has suffered a breach similar to that of Facebook with the data of over 500 million users being compromised. The breach was first reported by CyberNews who has apparently verified the data. However, it is unclear if the data is fresh or aggregated from a breach that occurred back in 2016.

While the date of the data may be uncertain, the leaked data is a cause for concern as, similar to the Facebook data breach, the phone numbers, emails and full names were leaked. It also looks like LinkedIn IDs, links to the social media profiles, work related data and gender information was leaked.

LinkedIn has acknowledged the data leak. In a public statement, the company has said, “We have investigated an alleged set of LinkedIn data that has been posted for sale and have determined that it is actually an aggregation of data from a number of websites and companies. It does include publicly viewable member profile data that appears to have been scraped from LinkedIn. This was not a LinkedIn data breach, and no private member account data from LinkedIn was included in what we’ve been able to review.”

The news of the data breach is surfacing after a warning of possible scams involving job hunters on the social media was issued by cybersecurity experts. The scam involved fraudsters posing as potential employers who would send .ZIP files to victims purportedly containing application files. Instead, the archive contains a fileless backdoor which allowed bad actors to stealthily install malware into the PC.

LinkedIn has not indicated whether they will be contacting individuals who have been affected. However, keep in mind, that Facebook has opted not to do this. It is very likely that LinkedIn will do the same to avoid a potentially messy situation. We’ve outlined how you can check if you’ve been affected by the breach. We also advise some prudence in dealing with your data online.

News

533 Million Facebook Users’ Data Resurfaces Online from 106 Countries

2 Comments

Facebook seems to be having a row of things recently. The company initially faced humongous backlash on their implementation of data sharing policies between popular messaging app, WhatsApp, and the larger company. Now, it looks like old wounds are reopening for the company as data from a breach that happened in 2019 has surfaced on forums in hacking forums.

The breach involves over half a million users from over 100 countries with data such as their phone number, emails and even birth date. Malaysia is listed in the countries affected with over 11 million users having been compromised. The breach was first reported by Business Insider. Business Insider has also verified the data in the leak by testing password reset requests. A spokesperson for Facebook has confirmed the data breach. The person also confirmed that the data breach occurred due to vulnerability which was identified and patched back in 2019.

https://twitter.com/UnderTheBreach/status/1378314424239460352

While the data is 2 years old, the fact that it is readily available online at this point is a worrying fact. Data like birthdates, phone numbers and emails can be used to socially engineer scams. In fact, due to the phone numbers being leaked and made readily available, the likelihood in getting scams over SMS and phone calls are heightened.

Acronis Vice President of Cyber Protetction research, Candid Wuest, advises that, in light of the leak, “There is now a higher risk of SMS spam, but also password reset attacks and attacks against other services that use SMS for MFA are now more likely. Users should therefore change from SMS-based MFA service where possible for critical accounts.”

The fact that the leaker has readily made the data available for free can be puzzling. However, according Wuest, “As the leaked data does not contain any passwords or payment card details it is of less value to attackers. Furthermore, at least two third of the data was already available from previous leaks. It is not uncommon to see such data sets being made available for free, as they would not yield much profits on underground site. Such large data sets tend to not stay private for very long anyway.”

The new leak brings into the spotlight the amount of personal data we have available online and especially on social media. It also brings into question Facebook’s privacy policies which govern and protect data stored on their service. What’s even more worrying is the fact that Facebook wasn’t the notifying users, instead, the leak was reported by twitter user Alon Gal who has since been looking at and verifying the data leak. Facebook has only confirmed the occurrence of the breach and has not even notified users that were affected.

Gaming, News

Nintendo’s Security Breach Could be Worse than Initially Reported

Leave a comment

Earlier in April, Nintendo announced that it had experienced a security breach when it came to user Nintendo Accounts. The breach was initially pinpointed to those who had used their legacy Nintendo Network ID (NNID) to sign in to their Nintendo Switch. In their initial announcement, the company noted that there were about 160,000 accounts that were affected, but, now, weeks later, the number of accounts has nearly doubled to 300,000 accounts. Nintendo attributes this increase to the investigation that it has undertaken in light of the initial detection.

The issue came to light when an increasing number of users on the switch reported that their accounts were being used to make purchases that owners were not aware of. If you have a credit card or Paypal account linked to your Nintendo account, it would be prudent to check the transactions that have been done on the account in the past weeks. Users who have been compromised are also getting sign-in notifications from unknown devices via email.

Nintendo of America tweeted for users to activate their two factor authentication (2FA) for logins out of the blue prior to the initial announcement. However, with the increase in the number of accounts being compromised, it is increasingly more evident that if you have a Nintendo Account, you’d best reset your password and activate 2FA. Otherwise, you’re risking unauthorised purchases via your linked credit card or Paypal account. In addition to unauthorised purchases, sensitive data such as date of birth and more can be viewed by bad actors.

Nintendo’s latest console, the Nintendo Switch, has put the company on the map again as a serious contender in the gaming console market with over 5 million consoles sold to date. The company is sticking to its guns saying that less than 1% of its users are affected. However, with investigations ongoing, users are advised to take precautions.

Editorial, Podcast

[Podcast] Tech & Tonic Special : Sitdown with Alex Tan of HID International about Biometrics and Security

4 Comments

In this special, we sat down with Mr. Alex Tan, the Director of Sales for the ASEAN Region for Physical Access Control Systems from HID Global. We had a conversation about some of the emerging trends in the industry on the use of biometrics and security. One of the biggest issues we discussed was the use of biometrics and its implications on personal data privacy and security with the emergence of legislations such as the GDPR (General Data Protection Regulation) in the European Union and Malaysia’s own PDPA (Personal Data Protection Act). The issue brought us to talking about how personal technological devices can be a security risk with how they handle data collected by facial recognition and fingerprint reading technologies.

Mr. Alex Tan heads the strategic developmental and organisational growth of HID Global’s Physical Access Control business within the ASEAN Region. He has been in the security access control industry for about 19 years and has, prior to this, headed the sales and entreprise solutions at another leading access control manufacturer.

HID Global has over two decades of expertise in the security industry. The American company has its roots in radio frequency identification technologies and has over the years become a recognised brand when it comes to premise access and security as well as biometric technologies. You may recognise the company’s logos from the many devices and solutions it provides to buildings and businesses across the world. They may even be responsible for keeping you safe in your apartment building!

Take a listen to the podcast and let us know if you still have any unanswered questions when it comes to biometrics and personal data protection in the comments down below.