You, the CEO of a small business, are under attack. Right now, extremely dangerous and well-funded cybercrime rings in China, Russia and the Ukraine are using sophisticated software systems to hack into thousands of small businesses like yours to steal credit cards, client information, and swindle money directly out of your bank account. Some are even being funded by their own government to attack American businesses.
Don’t think you’re in danger because you’re “small” and not a big target like a J.P. Morgan or Home Depot? Think again. 82,000 NEW malware threats are being released every single day and HALF of the cyber-attacks occurring are aimed at small businesses; you just don’t hear about it because it’s kept quiet for fear of attracting bad PR, lawsuits, data-breach fines and out of sheer embarrassment.
In fact, the National Cyber Security Alliance reports that one in five small businesses have been victims of cybercrime in the last year – and that number is growing rapidly as more businesses utilize cloud computing and mobile devices, and store more information online. You can’t turn on the TV or read a newspaper without learning about the latest online data breach, and government fines and regulatory agencies are growing in number and severity. Because of all of this, it’s critical that you have these 7 security measures in place.
1. THE #1 SECURITY THREAT TO ANY BUSINESS IS…
You! Like it or not, almost all security breaches in business are due to an employee clicking, downloading or opening a file that’s infected, either on a web site or in an e-mail; once a hacker gain’s entry, they use that person’s e-mail and/or access to infect all the other PCs on the network. Phishing e-mails (e-mails cleverly designed to look like legitimate messages from a web site or vendor you trust) is still a very common occurrence – and spam filtering and anti-virus cannot protect your network if an employee is clicking on and downloading the virus. That’s why it’s CRITICAL that you educate all of your employees on how to spot an infected e-mail or online scam. Cybercriminals are EXTREMELY clever and can dupe even sophisticated computer users. All it takes is one slip-up; so constantly reminding and educating your employees is critical.
On that same theme, the next precaution is implementing an Acceptable Use Policy (AUP). An AUP outlines how employees are permitted to use company-owned PCs, devices, software, Internet access and e-mail. We strongly recommend putting a policy in place that limits the web sites employees can access with work devices and Internet connectivity. Further, you have to enforce your policy with content-filtering software and firewalls. We can easily set up permissions and rules that will regulate what web sites your employees access and what they do online during company hours and with company-owned devices, giving certain users more “freedom” than others.
Having this type of policy is particularly important if your employees are using their own personal devices and home computers to access company e-mail and data. With so many applications in the cloud, an employee can access a critical app from any device with a browser, which exposes you considerably.
If an employee is logging into critical company cloud apps through an infected or unprotected, unmonitored device, it can be a gateway for a hacker to enter YOUR network – which is why we don’t recommend you allow employees to work remote or from home via their own personal devices.
Second, if that employee leaves, are you allowed to erase company data from their phone or personal laptop? If their phone is lost or stolen, are you permitted to remotely wipe the device – which would delete all of that employee’s photos, videos, texts, etc. – to ensure YOUR clients’ information isn’t compromised?
Further, if the data in your organization is highly sensitive, such as patient records, credit card information, financial information and the like, you may not be legally permitted to allow employees to access it on devices that are not secured; but that doesn’t mean an employee might not innocently “take work home.” If it’s a company-owned device, you need to detail what an employee can and cannot do with that device, including “rooting” or “jailbreaking” the device to circumvent security mechanisms you put in place.
2. REQUIRE STRONG PASSWORDS AND PASSCODES TO LOCK MOBILE DEVICES.
Passwords should be at least 8 characters and contain lowercase and uppercase letters, symbols and at least one number. On a cell phone, requiring a passcode to be entered will go a long way toward preventing a stolen device from being compromised. Again, this can be ENFORCED by your network administrator so employees don’t get lazy and choose easy-to-guess passwords, putting your organization at risk.
3. KEEP YOUR NETWORK AND ALL DEVICES PATCHED AND UP-TO-DATE.
New vulnerabilities are frequently found in common software programs you are using, such as Adobe, Flash or QuickTime; therefore it’s critical you patch and update your systems and applications when one becomes available. If you’re under a managed IT plan, this can all be automated for you so you don’t have to worry about missing an important update.
4. HAVE AN EXCELLENT BACKUP.
This can foil the most aggressive (and new) ransomware attacks, where a hacker locks up your files and holds them ransom until you pay a fee. If your files are backed up, you don’t have to pay a crook to get them back. A good backup will also protect you against an employee accidentally (or intentionally!) deleting or overwriting files, natural disasters, fire, water damage, hardware failures and a host of other data-erasing disasters. Again, your backups should be AUTOMATED and monitored; the worst time to test your backup is when you desperately need it to work!
5. DON’T ALLOW EMPLOYEES TO ACCESS COMPANY DATA WITH PERSONAL DEVICES THAT AREN’T MONITORED AND SECURED BY YOUR IT DEPARTMENT.
The use of personal and mobile devices in the workplace is exploding. Thanks to the convenience of cloud computing, you and your employees can gain access to pretty much any type of company data remotely; all it takes is a known username and password. Employees are now even asking if they can bring their own personal devices to work (BYOD) and use their smartphone for just about everything.
But this trend has DRASTICALLY increased the complexity of keeping a network – and your company data – secure. In fact, your biggest danger with cloud computing is not that your cloud provider or hosting company will get breached (although that remains a possibility); your biggest threat is that one of your employees accesses a critical cloud application via a personal device that is infected, thereby giving a hacker access to your data and cloud application.
So if you ARE going to let employees use personal devices and home PCs, you need to make sure those devices are properly secured, monitored and maintained by a security professional. Further, do not allow employees to download unauthorized software or files. One of the fastest ways cybercriminals access networks is by duping unsuspecting users to willfully download malicious software by embedding it within downloadable files, games or other “innocent”-looking apps.
But here’s the rub: Most employees won’t want you monitoring and policing their personal devices; nor will they like that you’ll wipe their device of all files if it’s lost or stolen. But that’s exactly what you’ll need to do to protect your company. Our suggestion is that you only allow employees to access work-related files, cloud applications and e-mail via company-owned and monitored devices, and never allow employees to access these items on personal devices or public WiFi.
6. DON’T SCRIMP ON A GOOD FIREWALL.
A firewall acts as the frontline defense against hackers blocking everything you haven’t specifically allowed to enter (or leave) your computer network. But all firewalls need monitoring and maintenance, just like all devices on your network or they are completely useless. This too should be done by your IT person or company as part of their regular, routine maintenance.
7. PROTECT YOUR BANK ACCOUNT.
Did you know your COMPANY’S bank account doesn’t enjoy the same protections as a personal bank account? For example, if a hacker takes money from your business account, the bank is NOT responsible for getting your money back. (Don’t believe me? Go ask your bank what their policy is on refunding you money stolen from your account!) Many people think FDIC protects you from fraud; it doesn’t. It protects you from bank insolvency, NOT fraud.
So here are 3 things you can do to protect your bank account. First, set up e-mail alerts on your account so you are notified any time money is withdrawn. The FASTER you catch fraudulent activity, the better your chances are of keeping your money. In most cases, fraudulent activity caught the DAY it happens can be stopped. If you discover even 24 hours after it’s happened, you may be out of luck. That’s why it’s critical that you monitor your account daily and contact the bank IMMEDIATELY if you see any suspicious activity.
Second, if you do online banking, dedicate ONE computer to that activity and never access social media sites, free e-mail accounts (like Hotmail) and other online games, news sites, etc. with that PC. Remove all bloatware (free programs like QuickTime, Adobe, etc.) and make sure that machine is monitored and maintained behind a strong firewall with up-to-date anti-virus software. And finally, contact your bank about removing the ability for wire transfers out of your account and shut down any debit cards associated with that account. All of these things will greatly improve the security of your accounts.
If you are concerned about employees and the dangers of cybercriminals gaining access to your network, then call us about how we can implement a managed security plan for your business.
At no cost or obligation, we’ll send one of our senior certified technicians to your office to conduct a free Security And Backup Audit of your company’s overall network health and screen it for different data-loss and security loopholes, including small-print weasel clauses used by all 3rd-party cloud vendors, giving them zero responsibility or liability for backing up and securing your data. We’ll also look for common places where security and backup get overlooked, such as mobile devices, laptops, tablets and home PCs. At the end of this free audit, you’ll know:
You’ve spent a lifetime working hard to get where you are. You earned every penny and every client. Why risk losing it all? Get the facts and be certain your business, your reputation and your data are protected. Call us at 262-264-0959.
Late last March, the infrastructure of Atlanta was brought to its knees. More than a third of 424 programs used nearly every day by city officials of all types, including everyone from police officers to trash collectors to water management employees, were knocked out of commission. What’s worse, close to 30% of these programs were considered “mission critical,” according to Atlanta’s Information Management head, Daphne Rackley.
The culprit wasn’t some horrific natural disaster or mechanical collapse; it was a small package of code called SAMSAM, a virus that managed to penetrate the networks of a $371 billion city economy and wreak havoc on its systems. After the malicious software wormed its way into the network, locking hundreds of city employees out of their computers, hackers demanded a $50,000 Bitcoin ransom to release their grip on the data. While officials remain quiet about the entry point of SAMSAM or their response to the ransom, within two weeks of the attack, total recovery costs already exceeded $2.6 million, and Rackley estimates they’ll climb at least another $9.5 million over the coming year.
It’s a disturbing cautionary tale not only for other city governments, but for organizations of all sizes with assets to protect. Atlanta wasn’t the only entity to buckle under the siege of SAMSAM. According to a report from security software firm Sophos, SAMSAM has snatched almost $6 million since 2015, casting a wide net over more than 233 victims of all types. And, of course, SAMSAM is far from the only ransomware that can bring calamity to an organization.
If you’re a business owner, these numbers should serve as a wake-up call. It’s very simple: in 2019, lax, underfunded cyber security will not cut it. When hackers are ganging up on city governments like villains in an action movie, that’s your cue to batten down the hatches and protect your livelihood.
The question is, how? When ransomware is so abundant and pernicious, what’s the best way to keep it from swallowing your organization whole?
1. BACK UP YOUR STUFF
If you’ve ever talked to anyone with even the slightest bit of IT knowledge, you’ve probably heard how vital it is that you regularly back up everything in your system, but it’s true. If you don’t have a real-time or file-sync backup strategy, one that will actually allow you to roll back everything in your network to before the infection happened, then once ransomware hits and encrypts your files, you’re basically sunk. Preferably, you’ll maintain several different copies of backup files in multiple locations, on different media that malware can’t spread to from your primary network. Then, if it breaches your defenses, you can pinpoint the malware, delete it, then restore your network to a pre-virus state, drastically minimizing the damage and totally circumventing paying out a hefty ransom.
2. GET EDUCATED
We’ve written before that the biggest security flaw to your business isn’t that free, outdated antivirus you’ve installed, but the hapless employees who sit down at their workstations each day. Ransomware can take on some extremely tricky forms to hoodwink its way into your network, but if your team can easily recognize social engineering strategies, shady clickbait links and the dangers of unvetted attachments, it will be much, much more difficult for ransomware to find a foothold. These are by far the most common ways that malware finds it way in.
3. LOCK IT DOWN
By whitelisting applications, keeping everything updated with the latest patches and restricting administrative privileges for most users, you can drastically reduce the risk and impact of ransomware. But it’s difficult to do this without an entire team on the case day by day. That’s where a managed services provider becomes essential, proactively managing your network to plug up any security holes long before hackers can sniff them out. The bad news is that ransomware is everywhere. The good news is that with a few fairly simple steps, you can secure your business against the large majority of threats.
Robert Herjavec was born poor in former Yugoslavia in the midst of a widespread communist reform that left little room for dissidents. He might have stayed there forever except for the fact that his father was one of these dissidents – and a vocal one at that. So much so, in fact, that he was thrown into jail 22 times for speaking out against the government. After the final time, Herjavec’s father gathered his things, his children and his wife and crossed the border into Italy. From there, he got on a boat and, like millions of immigrants just like him, made his way across the Atlantic Ocean to North America.
But that’s not what Robert Herjavec, one of the famous investors on ABC’s Shark Tank, is known for. He’s better known for building companies out of nothing, including the massive IT security firm Herjavec Group, and turning them into multimillion-dollar successes. He is always extremely eager to share all he’s learned in the industry, but by his humility. I suppose when you’re the living embodiment of a rags-to-riches story, you gain an appreciation for exactly what it takes to realize your vision for a successful business. Herjavec has a lot to say during his talks, but there are three main points that stand out.
1. IT ALL COMES DOWN TO SALES.
The one thing that Herjavec really wants to hammer home is the importance of sales. “Nothing happens until you sell something,” he says. “What’s the difference between really big companies that grow and really small companies that stay the same size? Sales.”
Over the years, Herjavec has bought and sold 13 companies, and he’s learned the best approach to determine whether a potential buy is worth it or not. As a potential investor, one of the questions he always asks is, “How do you guys get customers? How do you guys find new business? And if the answer is anything along the lines of ‘word of mouth,’ I know these guys aren’t going anywhere.” The fact is that word of mouth is hard to control and almost impossible to scale. To truly drive the growth of your company, he says, you can’t think of sales as “a foreign object that controls what you do.” You have to see it for what it is – “an extension of what you do.”
2. NO, REALLY – IT ALL COMES DOWN TO SALES….EVERY DAY.
“Nobody in this room makes money from shuffling paper,” Herjavec says. “If one of your top three tasks every day isn’t ‘Sell something,’ you’re going to fail.” The only way to create “constant forward momentum” is by bringing in new revenue, and the only way to do that is to sell.
3. YOU CAN’T BE AFRAID TO SELL.
There are people in every industry are always worried about overloading themselves. “We’re struggling to serve the customers we have already,” they say. “What happens if we really do bring in a bunch of new ones?”
This line of thinking will get you nowhere. “It’s a common fallacy,” Herjavec said. “Engineers want to make it perfect before they sell it. True entrepreneurs jump out of the airplane and have the confidence that they’ll figure out the parachute on the way to the bottom.”
The key is to find your niche. Sales takes a long time to learn – years and years of trial and error. But if you can “figure out who you’re selling to,” as he puts it, you’re already ahead of your competition. Find the factor that differentiates you from the sea of similar companies, leverage your strengths and sell until you drop. That’s the path to success and, as hard as it is, there isn’t any other. Go on Shark Tank sometime and Robert Herjavec will be the first to tell you.
If your data is important to your business and you cannot afford to have your operations halted for hours, days – or even weeks – due to data loss or corruption, then you need to read this report and act on the information shared. A disaster can happen at any time on any day and is likely to occur at the most inconvenient time. If you aren’t already prepared, you run the risk of having the disaster coming before you have in place a plan to handle it. This report will outline 10 things you should have in place to make sure your business could be back up and running again in the shortest amount of time in the event of a disaster.
1. HAVE A WRITTEN PLAN.
As simple as it may sound, just thinking through in ADVANCE what needs to happen if your server has a meltdown or a natural disaster wipes out your office, will go a long way in getting it back fast. At a minimum, the plan should contain details on what disaster could happen and a step-by-step process of what to do, who should do it and how. Also include contact information for various providers and username and password information for various key web sites. Writing this plan will also allow you to think about what you need to budget for backup, maintenance and disaster recovery. If you can’t afford to have your network down for more than a few hours, then you need a plan that can get you back up and running within that time frame. You may want the ability to virtualize your server, allowing the office to run off of the virtualized server while the real server is repaired. If you can afford to be down for a couple of days, there are cheaper solutions. Once written, print out a copy and store it in a fireproof safe, an offsite copy (at your home) and a copy with your IT consultant.
2. HIRE A TRUSTED PROFESSIONAL TO HELP YOU.
Trying to recover your data after a disaster without professional help is business suicide; one misstep during the recovery process can result in forever losing your data or result in weeks of downtime. Make sure you work with someone who has experience in both setting up business contingency plans (so you have a good framework from which you CAN restore your network) and experience in data recovery. We can recommend some reputable companies we’ve worked with in the past, if needed.
3. HAVE A COMMUNICATIONS PLAN.
If something should happen where employees couldn’t access your office, e-mail or use the phones, how should they communicate with you? Make sure your plan includes this information including MULTIPLE communications methods.
4. AUTOMATE YOUR BACKUPS.
If backing up your data depends on a human being doing something, it’s flawed. The #1 cause of data loss is human error (people not swapping out tapes properly, someone not setting up the backup to run properly, etc.). ALWAYS automate your backups so they run like clockwork.
5. HAVE AN OFFSITE BACKUP OF YOUR DATA.
Always, always, always maintain a recent copy of your data off site, on a different server, or on a storage device. Onsite backups are good, but they won’t help you if they get stolen, flooded, burned or hacked along with your server.
6. HAVE REMOTE ACCESS AND MANAGEMENT OF YOUR NETWORK.
Not only will this allow you and your staff to keep working if you can’t go into your office, but you’ll love the convenience it offers. Plus, your IT staff or an IT consultant should be able to access your network remotely in the event of an emergency or for routine maintenance. Make sure they can.
7. IMAGE YOUR SERVER.
Having a copy of your data offsite is good, but keep in mind that all that information has to be RESTORED someplace to be of any use. If you don’t have all the software disks and licenses, it could take days to reinstate your applications (like Microsoft Office, your database, accounting software, etc.) even though your data may be readily available. Imaging your server is similar to making an exact replica; that replica can then be directly copied to another server saving an enormous amount of time and money in getting your network back. Best of all, you don’t have to worry about losing your preferences, configurations or favorites.
8. NETWORK DOCUMENTATION.
Network documentation is simply a blueprint of the software, data, systems and hardware you have in your company’s network. Your IT manager or IT consultant should put this together for you. This will make the job of restoring your network faster, easier AND cheaper. It also speeds up the process of everyday repairs on your network since the technicians don’t have to spend time figuring out where things are located and how they are configured. And finally, should disaster strike, you have documentation for insurance claims of exactly what you lost. Again, have your IT professional document this and keep a printed copy with your disaster recovery plan.
9. MAINTAIN YOUR SYSTEM.
One of the most important ways to avoid disaster is by maintaining the security of your network. While fires, floods, theft and natural disasters are certainly a threat, you are much more likely to experience downtime and data loss due to a virus, worm or hacker attack. That’s why it’s critical to keep your network patched, secure and up-to-date. Additionally, monitor hardware for deterioration and software for corruption. This is another overlooked threat that can wipe you out. Make sure you replace or repair aging software or hardware to avoid this problem.
10. TEST, TEST, TEST!
A study conducted in October 2007 by Forrester Research and the Disaster Recovery Journal found that 50 percent of companies test their disaster recovery plan just once a year, while 14 percent never test. If you are going to go through the trouble of setting up a plan, then at least hire an IT pro to run a test once a month to make sure your backups are working and your system is secure. After all, the worst time to test your parachute is AFTER you’ve jumped out of the plane.
WANT HELP IMPLEMENTING THESE 10 ESSENTIALS?
Call For A <<FREE Disaster Recovery Audit>>
Somehow, 2019 is already here and business owners across the country are taking a close look at their finances, scratching their heads as they inspect their budgets, line by line, to cut everything that isn’t absolutely necessary and searching for new investments that will boost their bottom line. In the midst of all this, many leaders take a long, hard look at their technology budgets. Chances are those budgets are a far cry from where they should be.
Many business owners – especially those running smaller organizations with tighter resources – assume that IT is the ideal spot to cut costs. But they forget that, today, technology is the foundation upon which their business is built. We can almost guarantee that if you partner with a cut-rate IT support company, you will sorely regret it down the line. You’ll end up spending thousands more on broken equipment, broken networks, and broken systems. You’ll lose customers due to server downtime and you may even fold completely under the weight of a cyber-attack.
The minuscule amount you’ll save by hiring a cheap support company will be vastly outweighed by the long-term cost of your decision. It is just not worth it. While looking at your budget this year, check whether you’re making one of these three potentially deadly mistakes with your IT investment. It might just save your company.
1. YOU’RE INVESTING IN A “BREAK-FIX” APPROACH.
This is the primary place where bargain-priced IT support companies cut costs. Instead of proactively managing your network, their technicians hardly touch your network until something breaks and it’s time to fix it. Sure, this way is cheaper in the short term, but when you consider the enormous crises that can arise when something that could have easily been avoided shuts down, the true expense quickly becomes obvious. Not only will your business suffer many more tech catastrophes than they would if you partnered with a more reputable company, but those catastrophes will take significantly longer to fix. A technician who shows up only when something’s wrong simply doesn’t know your network as well as somebody who works with it all the time.
2. YOU’RE INVESTING IN A COMPANY THAT DOESN’T BOTHER BEING PROACTIVE.
Technology shifts rapidly day by day. The arms race between hackers and security software designers is constantly happening behind the scenes, as is the staggering pace at which hardware and software become supplanted by newer, better options. Without a managed services provider keeping you abreast of the latest tech trends, you’re both incredibly vulnerable to cyber-attacks and at risk of falling behind your competitors. Technology shouldn’t just be something you set up and hope it doesn’t break; it should be something you and your team are actively leveraging to maximize your impact. A managed services provider is genuinely invested in your success and will do everything they can to help you do exactly that.
3. LET’S FACE IT: YOU’RE JUST UNDERINVESTING.
In order to keep your company at the top of its game, you need to invest in your technology in accordance with how vital it is to your day-to-day operations. If you believe that tech is essential for your success, is it something worth cutting corners on? Allocating your resources to support your technology is more than a baseline cost to stay alive in the business world – it’s an investment that can substantially increase your bottom line and amplify the reach, scope and efficacy of your operation. So, this year, as you comb through document after financial document, ask yourself: are you really doing all you can with the technology at your disposal?
WANT HELP IMPLEMENTING THESE 10 ESSENTIALS?
Call For A <<FREE Disaster Recovery Audit>>
Error: Contact form not found.