Posts

As we continue to suggest things you can do to protect the integrity of your company and customer data, here is a blog that covers an old level of security that we still rely on everyday. That protection is the password, so let’s talk about bedding up your employee’s handling of passwords.

Password hygiene – Passwords remain the most common everyday tool to ensure only authorized personnel have access to secure material. The issue is that passwords need maintenance and attention to be effective. Here are some common problems to avoid. And again, this requires a routine employee training program.

    1. Passwords that are too simple
      Simple passwords are easy to remember but easy to crack. Words, in any language, are not ideal either. That is why many sites require a mix of letters, characters, and numbers. And yes, some people are still using Myname123.

 

    1. One universal password
      Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. This renders the good password virtually pointless and also increases the amount of damage that can be inflicted in the event that one ‘good’ password is compromised.

 

    1. Unauthorized password sharing
      Generally done with benign intentions, employees often share passwords for convenience or to expedite handling the sharing of data. Not good.

 

    1. Writing down passwords
      Sometimes, people follow all password best practices but find it difficult to remember complicated passwords and then write them down on a piece of paper or worse still, make a file containing all the passwords and store it in their email or computer. This is almost like giving away the keys to your property to a burglar.

 

  1. Forgetting to change passwords to change passwords or revoke access.
    This is an issue where the staff is busy and turnover is high. Managers may fail to remember to change the passwords once a staff member quits, leaving company data vulnerable. This is especially likely in a small company where there may not be a centralized IT staff that oversees data security and access.

Remember, having a password is not sufficient. Having the right kind of password and following good password hygiene is.

Multi-factor Authentication (MFA) – When a password isn’t enough, the next step to improve security is MFA. MFA layers a second authenticator (e.g. another code, picture) etc.) on top of the password requirement. The idea is that if a password is being used by someone not authorized to do so, they won’t be able to provide the second piece of information. Consumers almost always encounter it when accessing financial services sites, but MFA is becoming more common across the board. If you use a credit card at a gas station, that request for your zip code after you insert your credit card is an example of MFA.

5 ways to make passwords more effective

You should be using an array of security tools to protect your business data. Some can be highly sophisticated, but there is one tool that we all still rely on heavily to secure access to our business systems and data. The password. But they can be hacked and shared. As long as we still rely on them, are there things we can do to make them more effective?
Yes. There are two main areas where you can improve the security of passwords. One is improving the security of the password itself, the second is multi-factor authentication.

First, there is the password itself. This is often known as password hygiene. Good password hygiene includes

Passwords that are too simple

Simple passwords are easy to remember but easy to crack. Words, in any language, are not ideal either. That is why many sites require a mix of letters, characters, and numbers. easy to And yes, some people are still using password123.

One universal password

Sometimes people find it difficult to remember multiple passwords for various files and applications, so they use a single good, strong password everywhere. This renders the good password virtually pointless and also increases the amount of damage that can be inflicted in the event that one ‘good’ password is compromised.

Unauthorized password sharing

Generally done with benign intentions, employees often share passwords for convenience or to expedite handling the sharing of data. Not good.

Writing down passwords

Sometimes, people follow all password best practices but find it difficult to remember complicated passwords and then write them down on a piece of paper or worse still, make a file containing all the passwords and store it in their email or computer. This is almost like giving away the keys to your property to a burglar.

Forgetting to change passwords or revoke access

This is especially an issue where the staff is busy and turnover is high. Managers may fail to remember to change the passwords once a staff member quits, leaving company data vulnerable. This is especially likely in a small company where there may not be a centralized IT staff that oversees data security and access.

Remember, having a password is not the solution. Having the right kind of password and following good password hygiene is.

If you haven’t already considered migrating your data storage to the cloud, you are probably in the minority of businesses. While it may seem intuitive that somehow your data is safer if it is stored “ at home,” on location at the site of your business, that probably is not correct. Given the ability of skilled cloud service providers to provide redundancy and a level of security unattainable by a small business, storing all your crucial business data on site using in-house support is probably akin to keeping your money under the mattress instead of a bank.

In this blog, we’ll explain what cloud data storage means, and some reasons why it may be a good business decision. In addition, we’ll quickly note some reasons some people get nervous about the security of cloud storage.

What is cloud data storage?

In an earlier time, a business would store all of its data on-site. Individual employees might keep all of their Word and Excel documents filed on their PC. The business might store all of its customer data, financial and accounting information, clients lists, etc., on individual “secure” PCs and then back up to a server located in the equipment room. In this scenario, there are several concerns-

  1. Individual PCs may fail, losing all the data stored there.
  2. Backups generally only happen periodically, thus anything created between backups when something goes wrong is…lost
  3. Backups can fail
  4. Backups require labor from an IT individual
  5. Backups on a server in the equipment room 100 feet from the rest of the office isn’t a secure storage site in case there is an-on location disaster. Fire, flood, etc.
  6. All of that data is vulnerable to cyber attacks and in-house IT professionals probably don’t have the resources necessary to provide the most up-to-date tools to defend against cyber crime
  7. All of that back up infrastructure is expensive.
  8. All of the labor necessary to support it is expensive.

The cloud functions as your off-site storage location where you get some particular benefits.
Cloud providers can generally provide the latest, most secure storage available. They also don’t store it on one machine in one location. Top cloud providers offer redundancy not only on one storage site; your data will be mirrored in a geographically diverse location. A complete natural disaster affecting one server farm will be irrelevant to the safety of your data. Other copies may be across the continent.

So let’s get to specifics.

  1. The Cloud offers economies of scale – If you want to store and protect your own data, you need to purchase all of the hardware and software, all of the servers and backup servers, the uninterruptible power supply in case of a power outage, and hire 24/7 support. In the cloud model, you share all of those expensive fixed costs with hundreds and thousands of other users.
  2. Focus on your business – As a smaller business, you may not have the technical expertise to manage a staff of IT specialists. More importantly, do you have the time to focus your energies on managing IT? You have the job of running your business and bringing in revenues.
  3. Scalability – Does your business peak in summer and winter? To handle your storage needs you need to ramp up hardware bandwidth, labor etc, to meet peak demands. The rest of the year, that equipment may lie fallow. This creates high fixed costs that businesses, especially smaller ones, may not have the ready capital to build out. Cloud providers generally permit you to ramp usage up and down as needed. They have the available resources.

Cloud storage has transformed the way businesses store and manage data, but for some, it also raises concerns about data protection. This blog post discusses a few security measures that can be deployed when using cloud storage.

Data Encryption

One of the fundamental security features of cloud storage is encryption. It ensures that your data remains confidential and protected from unauthorized access. Cloud storage providers use encryption algorithms to protect data both during transit and when stored in their servers. This means that even if an attacker intercepts the data in transit or gains access to the storage servers, the information remains unreadable. Encryption adds an extra layer of security, ensuring that your data remains confidential and secure.

Access Controls and Identity Management

Concerned about access to data? Cloud storage providers offer access controls and other mechanisms to prevent unauthorized access to your data. These features allow you to manage user permissions, granting access only to authorized individuals or groups. With control over access rights, you can define who can view, edit, or share your data. Additionally, multi factor authentication (MFA) adds an extra layer of security by requiring additional verification, such as a code generated on a mobile device, along with a password. This helps prevent unauthorized access even if a password is compromised. Tools like these protect your data and ensure that only trusted individuals can access it.

Data Redundancy and Replication

Cloud storage don’t just store your data in one place. They replicate your data across multiple servers and data centers, often located in different geographical regions. This redundancy means that even if one server or data center fails or experiences an outage, your data remains accessible from alternative locations. Additionally, data is updated in real-time, ensuring that the replicated versions are consistent and up to date. This not only improves data availability but also protects against data loss. By the use of these models, cloud storage providers minimize the risk of data loss due to hardware failures, natural disasters, or other unforeseen events at levels almost impossible for even the largest organizations.

Regular Auditing and Monitoring

Because of their size alone, cloud providers can offer auditing and monitoring activities at extremely high levels of sophistication. They monitor the storage infrastructure, network traffic, and user activities to detect any suspicious or unauthorized access attempts. Providers can identify potential security breaches or anomalies and take prompt action to avoid trouble. Regular auditing and monitoring ensure that your data is protected and any security incidents are addressed promptly.

Compliance and Certifications

Cloud storage providers often adhere to industry-specific compliance standards and undergo third-party audits to demonstrate their commitment to data security. They obtain certifications such as ISO 27001, SOC 2, or HIPAA, which validate their adherence to stringent security practices. Compliance with these standards ensures that the provider has implemented appropriate security controls, processes, and policies to safeguard your data. Choosing a cloud storage provider with industry-recognized certifications can provide assurance that your data is stored and managed in a secure and compliant manner.

Protecting your data is a top priority, and cloud storage providers offer a range of security features to ensure the confidentiality, integrity, and availability of your information. Encryption, access controls, data redundancy, monitoring, and compliance certifications are just some of the robust security measures implemented by reputable cloud storage providers. By selecting a trusted provider that offers these security features, you can rest assured that your data is protected against unauthorized access and potential threats. Remember to carefully evaluate the security features of different cloud storage options and choose a provider that aligns with your specific security requirements. With the right security measures in place, cloud storage can be a reliable and secure solution for your data storage and management needs.

In this blog post, we will explore how cloud storage can support your firm.

For SMBs, data loss or system failures can be catastrophic, leading to significant financial losses, brand damage, and even business closure. Having reliable backups and disaster recovery solutions is essential to protect critical data and ensure uninterrupted operations.

Traditional backup methods, such as local storage or tape backups, can be time-consuming, costly, and prone to human error. And a backup hard drive or server stored in the same location as the original data? Not very foolproof. This is where cloud storage comes in.

Cloud storage provides SMBs with a solution that overcomes many of the limitations of traditional methods. By using the cloud for storage (and thus, backups) businesses can benefit from:

Automated and scheduled backups: Cloud storage platforms offer automated and scheduled backup options, eliminating the need for manual backups and reducing the risk of human error. This ensures that critical data is consistently and securely backed up, minimizing the potential for data loss. In most situations, backups are occurring in real-time.

Rapid data recovery: ç.

Data replication: Cloud storage providers replicate data across multiple servers and geographically diverse locations. In the event of hardware failure, natural disasters, or other unforeseen events, SMBs can rely on the copies to restore their data quickly.

Scalability and Flexibility: Cloud storage allows SMBs to scale their storage capacity as their data grows without the need for significant infrastructure investments. They don’t have to build-out for peak times, then waste unused space.They can easily adjust their storage needs based on demand, eliminating the risk of running out of storage space.

Testing and Validation: Testing to ensure you can recover from any disaster becomes easier using the cloud storage model.

Cost-Effectiveness for SMBs

For SMBs with limited resources, cost-effectiveness is a crucial factor in choosing backup and disaster recovery solutions. Cloud storage offers several cost-saving advantages:

Reduced Infrastructure Costs: Cloud storage eliminates the need for costly on-premises storage infrastructure and maintenance, saving SMBs significant capital expenses. Infrastructure no longer has to be built to meet peak loads, then go unused during slow times.

Pay-as-You-Go Pricing: Cloud storage providers offer flexible pricing models, allowing SMBs to pay only for the storage space they need. This cost model ensures scalability and can dramatically cut fixed costs.

Operational Efficiency: Cloud storage automates the backup and recovery processes, eliminating the time and effort required for manual backups. SMBs can allocate their resources to running their business, not their IT infrastructure.

Cloud storage is a powerful and cost-effective solution for SMBs, providing them with reliable backups, rapid data recovery, and a robust disaster recovery strategy. By embracing cloud storage, SMBs can safeguard their critical data, ensure business continuity, and focus on growing their business.

When you visit a site, probably for the first time or from a new device or browser, you will see an alert that mentions the site uses Cookies to offer you a more personalized experience and asks you if you are okay with it. Let’s admit it. A lot of us don’t even bother to read what the notification says before we click “Accept” and move on with our browsing.

Cookies are tiny information packets that store data related to your interaction and behavior on websites. It is like walking into your favorite local diner and having them serve up the “usual” instantly. Cookies, track your digital footprint on a website and allow the site to offer you a more personalized browsing experience. For example, let’s say you visited Amazon.com and looked at some cameras, perhaps you put one into your cart as well, but never checked out, or added one to your wishlist on the site. The next time the camera is on a sale, Amazon app sends you a notification about the price reduction. That happens with the help of cookies. And, that’s just one example. Cookies are not necessarily limited to shopping sites.You know how sometimes you can save your password for some sites, so you don’t have to type it or log in every time you visit the website? You are able to do that because of cookies. Any site can have cookies, though shopping and banking sites can’t function without them. These are known as session cookies and are absolutely indispensable, while some like persistent cookies make your web browsing experience more pleasant and the third party cookies, while not very pleasant, are used basically to facilitate online advertising. How do cookies become a security threat, then?

Cookies become a security threat when hackers get access to them. If hackers hijack your cookies, they can get access to your session, your passwords and other related online activities. Hackers sometimes create “Super Cookies” and “Zombie cookies” to steal information from authentic cookies. Such cookies are difficult to identify and delete and sometimes work like worms replicating themselves, thus making it more difficult to get rid of them. Hackers can also steal your cookies if they get access to your network or to the server of the website you are visiting. For example, if your bank’s or shopping website’s server was hacked into, chances are, the hacker has access to your cookies and thereby all your account details.

If you liked what you read, then check out our whitepaper, The cookie monster is coming for you, for a more detailed account of the threats posed by cookies and how you can manage them better.

“Life is not about sheltering yourselves from the rain, it is about learning to dance in the storm”, goes a popular saying. But, if you are a small business, you first need to shelter your assets from the rain, before you can afford to dance in the storm without a care in the world. Hurricanes, tornadoes and thunderstorms can catch you off-guard resulting in losses worth thousands of dollars. Your inventory may be damaged, your place of business may be flooded and your critical business data lost. While most small businesses do take timely steps to ensure their inventory and place of business are protected from natural disasters, a lot of them tend to overlook the risk such natural disasters pose to their IT infrastructure and data. To many, it doesn’t seem to be that big an issue–and invariably, this is where they go wrong. Data loss due to natural calamity or any other reason can cause significant damage to a business, resulting in extreme consequences such as complete business shutdown. Safeguarding your data shouldn’t be a project you embark upon after a hurricane warning is issued.

In this post we discuss the steps you can take to mitigate the risks natural disasters pose to your data and IT infrastructure.

  1. Recognize the need for data safety, security and recovery in times of disaster.
  2. Bring together your key resources and create a team that’s responsible for implementing your disaster backup and recovery plan.
  3. Identify the key areas that need to be addressed. In the event of a disaster, what are the processes that absolutely need to function to keep your business going and what needs to be done so they still function smoothly?
  4. Prepare a solid disaster recovery-business continuity plan. You can enlist your in-house IT team or bring an MSP onboard to do this.
  5. Create a list of all the software programs, applications and hardware that are critical to your business process
  6. Include floor plans, physical access details, entry-exit security codes etc, pertaining to your place of business in the plan.
  7. Include information about your backups in the disaster recovery and business continuity plan.
  8. Conduct mock drills and audits to ensure your plan is executable and gives you the intended results.

All of this can be overwhelming, especially with a business to run and a Hurricane to watch out for! That’s why most SMBs rely on trusted managed service providers to do it for them, while they focus on their core area–managing their business and customers.

Passwords are something that you and every employee can use to protect your data and maintaining this important protective wall against criminals is relatively easy. Take the time to follow basic good practices, most of which are relatively easy to do. Here are four easy best practices for good password hygiene which don’t require hand sanitizer or staying six feet apart.

Watch out for re-use and multiple use.

Rotating passwords isn’t a good idea. You may notice some sites that you use may not even permit you to use the passwords you have used previously. On a similar note, avoid using the same password across multiple sites. If one site is hacked, the password from that site can be used across all of your other secure sites.

Avoid writing down passwords

This one can be a little outdated. It belies common sense that a burglar will break into your home to steal your written password collection. That said, leaving a list of passwords sitting around in your office, wallet or handbag isn’t an especially good idea.

Don’t share password

One of the biggest temptations for password sharing may be in a work setting for the sake of speed and convenience – you may allow a co-worker who needs quick access to use your password. Don’t. Even if your co-worker has approved access, ask them to use their own credentials to login. Also, password sharing is likely a work rule violation in your organization. If discovered, it could be grounds for disciplinary action.

Phishing tricks

Last but absolutely not least, be aware of scams to get your password by convincing you to hand it over. We’ve mentioned this is other e-guides but it bears repeating because it seems to work against even the most savvy digital users.

Phishing scams involve sending an email or text message that appears to be from a legitimate source, such as a bank or social media site. The message typically asks you to click on a link and enter your password, giving the hacker access to your account. Before you click on any link, it is essential to verify if the links are genuine. Here are a few things to look for when doing that:

  • Spelling – Check for the misspellings in the URL. For example, if your bank’s web address is www.bankofamerica.com, a phishing link could misspell it as www.bankofamarica.com or www.bankofamerica-verification.com
  • Disguised URLs – Sometimes, URLs can be disguised–meaning, while they look genuine, they ultimately redirect you to some fraudulent site. You can recognize the actual URL by using a mouseover, or by right clicking on the URL, and selecting the ‘copy hyperlink’ option and pasting the hyperlink on a notepad file. But, NEVER ever, paste the hyperlink directly into your web browser.
  • URLs with ‘@’ signs – If you find a URL that has an ‘@’ sign, steer clear of it even if it seems genuine. Browsers ignore URL information that precedes @ sign. That means, the URL [email protected] will take you to mysite.net and not to the actual Bank of America website.

In the end, the humble password is an excellent first line of defense against hackers and thieves. All it takes to keep this barrier strong is staying vigilant about password best practices. While it does take ongoing training on the part of management to ensure vigilance is maintained for the long haul, these best practices are simple to observe and take little time

With all the talk about cybercrime and the recent spate of headlines about ransomware, concerns for your data security and the safety of your business keep growing. Avoiding a data breach is critical to your business, so it is vital that you focus resources and time on cybersecurity. Your MSP can be your best support for handling the variety of solutions to the problem of cybercrime. However, don’t forget what you can do on your own. Amidst all the sophisticated tools to protect your data, don’t forget the role of the lowly password. Passwords are there all the time, so we tend to take them for granted.

Here are four easy best practices for good password hygiene which don’t require hand sanitizer or staying six feet apart.

Strong Passwords

Many advisors suggest that a strong password includes letters, numbers and symbols. Basic vocabulary words, from any language, can often be hacked through brute force–just bombarding with a stream of words until you hit the correct one. Numbers and symbols can make that less successful.

Update Passwords

The longer a password is hanging around, the more likely it may be compromised. Frequently changing passwords, just like changing the batteries in your smoke detector, should be done on a regular basis. Try the first day of every third month.

Cancel Passwords when access is no longer needed

In a workplace setting, access should be eliminated immediately upon the termination or transfer of an employee. Not tomorrow, not later today–Immediately. This is particularly true in the case of an involuntary termination, when a now former employee may have a motivation to act nefariously. Also, when an employee’s job duties change, some access from their previous position may not be relevant with their new role.

Multi-factor Authentication

Multi-factor authentication (MFA) is the access process that requires a second step to access data. You probably come across it frequently. Many retail sites now use MFA for returning customers who want access to their account or order history. MFA asks for your password and then authenticates you by sending a one-time code to another platform. Most frequently, this means sending you a text. The intent is to diminish the possibility that the password is being used by someone not authorized to have it. Anytime you use an ATM machine, you are using a version of MFA (The debit card is step one, the PIN is step two)

A lot of SMBs opt for managed service providers who can help handle their IT requirements, and for the most part, it works well. Almost everyone knows the benefits of having a MSP manage your IT. Increased cost savings, ability to focus on your business without worrying about IT, better IT support and expertise, and so on. But, there are times when the managed IT services model fails, leaving business owners to wonder what went wrong. This blog discusses some key reasons why MSP relationships fail.

You didn’t do a reference check
Did you just pick the first MSP you found on the Google search? Did you just go by the presentations they gave you, or the information on their website? Always remember to ask your MSP for references. Talk to someone they work with and get feedback.

They don’t have enough staff
If your MSP is short of staff, they won’t be able to give you the attention you need. One of the biggest advantages of bringing an MSP onboard is having someone who proactively manages and monitors your IT requirements– something you cannot do without a full fledged IT department. So, it is important that your MSP is well-staffed.

They are not experienced enough
Before you bring an MSP on board, make sure you pay attention to how long they have been in business. This is important because the whole idea behind hiring an MSP is to leverage their knowledge and expertise. Secondly, someone who has been in the business for quite some time is more likely to be able to scale with you as you grow.

They said they will be there, but…
You want your MSP to be available 24/7, because with IT, you never know when the problem will arise. Not only should your MSP be proactively monitoring your IT infrastructure to ensure everything runs smoothly, they should also be able to resolve IT problems when they happen–time and day notwithstanding, so that your business is back up and running as soon as possible.

They are not able to provide you with all that you need
Sometimes, as you grow, your IT needs change. You may need much more support and new technologies that you didn’t think you’d need earlier. In such cases, if your MSP is not able to grow and scale with you, then the relationship won’t work.

When choosing an MSP, think of the whole process as a partnership, and not a one-time deal. When you look at the relationship as a long-term one, you are more likely to consider all the factors that go into making your relationship with the MSP work in the long run.