Loss of Data: Causes and Prevention

/in /by

Loss of Data: Causes and Prevention

The adoption of technology from the simplest of matters to the most complex problems has rendered us heavily dependent on it. We love paying our bills minutes before they are due. We enjoy seeing loved ones face-to-face on our computer screens. We can access and print our extremely sensitive records from government and financial websites in a matter of minutes instead of waiting for the mail for days. The time and resources that technology saves are invaluable, but this convenience has a very ugly side. This convenience brings costs, which could include irreparable financial, professional, and social damage. The technology that is designed to make life easier can also wreak havoc when criminals use it to breach secured, personal information. So how do we tame this beast called ‘breach of data security’?

Background: The gravity of the problem: To look for a solution, we first need to understand how serious this problem is. Breaches in data security and loss of data could spell imminent demise for many small companies. According to the National Archives & Records Administration in Washington, 93% of companies that have experienced data loss resulting in ten or more days of downtime have filed for bankruptcy within a year. 50% wasted no time and filed for bankruptcy immediately and 43% that have no data recovery and business continuity plan go out of business following a major data loss. In the past, small- to medium-businesses (SMBs) thought that data security problems were reserved for large corporations, but cybercriminals are finding out that SMBs are more complacent in securing their data thus making themselves easier targets. More importantly, the lightly guarded SMBs can provide backdoor access to the large entities hackers really want to hit. Fewer than half of the SMBs surveyed said they back up their data every week. Only 23% have a plan for data backup and business continuity. That is why the number of cyberattacks on SMBs has doubled in the recent past.

Causes of lost data: Loss of data can be attributed to two factors.

  • Breach of data security: As we discussed above, theft is the main reason for loss of data. Hackers can get into networks by installing their own software hidden inside emails and other Web content. They take over PCs and networks and then access files containing personal information. They can then use that information to empty people’s bank accounts and exploit data for other purposes.
  • Human error and employee negligence: Humans still have to instruct technology to perform as desired. Examples of negligence include unattended computer systems, weak passwords, opening email attachments or clicking the hyperlinks in spam and visiting restricted websites. Fortunately, this type of loss of data is easily preventable, but it is just as detrimental and can bring your business to a halt. Downtimes can be very harmful to your business continuity and revenue.

Five ways to minimize data loss

  1. Enforce data security: More than technology, this is the management of human behavior. SMB management must communicate data protection policy to the entire staff and see to it that the policy is adhered to. Rules and policy must be enforced very strictly regarding the use of personal devices. Tell employees to create passwords that are hard to crack and change them frequently.
  2. Stress the consequences: Rules are only good if there are consequences for not following them. Define what those consequences mean for the both the individual and the organization.
  3. Mobile device management: Mobile devices may be the weakest link in data security. “Mobile device management” refers to processes that are designed for the control of mobile devices used within the company. Devices tapping into company systems are identified and monitored 24/7. They are proactively secured via specified password policies, encryption settings, etc. Lost or stolen devices can be located and either locked or stripped of all data.
  4. Snapshots: Fully backing up large amounts of data can be a lengthy process. The data being backed up is also vulnerable to file corruption from read errors. This means sizable chunks of data may not be stored in the backup and be unavailable in the event of a full restoration. This can be avoided by backing up critical data as snapshots.
  5. Cloud replication and disaster recovery services: For SMBs who consider data backup to be too costly, time-consuming and complex there is an answer. The Cloud provides a cost-effective, automated off-site data replication process that provides continuous availability to business-critical data and applications. Cloud replication can often get systems back online in under an hour following a data loss.

To conclude our conversation, it is very important to understand the causes and consequences of data loss. Be proactive and minimize the likelihood of a data breach and data loss, so you can stay in business without interruption. Make sure you have a solid data recovery and business continuity plan so you don’t become another statistic about small firms who didn’t make it.

Be Proactive: How to Avoid Potential Network Failures

/in /by

Be Proactive: How to Avoid Potential Network Failures

For small- to medium-sized businesses (SMBs), an IT network failure can be devastating because they don’t have the resources of large corporations to bounce back from such disasters. Preparation against such devastation may be the only course for them to avoid failure and survive with the least damage if failure occurs. SMBs must be proactive in recognizing the eventuality of a cyberattack or human error that can cause data loss and disrupt business continuity. This is what needs to be done to help prevent a potential failure.

Be prepared: Being proactive is an essential step for preparation against a disaster. There are two ways to determine how to best prepare to prevent potential failure of your infrastructure. First, you need to identify the weaknesses throughout your systems, and second, determine how you are going to eliminate those weaknesses and protect your network.

Identify the weaknesses: Determine how and why your system could fail. Examine all aspects of your hardware and software. Assess all the internal and external factors that could contribute to failure of your networks. Here are some questions you need to know the answers to.

  • Does customer access and/or employee productivity often stall because of downed systems? In these situations, how quickly is your IT support able to minimize the damage?
  • Can you say with certainty that your business will be back online and be able to access lost data with minimal disruption in case of failure?
  • Your critical data should be backed up frequently. The data on personal laptops, iPads and other mobile devices should also be backed up. Are all these steps being taken, and how often?
  • Are all backups stored in a location off-site and are they quickly accessible in the event of corruption, fire or flood?
  • Are you using any custom-made software? Can it be reinstalled and updated when needed?
  • Are your systems truly protected from hackers and viruses? Do you change passwords when employees leave the company?
  • How often do you test your backup processes?

The answers to all these questions should give you a clear picture of your network’s ability to survive in case of a catastrophe.

Here are five steps that you can take to protect your networks

  1. Backup files every day: There are a large number of businesses that never backup data. Only 23% of SMBs are backing up their data daily, and only 50% are doing it weekly. A number of issues can result in loss of data. You should backup data every day.
  2. Check backup procedures regularly: Don’t find out accidentally that your backup system is not working properly. By then it could be too late. It may seem like your data is being backed up normally, but check frequently if it is backing up the way it should be. In this age of BYOD make sure all employees are also following procedures to backup data on their laptops, iPads, etc.
  3. Make sure virus protection and firewalls are always enabled: Many companies either don’t have virus protection installed or it is disabled. That renders their networks vulnerable to virus attacks from emails, spam and data downloads. Corrupted files will not only bring your systems down, but they can spread to your customers and email contacts. That will spell disaster for your reputation. Hackers are always looking for unprotected and open ports online that they can attack with malicious code or files. That can cause permanent data loss.
  4. Monitor server drives: Dangerously full server drives can cause many problems, ranging from program crashes to sluggish email delivery. Servers should be monitored and maintained regularly to avoid these problems.
  5. Check built-in logs: Frequent reviews of built-in logs can reveal small issues. You will have a chance to prevent them from becoming bigger, harder-to- manage problems that can bring your systems down.

Summary: We now know IT system failures have very serious consequences for SMBs. We also know that they can avoid such failures by being proactive. Many SMBs are now turning to cloud-based services and virtualized backup solutions to mitigate downtimes and network failures. Virtualization and cloud computing have enabled cost-efficient business continuity by allowing entire servers to be grouped into one software bundle or virtual server – this includes all data, operating systems, applications, and patches. This simplifies the backup process and allows for quick data restoration when needed.

It is Heaven! Using the Cloud to Challenge Big Business

/in /by

It is Heaven! Using the Cloud to Challenge Big Business

Has anyone suggested you begin moving your business to the cloud? Cloud data storage or cloud computing? What is this, anyway? And isn’t it something for huge companies?

In the last post we explained what cloud computing is. Simply put, it is the offsite storage of your data, and perhaps even the software packages you use. The primary benefit is pretty straightforward. Somebody else pays for all the hardware and support costs needed to store your data. You pack up all your own servers, wiring, etc. and take them to the recycling center, and save money. But is that all it is? There is a much stronger case for a small business to incorporate the cloud in their business model. The cloud allows you to become competitive with the big players in your industry.

The traditional issue holding back small business: they do not have the capital to create the infrastructure to compete with large firms. They are too small to enjoy economies of scale. One obvious area is software and hardware. Historically, the technology used by big business has been out of reach of the little guys. Most SMBs have neither the hardware budget nor internal resources to own a network infrastructure. A small business does not have capital to buy the equipment. Take a simple example: You run a storefront, but think you might be able to sell a bit more if you went online, but you don’t know how much more. You can’t justify the capital to buy the hardware, software, and the labor to design, build, and support it all. The cost of entry to the online world is just too much.

The cloud ends all of that. In simple terms, the cloud lets you rent just as little infrastructure as you need, and then lets you grow as incrementally as you like, paying only for what you use. Essentially, the cloud has become the great equalizer. The high cost of entry created by IT can be eliminated by the cloud.

Business Trade Shows Part III: After the Event

/in /by

So, you made it back home from the show. You’re exhausted and work has backed up in your absence. Here is where the entire investment in the show can go down the drain. Follow-up is critical. Every one of those prospects need to have follow-up. Lots of it. One contact isn’t going to be enough.

First, send out a short email drip that includes a ‘thanks for visiting us at the trade show.’ The second should be a ‘call to action’ email. Send an invitation to meet via phone or in person, and add something for them to download. The download can be a whitepaper, or even just your brochure, but it is always good to attach something.

Now comes the really hard work. Contacting prospects. No one is going to just mail you revenues. You need to actively market to your trade show visitors. If some seem uninterested, put their names in a tickler file to try back in 6 months. Just be sure not to just let them drop; the situation may change in the future.

In summary, look at a trade show as a marketing event that goes beyond the time spent at a booth in some convention center. It is just a stage in a lengthy and important marketing campaign. Make sure you prepare for the show and do active follow-up afterward. Otherwise a trade show is just an expensive few days meeting lots of people you will never see again.

Business Trade Shows Part I: Before the Event

/in /by

Going to a tradeshow for the first time? Don’t make the mistake of viewing this as a 1-2 day discreet marketing event. Instead, view your exhibit at a tradeshow as the central feature of a much longer and holistic marketing plan that builds to the event, and then culminates in the successful post­show follow up that signs on new customers. In the next few posts, we are going to break down the tradeshow marketing plan into three bite size pieces. Today, the pre-show build up.

The goal of your pre­show marketing is to attract visitors to your booth at the show. You want them to know about all about you before they take that first walk around the exhibit hall.

  1. Take advantage of all the marketing opportunities that the show planner offers. This may include access to an attendees list. If so, use this to send out a few introductory emails prior to the show including your booth number. Send one the day of the show reminding the reader where you are.
  2. Sponsorships are also an opportunity, if your budget allows it. This can be a small ad in the program or sponsoring an event or get-together during the conference. This is a bigger step and may be beyond the budget of a SMB.
  3. Social Media: Use social media to introduce yourself before the show. This means an active presence on Facebook, Twitter, and Linkedin. Send a brief announcement of who you are and that you will be exhibiting at the show, and then a reminder the day of the show or the day before.
  4. Website and blog: Post an invitation to the show on your website and your blog. This should go up about one week prior the to event.

These are just three simple steps you can take to build momentum before the actual exhibition. Next, we’ll talk about marketing during the show.

Is Your Website Mobile Optimized?

/in /by

Smaller firms often struggle just to keep up with maintaining a website. Worrying about a scaled­ down version for mobile users seems like just too much trouble. Today’s blog is all about why this matters to you and why should you bother with a mobile version.

A bit of background: Mobile sites are versions of your website that can be easily read and used on a small mobile screen. What is readable on a laptop of desktop monitor can be too tiny to use on a small screen. Also, the buttons and fields on your forms become impossible to use.

Why does this matter? Three reasons

  1. Showing up in search rankings. If you want to be found in a search and appear high in the ranking, you need to have a “mobile optimized” site. Google has now included the failure to have a mobile optimized site as a specific reason to lower a website in its search rankings. If you don’t have a mobile optimized site, you slip lower in the ranking. Slip lower in the rankings and fewer people ever find you in a search.

  2. More search and web activity now occurs on mobile devices than standard PC and laptops. If you want attention, you need to be “mobile ready.” You can’t just write off those mobile users- ­­there are too many of them.
  3. If your site is too difficult to use on a phone screen, the user is just going to jump to another vendor. There’s nothing else to say.

So the summary is, if you haven’t already done so, you need to bite the bullet and get a mobile optimized site. The internet offers too much business to just ignore the issue.

Password Basics That Are Still Ignored

/in /by

You can have all the locks on your data center and have all the network security available, but nothing will keep your data safe if your employees are sloppy with passwords.

There are many ways data can be breached, and opening some link they shouldn’t is one of the most serious security sins employees can commit, but today we’ll just talk about passwords.

Here are some basic practices that you should require your employees to follow. These are basic tips. System administrators should implement other policies, such as those that forbid using passwords previously used and locking accounts after a few failed attempts to login. But just for you as a manager, here are a few tips.

  1. Change Passwords – Most security experts recommend that companies change out all passwords every 30 to 90 days.
  2. Password Requirements – Should include a of mix upper and lowercase, number, and a symbol.
  3. Teach employees NOT to use standard dictionary words (any language), or personal data that can be known, or could be stolen: addresses, tel numbers, SSN, etc.
  4. Emphasize that employees should not access anything using another employee’s login. To save time or for convenience, employees may leave systems open and let others access them. This is usually done so one person doesn’t take the time to logout and the next has to log back in. Make a policy regarding this and enforce it.

These are just a few basic password tips, but they can make a big difference in keeping your business’s sensitive data safe.

You’re Fired! Now Give Me Your Password

/in /by

“You’re FIRED!” ( now give me your password)

Losing an employee is not usually a good experience. If they leave voluntarily, you lose a valuable asset. If they have to be fired, you have the arduous task of the progressive discipline process and the final termination meeting. But there are other concerns that arise when an employee leaves. Those concerns are security and their access to company data.

Here are some considerations regarding passwords and voluntary termination (A.K.A. resigned) or involuntary termination (A.K.A. fired.) It is important you have a process in place so that whenever a termination occurs, nothing slips through the cracks regarding corporate data security.

  1. When you dismiss an employee, you should immediately change out all passwords for anything the employee had access to. Because almost all terminations should be planned, you should also define the process for canceling access. It is unwise to cancel prior to the termination meeting. If you do that, you create the potential for a confrontation when they arrive at work and find their passwords have been disabled. Instead, plan ahead and assign someone to disable their passwords during the time you are having the termination meeting. Before the meeting, be sure you have a list of all access cards, keys, etc. prepared so they can be cancelled before the employee leaves the building.
  2. Voluntary terminations ­- Different firms have different policies handling resignations. Depending on the specific position, an employee will be permitted to continue working during their 2 week notice period. In that case, you need to consider if there is any possibility the employee might get up to no good during the final days. That is something only you can judge.

In some cases, firms will ask an employee to leave the facility immediately. In that case, you need to have a plan in place. You need to have a list available of all of the restricted systems to which they have access for when this situation arises. The employee should not leave the building until all of their access has been canceled.

This all may seem a bit harsh, but things have changed. 30 years ago, for a disgruntled employee to steal files, they’d be carrying out large boxes of file folders. Now, not only can they empty the building onto a thumb drive, they can take nefarious action that wasn’t possible when data was stored on paper.

IT Defense in Depth Part II

/in /by

Defense in Depth Part II

In our last blog we started talking about the different layers of security necessary to fully defend your data and business integrity. Today we will look at the human aspect of it, and network defenses. The human layer refers to the activities that your employees perform. 95% of security incidences involve human error. Ashley Schwartau of The Security Awareness Company says the two biggest mistakes a company can make are “assuming their employees know internal security policies: and “assuming their employees care enough to follow policy”.

Here are some ways Hackers exploit human foibles:

  1. Guessing or brute-force solving passwords
  2. Tricking employees to open compromised emails or visit compromised websites
  3. Tricking employees to divulge sensitive information

For the human layer, you need to:

  1. Enforce mandatory password changes every 30 to 60 days, or after you lose an employee
  2. Train your employees on best practices every 6 months
  3. Provide incentives for security conscious behavior.
  4. Distribute sensitive information on a need to know basis
  5. Require two or more individuals to sign off on any transfers of funds,
  6. Watch for suspicious behavior

The network layer refers to software attacks delivered online. This is by far the most common vector for attacks, affecting 61% of businesses last year. There are many types of malware: some will spy on you, some will siphon off funds, some will lock away your files.

However, they are all transmitted in the same way:

  1. Spam emails or compromised sites
  2. “Drive by” downloads, etc.

To protect against malware

  1. Don’t use business devices on an unsecured network.
  2. Don’t allow foreign devices to access your wifi network.
  3. Use firewalls to protect your network
  4. Make your sure your Wi­Fi network is encrypted.
  5. Use antivirus software and keep it updated. Although it is not the be all, end all of security, it will protect you from the most common viruses and help you to notice irregularities
  6. Use programs that detect suspicious software behavior

The mobile layer refers to the mobile devices used by you and your employees. Security consciousness for mobile devices often lags behind consciousness about security on other platforms, which is why there 11.6 million infected devices at any given moment.

There are several common vectors for compromising mobile devices

  1. Traditional malware
  2. Malicious apps
  3. Network threats

To protect your mobile devices you can:

  1. Use secure passwords
  2. Use encryption
  3. Use reputable security apps
  4. Enable remote wipe options.

Just as each line of defense would have been useless without an HQ to move forces to where they were needed most, IT defense-in-depth policy needs to have a single person, able to monitor each layer for suspicious activity and respond accordingly.

IT Defense In Depth Part I

/in /by

In the 1930s, France built a trench network called the Maginot Line to rebuff any invasion. The philosophy was simple: if you map out all the places an enemy can attack, and lay down a lot of men and fortifications at those places, you can rebuff any attack. The problem is, you can’t map every possible avenue for attack.

What does this have to do with IT security? Today many business owners install an antivirus program as their Maginot Line and call it a day. However there are many ways to get into a network that circumvent antivirus software.

Hackers are creating viruses faster than antivirus programs can recognise them (about 100,000 new virus types are released daily), and professional cybercriminals will often test their creations against all commercially available platforms before releasing them onto the net.

Even if you had a perfect anti­virus program that could detect and stop every single threat, there are many attacks that circumvent anti­virus programs entirely. For example, if a hacker can get an employee to click on a compromised email or website, or “brute force guess” a weak password, all the antivirus software in the world won’t help you.

There several vulnerabilities a hacker can target: the physical layer, the human layer, the network layer, and the mobile layer. You need a defense plan that will allow you to quickly notice and respond to breaches at each level.

The physical layer refers to the computers and devices that you have in your office. This is the easiest layer to defend, but is exploited surprisingly often.

Here are a few examples:

  1. Last year 60% of California businesses reported a stolen smartphone and 43% reported losing a tablet with sensitive information.
  2. The breaches perpetrated by Chelsea Manning and Edward Snowden occurred because they were able to access devices with sensitive information.
  3. For example, Comptia left 200 USB devices in front of various public spaces across the country to see if people would pick a strange device and insert into their work or personal computers. 17% fell for it.

For the physical layer, you need to:

  1. Keep all computers and devices under the supervision of an employee or locked away at all times.
  2. Only let authorized employees use your devices
  3. Do not plug in any unknown USB devices.
  4. Destroy obsolete hard drives before throwing them out

Next time in Part II, we will talk about the human and network layers of security.