SMB Cloud Migration: Three Essential Tips

For small- and mid-sized businesses (SMBs) of every kind, cloud technology has made an enormous impact. But before you upload all your assets to the cloud, it’s a good idea to step back and take a look at some of the common pitfalls which could drastically impact your operations.

First and most important, implementing cloud technology into your business operations does not eliminate the need for on-site information technology (IT) – physical equipment housed in a reliable physical environment with solid uptime. The main reason why is that the cloud changes expectations and demands. With the cloud, your employees will come to expect new features and capabilities. This strains bandwidth, reliability and scalability. And to think that simply connecting all the computers in your company to the web isn’t going to cut it. A modern infrastructure requires upgrades like highly reliable IT hardware and effective thermal management that scales up in tandem with new cloud-based demands.

It seems a bit confusing that when everything is stored on the web your company requires an upgrade to your infrastructure, but it comes down to reliability. The cloud can quickly overwhelm outdated racks, cooling and backup systems and bring your company to a standstill. The most vital upgrade is an uninterruptable power supply (UPS) and cooling system to make sure the heat generated can exit the IT environment. Reducing heat is the first line of defense for any on-site IT operation.

The next consideration is hardware flexibility. A modern network infrastructure needs to be easily upgradable as the cloud becomes more robust. A network infrastructure that’s currently 10 years old will not be compliant with a cloud-centric system in 10 years. An outdated network that does not allow employees to maximize the potential of cloud services limits a SMB and its ability to compete effectively in the marketplace.

A common misperception about the cloud is you don’t need local servers or hard drives. The truth is SMBs still need local storage. One reason is data sovereignty laws which require companies to store sensitive information – and lots of it – locally. Additionally, the “Cloud to the Edge” trend means that having hardware and storage closer to the end user actually makes cloud applications snappier. The cloud may actually increase the amount of hardware you have on site.

In order to fully maximize the power and promise of cloud technology, the physical infrastructure of your SMB IT department is even more vital to maintaining a competitive advantage. Racks, cooling, power and management software all need to be upgraded to ensure uptime and quick access to both cloud and local data and applications.

Law Firm Faces Negligence Class Action Lawsuit Alleging Poor Cyber Security

A Chicago law firm faces a lawsuit alleging they failed to properly protect sensitive client information.  Johnson & Bell faces a class action citing JBoss, VPN, and SSL vulnerabilities.  Interestingly, according to the filing, there was no evidence of compromise but the suit claims the firm could have been easily penetrated.

How many other law firms could face similar legal actions for allegations of poor cyber security practices? This could be a significant issue for legal firms of all sizes across the country.

LP3 is watching this case carefully; we ensure that our clients are implementing sound cyber security practices based on NIST and CIS Top 20 best practices.

Visit or email for a comprehensive vulnerability and business risk assessment.


Another Hospital Breach…not a Surprise Unfortunately

A few questions:

  1. How exactly did the third-party get compromised? What network segmentation was in place or not?
  2. How much is the breach going to cost Sentara?
  3. Did Sentara conduct any cyber security due diligence with the third-party vendor? Vulnerability assessments? Monitoring?
  4. How was the breach detected? Did Sentara detect it?  Or were they notified from elsewhere? What worked? What didn’t work?

It’s critically important to work closely with HIPAA/HITECH business associates on a technical cyber security level since the hackers will take advantage of the weakest link in the connected IT systems.

Heck…with any business associate…Target was compromised through an HVAC vendor.   If the company networks are connected, they need to be under continuous monitoring and vulnerability tested at least annually.

What to Do When Your Business is HACKED!

“We’ve been hacked! What did we lose? We don’t know yet. When did it start?  We don’t know that yet either.  What do we do next?  Who do we contact FIRST?”

  1. FBI
  2. Attorney
  3. IT Provider
  4. Cloud Provider
  5. Clients or Customers

Making this decision in the heat of a crisis is not ideal.  To minimize business impact and cost, do you know exactly what to do when your business gets hacked?

The right answer? B. Attorney. Getting legal help immediately is the correct answer in most situations. One big reason is attorney-client privilege; you and your attorney control information release and can shape the messaging. Secondly, breach notification requirements vary based on location. Careful compliance assessment and prompt action can avoid significant penalties.

Obviously, your IT staff will also assess the situation in parallel.  Some businesses choose to recover as quickly as possible—an approach that can leave your operations vulnerable to the same attack. Professional cyber security support may be required to determine root cause and identify mitigations to prevent future attacks.

To prepare effectively, get help. Do you have an Incident Response Plan?  If not, LP3 can help. Contact LP3 for a comprehensive vulnerability and business risk assessment.


How Much Will Idle Staff Members Cost Your Business Per Day?

10 Tips on avoiding Ransomware

We are going to be covering each aspect of the ransomware attacks, from prevention to recovery over the next few posts. Today, we are focusing on how to AVOID the attacks in the first place. None of this is “full proof” but it is at least a heavy step in the right direction.

If you have questions on how to protect your organization from business disrupting cyber attacks, contact