Category Archives: Uncategorized

Tips for Preventing Fraud in Your Small Business

As a small business owner, fraud prevention may be at the bottom of the barrel when it comes to your actionable priorities. It should, however, be at the top.

The ACFE, or Association of Certified Fraud Examiners, reported that in 2016, organizations with fewer than 100 employees experienced a median fraud loss of $150,000. Imagine that loss to your bottom line.

There is some silver lining here, which is that there are a few easy steps that small businesses can take in order to detect and deter fraud before it happens to your small business.

The Most Prevalent Types of Fraud

Fraud comes in many shapes and sizes, it’s not one size fits all, which is why it can be difficult to manage and assess. To simplify things, start with examining your relationships with employees on the inside and vendors on the outside. Even if someone may seem to be the most trusted and loyal individual to the organization, this person could be in financial trouble or he or she can be resentful of the business. These stress factors can be the cause of someone committing fraud against your organization. Or, it could be a trusted vendor or supplier that is sending your company inferior products to reduce expenditures and/or misrepresenting themselves and the invoice.

There is also fraud of intellectual property and trade secrets, which can be a more complex type of fraud. Regardless, it is very serious indeed. Copyright infringement can cause major damage to your business, including your brand and your reputation, making recovery a very long to almost impossible process.

Despite that there are many types of lingering fraud, there are simple ways you can make your small business safer and it doesn’t need to cost a lot either. It comes down to reducing risk.

Investigate Your People Before You Hire Them

While background checks may seem like an unnecessary additional cost, it can save you a lot in the future. It is imperative you investigate candidates no matter how nice he or she seems. Run a criminal background check and reach out to references. Even get on the phone and call the candidate’s references (or, better yet, others you might know at that company.) A quick sweep of a person’s background can uncover a history of fraud or red flags, giving your small business the intel needed so that you know not to bring this person onboard, or be forewarned of potential issues.

Open Communications and an Open Door

Communication is also critical to preventing fraud. Employees that are not management may notice things that leadership cannot see. Employees should feel comfortable and safe speaking up and voicing their concerns. Your people need be able to feel like they can bring up anything suspicious to management and leadership. For employees that may be encountering financial hardship, some small businesses have an added benefit of offering small loan services. These are paid back through payroll deductions and an alternative to stealing.

>> Tip: Watch for people who refuse to take vacations, that is, who are concerned that others have access to their files and processes. 

A Clear Fraud Policy Statement for Employees

While you may feel that fraud is against company policy and that it is common sense amongst staff, it still needs be stated.

There should be a contract in place, one that all employees must sign. Your small business needs to put your expectations in writing. Include a statement that your organization values honesty in its brand and its employees. Also, be clear about the consequences – and enforcement policies – should an employee commit fraud.

Investigate Your Vendors and Suppliers

If you are looking to do business with a vendor, keep in mind that the supplier you choose is just as critical to your organization as your own people are. They are an extension of your brand. Run a sweep of any vendor and look for potential red flags. Some things to look for are irregular invoice patterns, pending lawsuits and even a criminal past.

Safeguard Your Small Business’s Intellectual Property

Common targets of potential fraud include stealing copyrights, trademarks, patents and contact lists.  Add this as part of your Fraud Prevention Policy. Add a section regarding intellectual property (IP) and make sure that your employees are aware of it. You should consider registering any trademarks and patenting any intellectual property.

A good first step here is to actually create a list of your intellectual property and what is most important for you to protect. Then creating a plan, such as limiting and tracking access, to mitigate the risk of IP theft.

What is NIST and Why Small Business Owners Should Care

To begin, NIST is the National Institute of Standards and Technology. NIST is a non-regulatory federal agency that was founded in 1901 and it is under the Department of Commerce. Their mission is to promote U.S. innovation and industrial competitiveness. They achieve this by advancing measurement science, standards and technology in ways that enhance economic security while also improving quality of life.

In general, NIST provides guidance, setting a standard for recommended security controls. Often, complying with NIST guidelines and recommendations means that a federal agency is ensuring compliance with other regulations like HIPAA, FISMA, or SOX.

NIST Small Business Cybersecurity ACT S.770

In August 2018, a new act was signed, the NIST Small Business Cybersecurity Act S.770. The NIST Cyber Security Framework or CSF was originally developed as a set of cybersecurity standards for government agencies to use. Now, as a result of the new act, NIST CSF, formerly known as the MAIN STREET Cybersecurity Act, is available to public use. US compliance regulations such as PCI and HIPAA are formed based on the NIST Cyber Security Framework or CSF.

NIST CSF provides a policy framework. It provides computer security guidance for how U.S. private sector organizations can assess and improve their ability to prevent, detect and respond to today’s rapid growth of cyberattacks.

The new bill has a goal of considering the needs of small business owners like yours and future standards. It raises awareness as small businesses are very much affected by cyber threats and will greatly reduce their cyber risks.

Providing Cyber Defense Resources

NIST CSF will provide information resources that must be generally applicable to a wide array of small businesses. They will promote cybersecurity awareness and a workplace cybersecurity culture. They will include practical application strategies.

Keep in mind that using these resources is voluntary (which is also considered a drawback), but also take in to consideration that the act was well-received by the security industry.

Cybersecurity Continues to be a Grave Concern for Small Businesses Entering 2019

The technology community can agree that 2018 was quite an interesting year for anything related to cyber security. Cyber breaches became a common, weekly occurrence.

As times have changed and cyber security has risen on the charts to become such a great risk for today’s small businesses, there will need to be some improvements made in the new year regarding cyber security regulations. The difficulty with new regulations is speed. Cyber security moves much, much faster than regulations do.

Speed and the constantly evolving nature of cyber threats means that organizations need people with security skills, either in-house and full-time or an outsourced partner. Outsourcing is becoming an easier solution as there is a global shortage of cyber security skills and talent. The demand far outweighs the supply in this case.

Education is Essential for Success

NIST is there to help your small business and so is the option to outsource your cyber security needs with a reputable firm. Additionally, the best defense is a good offense and that means educating and training your people. Creating custom, tailored training programs is key to success and staying cyber safe.

3 Predictions and 3 Tips for Small Business Cyber Security in 2019

Although 2019 brings a world of possibilities, the new year also brings more intense cyber security threats.  Cyber security threats are indeed on the rise and they are a tremendous concern for small businesses.

Looking back at 2018, numerous well-known, name-brand organizations, as well as international companies, suffered from significant cyber breaches.

Personal records were stolen in masses, such as:

  • 340 million from Exactis
  • 150 million from Under Armour myfitnesspal
  • 30 million from Facebook

Many experts feel that this is likely just the beginning and that cybercriminals will continue to evolve and get craftier. There are many predictions for what lies ahead.

Prediction 1: Cyber Attackers Will Leverage Artificial Intelligence (AI)

For 2019, it will be more than just cyber attackers going after AI systems. Today, they will enlist artificial intelligence to help them attack. Automated systems could probe systems and networks. They will search for vulnerabilities and exploit them where possible. AI will also have the capability to make phishing scams even more sophisticated.

Prediction 2: 5G Expanding Will Expand the Cyber Attackers Surface Area

While 5G has been the focus of smart phones, 5G-capable phones may be limited in 2019. In the meantime, carriers are trying to gain more traction with 5G mobile hotspots and 5G-equipped routers for use at home.

Making the shift to 5G means new architectures and new operational models which also means new vulnerabilities. Currently, many 5G IoT devices connect via Wi-Fi and over time, more will connect directly to the 5G network, which may lead to vulnerabilities in a direct attack. 

Prediction 3: Data in Transit Cyber Attacks Will Increase

It is expected that there may be an increase with attempts to attain access to home routers as well as other IoT hubs to steal data passing through them. If malware was installed in a router such as the afore mentioned, it could essentially capture information such as banking credentials and credit card numbers.

While the 2019 cyber attackers continue to evolve and find new ways of attacking, there are still current methods that are used to stay safe and these are ones that you should continue to use.

Tip 1: Use Multi-Factor Authentication for Online Transactions

While the various forms of multi-factor authentication can frustrate and confuse users, your organization should use it. It may not seem like it is the best solution, however it is much, much safer than password-only access. For users that may not appreciate the extra step, consider adding a line or verbiage reminding them that it is there for cyber safety purposes and not meant to be a nuisance.

Tip 2: Train Your People to Avoid Phishing Scams

While certainly not new to 2019, phishing scams continue to take a make a huge splash with affecting cyber security. In fact, the volume continues to increase. In general, your employees need to be cautious about giving out financial information over the Internet.

Phishers commonly will email heartbreaking or exciting news which of course is completely NOT TRUE. They will attempt to have the victim send personal information such as social security numbers, usernames, passwords, credit card numbers and more. Train your employees to only send account information or credit card numbers through either a secure website or via the telephone. Don’t transmit sensitive information via public, unsecured WiFi.

Tip 3: Keep the Leaders at Your Organization Involved and Informed

It is likely that in 2019, your organization will need to beef up its budget when it comes to cybersecurity intelligence and analytics. As cyber attackers can cause detrimental harm to how your organization runs its business, it is not an area of the business to skimp on when it comes to making investments. Your leadership must be well-aware of what is necessary to keep your business cyber safe, how much it will cost, and the consequences of not taking such recommended measures.

Plan for Change

For your company to survive, let alone thrive, you need to be able to adapt to change. Your technology and your IT provider must be more than just up-to-date, but also, they must be versatile to prepare and react to change, especially unwelcomed change.

Positive and negative change always happens with technology. As new technology is introduced, so are new problems and threats, such as security breaches, fraud, Acts of God and more.  Furthermore, employees who leave the organization can be a major security issue. It is the IT department’s responsibility to revoke system access including computer, network and data.

Regardlessof the impending issue, you need to prepare ahead of time to mitigate risk. Inshort: this means having a plan in place that can get your business back up andoperating as usual.

>> The data is not comforting: 40 percent of businesses do not reopen after a disaster. 90 percent of businesses that undertake a data center outage greater than a week will go out of business within the year.

A Disaster Recovery Plan

Every small to mid-sized business needs a documented, well-written disaster recovery plan and, certainly, before the disaster occurs.  You will also need to consider your geographical area and if there are natural disasters that may occur in your region that can affect your ability to operate your business. Take note of the warning systems available for these potential occurrences and include that in your plan.

Select a “recovery team.” Assign roles and meet with designated employees to discuss their set of responsibilities in case of a disaster. And make sure these roles updated. Often business continuity plans (BCPs) include the names of people who are no longer at the company.

In any disaster, a plan of communication is crucial. Your company can create a “communication tree.” Be sure to store copies of the tree both in your place of business and outside your place of business – and make sure the relevant teams have access to the parts (and only the parts) they need.  The plan should include more than one communication method. Be sure to include phone calls, emails, texting and even battery operated walkie-talkies.

When creating your company’s disaster recovery communication tree, include vendors as well, like your insurance provider, electrician and a plumber. And, of course, your IT provider. Create a list of customers and media contacts as well.

In case of a disaster or critical threat, the show must go on as they say. Identify critical functions as part of your plan. Look at each team or business function and assign a level of priority, from mission-critical to low. Additionally, determine how much downtime would be appropriate or acceptable for each function. Ask the question: how long can the business operate without each function?

Protect Your Company’s Data in Case of a Disaster

Every business, regardless of size, needs a BDR, or data backup and disaster recovery system. BDR’s not only protect your organization from natural disasters but cyber-attacks as well. In case of a catastrophe, a BDR ensures that data is not wiped out and minimizes downtime. Keeping your company’s data protected is critical for its success.

Once you have proper backup of your systems and data, have your IT team test it from time to time. A few fire drills per year to find potential errors or pitfalls is better uncovered before a disaster happens versus after it has occurred, with no turning back.

As a part of your data, your company should have details on the organization’s equipment. This includes, in addition to a detailed list, photos or a video recording of equipment. In case of a disaster, your company will need to provide records to the insurance to process claims. Photos and video will service well as proof.

2FA or MFA – That is the Question

Keeping your company cybersafe and training your people to follow suit is a bit unnerving for a small to mid-sized business. The good news is that there are ways to simplify portions of cybersecurity that will make a world of difference for your IT folks.

Asking your employees to make long, complicated passwords that “cannot be guessed” is no longer the best way to safeguard your data.

In today’s digital business world, a great defensive method to stay clear of potential cyber threats and cybercrimes is with two-factor authentication and multi-factor authentication.

Two-Factor Authentication

You’ve certainly seen it and encountered it on applications and social media accounts that we all use. Twitter, Facebook and Gmail have begun using two-factor authentication, otherwise known as 2FA. It can also be referenced as a “two-step verification” process.

Think of it like when you call your credit card company and are asked for pieces of information that only you would know, providing evidence that you are, in fact, YOU.

When two-factor authentication is utilized, it requires two forms of identity verification prior to having access to an application. When both factors are verified, the end user has access. For example, you may be sent an SMS code that is valid for a short time and must be entered correctly in order to gain access to an application.

2FA is an added layer of protection for your data and is certainly more secure than just one single factor, such as a complex, long password with numerous unique characters that, despite the user’s best efforts, can easily be stolen or hacked.

With the two-factor authentication, the cyber attacker or imposter would need not only your password, but would also need your second factor as well to gain access to an application on your behalf.

Multi-Factor Authentication

Multi-factor authentication, or MFA, combines what you are, what you know, and what you have. When multi-factor authentication is enabled, the administrator defines a second factor in addition to a password that a user must validate in order to gain access. Multi-factor grants access to your company’s applications through multiple data points.

While MFAs seem great, there are organization that are not adopting this security measure as to not disrupt or irritate their end users or customers. However, this should not be the case. The key is to keep a flexible policy alongside your MFA so that users are not compromised or annoyed while gaining access to your application.

2FA or MFA: Which is Better?

As always, choosing if a 2FA or MFA is better for your company’s security is not a one size fits all answer. To analyze this for your company, keep in mind that there are three possible ways that a user can validate that it is in fact them. They are knowledge, possession, and inherence.

Knowledge is what he or she knows, which would be like asking for a password and requesting answers to security questions.

Possession would be what supplies the person has on them, such as a mobile device, a one-time password or even a YubiKey.

Inherence, on the other hand, is based on a unique characteristic that the user has. This can be items such as voice recognition, a retina scan, or a fingerprint.

Two-factor authentication is just that, it relies on two factors as described above. Multi-factor can be two of the above factors or it can possibly involve all three, even inherence. If you think about it, iPhones use a fingerprint for access – and are increasingly moving towards MFA for financial applications.

Whichever authentication you choose for your company’s application, 2FA or MFA, it is better than asking users for one long, complex password – which can be easily forgotten and, year by year, more easily cracked.

Simply adding one more factor can be your best defense against cyber attackers and cyber criminals.

What an SMB Should Expect from their CIO

Great Chief Information Officers are invaluable resources for any organization. They are also expensive, and for good reason. It’s a high-profile job with a lot of responsibility. They create business value through technology and plan strategically for business growth. They ensure that the company’s technology systems and processes are aligned with business goals.

Some of the other critical items that a CIO is responsible for are security and risk management, customer service platforms, IT architecture, vendor negotiations, supplier management, budgets and more.

According to PC Magazine, small businesses with basic technology can temporarily survive on cloud-based tools and “gumption.” But, there comes a time when someone other than the CEO is needed to oversee long-term IT initiatives.

The key goal in every organization is not just surviving, but thriving. SMBs want to grow the business. A major tool for growing the company is the technology it utilizes. When an SMB does not invest in its technology correctly or sufficiently, it will likely lose customers and market share to competitors. It is the CIO’s job to make sure that doesn’t happen.

 

The Benefits of a CIO

While the Chief Information Officer has a very demanding job, it is important to have a highly skilled professional handling these responsibilities. With limited C-Level executive oversight, the SMB needs a reliable partner to count on to make  informed decisions. The CIO has a thorough understanding of the needs of the business. This also lends itself to someone who is considered “centralized” across departments and company initiatives.

If your SMB is fragmented and departments do not collaborate, the CIO brings it all together, which in turn, lends itself to a better overall business strategy. A CIO’s strategy reaches across business goals and objectives as a company whole.

Chief Information Officers often have a long-standing history of professional excellence and with a large base salary, and, while they are critical to the success of an SMB, it can weigh heavily on the annual budget, not leaving room for other important items too, like lead generation, talent development/succession planning and sales initiatives.

 

The Case for a Fractional CIO

There comes a time when all growing companies should invest in a Chief Information Officer – so the leader can focus on their best and brightest use, as well as have an experience IT leader ensuring the organization reaps the rewards of growth-aligned technology.

When a small to mid-sized business is looking to get the benefits of a CIO without breaking the bank, outsourcing a “fractional” CIO (often called “vCIO”) can be a better option and more feasible.

The reasons for this are the same as for a full time CIO…

  • Having a fractional CIO still means that your SMB can expect technology and innovations to align to business objectives and growth plans.
  • A fractional CIO, just like a full time CIO, will build a strategic information technology
  • They will oversee technology initiatives, vendor selection, technology adoption, including any needed internal training.
  • They will oversee security and compliance and partner with risk management for the organization.
  • They will plan for disaster and recovery, helping assess your business continuity plan.
  • They will attend all important business meetings, as well as board meetings.
  • They will also build and test the role of the potential future full-time CIO, once you have the scale to require (and better afford) that position.

… with one exception: You will not incur the risk, time and cost of a full-time hire. An additional benefit of a fractional CIO is that they often come with the technical and process support of the greater organization that provides your company with the service offering.

For many organizations, the fractional option could very well deliver the best return on investment, provide a perfect transitional solution, as well as better define the role as you grow to a place where a full time CIO makes sense financially.

What “Digital Disruption” Means for your Growing Small Business

Digital disruption is affecting every type of company out there, regardless if you’re small, mid-sized or large. Companies must respond quickly to new and improved demands for digital technology. If your company does not act and stay on top of digital transformation trends, then your company will lose valuable business and revenue.  Once a customer is lost to someone who is doing it better, it’s hard to get them back.

First, Some Statistics on Digital Disruption in 2018

Over half of the world’s population is online with 4.1 billion internet users. During the past 12 months, there was one quarter of one billion new users. The average person using the internet reports spending about 6 hours each day online.

The cloud continues to gain momentum. By this year, 60% of enterprise IT will be in the cloud versus off-premises. Also, this year, 90% of the population will have data storage in the cloud that is both free and unlimited.

Good news comes in spades when it comes to companies keeping up with digital disruption. A recent article from Converge Technology + Business says that 65% of businesses feel positive about change. They feel that, in the next 3 years, they can adapt to disruption. What’s even better is that almost half of company’s digital transformation efforts are being led by CEOs or Board Members. Most companies, 2 out of 3 in fact, report to being capable of making the change for digital disruption.

Digital Disruption Offers Many Challenges to SMBs

Small and midsize businesses need to consider multiple departments beyond IT. While the information technology department must be working on efficiency, customer service and other client-facing departments also are a big part of customer experience. The way that your people interact with your customers, organization wide, needs to be efficient, top-notch, seamless and flawless. People are judging your business not only by others in your industry, but by the best-case examples they see any time they open a browser window or click an app.

The biggest challenge for departments to overcome barriers to today’s digital transformation is being on the same page.  Small and midsize businesses may have difficulties integrating with one another. Misaligning objectives and lacking resources create obstacles. To be competitive in today’s digital market, SMBs must finds ways address these challenges.

What’s an SMB to do?

It starts with one word: innovation. Using the same model, “making patches” and “tweaks” no longer works. Technology professionals and small and midsize business leadership must understand what challenges are being faced, both in the present as well as down the road, and find ways to handle it. From application development to new systems, procedures and approaches, recycling old assets won’t win the digital disruption race. Companies must throw out old solutions and create new ones, from the ground up.

They needn’t be wholesale changes, just new ones.  Ones that speed up a process, combine workflows from other applications they use, or remember key information so the customers only have to enter it once, or not repeat it on the phone when they call you. And they needn’t be new to the internet, simply new to your industry.  Efficiency and being nimble is what gives SMB companies an advantage over the enterprise level.

While AI technology may seem like an old topic, with Alexa, Siri, and customer service chatbots being around for some time, it doesn’t mean that it won’t continue to play a big part in the future of digital disruption. There is a lot of power to be seen in artificial intelligence for SMBs, from customer service, to robotics, to analytics and not to mention marketing. AI has the power to surprise and amaze customers. Artificial intelligence can connect and communicate your business with its customers in a way that they may not expect, but will certainly appreciate. From email to content generation, this can be faster, cheaper and smarter automation for your business. When technology professionals are innovating ways for better customer service, make sure to leverage AI.

Further, to conquer digital disruption challenges, once technology professionals create or find new innovative solutions, think API or application program interface. By definition, according to webopedia, API is a set of protocols, routines, and tools for building software applications, specifying how software components should interact.  By making your technologies interface better with the other technologies your customers use, you can increase their satisfaction and the ‘stickiness’ of your solutions.

The ability to connect applications and data – and help your customers interact with you more efficiently – is the difference between surviving and thriving versus being left behind.

For Small Businesses, Properly Staffing IT Is A Key Element to Growth

As your business flourishes, you are bound to experience “growing pains.” Changes happen quickly and unexpected issues can arise.

Despite the unknown, your growing business must plan-ahead to brace for change and increases in work production. This includes correctly anticipating your technology staffing needs.

 

How many people should be on your IT staff?

On average, for small businesses, IT staff head count is as follows:

  • Small: 1 IT staffer for every 14.7 employees
  • Medium: 1 IT staffer for every 24.9 employees
  • Large: 1 IT staffer for every 47 employees
  • Very large: 1 IT staffer for each 69.25 employees

 

Technology staffing should be determined by your people, your customers and your strategic plan.

That being said the actual count of your IT staff (as well as your technology budget) should not be determined by division, but by alignment to the company’s overall positioning and strategic plan.

Ask questions such as…

  • Where is your organization now, and where does it want to be in the future?
  • What does technology mean to your organization and what do you expect – and need – from that function in order to meet your growth goals?
  • Is technology part of your Intellectual Property, an enabler to your solutions (a tech-enabled company), or only office tools.
  • How many people does it take to accomplish this, broken down by each role, including tactical/support and, separately, strategic guidance and development?

 

Create a separation between “steady state” and strategic/project efforts. 

Many small and mid-sized businesses try to have the same person or team run the daily work, such as helpdesk, as well as implement special projects and deliver business insights to management. This causes both efforts to suffer. If you can handle both, you are probably over staffed and wasting money, or, even worse, not getting forward-looking value from your IT department.

>> IT should a collaborator – or, better still, a driver – not a bottleneck.

 

Getting started on right-sizing your IT staffing.

First, see if any current IT or technology employees feel overwhelmed or overburdened. Employees should feel challenged, not stressed. Make sure that tasks are being completed on time. Also make sure that the people who rely on technology are getting the support and insights they require to meet their goals.

Second, see if your people and leadership are receiving the proactive IT support and insights they need.  Are new technologies being rolled out before old ones start failing?  Are people getting trained on new systems and using them to increase productivity and delight your customers? Are your C- and V-level staff getting the insights they need to drive growth? And, last but not least, are you losing sleep over IT security and business continuity risk?

Third, keep in mind that, while overstaffing IT waste of resources, understaffing IT not only affects your company’s growth arc and operations, it can also cause significant damage to morale too. And not just for your team but, as mentioned above, for your customers and value chain as well.

>> Well functioning IT is an HR benefit.  Innovative IT creates a sense of pride and impresses your customers.

Getting your IT head count right, and ensuring you are meeting both the day-to-day and strategic IT needs, is one of the key ways to keep your growth plan on track.

 

 

A quick checklist for staffing your IT function:

When identifying a growing business’s IT staffing needs start with feedback from your people.

  • Talk to both current staff and customers.
  • Get an understanding of how your company’s technology is perceived.  (Perception can often be more important than reality.)
  • Look for what is working as well as areas for improvement, both from a day-to-day and strategic insights perspective.
  • Narrow down the tasks that need to be addressed right away and the projects that can be addressed down the road, as part of a 3-year plan.  Assign hours to these tasks.
  • Determine the number of staff needed to fulfill both the steady state and the strategic halves of your IT function.

 

5 Physical Security Measures You Can Take Now to Prevent Hacking

Many business owners are surprised to learn that a large portion of hacks are inside jobs. For example, disgruntled employees or suppliers, or a former employee with a grudge. Plus, some hacks are caused by one of your staff triggering or enabling an outside hack.

Here are five effective ways you can make “on premises” IT security improvements and decrease the odds you will be hacked by someone with physical access to your technology:

#1 Add a front desk sign-in log and a camera system. Plus restrict who can access your back room

Review your security access plan with your building and implement a sign-in process for visitors. Restrict who can access your offices, and take security measures to prevent someone from wandering into your backroom and having physical contact with your servers and technology. Your server room should be locked with a keycard that logs the people that have access and records the date and time of when they access the room.

#2 Analyze how you and your employees remotely access the data at your office

If the only protection against someone accessing your business’s proprietary data from this device is a simple password, it is time that you make significant improvements to the security of your data and how employees are granted remote access.

An option for businesses is implementing multifactor authentication (MFA). This is a security system that requires more than one method of authentication to verify the user’s identity when logging in. An example would be a text sent to the person’s mobile phone with a 6-digit pin number that also needs to be entered. The goal of MFA is to create a layered defense and make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network or database.

It is also a good idea to create separate share drives for more critical information and limit access to that data on a “need to know” basis. Instead of setting up access to these share drives by person, set up groups of people with specific access levels. This way, when people are moved to new roles or departments their access levels automatically follow the job description.

Periodically audit your remote access policy. Don’t make the mistake of becoming complacent with your security just because you have been without incident. If you are only using two-factor authentication for remote access, consider adding a third to increase protection.

#3 Create a phishing policy

Train employees on how to spot phishing scams and what to do when they think they might have been the recipient of one, or even worse… activated one.

Provide them with examples so that they get an idea of what phishing attempts look like. Give them a set of guidelines outlining what information they are able to disseminate and what information is proprietary. Make sure this policy is in writing and highly visible. Train all new hires on this policy immediately. Lastly, hire a security firm to proactively phish your employees. This proactive technique will give you a better idea of your risk level so you can supply additional training for the employees that click on the fake phishing email and require further guidance.

#4 Request a security plan from your IT provider

A skilled IT provider will provide your business with an adequate level of cyber security protection. They will be able to point out your weaknesses and areas of vulnerability. They can also provide you with helpful tools to train employees on how to protect sensitive data and not fall victim to cyber-crimes. Most IT providers have a handy checklist or short guide they provide to their clients.

#5 Conduct an all-staff security meeting and assemble a technology committee

Go over ways that you and your employees can collectively improve security. For example, if you see a USB that’s not yours, give it to IT, even if it has your company’s logo on it.

Take things one step further and assemble a technology committee. Provide employees with additional incentives to participate in this committee and take on an active role in conveying the importance of cyber security, enforcing security policies, and fostering discussions on ways to improve security.

4 Technology Solutions for Common Small Business Problems

 

Problem #1 Managing the front desk is a costly expense

You no longer need to pay a receptionist just to answer your landline during business hours. These days, small business owners are not tied to an office or computer in order to stay connected. Business owners are no longer required to sit at their desks all day managing dozens of calls. The traditional landline is no longer a vital lifeline for a business owner. Cell phones, VoIP, ​and virtual phone lines are providing business owners with ways to stay connected on the go. They no longer need to employ someone just to answer the phone and screen calls.

Problem #2 Your growth is restricted because you can’t leave your business’s physical location to travel

You no longer are forced to turn down meeting opportunities because of the high expenses of travel and time spent away from the office. You are no longer restricted to a local pool of applicants for an important position within your company. Thanks to teleconference services, you can conduct conference calls with a group of employees and/or clients at different locations at any time. There are many teleconference services available that give small business owners the ability to conduct teleconferences with multiple parties without needing special telephone or bridge line equipment. There are also a number of web conferencing tools that allow business owners to connect with employees or potential clients located all over the world.

Business owners can also take advantage of Collaborate on Word documents with real-time co-authoring. This allows a group to collaborate on a document, using real-time co-authoring to see everyone’s changes as they happen. Collaboration is a simple three step process: Save the document to OneDrive or SharePoint Online so others can work in it, invite people to edit it with you, and have your group open and work in the document in Word 2016, Word Online, or Word Android and you’ll see each other’s changes as soon as they’re made.

Problem #3 Your customer service is lackluster

You can make drastic improvements to your small business’s customer service thanks to technology. Take advantage of social media as a tool to reach out to existing customers and to attract new ones. Offer sales, promotions, and helpful information on popular social media sites to keep in contact with customers. Provide your customers with the opportunity to schedule appointments online at their convenience. Use online surveys and questionnaires to get customer feedback. Technology makes it easy to provide top notch customer service.

Problem #4 Your competitors have a much larger budget than you

Many small businesses have closed their doors simply because their competitors have more money to devote to business growth and development. Thanks to technology, small businesses have more opportunities to grow now than ever before. You can spend a relatively low amount of money to have a professional website built and maintained. You can also have an app developed to foster business growth. Technology gives smaller businesses many innovative opportunities to be successful.