You hear on the news all of the time about big cyber attacks on large corporations, and evengovernment agencies.The trouble with this news coverage is that is suggests a distorted view ofwhere cyber attacks are taking place. These attacks are not solely hitting large organizations.Small firms represent a significant portion of those who face cyber attacks. Being small by nomeans keeps you immune. In fact, small firms can be used as conduits to larger organizations.That is likely what happened in the case of Target Corporation in 2013
If you’re a small business, then you’re a target for cyber criminals. Last year, 71% of small tomedium size businesses were the victims of Cyber attacks.
Today’s concern is how you would respond to an attack. 31% of small to medium businesses donot have a plan of action for responding to IT security breaches, and 22% admit that they lackthe expertise to make such a plan. A data breach is disastrous.
Your response determines whether it’s a survivable disaster. You need to have a statement forcustomers ready, (47 states require businesses to disclose data breaches), you need to be ableto quickly access backups, and you need access to professionals with experience in disasterrecovery and business continuity.
Hearing “all of your confidential information is extremely vulnerable, we know this because…” isbad news, but whatever follows the ellipses determines just how bad. Consider two scenarios.
“All of your confidential information is extremely vulnerable… we know this because ahacker took all of your customers’ credit card info and locked all of your files behind ransomware.”
“All of your confidential information is extremely vulnerable…we know this because wedid a vulnerability scan of your network, and have some suggestions on how your can improve.” 61% percent of small businesses are victimized by cyber attacks each year, and one in five victims do not survive. It is financially worthwhile to make sure that you end up being the person hearing the latter sentence.
Scenario 2 describes the statement after you have had a vulnerability test conducted. Avulnerability test is a comprehensive audit of security flaws that a hacker could exploit, and the possible consequences. This is the equivalent of a doctor giving a physical examination. This information will allow you to know what your risks are and plan your security policies accordingly.
Vulnerability tests should be conducted quarterly, and can be done by in-house IT or outsideconsultants.They should be done quarterly, or whenever you are incorporating new equipment into your IT network.
What is a pen-test: A pen-test is a simulated attack on a network to test the strength of its security. Usually, the pen-tester will have a specific objective (e.g. “compromise this piece of data…) A vulnerability scan tell you “what are my weaknesses?” and pentest tells you “how bad a specific weakness is.”
How often should you pen-test: Different Industries will have different government mandated requirements for pentesting. One of the more broad reaching regulations, the PCI DSS, for example, requires pen-testing on an annual basis. However, it is prudent to go beyond the legal minimum. You should also conduct a pen-test every time you have
Stay Secure My Friend… More Hackers Targeting SMBs
Many SMBs don’t realize it, but the path to some grand cybercrime score of a lifetime may go right through their backdoor. SMBs are commonly vendors, suppliers, or service providers who work with much larger enterprises. Unfortunately, they may be unaware that this makes them a prime target for hackers. Worse yet, this may be costing them new business.
Larger companies likely have their security game in check, making it difficult for hackers to crack their data. They have both the financial resources and staffing power to stay on top of security practices. But smaller firms continue to lag when it comes to security. In many cases, the gateway to accessing a large company’s info and data is through the smaller company working with them. Exposed vulnerabilities in security can lead cybercriminals right to the larger corporation they’ve been after.
Cybercriminals Target Companies with 250 or Fewer Employees
In 2012, Symantec research confirmed that cybercriminals are increasingly targeting smaller businesses with 250 or fewer employees. Attacks aimed at this demographic practically doubled from the previous year. This news has made larger enterprises particularly careful about whom they do business with. This means that any SMB targeting high-end B2B clientele, or those seeking partnerships with large public or government entities, must be prepared to accurately answer questions pertaining to security. This requires an honest assessment of the processes taken to limit security risks.
View Security Measures as Investments
CIOs must start viewing any extra investment to enhance security as a competitive differentiator in attracting new business. Adopting the kind of security measures that large enterprises seek from third-party partners they agree to work with will inevitably pay off. The payoff will come by way of new revenue-generating business contracts that will likely surpass whatever was spent to improve security.
Would-be business partners have likely already asked for specifics about protecting the integrity of their data. Some larger entities require that SMBs complete a questionnaire addressing their security concerns. This kind of documentation can be legally binding so it’s important that answers aren’t fudged just to land new business. If you can’t answer “yes” to any question about security, find out what it takes to address that particular security concern.
Where a Managed Service Provider Comes In
Anyone who isn’t yet working with a Managed Service Provider (MSP) should consider it. First, a manual network and security assessment offers a third-party perspective that will uncover any potential business-killing security risks. A good MSP will produce a branded risk report to help you gain the confidence of prospects to win new business.
A MSP can properly manage key elements of a small company’s security plan. This includes administrative controls like documentation, security awareness training, and audits as well as technical controls like antivirus software, firewalls, patches, and intrusion prevention. Good management alone can eliminate most security vulnerabilities and improve security.
Cloud Monitoring Can Be the Difference Maker for SMBs
It’s a fast-paced world. Not only do people want things, they want things right now. This sometimes-unnerving need for instant satisfaction has only intensified now that we have Wi-Fi and mobile devices that keep us connected regardless of where we are, what we’re doing, or the time of day. There is no longer any tolerance whatsoever for waiting. A business with a website that fails to load, or loads too slowly, will lose customers and leads to competitors.
So what has your business done to address this need for constant accessibility and optimal uptime? Do you feel you’re doing enough to meet the demands and expectations of your customers, new business prospects and those who have just now found you on Google?
If you’re a small-to-medium sized business owner, do you have confidence in your technology infrastructure? Can you say with certainty that your website, internal server, and mobile applications function smoothly, efficiently, and correctly?
When your IT team leaves work to go live their lives, are you confident that things won’t go bump in the night? That you won’t be ringing their cell phone while they’re out having dinner with their family, or worse yet, sleeping?
If you answer no to these questions, you may be one of the many small business owners who could benefit from cloud monitoring. And you’ll be pleased to learn that cloud monitoring can significantly improve all facets of your business – especially your service, productivity, reputation, and profitability.
What is the Cloud?
According to a study conducted by Wakefield Research, 54% of those questioned responded that they’ve never used cloud technology. However, the truth is that they’re in the cloud everyday when they bank or shop online and send or receive email.
Business owners, specifically non tech savvy small business decision makers, are still apprehensive when it comes to moving their server and web monitoring services to the cloud. But FDR’s famous quote, “The only thing we have to fear is fear itself,” definitely applies here. The cloud is nothing more than moving the storage and access of your data programs from a computer’s physical hard drive to the web. There is nothing to fear.
Benefits of Cloud Monitoring
Obviously, these physical and virtual servers, their shared resources, and the applications they run on, must be monitored. This can be done from multiple remote locations and it’s called cloud monitoring.
Cloud monitoring makes it easier to identify previously unseen patterns and potential problems within your infrastructure–issues that may be too difficult for any in-house support staff to detect. For instance, monitoring ensures that your site is delivering accurate page content and is meeting anticipated download speeds. It can detect unapproved changes, website tampering, and compromised data.
The continuous analyzing and testing of your network, website, and mobile applications can reduce downtime by as much as 80%. The speed and functionality of e-commerce transactions are also optimized. Additionally, cloud monitoring tests your email server at regular intervals, which minimizes failure deliveries and other issues pertaining to sending and receiving emails.
Clearly, all of the above, along with the alerts that help identify and fix issues before they become catastrophes, make cloud monitoring an attractive way to gain insight into how end-users experience your site, while also enhancing their overall experience.
Why Hybrid Clouds are More Than Just Another Trend
It should come as no surprise that many small to midsize business owners take pride in overseeing every aspect of their startup business. Naturally, many are apprehensive when it comes to surrendering control of their servers, their data, and their applications.
The downside of this need for control is that operating and maintaining everything onsite can be time consuming, super expensive, and it can make your business more vulnerable to failure related downtime and cyber threats.
Although everything can be stored in the cloud at a fraction of the cost, many aren’t responsive to the idea of sharing the infrastructure their technology runs on.
The great thing about the cloud is it’s not an all or nothing thing. This is exactly why so many small to midsize businesses have turned to hybrid cloud solutions. Just as they name implies, hybrid cloud solutions are both on and off premises. It’s the best of both worlds. An entrepreneur can still control certain aspects of the business on-site, but simultaneously exploit the cloud’s cost effectiveness and overall scalability.
For example, a local server like Windows Server 2012 can be housed and managed on-site but that server, or just specific files, can still be backed up in the cloud with Microsoft Windows Azure and stored far away off-site. This provides a partial disaster recovery solution in the event of a hurricane, flood, fire, or just a basic server crash.
Here are some tips for developing your hybrid cloud strategy
Honestly assess the current IT strategy – Over time, as your business grows and technology advances, your well-planned and neatly arranged IT infrastructure transforms into a disorganized mishmash of different servers and disconnected software and tools. View this almost as the spring-cleaning of a cluttered garage. What systems or applications are critical to your business right now and which ones no longer support your current or future business initiatives?
Know what you want to keep close – Every business will be different in this regard. Certain companies will prefer keeping large files in-house, in a more controlled private cloud, for easy access but may be okay with having their emails out there in the cloud or vice versa.
See how others are leveraging a hybrid cloud environment – New services once only available to large enterprises are now available to SMBs. This presents an extraordinary opportunity to be more agile, flexible, and better suited for new business opportunities and growth. Remote monitoring, 24/7 support, and disaster recovery solutions can be easily integrated within a hybrid-computing environment – regardless of operating systems, server types, or mobile devices used.
Staged implementation – Be sure to plan your hybrid cloud strategy as a multi-year plan that is deployed in phases. For example, in the beginning, private controlled access to a public cloud service can be granted to internal application developers experimenting with a new business initiative. Or a new customer relations management SaaS (Software as a Service) application can be implemented.
This is the year that even small or midsize enterprises are getting serious about cloud operations and a strategic mix of public cloud services and private cloud may make the transition easier.
Why More SMBs are Turning to the Cloud to Reduce TCO
More small and mid-size businesses (SMBs) seem to be taking the initiative to learn more about the benefits of the cloud. Determining why SMBs have this sudden keen interest in the cloud isn’t all that tricky.
If you shouted, “Cost Savings!” in a room full of SMBs, you’d undoubtedly be the center of attention. And it seems as if this is also the motivating factor as to why more SMBs are looking into cloud-based solutions to reduce expenditures.
Although it seems like an oxymoron to recommend investing in new technology to control costs, cloud-based solutions can be leveraged for a greater return on already inevitable operational expenses. By enhancing productivity and overall efficiency, the cloud could help spur business growth and profitability.
Here are few of the reasons more SMBs are opening up to cloud-based solutions…
Containing Costs – This is the big one. Every SMB wants their business to grow but that growth is accompanied by rising costs to maintain safe, reliable, and sustainable business technology.
On-premise solutions are expensive. If you’re paying someone $60K a year to manage and monitor your technology, and most of their day is spent performing routine maintenance tasks or running to the aid of the intern who complains that something is running slow, are you really getting a return on that investment? You can do better and your on-site IT support can do more for you.
The cost for cloud-based solutions have been found to be anywhere from 35% to 50% lower than with on-premise solutions. This is because the cloud can completely eliminate most infrastructure costs such as servers, databases, backup, operating systems, upgrades, migration, physical space, power and cooling, and associated in-house or third party staffing costs.
Greater Flexibility – No doubt you’ve been privy to an office Happy Hour conversation or two about Infrastructure-as-a-Service (Iaas) and Platform-as-a-Service (PaaS). Is that crickets we hear? Okay, well since you’re in the dark, the flexibility of the cloud makes it really attractive to SMBs. IaaS and PaaS are two increasingly popular cloud technologies because of their flexibility when it comes to big data analysis.
IaaS technology is flexible as it allows an as needed rapid deployment of resources. Basically, fast expansion to accommodate growth. SMBs can pay accordingly for this on-demand usage, giving them the ability to access and analyze the kind of big data seen at larger enterprises without having to pay for necessary hardware capacity.
PaaS technology gives SMBs the ability to affordably increase or decrease data storage capacity as needed.
Of course, there must be a need for big data analysis that justifies the use of these technologies. Many SMBs may be just fine using Microsoft Excel for data analysis.
Greater Mobility – Many SMBs are turning to the cloud to provide remote employees with access to communications solutions. Through the cloud, remote workers can use smartphones, laptops, and notebooks to access documents and files for internal and external collaboration.
As you can see, it’s understandable why the cloud is being seen by SMBs as the “great equalizer” to take their business to the next level and stay competitive with even the big dogs despite budget and staffing limitations. It also helps that cloud-monitoring services have simplified the monitoring and management of SMB cloud deployments, alleviating a lot of the fear about migrating to the cloud.
How SMBs Can Utilize the Cloud To Build Their Business
There has been a lot of talk lately about the cloud and its ability to put small to midsize businesses (SMBs) and startups on a level playing field with large global enterprises. Can this be substantiated or is it a load of trendy hype to push SMBs to cloud-based solutions? We’ve compiled this breakdown of how the cloud can be used to boost profitability.
The Convenience Factor
It once took smaller companies and startups weeks to launch and configure their own IT infrastructure. Doing so also required a ton of overhead costs. Today’s cloud technology provides the benefits of this very same infrastructure but on an as needed and on-demand basis. SMBs can build a technology infrastructure for themselves online in less than a minute.
For example, a smaller agency that provides apps for its clients, can turn to a Platform-as-a-Service (PaaS) cloud provider. A PaaS provides companies an environment that enables them to more easily host and deploy apps. They do this by shielding developers from the hassles that come with the set up, configuration, and management of things like servers and databases.
Without having to worry about things on the infrastructure side, the company and its application developers can focus on creating innovative apps that will generate business revenue. Once their server is online and available, they can launch instantly with a 1-click deployment of their application.
Mission Critical Agility & Scalability
In the tech industry, everyone must channel his or her inner Maverick and Goose* because there is a need… a need for speed. Speed is everything and agility is mission critical. The cloud’s rapid provisioning of computer resources can offer additional storage space in mere minutes rather than weeks.
Having that kind of agility bodes particularly well for the scalability needs of SMBs. As business grows and the need to store more data increases, the cloud is flexible enough to resize your infrastructure on the fly and grow with you.
The cost of cloud-based solutions is much more beneficial to SMBs than the cost of traditional shared or dedicated hosting plans. This eliminates the high overhead that comes with buying dedicated hardware and hiring staff to run the servers.
Cloud technology has empowered SMBs by eliminating any need to make the same kind of costly upfront investments that large enterprise are able to incur. There is no longer a need for SMBs to spend thousands of dollars building out a massive infrastructure to support their big data applications. Better yet, backing up that big data is also inexpensive compared to traditional hosting solutions.
The Good, The Bad, and the Ugly of Mobility and BYOD
There are a lot of advantages to mobility in today’s workforce, but the Bring-Your-Own-Device (BYOD) movement has also brought its share of headaches as well.
We live in a society where everyone must have the newest technology. We are inundated with ads reminding us that the smartphone or tablet we just bought a year ago is laughably outdated and inferior to the upgrade that just hit the market.
People who have just bought the latest technology don’t want to have to set it aside to use a separate company-issued device. As a result, businesses are beginning to grant these employee-owned devices access to their file and email servers, databases, and applications.
While this brings certain competitive advantages to employers, it naturally carries many risks, too.
Let’s begin with the pros of BYOD…
The Advantages of BYOD
Greater Flexibility and Productivity – Personal devices allow workers more flexibility, which in turn can increase productivity. Today’s employee isn’t restricted to their office workstation or cubicle. They can carry out job responsibilities from home, a coffee shop, their child’s dance recital, or while traveling.
Reduced Costs – Purchasing even the most basic Blackberry for an employee can cost a company $900+ per worker. Costs like that can be completely eliminated by adopting a BYOD policy where employees are required to use their own device.
Happier Employees/Attractiveness to Job Seekers – Recent studies have found that 44% of job seekers are attracted more to employers who are open to BYOD and occasional remote work. Beyond this hiring advantage over competition, it has been found that employees as a whole are generally happier using the devices they own and prefer for work purposes.
Better Customer Service – This goes hand and hand with more flexibility and productivity. Mobility allows employees to occasionally resolve or escalate urgent client issues outside of normal working hours, and clients remember that kind of response time.
And now the cons of BYOD…
Disadvantages of BYOD
Compromised Data Security – Unfortunately, letting employees use their own smartphones, tablets, and laptops increases the likelihood of sensitive company or customer/client data being compromised. It is important for companies to establish a comprehensive mobile device security policy and never make any exceptions to it whatsoever. Really. No exceptions. Ever.
Employee Privacy – Many employees may oppose using their own devices for work, especially if it’s a company requirement that they aren’t reimbursed for. You have to remember that these are the same devices employees use to log into their Facebook and Twitter accounts or do their online banking. In this age of constant paranoia over big brother watching our every move, employees may be concerned that their employer will spy on them or access their personal passwords and information.
Handling Employee Turnover – Companies must consider how they will address the retrieval of company data and information from an employee’s device if the employee either quits or is fired. Some companies may require that employees only save or edit company files on their servers or use cloud-based sharing software like Dropbox to share and edit docs.
The Importance of a Mobile Device Management Tool
Obviously, businesses must keep track of all of the devices that access their server, applications, and data. Mobile Device Management helps enterprises centralize what is an otherwise chaotic hodgepodge of devices and operating systems. This ensures that all devices are configured, deployed, and properly monitored and managed. This is a smart way for businesses to embrace BYOD while securing data and applications across multiple devices.
Why SMBs Must Proactively Address the Threat of Mobile Hacks
More cyber criminals are targeting small-to-medium sized businesses. One reason for this is too many workplaces have insufficient bring-your-own-device (BYOD) policies in place. Some have none at all. Although firms are generally more knowledgeable about network security risks than in years past, they still woefully underestimate the security vulnerabilities linked to mobile devices like smartphones and tablets.
This is a real cause for concern since data breaches have the ability to put many already financially challenged SMBs out of business.
If customer/client data has been breached, there could be potential litigation costs, and naturally, lost goodwill and an irreparable hit to brand or company reputation.
Don’t Just Say You’re Worried About the Bad Guys… Deal With Them
SMBs say they view network security as a major priority but their inaction when it comes to mobile devices paints a different picture. An April 2013 study found that only 16% of SMBs have a mobility policy in place.
Despite the fact that stolen devices are a major problem in today’s mobile workforce, only 37% of mobility policies enforced today have a clear protocol outlined for lost devices.
Even more troubling is the fact that those firms who have implemented mobility policies have initiated plans with some very obvious flaws.
Key components of a mobility policy such as personal device use, public Wi-Fi accessibility, and data transmission and storage are often omitted from many policies.
Thankfully, most SMB cybercrimes can be avoided with a comprehensive mobility policy and the help of mobile endpoint mobile device management services.
A Mobility Policy Is All About Acceptable/Unacceptable Behaviors
Your initial mobility policy doesn’t have to be all encompassing. There should be room for modifications, as things will evolve over time. Start small by laying some basic usage ground rules, defining acceptable devices and protocols for setting passwords for devices and downloading third-party apps. Define what data belongs to the company and how it’s to be edited, saved, and shared. Be sure to enforce these policies and detail the repercussions for abuse.
Features of Mobile Device Management Services
MDM services are available at an affordable cost. These services help IT managers identify and monitor the mobile devices accessing their network. This centralized management makes it easier to get each device configured for business access to securely share and update documents and content. MDM services proactively secure mobile devices by:
Specifying password policy and enforcing encryption settings
Detecting and restricting tampered devices
Remotely locating, locking, and wiping out lost or stolen devices
Removing corporate data from any system while leaving personal data intact
Enabling real time diagnosis/resolution of device, user, or app issues
It’s important to realize that no one is immune to cybercrime. The ability to identify and combat imminent threats is critical and SMBs must be proactive in implementing solid practices that accomplish just that.
You’ve read it time and time again. “Bring Your Own Device” isn’t a trend, it’s the future. Workplaces where companies let workers use their own devices for work purposes are the new normal. BYOD attracts new hires and lifts employee morale and productivity. But this doesn’t mean a small business owner should recklessly jump right into BYOD just because everyone else is doing it. Data and network security concerns have to be thought out, defined, and addressed in a comprehensive BYOD policy. Here are three things to consider.
Cost of Support
Most businesses salivate at the thought of the money saved by having employees participate in a BYOD program. With employees using their own devices for work, there is no need to shell out thousands of dollars for desktop PCs, smartphones, tablets, and laptops. While that’s undoubtedly a huge incentive, extra support costs must also be factored in. Chances are your employees aren’t necessarily tech savvy and will need help deploying applications and performing basic yet very necessary maintenance techniques. Unless you have a dedicated IT support team, which most SMBs do not have, you will need to turn to a Managed Service Provider (MSP) in your region for support. A MSP can provide specialized expertise and leverage Mobile Device Management (MDM) tools to keep your network infrastructure and business applications monitored, secured and fully optimized.
Limited Number of Support Devices
Obviously you can’t accommodate EVERY employee-owned device. Limiting the types of devices accepted in your BYOD program will mitigate any need to pay for software or equipment upgrades for outdated devices and keep your infrastructure safer as a whole. It’s important to not be too exclusive, select a broad range of devices and their more recent releases to accommodate the varied preferences/tastes of your employees.
Adopting BYOD at your workplaces will expose your company to more legal risks. Sensitive business or private client/customer data can potentially be exposed if devices are lost or stolen. The personal online habits of your employees can also increase your network’s vulnerability to viruses, phishing, or hacking schemes designed to steal such data. These increased legal risks are another reason why SMBs must take precautions such as working with a MSP that offers a solid MDM solution to ensure all employee devices are configured, deployed, managed and monitored in a manner that prioritizes data integrity and security.