Posts

Showing posts from 2018

Cyberattacks and the vulnerability of the small business

Image
   Cyberattacks and the vulnerability of the small business   You cannot go a day without reading about some big name company or even government agency being hacked and critical data being compromised. What you don’t see in the media is that most of the attacks happen to small firms, and that this is where a lot of the cybercrime is occurring. What any business, but especially a small business, needs to be afraid of are cyber attacks that disable your operations, disrupt customer interaction, or breach your customer’s personal data. Contrary to what one might expect, smaller firms are far more likely to be targets of hackers than large firms. They are also likely to have less sophisticated security measures in place. Any firm’s existence can be threatened by these events, but smaller firms are often unable to rebuild after a major breach. Studies show that customers are less forgiving of smaller firms than larger ones when their personal data has been compromised. The lesson here i

Denial is not a solution: Something you owe your customers and your employees

Image
    Denial is not a solution: Something you owe your customers and your employees   Why do so many people procrastinate about making a will? Why is it so hard to get young people to buy health insurance? Because it is one of those “probably won’t happen--at least in the foreseeable future, and I‘ve got more interesting things to worry about or spend my money on” issues.   Small business owners tend to take the same approach to making business continuity plans in case of a disaster. They are usually fully consumed just running the business and keeping revenues steady and growing. Diverting energies and resources to a “what if” scenario just isn't an imperative.   There are affordable, effective tools out there that will allow any smaller firm to develop effective business continuity plans, but they only work if you take action. Our best advice to overcome denial? Think of this scenario: If something happened right now and your entire operation came to a halt because of a cyber atta

Limited investment capital and planning for trouble

Image
    Limited investment capital and planning for trouble   Small businesses often fail to take the time to make business continuity plans. One aspect of a business continuity plan involves developing plans to handle the loss of physical infrastructure and hardware. Unfortunately, smaller and younger firms often fail to address these issues because they lack the necessary capital to invest in additional or supplemental equipment. Redundant servers, battery back systems or uninterruptible power supplies, and data backup systems that allow for offsite backup storage are the most obvious examples.   These can represent considerable capex for a small firm. However, these costs need to be weighed against the costs that would be incurred if a severe business interruption occurred. Encouragingly, new technology is creating tools for redundancy and data protection that don't require additional hardware investments. The cloud is probably the single biggest savior for small businesses looki

Data Protection Laws and PIIs

Image
    Data Protection Laws and PIIs   Last week we discussed the overall concept of “Data Protection Laws,” which govern the handling and securing of specific data. While these laws are wide ranging, most of these laws reference Personally Identifiable Information (PII) This “refers to information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other personal or identifying information that is linked or linkable to a specific individual.” ( https://www.gsa.gov/portal/content/104256 ) For example, if you possess an individual’s first initial and last name and store it with their credit card number, bank account, SSN or driver’s license number, that becomes a PII.   At the Federal level, the United States doesn't have any overarching and comprehensive data protection laws of the sort that most European nations do, but they do exist and primarily affect individual sectors, such as healthcare. Presently 48 states in the US have some

Are you subject to Data Protection laws?

Image
    Are you subject to Data Protection laws?   This blog introduces a new topic that many may be unaware of: Data Protection laws. These are laws that define fully, or in part, what type of data is covered by government regulations, proscribe general standards for the securing of covered data, and may also require notification of victims and governmental authorities in the event of a breach. Small businesses, no matter what product or service they provide, are likely subject to some manner of regulations regarding the storage and use of digital data. For instance, any medical office or organization that handles medical records is subject to HIPAA, the federal law regarding health data privacy. Meeting IT regulations can be expensive and time consuming and they also require timely upgrades. Failure to stay up to date can lead to fines, penalties, and a damaged reputation.   Chances are, you are subject to some data protection or data security laws. You are also very likely to be subje

Ransomware Part II

Image
    Ransomware Part II   In our last blog, we explained what ransomware is, and why it can be an especially troublesome virus. Today, let’s look at what you can do to avoid falling victim.   Prevention is the best cure. Follow standard “data hygiene” principles that you probably hear about all of the time. Update your OS, software, and apps whenever a new release or patch is released. Do this ASAP. Some patches may be released solely as a result of the discovery of a vulnerability. Watch out for phishing scams. If anything looks “off” about an email, don’t open it. And never open links you aren't totally sure of. If unsure, email back to the sender to verify they actually sent you a link. Unfortunately, human error is one of the biggest problems for data security. Employees unwittingly open links received via email or download information from insecure websites.   Beyond prevention, the most important thing you can do to make sure your data cannot be held ransom is strictly adher

Ransomware part I

Image
    Ransomware part I   The daily reports of cybercrime are important reminders about the need to protect your business from malicious behavior that could threaten the success of your business. There are so many different things that can attack your computer, steal your data, and wreck your day. One of the most troublesome has been the development of ransomware. (FYI. Ransomware isn’t actually all that new-- some version has been around for decades)  Ransomware is a type of computer virus that takes your data hostage and like any kidnapping scheme, demands money for the release of your data.   Why is ransomware so nasty? Because it steals the most important thing your business possesses. Data. Worse, once infected there isn’t generally a way out. No one can “disinfect” your machine. You aren't going to be able to call in IT support to solve the problem. Basically, you have three options. Pay the ransom. This payment is usually via credit card or bitcoin (a digital currency). So

Humans cause so much trouble

Image
    Have you been focusing on software packages and anti-virus tools to protect your data from hacking? That may not be enough, because it overlooks one of the biggest causes of security breaches. All of the security software and expertise in the world is useless if you or your employees don't remain vigilant about their behavior as it relates to hacking scams and data security. Human error remains  the  biggest cause of security breaches and data loss at almost all companies, large or small. We just can’t remind you enough that you need to develop a culture of security among all of your employees. Changing passwords frequently, not sharing passwords, and learning to recognize and avoid opening nefarious emails are the top three lessons you need to reinforce with your employees. And don’t make it a once-in-a-while memo, make it part of your office culture, with ongoing reminders, links to articles explaining phishing scams, and routine reminders to change passwords. Contact your MS

The most boring topic Ever

Image
    Yes, today’s blog is about office phone systems. You have one. They are dull, necessary, and no one wants to deal with them. They need to be re-configured for new employees, they’re confusing, and the telco lines probably cost you more money than you'd like. Like everything else, office phone systems began transitioning to fully online/digital well over a decade ago. The proper term is “ Voice over Internet Protocol” or "VoIP." In a practical sense, it means that your phone lines are no longer coming in over traditional, “plain old telephone” lines, or other standard protocols from the 1960s to the 2000s. Instead, voice signals are now being carried to your phone from the telco via the internet, such as your broadband connection.   Why do this? There are a few simple benefits. You cut the higher landline charges, especially for international calls Old fashioned systems are becoming obsolete, and parts aren't available You don't need 2 separate cabl

The Cloud: what do you get?

Image
    The cloud refers to using off site computing resources and storage to supplement or even replace the use of on-site/in-house resources. Instead of buying hardware and software to support your business, you are basically outsourcing this set of tasks. There are 4 benefits for the small firm and today we will look at the first 2. Elasticity - With onsite computing, if you need additional capacity you have no choice but to purchase that capacity in discrete steps, which means bearing the costs of being over-capacity for a period of time until growth catches up. Onsite computing also means you must have the capacity to handle your own peak computing and storage demands, and resources may go underutilized much of the time. The cloud allows complete elasticity in the utilization of computing resources. You buy only what you need, as you need it. You can grow or downsize as the business demands. Pay as you go - On-site hardware involves significant capital expenditures. The cloud allows y

What the cloud means for you–Part II

Image
    Recently, we talked about ways the cloud brings value, business protection, and economies of scale to the smaller firm that they could never achieve by themselves. Today, we look at a final benefit of the cloud. Protection against on-site disaster - If a disaster strikes your physical business location, on-site resources can be damaged, destroyed, or become inaccessible for a period of time. Even if it isn't a major disaster, if you have a failed server your business could be down for an extended period. When everything occurs in the cloud, you are vaccinated against this type of business calamity. You can still access and use computing resources from anywhere. In summary, left entirely on its own a small firm just does not have the resources and capital to fully support its own technology infrastructure. The cloud turns that upside down, enabling firms to enjoy the benefits of a fully supported tech foundation without levels of expenditures that are just not feasible for small

The Cloud means no more stormy weather

Image
     Many small firms are pretty busy handling their own business, and don’t give much thought to what they would do if a natural disaster from a bad snowstorm to much worse hit their physical location and cut power, or physical access to the building. What if the equipment storing all of your data and software needed to run day to day operations became inaccessible? What would happen to your ability to continue to serve your clients or customers?   Though we call it the cloud, with images of gray skies and rain, the cloud can be a ray of sunshine. It is an excellent and cost effective resource for smaller firms to make sure they maintain 24/7 access even in bad weather. Because everything is maintained off site, you can (1) bypass disruption or damage that may have occurred at your physical site, and (2) access what you need to keep your business functioning from any remote location. Small firms need to realize they are most vulnerable to business disruptions, as they have less capita

Your front door is talking

Image
    If you've been following the news, the Internet of Things is getting increasing attention. You’re probably also thinking this is some Silicon Valley fancy thing that will take years to reach the rest of us.   Not really. You probably already have some items of your own tied into the Internet of Things.   First of all, what is the I of T? Simply, it is any object that collects data about itself or its surroundings, and then transfers that data across a network to some other object, which can then make use of that data. For example, if you have a baby monitor that sends crib pictures from upstairs to your phone, you're tied into the I of T.   But what about business people? Where is it showing up in the workplace? You may have security cameras tied to a network where they can be monitored by a PC or phone. A front door lock that can be remotely opened via phone. A thermostat that can changed by the same phone. Internal lights that go on when you phone approach. All of these a

NPO’s and volunteer security nightmare

Image
    Not-for-profits have an unusual issue regarding security. Firms that have trained, paid full-time employees have a strong level of control over the actions of their workers. NPOs, however, may rely heavily on volunteers whose time in the office may be minimal and sporadic. You may feel grateful for their dedication and be less likely to subject them to rigid security training. Also, a threat of punishment for those who make inadvertent errors that create security risks isn't going to be acceptable in the “volunteer” environment.   Though it may seem a waste of precious volunteer time, you need to consider implementing ongoing training and reminders to all volunteers about what they can do to protect your data and digital infrastructure. The 2 most common human errors are falling for phishing scams and bringing storage devices to your office and introducing them to laptops and other devices. Think of the volunteer who creates a brochure for you in their home office, then downloa

Security and your sub-contractors

Image
    So you feel relatively comfortable that you have created cyber security around your data and your employees are trained to avoid security errors in their day-to-day business ( a MAJOR source of security breaches, by the way.) However, you may be overlooking one area where you are exceptionally vulnerable. What protection do you have from those you do business with? If you are a manufacturer, for example, you may have several vendors who provide components and raw materials. How careful are they about data security? Smaller producers and service providers may perceive themselves as not being a likely hacker target, which is incorrect. Small firms are significant targets for data hacking because they have access to larger firms. They can provide a “digital backdoor” to the firms they sell to.   You need to work closely with all of your vendors to ensure that they are as serious about protecting their systems as you are. If you share digital information with your subcontractors, you o

Cyber Crime and Security for SMBs

Image
    Did you know the illicit trading of personal data was worth $3.88 billion last year? Cybercrime is a growing industry known for its innovation. It goes far beyond the image many of us have of some hacker kid in his basement. Many who engage in this activity are professionals and work in large teams. Some may even be sponsored by governments. If you follow the news, you can find large corporations and even government agencies who have fallen prey to hackers and had massive amounts of data compromised. Unfortunately, this has led smaller firms to feel they fly below the radar. In fact, the opposite is true. Small businesses-especially those in regulated areas such as medical, financial, and legal services-need to be hyper vigilant about security. The cybercriminals' professional efforts will outdo your amateur efforts at security.   As a small business, you are vulnerable for two reasons. First, serious hackers see small business as entrances into larger entities. Small firms tha

Government regulations

Image
     Any business that stores customer payment information must comply with a number of state and federal regulations. The legal, healthcare, and financial sectors have a number of laws tailored specifically for them (such as HIPAA or CISPA). If you run almost any kind of professional practice or agency you probably have very specific data security requirements. Running afoul of these regulations puts you at risk for legal action and probably means that you have bad security in place.   As a professional, your focus needs to be on your clients and running your firm. Regulatory requirements to ensure data security can be complex and include rigorous testing requirements. Ensuring compliance with the regulations can be a serious distraction for you and take you into territory where your experience is limited.   One of the best solutions is to work with a third party who has strong credentials in the area of regulatory compliance and data security. When you are working with a third party

Higher goals get dragged down by Tech: The NPO story

Image
    If you are a smaller Not-for-Profit, it is likely that your organization has been driven from its inception by individuals strongly motivated with a passion for their cause or humanitarian goal. As a result, it is also possible that the leadership has little interest in developing the administrative technology infrastructure that is necessary for any organization to function in the internet age.   Failure to understand and focus on technology can damage an organization's growth and success. However, NPO leadership has to be laser focused on the day-to-day struggles of the organization such as seeking funding, keeping the doors open, and pursuing the mission. As a consequence, technology infrastructure may be cobbled together as an afterthought; resource limitations may lead to short term tech decisions that can be wasteful and more expensive in the long term.   An NPO, with its tight budget margins, is an excellent example of an organization that could benefit from outsourcing

Password basics people still ignore

Image
    You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are careless with passwords.    Change Passwords - Most security experts recommend that companies change out all passwords every 30 to 90 days. Require passwords that mix upper and lowercase, number, and a symbol. Teach employees NOT to use standard dictionary words ( in any language), or personal data that can be known, or can be stolen: addresses, telephone numbers, SSNs, etc. Emphasize that employees should not access anything using another employee's login. To save time or for convenience, employees may leave systems and screens open and let others access them. This is usually done so one person doesn't have to take the time to logout and the next take the effort to log back in. Make a policy regarding this and enforce it. If you see this happening, make sure they are aware of it. These are just a few basic pa

The Cloud: Are there security issues

Image
    The Cloud: Are there security issues?   For many, the idea of offloading their data to another physical/virtual location can seem like a security risk. It seems counter intuitive that moving data away from “ home” is safer. But is that really true? Any server stored at your location is probably more physically vulnerable than one protected in a large server farm. If you had a fire, flood, or other physical damage that included damage to your server, what would be the result? Also, are your backups stored on–site? If a major event damaged your entire physical location, those backups would be also lost.   There is a second reason the cloud may be safer: security. All of your data, no matter where it is located, may be vulnerable to cyber attacks and data breaches. However, cloud storage providers probably offer some of the most sophisticated security projection available. It is unlikely that a small or even mid-sized firm has the internal resources and research capacity to maintain a

How the cloud saves smaller firms money

Image
   How the cloud saves smaller firms money   OK. You pay someone to store all of your data in the cloud, as opposed to keeping it on your own server and backing it up. And you pay on an ongoing basis. How is that possibly going to be cheaper than just making a one-time investment and keeping it your self?  Let’s count the ways:   (1)  You lose the hardware expense –a capital expenditure cost. (2)  If that hardware fails, you are out in the cold.  (3)  Someone has to maintain that hardware. In house IT labor is expensive.  (4)  If you need more capacity, you have to ramp up at a tiered level, which means you may need to buy capacity you don’t presently need  (5)  All of that hardware runs on software, which costs money  (6)  All of that software needs to be installed, updated, etc. (see # 3)  (7)  All of that hardware and software has to run 24/7. Are you large enough to pay for in house monitoring and support 24/7? (See again #3)  (8)  All of that data has to be protected with security

Data regulation and our business: You are probably regulated these laws

Image
    Data regulation and our business:  You are probably regulated these laws   Small firms are probably aware that there are laws regulating the handling of data, but they probably assume that these apply only to larger firms and that they are too small to have any data that is worthwhile or protected under state/provincial or federal laws. Think again. Data protection laws generally worry about the content of your data, not the volume of it. That is, you don’t need to have “tons” (not the technical term) of data to be to regulated by data privacy laws. If you maintain personally identifiable information (PII) you may be regulated by these laws which may include penalties and fines for non-conformance. PII means you store a person’s first name/initial, last name and then link it to another piece of personal information, such as, but not including:   Social Security Number Driver’s license, or state ID Passport Some financial account number, e.g. credit/debit card, checking account, etc

A security hack doesn’t have to mean the end of your company

Image
    A security hack doesn’t have to mean the end of your company   Statistics are showing that each year over 50% of small firms are victims of a cyber attack or data breach. Why does this matter? Most smaller firms have not prepared business continuity plans to keep their IT infrastructure going in the event of an attack. Failing to do so often leads to the failure of the business. Delaying the creation of a business continuity plan is a bit like a younger person delaying writing a will, on the grounds that they are not likely to die soon. That may be true, but if the worst occurs the consequences can be severe for their heirs.   If the chance of a breach that could compromise your data or cripple your IT infrastructure is over 50%, there is every reason to immediately develop plans for how your business could maintain operation in the event of an attack on your IT systems.   This is an effort that shouldn’t be delayed. Contact ABS Information Systems to help you develop a complete an

Don’t steal… It isn’t nice and makes you vulnerable to security hacks

Image
    Don’t steal… It isn’t nice and makes you vulnerable to security hacks   Don’t steal. It isn’t nice. And... it make you extremely vulnerable you security hacks if you “steal” software packages. Smaller firms often will use unlicensed software packages to save money. This is especially true if they only need a program for a specific task. Aside from the legal and ethical issues involved here, there is a very selfish reason not to do this. Software providers are constantly sending users updates to their programs, and those updates aren’t just about features. They include fixes to security holes and protections against specific new viruses that have been discovered. So, the longer you have an old, outdated software program on your PC or laptop, the more vulnerable you become. Is it really worth saving $200.00 when your entire business’s IT infrastructure could be put at risk? We suggest not.

Cybercrime: In-house protection that only YOU can provide

Image
    Cybercrime: In-house protection that only YOU can provide   From the political world to the corporate, all we hear about is hacking, hacking, hacking. Everyone gets hacked, data is stolen, etc. So, the cry goes up for better security protections for everyone's data. Firewalls, virus software, etc., etc., etc.   Want to know one of the best ways to protect your data? Train your employees to stop opening any emails or links unless they absolutely know they are safe. Scam emails that try to trick you into opening a link to a bogus site, or worse, trick you into providing your password or ID for a known site are exceptionally effective ways for hackers to get into your internal system and compromise data. Yes, ransomware is a serious issue, and malware is out there, but employees naively opening phishing emails remain one of the biggest risks to data security. Talk to your employees on an on-going basis and provide training and tips on how to ID phishing scams

VoIP: A money saving solution for your company’s technology backbone

Image
    VoIP: A money saving solution for your  company’s technology backbone   When small business managers think about their IT infrastructure, they think about their employee’s mobile devices, cabling, Wi-Fi, laptops, a printer, and Internet connectivity. These are the basics of their IT infrastructure. However, there is one other aspect of a modern corporate IT infrastructure and that is an internal phone system that can connect “voice” over the internet, rather than traditional copper wires. Once upon a time, every office had an internal phone system that connected to the world via wire/cable/fiber. That wire/cable/fiber then connected a person in your office to a person somewhere else via the local phone company and a long distance carrier. And they did it for a per minute fee. And a very high per minute fee if you called internationally.   A VoIP phone system eliminates the phone company’s per minute connection, sidestepping them and running the voice call over the Internet.    Talk

SAFETY PUP SAYS Update

Image
    SAFETY PUP SAYS…. Update    One thing smaller firms and individuals are often reluctant to do is download updates to their operating systems and individual apps and programs. Why? Well, because it takes time and you have to reboot the device. Other reasons are a fear that the newest update will have a bug and cause problems. The perception is that it is better to wait a few weeks. Finally, there is a fear that anytime you update a program or OS, something always starts acting weird. All of these may have a certain legitimacy. Even procrastination has its defenders. But why should you download updates ASAP? Because they are not only about new features and a new gadget - they include patches to security issues that have been identified. One of the easiest ways to protect yourself from hacking malware and other nefarious online viruses is to always update your software. Do it the day the update comes out, because it may be released specifically due to the discovery of a brand new malw

With Ransomware, The ONLY Cure Is Prevention

Image
    With Ransomware, The ONLY Cure Is Prevention   It just keeps showing up in the news. Ransomware seems to just not come to an end. If you haven't heard, ransomware is a particularly nasty virus that freezes access to your data and then demands a ransom, usually in bitcoin. The worst thing about it is that once you are hit, there is almost nothing you can do. There are only 2 options: don't pay the ransom and lose your data, or pay it. There is no "downloadable" fix. You are stuck. With ransomware, the ONLY cure is prevention.   In the case of ransomware you need to be constantly updating your data and securing it in isolation from your network. Even then, if your backup system overrides your older data each time it backs up, you can actually save the virus if it has infected your system at the time of the backup. To make sure you are as protected as you can be, we strongly recommend you contact a technical security expert to consult on the best way to protect again