3 More Reasons You Are an Easy Cybercrime Target

/in ,

Cyber AttackLast week, we gave you three reasons why you, as a small or midsize business, are a viable and desirable target for cyber criminals.

If those reasons don’t give you enough reason to act, here are three (3) more reasons SMBs, and you, a target for cyber criminals…

SMB data is increasingly networked

  • All of your systems — databases, email, documents, marketing, point-of-sale, and more — are likely running on a single network.
  • Access to one of your systems can lead to access to others. Target’s POS system was hacked using a security flow in the HVAC monitoring system running on the same network.
  • Moving data and systems into secure cloud solutions, and segregating network traffic minimizes the cross-over risk.

SMBs are using consumer products for business data

  • Consumer grade services are often more affordable, but often lack the security and data protection features of the higher-priced, business versions.
  • Separate work and home and use solutions designed for business, and, make sure to configure the security and privacy setting accordingly.

SMBs are often lax when it comes to security

  • Many small businesses operate in an environment of trust; people know and trust one another. This trust can be exploited by a disgruntled employee or an outsider.
  • Keep user identity management and passwords private and secure; Manage administrator and “super user” passwords so that they are unique, complex, and secure.
  • Keep servers and systems with sensitive data/access secure; enforce screen locking and passwords.
  • Educate your staff on security risks and behaviors.

 

Taking cyber security seriously is the first and best step in protecting your business, employees, and customers. Protection need not be overly complex; nor must reasonable protection be a budget busting expense. Reasonable measures balance cost and security.

Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.

 

 

 

3 Reasons You Are an Easy Cybercrime Target

/in , ,

Cyber AttackAs we’ve mentioned before, more small and midsize businesses (SMBs) are falling victim to cybercrime. You might believe that hackers won’t bother targeting your business due to its small size. However, it is crucial to recognize that cybercrime aimed at smaller companies is undeniably escalating, and you could be the next cybercrime target if you do not take the necessary precautions.

According to HP’s Cyber Security and Your Business report, Cybercrime costs SMBs 4.2 times more per employee than larger businesses, and 60% of SMBs that experience a data breach are out of business in six months.

So, why exactly are cybercriminals interested in your business, and more importantly, what actions can you take to combat this threat?

Why Small Businesses are Prone to Cybercrime

It’s essential for you to acknowledge the following three reasons why you may be seen as an easy target for cybercrime and take proactive and defensive measures to protect your business.

1. SMBs spend less on security while larger businesses are increasing their security protections.

  • Your business is an easier cybercrime target because you are more likely to lack basic protections. In effect, you may attract cyber criminals because you are an easier target.
  • Budget for, and implement, reasonable protections covering user identities, access controls, user permissions, data loss prevention, and employee awareness and training.

2. SMBs do not have in-house security expertise.

  • Keeping up with risks and trends is time consuming, above and beyond ensuring that your security measures are updated and working on a day-to-day basis.
  • Leverage technology and your IT partners for automated solutions and expertise, as well as on-going management of your security and privacy solutions.

3. SMBS are moving into the cloud.

  • Using cloud applications and storage makes sense. But, your data is no longer behind a physical or logical “firewall”.  Protecting your data means protecting the cloud systems and services you use.
  • Always select business-grade services over consumer services. Implement all security features, including 2 Factor Authentication. And, when possible, integrate access to cloud services into a single system for managing user identities. And, do not forget to train, and periodically remind, your staff how their awareness and actions can allow or prevent an attack.

15 Actions You can take to Improve Your Cybersecurity

  1. Implement a robust cybersecurity strategy tailored to your business needs, including firewalls, intrusion detection systems, and antivirus software.
  2. Regularly update and patch all software and operating systems to protect against known vulnerabilities.
  3. Conduct regular security audits and risk assessments to identify and address potential weaknesses in your systems.
  4. Train your employees on cybersecurity best practices, such as recognizing phishing attempts, creating strong passwords, and handling sensitive data securely.
  5. Implement strict access controls and user privileges to limit unauthorized access to sensitive information.
  6. Encrypt sensitive data both in transit and at rest to protect it from interception or theft.
  7. Backup your data regularly and store backups in separate, secure locations to ensure data recovery in case of a breach or system failure.
  8. Develop and enforce a strong password policy, including the use of complex passwords and regular password changes.
  9. Enable multi-factor authentication (MFA) for all user accounts to add an extra layer of security.
  10. Monitor your network and systems for any unusual or suspicious activity using intrusion detection and prevention systems.
  11. Stay informed about the latest cybersecurity threats and trends through industry publications, forums, and reputable security organizations.
  12. Establish an incident response plan that outlines the steps to be taken in the event of a cybersecurity incident, including notification procedures and communication channels.
  13. Regularly educate your employees on emerging threats and provide ongoing training to ensure their knowledge remains up to date.
  14. Limit the use of personal devices for work-related activities and enforce strong security measures for those devices that are permitted.
  15. Partner with reputable cybersecurity vendors or consultants to get expert advice and assistance in securing your systems.

By implementing these actions and cybersecurity best practices, you can significantly reduce the risk of cybersecurity breaches and protect your business from potential threats. Remember, cybersecurity is an ongoing effort that requires continuous vigilance and adaptation to evolving threats.

It’s always a good time to perform a review of your IT security and data privacy policies, procedures, and systems.  Doing so is an affordable way to protect your business, your employees, and your customers from cyber crime. The cost of prevention is miniscule compared to the cost of a breach.

Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.

 

3 Reasons to Consider Replacing Active Directory

/in ,

Identity ManagementActive Directory was designed for on-premise local and enterprise networks.  As the use of cloud continues to move forward, Active Directory has not adapted as quickly as needed to provided robust, unified, identity management.  Here are three (3) reasons to consider replacing (or augmenting) Active Directory.

1) Active Directory is not “Cloud Ready”

According to a survey by security firm BetterCloud, almost 50% of SMBs will be all cloud by 2020, up from 15% today. Even SMBs are using more than one cloud service.

Keeping Active Directory means setting up sync services and other tools across multiple cloud platforms — a complex and expensive solution.

2) Users are Mobile and Working Remotely

Global Workplace Statistics reports that between 20% and 25% of employees already work remotely on a semi-regular or regular basis. And, 50% of employees hold jobs that are compatible with remote work. Since 2005, remote work has grown 103% and continues to grow.

Keeping Active Directory means requiring employees to log into the corporate domain when working remotely, typically by VPN. This is slow and cumbersome for users, and expensive to setup and maintain.

3) The Windows-Only World is Gone

Macs are normal part of the ecosystem; Computerworld reports that 90% of Fortune 500 companies officially support Apple desktops, laptops, and tablets. Chrome devices are starting to move from education to the business market. And, most employees work at least some of their day on smartphones or tablets; iOS and Android are now business operation systems.

Keeping Active Directory means bridging identity management and policies between network operating systems or adding third party products to properly manage users and devices.

The good news is that you do not need to live with the cloud-related limitations of Active Directory. You can run directory services, manage identities, and control access to devices (even when off-network) with cloud-based directory services. These services simply administration and provide a single system of record for user identities.

Want to learn more or give it a try? Contact us and we will show you how.

 

Fast Fact Friday: Cloud Adoption Trends Up

/in ,

Fast FactAs reported by CloudTech, a recent survey of more than 500 IT professionals in companies with 50 to 2000 employees …

  • 20% report extensive use of cloud
  • 52% report significant use of cloud
  • 24% report modest use of cloud

And, 56% of respondents indicated that cloud use will increase over time.

 

Heads Up: Google Drive Desktop Ending Support for Win XP, Vista, Server 2003

/in ,

Important UpdateIn case you missed this …   Google is ending support for the Google Drive desktop app on January 1, 2017 for MS Windows XP, Windows Vista, and Windows Server 2003.  As Google will no longer test or support the Google Drive app on these platforms, you are unprotected if the app fails to work.  While the app may still work, Google will no longer test or provide updates — leaving you at risk for errors including data corruption and loss.

If you are still using one of these operating systems and need to  running the Google Drive app, contact us about upgrading your version of Windows.

Myth Busting Monday: Office 365 Updates Will Break our Business Applications

/in ,

Office365-Logo-and-textYour business depends on your employees being able to use business-critical applications.  You want and need your applications to be available and reliable, and the integration with Office needs to work.

Office 365 is Designed to Work with Your Business Applications

Microsoft is committed to Office 365 compatibility with the tools you use every day. They do this by:

  • Using one worldwide standard for desktop applications with the familiar tools you use and love, including Word, Excel, and Powerpoint.
  • Minimizing object model and API changes in updates and fixed that might interfere with other applications. Chances are, if your business application works with Office 2010, 2013, or 2016 today, it will work with Office 365.
  • Closely collaborating with leading software vendors, providing them with tools, and helping them test and maintain compatibility with Office 365.
  • Providing you with best-practice guidance for update management and software development.
  • Allowing side-by-side installation of Office 365 ProPlus with older versions of office, giving you and your software vendors time to address any issues.

With a clear commitment backed by action, Microsoft lowers the risk of compatibility issues with Office 365 in ways that exceed their historical support for MS Office.

This is the ninth post in a multi-part series designed to help companies better assess the opportunity and value of cloud-based solutions. Contact us to schedule a free, no-obligation Cloud Advisor session to discuss your priorities and plans.

Shield Your Data: Learn How to Prevent Ransomware Attacks with These 3 Effective Methods

/in ,

Looking at the frequency and scope of ransomware attacks, and the number of small and midsize businesses falling victim, we remain surprised at how many SMBs are not yet taking steps to prevent the problem. If you don’t work to prevent ransomware attacks it can result in devastating financial and reputational consequences, making prevention a critical priority for businesses of all sizes. In this article, we’ll explore what ransomware is, how it works, and most importantly, what steps you can take to protect your organization against this threat.

What Is Ransomware and How Can it Affect Your Business?

Ransomware is a type of malicious software designed to encrypt files or lock computer systems, effectively holding them hostage until a ransom is paid. It infiltrates a system through various means, such as phishing emails, malicious downloads, or exploiting software vulnerabilities. Once the ransomware infects a device or network, it quickly encrypts files, rendering them inaccessible to the owner.

A ransomware attack with no data loss can still cost your business $1,500 per employee, or more, in recovery costs and lost productivity. Organizations all throughout the world detected 493.33 million ransomware assaults in 2022, emphasizing the importance of good ransomware prevention techniques. 

Recently on our 3T@3 Webcast we focused on Ransomware, and following that we also published a Business Guide to Ransomware. Both highlighted the need for our Security CPR® (communicate, prevention, recover) managed security services methods .

3 Proactive Methods to Prevent Ransomware and Protect Your Data

1. Communicate:

Educate and train employees on how not to fall victim; provide clear policies and procedures that reinforce positive behaviors.

2. Prevention:

Deploy technologies in support of your policies and procedures with multi-layered protection against malware and, specifically, ransomware.

3. Recover:

No prevention is perfect; have backup and continuity systems in place that enable a quick return to normal operations.

While most of the SMBs and schools we speak with understand and have some of the ransomware prevention and recovery solutions in place, the up-front education is missing. These businesses and schools remain vulnerable targets.

Earlier this year, we announced a strategic partnership with Privacy Ref, offering affordable Privacy Solutions for SMBs, including a subscription-based Privacy Education Program. For a small base fee and $10 per employee per year, we help ensure your team understands the risks, the importance of awareness, and how to avoid becoming a victim.

For a fraction of the cost of an attack, you can empower your team to avoid and prevent it from happening.

Contact us for more information.

 

 

Fast Fact Friday: AWS vs Azure vs Google

/in ,

fastfacts2According to the RightScale 2016 State of the Cloud report …

57% of respondents are running applications on Amazon Web Services. 

30% are running apps in Microsoft Azure Iaas and PaaS.

13% are running Apps on Google Cloud Platform and App Engine

 

Are you moving to the cloud? Is your roadmap in line with your business goals? Contact us for a no-obligation Cloud Advisor session.

Fast Fact Friday: SMB IT in the Cloud

/in ,

fastfacts2According to a survey of 1,500 SMB IT leaders by BetterCloud in the spring of 2015 …

49% of SMBs expect to run 100% of their IT in the cloud by 2020.

Are you moving to the cloud? Is your roadmap in line with your business goals? Contact us for a no-obligation Cloud Advisor session.