HOME

February 29th, 2016

2015Feb29_Security_AThe financial services industry has long been a heavily targeted sector by cyber criminals. The number of attacks that involved extortion, social-engineering and credential-stealing malware surged in 2015. This means that these institutions should strive to familiarize themselves with the threats and the agents behind them. Here are 7 new threats and tactics, techniques and procedures (TTP’s) that security professionals should know about.

Extortion

The cyber criminal Armada Collective gained notoriety for being the first to utilize distributed denial-of-service (DDoS) attacks. This occurs when multiple systems flood a targeted system to temporarily or completely disrupt service. They evolved the idea further and started to extort Bitcoins from victims who were initially notified of their vulnerability. If they didn’t comply with the ransom demands of the criminals, they would flood their systems until the victim's network would shut down completely.

Social media attacks

This involved criminals using fake profiles to gather information for social engineering purposes. Fortunately, both Facebook and Twitter began to proactively monitoring for suspicious activity and started notifying users if they had been targeted by the end of 2015. However, you should still have your guard up when someone you don’t know, or even a friend or colleague, starts asking you suspicious questions.

Spear phishing

Phishers thrive off familiarity. They send out emails that seem to come from a business or someone that you know asking for credit card/bank account numbers. In 2015, phishers went to the next level and began whaling. This normally involved spoofing executives’ emails (often CEO’s) to dupe the finance departments to transfer large sums of money to fraudulent accounts.

Point-of-sale malware

POS malware is written to steal customer payment (especially credit card) data from retail checkout systems. They are a type of memory scraper that operates by instantly detecting unencrypted type 2 credit card data and is then sent to the attacker’s computer to be sold on underground sites.

ATM malware

GreenDispenser is an ATM-specific malware that infects ATM’s and allows criminals to extract large sums of money while avoiding detection. Recently reverse ATM attacks have also emerged, this is when compromised POS terminals and money mules to reverse transactions after money being withdrawn or sent to another bank account.

Credential theft

Dridex, a well known credential-stealing software, is a multifunctional malware package that leverages obfuscated macros in Microsoft Office and extensible markup language files to infect systems. The goal is to infect computers, steal credentials, and obtain money from victims’ bank accounts. It operates primarily as a banking Trojan where it is generally distributed through phishing email messages.

Other sophisticated threats

Various TTP’s can be combined to extracted data on a bigger scale. Targeting multiple geographies and sectors at once, this method normally involves an organized crime syndicate or someone with a highly sophisticated setup. For example, the group Carbanak primarily targeted financial institutions by infiltrating internal networks and installing software that would drain ATM’s of cash.

The creation of defensive measures requires extensive knowledge of the lurking threats and our team of experts is up-to-date on the latest security information. If you have any questions, feel free to contact us to find out more about TTP’s and other weapons in the hacker’s toolbox.

Published with permission from TechAdvisory.org. Source.

Topic Security
February 17th, 2016

2016Feb18_MicrosoftWindowsNewsAndTips_ANot only has the 21st Century brought about vast technological advances, it has also enabled new ways for businesses to get their brand messages out to customers and unearthed a new-found necessity: online reputation management. With a multitude of platforms and tools out there, it has never been easier for customers to directly interact with brands and products. So to ensure they get a positive impression of your company online, here are four steps to follow.

Own the first page of search results

In his new book on online reputation management, Tyler Collins, a digital marketing expert for Fortune 500 companies mentions the importance of a company's search results that appear after pressing enter. These results make up the majority of a business or personal reputation online. For optimal results, it is advised that you occupy the first 10 spots (the entire first page of the search results), and within this number, there should also be a variety of related content such as positive reviews, media coverage as well as customer testimonials that contribute to the establishment of trust and credibility.

Paint the picture before the exhibition

Especially for entrepreneurs embarking on a new company, it is best to work on their online reputation before launching. This includes creating a brand, company name and message, all of which should help your business land the top 10 search results online. You should invest some time in thoroughly researching potential brand names to ensure your tentative company name has no negative associations.

Don’t forget the execs

Equally important to online brand management is the implementation of reputation management policies for key executives. While researching a company, potential customers don’t only take statistics and reviews into consideration but also the people that are involved with and leading the organization. This is why it’s absolutely essential that your key executives have a clean online reputation.

To achieve this, the company can create a dedicated bio for each executive that helps increase the search ranks of that particular executive’s name. The next step is to get (positive) media coverage whenever possible. Everything from blog posts to press releases and quotes in an online news story will help forge a strong and credible image for the individual, and in extension, for the company.

Ask for help when required

When times get tough, seek the expertise of specialists that help maintain and improve online images for a living. It is almost impossible to change a customer’s first impression of executives and the company, so investing in expert advice can turn out to be the most important step in creating and maintaining your virtual image.

We hope you find these four online reputation tips helpful. If you need more help creating a credible online image or are looking to utilize technology to establish a stronger online image, give us a call. Expert advice awaits.

Published with permission from TechAdvisory.org. Source.

Topic Social Media
February 15th, 2016

2016Feb15_Productivity_ABetween your customers, vendors, employees and other moving parts of your organization, it can be difficult to find the time to focus on your business. On a daily basis, you likely have to deal with dozens of tasks, and oftentimes don’t finish them all. So how can you fix this? How can you be more productive, complete your to-do-list and get out of the office on time? There are a couple of key productivity principles and technology solutions that can help.

Have a single focus

When Bill Gates and Warren Buffet were asked what the single most important reason for their success in life was, both answered with a single word: focus. It is that important. When you work on one task for an extended period of time, the quality of your work is at its highest. What’s more, you’ll also finish that task in a shorter amount of time than if you had to stop and start it repeatedly due to distractions.

This principle of focus can be applied to many areas of business and life. Whether you’re writing a report, sharing time with your family, or simply reading a book for your own pleasure, the quality of that experience improves with the more uninterrupted time you dedicate to it. Now, when it comes to IT and technology, this same principle can have a tremendous impact on your business. Not only do technology distractions - such as constantly breaking computers, security breaches, and slow servers - hurt your productivity, but they also crush your spirits. How can you focus on growing your business like this? This is where an MSP comes in. They can help eliminate all IT interruptions so you get back to doing what you do best - running your business. What’s not to love about that?

Obey Parkinson’s law

If you ever pulled an all-nighter as a university student, you may be familiar with Parkinson’s law. The principle states that the time it takes to complete a task expands or shrinks depending on the time allotted for it. For example, when you were hitting the books in high school or college, you may have noticed that a few students (and maybe you were one of them) would put off an important paper or project to the last moment and still end up getting an A. While at the same time, other students would take weeks to complete the same project or paper and only manage a B. So how did this happen? This peculiar phenomenon is the magic of Parkinson’s law at work. When you have less time to work on a project, you focus only on the important aspects of it. Oftentimes this is all you need to do a good job.

So whether it’s a company meeting or the amount of time you put towards researching your next vacation, apply Parkinson’s law to increase everyone’s focus and ensure you’re not wasting valuable time on the task. As for your IT, give your in-house staff a reasonable, yet specific amount of time, to complete a task. This will ensure they finish the job in a timely manner, and then move on to other projects. Alternatively, you can simply outsource all of your IT to an MSP for a single, flat monthly fee, and never have to worry about it to begin with.

Use technology to become superhuman

As human beings, technology enables us to become more than we could have ever dreamed of. Apps like Evernote can enable us to remember every valuable piece of information we encounter. Cloud technology can bring a remote workforce scattered around the country together so they can work on the same project simultaneously. VoIP gives you the ability to video-chat with business partners, loved ones, and friends while they’re as far off as Bangkok or Baghdad. Technology is reshaping not only the business world, but also the life of every individual on the planet. So when it comes to your own business, is your company going to take advantage?

We hope that these productivity tips will help improve your life in and outside of the office. If you’d like to know more about how IT can transform your business, to make it more efficient and profitable, give us a call today.

Published with permission from TechAdvisory.org. Source.

Topic business
February 12th, 2016

2016Feb12_BusinessValue_ALinkedIn is a highly useful site, but many small businesses simply don't make the most of it. The problem is that most of the information out there, that SMBs try to model, is focused on tips and strategies for larger organizations. And these strategies are simply not as effective when applied to the SMB. So what can the small or medium-sized business do to actually gain value from their LinkedIn efforts? Here are few tips to get you started.

Know LinkedIn’s purpose

Simply put, LinkedIn is not a content marketing platform. Yes, people do publish articles and posts, but if you have a small budget and are short on time, you will get more bang for your buck on social media networks that are more content marketing friendly. For example, Pinterest, Instagram, Facebook and Twitter are all far better options in this scenario. Many users are on these platforms to view content in one form or another. On LinkedIn, content can undoubtedly be viewed, but people are primarily there to make connections. Of course that doesn’t mean you shouldn’t post an occasional article on LinkedIn. It just means don’t make it the main source of your content marketing efforts.

Another way businesses misconceive LinkedIn is in terms of lead generation. Basically, you shouldn’t expect your LinkedIn page to generate a large amount of leads. As an SMB, your marketing budget is limited, so you’ll be better off using your advertising budget to drive leads to your actual website or even a Facebook business page. Your LinkedIn business page should be used instead to validate your experience, credentials, and professionalism. With that said, make sure your page is polished and updated with all this information.

Double down on business trips

We all know that LinkedIn is a great platform to connect with business colleagues. If you’re active on the platform, you likely have hundreds of connections. So when you make that next business trip, why not tap your network to book additional meetings in the city you’re traveling to? Ask yourself, which of your connections could help you extend your sales in that region or benefit your business in some other way? You don’t have to stick to business colleagues you know personally. You can create valuable new relationships by tapping your current LinkedIn network. To do this, search first and second degree connections using the geographic search option, and filter your results to job titles, industry, and company size of your ideal prospect. Once you’ve found potential contacts, see if you can get an introduction from one of your first connections, or simply InMail them and reach out yourself.

Your page is about your business—not you

A very common small business mistake on LinkedIn is making your company page about you, not your business. You may mistakenly create this page like your personal profile, listing accolades and job experience. What you should really be focusing on, however, is something much bigger: the story of your business or brand. A story will help engage your prospects, creating an impression in their minds, and also give you an opportunity to touch on the value your business provides to customers. Your profile should also include some of the top brands your business has helped. If one of your clients is Target, The Gap, Whole Foods or another big name, make sure to mention it, as it proves your credibility as a business or service provider.

Find talented hires

While big companies have the budget and time to post job openings on LinkedIn, as an SMB, there’s a good chance you’re lacking both. Fortunately, there’s an alternative way to find top talent on LinkedIn. Simply search for them yourself.

Before you get started, you need to know exactly what kind of hire you’re looking for. Think about people you already know who would be perfect for the job. While you may not have the ability or budget to hire them, look them up on LinkedIn and see their career path. What kind of roles did this person previously have? What kind of experience did he or she have before their current position? With this information in hand, now you can search for people who are in or have held similar positions, and will likely share qualities of your ideal candidate. Once you have a pool of potential applicants, reach out to them through InMail or a shared connection to see if they’re interested in your job.

Ask for help, and be helpful

Like all social media platforms, if you don’t engage with your connections, you’ll see little value generated from your time using it. However, with LinkedIn, the type of engagement you participate in can be extremely valuable for your business. All it requires is for you to ask for help or feedback. For example, if you have several logo designs for a new product and are unsure of which is best, share some of them with your network to get feedback. If you’re curious about a new productivity tool and wonder if it’s worth investing in, ask your network if anyone’s used it before. Oftentimes in the business world, people are happy to help you if you just speak up. However, don’t forget to return the favor. If you become the person who seems to only be taking advice without giving any in return, it can have a negative effect on your reputation.

If you’d like more ideas on how social media or technology can create value for your business, don’t hesitate to get in touch. Our IT solutions can help you overcome challenges, and create an even more valuable business.

Published with permission from TechAdvisory.org. Source.

Topic business
February 9th, 2016

2016Feb9_Security_AMost business owners have an employee handbook. But when it comes to the online security of their business, often times this portion is either not adequately addressed, or not addressed at all. However, with cyber crimes an ever increasing threat, and the fact that employee error is one of the most common causes of a security breach, it is incredibly vital that your staff is informed of your policies. Here are four policies that every business owner should share with their employees.

Internet

In today’s business world, employees spend a lot of time on the Internet. To ensure they’re not putting your business at risk, you need a clear set of web policies. Here are three important ones to keep in mind:
  1. Employees should be using the Internet for business purposes only. While this is undoubtedly hard to avoid without blocking specific websites, having a policy in place should at least cut back on employees spending time on non-business related sites.
  2. Prohibit unauthorized downloads. This includes everything from music to games, and even data or applications.
  3. Accessing personal email should not be done on business devices. If employees must access their own email account during the day, they can do so on their smartphone or other personal device.
These are just a few Internet policies to get started, but you should also consider including information on your recommended browsing practices and your policies for using business devices (such as company phones) on public wifi.

Email

Just like with the Internet policy mentioned above, company email accounts should only be utilized for business use. That means your employees should never use it to send personal files, forward links or perform any type of business-related activities outside of their specific job role. Additionally, consider implementing a standard email signature for all employees. This not only creates brand cohesion on all outgoing emails, but also makes it easy to identify messages from other employees, and hence helps prevents spear phishing.

Passwords

We’ve all heard the importance of a strong password time and time again. And this same principle should also apply to your employees. The reason is rather simple. Many employees will create the easiest to crack passwords for their business accounts. After all, if your organization gets hacked, it’s not their money or business at stake. So to encourage employees to create strong passwords, your policy should instruct them to include special characters, uppercase and lowercase letters, and numbers in their passwords.

Data

Whether or not you allow your employees to conduct work on their own device, such as a smartphone or tablet, it is important to have a bring your own device (BYOD) policy. If your employees aren’t aware of your stance on BYOD, some are sure to assume they can conduct work related tasks on their personal laptop or tablet. So have a BYOD policy and put it in the employee handbook. In addition to this, make sure to explain that data on any workstation is business property. That means employees aren’t allowed to remove or copy it without your authorization.

We hope these four policies have shed some light on best security practices. If you’d like more tips or are interested in a security audit of your business, do get in touch.

Published with permission from TechAdvisory.org. Source.

Topic Security
February 5th, 2016

2016Feb6_BusinessContinuity_AWhether your business is hit with a brief power outage or an extreme weather disaster, any kind of interruption to your organization’s productivity can cut into your profits. That’s why it is important to have a business continuity plan and utilize BC tools to ensure your organization can stay in operation at all times. Here are some of the key strategies many companies rely on to keep their doors open.

Backup your data, applications and servers

Today, companies are more dependent than ever on IT and their business data. If these critical components suddenly become inaccessible, can your business stay open? For most business owners, the simple answer is no. This is why backing up these elements is vital to your business’s success. Backing them up ensures they can be restored quickly in the event of a disaster, security breach, or damage to IT equipment.

Obviously, to ensure the accessibility of your IT, you need to backup all your data, applications and servers regularly. The keyword here being “regularly”. While in the past most businesses would do this on-site and with tape backups, today more and more businesses are using the cloud. Some of the prime reasons for backing up to the cloud are as follows:

  • Affordability
  • Backups can be automated, therefore saving you time
  • Cloud providers usually backup your data to multiple locations (so if one of their facilities goes down, your backup is still safe at another site)
  • Backups can be accessed from anywhere, whether it’s at an employee’s home or at an alternate office
  • If you need to use it, backups can be restored quickly

Virtualize servers and desktops

When you virtualize your servers or desktops, they can be used at any location - be it at your workplace, home, or a coffee shop in the Bahamas. In terms of business continuity, this is useful in case your main office suddenly becomes unusable due to a disaster such as a flood, a break-in, or if you’re simply unable to get there because of hostile weather conditions.

Have a backup power supply

Power outages essentially zap all your employees productivity. No electricity means no work. And that means you’re paying them to do nothing. Having a backup power supply like a generator will ensure that when the electricity goes down, your employees can continue working. A good solution is an uninterrupted power supply (UPS). When you have this, a power outage will not affect your employees ability to work. They can work seamlessly through it, as if nothing ever happened. Also, if you have a server room, the UPS will ensure your vital servers stay cool.

Utilize social media

Whether it’s Facebook, Twitter or Google +, most people are on at least one social network these days. And if there is any kind of weather-related disaster, social media is usually one of the first places customers, colleagues, staff and vendors will check to see the status of your business. This is because even if the phone lines or local power goes out, social media is usually accessible. So when it comes to business continuity, have at least one active social media account you use to keep your customers and followers informed.

Implement Unified Communications

Unified Communication (UC) can essentially create a virtualized communication infrastructure. That means instead of your communication tools - like phones, instant messaging, video calls - all being stored locally at your workplace, you can access them anywhere. So for whatever reason if your office is inaccessible, employees can still use your phones and other communication tools from their homes. What’s more, UC tools can route business calls to your employees smartphones. That means they’ll never miss an important call, even if they’re not in the office.

So there you have it, five tools to ensure your business operates continuously no matter what comes your way. If you’d like to implement business continuity technology in your business or develop a continuity plan, we’re happy to help.

Published with permission from TechAdvisory.org. Source.

February 1st, 2016

Is your nonprofit doing enough to secure its most important data? Our friends at Idealware have put together their newest report: What Nonprofits Need to Know About Security: A Practical Guide to Managing Risk.

Sinu is proud to sponsor this informative report that covers:

  • Assessing your risk
  • Building a culture that values security
  • Developing policies to guide staff

The report also presents case studies of how two nonprofits chose to deal with their particular security issues. 

Download it for free!

Topic Articles
February 1st, 2016

Sinu customers already know that we provide a reliable IT infrastructure and full-time support, but did you know that we also install and manage a wide range of business productivity solutions offered as a monthly subscription service by Sinu?

Sinu can manage many of the SaaS (Software as a Service) solutions you currently use, or may have considered using, including online conferencing, email archiving, and file sharing. Sinu can guide you on which solutions will best meet your needs and effectively integrate them into the Sinu Solution. When you buy Cloud Services through Sinu, we add peace of mind: we handle all the software installation and any needed updates, ensuring all the technology works together seamlessly so your employees are productive and your data is secure.

Listed below are a few of the business solutions that Sinu can manage for your organization, so you can focus on your goals rather than the day-to-day management of your IT.

Skype for Business

Depending on your conferencing needs, Skype for Business can be a cost-effective way to add online audio and video conferencing for your team, plus instant messaging. Unlike the free consumer version of Skype, Skype for Business offers several features we have come to expect from a paid online conferencing service. And at a cost beginning at $2 per month per user, many of our customers find that it offers more value than some of the legacy online conferencing service solutions.

Skype for Business features include:

  • Add up to 250 people to online meetings
  • Share screens
  • Collaborate directly
  • Enterprise-grade security
  • Integrates with Office apps
  • Phone call-in numbers
  • Record meetings

Compliance Email Archiving

Email is the primary channel of business communication. It provides organizations with a fast medium of conveying business correspondence such as proposals, price quotes, human resources information, and sales transactions. Consequently, email has become the electronic substitute for legal business documentation and many industries are mandated to preserve their data, keep it secure against unauthorized access, and make it accessible for authorized use.

Merely backing up your data is not enough. Email archiving systems provide advanced search and retrieval functions that most backup systems do not offer. Backups save current data against the event of failure or disaster; archives protect data so that it can be accessed when needed.

Even if your industry does not yet require compliance email archiving, there are several reasons to consider adopting it as a best business practice:

  • Litigation support – Retrieving requested information from an archive is timely and cost-efficient to perform in comparison to the time and resources required to rebuild the information from backups
  • Data storage costs – Migrate aging data from primary storage to low-cost, high-capacity archive storage for long-term retention can reduce data storage expenses 
  • Knowledge management – It is estimated that 75% of a business’s intellectual property can be found in its email system and email archiving allows for data to be accessed when needed
  • Protection against malicious intentional deletion – Don’t fear that a departing employee deletes everything on the way out the door 

Sinu can manage an enterprise-class compliance archiving and monitoring solution that integrates with your current email and messaging systems. Our goal is to help alleviate the burdens of data management, storage, security and business continuity by finding and managing the best solution to meet the demands of regulatory compliance, audits, and eDiscovery.

Dropbox for Business

Dropbox for Business takes the popular individual file sharing, storing, and syncing solution to the next level by adding several security and sharing controls to help protect your business data.  

There are several reasons organizations turn to Dropbox for Business:

  • Your team can work on one platform with all the apps they already use to be productive – everything from Word and Excel to Photoshop and Acrobat
  • Information can be easily accessed from any device – Dropbox supports Windows, Android, iOS, Mac, and Linux
  • Sharing controls let you set permissions to allow for different access levels
  • Activity logs track how content is accessed — including new shared folders, invited members, changes in permissions, etc.
  • Remote wipe secures data if a device is lost
  • A personal and a work Dropbox can be linked for easy access, but files remain separate
  • Strong cipher encryption keeps data safe
  • Additional security features, including single sign-on (SSO) and two-step verification, further safeguard your data 

As a reseller of Dropbox for Business, Sinu is skilled at Dropbox implementation and support, so your business can get the most from the Dropbox solution. 

At Sinu, we are a bit obsessed about offering the most reliable and efficient IT support services for superior customer experience and employee productivity. So give us a call if you have a question about these services or any other new technologies that emerge – we’d love the opportunity to discuss what we are currently testing, share best practices, and demonstrate how the Sinu platform can be maximized to keep your employees happy and productive. For more information, contact David Owen.

Topic Articles
January 27th, 2016

2016Jan25_BusinessContinuity_AMost business owners don’t normally think they will be a victim of a natural disaster...not until an unforeseen crisis happens and their company ends up suffering from thousands or millions of dollars in economic and operational losses -- all because of the lack of thoughtful disaster preparedness. This post gives small or mid-sized businesses (SMBs) basic information on the vital importance of having a Disaster Recovery (DR) plan to help them survive any potential disasters.

As we all know, unpredictability is a fact of life. The aftermath of Tropical Storm Bill in Texas and recent floods in South Carolina are a grim and unfortunate lesson for many overconfident business owners who think their companies are spared from the likelihood of cataclysmic weather, technological malfunctions, or human actions. A 2014 survey by the IT Disaster Recovery Preparedness (DRP) Council reveals just how many companies worldwide are at risk: 73 percent of SMBs are failing in terms of disaster readiness. What does this mean? It means that 3 out of 4 companies aren’t prepared to handle emergencies and save their businesses from a worse-case scenario.

If it’s not clear and compelling enough for a business owner like yourself to consider putting a well-conceived Disaster Recovery (DR) plan into place, perhaps it’s time to give it some thought. Doing so can save you years of business loss. Here is some useful information about what DR is all about and how it can ensure your business’s survival in the wake of unforeseen circumstances.

What is Disaster Recovery (DR)?

Disaster recovery is a plan for restoring and accessing your data in the event of a disaster that destroys part or all of a business’s resources. It is a key component involving many aspects of business operations that requires this information to function. The job of a DR plan is to ensure that whatever happens, your vital data can be recovered and mission-critical applications will be brought back online in the shortest possible time.

What kind of disasters are likely to happen?

Business disasters can either be natural, technological, or man-made. Natural types of disasters include floods, earthquakes, tornadoes, hurricanes, landslides, tsunamis, and even a pest infestation. On the other hand, technological and man-made disasters involve hazardous material spills, infrastructural or power failure, nuclear power plant meltdown or blast, chemical threat and biological weapons, cyber attacks, explosions, or acts of terrorism and civil unrest.

Why does your business need DR?

Regardless of industry or size, when an unforeseen event takes place and causes day-to-day operations to come to a halt, a company will need to recover as quickly as possible to ensure you will continue providing services to clients and customers. Downtime is one of the biggest IT expenses that any business can face. Based on 2015 disaster recovery statistics, downtime that lasts for one hour can cost small companies as much as $8,000, mid-size organizations $74,000, and $700,000 for large enterprises.

For SMBs particularly, any extended loss of productivity can lead to reduced cash flow through late invoicing, lost orders, increased labor costs as staff work extra hours to recover from the downtime, missed delivery dates, and so on. If major business disruptions are not anticipated and addressed today, it’s very possible that these negative consequences resulting from an unexpected disaster can have long-term implications that affect a company for years. By having a Disaster Recovery plan in place, a company can save itself from multiple risks including out of budget expenses, reputation loss, data loss, and the negative impact on clients and customers.

How do I create a DR strategy for my business?

Creating, implementing and maintaining a total business recovery plan is time-consuming but extremely important to ensure your business’s survival. Many organizations don’t have the time or resources to dedicate to this process. If you would like to protect your company from unexpected disasters but need further guidance and information on how to get started, give us a call and our experts will be happy to discuss Disaster Recovery options and solutions with you.
Published with permission from TechAdvisory.org. Source.

January 25th, 2016

2016Jan20_Security_AIt’s been said so many times that many small business owners are likely to block it out, but the truth remains: cyber criminals target SMBs. Perhaps the reason for this ignorance is that when an SMB falls victim to an online attack, it’s not breaking news. But this time, in a recent NY Times article, a cyber attack wasn’t focused on the Ashley Madisons or Dropboxes of the world. This time the focus was on a small business who is lucky to still be in business after a serious cyber attack.

Last holiday season, Rokenbok Education, a small, California-based toy company of seven employees realized its worse nightmare. During the busiest time of the sales year, the files in their database had become unusable, infected with malware. The hackers used ransomware, a malware designed to hold a business’s data hostage, to encrypt their files and demanded a payment to make them usable again. However, instead of paying the ransom, Rokenbok restructured their key system. To do this it took four days. That’s four days of downtime, lost sales, and confused customers who likely lost confidence in the integrity of their company. Luckily this did not put Rokenbok Education out of business. But many SMBs aren’t so fortunate, and are forced to close after such a security debacle.

So why do security breaches like this happen to SMBs?

There are many reasons, but a common one is that small and medium-sized businesses often focus on profits over security. And really, it’s hard to blame them. When you’re small, you want to grow your organization as quickly as possible. And you likely think that because you’re small, no one is going to attack you. However, nowadays hackers are on to this way of thinking. They know that SMBs don’t focus as much on security, which make them a perfect target. In fact, according to Timothy C. Francis, the enterprise lead for Cyber Insurance at Travelers, 60 percent of all online attacks in 2014 targeted SMBs.

So what can your business do to protect itself against online attacks? There are a range of options, but it’s best to start off with an audit of your current security system to see where the holes are. This audit should check areas of risk which include customer data, employee access, and assets such as servers, computers and all Internet-enable devices.

After that, an obvious thing to do is to strengthen your passwords. While this has been said thousands of times over, many SMB owners do not take heed. Clay Calvert, the director of security at the Virginia-based firm MetroStar Systems, notes that hackers analyze how we create passwords and use big data analytics to crack them. “They have databases of passwords,” Calvert said. The best way to create a strong password is to make it long with a mix of characters. Password managers that encrypt your passwords can also help.

Aside from passwords, there are many other ways to boost your business’s security that include installing a firewall, keeping your antivirus up-to-date, and moving data over to the cloud (instead of storing it on company servers). Also, since many security attacks occur because an employee clicked on a malicious website or link, training your employees is a smart move. A good way to start this training is to create an employee manual that includes security guidelines they must follow. For ongoing training, you can keep them up-to-date on the latest security threats through email updates and regular meetings. Once you feel confident that your employees are up-to-speed and your security practices are updated, you can try hiring ethical hackers to test your systems and try to break through your security. This will let you know if there are any security holes you missed.

Calling in a security specialist

However, if all of this sounds far too much to bother with, consider outsourcing your security to a service provider that specializes in digital security. This can oftentimes save valuable time and money in the long run. Best of all, this can provide peace of mind, knowing that you have a security specialist watching over your business.

If you’re feeling overwhelmed and unsure where to start with your business’s security, we’re happy to help perform a thorough audit and provide you the digital security solution you need to keep your business protected. Security worries don’t have to keep you up at night, and we can help you implement the measures that will protect your business from disastrous security problems.

Published with permission from TechAdvisory.org. Source.

Topic Security