Posts

Business Continuity

Risk and Reward – Protecting the Value of Your Business

Business ContinuitySeveral weeks ago, in a town not far from our headquarters, a massive fire destroyed a building housing six small businesses.  Our local business journal followed up a few weeks after the disaster with a poll asking business owners how prepared they are for a major disaster.

  • Fewer than 50% of responding business owners feel that they are fully insured, have an emergency plan, and could be up and running in a few days.
  • 39% feel that it could take a month or so, but they could eventually reopen
  • 17% felt they would be out of business or would required state and local aid to survive

While not a scientific sampling, the results are alarming.  Alarming for a few reasons:

  • Even with insurance, it can take days or weeks to get authorization so you can move forward with your emergency plan.  Securing a new location and replacing fixtures, inventory, etc. takes time, as does recovering computer systems and data.
  • More than 50% of businesses closed for 7 days due to a disaster fail within 6 months of reopening.  While many businesses might re-open in a month, the future will be challenging.

Your Risks are Yours

A major fire in a block of retail and service businesses creates specific challenges, as do storms and floods.  Many more businesses, however, experience disasters equal or greater in scope even if they do not have the same level of physical damage. Some examples we have seen.

  • A distributor of customized office supplies lost all electronic business records for the past three years when they where hit by ransomware. The attack corrupted their on-site backup servers as well as their main file and database servers.
  • A news publisher lost all of their physical servers, firewalls, and networking equipment when a sprinkler head failed in their small equipment room.
  • A small plastics manufacturer lost the ability to use their process control systems when embedded Windows workstations were corrupted by a malware attack.

In each of these examples, businesses with customer commitments, production schedules, and deadlines were idled for days. For some, full recovery can take months.  Beyond the hard cost of recovering systems and data, these businesses suffered from soft cost losses.  Missed customer commitments, delayed invoicing and collections, and the time employees spent on the recovery effort all have lasting impacts on your business.

Business Continuity is a not just a good idea, it is a responsibility. 

As business owners, our employees, vendors, and customers count on us.  While people can empathize with the impact of a fire, there is less understanding for businesses that fall victim to cyber crime.  Malware, phishing, ransomware and other attacks are generally preventable when your team is alert and aware of the risks and when you put reasonable identity, data, and system protections in place. And since no protection is perfect, you need to be able to recover quickly enough for your business to continue operating smoothly.

Here is some food for thought:

  • Know Your RTO:  Understand how quickly your business needs to Return to Operational.  Maybe you can work on paper for a few days. Maybe you need to be up and running in a few hours because you are at a standstill until systems are back online. Your RTO goal will guide your decisions on what protection and recovery/continuity services are the right match for your needs and budget.
  • Assess Your Risk: Understand the different disaster scenarios and how they may impact your business.  Think about physical issues, such as loss of power and catastrophic system failures, as well as other disruptions, such as cyber attacks and potential actions by a disgruntled employee.
  • Watch Your Flank: Asses how different types of threats could impact your business.  We are beyond hiding our computers behind firewalls. We still have physical threats, but we also have threats focused on networks, user identities, access control, third party services, and data sources and services. Each threat vector needs a plan for protection, response, and recovery.
  • Factor in Humanity: We used to talk about balancing security with ease of use.  Today, the humanity equation is different as most IT disasters take advantage of human factors like our fundamental desire be helpful when asked. In many ways, your team is your best defense. They need to understand the risks, the methods of manipulation, and the signs that something is not quite “right”.  Your team needs to understand the value of inconveniences like multi-factor authentication and enhanced privacy and access controls — that these protect them as well as the company.

Your next step.

Contact us.  It is time for a serious conversation about protecting the value of your business.  A basic assessment of your business continuity profile will identify risks and gaps. From there, we can discuss improvements and their business value so you can make informed decisions that balance your risks, needs, and budget.  Business Continuity solutions — from disaster prevention through recovery — do not need to bust your budget.   For most business, changes in security settings on existing systems paired with modest, incremental services provide the protection and recover-ability you need.

Cyber Attack

3 More Reasons You Are an Easy Cybercrime Target

Cyber AttackLast week, we gave you three reasons why you, as a small or midsize business, are a viable and desirable target for cyber criminals.

If those reasons don’t give you enough reason to act, here are three (3) more reasons SMBs, and you, a target for cyber criminals…

SMB data is increasingly networked

  • All of your systems — databases, email, documents, marketing, point-of-sale, and more — are likely running on a single network.
  • Access to one of your systems can lead to access to others. Target’s POS system was hacked using a security flow in the HVAC monitoring system running on the same network.
  • Moving data and systems into secure cloud solutions, and segregating network traffic minimizes the cross-over risk.

SMBs are using consumer products for business data

  • Consumer grade services are often more affordable, but often lack the security and data protection features of the higher-priced, business versions.
  • Separate work and home and use solutions designed for business, and, make sure to configure the security and privacy setting accordingly.

SMBs are often lax when it comes to security

  • Many small businesses operate in an environment of trust; people know and trust one another. This trust can be exploited by a disgruntled employee or an outsider.
  • Keep user identity management and passwords private and secure; Manage administrator and “super user” passwords so that they are unique, complex, and secure.
  • Keep servers and systems with sensitive data/access secure; enforce screen locking and passwords.
  • Educate your staff on security risks and behaviors.

 

Taking cyber security seriously is the first and best step in protecting your business, employees, and customers. Protection need not be overly complex; nor must reasonable protection be a budget busting expense. Reasonable measures balance cost and security.


Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.


 

 

 

Cyber Attack

3 Reasons You Are an Easy Cybercrime Target

Cyber AttackAs we’ve mentioned before, more small and midsize businesses (SMBs) are falling victim to cybercrime.  According to HP’s Cyber Security and Your Business report, Cybercrime costs SMBs 4.2 times more per employee than larger businesses, and 60% of SMBs that experience a data breach are out of business in six months.

Why are SMBs, and you, a target for cyber criminals?

SMBs spend less on security while larger businesses are increasing their security protections.

  • Your business is an easier target because you are more likely to lack basic protections. In effect, you may attract cyber criminals because you are an easier target.
  • Budget for, and implement, reasonable protections covering user identities, access controls, user permissions, data loss prevention, and employee awareness and training.

SMBs do not have in-house security expertise.

  • Keeping up with risks and trends is time consuming above and beyond ensuring that your security measures are updated and working on a day-to-day basis.
  • Leverage technology and your IT partners for automated solutions and expertise, as well as on-going management of your security and privacy solutions.

SMBS are moving into the cloud.

  • Using cloud applications and storage makes sense. But, your data is no longer behind a physical or logical “firewall”.  Protecting your data means protecting the cloud systems and services you use.
  • Always select business-grade services over consumer services. Implement all security features, including 2 Factor Authentication. And, when possible, integrate access to cloud services into a single system for managing user identities. And, do not forget to train, and periodically remind, your staff how their awareness and actions can allow or prevent an attack.

 

Start the new year off right with a review of your IT security and data privacy policies, procedures, and systems.  Doing so is an affordable way to protect your business, your employees, and your customers from cyber crime. The cost of prevention is miniscule compared to the cost of a breach.


Interested in ensuring you are protected, contact us for a free Cloud Advisor Session, or learn about our data protection solutions and our privacy solutions.


 

Yahoo Mistreats Customers

Yet Another Yahoo! Breach

Yahoo Mistreats CustomersFor the second time this year, Yahoo! acknowledges a major security breach.  This time, the breach occurred in 2013, resulting in the data loss of roughly 1 billion, (Yes, BILLION) accounts.  More than usernames and passwords this breach included security questions and answers.

But, here are the scary facts:

  1. Yahoo! was unaware of the breach until a third party notified them that their user information was for sale on the “dark web”
  2. Yahoo! admits it was unaware of the breach and does not know how it happened

Because Yahoo! accounts are used behind the scenes in multiple services, and you may be using your Yahoo! identity for other sites and apps, the potential impact of the breach is just plain scary.


Maybe it is time to Move From Yahoo!.  Contact us to learn how.