If you watch technology news, you might notice that there is one day out of every month that gets a lot of attention from the technology sector, and that day is what is called Patch Tuesday. This is the day each month when Microsoft issues all of their patches and security updates, and it’s important to know when this day falls each month—at least, for your IT team it is.
At first glance, cybersecurity might seem incredibly complicated and difficult to understand, but even a baseline understanding of some of the principles of cybersecurity can go a long way toward protecting your business. Let’s discuss some of the common-sense ways you can keep your business secure, even if you don’t have an internal IT department to ask for help from.
We’re not shy about sharing how important it is for a business to have comprehensive cybersecurity throughout its entire infrastructure. That’s why we wanted to share what some recent data has shown about the importance of having visibility into your infrastructure.
Spoiler alert: it’s really, really important.
Data backup is a critical process that every business that depends on their IT needs to have. If data is the lifeblood of your business, then you need to protect it. Your business most assuredly has data that, if lost, would put you back. Why risk it when a solution for this problem is a simple fix? You need data backup.
We figured it would be most appropriate to discuss the no-go option first, which would be to start monitoring your employees without their knowledge or consent. As you would imagine, this is the shadier side of the monitoring spectrum, and is actually illegal in most cases. Unless you have reason to believe an employee is actively acting out and are investigating them, you are not allowed to use monitoring software to keep an eye on your team without telling them.
You’ve got better things to do than organizing and prioritizing your emails manually. Granted, you’ll still need to respond to important emails, but most email clients have everything you need to set up a system that automatically parses and sorts emails based on a whole slew of different factors. It will take a little time, and likely a few rounds of adjustments to get your inbox to work the way you want it to, but we’re going to show you the tools that will help get you there.
By knowing the value of the data you hold, you will be able to properly prioritize how to protect it. Since IT experts have to create cybersecurity strategies based on how much harm can be done to your operational integrity and reputation, it’s good practice to know what assets hackers would be after if they were to breach your network defenses.
It’s true that there are a lot of businesses that rely on their workforce to show up every day. Many of these businesses were forced to shut down or operate at limited capacity during the pandemic but are just now getting up to speed. Outside of operations, there are a lot of administrative uses of technology, some of which involve protecting employee and customer information. Let’s get into some of the strategies that businesses can use to get the most out of their workforce at this time.
Your business’ backup can be viewed as an insurance policy, but if it isn’t secured, it could be just another piece of a string of errors that takes your business down. In order for your backup to be a reliable contingency, you need to protect it. In order to do that, we suggest using the 3-2-1 rule as a base. That is: three copies of your data, with two being stored and attached to your network, and one saved offsite.
The average employee comes to work and produces. This isn’t a problem until their lack of awareness of other matters hurts the company. Often met with “that isn’t my job”, it has to be explained that security concerns are a part of their job. Employees often can’t see how it is their responsibility, but since 90 percent of data breaches happen because of user negligence, it has to be explained that it could put the entire business in peril. Their cybersecurity efforts can literally save their jobs.
For such an… eventful… year, it started off with little anticipation of the events to come. Businesses had ample time to plan their 2020 technology budgets, but most (if not all) of these budgets were postponed (if not thrown out the proverbial window) with the spread of COVID-19.
Basically, your documentation should be a complete inventory of all the technology you have, first divided between your hardware and software solutions.
The COVID-19 pandemic is the first time many of us have had to deal with this level of threat, and now that businesses start to re-open in an attempt to stagnate a recessionary dive in the economy, there is a lot of ground to cover. Today, we go through the considerations you need to make, and the actions you need to take, to keep your business clear of COVID-19, and what steps to take if the virus makes its way into your business.
To put it bluntly, diversion. With so much attention rightly given to COVID-19 right now, there are many who are remaining in their homes as much as possible to try and prevent the pathogen from propagating. This approach makes the Internet even more important to so many people. Not only are many businesses operating remotely, many rely on support services and other online functions for their in-house processes. Otherwise, people who cannot work remotely are seeking ways to pass the time, turning to social media and other online services for that.
First on our list is the oldest kind of business security, the (sometimes literal) gun behind the counter that helps to dissuade potential attacks. It is only too easy to overlook the fact that data theft can be as simple as someone taking a hard drive, rather than hacking into it. Of course, we aren’t suggesting that all businesses should have an arsenal at the ready. Instead, technology provides assorted alternatives that should be implemented to deter attempted intrusion.
For this week’s tip, we’ll dig into this exact question.
Here’s the thing: with stay-at-home orders and other measures being put into place across the country, a lot of people aren’t as mobile as they once were. As a result, the mobile devices that would travel with them back and forth to the office have effectively become temporary desktops in their homes… and as such, are spending more time plugged in than not.
Let’s face it, your business’ cybersecurity starts and ends with your staff. They need simple, practical directions to follow or they simply won’t pay any mind to it. You don’t want to be the business that deals with significant turnover because security tasks are so demanding that their employees would rather work elsewhere. You will want to take the time to go through every part of your IT and brainstorm potential problems. You will address situations such as:
The first thing that you need to consider is that this thing won’t last forever. Most businesses, if they had no contingencies in place, or if they were forced to close by mandate, probably have been burning through cash for the past month. Those that haven’t are fortunate. Small business owners need to stay proactive during this period, altering their company’s remote work strategies if need be, and searching for low-interest loans to get them through this difficult process. Let’s get into some of the most useful tips on how to get your business through this disaster.
Imagine trying to access your computer (or your network as a whole), only to find yourself locked out and presented with a demand for payment in exchange for your files to be decrypted. This is precisely the scenario that ransomware puts its victims into, usually with a deadline to pay up under threat of the destruction of the encrypted files. If you’ve heard about Cryptolocker, WannaCry, or Petya, they are what we are referring to.
In 2019, a business was infected with ransomware once every 15 seconds, racking up a total of $11.5 million in total losses. Spam and phishing attacks were responsible for infecting 66 percent of affected companies, and in 2017, almost half of companies surveyed were affected by ransomware.
Denial of Service (DoS) attacks, and their more-popular offshoot, Distributed Denial of Service attacks are the most common form of cyberattack. Using automation, an attacker has resources batter a target with the aim of taking it down. The rise in Internet of Things-enabled devices now allows an attacker to take over these devices and turn them against a single webpage. Naturally, this takes the website down.
The biggest DDoS attack on record happened on March 5, 2018, but was fortunately unsuccessful in taking down the targeted ISP… despite clocking in at 1.7 TB/s. On average, one of these attacks costs somewhere between $20K-to-$40K each hour, or in other terms, just under the average American worker’s annual salary. In the UK, businesses lost £1 billion to cybercrime in 2019.
A Man-in-the-Middle attack compromises any communications between a business and their contact. Any and all data can be interfered with, allowing cybercriminals to have their way with personal data, business correspondence, or financial data that is transmitted. It can be intercepted, altered, or redirected, potentially causing more problems than can be counted. The worst part: because Man-in-the-Middle attacks are relatively easy to carry out, they are rising in popularity on a daily basis. They are most commonly used to extract information, whether personal or professional, that otherwise wouldn’t be available. This includes things like login credentials, banking information, or payment card data.
Okay, that wasn’t the worst part. The worst part is that the majority of servers are still vulnerable. As in, 2016 saw 95 percent of HTTPS servers still at risk.
Believe it or not, phishing attacks are ranked as the biggest threat to businesses out there today. Phishing is a kind of social engineering where an attacker will reach out to the victim through some format, from email to instant messaging and beyond, in order to gain access to a secure system by fooling their victim into erroneously trusting them. While phishing emails have been around the block a few times, today’s attacks have grown to be quite sophisticated.
Many statistics surrounding phishing emails demonstrate how effective this relatively simple attack has proved to be. Phishing is involved in 93 percent of all social engineering attacks, and was directly responsible for 70 percent of government network breaches. In the last 12 months, 64 percent of organizations had first-hand experience with phishing, notably, 82 percent of manufacturers. The aforementioned ransomware relies on phishing for 21 percent of its delivery. As recently as 2016, 30 percent of phishing messages were opened.
Abbreviating a structure query language injection, an SQL injection attack does what it says on the box - it injects malicious code into a target’s SQL servers and feeds the database information back to the attackers. While this is another “golden oldie” of an attack, web-based applications that call for database access have given new life to SQL injection attacks and allowed attackers to extract very valuable info.
It should then come as no surprise that 65 percent of all web application attacks are performed through SQL injections. So, if your organization draws information from a database for an application, you could easily be victimized to a significant degree. Even gamers need to be concerned, as 12 billion out of 55 billion detected SQL attacks that Akamai security experts found were leveled at the gaming community.
If only these other attacks meant that attackers didn’t have time to try anything else, but unfortunately, that isn’t the case. Malware attacks still rank among both the worst, and most common, attacks against businesses. Of course, there are many types to consider, including:
There are many ways for malware to be introduced into a system. Again, phishing messages can be responsible, but many attackers will use something called “droppers.” Droppers are specialized programs that will install a virus after bypassing cybersecurity solutions. Since there is nothing inherently malicious about the dropper, protections usually don’t flag them.
Fortunately, there are ways to protect your business’ resources, network, and infrastructure from the millions of different versions of these attacks - and you need them, as your business is actively targeted by these attacks. To learn more about putting these protections into place, reach out to the professionals at Coleman Technologies by calling (604) 513-9428.
Regardless of your industry, who your business serves, or even where you operate, there are some universal changes that technology has brought to how the average small-to-medium-sized business functions. Methods of collaboration have shifted to digital formats, “coming to work” is no longer a prerequisite to working, and the filing cabinet has been rendered woefully obsolete by other, better options. Cloud solutions are a major contributor to this. I want you to take a moment and consider something: why were any of these changes made in the first place?
It is for the same reason that the assembly line process was adopted, or why we cook our food before eating it: it provides greater benefits than the old way. It is the same with business technology, and you will see this as a common theme throughout these tips. Don’t disqualify yourself from competing by removing your ability to do so.
Email is now the gold standard for business communications, for numerous reasons. While a small business might find it redundant to email an announcement, doing so can prove useful to their operations. For instance, let’s say Mary manages a small office with four or five employees. She could easily just announce an important message to the room, but what if James was at the dentist that day, or Rob had excused himself to the bathroom just before? What if Ellen had just connected for an important phone call?
Email provides an easy way for you to communicate with others in your workplace that ensures everyone gets the message, without disrupting operations too much.
While we’re on the subject, let’s consider Ellen for a moment. In the past, making a phone call would tie her to her desk, so any distractions in the office would be an unavoidable issue. Nowadays, there are many ways that Ellen could hypothetically remove herself from the situation while still fulfilling her responsibilities. For instance, a Voice over Internet Protocol solution could allow her to make and take calls from anywhere she could establish a connection, so she could presumably find a quieter area to work without sacrificing her ability to do so.
Other solutions also offer some form of mobility, assuming they are backed up with enough security. For instance, if James was unable to get to the office after his dental appointment, he could still work on his assigned tasks from home with the right cloud-based solutions. Again, this helps eliminate his reliance upon getting to the office in order to produce.
We’ve already touched upon how the cloud has shifted businesses, primarily focusing on how useful it is for hosting and storing data. However, this isn’t the only thing the cloud can do. Cloud technology enables today’s businesses to make use of tools that would ordinarily be out of reach. Yes, its storage capabilities can help make data more accessible to team members who need it, but it can also assist you in preserving your data in case of some disaster, give you access to computing resources that you couldn’t procure yourself, and provide you flexible access to your business applications.
A small business’ size once protected it from cybercrime, but nowadays, all businesses are fair game. In order to remain secure against these attacks, the right defenses need to be put in place. Things like firewalls, spam blockers, antivirus, and assorted other solutions help to reduce these risks. Additionally, any employee could potentially let in a significant threat, so all need to be educated on how to spot them, and the proper procedures to dealing with them.
Coleman Technologies is here to assist you in implementing these modern IT essentials, as well as maintaining them for you through our remote monitoring and access capabilities. To learn more about how else we can help your growing business, give us a call at (604) 513-9428.
Coleman Technologies has been serving the British Columbia area since 1999, providing IT Support such as technical helpdesk support, computer support and consulting to small and medium-sized businesses. Our experience has allowed us to build and develop the infrastructure needed to keep our prices affordable and our clients up and running.
20178 96 Avenue, C400
Langley, British Columbia V1M 0B2
Mon to Fri 7:00am to 5:00pm
