Sometimes it may seem like technology can be more problematic than beneficial. Knowing how to make technology work for your business’ needs is the first step to being more productive, secure, and accessible. Here are a few tips to assist you to success:
Put it in the owner’s name.
Here’s one thing you’re almost certainly doing wrong: You probably have other employees listed as owner or administrator of your technology. Stop that! Now! Employees come and go. Even long-time, trusted employees come and go, and certainly the tech contractor will go. When they go, they may control your technology or even take it hostage.
Sure, you can get your Office 365 account back from Microsoft, but it can take days. Make sure you are listed as the owner/administrator of your website, accounting system, document storage, email system, contact manager, social media accounts, email newsletter, and any other key business technology.
Learn how to use it.
Yes, you’re the business owner. And yes, you have more important things to do than to understand how the electronic shopping cart works on your website. But take time to learn the most important technology in your company, especially the technology that manages financial and personnel data. Learn how to use your payroll application, access your Quickbooks, use your telephone system, transfer funds in your accounts and block former employees from your document storage.
Keep passwords safe.
Duh. Lock passwords in your office safe or in another place where others can’t access them. Or try a password manager such as LastPass (www.lastpass.com ), Dashlane (www.dashlane.com ), StickyPassword (www.stickypassword.com ) – just make sure they have two-step authentication (so you have to be notified in your email or by text for verification).
Lock ex-employees out.
The day – no, the minute – that you decide to terminate someone, whether an employee or contractor, make sure they no longer have access to your data. Just as you wouldn’t let an ex-employee have keys to your office, don’t let them have keys to your technology.
Make sure you have access to all employees’ data.
If your top salesperson has been hoarding her customers’ and prospects’ info on her phone, you don’t want that company asset walking out the door with her if she leaves the company. Make sure employees store all key data and sources on company-owned technology, that you have access to their files, and that you know – or better yet, can bypass – private passwords.
These helpful tips were from usatoday.com.
It is your business. Take control of it by understanding how every aspect works and how it can work for you.
6 Ways to Protect Your Business’ Data
Having a predetermined plan can be the saving grace of a catastrophic data breach. The article from Bizjournals.com explains the top 6 ways to guard your business’ data. You can also call us for information on how we, at Citon, can design a personalized defense system to protect your data.
Protecting against a data breach:
Know what to look for. One important step in preventing a data breach is knowing what to look for to prevent a third party from intentionally compromising your data. Be on the lookout for these two things:
- Understand ransomware: An increasing number of stories demonstrate the threat of ransomware — the term used to describe malicious software that will lock your business’ data, offering to provide a password to unlock the data in return for payment of a ransom.
- Suspicious or unknown emails: If you receive an email from an unknown address, do not click on any attachments or linked information. Look at the email address of the sender carefully. Scammers can mimic email accounts to look as if you’re receiving email from Google®, Yahoo!®, TurboTax®, PayPal®, or even your business associate.
Backup data regularly. Backing up your customer data will put you ahead of the game when it comes to efforts by third parties to ransom your data back to you.
Encrypt your data. As simple as it sounds, taking efforts to encrypt your data can provide a significant shield from liability in several states.
Create a computer security policy – and enforce it. Require password protection on your business computers and require the password to be re-entered after a period of inactivity. Set up firewalls, install anti-virus software, and draft an employee policy that sets certain security and privacy standards when using company computers or technology. But remember, for these safeguards to be worthwhile, you must regularly update your programs, set up strong passwords and change them regularly, and enforce your company policies.
Keep data only as long as you need it. Small businesses often get into trouble by retaining credit card information and former customers’ information longer than necessary. Maintaining customer information longer than necessary increases your chances of becoming a target for a breach and widens your potential liability.
Prepare an incident response plan. Hackers and scammers are continuously becoming more sophisticated. Even if you take all the suggested precautions, your business could still be the victim of a data breach. An incident response plan is your game plan for dealing with a breach — how the breach should be handled, who will handle it, when counsel needs to be involved, who needs to be notified and what to say about it. Having an incident response plan in place can reduce the stress, and potentially some of the liability, of a data breach.
Contact us for more information on how to protect your business.
If you have had a data breach we have specialized tools to help mitigate the damage, and get your business back up and running fast.
Your next move:
How the Cloud can change your business.
Cloud storage isn’t just for large companies. It’s also not expensive or difficult to set up. The Cloud is low maintenance, secure, and takes up minimal to no space in your office. Curious to learn how it could benefit your business? Call us at (218) 720-4435
Why moving to the cloud makes sense
I’ve written before about how small businesses should think about optimizing cloud storage. For many small business owners, cloud solutions are a sensible and affordable early choice. In fact, many small businesses now opt for cloud storage right out of the gate, since there’s minimal upfront investment and few hardware or licensing costs.
The benefits of the cloud are numerous. For one thing, data storage requires no maintenance on your side, so you don’t need a large IT department. Hardware failure is also no longer a disaster, as the company’s data isn’t isolated to a physical server or scattered across a collection of laptops and hard drives. The cloud generally has built-in redundancy.
When starting out, most businesses make use of public clouds – hosted by a third party on servers that are shared with other clients – and this typically leads to some concerns. Not only do business owners worry about having to rely on a cloud host to keep data safe, but they also fear being at the mercy of service outages and performance degradation during peak hours. While these worries are not unfounded, there’s a tendency to overemphasize them. As long as you use a reputable provider, your data should be safe and accessible. Although there have been public cloud breaches and unexpected downtime, your data’s generally safer than it was sitting on a hard drive in your office. The main reason many businesses actually abandon the public cloud is that it stops meeting their needs in a cost-effective way.
Big thanks to Business.com providing this great article!
How to keep your small business data safe?
Here at CITON we share the importance and value of keeping your business’ data safe. Call to learn more from us about protecting with encryption, authentication, and data back up (218) 720-4435.
Data security or protection, put simply, is the procedure employed to ensure that your data cannot be corrupted or accessed illegally.
The idea behind securing your data is to protect your business’s data while ensuring that it stays private. Data includes all personal and business files that are stored in the database. The process of securing data generally follows these three steps:
- Encryption. For any data to be of any use, it has to be understandable on a human level. Encryption counters this by using a set of algorithms and mathematical schemes to scramble the information into an unreadable format. This encrypted text can only be decoded by someone who has the decryption key.
To take it up a notch, end-point full encryption is employed. It encrypts every last bit of data in your hard disk thus giving you a very high form of protection.
- Strong user Authentication. We encounter user authentication on a daily basis. Every time you try to login into your computer or social media account, you are required to go through a one-step verification process. One-step verification is weak and is easily hacked. A strong user authentication process will often involve multiple stages of verification making it very difficult to hack.
- Data Backup. You have to be prepared for when the worst happens. Securing your data will never give you 100% assurance. There is always the chance that there might be a loophole in the system which may include an inside job. That is why the process of securing data also includes a backup plan. The backup will ensure that although the information may be stolen, you can always restore it.
By now, you might be inclined to start securing your data; but why is it important to do so?
Someone could be accessing your information without your knowledge
In this internet technology-driven world, anything is possible. Industrial espionage is no longer a term that is relegated to spy films and large corporations; the threat of it happening to you is very real. Someone, probably a competitor, could be keeping track of your undertakings. This information could give them an edge. You might be playing clean, but that doesn’t mean that someone else does.
A trillion cyber-attacks were attempted during the past year
Dell reported that they helped prevent over 1 trillion hacks during the previous year. This figure is mind-boggling. You cannot possibly want to put your business at risk knowing that you could get attacked at any time.
The financial implications of a data breach
The costs of cleaning up and recovering your data after an attack are very high. The cost of setting up a data security system pales in comparison with that of picking up the pieces after being subjected to cyber-crime.
Credit to the Business Blog Hub for sharing great information on cyber security.
NOW IN THE WILD: Super Ransomware can survive almost anything
Backup your data, this one’s nasty
This thing is a nightmare that escaped into daylight. The Russian GRU—aka Fancy Bear—probably was riveted reading the Wikileaks CIA Vault 7 UEFI Rootkit docs and built one of these motherboard-killers of their own, apparently weaponizing the existing LoJack commercial code to speed up the job.
This rootkit survives a reformat and OS reinstall—and even a hard-disk swap—because it lives in the system’s flash RAM. The only way to get rid of this infection means going in and over-writing the machine’s flash storage, not something for the faint of heart, provided you can even get hold of the right code. Imagine this monster being propagated with a 0-day worm like WannaCry. It gives you the shivers, right on time for Halloween.
What the Heck Is UEFI?
Remember BIOS? It got replaced with UEFI, which stands for Unified Extensible Firmware Interface. UEFI is a specification for the interface between a computer’s firmware and its operating system. The interface controls booting the operating system and runs pre-boot apps.
This rootkit attack compromises the machine’s UEFI. By re-writing it, the malware can persist inside the computer’s flash memory, and that is why it survives “Nuke From Orbit” (that clip never gets old) and even hard disk swaps.
The last few years, the hardware community has introduced measures that do make it very hard for someone to make unauthorized changes at the firmware level. One example is Secure Boot, a mechanism that ensures only securely signed firmware and software can be booted up and run on a system.
Controls like Secure Boot are why InfoSec pros up to now generally considered UEFI rootkits as something more hypothetical, and that only state-sponsored actors are able to develop and use.
However, now that this spectre is out of the bottle, you can expect more UEFI rootkits rearing their ugly heads, possibly having advanced features like signature verification bypass.
Who Discovered This?
Security Firm ESET blogged about it a few days ago. They said: “UEFI rootkits are widely viewed as extremely dangerous tools for implementing cyber attacks. No UEFI rootkit has ever been detected in the wild – until we discovered a campaign by that successfully deployed a malicious UEFI module on a victim’s system.”
ESET’s analysis shows that Fancy Bear used a kernel driver bundled with a legitimate and freely available utility called RWEverything to install the UEFI rootkit. The driver can be used to access a computer’s UEFI/BIOS settings and gather information on almost all low-level settings on it.
Here Are Two Things to Do About It
- Alexis Dorais-Joncas, security intelligence team lead at ESET said: “Organizations should review the Secure Boot configuration on [all] their hardware and make sure they are configured properly to prevent unauthorized access to the firmware memory. They also need to think about controls for detecting malware at the UEFI/BIOS level.” You can say that again. They have a PDF that explains the problem in detail, and note that only modern chipsets support Secure Boot. The infection was running on an older chipset.
- The black hats behind this are known for their recent headlines about major, high profile attacks. For instance, the US Department of Justice named the group as being responsible for the Democratic National Committee (DNC) hack just before the US 2016 elections. So, these guys are not leaving Russia anytime soon, they probably have the indictment framed on their wall as a reminder.
That leaves spear phishing as their go-to strategy to penetrate targets. So, this is another excellent reason to step your users through new-school security awareness training, because social engineering is how these bad guys get into your network. Here is the updated KnowBe4 Blog post with all the links. Oh, and tell your friends:
Information provided by our partners at KnowBe4.
KnowBe4 provides security awareness training and information on how to best avoid ransomware attacks.
Email us at firstname.lastname@example.org for, you know, information on how this can help protect your business