Posts

The biggest cybersecurity concerns for 2019

Cybersecurity is an ongoing concern for individuals and businesses alike. But when it comes to protecting your business, there are some unique considerations. From protecting massive amounts of data and equipment to training employees to cope with attacks, the following are some the biggest cybersecurity concerns that will impact you in 2019.

Spear phishing

Phishing is a type of social engineering where someone posing as a legitimate person or institution attempts to manipulate you out of your sensitive data. The more information that an attacker has about you, the better their chance of success. Spear phishing is the more recent and disturbing trend where hackers spend time observing you online, often breaking into your email to design a targeted phishing attack. They take information they have learned, such as who you trust and communicate with most often, and take advantage of that.

Businesses of all sizes have been targeted by spear phishing. According to the 2018 State of the Phish Report, 83% of respondents experienced a phishing attack in 2018 and credential compromise has soared 280% since 2016. When it comes to social engineering in general, and spear phishing specifically, knowledge is power. In addition to beefing up your cybersecurity, it is crucial to educate employees and institute policies in order to stay ahead of the attack. We recommend the following:

  • No financial transactions should be processed or instructed via email. If someone does send such an email, follow up with a phone call before initiating the transaction.
  • No employee personal information (such as bank information, social security number, W2, salary, etc) should ever be sent or requested via email. If someone does request this information in an email it should not be supplied to them in the same manner.
  • Turn off contact “friendly names” and photos so that you just see the email address it is coming from. For more information about why this is effective read this piece by The Internet Patrol.
  • Configure your email to make the most of the security settings available to you. For example, is it possible to indicate which emails are internal vs external? Talk to your MSP or tech support provider for assistance.

Cryptojacking

Cryptojacking is the unauthorized use of someone’s computer and resources to mine cryptocurrency. Hackers send phishing campaigns with infected links. Clicking the link infects the computer with Javascript code that auto-executes.

Cryptomining code then works in the background, while you continue to use your computer. A business network with many computers can be a tempting target for crypto miners. While it can be difficult to detect crypto mining, if you suddenly notice experience slowed network, overheating equipment, and very high electric bills, you may have a compromised network.

The best solution is prevention, and the best prevention is a dedicated IT team who can monitor your network and ensure that everything is running as it should be. If you can’t afford to hire on-site professionals consider partnering with a managed service provider.

Shadow IT apps

Shadow IT is a growing threat to cybersecurity and compliance. Shadow IT refers to any unauthorized use of software, hardware, or cloud service by employees. According to a survey by Logicalis CIO, over 98% of cloud services in use at businesses are shadow IT. Mostly chosen for productivity (Trello, Asana) or communication (WhatsApp, Skype), the issue is not necessarily the apps themselves but in their unmanaged use in the workplace.

Typically, shadow IT boils down to employees not feeling that they have all the tools that they need. Therefore, in order to address this issue, management needs to ensure that employees have access to approved tools that will address their needs. Additionally, many small businesses may not have policies in place regarding downloading software/apps. Now is a good time to implement such a policy, and to educate users on the importance of following such policies, with regards to maintaining security.

The essential components of a solid cybersecurity strategy

Businesses of every size and industry are vulnerable to cyber threats. Having a strong cybersecurity strategy in place to defend your organization against these threats, and recover quickly to avoid downtime, is an absolute must when it comes to the success of your business. Security should be one of the top priorities of senior management.

With that in mind, we have designed this simple guide to help you understand the primary threats that your business may face, as well as the solutions that are available as part of a solid cybersecurity strategy, including:

  • Cybersecurity threats defined
  • Types of Cybersecurity
    1. Critical infrastructure
    2. Cloud security
    3. Internet of Things (IoT)
    4. Network security
    5. Ongoing employee training
computer attack icon

Cybersecurity threats defined

Social Engineering – The use of deceptive methods to manipulate others into giving up personal information, data, or money.

Spyware – A type of malware that spies on your internet usage and personal information and then transmits the information to a third party for malicious purposes.

Ransomware – A type of malicious software (malware) that takes over your computer, locking it or stealing your data. It holds your computer or data hostage until a ransom is paid.

Adware – A type of malware that covers your screen or browser with pop-up ads. This software is usually unknowingly downloaded by the user when they download something else for free, such as a game.

Phishing – The practice of claiming to be a trusted person or a well-known institution in an attempt to collect personal information or money, or in an attempt to get the user to install malware. Phishing is an example of a specific type of social engineering.

Computer virus – A type of malware that replicates itself by inserting its own code into the code of other programs. Viruses can spread across networks causing rampant damage to businesses.

Data breach – An incident where data is stolen or taken from a system without the knowledge or consent of the system’s owner. Data breaches may be the result of intentional or unintentional actions by employees or deliberate, malicious attacks by outsiders.

Advanced persistent threat – If you are a larger enterprise organization, you may be at risk of an advanced persistent attack (APT). APTs typically affect organizations in sectors such as national defense, finance, and manufacturing. Their goal is to gain a competitive edge, steal information or intellectual property, etc over a longer time period than just a single breach or attack.

Types of cybersecurity

In order to address and prevent the threats listed above, it is necessary to understand that cybersecurity is not one thing, but a broad suite of tools and practices. The following are the main five components that make up the broader whole of cybersecurity.

1

Critical infrastructure

Critical infrastructure involves all of the cybersystems that society relies on, such as the electrical grid, traffic lights, water plants, national security, hospitals, and telecommunications.

If your organization is responsible for or reliant upon critical infrastructure it is vital to understand vulnerabilities and protect against them. Other organizations consider how an attack on critical infrastructures might affect them when writing and evaluating backup and disaster recovery (BDR) and business continuity (BC) plans.

2

Cloud security

As more businesses move to the Cloud, it is important not to overlook Cloud security. Cloud providers offer a range of security tools to help organizations better secure their data. One of the benefits of using the Cloud is having your data backed up to multiple locations. You also benefit from having a team of professionals on your side to help manage your Cloud security.

3

Internet of things (IoT)

Internet of Things refers to the wide network of connected devices, often the ones we don’t think of as being smart, such as printers, appliances, cameras, televisions, and more, that connect to the internet. IoT devices often include little or no security, and offer limited or no security patching, making them a security risk. With more IoT devices getting hacked, and few resolutions available, for now, it is necessary to carefully consider what devices are on the network (and why!) to avoid networking devices unnecessarily and increasing your risk profile.

4

Network security

Proactive network security is an essential element of any organization’s cybersecurity. Network security guards against malicious attacks, such as those listed above. Network security often includes the following:

  • A firewall to monitor and control network traffic.
  • Antivirus/antimalware software
  • Behavioral analytics to detect abnormal network behavior
  • Access control to limit who has control to what parts of the networ
5

Ongoing employee training

The final piece of cybersecurity is employee education. Employees are a vital part of your organization and your ability to keep your organization cyber secure. Employees are often the first target of cybercrime as they are easily accessed via email and social engineering attacks. As such, your employees should feel confident in their ability to recognize and respond to cyber threats. Employees should receive regular education regarding:

  • Safe email usage and web browsing
  • Unauthorized software (“Shadow IT”)
  • How to create strong, unique passwords
  • Understanding cyber threats
  • Understanding social engineering
  • Personal device use and any Bring Your Own Device (BYOD) policies

Your guide to working remotely without risking a security breach

In the age of the flexible workforce with more employees working remotely, are you concerned that they might pose a security risk? If the answer is yes, the following seven recommendations should help you develop a solid strategy when it comes maintaining security for remote employees.

Don’t trust WiFi

Mobile technology is a necessity of working remotely. Whether you’re working on your laptop from a local coffee shop or checking your email from your phone, think twice before connecting to the internet via unsecured public WiFi. Many mobile devices are set up to connect automatically to wifi when a connection comes within range, so we recommend turning off this particular feature. Only connect to WiFi connections that you know are secure.

Keep your devices close

Did you know that one laptop is stolen every 53 seconds? In addition to being an expensive loss for you or your company, if there is any sensitive data on the device you could be looking at steep fines related to compliance regulations.

Make sure you always keep your devices with you and lock them when not in use. Never leave laptops and other devices unattended in vehicles, or, if you must, keep them out of sight.

Turn on the “find my device” feature

Most mobile devices come with the “find my device” feature. This feature is just what it sounds like: if your device goes missing you can activate it from another device and it will help you to locate the missing device.

Use strong passwords

Always use strong passwords on your devices, and always use unique passwords for each device you have. Never share your password with anyone or write it down, and don’t use a password that could be easily guessed. When available, use multi-factor authentication. If your password is incorrectly entered or entered from a new location, this will require that you respond to notifications before allowing you to log in.

Use a VPN

If you often find yourself needing to use public WiFi connections, it might be worth looking into a virtual private network (VPN). VPNs encrypt your data, helping to keep your connection and your data secure. A VPN can also allow you to access your home or business network while traveling. For more information, check out, What is a VPN, and why would I need one?.

Consider the source

When it comes to storing or accessing data, consider the source. Be cautious of downloading files from unfamiliar persons, and always use your antivirus software to scan files from familiar sources. Never plug a strange USB drive into your computer. When traveling, be cautious of USB charging stations. These can be used to transmit malware to your device or steal data.

Use secure cloud-based services

While there are many ways to remotely access your work, the safest option is to use secure cloud-based services. When you keep your work on the cloud you can access all of your files as needed with fewer risks. Using cloud services also enables you to access your work from multiple devices, and use cloud-based apps to keep up with your work on the go.

With some employee education, clear expectations, and BYOD policies in place, you can create a safe and secure workplace– even if the workplace is remote.

What is the hybrid cloud and how can you use it?

Hybrid cloud technology gives you the advantages of using a cloud server and an on-site server. Many companies that want to use the cloud start by paying a third-party provider to access space on a public server. As companies grow, however, they find that they can also benefit from on-site servers that give them more control and security.

If you’re interested in learning more about the benefits of hybrid cloud technology, you’ll want to learn about some of the ways that other companies already use it.

Hybrid cloud technology can save your business money

Surveys show that companies plan to spend a lot of money on cloud technology over the next few years. By 2021, the hybrid cloud market’s value should reach $91.74 billion.

Despite the industry’s growth, adopting hybrid cloud technology could help your business save money. If you solely rely on private servers that you keep in your office, then you will spend a lot of money on IT infrastructure. Remember that you will need an infrastructure and server that does more than handle a normal day’s request. You need to prepare for days when you need to meet the needs of more clients than usual.

With hybrid cloud solutions, you can always use a cloud server to scale on busy days. Instead of spending more money than necessary on your personal IT equipment, you can lower your overall costs by choosing essential equipment and accessing your public server when needed.

Your employees become more productive with hybrid cloud solutions

Most companies say that they want to invest in hybrid cloud solutions so they can use more cloud-based apps.

Today’s best cloud apps improve employee productivity by automating certain tasks, improving communication and making it easier to collaborate on projects. By adopting a hybrid cloud, you give employees the opportunity to use apps remotely as well as from their desks.

The hybrid cloud improves data recovery and business continuity

No matter how well you prepare, your business could lose important data after a malware attack. A fire, flood or other disasters could also harm your data recovery and business continuity.

The hybrid cloud improves your data recovery and business continuity processes by letting you keep data stored on a third-party server.

If a fire destroys the enterprise server that you keep on your premises, the data stored on the public server stays protected. Backing up your data to the public cloud means that you can get back to work quickly instead of losing money and clients while you try to rebuild.

In fact, using the hybrid cloud could mean that you suffer zero downtime. Your clients and customers may not even notice the disruption.

You get better security from hybrid cloud solutions

Hybrid cloud solutions give you two places to store your data and business processes. While some people believe that third-party servers put them at risk of malware attacks, your enterprise server is just as likely to get attacked.

By keeping your information in two places, you protect your data from malware and hackers. For example, if your private server gets overtaken by ransomware, you can delete your files to eliminate the threat. After deleting your files, you can access them from the public server you use.

You can stay at the forefront of technology

As your hardware ages, some of its features will become outdated. You may not want to spend money replacing the equipment, but avoiding the problem could cost you more money as productivity suffers.

You know that you need to replace your equipment when the hardware can’t run the software you want and needs frequent repairs. While you safely dispose of your old hardware and replace equipment with new models, you can use your public cloud server to avoid disruptions.

Whether you use a public or private server, you should think about the benefits of hybrid cloud solutions to determine whether the technology can help your business thrive.

Hardware disposal pro tips for small business leaders

In today’s business environment, having the latest tech tools at your disposal is essential to your company’s success. Whenever you buy or lease new business hardware, though, you’ll be left with old hardware you may no longer need.

Here are a few of the steps your company should take to make hardware disposal easier, safer and more efficient.

Before hardware disposal, consider repurposing

Before you actually start the process of hardware disposal, it’s a good idea to consider repurposing some of your old hardware.

Servers and workstations can often be repurposed for new tasks with only minimal upgrades. Laptops, however, are generally not seen as economical candidates for repurposing.

As a rule, repurposed hardware is best put into auxiliary roles, such as providing extra data storage. You could also reassign it to departments that require less specialized hardware. Be aware that your hardware may need some basic maintenance and repair before being repurposed. You should take that cost into consideration when deciding between repurposing and hardware disposal.

Preparing for hardware disposal

Once you’ve repurposed what you can, it’s time to prepare for the actual process of hardware disposal. Securely destroying or otherwise disposing of hardware requires some forethought.

To prepare your hardware, you need to start with data security. We recommend completely wiping the hard drive of any computer, tablet, smartphone or server you plan to retire. Leaving data on your hardware for possible attackers to find can lead to a major network security data breach. Do what you can to defend yourself before you do any hardware disposal.

For workstations and laptops, you can use special functions built into all Windows and Mac operating systems to erase your data. Decommissioning servers is a bit more complicated. The process will vary depending on the software that is running on your servers.

Removing data from your hardware is critical to ensuring you don’t run into cybersecurity problems down the road. You also need to be sure that any important data has been properly saved for future use.

Be sure that all data from laptops and workstations has been backed up. Also, migrate the data from your old servers to the new servers before the old ones are wiped. Many businesses today choose to migrate their server data to the cloud. If you plan to go this route, it’s important to find a good cloud services provider. Pay attention to fast transfer speeds, security and overall customer service.

Consider donating your old hardware

A great way to handle hardware disposal to donate retired equipment it to a nonprofit organization.

There are some nonprofits that take donated computers and give them to low-income families. Other charitable organizations find themselves in need of computer hardware for basic administrative functions.

If you need to dispose of laptops or workstations, giving them to a worthwhile charity is a great option.

The hardware recycling process

Electronic waste from hardware disposal can be extremely harmful to the environment. For this reason, it’s a good idea to have your old hardware recycled.

E-waste recycling and reclamation centers can be found in every state. These are the best places to take old hard drives, computers and other electronic waste products.

Although most people think of hardware recycling only in terms of old computers, some specialty recycling companies can also recycle servers. Before handing your old hardware over to a recycling center, though, do some research to be sure the company is legitimate. In recent years, reports of recycling scams in which e-waste is ultimately deposited in landfills have become increasingly common.

4 reasons SMB owners should use managed IT services

As a small business owner, you wear many hats and have a wide range of skills. Unless you’re an IT guru, however, you probably have someone else take care of your IT needs. For many, that means keeping an IT person on staff or paying for hourly help, two less than perfect solutions.

If you’ve thought about managed IT services but haven’t pulled the trigger yet, here are four things that you should consider.

“. . . establishing a strong, strategic partnership with your MSP is essential.” – CIO

1. Cost

Small business owners worry about the cost of everything. You have to in order to keep your business running. Managed IT services may sound expensive but, in reality, they can offer you significant savings.

Businesses that switched from paying an hourly rate for IT to managed services saw their costs drop by up to 50% or more. 13% saw that level of savings, while 46% saw savings by 25% or more. A quick analysis of your expenditures and a consultation with a managed IT services provider (MSP) will reveal how much you can potentially save.

2. Security

Choosing managed IT services leads to better cybersecurity for your data. As you are painfully aware, hackers are growing more skilled at illegally accessing data. In the first three months of 2017, for instance, 950,000 records, including sensitive data, were accessed by outsiders, putting companies and their clients at risk.

By making the shift to a managed IT service provider, your company data will gain the protection of more sophisticated cybersecurity measures, making it less likely your data will be stolen.

“71% of SMBs are not prepared for cybersecurity risks.” – TechRepublic

3. Fast repairs

When your computers go down, your productivity can slow to a crawl or stop entirely. You can end up paying your employees for a day when they can’t get anything accomplished.

The cost of downtime can be monumental when you combine the lack of production and the harm to your reputation. In some instances, a company can lose approximately $84,000 for every hour their system is down. Even a one-person shop can sustain serious financial losses.

Managed IT services providers can immediately begin working on your IT problems. Because your MSP knows your system, they can quickly diagnose and address problems. An MSP can also identify other potential issues that might cause problems in the future.

4. Recovery

If your small business manages its own IT, you know that adequately backing up your system can be challenging. If your system crashes and burns, recovering your data can be costly. In fact, every year, 140,000 hard drives crash in the United States alone. Paying for a recovery attempt can cost approximately $7,500 for a service that may not be successful.

Any kind of data disasters can seriously harm your business. In fact, in the months immediately after a data disaster, 60% of companies go out of business.

Managed IT service providers make sure your data is backed up and easily recoverable. A disaster on-site at your business doesn’t have to cause long-term damage.

“With an MSP . . . you get to bring in the big guns and benefit from the resources and experience of a company focused solely on IT.” – Forbes

Are managed IT services right for you?

Managed IT services make sense for small business owners on a number of fronts. You can improve your bottom line by utilizing affordable, reliable outsourced IT help.

And really, that’s what it’s all about—equipping you to run your business as effectively as possible. If managed IT services help, then it’s worth your time to talk to a few managed IT services providers and see what options are available.