Posts

2018 Cybersecurity Trends: What Your Business Needs to Know

SMBs usually place cybersecurity a few places down on their list of important issues, mainly because they think hackers target the big guys: those corporations that bring in billions of dollars every year.

This belief is a myth.

Those big businesses routinely spend millions on cybersecurity, making them much more difficult to breach. Hackers often turn to companies that do not focus on these security issues, which is why half of the 28 million small businesses in the United States have already been hacked. Medium-sized businesses are also in danger of the same fate.

No matter the size, your business needs to focus on these 2018 cybersecurity trends to keep your data safe from thieves.

Password Policy Updates

CSO: 63% of confirmed data breaches involved leveraging weak, stolen or default passwords.

You and your employees have heard the following password warnings for years:

If you are like many people, you have often ignored this advice, making it incredibly simple for hacking software to determine your password, often in seconds. Your company needs to enforce these password rules to keep your data safe.

Related: Include These Key Steps and Elements to Create a Solid Cybersecurity Strategy

Since almost no one can memorize passwords for each of their accounts, you should install a password manager app for every employee. Your data will be safer, and your staff won’t have daily password breakdowns.

Employee Education

WeLiveSecurity: 70% of employees in some industries lack awareness to stop preventable cybersecurity attacks.

Every business needs to teach basic cybersecurity classes.

Many viruses and ransomware attacks come through email attachments that are carelessly opened by innocent employees. No one should ever open an attachment from an unknown source – in fact, your employees should check with the sender of an attachment before opening it to make certain it is a valid document.

Related: Bad Security Practices that Hackers Love

Some email providers automatically scan attachments for viruses. Make certain that your email provides this service. If it doesn’t, see if they have a procedure for downloading documents so that they can be safely scanned that way.

Stay up-to-date on current virus and phishing schemes and alert your employees to them. Simply being cautious can save the company thousands or even millions of dollars.

Secure Devices and Networks Through the Cloud

Gartner: Cloud-delivered security products are more agile and can implement new detection methods and services faster than on-site solutions.

You need to inventory all of your company’s endpoints and devices and know exactly where they are and who is using them. Someone can easily take home a company laptop or tablet and let their family members have access to it. Sensitive company data can easily be shared in that instance, which can lead to serious problems for the company.

Also, no one should do company business on an unsecured WiFi connection. First, check that your company’s firewall, virus protection, and internet connection are all up-to-date and secure. Then make certain that no one is using company computing devices on a open connection at a coffee shop or similar location. Hackers commonly use these security lapses to steal important data.

Related: 6 Cybersecurity Myths That Are Hurting Your Business

You should use cloud protection platforms to monitor the status of your organization’s security. It allows for anytime, anywhere access that can save you a lot of trouble in the event of a cyberattack.

Final Thoughts on 2018 Cybersecurity Trends

SMBs are popular targets for hackers who can steal company and customer data, leaving everyone involved exposed to financial loss. These internet thieves consider smaller businesses easy marks because… they usually are.

You can protect your company from serious cybersecurity problems by partnering with an SMB security specialist that can handle your security for you. We’ve got experience in protecting organizations like yours.

We’ll make sure that no matter what comes your way, your data will stay your own.

Interested in learning more? Contact us today to get more information or to get started.

Bad Security Practices That Hackers Love

When you think about hackers and security breaches, you often associate these attacks with large corporations. Although major security attacks do impact large businesses, small-to-medium businesses tend to be the easiest targets for hackers.

Unfortunately, smaller companies often don’t have a dedicated IT team to enforce digital best practices, leaving them vulnerable to criminals.

Luckily, even if you do not have a deep understanding of IT practices, you can still protect your company through good due diligence — all while avoiding common pitfalls that hackers love.

Be Mindful of These Bad Security Practices

You have likely heard about security best practices. However, it’s also important that you take a proactive approach in regards to bad practices. After all, only around 14% of small companies rate their ability to reduce cyber risks and attacks as highly effective.

Address the following bad practices as soon as possible in order to mitigate cyber-security risks.

Bad practice #1: Only implementing an “all-in-one” antivirus scanner

Back in the early 90s, all-in-one antivirus scanners were effective, as they were able to detect the dozens of worms and viruses lurking out there. Unfortunately, times have changed. Thousands (if not millions) of malware programs are released monthly, many of which will go undetected.

To protect your business, you need a combination of tools in a unified platform that is easy to manage. This platform should take care of things like file sharing security, email security, routine system scans, and more.

Bad practice #2: Reusing passwords

Many people have a “go-to” password, often using it across multiple online accounts. This has led to some major data breaches in the past, as hackers are able to easily steal a copious amount of information by just knowing a single password.

Each account needs to have a strong, unique password. Make sure each password is at least six characters (but the more the better) and that it includes a combination of numbers, letters (both lowercase and uppercase), and symbols.

Bad practice #3: A lack of training

One of the biggest issues associated with cybersecurity is human error. Whether your staff ignore security updates or is unaware of phishing scams, poor training and a lack of awareness are incredibly dangerous for your business.

Many companies do not make cybersecurity training a priority until it’s too late. Be sure to meet with your staff on a regular basis to discuss the latest techniques and methods, as well as recent trends and dangers (especially in relation to malware email attachments).

Related: The 3-2-1 Backup Rule — Why It’s Important

Bad practice #4: Not performing regular tests

You may have implemented security measures in the past, but that does not mean they’re up-to-date. This is where regular testing or “fire drills” come into play. If you created a security response plan within the last year, you should run a hypothetical drill.

Ideally, you should be revisiting your security plans quarterly — but many businesses are now opting to run drills monthly. This also applies to your disaster recovery plan (as hackers are not the only risk involved).

Bad practice #5: Ignoring the dangers of mobile devices

Since many companies are transitioning towards a “bring your own device” arrangement, business owners need to consider where critical data is being stored and accessed. This is because mobile devices are typically easy to crack.

If you currently have mobile device management (MDM) or enterprise mobility management (EMM) solutions in place, know that these do not protect you against hackers and malware. This is something that you can discuss with a managed service provider.

Create a Better Cybersecurity Strategy Today

Beginning today, it is imperative that you take a proactive approach, focusing on your company’s future. After all, cybersecurity entrepreneur and IT security futurist, Neil Rerup, said it best, “True cybersecurity is preparing for what’s next, not what was last.”

Now is the time to create a solid cybersecurity strategy and if you require assistance, please feel free to contact our team our team today!

6 Cybersecurity Myths That Are Hurting Your Business

Every company is wrestling with cybersecurity. The number of breaches makes it impossible to ignore the issue. One of the biggest challenges that companies face when addressing cybersecurity is the number of myths and misconceptions that surround it.

These are some of the cybersecurity myths hurting your ability to protect your business.

A Security Breach is a Source of Embarrassment

An important prerequisite to fighting security breaches is the company’s mindset. It’s difficult (if not impossible) for any company to eliminate the opportunity for a hacker to breach their system. If you believe that being hacked is something better swept under the rug, you’re limiting your ability to prevent breaches and handle the situation if hackers attack your company.

Divider

Related: 3 Data Loss Horror Stories

Bottom Divider

All companies benefit from pooling their knowledge with others. Keeping cybersecurity concerns and experiences a secret will only make everyone more vulnerable. In addition, trying to hide a breach will result in more damage over the long term.

After all, would you trust a company that didn’t tell you if your data was at risk?

Using Antivirus Software is Enough

Antivirus software was a blessing 20 years ago. Today, however, it will only protect against an unenthusiastic hacker. Most hackers have found ways around antivirus software and can easily hide an attack from an unsuspecting user.

Antivirus icon

In other words, today’s sophisticated and quick attacks are no match for antivirus software.

A cybersecurity strategy must include preventing access, but it’s also necessary to recognize that you need a more proactive stance. You must protect against the known threats that antivirus software can spot.

But, it may be even more important to have the ability to spot unusual and unauthorized activity on a network and initiate appropriate action. If you can’t stop all attacks, at a minimum, your security system should work toward minimizing the damage.

My Company Will Never be Interesting to a Hacker

Anyone who believes it will never happen to them is almost guaranteeing that it will. For example, many small businesses think they’re immune to cyberattacks. That’s a prime cybersecurity myth, as research shows quite the opposite:

Hacker Icon

Another issue to consider is that companies of every size store data that shouldn’t become public, or fall into a hacker’s hands. Whether it’s confidential customer information or trade secrets, there’s a hacker out there who would be interested.

You need to protect your network and your servers, but you also need to protect local PCs, mobile phones and other devices that access your network. Any device that connects to your network is a potential doorway for hackers to breach your systems.

It’s Just an IT Problem

It’s true that your IT department has the technical knowledge needed to implement security strategies. However, the users of your IT systems present the biggest internal threat – one that IT can’t control.

The problem isn’t an employee planning to steal sensitive information. The biggest threat the users present is an innocent action that has unintended consequences. For example, ransomware attacks usually start with a malicious email sent to one of your employees with a file attached.

Hackers are becoming very creative in making an email look like it’s coming from a reasonable source, and that its attachment contains an order, invoice, or some other important document. When the employee opens the attachment, they realize that it’s not real. By then, it’s far too late.

Did you know?

Training employees on cybersecurity, and educating them in how to spot a suspicious email is critical. It’s also important to have senior management support to make cybersecurity awareness part of the company’s culture.

Furthermore, the impact of a security breach takes it out of the realm of a technical problem. The financial damage makes the potential of a security breach a problem that the most senior management in the company needs to address.

Addressing Cybersecurity is Just Too Expensive

Every company faces the challenge to encourage growth as they allocate funds internally. However, if funds become limited, cybersecurity may fall down the list of priorities. This big mistake is often the result of a mindset that considers cybersecurity spending to be something a company should do after funding all other “important” programs – programs that are considered critical for success.

Top Divider

Helpful: A Guide for Crafting a Small Business Data Backup Strategy

Bottom Divider

It’s easy to dispel this myth by looking at the impact of a cybersecurity attack. As stated earlier, SMBs have a 50/50 chance that a hacker will attack. Besides that, the financial burden that follows a successful attack can cripple or put your company out of business. In light of those facts, funding cybersecurity projects will always be the most cost effective approach.

I Don’t Need Anything Else Because I Have Great Security

This may be the biggest cybersecurity myth of all.

In fact, 35% of SMEs believe that they don’t need to fund cybersecurity because they have great security. That may be true in the moment, but consider that hackers are creating new ways to breach your security every day.

Establishing an active and ongoing cybersecurity strategy is the only way to do everything possible to protect your systems.

Cybersecurity Myths, Dispelled

The importance of addressing cybersecurity isn’t a trend that will fade away over time. If anything, it will become more important to the future of your company as time goes on.

If you have questions about the effectiveness of your cybersecurity strategy, you don’t want to wait until you’re faced with a breach. We can help you evaluate and update your security systems. Contact us today for more information.

The 3-2-1 Backup Rule: Why It’s Important

Your company’s data is one of your greatest assets. However, many businesses do not implement the required tools and systems until a situation occurs. At this point, it may be too late. That is why proactive measures are imperative.

For those currently seeking a backup and recovery solution, the 3-2-1 rule is a concept you should be mindful of. Acting as the best practice for data backup and recovery, it’s important to get into the habit of utilizing this highly effective strategy.

What Is the 3-2-1 Backup Rule?

When broken down, this proactive strategy is rather simple.

The “3-2-1 backup rule” means that you should:

  • Always keep three files of your data, including the original copy in addition to a minimum of two backups (two locally, which will be stored on different devices; as well as one offsite).
  • In relation to data backup, be sure to store your data on two separate storage types.
  • An on-site disaster could quickly wipe locally stored information — even if the data was stored on two separate devices. This is why you must also backup your data to an offsite location.

So, you should essentially store three backups, two locally and one remotely — hence the “3-2-1 rule.” No matter happens, this means that you’ll have a copy of your data.

Why Is the 3-2-1 Backup Rule Relevant?

According to the National Archives & Records Administration in Washington, 93% of companies who lost their data center for 10+ days due to a disaster situation filed for bankruptcy within one year of the initial occurrence (50% filed immediately).

From disaster situations to system failures, security breaches to accidental deletion, there are many causes of data loss. In fact, it’s reported that approximately 70% of all businesses have experienced (or will experience) data loss.

For this reason, the statement, “An ounce of prevention is worth a pound of cure” is incredibly relevant. By implementing the 3-2-1 rule, you can effectively implement preventative measures to avoid future data loss. As discussed, this could be the deciding factor between a company’s failure or long-term success.

How Your Business Can Implement the 3-2-1 Backup Rule Today

To begin, you must first create a backup and recovery plan. In doing so, you’ll not only develop beneficial systems but will also become more mindful of any weak spots within your company’s current security mechanisms and data storage systems.

Could hackers easily get into your systems?

Perhaps you have yet to address your virus-protection programs?

All of these are important to consider moving forward.

In terms of the 3-2-1 rule, this three-step strategy should become an immediate priority.

  • Step 1 – Create a minimum of three copies. Your first copy will be your primary source of data (stored on your internal hard drive), followed by two copies stored on two independent devices.
  • Step 2 – Physically store your two backup copies in two different media sources. For example, you should store your first copy on an external hard drive. The second copy should be stored on another device, such as an SD card or USB drive. You can also store two copies on internal hard drives, as long they’re stored in separate locations.
  • Step 3 – Always create an offsite backup. If your company doesn’t have another branch office, storing to the cloud is an ideal choice. To transfer your backup data offsite much more rapidly, built-in WAN acceleration may be of interest to your company.

Starting today, it’s important to view your data as investment capital. By implementing the 3-2-1 rule, you can gain peace-of-mind while preventing a potentially disastrous situation — the type that could potentially put you out of business.

Stephen Covey said it best, “I am not a product of my circumstances. I am a product of my decisions.”

Looking for ERP and IT solutions? Please contact us today!

3 Data Loss Horror Stories

You’ve likely heard about data loss and its potential impact. Unfortunately, the true costs of data loss often get covered up by the massive data breach stories that grab headlines.

Data breaches expose corporate and client data. And, when they affect major corporations like Sears, Delta Airlines and Best Buy, it’s easy to see why data day-to-day data loss stories don’t get as much coverage. The average total cost of a data breach is estimated to be $3.62 million.

Regardless, it’s important to keep in mind that disasters and accidents can cost you just as much as a data breach.

Did You Know? 43% of businesses that suffer massive data loss never reopen.

Here are a few examples of data loss and how it happens.

1. Toy Story 2 (Almost) Disaster

When looking at data loss horror stories, Pixar’s epic problems with “Toy Story 2,” definitely hit near the top of the list.

While working on the movie, one stray line of code managed to delete 90% of the film. All the Toy Story 2 backups were recorded on tapes.  But without regular testing (that never happened), the team never knew if the tapes would work until they tried to restore from them.

Unfortunately for the design studio, the tapes were not running good backups. That left the company with a months old version of the file tree and a rapidly approaching deadline for a release date.

However, Pixar got lucky.

One of their employees worked from home and happened to have a copy that was only a few weeks old. The film was back up and running after a massive week of overhauls, file checks and impossible man hours.

Related: 8 Business Benefits of Having Managed Services

One badly executed command almost cost Pixar their credibility and a film that eventually went on to gross nearly $500M and walked off with an Oscar nomination.

2. Government is Not Exempt

Data loss stories aren’t just reserved for olden time.

Even in 2014, well into the age of cloud computing and near-instant data recovery systems, the State Department showed exactly how bad things could get when you don’t have a recovery plan in place.

Rolling out a software patch managed to crash the State Department’s passport and visa system, affecting more than 200,000 travelers worldwide. Neither passports nor visas could be issued or verified while the system was down.

Related: You Can’t Plan for a Disaster, but You Can Have a Disaster Plan

The State Department actually had the data backed up already, but the system itself was not.

3. Ma.Gnolia Folds Due to Catastrophic Data Loss

Remember that 43% mentioned earlier?

You might not remember Ma.Gnolia, a bookmark sharing website, but it was doing quite well in early 2009.

Users could publicly or privately bookmark a site for later viewing, and all without a local save. That meant you could access your bookmarks from any device. The company suffered a major data loss that took the entire service offline. Faced with days of expensive recovery activities and a major reputation hit, the company never recovered and folded shortly thereafter.

Avoiding Data Loss

The longer your systems are down, the more money you’re paying your employees to sit and wait. Data loss also means you’ll bring in less money due to the downtime that accompanies it.

Data loss isn’t reserved for big companies. It’s common, and it can happen at any time. Avoid being a member of the data loss brigade with a disaster and recovery plan that includes continuous backups and regular checks to ensure data integrity and recoverability.

Where do you get one of those, you ask?

Turn to your friendly neighborhood MSP, AppSolute. We’ve got what it takes to protect your data and keep your business running through the thick and thin.

A Guide for Crafting a Small Business Data Backup Strategy

Data backup is a necessity for businesses small businesses. The information you store on your computers is critical to keep your company in business. Imagine what would happen if you lost your customer records, accounts receivable, and accounts payable records. It would be difficult or impossible to keep your business running.

This guide will help you establish a backup strategy for your business.

Why is Data Backup So Critical?

Data backup is critical because you never know when something will happen that threatens your data and your livelihood. Consider these examples:

  • Pixar was close to abandoning the movie Toy Story 2. An employee entered a server command by mistake that began deleting animation files, eliminating a year’s worth of work in 20 seconds. Then, the Disney team discovered that their backups had been failing without anyone noticing. Luckily, one of the supervisors had done backups to a personal computer and the movie was saved.
  • A wedding photographer transferred the photos from one of his client’s event to his computer and reformatted the memory card in his camera to prepare for the next job. When the hard drive on the computer failed, along with the backups the photographer had assumed were running, all the wedding photos were lost.

Data loss can happen because of hardware failure, system problems, a natural disaster, or someone leaning on a computer keyboard. Given how devastating a data loss can be, a secure plan is required.

Steps for Developing Your Small Business Data Backup Strategy

The following steps will assist you in taking an organized approach to developing a data backup strategy that meets your company’s needs.

Backup Icon 2

1. Determine what needs to be backed up

You may think this is an easy task, but if you have employees, you may find that you have important data stored in a variety of places, including:

  • File servers: If you have a file server, you hope that all of your company’s data is stored there. However, it’s very possible that individual employees aren’t aware of the need to use the file server, or they don’t think it’s convenient, and you have data stored in many different places.
  • Employees’ local drives: It’s easy for employees to assume that the hard drive attached to their computer is always safe, especially if they’ve never experienced a hard drive failure.
  • Employees’ USB drives: USB drives are also sometimes considered to be a safe haven for data storage. However, given the fact that they can be lost or stolen and aren’t free from failure, it’s best to encourage employees not to use them.
  • Laptops: Employees who are mobile may be using laptop computers, and probably don’t think about transferring their files to a central file server.

Since you’re preparing a data backup strategy, take the opportunity to talk to every employee to identify the places where data is stored.

Divider

Related: 8 Business Benefits of Having Managed Services

Goal target Icon

2. Decide on Your Backup Goal and Method

Different backup approaches support different goals. Decide whether your business needs the ability to restore data, or to maintain your operations. In addition, decide where you should store your backups.

Today, you can store backups in the cloud, on-premises, both, or some of each. If you choose just one of those alternatives, you’re limiting your ability to recover from a problem. Using a combination or hybrid approach will help you recover from almost every type of failure.

Divider

Related: What Does an MSP Actually Do?

There are two basic methods for performing backups, file level and image level. Any employee can use file-level backups to a server for easy access. To protect an entire system, image-level backups will allow you to do fast recoveries, especially if you use a continuous recovery model where each backup is restored as it is created.

Security Alert Icon

3. Consider What You are Protecting Yourself Against

The odds are that you need to protect yourself against an employee deleting a file or files. In that situation, performing file-level backups is a good solution. However, you’ll also need to protect yourself against a real disaster.

A natural disaster such as flood or tornado could easily destroy all of your local data. If your backup hardware is in the basement of your office, no recovery will be possible. If you experience a fire in your office, the damage might not extend to your backup servers in the basement. However, if your backup strategy was for every employee to do file backups to that server, your recovery process will take much longer than you want to wait.

Strategy Method Icon

4. Develop Your Strategy

With the information you’ve gathered and the decisions you’ve made in steps one through three, you’re ready to document your strategy.

The strategy document should include an overview of everything that has led you to documenting the strategy. Putting the strategy in writing will help you in a couple of ways:

  • You’ll have a record of the assumptions and decisions that support the strategy. You will know when it’s time to update the strategy when those assumptions are no longer valid.
  • You’ll have a basis for training your employees. In most situations, all employees will need to understand why backing up is important, and their role in the backup process.

Next Steps

Once you’ve defined your strategy, put it into effect and test how well the strategy is working on a regular basis. Many companies have run into trouble because they assumed that their strategy was effective, and lost crippling amounts of data as a result.

If you’re wondering where you’ll acquire the expertise and the time to create, implement and maintain an effective backup plan, keep in mind that our AppSolute experts can relieve you of those burdens.

Contact us for more information today!