• March 31, 2022
  • Catagory Document Management

Assess your hybrid office for effective print security

By : Justin Folkerts

The need for printer security has waned during the remote work era, but as more employees return to the office, consider reviewing your fleet and how you’re managing it.

Protecting hard copies is especially important today given privacy legislation and other regulatory frameworks that outline how businesses must handle Personally Identifiable Information (PII), which is subject to the Personal Information Protection and Electronic Documents Act (PIPEDA) or the General Data Protection Regulation (GDPR).

Just as critical is that your employees may be printing sensitive business information, including financial data or other proprietary intellectual property that gives you competitive advantage in your industry. Many security teams today are more focused on making sure data doesn’t leak through corporate firewalls or via a remote worker, but with office life returning to normal, corporate data can be compromised or stolen in hard copy.

A managed print services strategy contributes to better endpoint security and controls access to any printed materials, which have the same potential to lead to a security or compliance breach if the wrong person gets a hold of a stack of paper that contains sensitive information.

Older printers are holding you back

An assessment of your current print infrastructure will likely reveal there’s room for upgrades. Older, legacy print technology is not only a security threat, it’s also a barrier to productivity, collaboration, efficiency.

Older devices are likely to break down more frequently, which means you’re pulling IT resources away from strategic projects for frequent break / fix incidents such print jams and toner shortages. This impairs employee productivity, too, in the form of slower outputs in terms of pages per minute. Software compatibility issues are also amplified if your office workstations are being modernized at a faster pace. Older printers are also less energy efficiency and costing you more in electricity.

High electricity consumption also means your business isn’t as sustainable is it could be. Retiring your older printers as part of a managed print assessment can help you evaluate how much you really need to print and establish greener practices to reduce waste. A more modern, efficient printer fleet can reduce paper use and improve ink and toner management, which also contributes to sustainability, as modern toner cartridges can be recycled and turned into new ones, and overall consumption can be reduced.

People will always want to print

Even organizations that are aiming for a paperless office will always have some hard copy output – accounting for human behavior is an essential part of any managed print services strategy. As offices get busy again, there’s going to be the potential for the wrong person to grab documents from a printer they shouldn’t have and walk out the door with them. So long as people are inclined to print out information in hard copy, if only for their own personal convenience, there will be a need to secure paper documents.

In the meantime, legacy print technology is costing you more money than necessary by having an impact on your budget, efficiency, productivity, and sustainability, while also posing a security risk. Just as a leaked email or hacked database can put the future of a business in a severe jeopardy and disrupt operations, so too can a stolen printed document.

A managed print services strategy beginning with a thorough assessment bolsters your endpoint security with printed output in mind.

  • March 17, 2022
  • Catagory cybersecurity

 Key Cybersecurity Trends for 2022

By : Justin Folkerts

As we wrap up the first quarter of the year, some trends are emerging around cybersecurity that affect businesses of all sizes.

Not surprisingly, these trends are being driven by the impact of the pandemic, as remote work continues, and organizations look to establish a new normal of flexible work hours and hybrid teams.

Cybersecurity is getting more expensive

The cost of securing the organization is going up, and so is the cost of not having robust security. According to a report released last year, the global average cost of a data breach surpassed 4 million U.S. dollars. These costs are attributable to lost revenue and lost customers, fines for non-compliance, and even ransomware payouts. For larger organizations, it’s the cost of doing business, but for smaller ones, it can mean the end. Investing in cybersecurity is also expensive, but it’s an investment that pays off in the long run.

People are the deciding factor

Social engineering remains a preferred tactic of bad actors when it comes to gaining access to systems, stealing data, and disrupting systems. Ransomware continues to be one of the most popular types of attacks, and remote work has made it easier for threat actors to target vulnerable users. This means training employees with sufficient security awareness is more critical than ever so they can spot a phishing email and understand the need to adhere to security policies. Given that passwords remain integral to managing access, there’s an increase in adoption of biometrics to add an additional layer of security to turn people into their own password by using their individual characteristics to facilitate access.

The bad guys are getting smarter

Threat actors see the benefit of honing their skills because it makes them more successful, especially when the motivation is money. Whether it’s remote work or other circumstances, they’re always looking for new avenues with vulnerabilities they can exploit. As organizations adopt new ways of working, including flexible hours and workspaces for employees, cybercriminals are going to look for windows where they can access data and disrupt systems.

One trend that’s been clear since before the pandemic is that security can not be just an issue for IT to manage. If organizations are to implement effective cybersecurity, they need the support of the C-suite who can lead by example and provide budgetary support with and understanding that cybersecurity impacts the bottom line.

  • January 13, 2022
  • Catagory company news

Canon Canada investment accelerates Supra’s plan Canada-wide service delivery

By : Sanjeev Spolia

Supra ITS’ ambitions as an independent managed services provider have always been to expand across the country. The recent minority investment by Canon Canada will allow us to expand our existing relationship while developing innovative solutions that combine Canon’s world-class technologies with Supra’s nimble and flexible IT services model.

The investment in Supra by Canon further builds on an exclusive relationship to deliver managed information technology services across Canada, including business process services, systems integration, managed security, and corporate IT support. Since embarking on this relationship three years ago, we have grown our combined portfolios to serve a wide array of Canadian businesses across different industries. This expanded relationship enables Supra to accelerate our five-year plan to grow the organization into a truly national IT services provider and scale up our services to meet the needs of the enterprise market.

In turn, Canon will be able to grow its services portfolio to build out a broader, deeper suite of services that adds managed IT services to its already robust document management and workflow offerings, and seamlessly merge print and IT technologies so Canon’s customers have a single partner in the form of Supra ITS to support their end-to-end technology needs.

The investment by Canon will not mean any changes to the leadership, management, or day-to-day operations of Supra ITS. Canon is joining the Supra team as a minority partner with seats on the executive committee and board.

Supra’s focus will continue to be on providing small and medium-sized enterprises spanning multiple regions with managed security, business process services, and corporate IT support, with an emphasis on helping customers integrate document and workflow solutions with organizational IT. Over the past two years, the company has also pivoted to support new and existing customers with their efforts to support productive, secure remote work options and expects this to continue as Canadian businesses adapt to a hybrid office model while continuing with their digital transformation efforts.

  • December 15, 2021
  • Catagory multi-cloud

Pick the right public cloud for the right job

By : Justin Folkerts

There are more choices then ever when it come to picking the right public cloud platform for the right workload.

Even though all the major public cloud providers, including Amazon Web Services (AWS), Microsoft Azure, Google Cloud and Oracle Cloud, all have similar offerings for common workloads, their available services are increasingly diverse. Choosing the right one can be tough choice for just a single application migration, let alone deciding what should be in your multi-cloud environment.

Find a balance

Selecting a single cloud platform that will meet all your needs has its appeal, but a multi-cloud environment offers redundancy and keeps you from being locked into a single vendor. But although there’s value in a best-of-breed approach to meet specific business application needs, you also want to avoid cloud sprawl. While you should choose your public cloud platform based on which one can best meet requirements, some compromises might be sensible if it means keeping your public cloud provider portfolio manageable.

SMBs will get the biggest bang for their buck to by making sure your public cloud adoption improves productivity without making your IT team work harder or requiring a great deal of user support. Collaboration applications should be easy for remote workers to use anywhere, regardless of device, such as Microsoft Office 365 or Google Docs. For business users who have specific needs, such as sales and marketing, you may need a public cloud instance for a CRM tool. Your selection criteria should consider available integrations across different public cloud platforms—many vendors do play nice with each other and work well in tandem.

Standardizing on a small number of public cloud platforms will provide productivity gains while lowering your total cost of ownership and keeping IT staff free to work on other more strategic projects such as digital transformation efforts.

Prioritize security

Bolstering security, especially at a time when many employees are working remotely, should be just as important as meeting your business requirements. Public cloud platforms can bring a lot to the table because they can apply the same capabilities to your mission-critical data as they do to their own infrastructure. However, when you adopt a multi-cloud strategy, it’s important to remember that security is a shared responsibility—be sure to know what your role is and what the cloud provider is responsible for.

A multi-cloud strategy enables organizations to leverage the ideal platform for the right business need but building your own multi-cloud environment can seem overwhelming. An experienced managed IT services provider can help you get the most from your public cloud deployments so you can successfully select the right public cloud platform for each workload.

  • November 30, 2021
  • Catagory Data Protection

Make sure your endpoint backup safeguards your most critical business information

By : Sanjeev Spolia

Endpoint backup remains essential, especially with the emergence of the hybrid office and the persistence of remote work, but that doesn’t mean all your data needs to be backed up. The right cloud-based data protection can cover all the bases while being discriminating about what it stores.

The main reason you must back up every endpoint is that business data is distributed across devices and remote locations. Today’s cloud-based data protection makes it easier because it recognizes that employees are more mobile, and their devices have increased in storage capacity and may store critical business information. But you’re certainly not going to want to back up every single bit of data from an employee’s device, especially if they’re a remote worker using a personal device as their workstation.

Discover every endpoint

A key challenge for data protection efforts is that not all endpoints are connected to your corporate network, but you still need to understand what endpoints must be backed up regardless and accommodate both the device type and how it connects.

In some cases, it’s easy to schedule cloud-based data protection at regular intervals based on the value of the data and how frequently it changes because they are on your network or can connect as needed to back up their data.  However, laptop connectivity can vary wildly depending on the employee with some remote workers always at home while others may be more mobile. Executives have a reputation for living on their smartphones, putting their entire office in the palm of their hand.

It’s critical that you understand where your critical business information resides, but that doesn’t mean backing up single device, application and server is the answer.

Pick and choose your data

Endpoint backup isn’t necessarily expensive, but do you want to spend money on data protection for information that won’t be missed?

Not all data is created equal, so consider building a data classification strategy. Not only will you not waste time and resources backing up non-essential data, but the exercise will you better understand what digital information is critical to your business operations. By classifying your data, you ensure that the data that truly matters is safeguarded and replicated without overprovisioning your endpoint backup capabilities, whether it’s your on-premises infrastructure or cloud services.

The added benefit of data classification is that you can improve your compliance posture so that you’re applying adequate protection for sensitive information that may be governed with privacy legislation such as Personal Information Protection and Electronic Documents Act (PIPEDA) and the General Data Protection Regulation (GDPR). It’s also an opportunity to streamline your production IT—the more systems you have in place, the more complex the data classification and endpoint backup. Standardizing on a single document management system or CRM will make it easier to find where the critical business information resides so it’s consistently backed up.

Regulatory compliance and data classification are a continuum because your critical business information changes and grows in volume in line with your business. For your endpoint backup to remain accurate, consistent, and comprehensive, consider engaging a managed service provider to help you architect a strategy that can help you classify data, create sound policies, and automate where possible so that your critical business information easily accessible in the event of any emergency or disaster.

  • November 16, 2021
  • Catagory cloud backup

Keep your data protection simple by using cloud backup

By : Sanjeev Spolia

When it comes to data protection, simple is always better, even as remote work and hybrid offices makes things more complex.

Even as endpoints flourish, you should continue to streamline your systems by leveraging cloud backup and combat complexity—the more systems you have in place, the more likely something will go wrong. You must balance redundancy with simplicity.

Even before the pandemic and the massive proliferation of remote endpoints, there were already many different applications and systems needing backup as lines of businesses spun up their own Software-as-a-Service (Saas) applications such as Microsoft Office 365 and Salesforce. Even worse, they assumed data is automatically backed up by the vendor. But in addition to those applications, you need to keep track of your servers, physical and virtual machines, and multiple endpoints that include workstations and laptops, satellite offices, and of course, remote workstations, which may even be an employee’s personal device.

The attack surface has expanded since the pandemic but having multiple data protection systems isn’t the answer. Instead, consider a single cloud backup service with built-in redundancy. As with any application, a data protection system has its own maintenance requirements and processes, so it’s best to have one that’s well-managed and reliable that makes verification simple. That way, you can be confident all your data, regardless of application, server or endpoint, is being consistently backed up. Having as single cloud backup service is also better for your IT budget.

However, depending on your environment, it may not be realistic to have a single cloud backup solution; your best approach is to implement a select few data protection systems to meet user requirements so that your IT team isn’t overwhelmed by too many backup tools as the resulting complexity will lead to misconfigurations and ultimately, a data breach that leads to a business disruption.

Having confidence in your cloud backup isn’t just important for your IT team. Data protection plays a strong role in maximizing business uptime, so you’re not only trying to keep senior IT management happy—the CEO has a stake in data protection, whether they realize it or not.

Like any application you implement to realize business goals, not all data protection and cloud backup systems are created equal. In addition, IT environments are more dynamic than ever thanks to digital transformation efforts, the emergence of the hybrid office, and the persistence of remote work. When selecting a cloud backup solution, be sure they meet all your data protection criteria including compliance, security, and restoration windows.  You might want to consider taking the opportunity to replace legacy systems that can be difficult to back up, rather than keeping them going because it will reduce maintenance costs, add data management capabilities, and improve your overall data protection effectiveness.

Remember that data is more portable than ever, too, especially when fewer people are working in the office behind the corporate firewall. If applications and data are spread cross multiple clouds, as well as endpoints and workstations, then your cloud back solutions must consider that your data is distributed across many platforms, as well as understand the built-in data protection of SaaS productivity applications—not just what they can do, but also what they don’t do.

A dramatic increase in the number of remote workers and the emergence of the hybrid office are great reminders that the need for robust data protection is never going to go away. As the year ends, take the opportunity to revisit the cloud backup solutions you have in place and implement a strategy to modernize it as needed to reflect the world of work with the help of an experienced managed services provider.

  • October 29, 2021
  • Catagory Security

Security Policy Must Keep in Mind How People Work in the Hybrid Office

By : Sanjeev Spolia

If the hybrid workplace is here to stay, then security policy must put people first—understanding how the human element plays are role in protecting data is essential, but so is making sure any security measures don’t get in the way of their productivity.

People can be part of the problem but also part of the solution—cultural changes that go hand and hand with security policy can positively influence employee behaviours to make your hybrid office more secure.

Humans make mistakes

Quite often, people put the organization at risk and violate security policy unintentionally. Privileged users can unknowingly let their credentials get compromised, which allows threat actors to access systems and sensitive data. Although it’s usually an accident, occasionally a disgruntled employee may compromise the organization intentionally.

Human beings also fall for phishing scams, both on their personal devices and corporate workstations; in the hybrid office, this device can be one and the same. Scams that employ socially engineered malicious messages that encompass tax-themed phishing, dodgy downloads, fake payment and delivery, and invoice phishing, have become even more common during the pandemic and will likely continue apace in the hybrid office.

Some people are just plain careless, despite security policy guidance, by letting credentials lapse or not using multifactor authentication. Cybersecurity technology isn’t effective on its own without keeping people in mind. Yes, they need to be held accountable, but you must also meet them where they are. The hybrid office means your employees are moving between their work and personal lives more fluidly, including the devices they’re working in—this must be reflected in your security policy.

Remote work is here to stay

Meeting people where they are means your security policy outlines how they can help to keep their organizations securie without getting in the way of their productivity. Your security policy should assume that the hybrid office is here to stay for the foreseeable future and understand the impact of continued remote work.

IT teams must be prepared to support remote workers, who are likely to have less traditional schedules as they embrace flexibility, and adopt collaboration tools to work across different departments, including human resources as they onboard new workers who will be working remotely, on-site or a combination of both. The hybrid office has also meant a shift to “hoteling” as employees come to work a few hours a day or a couple of days week without their own dedicated workspace.

Remote work always had implications on security policy, even before the pandemic, but there has been an increase in malware incidents, data breaches and other poor security behaviors as more people work from home. Despite this spike, it’s important keep security simple for employees and engage regularly with through awareness training so they can help protect their hybrid office from threat actors.

A clear and concise security policy allows employees to be productive no matter where they are working so that security is not a barrier to productivity.

Sanjeev Spolia is CEO of Supra ITS

  • October 17, 2021
  • Catagory PCaaS

PC-as-a-Service (PCaaS) streamlines and procurement and enhances productivity

By : Sanjeev Spolia

With the trend toward remote work evolving to a hybrid office modelv, the case for small and medium-sized businesses to embrace PC-as-a-Service (PCaaS) is more compelling than ever.

Businesses need their employees to be as productive as possible no matter where they are without worrying if their PC workstations are fast enough, secure enough or properly connected to the data and applications they need to get things done.

PCaaS offers many benefits, allowing you to scale up your employee PC footprint as quickly as needed to support essential on-site employees, remote workers and hybrid offices with the latest and greatest Windows-based desktops and laptops.

Predictable costs and more secure data

Moving to PCaaS eliminates the upfront of cost of buying PC workstations and reduces the time and effort necessary to source and negotiate with vendors. Guided by your requirements, a managed service provider acquires the best hardware on your behalf, and you subscribe instead of buy through a monthly leasing model.

A PCaaS subscription provides predictable budget because your costs are fixed over the course of the agreement rather than occasional small or large capital expenditures and all the associated costs with deploying, managing, and maintaining a fleet of workstations. The cost savings of embedding the cost of equipment into a monthly fee add up quickly because lifecycle management of hardware becomes the responsibility of your service provider, including device disposal. You also have the flexibility to scale up or down as needed without worrying about whether you have the available management expertise or devote resource to sourcing and negotiating with vendors.

PCaaS frees up your own IT teams for more strategic projects aligned with business objectives because you can trust that a managed service provider will provide the technicians needed to manage any hardware and software regardless of location, including on-site troubleshooting or remote updates and maintenance. This also translate into reduced downtime because this IT support is available 24/7. Productivity is also enhanced because any new device that lands on an employee’s desk is pre-configured to desired specifications with all needed apps necessary for them to do their job.

Another added benefit to PCaaS is enhanced data protection due to better business continuity and security. The right service provider will also offer off-site data so that in the wake of a natural disaster or power loss they can easily restore critical data and re-provision your equipment quickly so there’s little to no disruption to your business operations. PCaaS also encompasses security safeguards such as hardware-based security measures, secure authentication for users, and data encryption and malware detection/remediation as part of any device deployment. By managing your fleet from a central location, your provider can update all devices with any security patches remotely, as well as keep a real-time inventory by tracking their location and status.

Workstations on demand

Supra ITS’ PCaaS, also known as “Workstation-as-a-Service” (WaaS) takes on the day-to-day management of all your employee workstations, no matter where they work or what they do. We manage any software updates and hardware upgrades, answer any technical support calls, and reconfigure the PC as needed to improve productivity and meet business objectives. This enables both your employees and IT staff to focus on strategic initiatives that drive revenue for the business rather than get bogged down with PC troubleshooting.

Because we automatically deliver the latest patches and updates to every endpoint in alignment with robust security policy and any mind any regulatory requirements that govern your industry, you can have peace of mind your business is protected without any barriers to productivity. Our sourcing strategy future-proofs your business with workstations that will be able to run your core applications for years to come.

  • September 30, 2021
  • Catagory Security

Cybersecurity Attacks Target Remote Work Technology: Things You Can Do

By : Justin Folkerts

Remote work technology continues to be a prime target for cybersecurity attacks.

Recent research released by Tenable in collaboration with Forrester found that nearly three quarters of organizations have traced recent cyberattacks that have impacted their businesses to vulnerabilities in remote work technology. Even before the pandemic began, the traditional perimeter around enterprise IT infrastructure had become rather porous due to increased mobility of workers and cloud adoption. With a hybrid workforce that has fully embraced remote access tools, cloud services, and personal devices, that perimeter is pretty much gone.

The Tenable / Forrester research found that 80 per cent of security and business leaders say remote work has put their organizations at higher risk because IT teams lack visibility into remote employee home networks as more than half of remote workers use a personal device to access work data. This has meant three quarters of cyber attacks are targeting remote employees. Threat actors are also exploiting third-party software providers or leveraging vulnerabilities in those products, with 65 per cent respondents linking those compromises to recent cyberattacks. 

For small and medium-sized businesses, it can be challenging to invest a great deal of money in security technology and dedicated IT staff, but there several core things that can help to better protect remote work technology from cybersecurity attacks.

  • Use a Virtual Private Network (VPN): Implementing a VPN for anyone accessing corporate data and applications via the Internet provides an additional layer of security via multi-factor authentication and should be required for anyone looking to access valuable company intellectual property and other sensitive data.
  • Use complex passwords: Many employees opt for simple passwords they can remember and use them for more than one application or website, which means once a hacker guesses one of them, they have access to a great deal of private information. Since these can be difficult to remember, consider implementing password encryption software that stores usernames and passwords without the need to know what they are because the information is encrypted from the start.
  • Educate everyone: Having the right technology in place only goes so far; you need a culture where all employees understand the need for complex passwords, log in via VPNs, and recognize phishing attacks and other suspicious emails. In addition to employee training, set aside a budget for your cybersecurity team to attend webinars and other courses that help them keep up with an ever-changing threat landscape.
  • Keep everything up to date: Whether it’s hardware or software, getting behind upgrades and patches is sure fire to create vulnerabilities that threat actors will support. While much of this can be automated, you should have a program in place to verify all necessary updates are done on schedule.
  • Pick a reputable cloud service provider: A great deal of security misconfigurations that lead to data breaches are the result of connecting with the many cloud services available to businesses today. Make sure your chosen providers have a solid track record on the security front and understand what they’re responsible for securing and what must be done at your end.

Keeping ahead of cybersecurity attacks has always been a challenge and the remote work era hasn’t made it easier. Consider seeking out a managed security services partner who can help you evaluate your security posture, implement new technologies and policies, and automate where possible so that your business is a less appealing target for threat actors.

  • September 16, 2021
  • Catagory Security

Stay mindful of security misconfigurations as remote work continues

By : Justin Folkerts

Security misconfigurations continue pose to a threat to organizations, and remote work hasn’t helped. However, how you configure cloud security is just as critical as end user behaviour.  

The shift to remote work not surprisingly has led to a spike in cyber attacks just as organizations were spurred by the pandemic to accelerate adoption of the cloud. These conditions mean security misconfigurations can have an even bigger impact on overall security posture.

Threat actors are drawn to security misconfigurations

As remote work continues and endpoints flourish for other reasons, such as IoT and edge computing deployments, it’s essential to have a full inventory of all your internet-connected digital assets, whether it’s the laptops of your remote workforce or the cloud applications they’re accessing. Threat actors are working hard to compromise all your digital assets, and security misconfigurations for a single cloud application can give them an opening to gain broader access to your infrastructure.

Security misconfigurations are ultimately a form of human error, which are generally a bigger threat to your organization than technology flaws and failures. Among the ones to be mindful of are forgetting to remove unused access permissions, setting up incorrect access, or creating overly permissive rules. Even before the massive shift to remote work, network infrastructure even small and medium businesses have become increasingly dynamic with the adoption of the cloud and mobile technologies.

Having strong policies as a baseline combined with automation can help you avoid security misconfigurations that lead to costly data breaches.

Automation requires visibility

Automation is essential if you want to stay ahead of threat actors, but you to have visibility into the devices, assets, and processes before you do it.

One thing you must watch out for is shadow IT, whether it’s software or hardware. Employees or even lines of business sometimes find their own solutions out of expediency without understanding their impact and the doors that are open to hackers due to security misconfigurations. These either need to be excised from your organization or made officially part of your digital asset inventory. You need to fully understand what your inventory is and conduct regular updates, especially as remote work continues, and employees come and go.

Having the right people in place can also help you avoid security misconfigurations, whether it’s cybersecurity specialists or making sure all employees have a solid understanding of good security hygiene. However, there’s only so much internal talent development can do given all the pressures faced by an IT team today, and good security people are in high demand.

Given these challenges, you should consider tapping into the expertise of a managed security services provider that can help you evaluate your infrastructure, develop strong policies, and implement automation so you can mitigate the impact of security misconfigurations.