Small Business Security: It is Hackers v. You – Don’t Let Them Score

Small Business Security: It is Hackers v. You – Don’t Let Them Score

Selling stolen IDs and other personal data is a lucrative trade for hackers. They are always looking for weak small business security and sources where vital information is stored. As a small to midsize business you store your client’s personal information, collected from different sources, on your computers and servers. Your Point-of-sale (PoS) terminal and some website transactions can be completed by use of electronic banking, credit cards or debit cards only. Your customers have to key-in their pins or passwords to make payments. That information has to be saved. Also, depending on the kind of services or products you provide, you may be collecting Social Security numbers, addresses, driver’s license numbers and DOBs of your clients. Information that personal is as important as it can get. Any source of that information is like a gold mine for a hacker. All this means only one thing for you: A small business security nightmare. Here are the channels hackers can use to break into your IT infrastructure Your website: Hackers have become very sophisticated in cyber attacks on websites. They can access specific information by targeting websites that have the information they are looking for. For example, if they want only financial information about their victims, they can use tools that will fish for the websites that carry that kind of information. Implementation of web-based applications has made it easier for cyber criminals to connect to your website data base. They are able to find the loopholes and hack into systems. They can then access your customer’s personal information, allowing them to steal from your clients by committing credit card...
Mobile Hacks: Why SMBs Must Proactively Address the Threat

Mobile Hacks: Why SMBs Must Proactively Address the Threat

More cyber criminals are targeting small-to-medium sized businesses. One reason for this is too many workplaces have insufficient bring-your-own-device (BYOD) policies in place and are vulnerable to mobile hacks. Some have none at all. Although firms are generally more knowledgeable about network security risks than in years past, they still woefully underestimate the security vulnerabilities linked to mobile devices like smartphones and tablets. Mobile Hacks Can Be Devastating This is a real cause for concern since data breaches have the ability to put many already financially challenged SMBs out of business. If customer/client data has been breached, there could be potential litigation costs, and naturally, lost goodwill and an irreparable hit to brand or company reputation. Don’t Just Say You’re Worried About the Bad Guys… Deal With Them SMBs say they view network security as a major priority but their inaction when it comes to mobile devices paints a different picture. An April 2013 study found that only 16% of SMBs have a mobility policy in place. Despite the fact that stolen devices are a major problem in today’s mobile workforce, only 37% of mobility policies enforced today have a clear protocol outlined for lost devices. Even more troubling is the fact that those firms who have implemented mobility policies have initiated plans with some very obvious flaws. Key components of a mobility policy such as personal device use, public Wi-Fi accessibility, and data transmission and storage are often omitted from many policies. Thankfully, most SMB cybercrimes can be avoided with a comprehensive mobility policy and the help of mobile endpoint mobile device management services. A Mobility Policy Is...
IT Defense in Depth Part II

IT Defense in Depth Part II

In our last post we started talking about the different layers of security necessary to fully create an IT defense and defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies: and “assuming their employees care enough to follow policy”. Hackers and Your IT Defense Here are some ways hackers penetrate your IT defense and exploit human foibles Guessing or brute-force solving passwords Tricking employees to open compromised emails or visit compromised websites Tricking employees to divulge sensitive information For the human layer, you need to: Enforce mandatory password changes every 30 to 60 days, or after you lose an employee Train your employees on best practices every 6 months Provide incentives for security conscious behavior. Distribute sensitive information on a need to know basis Require two or more individuals to sign off on any transfers of funds, Watch for suspicious behavior Network Layer The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files. However, they are all transmitted in the same way: Spam emails or compromised sites “Drive by” downloads, etc. To protect against malware Don’t use business devices on...
IT Defense In Depth Part I – Anti-Virus

IT Defense In Depth Part I – Anti-Virus

In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can’t map every possible avenue for attack. What does this have to do with IT defense and security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software. Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net. Even if you had a perfect anti­virus program that could detect and stop every single threat, there are many attacks that circumvent anti­virus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or “brute force guess” a weak password, all the antivirus software in the world won’t help you. There several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level. The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often. Here are a few examples:...
Is Your Website Mobile Optimized? 3 Reasons Why It Matters

Is Your Website Mobile Optimized? 3 Reasons Why It Matters

Smaller firms often struggle just to keep up with maintaining a website. Worrying about a scaled down version for mobile users seems like just too much trouble. Today’s blog is all about why this matters to you and why should you bother with a mobile version. A bit of background: Mobile sites are versions of your website that can be easily read and used on a small mobile screen. What is readable on a laptop of desktop monitor can be too tiny to use on a small screen. Also, the buttons and fields on your forms become impossible to use. Why does this matter? Three reasons 1. Mobile Optimized for SEO Showing up in search rankings. If you want to be found in a search and appear high in the ranking, you need to have a “mobile optimized” site. Google has now included the failure to have a mobile optimized site as a specific reason to lower a website in its search rankings. If you don’t have a mobile optimized site, you slip lower in the ranking. Slip lower in the rankings and fewer people ever find you in a search. 2. Most Searches More search and web activity now occurs on mobile devices than standard PC and laptops. If you want attention, you need to be “mobile ready.” You can’t just write off those mobile users- ­­there are too many of them. 3. Hard to Read If your site is too difficult to use on a phone screen, the user is just going to jump to another vendor. There’s nothing else to say. So the summary is, if...

Business Trade Shows Part II: During the Event

We’re back. In the last post, we talked about building momentum toward a trade show exhibition. Today, let’s look at your efforts during the show itself. You already should have sent out a reminder the morning of the show in posts on all your social media accounts, an article on your website blog, and a general email that you’re exhibiting. Now it is time to work the booth. First, recognize that your goal is to use this show to develop as large a list of prospects as possible. That means you not only want visitors at the booth, you need their contact information. The proven way to get attendees contact information is to offer them something for free, or run a contest for something worthwhile. Most booths will offer some giveway, coffee mug, etc. at the booth if visitors sign a contact info sheet. People can’t resist free stuff, no matter how muchthey don’t need another mug or could afford to buy them on their own by the caseload. Therefore, have giveaways. You can also run a contest for those willing to take the time for a demo of your product or service. If they will take the extra step, enter them for a raffle for something of greater value, such as an iPad or tablet. If anyone shows special interest, keep your non-exhibit hours open to schedule meetings for coffee or a demo. Beyond getting prospects, use the show for broader networking. Work the other booths and introduce yourself to other exhibitors to get your name known. You can never do enough networking, and you never know when...
BYOD Policy: 3 Things to Consider Before Jumping In

BYOD Policy: 3 Things to Consider Before Jumping In

Last week we went over BYOD strategies and how you can implement a BYOD policy in your company. In fact, you’ve read it time and time again. “Bring Your Own Device” isn’t a trend, it’s the future. Workplaces where companies let workers use their own devices for work purposes are the new normal. BYOD attracts new hires and lifts employee morale and productivity. But this doesn’t mean a small business owner should recklessly jump right into BYOD just because everyone else is doing it.  Data and network security concerns have to be thought out, defined, and addressed in a comprehensive BYOD policy. Here are three things to consider. Cost of Support for a BYOD Policy Most businesses salivate at the thought of the money saved by having employees participate in a BYOD program. With employees using their own devices for work, there is no need to shell out thousands of dollars for desktop PCs, smartphones, tablets, and laptops. While that’s undoubtedly a huge incentive, extra support costs must also be factored in. Chances are your employees aren’t necessarily tech savvy and will need help deploying applications and performing basic yet very necessary maintenance techniques. Unless you have a dedicated IT support team, which most SMBs do not have, you will need to turn to a Managed Service Provider (MSP) in your region for support. A MSP can provide specialized expertise and leverage Mobile Device Management (MDM) tools to keep your network infrastructure and business applications monitored, secured and fully optimized. Limited Number of Support Devices Obviously you can’t accommodate EVERY employee-owned device. Limiting the types of devices accepted in...

Business Trade Shows Part I: Before the Event

Going to a tradeshow for the first time? Don’t make the mistake of viewing this as a 1-2 day discreet marketing event. Instead, view your exhibit at a tradeshow as the central feature of a much longer and holistic marketing plan that builds to the event, and then culminates in the successful post­show follow up that signs on new customers. In the next few posts, we are going to break down the tradeshow marketing plan into three bite size pieces. Today, the pre-show build up. The goal of your pre­show marketing is to attract visitors to your booth at the show. You want them to know about all about you before they take that first walk around the exhibit hall. Take advantage of all the marketing opportunities that the show planner offers. This may include access to an attendees list. If so, use this to send out a few introductory emails prior to the show including your booth number. Send one the day of the show reminding the reader where you are. Sponsorships are also an opportunity, if your budget allows it. This can be a small ad in the program or sponsoring an event or get-together during the conference. This is a bigger step and may be beyond the budget of a SMB. Social Media: Use social media to introduce yourself before the show. This means an active presence on Facebook, Twitter, and Linkedin. Send a brief announcement of who you are and that you will be exhibiting at the show, and then a reminder the day of the show or the day before. Website and blog: Post...
BYOD Strategy: 4 Essential Pieces For Any SMB

BYOD Strategy: 4 Essential Pieces For Any SMB

Believe it or not, once upon a time, kids at the bus stop didn’t have cell phones and the byod strategy (bring your own device) of many businesses was typically you’ll take what you’re given, refrain from using it for any personal use, and the data may be scrubbed clean whenever we please. We’ve come a long way. The Blurred Lines And Reasons For A BYOD Strategy Today, businesses really have no choice but to let employees use personal devices for work purposes. Blurred lines now make it difficult to differentiate between what is professional and what is personal. A company or organization may partially pay for an employee’s tablet computer or smartphone, but that same device is used to upload photos to Facebook or download torrents of this season of Game of Thrones. Naturally, security and privacy issues are a concern since these devices synch to the company network. Larger corporations may be able to hire IT support or produce sophisticated BYOD guidelines for employees to adhere to but smaller businesses have limited resources. In fact, recent surveys suggest that the small business sector is doing very little to preemptively prepare for potential network security risks that could arise with the use of BYOD devices. Not having a BYOD strategy could prove to be disastrous. According to market stats from a survey conducted by Cisco in 2012, approximately 88% of employees are doing business on personal devices. However, only 17% of companies currently have a BYOD security policy in place, and only 29% of companies have plans to implement a mobile device security plan in the near future....
Password Security That Is Still Ignored

Password Security That Is Still Ignored

You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are sloppy with password security. There are many ways data can be breached, and opening some link they shouldn’t is one of the most serious security sins employees can commit, but today we’ll just talk about passwords. Here are some basic practices that you should require your employees to follow. These are basic tips. System administrators should implement other policies, such as those that forbid using passwords previously used and locking accounts after a few failed attempts to login. But just for you as a manager, here are a few tips. Basic Password Security Tips Change Passwords – Most security experts recommend that companies change out all passwords every 30 to 90 days. Password Requirements – Should include a of mix upper and lowercase, number, and a symbol. Teach employees NOT to use standard dictionary words (any language), or personal data that can be known, or could be stolen: addresses, tel numbers, SSN, etc. Emphasize that employees should not access anything using another employee’s login. To save time or for convenience, employees may leave systems open and let others access them. This is usually done so one person doesn’t take the time to logout and the next has to log back in. Make a policy regarding this and enforce it. You’re FIRED! … now give me your password Another occasion when password security comes into hand is in the moment of losing an employee. It is not usually a good experience. If...