Phone Solutions for the Hospitality Industry

Phone Solutions for the Hospitality Industry

Mitel Logo Good communication is at the heart of every successful hotel.  Quanexus is now a certified Mitel partner for the hospitality industry.  Mitel hospitality customers enjoy scalable, reliable communications, optimized to meet the needs of their valued guests.

From small hotels to some of the world’s most famous luxury establishments, Mitel provides communication solutions that are:

  • Simple – Provides exemplary customer service that ensures that staff is always aware of their guests needs.
  • Flexible – Offers commonly used property management systems, hospitality applications and guest room telephones.
  • Cost Effective – Reduces cost and simplifies support.

The Quanexus team works with hotel owners and managers to provide the right phone solution and ongoing reliable support.

Posted by Jack Gerbs in Recent Posts
Framework for Improving Critical Infrastructure Cybersecurity

Framework for Improving Critical Infrastructure Cybersecurity

President Obama in February 2013, signed Executive Order 13636 “Improving Critical Infrastructure Cybersecurity”. The goal of the executive order is to protect critical infrastructure, such as power, water, gas, etc. from cyber-threats.
The National Institute of Standards and Technology (NIST) was tasked to create the framework, and released Version 1.0 of the “Framework for Improving Critical Infrastructure Cybersecurity” on February 12th, 2014, also known as the “Cybersecurity Framework”. The framework is voluntary, but is becoming more of a requirement in the utilities industry. It is also a good framework for any organization interested in protecting their networks. The full Cybersecurity Framework can be downloaded at: http://www.nist.gov/cyberframework/upload/cybersecurity-framework-021214-final.pdf.

The framework is divided into five concurrent and continuous functions: Identify, Protect, Detect, Respond and Recover.

Identify: The process starts with an organization determining what is critical for the organization to deliver its services. This involves identifying what and where critical data is stored and what processes and systems are critical for the organization to operate. This includes data, software, hardware inventory, network diagrams and how data flows through the network.

Protect: Once all the critical data, systems software, and processes are identified, relevant threats and risks against those resources need to be evaluated and proper mitigating solutions must be put in place to assure the availability of these systems. Examples of mitigating solutions include, but are not limited to: access control, patch management, anti-virus, firewalls, backups, security awareness training, etc.

Detect: As we’ve mentioned in previous articles, CIOs are starting to look at IT Security differently than they did in the past. Previously, CIOs were investing all their budget dollars trying to prevent a breach. While protection is still required and is the second function in the framework, the CIO posture has moved to “Assume We Have Been Breached”. FBI Director James Comey on October 5th, 2014 stated on 60 Minutes, “There are those who’ve been hacked by the Chinese and those who don’t know they’ve been hacked by the Chinese”. All the best mitigating strategies can still leave an organization vulnerable. Tools and processes need to be deployed that are constantly searching for a breach. The detection function is the continual review of logs, traffic patterns and properly trained users noticing and reporting anomaly behavior on a system or network.

Respond: This function of the framework deals with responding to incidents that are generated from users, log reviews or automated systems. An Incident Response Team is the front line group that deals with and investigates security incidents, and is trained to act as first responders. Often times, it is necessary to bring in a forensics team after the incident to review the evidence and determine if any data was actually exfiltrated and the means that were used to gain control of the victim’s systems. A few key components of the Respond function are:
• Alert the Incident Response Team of a potential incident.
• Investigate the incident to determine if an actual incident has occurred.
• Provide internal and external communications.
• Isolate the infected system.
• Preserve evidence.
• Provide business continuity.
• Bring in and support a forensic team, if necessary.

Recover: This function maintains plans to recover the organization back to a 100% operational state. In the Respond function above, one of the responsibilities is to provide business continuance. The difference between business continuity and recovery is, the business continuity is limited to keeping critical functions running, albeit in a diminished performance mode. The recovery scope is to bring the organization back to a 100% operational model.

Posted by Jack Gerbs in Recent Posts
The Common Causes of a Breach

The Common Causes of a Breach

Typically a breach can be tracked down to one of three root causes; a lack of adequate security training for employees, poorly written or unpatched software or lack of third party access controls.  The majority of breaches are due to poor employee security training.   A single user can circumvent the best security solutions that an organization can afford.

1.         Employee Security Awareness Training

Employees using weak passwords, password reuse, opening unsafe emails, surfing to inappropriate sites and sharing too much information publicly can all lead to a problem for an organization.  Most people think that social engineering occurs via emails using phishing campaigns.  There are many aspects to social engineering and I am going to focus on only two of them, harvesting personal information that is publically available and one on one personal encounters.

If a bad guy wants to target your organization, they can use LinkedIn and other social media sites to determine the typical employee skill sets.  With this information, they can determine the types of systems used by the organization.  They can also use it to target employees directly that can provide more detailed information on the organization.  They accomplish this by searching social media profiles to determine what interests and other organizations a targeted employee may be involved in and then they devise a plan for the chance meeting.  Next, they build a relationship and over casual conversation, are able to harvest useful information that can be used to exploit vulnerabilities in the organization’s systems.      The bad guys are great con artists, be aware of those casual encounters.

2.  Poorly Written and Unpatched Software

This has been a topic in previous newsletters, but some of the latest breaches and issues bring this to the forefront again.  The latest big exploit targets Apple, Linux and Unix operating systems.  Shellshock is the latest vulnerability in Bash (born again shell).   The flaw allows an attacker to remotely attach a malicious executable to a variable that is executed when Bash is invoked.

Organizations sometimes find they are stuck using older, unsupported applications because of some business dependency even through the original vendor may no longer exist.  This is a risk that needs to be carefully evaluated.  Organizations need to understand the risks involved with their decisions and take appropriate measures to protect older or unpatched systems.  A potential mitigating strategy could be to place a firewall between the network and the older system and only let permitted traffic through the firewall to access the vulnerable system.

3.  Third-Party Vendors

Third party vendor breaches are due to poor controls.  Dairy Queen, Lowes, Jimmy John’s, Goodwill Industries International and Target are all examples of third party vendor vector breaches.   In the Target example, hackers were able to get access to Target’s IT systems by first getting access to Target’s mechanical systems (heating, ventilation and cooling systems, HVAC) which were managed by a third party vendor.

Depending on the industry your organization operates in, vendor management may be mandated by regulatory or statutory requirements.  Even if your industry does not mandate any requirements, it is still important that you review your vendor’s internal controls.

If you use any cloud solution provider for services such as hosted email, spam filtering, remote backup solutions and collaboration tools, you should review these partner’s security controls and their financial stability.

Posted by Jack Gerbs in Recent Posts
Maximum Business Communication with the Vertical Summit

Maximum Business Communication with the Vertical Summit

A phone system is one of the most valuable communication tools a small business has at its disposable.

Despite the rise in popularity of email and text messaging, businesses still use their phones to regularly communicate with both customers and employees. While feature-rich phone systems were previously only affordable for large companies, today’s systems are designed for businesses both big and small.

Small businesses with just a few employees can now have the same phone system that is just as sophisticated and offers as many bells and whistles as those of large corporations.  The Vertical Summit is ideally suited for five to fifty users and is easily expandable to accommodate 140 users.

Stay connected, in and out of the office, with the tap of a finger or click of the mouse.  The Vertical Summit offers all of the basic features and functions of a sophisticated communications platform such as Call Transfer, Caller ID, Music on Hold, etc., and delivers advanced functions including an integrated multi-level Auto Attendant and Voice Mail with both mobile and email notification.  The Vertical Summit Communicator enables secure, single-number mobility so you can talk, text, chat and broadcast messages from anywhere, with access to other system features including corporate directories, call logs, paging, call recording, three-way calling and one-touch call transfers.

Posted by Jack Gerbs in Recent Posts