Posts

Risk assessment: A Value model

Risk assessment means looking at all the conditions, situations and threats that exist that could damage or bring down your business. Risk assessment is all about identifying the external and internal threats that exist and measuring the likely consequences if that threat becomes reality. A data security risk assessment would identify what data you have, how you use it, how confidential it may be, how it is affected by regulations and the ways it could be compromised. A major focus of a data security assessment is cybercrime.

In terms of developing an IT staff, the alternative approach to building out a team is to determine your IT staffing needs in terms of risk assessment. That means evaluating risk and directing staffing resources to those areas where the risk is greatest and the consequences most severe. Basically, it is an evaluation on the ROI of your IT staffing in light of identified risk. In particular, what is the return on your risk management investment? The goal is to evaluate risk in light of business and operational consequences. Put simply, which point of failure leads to the most destructive consequences. Once that is determined your limited IT resources can be directed at those most critical areas.

In the short term, you can try to find the specific applicants that have what you need to plug the holes. Is that workable given the challenges to hiring? The market is very competitive.

The alternative is an MSP. Using a Managed Service provider for at least some of your most critical needs can be a very effective way of targeting your IT resources to where you are most vulnerable.

You have more freedom to move resources to where they are most needed.

Opting for an in-house IT team limits you in terms of scalability. You cannot just add or reduce the strength of your IT team anytime. Choosing a managed services provider, however, provides the flexibility to scale up or scale down your IT investment to suit your business needs.

You are better prepared for IT emergencies

Having a service contract with an MSP helps you tackle IT emergencies better because you get access to top-level IT expertise. An MSP’s core business is IT so they are naturally more knowledgeable and up-to-date when it comes to the latest IT challenges, including cybercrime. Plus, an MSP can deploy more resources if need be to solve your IT emergency, helping your business get back on its feet sooner.

You will be ahead of the curve

The IT industry is constantly evolving. The in-house IT team may find it challenging to keep up with the latest trends and norms of the IT industry as they will be caught up in managing the day-to-day IT activities at your office. Also, IT is a very broad field, and only a diverse IT team has the depth to cover all of the different areas. With an MSP, you don’t have to worry about how technology is changing. A good MSP will not only be up-to-date with the latest in tech but also advise you on what tech changes you need to make to stay ahead of the curve.

The lesson for hiring IT is that you should focus resources, be they in-house or external, on the areas where your business is at highest risk from a single point of failure or a cyber attack. Not all IT needs are equal, and traditional models don’t always recognize this. A Managed Service Provider can also assist you in determining a hierarchy of your IT needs.

/by

Forego the standard IT staffing model?

From the outset, even the smallest start-up is reliant on an IT infrastructure. Digital technology cannot be avoided. For small-to medium-sized businesses, developing and bringing on staff to support that IT infrastructure is often a low priority compared to ramping up operations and meeting the revenues goals necessary to stay operational. Resources to address IT needs may not be available (for at least, perceived to be unavailable) Management is focussed on revenue growth and meeting operational and business requirements. Management may also be incentivized to direct available funds in these directions, rather than building out a robust and sufficiently risk averse IT infrastructure. Also, management may not have the background that provides sufficient experience to identify areas where IT staffing is necessary to maintain a stable and sustainable business.

In a small- to medium-sized business beginning to explore the development of an IT support staff, or even in a large organization undergoing significant transformation, there may be a tendency to begin the process of IT staffing with a top level individual–a CTO, IT director or IT manager. Once hired, that individual would be relied on to begin the process of building out an IT staff.

Problems facing organizations: initiating an IT staff build-out

For any organization, from a small firm looking to bring on its first dedicated IT staffer to a large organization, there are a number of hurdles that may be encountered. One of the most immediate is the shortage of available IT professionals. No matter what your needs, it may be difficult to find appropriately skilled applicants to meet your staffing requirements. This may mean that following the top-down development model may cause risky delays in your goal of protecting and securing the IT infrastructure needed to remain competitive. The job market in IT is especially competitive. This is just one reason we are suggesting that you consider setting aside the top-down build-out model and take a different approach.

Another reason that the top-down model may be problematic, especially for small- to medium-sized businesses, is that it may be a little too “perfect.” When resources for IT staffing are limited, creating the IT department that covers everything can be unrealistic. Creating this traditional model takes time and resources to make sure you have the IT support that possesses all the diverse skills needed to meet the many requirements of a sound IT infrastructure. As a result, this model may not truly meet the immediate/urgent needs of a developing or transforming organization. As ever, the perfect may be the enemy of the good.

So how does a firm looking to strengthen its IT infrastructure and protect itself from vulnerabilities–from cyber attack to single point of failure– protect itself? Lack of available applicants and limits make traditional build outs unrealistic. And will also take too long to address urgent needs.

In our next blog post we discuss a value based approach

/by

Cyber insurance 101

,

What is cyber insurance

With cybercrime becoming a major threat to businesses across the world, irrespective of their size, cyber insurance is fast becoming a necessity more of a necessity than a choice. However, the concept of cyber insurance is still fairly new and not many SMBs are aware of its benefits. Cyber insurance is an insurance that covers your liability in the event of your business becoming a victim of cybercrime. For example, a data breach puts you at risk of lawsuits, makes you liable to your customers/other parties whose data has been compromised because of/via your organization. Cyber insurance covers the financial aspect of such liabilities, making it easier for you to deal with them.

Why do you need cyber insurance

Many organizations think of cyber insurance as an added cost. They believe they don’t need it for various reasons.

Bigger organizations think their IT security measures are watertight and they won’t fall victim to cybercrime, and they also tend to believe that even if they are affected in a one-off case of cybercrime, they are solid enough to discharge their liabilities and come out of the incident with their brand value intact.

SMBs, on the other hand, think cybercriminals are most likely to target the bigger players and they don’t need cyber insurance. But, in reality, it is the smaller businesses that are at a greater threat–primarily, because

  1. They lack the resources to strengthen their IT infrastructure and their staff is less likely to be trained in identifying cyber threats, making them more vulnerable
  2. They are less likely to recover from the damage to their financial and brand health as a result of falling victim to cybercrime

The bottom line is, every organization–big or small, needs cyber insurance today. Cyber insurance, however, is not a replacement for cybersecurity. Having cyber insurance doesn’t mean you can be lax about cybersecurity. It is meant as a buffer, to help.your business survive when something slips through the cracks. An MSP can help you tighten your cybersecurity and prevent data breaches and other untoward incidents. Also, being well versed with the IT industry, your MSP can help you understand the IT risks that you need to get covered for. They can also help you pick out the right cyber insurance policies, in some cases, some of them even being insurance advisors or agents.

/by

Passwords: They seem to have been with us forever.

As we continue to suggest things you can do to protect the integrity of your company and customer data, here is a blog that covers an old level of security that we still rely on everyday. That protection is the password, so let’s talk about bedding up your employee’s handling of passwords.

Password hygiene – Passwords remain the most common everyday tool to ensure only authorized personnel have access to secure material. The issue is that passwords need maintenance and attention to be effective. Here are some common problems to avoid. And again, this requires a routine employee training program.

    1. Passwords that are too simple
      Simple passwords are easy to remember but easy to crack. Words, in any language, are not ideal either. That is why many sites require a mix of letters, characters, and numbers. And yes, some people are still using Myname123.

 

    1. One universal password
      Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. This renders the good password virtually pointless and also increases the amount of damage that can be inflicted in the event that one ‘good’ password is compromised.

 

    1. Unauthorized password sharing
      Generally done with benign intentions, employees often share passwords for convenience or to expedite handling the sharing of data. Not good.

 

    1. Writing down passwords
      Sometimes, people follow all password best practices but find it difficult to remember complicated passwords and then write them down on a piece of paper or worse still, make a file containing all the passwords and store it in their email or computer. This is almost like giving away the keys to your property to a burglar.

 

  1. Forgetting to change passwords to change passwords or revoke access.
    This is an issue where the staff is busy and turnover is high. Managers may fail to remember to change the passwords once a staff member quits, leaving company data vulnerable. This is especially likely in a small company where there may not be a centralized IT staff that oversees data security and access.

Remember, having a password is not sufficient. Having the right kind of password and following good password hygiene is.

Multi-factor Authentication (MFA) – When a password isn’t enough, the next step to improve security is MFA. MFA layers a second authenticator (e.g. another code, picture) etc.) on top of the password requirement. The idea is that if a password is being used by someone not authorized to do so, they won’t be able to provide the second piece of information. Consumers almost always encounter it when accessing financial services sites, but MFA is becoming more common across the board. If you use a credit card at a gas station, that request for your zip code after you insert your credit card is an example of MFA.

/by

5 ways to make passwords more effective

5 ways to make passwords more effective

You should be using an array of security tools to protect your business data. Some can be highly sophisticated, but there is one tool that we all still rely on heavily to secure access to our business systems and data. The password. But they can be hacked and shared. As long as we still rely on them, are there things we can do to make them more effective?
Yes. There are two main areas where you can improve the security of passwords. One is improving the security of the password itself, the second is multi-factor authentication.

First, there is the password itself. This is often known as password hygiene. Good password hygiene includes

Passwords that are too simple

Simple passwords are easy to remember but easy to crack. Words, in any language, are not ideal either. That is why many sites require a mix of letters, characters, and numbers. easy to And yes, some people are still using password123.

One universal password

Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. This renders the good password virtually pointless and also increases the amount of damage that can be inflicted in the event that one ‘good’ password is compromised.

Unauthorized password sharing

Generally done with benign intentions, employees often share passwords for convenience or to expedite handling the sharing of data. Not good.

Writing down passwords

Sometimes, people follow all password best practices but find it difficult to remember complicated passwords and then write them down on a piece of paper or worse still, make a file containing all the passwords and store it in their email or computer. This is almost like giving away the keys to your property to a burglar.

Forgetting to change passwords or revoke access

This is especially an issue where the staff is busy and turnover is high. Managers may fail to remember to change the passwords once a staff member quits, leaving company data vulnerable. This is especially likely in a small company where there may not be a centralized IT staff that oversees data security and access.

Remember, having a password is not the solution. Having the right kind of password and following good password hygiene is.

/by

Why Migrate to the Cloud

If you haven’t already considered migrating your data storage to the cloud, you are probably in the minority of businesses. While it may seem intuitive that somehow your data is safer if it is stored “ at home,” on location at the site of your business, that probably is not correct. Given the ability of skilled cloud service providers to provide redundancy and a level of security unattainable by a small business, storing all your crucial business data on site using in-house support is probably akin to keeping your money under the mattress instead of a bank.

In this blog, we’ll explain what cloud data storage means, and some reasons why it may be a good business decision. In addition, we’ll quickly note some reasons some people get nervous about the security of cloud storage.

What is cloud data storage?

In an earlier time, a business would store all of its data on-site. Individual employees might keep all of their Word and Excel documents filed on their PC. The business might store all of its customer data, financial and accounting information, clients lists, etc., on individual “secure” PCs and then back up to a server located in the equipment room. In this scenario, there are several concerns-

  1. Individual PCs may fail, losing all the data stored there.
  2. Backups generally only happen periodically, thus anything created between backups when something goes wrong is…lost
  3. Backups can fail
  4. Backups require labor from an IT individual
  5. Backups on a server in the equipment room 100 feet from the rest of the office isn’t a secure storage site in case there is an-on location disaster. Fire, flood, etc.
  6. All of that data is vulnerable to cyber attacks and in-house IT professionals probably don’t have the resources necessary to provide the most up-to-date tools to defend against cyber crime
  7. All of that back up infrastructure is expensive.
  8. All of the labor necessary to support it is expensive.

The cloud functions as your off-site storage location where you get some particular benefits.
Cloud providers can generally provide the latest, most secure storage available. They also don’t store it on one machine in one location. Top cloud providers offer redundancy not only on one storage site; your data will be mirrored in a geographically diverse location. A complete natural disaster affecting one server farm will be irrelevant to the safety of your data. Other copies may be across the continent.

So let’s get to specifics.

  1. The Cloud offers economies of scale – If you want to store and protect your own data, you need to purchase all of the hardware and software, all of the servers and backup servers, the uninterruptible power supply in case of a power outage, and hire 24/7 support. In the cloud model, you share all of those expensive fixed costs with hundreds and thousands of other users.
  2. Focus on your business – As a smaller business, you may not have the technical expertise to manage a staff of IT specialists. More importantly, do you have the time to focus your energies on managing IT? You have the job of running your business and bringing in revenues.
  3. Scalability – Does your business peak in summer and winter? To handle your storage needs you need to ramp up hardware bandwidth, labor etc, to meet peak demands. The rest of the year, that equipment may lie fallow. This creates high fixed costs that businesses, especially smaller ones, may not have the ready capital to build out. Cloud providers generally permit you to ramp usage up and down as needed. They have the available resources.
/by

Protecting Your Data on the Cloud

Cloud storage has transformed the way businesses store and manage data, but for some, it also raises concerns about data protection. This blog post discusses a few security measures that can be deployed when using cloud storage.

Data Encryption

One of the fundamental security features of cloud storage is encryption. It ensures that your data remains confidential and protected from unauthorized access. Cloud storage providers use encryption algorithms to protect data both during transit and when stored in their servers. This means that even if an attacker intercepts the data in transit or gains access to the storage servers, the information remains unreadable. Encryption adds an extra layer of security, ensuring that your data remains confidential and secure.

Access Controls and Identity Management

Concerned about access to data? Cloud storage providers offer access controls and other mechanisms to prevent unauthorized access to your data. These features allow you to manage user permissions, granting access only to authorized individuals or groups. With control over access rights, you can define who can view, edit, or share your data. Additionally, multi factor authentication (MFA) adds an extra layer of security by requiring additional verification, such as a code generated on a mobile device, along with a password. This helps prevent unauthorized access even if a password is compromised. Tools like these protect your data and ensure that only trusted individuals can access it.

Data Redundancy and Replication

Cloud storage don’t just store your data in one place. They replicate your data across multiple servers and data centers, often located in different geographical regions. This redundancy means that even if one server or data center fails or experiences an outage, your data remains accessible from alternative locations. Additionally, data is updated in real-time, ensuring that the replicated versions are consistent and up to date. This not only improves data availability but also protects against data loss. By the use of these models, cloud storage providers minimize the risk of data loss due to hardware failures, natural disasters, or other unforeseen events at levels almost impossible for even the largest organizations.

Regular Auditing and Monitoring

Because of their size alone, cloud providers can offer auditing and monitoring activities at extremely high levels of sophistication. They monitor the storage infrastructure, network traffic, and user activities to detect any suspicious or unauthorized access attempts. Providers can identify potential security breaches or anomalies and take prompt action to avoid trouble. Regular auditing and monitoring ensure that your data is protected and any security incidents are addressed promptly.

Compliance and Certifications

Cloud storage providers often adhere to industry-specific compliance standards and undergo third-party audits to demonstrate their commitment to data security. They obtain certifications such as ISO 27001, SOC 2, or HIPAA, which validate their adherence to stringent security practices. Compliance with these standards ensures that the provider has implemented appropriate security controls, processes, and policies to safeguard your data. Choosing a cloud storage provider with industry-recognized certifications can provide assurance that your data is stored and managed in a secure and compliant manner.

Protecting your data is a top priority, and cloud storage providers offer a range of security features to ensure the confidentiality, integrity, and availability of your information. Encryption, access controls, data redundancy, monitoring, and compliance certifications are just some of the robust security measures implemented by reputable cloud storage providers. By selecting a trusted provider that offers these security features, you can rest assured that your data is protected against unauthorized access and potential threats. Remember to carefully evaluate the security features of different cloud storage options and choose a provider that aligns with your specific security requirements. With the right security measures in place, cloud storage can be a reliable and secure solution for your data storage and management needs.

/by

Cloud storage can save you money

In this blog post, we will explore how cloud storage can support your firm.

For SMBs, data loss or system failures can be catastrophic, leading to significant financial losses, brand damage, and even business closure. Having reliable backups and disaster recovery solutions is essential to protect critical data and ensure uninterrupted operations.

Traditional backup methods, such as local storage or tape backups, can be time-consuming, costly, and prone to human error. And a backup hard drive or server stored in the same location as the original data? Not very foolproof. This is where cloud storage comes in.

Cloud storage provides SMBs with a solution that overcomes many of the limitations of traditional methods. By using the cloud for storage (and thus, backups) businesses can benefit from:

Automated and scheduled backups: Cloud storage platforms offer automated and scheduled backup options, eliminating the need for manual backups and reducing the risk of human error. This ensures that critical data is consistently and securely backed up, minimizing the potential for data loss. In most situations, backups are occurring in real-time.

Rapid data recovery: ç.

Data replication: Cloud storage providers replicate data across multiple servers and geographically diverse locations. In the event of hardware failure, natural disasters, or other unforeseen events, SMBs can rely on the copies to restore their data quickly.

Scalability and Flexibility: Cloud storage allows SMBs to scale their storage capacity as their data grows without the need for significant infrastructure investments. They don’t have to build-out for peak times, then waste unused space.They can easily adjust their storage needs based on demand, eliminating the risk of running out of storage space.

Testing and Validation: Testing to ensure you can recover from any disaster becomes easier using the cloud storage model.

Cost-Effectiveness for SMBs

For SMBs with limited resources, cost-effectiveness is a crucial factor in choosing backup and disaster recovery solutions. Cloud storage offers several cost-saving advantages:

Reduced Infrastructure Costs: Cloud storage eliminates the need for costly on-premises storage infrastructure and maintenance, saving SMBs significant capital expenses. Infrastructure no longer has to be built to meet peak loads, then go unused during slow times.

Pay-as-You-Go Pricing: Cloud storage providers offer flexible pricing models, allowing SMBs to pay only for the storage space they need. This cost model ensures scalability and can dramatically cut fixed costs.

Operational Efficiency: Cloud storage automates the backup and recovery processes, eliminating the time and effort required for manual backups. SMBs can allocate their resources to running their business, not their IT infrastructure.

Cloud storage is a powerful and cost-effective solution for SMBs, providing them with reliable backups, rapid data recovery, and a robust disaster recovery strategy. By embracing cloud storage, SMBs can safeguard their critical data, ensure business continuity, and focus on growing their business.

/by

Everyone loves cookies–even cybercriminals

When you visit a site, probably for the first time or from a new device or browser, you will see an alert that mentions the site uses Cookies to offer you a more personalized experience and asks you if you are okay with it. Let’s admit it. A lot of us don’t even bother to read what the notification says before we click “Accept” and move on with our browsing.

Cookies are tiny information packets that store data related to your interaction and behavior on websites. It is like walking into your favorite local diner and having them serve up the “usual” instantly. Cookies, track your digital footprint on a website and allow the site to offer you a more personalized browsing experience. For example, let’s say you visited Amazon.com and looked at some cameras, perhaps you put one into your cart as well, but never checked out, or added one to your wishlist on the site. The next time the camera is on a sale, Amazon app sends you a notification about the price reduction. That happens with the help of cookies. And, that’s just one example. Cookies are not necessarily limited to shopping sites.You know how sometimes you can save your password for some sites, so you don’t have to type it or log in every time you visit the website? You are able to do that because of cookies. Any site can have cookies, though shopping and banking sites can’t function without them. These are known as session cookies and are absolutely indispensable, while some like persistent cookies make your web browsing experience more pleasant and the third party cookies, while not very pleasant, are used basically to facilitate online advertising. How do cookies become a security threat, then?

Cookies become a security threat when hackers get access to them. If hackers hijack your cookies, they can get access to your session, your passwords and other related online activities. Hackers sometimes create “Super Cookies” and “Zombie cookies” to steal information from authentic cookies. Such cookies are difficult to identify and delete and sometimes work like worms replicating themselves, thus making it more difficult to get rid of them. Hackers can also steal your cookies if they get access to your network or to the server of the website you are visiting. For example, if your bank’s or shopping website’s server was hacked into, chances are, the hacker has access to your cookies and thereby all your account details.

If you liked what you read, then check out our whitepaper, The cookie monster is coming for you, for a more detailed account of the threats posed by cookies and how you can manage them better.

/by

Don’t let hurricanes blow your data away!

“Life is not about sheltering yourselves from the rain, it is about learning to dance in the storm”, goes a popular saying. But, if you are a small business, you first need to shelter your assets from the rain, before you can afford to dance in the storm without a care in the world. Hurricanes, tornadoes and thunderstorms can catch you off-guard resulting in losses worth thousands of dollars. Your inventory may be damaged, your place of business may be flooded and your critical business data lost. While most small businesses do take timely steps to ensure their inventory and place of business are protected from natural disasters, a lot of them tend to overlook the risk such natural disasters pose to their IT infrastructure and data. To many, it doesn’t seem to be that big an issue–and invariably, this is where they go wrong. Data loss due to natural calamity or any other reason can cause significant damage to a business, resulting in extreme consequences such as complete business shutdown. Safeguarding your data shouldn’t be a project you embark upon after a hurricane warning is issued.

In this post we discuss the steps you can take to mitigate the risks natural disasters pose to your data and IT infrastructure.

  1. Recognize the need for data safety, security and recovery in times of disaster.
  2. Bring together your key resources and create a team that’s responsible for implementing your disaster backup and recovery plan.
  3. Identify the key areas that need to be addressed. In the event of a disaster, what are the processes that absolutely need to function to keep your business going and what needs to be done so they still function smoothly?
  4. Prepare a solid disaster recovery-business continuity plan. You can enlist your in-house IT team or bring an MSP onboard to do this.
  5. Create a list of all the software programs, applications and hardware that are critical to your business process
  6. Include floor plans, physical access details, entry-exit security codes etc, pertaining to your place of business in the plan.
  7. Include information about your backups in the disaster recovery and business continuity plan.
  8. Conduct mock drills and audits to ensure your plan is executable and gives you the intended results.

All of this can be overwhelming, especially with a business to run and a Hurricane to watch out for! That’s why most SMBs rely on trusted managed service providers to do it for them, while they focus on their core area–managing their business and customers.

/by