Data Net Blog
We’ve been talking about how your Board and shareholders have a vested interest in understanding and overseeing how your company will defend itself against the effects of cybercrime. Here are two more areas where you will need to have plans and your board should be focused on how they will be handled
For small business owners, it may seem your daily energy is caught up with just keeping the doors open and revenues coming in. However, unless you were very fortunate when you started up, you have a board of directors; most likely initial investors whose focus is on the long-term success of the company and on strategies for future growth. Part of their concern will be threats and risks to the present business. A particular concern may be the risks to the business in the case of a cyber-attack. Small businesses are just as vulnerable to cyber attacks as large companies. However, they are far less likely to have the resources to recover.
We’ve been talking about social media as a good way to market if you're a small business. Facebook , in particular, can be useful not just as a marketing tool, but as a platform that can serve as your website. If you don’t have a website, Facebook offers a way to have a “faux” website. It can provide basic information about your goods and services, and it can be easily updated. Unlike a website, it takes no web skills to change the content of your Facebook page. So at the very least, this is a pretty safe way to get into the shallower waters of social media. It is important to remember to update your Facebook page. Leaving it to get stale doesn't send a good message. If you don’t care enough to keep it up to date what does that say about how you run the rest of your business?
Pay any attention to social media? Think it's just a pastime to use up your monthly data allotment? Well, it can be just that. But it can also be a good marketing tool, especially for a small business that has a limited budget for marketing. For many very small operations, sometimes even building a website is a step too far. Many small businesses, especially individual sole proprietorships, may not have their own website. Social media platforms can become your de facto website, and make a pretty good stand-in for a small website. This can be especially true if your website is only informational. (you aren't actually using a website to sell products) Also for the provider of services, say legal, writing, etc, social media platforms may be just enough for you.
You will agree that having passwords to access your IT devices, networks and data is the first step to securing your business data. However, having passwords is not enough. The passwords have to be strong and difficult to detect or hack into. A lot of ‘smart’ devices today such as phones, tablets, and laptops come with facial recognition and fingerprint sensors that can be used in lieu of passwords. But what happens when you don’t have biometric security measures? You need to ensure that your passwords are strong and also maintain good password hygiene.
If the lock to your home’s main door breaks, do you fix it or just let it be? My guess is, you would get a locksmith to fix it for you at the earliest. And, what do you do if you lose the key? Use the spare key, if you have one, to get into your home, right? The situation is kind of similar when it comes to security patches and updates for your software programs. Credible software manufacturers make sure the software programs they develop offer an acceptable level of data security. However, no software is perfect, and knowing this well, cybercriminals constantly work to find vulnerabilities in popular software programs that they can exploit to gain access to your data. Security patches and software updates work to prevent this by fixing or patching the vulnerabilities.
Last week, we wrote about how patience plays a big role in people’s ability to be productive and efficient. This week we want to explore a few ways to help the people in your organization to become more patient. We all know people in our lives that seem like they could definitely take a chill pill. If that is you, using these four suggestions can help you be more patient in situations that demand it.
We all know that basic hygiene is a must to lead a healthy life. Did you know that the same rule applies to IT as well? There’s something known as cyber hygiene that plays a key role in keeping your business healthy from the IT perspective. So, how do you ensure your business doesn’t fail when it comes to cyber hygiene? Here are a few tips.
One of the popular internet scams that has been doing the rounds since 2017 is the one about “Free Internet”. This scam seems to resurface and somehow manages to claim quite a few unsuspecting victims. Here’s how they catch you.
People can be very productive. They can also be pretty terrible at being productive. The staff that can find consistency in their productivity typically results in a pretty successful business. Obviously, people have all types of suggestions on how to improve staff productivity, individual productivity, and a lot of it is just hitting on the same stuff. There is one variable, however, that is found in a lot of productive people: Patience.
Who doesn’t like online shopping? Online shopping has opened up a whole new world to us. Get whatever you want, whenever you want, without wandering from store to store. It doesn’t matter if it is too hot to venture outside or if there’s a blizzard out there, you do your shopping from the comfort of your couch and the stuff at your doorstep. You get great deals, some are better than in-store specials. But, did you know cybercriminals love the concept of online shopping as much as you do. Cybercriminals are exploiting the growing popularity of online shopping to cheat unsuspecting buyers through techniques such as phishing, malware injection, etc. Here are a few tips that may work to keep you safe from being a target of cybercriminals as you shop online.
In one of the most common poisoning attacks, the attacker poisons the DNS Cache with the aim of leading visitors to a fake website. In a DNS cache poisoning case, the attacker gains control of the DNS server and then manipulates cache data such that anyone typing the URL of the actual website is redirected to the fake one. This could be a phishing site where the attacker would have carefully laid out a trap to capture the unsuspecting victim’s personal data or secure information. For example, the visitor thinks they are logging into their bank’s website online, but are actually on the attacker’s phishing site, where they enter the login credentials.
Smart technology is everywhere. Not just in our offices, but even in our day-to-day lives with tools like Google Home and Alexa becoming commonplace. With technology becoming smarter every minute, the risks are increasing by the minute as well. Cybercriminals are finding new ways to corrupt our IT networks to disrupt our businesses, hold our data hostage and even clear our personal bank accounts. Some of the more overt, commonly known acts of cybercrime include hacking, phishing, and ransomware attacks. This blog discusses a lesser-known cybercrime--Poison attacks.
Employee training will form a big part of the cybersecurity initiative that you will take on as an organization. You need to train your employees to identify and respond correctly to cyberthreats. Here are some employee training best practices that you can make a part of your cybersecurity training program.
Create an IT policy handbook
Make sure you have a handbook of your IT policy that you share with every new employee, regardless of their position in the company. This IT policy handbook must be provided to everyone--right from the CEO to the newest intern in your organization. Also, ensure this handbook is consistently updated. IT is evolving at great speed and your handbook must keep up
Make cybersecurity training a part of your official training initiatives
Cybersecurity training should be a part of your corporate training initiatives for all new employees. You can also conduct refresher sessions once in a while to ensure your existing employees are up-to-date on the latest cyberthreats. At the end of the training session, conduct tests, mock drills, certification exams. Good training includes assessment. Provide follow up training for those who need it. This strong emphasis on training will ensure your employees take cybersecurity seriously.
Day zero alerts
As discussed, the cybercrime landscape is constantly evolving. Every day, cybercriminals are finding new vulnerabilities to exploit, and new methods to steal your data or to hack into your system. Day zero alerts are a great way to keep your employees updated. Has a new security threat been discovered or has an important plug-in released for the optimal functioning of a browser? Send an email to everyone spelling out clearly what the threat is and what they can do to mitigate it. Then, follow up to verify they took the necessary steps.
Let your employees know who to contact in the event of any IT related challenges. This is important because someone troubleshooting on the internet for a solution to something as simple as a zipping up a file could end up downloading malware accidentally.
Considering the serious ramifications brought on by cybercrime attacks, it makes sense for organizations to strengthen their first line of defense against cybercriminals--their own employees.
Formulating strong IT policies and laying down the best practices for your staff to follow is one of the best ways to prevent your business from becoming a victim of cybercrime. In this blog, we explore the various areas your IT policy should ideally cover.
Passwords: Your IT policy should cover
Personal devices
Cybersecurity measures
Document the cybersecurity measures that you have in place for your business. This should include your digital measures such as the software you have deployed to keep malware out--like anti-virus tools, firewalls, etc., and also the physical measures such as CCTV systems, biometric access controls, etc.,
Another example of a good practice is how you handle employee turnover. When someone quits your organization or has changed positions, how is the access issue addressed? Spell out the rules and regulations regarding the removal of a user from the network, changing passwords, limiting access, etc.
For any organization, its employees are its biggest assets. But, what happens when your biggest assets turn out to be your greatest threats or liabilities? That is how cybercrime can change the game. In a recent study, it came to light that employee actions account for about 70% of the data breaches that happen. This blog focuses on the first step you need to take as an organization to better prepare your employees to identify and mitigate cyber threats--adopting a top-down approach to IT security.
Being a victim of cyber-attack can prove disastrous for your business as it has the following repercussions.
It can cause you to lose customers: Your customers may take their business elsewhere as they may not feel safe sharing their PII with you.
Can cost you quite a bit financially: Data breach makes you liable to follow certain disclosure requirements mandated by the law. These most likely require you to make announcements on popular media, which can prove expensive. Plus, you will also have to invest in positive PR to boost your brand value.
The organizational mindset needs to change and acknowledge the fact that IT security is not ONLY your IT department, CTO or Managed Service Provider’s (MSP) responsibility. You need to truly believe that IT security is everyone’s business, and that includes everybody working in your company, from the C-level execs to the newly hired intern. Everybody needs to understand the gravity of a cyberattack and its impact. Only then will they take cybersecurity seriously.
Moving to the Cloud offers tremendous benefits for SMBs that range from lower IT costs to any-time access to data and certainly more reliability in terms of uptime. But, data in the Cloud is also vulnerable to security threats just like the data stored on physical servers. This blog discusses 3 things you can do to protect your data in the Cloud
Secure access: The first step would be to secure access to your data in the Cloud. So, how do you go about it? Safeguard your login credentials-your User IDs and passwords-from prying eye. Set strong password policies that are practiced across the board and educate your employees about good password hygiene. Also, do you have employees using their own devices to access their work-related applications and documents? Do you have staff working from home? Then, you also need to formulate strong BYOD (Bring-your-own-device) policies, so these devices don’t end up as the entry point to cybercriminals.
Educate your employees: What’s the first thing that pops into your head when someone talks about cybercrime? You probably picture some unknown person, a tech-whiz sitting behind a computer in a dark room, trying to steal your data. But, surprising as it may seem, the first and probably the biggest threat to your data and IT security in general, comes from your employees! Malicious employees may do you harm on purpose by stealing or destroying your data, but oftentimes, employees unwittingly become accomplices to cybercrime. For example, forwarding an email with an attachment that contains a virus, or clicking on a phishing link unknowingly and entering sensitive information therein or compromising on security when they share passwords or connect to an unsecured or open WiFi at public places such as the mall or the airport with a view to “get things done”, but, without realizing how disastrous the implications of such actions can be.
Choosing the right Cloud service provider: If you are putting your data in the Cloud, you need to make sure that it is in safe hands. As such, it is your Cloud service provider’s responsibility to ensure your data is secure and, accessible, always. But, are they doing all that is needed to ensure this happens? It is very important to choose a trustworthy Cloud service provider because you are essentially handing over all your data to them. So, apart from strengthening your defenses, you need to check how well-prepared they are to avert the threats posed by cybercriminals.
Complete Cloud security is a blend of all these plus internal policies, best practices, and regulations related to IT security, and of course, the MSP you choose to be your Cloud security provider plays a key role in all this.
The Cloud presents plenty of benefits that make it a very attractive choice, especially for SMBs who don’t want to be burdened with higher in-house IT costs, putting your data in the Cloud is not risk-free. Just as storing data on physical servers has its security threats, the Cloud presents certain security concerns as well. These include
Apart from the above, there are some common threats that apply to both the Cloud and traditional data storage environments such as a DDoS attack, or a malware attack where your data in the Cloud becomes susceptible because it is being shared with others and at other places.
Some Cloud security mechanisms that SMBs can invest in to keep their data safe
Cloud firewalls: Much like the firewalls you deploy for your local IT network, Cloud firewalls work to prevent unauthorized Cloud network access.
Penetration testing: Penetration testing is a sort of a Cloud security check where IT experts try hacking into the Cloud network to figure out if there are any security lapses or vulnerabilities that could serve cybercriminals.
Obfuscation: In obfuscation, the data or program code is obscured on purpose such that the system delivers unclear code to anyone other than the original programmer, thus mitigating any malicious activity.
Tokenization: Tokenization is the process of replacing sensitive data with unique identification symbols that retain all the essential information about the data without compromising its security.
Virtual Private Networks (VPN): Another, more commonly used mechanism is the VPN. VPN creates a safe passage for data over the Cloud through end-to-end encryption methodology.
Investing in a good Cloud security system is a must, but, in the end, you also need to remember that Cloud security is not only about antivirus software, firewalls, and other anti-malware tools. You need to pick the right MSP and work closely with them to implement a Cloud security solution that works for you.
More and more businesses are switching to the Cloud to store their data and rightly so. The Cloud offers numerous benefits over the traditional, physical on site server. For example,
Your big Cloud move: What to consider
If you are considering moving to the Cloud, you will find it helpful to sign-up with an MSP who is well-versed with the Cloud. They can advise you on the benefits and risks of the Cloud and also offer the Cloud solution that’s right for you. In any case, before you migrate to the Cloud, make sure you are dealing with a reputed Cloud service provider who has strong data security measures in place. You can even explicitly ask them what security mechanisms they have invested in to manage data access and security.
Yes, moving to the Cloud has it benefits, but it also has its challenges including security risks. Learn more in our next blog, “Is the Cloud really risk-free?”
There are a ton of productivity suites out there, and we’ve all heard of the most common one, Microsoft Office. Still, there are other solutions out there, one of which is Google Workspace. What does Google Workspace offer, and what differentiates it from its competition? Let’s take a closer look and see if we can find the answer to this question.
