SMBs: It is Hackers v. You – Don’t Let Them Score

Selling stolen IDs and other personal data is a lucrative trade for hackers. They are always looking for sources where vital information is stored. As a small to midsize business you store your client’s personal information, collected from different sources, on your computers and servers. Your Point-of-sale (PoS) terminal and some website transactions can be completed by use of electronic banking, credit cards or debit cards only. Your customers have to key-in their pins or passwords to make payments. That information has to be saved. Also, depending on the kind of services or products you provide, you may be collecting Social Security numbers, addresses, driver’s license numbers and DOBs of your clients. Information that personal is as important as it can get. Any source of that information is like a gold mine for a hacker. All this means only one thing for you: A data security nightmare.

Here are the channels hackers can use to break into your IT infrastructure

• Your website: Hackers have become very sophisticated in cyberattacks on websites. They can access specific information by targeting websites that have the information they are looking for. For example, if they want only financial information about their victims, they can use tools that will fish for the websites that carry that kind of information. Implementation of web-based applications has made it easier for cybercriminals to connect to your website database. They are able to find the loopholes and hack into systems. They can then access your customer’s personal information, allowing them to steal from your clients by committing credit card and bank fraud. Or they can just sell your client’s info on the Internet.
• Your computers and servers: Your computers and servers are treasure-troves of information. By sending malware into your systems they can steal your admin passwords, and then login to your servers and other network devices. These hardware devices are the ultimate prize for cyber thieves because these devices not only hold important information about your clients, they also have all the information about your business and possibly about your vendors and associates. There is nothing about your business that these hackers don’t know. Imagine how devastating this attack can be.
• Mobile devices used by your employees: If you are one of those entities that allow their employees to use their mobile devices to conduct business, you have another security dimension to worry about. You don’t know how secure their mobile phones, iPads, laptops or tablets are. You don’t know how hard or easy their passwords are to crack. Breach of security into those devices will lead hackers right into your networks where they can steal data at will.
• Unsecure Wi-Fi network: Most businesses keep their Wi-Fi networks well protected, but unsecured Wi-Fi is an open invitation to cyber criminals. If your Wi-Fi network is not secure, hackers are one step closer to breaking into your systems without even trying.
• Your PoS systems: PoS systems are the prime targets for hackers who want to commit financial fraud. Cyber thieves know that PoS systems that come with preloaded software can be hacked using an unsecured Wi-Fi network. This fraud has a direct impact on an individual’s finances because a hacker can make unauthorized credit card charges quickly and move on before anyone realizes what happened. Ruined credit can take years to mend.
• Your emails: Email is another venue that hackers use to infect computers with malicious software. They send viruses that replicate themselves in the host computers, performing various tasks such as denial of service to the users of your systems, spamming your contacts and accessing data without authorization.

Summary: After reading this article you probably feel like you are in cyber warfare with hackers and your IT infrastructure is the battlefield. You are absolutely right. Hackers are relentless and they are devising new methods all the time to steal from businesses. But this is one fight you can’t let them win. Protecting client data is not just a moral obligation. You are legally bound by the privacy laws to protect this information by all means. Breach in data security can ruin your reputation, and the financial liability to meet legal obligations may become too much to sustain.

So how do you fight this war in which you have to make certain that there is only one winner? Outsource your IT managed services to professionals who will monitor your networks 24/7 from a remote location. Your in-house IT management team may be able to fix problems, but it is important that proactive solutions are in place in case there is data loss as a result of a breach. Managed services can create solid data backup & recovery plans that will have your systems up and running quickly, so you can reduce downtime and protect your revenue.

Data Protection and Bring Your Own Device to Work

BYOD refers to a firm’s policy of allowing employees to use their own personal phones, tablets and laptops for all their work applications.This is a pretty common policy, and it has many benefits, but it brings along risks. How are you addressing these risks?

Here are some of the issues raised by BYOD

1. A lost device – If you issue company phones, you have the ability to remotely wipe the unit clean if it is lost or stolen. With employee’s personal devices, do you still have that ability. If not, your data is at risk.
2. Software updates – Is the employee responsible for updating all the software and virus protection programs on their own devices? If that responsibility transfers to them, you are at the mercy of their willingness to keep track of such tedious tasks. If you accept responsibility for it, do you have the in-house staff to handle all the extra work?
3. Back ups – with data being entered on many different devices, something must be done to ensure back up procedures are routinely followed.

In short, BYOD is probably an unavoidable approach to device management. It is unrealistic to expect people to carry around 2 different phones or tablets 24/7. But BYOD means extra work for the in-house staff of a small business. To learn more about these risks and a more affordable, comprehensive approach to BYOD Management, see our e-guide “Now you see it, There IT…Stays”.

Disaster Recovery Plans: Do You Have One?

Disaster recovery and business continuity plans are issues that almost all small businesses fail to think about. More frequently, they decide they haven’t the resources to address such “unthinkables.”

If your business was down for 1-2 days or more, what costs would you incur?

1. Lost revenues and lost productivity. These are obvious. You won’t make the money that you would have if you remained open. This is especially true if you provide a service. Services are inherently tied to time, and time cannot be re-created. Sure, you can work extra hours next week, but it won’t be a service provided at the time it was expected. However, even if you provide a product that can be purchased next week instead of today, a customer didn’t get it when they most wanted or needed it.

   There are other far more serious consequences of business downtime than just unsold goods and services. There are the intangibles that can’t be so easily measured but have long-term consequences.

2. Helping the competition – You give your competition a real edge. Present clients and potential ones may go to a competitor while you are down. Not all will return. Your competitors now have ammunition against you to use in sales pitches.
3. Employee frustration – Employees will carry the burden of the extra hours and stress of helping get things back together. That can lead to a lot of frustration, which, if things don’t get back to normal quickly, can damage long-term productivity. Most importantly, it can damage the respect they have for management (that means you). In general, they will recognize that you didn’t have the foresight and wisdom to anticipate the need to create disaster recovery and continuity plans. How can that not damage their trust and support for the company and you?
4. Negative brand reputation –Your customers will also wonder how you couldn’t have cared enough to make plans to handle trouble. Think of the negative way a customer sees it. The event suggests a company that doesn’t think ahead. A client is not “off base” to feel angry that you didn’t care enough to make plans to support him if a disaster hit. Also, if you can’t handle disasters well, what else aren’t you handling properly?

These are just a few of the reasons everyone needs to consider disaster recovery. To learn more, see our e-guide “Staying Alive: The Definitive Guide to Business Continuity and Disaster Recovery for Small Businesses”.

Outsourcing? Really. It’s OK: How it can save time and money

Almost by definition, small business owners and entrepreneurs cringe at the concept of outsourcing. Those who start their own companies like the control and autonomy it provides them. Unfortunately, that preference for control and autonomy may have some bad side effects when it comes to IT.

Small business don’t have the resources to fully support all of their IT infrastructure needs. The present in-house staff is most likely very busy putting out day-to-day fires. One statistic suggests 65% of IT budgets go to nothing more than keeping the lights on. In short, staff is busy making sure the printer works or reloading a PC infected by a virus after an employee fell for a phishing email. This means that small firm’s expenditures on IT are not improving operational, efficiency, or enhancing productivity or competitiveness.

There is an alternative. Managed Service Providers are outside consultants you can bring in to handle the day-to-day tasks, so your own IT resources can be used more productively.

How might an MSP supplement your IT efforts?

• 24/7 operations center – Small businesses can benefit from, but simply cannot afford 24/7 internal monitoring of their IT infrastructure. Many of the issues that become costly business disruptions, such as hardware, software, and applications failures are completely preventable if they’re detected and addressed early enough. It is a reality that your systems run 24/7, but you can’t support a 24/7 IT staff. A MSP, however, can use economies of scale to provide around the clock monitoring of your IT operations.
• Disaster recovery and business continuity plans – Small businesses have limited resources, so if there were to be a serious business interruption or data loss, they could be completely out of luck. However, risk assessments and continuity plans are likely outside of a small business owners field of expertise. A MSP can be brought in to design a complete solution.

These are just 2 ways that a small business owner can benefit from passing along IT support to an outside source. In both cases, small business owners don’t lose any control of the key parts of the business operation. Instead, the distractions of IT support are moved along to an expert, while the entrepreneur focuses on what she does best: running her business. We’ll talk in another blog about other benefits of outsourcing IT, but in the meantime, see our e-guide “Outsourcing Isn’t a Dirty Word: Meet Managed Services, Your IT Team’s New Best Friend – Managed Services”.

What is the Cloud: A Simple Analogy

You use the cloud and don’t even know it. Do you go to Amazon and create a wishlist? Do you have an email account on Yahoo? That is cloud computing. All your emails are stored on Yahoo servers somewhere. They are on physical servers, of course, but they aren’t on your laptop. The advantage is that when you spill your coffee onto the laptop keyboard, you haven’t lost all your emails even if you never backed up your hard drive. (If you haven’t, shame on you, by the way.)

Here is a simple analogy to explain how the cloud works and why it might be a very useful part of your business model. Picture the small, very cramped office space of a little start-up. You and a few coworkers sit in tight quarters with messy desktops buried in mounds of papers, files, and pizza boxes. There is absolutely no room for storage. (Throw the boxes out yourself. There are limits even to cloud technology) It will be a long time until you can afford a larger office space. Your building manager offers to rent you an empty file cabinet in the basement. Although the basement space is shared with other tenants, only you and your team have keys to this locked cabinet where you will store all those piles of paper. Your rent is relatively cheap compared to other tenants, since you’re only paying for the cabinet, and not the larger lockers they have leased.

Suddenly, those once covered desktops are clean, leaving space to work. More importantly, the papers are all nearby, each of you has a key, but they are safe from everyone else in the building or outside. They are also safe from spilled coffee and pizza crumbs. You’ve avoided the dramatic jump in fixed costs required to find bigger office space, when all you needed were several feet of filing cabinets. Even better, the money saved is put back into the core goal of providing a product or service to a customer.

The cloud does the same thing. You rent only the space you need, it is safer from hackers than your on-site server will ever be, secure from thieves, and protected from accident-prone employees. Unlike the rest of us, cloud service providers don’t have coffee cups near their keyboards or forget to do monthly backups. In short, the cloud provides scalable storage without large incremental leaps in fixed costs you really can’t afford.