All posts by Nicole Hlinovsky

5 Physical Security Measures You Can Take Now to Prevent Hacking

Many business owners are surprised to learn that a large portion of hacks are inside jobs. For example, disgruntled employees or suppliers, or a former employee with a grudge. Plus, some hacks are caused by one of your staff triggering or enabling an outside hack.

Here are five effective ways you can make “on premises” IT security improvements and decrease the odds you will be hacked by someone with physical access to your technology:

#1 Add a front desk sign-in log and a camera system. Plus restrict who can access your back room

Review your security access plan with your building and implement a sign-in process for visitors. Restrict who can access your offices, and take security measures to prevent someone from wandering into your backroom and having physical contact with your servers and technology. Your server room should be locked with a keycard that logs the people that have access and records the date and time of when they access the room.

#2 Analyze how you and your employees remotely access the data at your office

If the only protection against someone accessing your business’s proprietary data from this device is a simple password, it is time that you make significant improvements to the security of your data and how employees are granted remote access.

An option for businesses is implementing multifactor authentication (MFA). This is a security system that requires more than one method of authentication to verify the user’s identity when logging in. An example would be a text sent to the person’s mobile phone with a 6-digit pin number that also needs to be entered. The goal of MFA is to create a layered defense and make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network or database.

It is also a good idea to create separate share drives for more critical information and limit access to that data on a “need to know” basis. Instead of setting up access to these share drives by person, set up groups of people with specific access levels. This way, when people are moved to new roles or departments their access levels automatically follow the job description.

Periodically audit your remote access policy. Don’t make the mistake of becoming complacent with your security just because you have been without incident. If you are only using two-factor authentication for remote access, consider adding a third to increase protection.

#3 Create a phishing policy

Train employees on how to spot phishing scams and what to do when they think they might have been the recipient of one, or even worse… activated one.

Provide them with examples so that they get an idea of what phishing attempts look like. Give them a set of guidelines outlining what information they are able to disseminate and what information is proprietary. Make sure this policy is in writing and highly visible. Train all new hires on this policy immediately. Lastly, hire a security firm to proactively phish your employees. This proactive technique will give you a better idea of your risk level so you can supply additional training for the employees that click on the fake phishing email and require further guidance.

#4 Request a security plan from your IT provider

A skilled IT provider will provide your business with an adequate level of cyber security protection. They will be able to point out your weaknesses and areas of vulnerability. They can also provide you with helpful tools to train employees on how to protect sensitive data and not fall victim to cyber-crimes. Most IT providers have a handy checklist or short guide they provide to their clients.

#5 Conduct an all-staff security meeting and assemble a technology committee

Go over ways that you and your employees can collectively improve security. For example, if you see a USB that’s not yours, give it to IT, even if it has your company’s logo on it.

Take things one step further and assemble a technology committee. Provide employees with additional incentives to participate in this committee and take on an active role in conveying the importance of cyber security, enforcing security policies, and fostering discussions on ways to improve security.

4 Technology Solutions for Common Small Business Problems

 

Problem #1 Managing the front desk is a costly expense

You no longer need to pay a receptionist just to answer your landline during business hours. These days, small business owners are not tied to an office or computer in order to stay connected. Business owners are no longer required to sit at their desks all day managing dozens of calls. The traditional landline is no longer a vital lifeline for a business owner. Cell phones, VoIP, ​and virtual phone lines are providing business owners with ways to stay connected on the go. They no longer need to employ someone just to answer the phone and screen calls.

Problem #2 Your growth is restricted because you can’t leave your business’s physical location to travel

You no longer are forced to turn down meeting opportunities because of the high expenses of travel and time spent away from the office. You are no longer restricted to a local pool of applicants for an important position within your company. Thanks to teleconference services, you can conduct conference calls with a group of employees and/or clients at different locations at any time. There are many teleconference services available that give small business owners the ability to conduct teleconferences with multiple parties without needing special telephone or bridge line equipment. There are also a number of web conferencing tools that allow business owners to connect with employees or potential clients located all over the world.

Business owners can also take advantage of Collaborate on Word documents with real-time co-authoring. This allows a group to collaborate on a document, using real-time co-authoring to see everyone’s changes as they happen. Collaboration is a simple three step process: Save the document to OneDrive or SharePoint Online so others can work in it, invite people to edit it with you, and have your group open and work in the document in Word 2016, Word Online, or Word Android and you’ll see each other’s changes as soon as they’re made.

Problem #3 Your customer service is lackluster

You can make drastic improvements to your small business’s customer service thanks to technology. Take advantage of social media as a tool to reach out to existing customers and to attract new ones. Offer sales, promotions, and helpful information on popular social media sites to keep in contact with customers. Provide your customers with the opportunity to schedule appointments online at their convenience. Use online surveys and questionnaires to get customer feedback. Technology makes it easy to provide top notch customer service.

Problem #4 Your competitors have a much larger budget than you

Many small businesses have closed their doors simply because their competitors have more money to devote to business growth and development. Thanks to technology, small businesses have more opportunities to grow now than ever before. You can spend a relatively low amount of money to have a professional website built and maintained. You can also have an app developed to foster business growth. Technology gives smaller businesses many innovative opportunities to be successful.

Does Your Business Need Dedicated IT Support?

Don’t put off your business’s technological needs for another year. Take the time to analyze how you manage your current IT needs and use the questions below to decide if it is time you invest in dedicated IT support.

Are you wasting valuable time and resources trying to handle your own IT needs?

If you find that you are taking away time from core business development to perform routine IT tasks such as updating software or troubleshooting network problems, it is time to transfer all IT related jobs to a managed service provider to free up your time and resources. Spend your time and money doing what you do best and allow a professional to tackle IT responsibilities.

Is your business limited in its growth because substandard technology is holding it back?

Do you feel that with some technological improvements your business could see significant growth? Why limit your business to the equipment and technology you have on hand when a small investment could net your business much larger profits? Whether you need to upgrade some old equipment or outdated software or if you are interested in web and application development, a managed services provider can offer guidance on the next steps you should take towards making these improvements. Hire a professional to get the level of service your business deserves to ensure your technology is optimized to promote and handle growth.

Are you concerned your business continuity plan needs updating?

Having a business continuity plan in the event of a cyber attack or system failure is no longer enough to ensure your business’s survival. You need to have a plan, test this plan, evaluate your plan, and make routine updates and improvements. It is also imperative that you purchase and maintain the right backup appliance. A managed services provider will work with you to devise the strongest business continuity plan possible and help you invest in the right equipment to best serve your needs.

Does your business need to adhere to HIPAA regulations?

Whether you run a chiropractic office or process insurance claims, even small businesses must adhere to the HIPAA regulations governing the privacy of medical information. Violations of these regulations can result in heavy fines should a breach occur. Compliance officers can also audit your business and issue fines for violations. Many small practices readily admit they still have not achieved total compliance. If your small business must adhere to HIPAA regulations, you can not afford to take any chances with data security and storage. A professional can assist you in making sure you meet regulations and remain compliant.

Survey Shows Majority of Small Businesses Unconcerned About Cyber Attacks

Despite a spike in the number of small businesses targeted by hackers, a recent report published by Paychex concludes that most small business owners are not concerned about cybersecurity threats. Paychex, a provider of integrated human capital management for small to mid-sized businesses, found that an astonishing 68% of small business owners are not worried about their business being hacked. However, the National Cyber Security Alliance asserts that over 70% of cyber-attacks target small businesses, and that the cost of recovery can be enough to force a small business into bankruptcy.

The survey also disclosed that 90% of small business owners are at least somewhat confident that their business would be able to recover from a hack. Unfortunately, many small business owners find out the hard way that they should have invested more time and money into protecting their business against cyber-attacks. These business owners need to make a commitment to improving their cybersecurity efforts before becoming a victim.

Follow the tips below to improve cybersecurity:

#1 Consider hiring a managed service provider – Hiring a provider to handle your IT needs can save you money in the long run. You won’t have to waste your time and resources on managing security, storage, and other IT related tasks. Don’t try to cut corners when it comes to data protection and cybersecurity; the consequences can be catastrophic.

#2 Use strong passwords – Make sure that you are using strong passwords to protect accounts and train your employees on how to devise passwords that cannot easily be guessed. Also, do not use the same passwords that you use for personal accounts. Every account should have its own unique password. You could use a free tool like LastPass to help you organize this more complex but safer setup.

#3 Learn how to spot malicious emails – Learn how to spot phishing emails and train employees on how to determine whether or not an email is from a legitimate source.

#4 Manage how your employees are allowed to use personal devices for work related tasks – While you may need your employees to actively check emails from their personal devices, you will want to control what information your employees are allowed to access, store, and transmit on a personal device. Also make sure they do not store passwords on these devices. Every business should have an acceptable use policy as well as a mobile phone policy. If you don’t have one please consult your company attorney to help create them.

#5 Have a backup plan and test this plan – Practice makes perfect. When an attack occurs, being able to get your business back up and running as quickly as possible is essential to your survival. Have a comprehensive backup plan, invest in a strong backup appliance, and test your plan quarterly to ensure business continuity in the event of a hack or other system failure.

Pros and Cons of Storing Your Data in the Cloud

Data storage and security is a growing concern for many small business owners looking for a way to store larger amounts of data in a secure location. Small businesses are more frequently becoming the target of hackers and suffering catastrophic system failures, forcing their owners to actively seek out solutions when it comes to having adequate data storage and security. While utilizing a cloud based infrastructure can provide an excellent solution to data storage problems and is also advantageous during a system failure, cloud storage also raises new concerns about data security.

In order to make sure you meet the challenges the cloud creates for data protection, assess your individual needs. There are numerous options including public cloud, private cloud, and combinations of these options. The key to protecting your data is matching the data to the appropriate cloud architecture while weighing your business’s budget and risk tolerance.

What are the advantages of using cloud based storage?

Cloud storage providers can supply your business with more data storage than ever before. This is the digital age. Thousands of businesses give up the paper trail every day and convert their records and files to digital versions. Even owners of small businesses are being compelled to seek out solutions for storing larger amounts of data, and a cloud subscription is an ideal way to increase data storage.

The cloud also offers an unparalleled amount of flexibility in choosing how you store data. You can easily manage storage tiers and use low-cost storage options for data that doesn’t need accessibility. The cloud is also an effective storage location for data that needs high availability. A cloud based infrastructure can provide immediate recovery, in the event of a system failure, when it is set up to do so.

Lastly, you won’t need to manage your hardware if you move to the cloud. This will free up more of your time and resources to devote to developing your core business. Servers are large pieces of electronic equipment sitting around waiting to break. By moving to hosted services, you have the opportunity to pay a fair price to have someone else set up, maintain, secure, and support an online service, eliminating the need to own your own hardware and manage your own server software.

What are the challenges of using cloud based storage?

The primary challenge of utilizing cloud storage revolves around the security aspect of protecting data against unauthorized access and tampering. Most small business owners opt to store their data in a cloud which is physically located at an off-site location where resources are shared by other tenants. Although cloud vendors are paid to oversee physical security and certain other aspects of security, businesses retain the responsibility for establishing access controls and protecting their data. Subscribing to a service with advanced data encryption should lessen this threat.

The second challenge is how to integrate backup and recovery management of data in the cloud with that of data in the data center. In the event of a hack or system failure, it is imperative to get your business back up and running as soon as possible. Data that is stored in the cloud will need to be accessible to get your system back up and running as quickly as possible. Establish and practice a disaster recovery plan that automates the process of backing up to and recovering from data in the cloud, increasing reliability while speeding up the process.

Macbook air floating on a violent ocean with thunder

Is It Time to Update Your Disaster Recovery Plan?

How often should a business update their disaster recovery plan? Unfortunately, many misinformed business owners believe that developing a disaster recovery plan is a one-time task. This can be a costly and devastating lesson for businesses in the face of a real disaster. An efficient plan should be tested and updated on an annual basis at the very least. Testing and updating your plan quarterly is always best.

Creating a disaster recovery plan is not enough. You will need to test your plan and make sure your employees all know what steps need to be taken when a real disaster does occur. Assign each employee with a role and simulate a disaster. Have your staff carry out the steps of the recovery plan systematically. Evaluate the results of your testing and make any necessary changes or adjustments in areas where improvement is needed.

Cloud data will still need to be recovered in the event of a disaster. There are numerous advantages to having your data stored on the cloud. However, simply storing your data on the cloud doesn’t complete your disaster recovery plan. You will need to know how and where to recover the information stored there in the event of a disaster as quickly as possible.

Take the time to evaluate your plan and recovery priorities. As technology changes over time, the focus of your initial recovery efforts may also change. Make sure your list of business contacts and emergency contacts are up to date and have this list readily accessible. Prioritize which applications your business relies on the most so that they may be restored according to order of importance. Re-evaluate this list every time you update your plan. As technology changes and grows, your plan will need to be amended to your evolving needs.

How often you choose to test and update your plan can depend on several factors. Is your business run solely online? Is your customer’s information stored on the cloud? Do you run or rely on numerous applications? How often does your staff change? Businesses with a lot of new faces should take the time to make sure all employees learn the disaster recovery plan. This should be included as a standard protocol during the hiring and training process. Take these factors into account when scheduling disaster recovery plan testing and updating.

For a busy business owner, outsourcing their IT needs if often the best option for creating and maintaining a strong disaster recovery plan. It frees up valuable time and resources that should be used to focus on core business growth. A professional managed service provider will assist you in devising a comprehensive disaster recovery plan, testing this plan, and making necessary updates in a timely fashion. The risks of trying to handle your own IT security needs negate the costs associated with outsourcing. Don’t wait until it is too late to let a professional implement the right disaster recovery plan for your business.

What to Do Once You’ve Been Hacked

Last month, our CEO Brian Brammeier presented on hacking and what to do once you have been hacked. For a copy of this informative presentation in its entirety click here.

Some of the key takeaways from this presentation are:

How do you know if you’ve been hacked?

Understanding the various types of hackers and their goals will help you to better understand how you could become a victim of a hacking. Certain businesses, such as law firms, are becoming prime targets for hackers looking for sensitive data that is inadequately protected.

What are the most common types of hacks?

Hacking in its most basic form is privilege escalation; making the computer or device do something you are not supposed to be doing. Other types of techniques are keylogger attacks, denial of Service (DoS\DDoS), fake WAP, eavesdropping, phishing, viruses such as a Trojan etc., clickjacking attacks, cookie theft, bait and switch, and attacks by an employee.

What steps should you follow once you’ve been hacked?

Do you have a Hack Action Plan? Train your staff to follow a step by step Hack Action Plan to identify an attack and to get back to business as usual as quickly as possible. These are the steps to implement in the event of a hack:

Step 1: Confirm the attack and check if your computers or networks have been compromised. Start by looking at your log files. Skilled hackers can cover their tracks and delete log files, you may notice your system behaving abnormally, find malicious files on your computer, or receive an extortion attempt.

Step 2: Contain the attack. When investigating security breaches, valuable “volatile data” is lost when systems are powered down, including RAM contents and active network connections. Consult a security expert to fully understand the options and ramifications when determining your initial response. Having backups are critical at this step.

Step 3: Understand and investigate the attack. You will need to find out how deep hackers penetrated your systems and networks and what was accessed, stolen or destroyed. It is also important to send your log files offsite.

Step 4: Report the attack. Depending upon the type of breach and level of risk, you may need to report the attack to the FBI. Money laundering, extortion or other forms of financial fraud must be reported immediately to the local authorities.

Step 5: Determine the cause. You must pinpoint how the attacker first penetrated your network. It is critical to find out if the hackers can still access your systems while you’re initiating recovery.

Step 6: Do you need to communicate the attack? Determine how you will communicate with affected employees, vendors, customers, and partners detailing the extent of the hack. Depending on the type of business you operate and the information that was compromised, you may be legally obligated to detail the hacking to those affected.

Step 7: Remediation. Develop a Business Continuity Plan (BCP) for increasing your IT security so you can identify and defend against future attacks.

Step 8: Proactive security protection. There is a quantifiable advantage and improved ROI on IT security budgets if you develop a plan for monitoring, investigating, and remediating. Prevention will come down to people, processes and technology all working together to keep you safe.

How can you protect your business from hackers?

The best offense is a good defense. Be proactive in prioritizing network and system security. Make sure that you consistently log files and routinely backup everything that is pertinent to your business off-site with proper encryption. It is also a good idea to periodically perform vulnerability and penetration testing.

What if I can’t afford to adequately protect my business from hackers?

The reality is that you cannot afford to ignore this threat. Many businesses that ignore the need to strengthen their security find out the hard way that they simply cannot recover after a hacking. They fail to anticipate the amount of downtime a hack can cause and they also underestimate what a security breach can do to their reputation.

Increased Demand for IT Automation Technology

Businesses are actively seeking out ways to implement IT automation technology to streamline processes, improve web application performance, provide consistency to customers, and to save money by replacing costly employees with technology.

The latest IT technology in automation offers many tools and processes providing businesses with measurable results. Automated phone and web services provide customer service immediately, automatically, and without the need for human supervision. Auto scaling of servers improve the performance of web applications during peak usage.

Why invest in IT automation?

While the initial costs of switching over to automation may seem high, savvy business owners see how much money they will save over time. Instead of paying employees to perform tasks, they can invest in this technology and not have to spend any more money. Employees need training, they take sick days, they can only work so many hours a week, and they can have bad days and take out their frustrations on customers. On the other hand, automation software is programmed to provide continuous and consistent support around the clock. Once the software is programmed and tested it is ready to be used and will only require minimal maintenance such as the occasional update.

What IT automation technology is in hot demand?

Auto scaling of servers – Auto scaling is a cloud computing feature that allows users to automatically scale cloud services, such as server capacities, up or down, depending on defined situations. Cloud computing providers, such as Amazon Web Services (AWS), offer this feature to improve web applications. Auto scaling also ensures that new instances are increased during peak demand and decreased during demand drops, providing consistent performance for lower costs.

Cloud service providers such as AWS are offering this feature as a response to the unpredictable demand for cloud capabilities often brought on by higher than anticipated traffic levels from successful campaigns. Auto Scaling through AWS helps ensure that the correct number of Amazon EC2 instances are available to handle the load for a user’s application.

Chatbots – Many online companies are using chatbots to field online conversations, instead of employing human agents to handle questions, comments, and concerns in chat format. Chatbots use a combination of natural language processing and machine learning algorithms to mimic human conversations, identify the needs of human callers, and provide other information to customers. In most cases, chatbots can provide customers a direct answer to their question or direct them to a human being or resource equipped to provide a solution.

Troubleshooting technicians – Many companies are also switching over to interactive troubleshooting technicians which can provide customers with a way to seek assistance with various problems. The techs may take the form of a massive digital content archive, which customers can search to find the answers to their questions, or utilize a secondary question-and-answer-style format relying on a chatbot for further direction. These automated techs help customers solve problems and answer questions without the need for human assistance, which reduces customer service staff time to address them.

AI; Working with Virtual Assistants

During the past year, the capabilities and usage of virtual assistants has grown exponentially. New products and advanced technology are being introduced into the market at a record pace. An online poll conducted in May 2017 found the most widely used assistants in the U.S. were Apple’s Siri (34%), Google Assistant (19%), Amazon Alexa (6%), and Microsoft Cortana (4%).

How do virtual assistants work?

Virtual assistants use natural language processing (NLP) to match the user’s text or voice input to executable commands. The most popular assistants are programmed to continually learn using artificial intelligence techniques such as machine learning, which basically is a method of teaching computers to make and improve predictions or behaviors based on data.

Some devices are activated by the touch of a button, such as Siri, while others are programmed to activate using a wake word voice prompt. This is a word or groups of words such as “Alexa” or “OK Google”.

What do most people use their virtual assistants to do?

The most common requests of these assistants are: to provide information such as weather, facts from websites such as Wikipedia or IMDB, set an alarm, or make to-do lists and shopping lists. They are also used to play music and videos, read audiobooks, and make online purchases.

What does the future hold for virtual assistants?

As more people become reliant on the assistance offered by technology, the presence of virtual assistants will continue to grow. Expect more products to hit the market that provide voice activated assistance such as Alexa along with the increasing presence of mobile applications that provide virtual assistance through smart devices, and software that provides assistance through your pc.

Facebook’s M has recently become available to hundreds of millions of users on Facebook Messenger. In its initial rollout phase, suggestions from M center around just a few limited features such as: stickers, payments, location, making plans, polls and getting a ride. The original idea behind M is that users could ask it to do pretty much anything — book flights, make changes to subscription cable service, and even find a plumber.

M uses chat bots so that users don’t have to leave the Facebook App and open another app to perform a task. For instance, if you want to book a ride with Uber you can ask the chat bot to simply message Uber and ask for a ride opposed to leaving M and having to open the Uber App. Chat bots are computer programs that mimic conversation with people using artificial intelligence. These bots are basically replacing individual apps. M has been engineered to interpret a user’s preferences or style of conversation and to make suggestions based upon their typical user habits. Chat bots simplify tasks by performing several functions for the user while staying within one app.

Live Event: Brian Brammeier, HigherGround’s CEO Presents the Hack Action Plan

If your organization were hacked and its critical data held for ransom, would you know how to respond? No system is completely impenetrable to determined hackers, which is why every organization needs to be prepared with a Hack Action Plan.

Join HigherGround Managed Services CEO Brian Brammeier and the Chicago Bar Association for “You’ve Been Hacked! Now What?” from noon to 1:30 p.m. on Wednesday, October 11. Brammeier will guide you through the creation of a Hack Action Plan, including a process for mitigating the impact of a data breach and how to determine your firm’s overall risk map, along with some easy and low-cost action items that will make your organization a less attractive target in the first place.

This is a hybrid live/online event. Participants may choose to attend in person at the Chicago Bar Association, 321 S. Plymouth Court in Chicago, or via an interactive web portal. Advance registration is required.

Click here to register for in-person participation.
Click here to register for the virtual participation option.