Why You Should Care About Information Security As A Small or Mid-Sized Business Owner

You’ve seen the news, heard all the hype; Marriott, Chinese State sponsored hacking, DNC email leaks, along with Saks, Lord and Taylor, Panera, Facebook, Under Armour among others becoming victims of data breaches. You’ve probably also seen the TV shows and commercials portraying hackers and their potential targets being defended by some slick cybersecurity group. While it’s dramatic, what does this have to do with you, the small to mid-sized business owner or manager?

Perhaps at first glance little to nothing you would say. Who would want my company’s information, no one will target us you think. Well, while yes the big companies, political organizations, governments, and others are direct targets you may be a target as well, albeit indirect. 

While no named organization, or government entity is going to directly attempt to hack your company you may be the target of smaller groups that crawl the Internet searching for vulnerable anonymous systems. So why do they look to do this especially if you and others truly have nothing to offer you ask? Well, at the very least you have some information as well as servers or other infrastructure that is of value to the perpetrator.

Hackers have differing motives. Some may be in search of sensitive information such as credit card data or personal and private information, others may seek to take control of your systems to anonymously launch hacking operations on others from your systems, while others may look to store stolen information for sale, or host pornography. Many who conduct this type of activity may do so from Internet cafes in far off places with limited chances for prosecution. Many have little means and any payoff from compromising a system is welcome. It’s not glamorous like what you get from TV or the media, not dramatic but the ‘work’ pays off.

So how do they find me?

Hackers use simple scanning tools readily available as freeware and test address ranges, identifying networks that have weak security controls or improperly configured networks. While they may not have specifically targeted your company they may stumble upon your company as its Internet addresses lie within the range of their target scan.  

So what’s next?

When an IP address is found to have technical vulnerabilities the next step by the hacker is to exploit the vulnerability with more free pre-packaged hacking tools and see if they can gain access to your network or systems. With success additional tactics and tools will be employed to poke around inside the network to see what information or hosts may be readily available for compromise.

What’s the payoff?

If they do obtain records of value, such as credit card information they look to sell it to other criminals that will exploit the information.  Values vary but here are some rough numbers.  Credit card information roughly sells for  $5 to $8. Data that includes the number as well as a bank ID number or a date of birth sells for $15. “Fullzinfo” information, which may include details like a cardholder’s full name, address, mother’s maiden name, Social Security number, and other details, can sell for $30. $30 to someone that lives in a far away place may be more money than the average person normally sees in weeks or a month. Beyond that they may disrupt or take control of your system just to show they can.

What’s your potential harm?

The potential for reputational harm or an inability to operate may far exceed the value of any stolen data. You may loose customers, business partners and revenue should your compromise be known or legally need to be reported. Business impacts could be severe if you can’t operate for a period of time.  Beyond that you may find that you are facing lawsuits from customers or business partners.

While I can continue to write the Internet is full of information and articles related to this topic so don’t just take my word for it.  Take a look on your own though some simple Google searches.

We have helped numerous companies recover from hacking, viruses and other security events as well as strengthen defenses against random hacking. Please feel free to contact us at 908-232-0100 for a discreet, confidential discussion as to how Network Management Solutions can be of assistance to you and your company.

Why Your Business Needs A Professional Information Technology Team

You may run your small to midsized business with ad-hoc resources that support your IT infrastructure. What do I mean by IT infrastructure? You know your desktop computers, servers, internet connectivity, cloud infrastructure, all the technology ‘stuff’ that enables you to track inventory, bill for services, manufacture inventory, produce reports; all the things your business needs to operate. You may utilize an in-house resource for some IT things since they have perceived knowledge but it’s not their primary role. You also call on outside resources such as a local computer store, your Internet Service Provider, email hosting company, or others depending on the perceived issue.

You might think that you’re saving money by not having dedicated resources that can monitor, manage and secure your infrastructure but you are not. You might think that much of what an IT person or company would do is not necessary for your small or mid-sized company but again you are mistaken. Having provided services for over the last 22 years we have seen many companies make assumptions that they can get by until they find that their business is in jeopardy having suffered a data breach, data losses, system outages or other problems that now threaten the company and perhaps its viability.

What do outages and slowdowns cost your business over the course of a year? If you or your employees cannot work for an hour or two, or you can’t track orders or inventory, or if you can’t appropriately communicate with your customers for the day, or run a production line for an extended period what is the cost? What if your server gets compromised and begins emailing all your clients malware? In all these cases there is not only a quantifiable cost in dollars but perhaps also in loss of reputation. I don’t know about you but if I can’t count on the companies that I interface with I go elsewhere for the products or services I need.

At Network Management Solutions we have seen in many instances where companies cannot operate for days or beyond. Improper software or hardware setup can not only cause performance issues such as slow response but also lead to data breaches. Malicious phishing attacks are emailed on an ongoing basis, without proper setup an employee’s mistake of clinking on a link may lead to malware, compromised passwords and systems. Perhaps the real value of the IT infrastructure and the business reliance on it were not scrutinized until the small problems became momentous.  

So what  can a service provider do for you and your company? While no one can guarantee that IT problems will never occur, a professional services organization like Network Management Solutions can ensure that problems are reduced to a minimum and the effects of any outages are quickly recognized and mitigated.

A proper Managed Service Provider (MSP) will make certain that your infrastructure is appropriately designed to meet the business information needs, focusing on reliability, information security, and performance. This may include ensuring desktop computers are maintained, servers are updated, security patches are applied, outages are addressed in real time, and the overall health of the infrastructure is monitored to prevent and mitigate potential outages. Additionally, an MSP will identify design flaws and recommend measures that will improve service levels, security, and data retention. You can’t get these services from a full time employee acting as a part time IT resource, or a part time IT firm of 2 people that may be assisting other customers and cannot address your business needs for days.

If you are interested in protecting your business, its information assets, and the systems that help it operate while maintaining a fiscally sound approach we would like to speak with you. Network Management Solutions can be reached at 908-232-0100.  Please contact us for a free, confidential discussion to learn more about how we can assist your organization.

How To Select A Managed Services Provider

You have a growing business that relies on computer based technology. What do I mean?… well, computers, operating systems, servers, networks, internet connections, cloud infrastructure, and data sharing applications. Yeah it all sounds overwhelming and jargon filled but you need these things to run your business.

You have been getting by with support from an internal resource or two that have a little information technology experience but maintain other full time responsibilities within the business. You might also as well utilize an outside resource at your internet service provider or local computer store.  You know its not efficient, it’s a drain on your internal resources and problems seem to fester.  Its time for a change but what’s next? 

This article is intended to help guide you towards a solution, that will free internal resources from ad-hoc IT tasks and enable your employees to focus on their intended functions, as well help you to have a problem management process and secure technology infrastructure that most effectively supports your business.

Introducing the Managed Services Provider, or maybe you already have one, but it doesn’t seem to be working out. Hopefully these steps will set you on a path towards solving the dilemma and keeping your IT systems and information secure and in top shape.  

  1. Identify your infrastructure. Identify what internal and external infrastructure exists that supports your business. What I’m talking about are computers, servers, network connections and applications. If you’re not quite sure how to gather this information, many Managed Services Providers will assist in the process through an information technology assessment. An information technology assessment should be routine to an MSP and some will credit the cost of the assessment if you decide to sign up for their ongoing services.
  2. Identify your service needs. Decide what elements of the overall internal and external infrastructure need oversight. For example if you host an internal email server, or database server, is this something a third party could take on the management of? Do you require proactive management of network connections, servers, and applications, or do you just wait until they fail and scramble to identify where the problem is? Perhaps our IT problems page, or evaluation checklists can help you come up to speed and refine your approach.
  3. Assemble your business requirements. Now that you have a clear understanding of the components in your infrastructure and service requirements, such as proactive monitoring of critical systems, problem management support, support hours and response times, document these items as they will be critical in moving forward towards a decision on a new Managed Services Provider.  
  4. Interview potential Managed Services Providers. Find out what services each company provides and how they map to your business requirements. Do they have the staff, experience, and hours of coverage to support the business requirements; can they respond in the required timeframes; do they provide ongoing updates on service outages, or operating systems updates and patches?  Is there a standard service level agreement that defines how issues are managed and can it be customized to support your specific requirements?  Identify the cost of services for supporting your current requirements as well as the costs as your business and infrastructure grows.
  5. Select a Managed Services Provider. Establish clear service level agreements defining services provided, operating procedures, response time agreements, as well as key contacts and escalation procedures. Also establish the ongoing reporting provided by the Managed Services Provider and have the reports customized to meet your specific needs.
  6. Review ongoing performance. Review reports provided by your Managed Services Provider and compare them to your service level agreement. Most importantly maintain an open and honest dialogue with your Managed Services Provider. Clear open communications will foster the results you are looking for while strengthening the partnership and mutual respect and trust in the business arrangement.

Network Management Solutions has been providing custom information technology solutions since 1996 for large, mid-sized and small business.  All of our services, including our Managed Service Provider solutions are customized to support our client’s business needs. For more information please call us at 908-232-0100, also reference our online questionnaires and toolbox.

Network Management Solutions  www.nmscorp.com. Please reach out we want to assist you in making your business better.

What Applications Are Running In Your Network?

Do you know the answer?  While perhaps your company is well equipped and can answer the question, many small to mid-sized companies cannot. If you find that you are among the firms that cannot answer the question you should take an interest in knowing.

Why you ask?  Here are five important reasons:

  1. Financial – Computing and network resources are costly. Resources that are utilized for non-business purposes consume precious resources and cost the company money. Some personal communications may be acceptable but there are limits that certain individuals might take advantage of.
  2. Security – Unauthorized or rouge applications may impact information security. When properly utilized as part of an overall strategy, applications such as Dropbox or Google Drive may be great for your business. However they may also provide a platform for lost data, data leakage, or theft if being utilized without company knowledge or appropriate safeguards. The problem may be further compounded when an employee has resigned and maintains the information stored on Internet devices.
  3. Productivity – It may be within the boundaries of your business policies to allow employees to use Facebook, Twitter, personal email, and surf the web within certain timeframes. Without being able to measure usage you may have undesired activity that negatively impacts productivity, is detrimental to the business culture, and or potentially creates a hostile work environment
  4. Piracy – Software piracy not only affects the developer but also the company that installs the software. An IDC study found that 37 percent of midsized companies that participated in software audits had pirated software within their environment. While there are obvious impacts to the developer with lost revenue and potential dissatisfaction of those using pirated software, many times pirated software contains vulnerabilities including viruses, worms and Trojans. Employee devices containing pirated software that are used within the business environment can contribute to compromise of  the company network.
  5. Reputation – With all of the online media your business reputation can suffer serious harm. Social media can help spread news around the globe in a matter of moments. With companies searching online for the products or services your company offers having bad things show up in search engines can directly impact your bottom line. News of a breach, low employee morale, or piracy can seriously damage the business reputation.

Engaging a consulting company that can perform regular audits of your business infrastructure or managed service providers that can monitor activity in real-time can be a cost effective solution to the problem.

Network Management Solutions has been providing pragmatic solutions for business since 1996. For more information please contact us.

Social Engineering An Ongoing Security Threat

There have been numerous high profile data breaches including companies such as Home Depot, Dairy Queen, Lowes, Goodwill Industries and Jimmy Johns.  The commonality between these organizations is that they were all Point of Sale (PoS) breaches.  Malware was planted within the PoS syststem that enabled credit card data to be stolen from unknowing customers at checkout.

While state laws mandate disclosure of certain breaches, the manner in which a breach occurs is generally not part of the disclosure. The most recent round of PoS breaches have been blamed on 3rd party vendors that supply the PoS hardware and software with speculation that all began due to a compromise of login credentials.

Unfortunately most breaches go on for months with the compromised organization being notified by law enforcement and not their internal security or IT staff. In the case of the Backoff malware used to compromise PoS systems the virus was detected in October 2013 however antivirus products did not identify it until August 2014. The United States Secret Service currently estimates that over 1,000 US businesses are affected.

One frequent way in which these types of compromises commence and login credentials are compromised is through social engineering.  While there are ways to reduce the impact of lost or compromised credentials we want to focus on the threat imposed by social engineering.

Social engineering is the art of manipulating individuals to divulge confidential information such as passwords, account information, or to allow the attacker to gain control over their computer. The goal of the fraudster is to secure a foothold into the target organization before the target has had an opportunity to think. An adept social engineer relies on an individual’s innate trust in order to garner the information they are after.  Depending on the organization, it is generally easier to socially engineer a foothold then to exploit technical vulnerabilities.

Social exploits can come in the form of an email, text message, phone call or otherwise. Messages may have malicious content sent as attachments that contain malware.  In other cases the target might click on a embedded link in a message that downloads malware or requests confidential information such as network login credentials, banking information or personal and private information such as DOB, SSN, etc.  Common scenarios often used to bait targets includes being told they have won something, their computer needs repair, a friend is in need, or a charity is looking for support.

During this year’s Social Engineering Capture the Flag (SECTF) competition at DEF CON 22, nine teams placed cold calls into a variety of large retailers including Home Depot, CVS, Costco, Lowe’s, Macy’s, RiteAid, Staples, Walgreens, and Walmart to glean confidential information.  According to an article covering the event none of the retailers did well enough to pass.

Prior to the competition each team scoured public records from open source information databases to assist each team to understand the target company better and devise its approach. One team discovered that a retailer’s public website contained a portal to its corporate intranet. This portal connection provided access to the internal network without employee credentials. In addition the website itself contained an online instructional document on how to access the intranet with a sample login username and password that was functional. Once the team discovered this information they went no further. Unknowing the company had created a major vulnerability that left the door open for hackers to further exploit their internal systems.

Does your IT department have the ability to recognize serious architectural flaws which could lead to hacking? Are third party resources engaged to review your security posture on an ongoing basis? How well does your company prepare its employees to recognize potential social engineering attacks? Are employees prepared to resist the temptation to click on links when a prize has been offered or a fraudulent email advises that their login credentials need to be updated, or question a caller posing as an IT worker, BEFORE acting? It only takes one employee to slip for the organization to fall prey to a social engineering attack that could result in a serious breach. Training must be provided on an ongoing basis if the organization is to withstand a targeted attack.

Network Management Solutions has been assisting organizations to build, monitor and protect their information assets since 1996. Please contact us for further information and assistance.

Security Risks Imposed By The Use Of USB Drives

Portable flash drives also called thumb drives, USB drives or memory sticks have become commonplace.  They offer high capacity data storage and portability of information between computers easily plugging into USB or FireWire ports.   Flash drives have become novelty giveaways at trade shows containing marketing material or other information the presenter wishes to convey.  USB drives offer convenience but they don’t come without some potential security risks to your business .

So you now can carry around terabytes of data in your pocket, that’s great but it also means you can easily misplace the data stored on the device.  Considering your line of business and what you or your or your employees might store on the drive you may have regulatory issues to address.

While covered entities (organizations that maintain regulated information) need to report lost or stolen computers containing personal and private information such as social security numbers or healthcare information, or other sources of data leakage, the same holds true for portable data storage devices.  Not only do these requirements apply to your business they also apply to any business partner you might engage to work with protected information on your behalf.

Earlier this year a small Massachusetts physician practice was fined $150,000 after the theft of an unencrypted USB flash drive containing the medical records of 2200 patients from an employee vehicle.  The fine was levied principally due to the failure of the organization to have conducted a risk assessment in using flash drives and putting in place proper data handling and notification procedures.

Hackers write custom viruses that target USB drives as the threat is easily ported between computers by simply plugging the device into its USB port.  Making certain that anti-virus software is up to date and that flash drives are scanned when plugged into a computer is essential to blocking such threats.  Some organizations go so far as to turn off the USB ports on their computers to stop viruses from being imported via employee USB memory sticks.

So what should an organization do to protect itself?  Here are some recommendations:

  • Consider if USB or other portable drives should be utilized within the business.
  • If so, is this a necessity or more of a convenience and are there other ways to produce the same outcome?
  • Consider what data is permissible to be stored on flash drives and who within the organization may do so.
  • Develop policies and procedures that cover acceptable use, storage, handling and notification procedures should a drive come up missing.  Share these documents within the organization and hold your employees responsible for following them.
  • Encrypt sensitive data stored to memory sticks.  The best encryption is hardware based and not all memory sticks are the same.  You can get more information here on the best devices.
  • Password protect thumb drives and consider using tamper proof devices that can overwrite the contents if a maximum number of password attempts is reached or the device case is tampered with.
  • Maintain all computer based antivirus software and scan all thumb drives as they are inserted into computers.
  • If you must use USB drives store them in a safe place where they will not be lost or stolen.
  • Do not allow personal USB drives, or company data to be stored or accessed on personal use machines.  If your employees work from home provide a business computer that is secured and maintained by the business.

Network Management Solutions has been providing pragmatic solutions for business since 1996.  For more information please contact us.

Small Business A Prime Data Breach Candidate

Has the news reached your computer?  Small business is a prime candidate for hackers looking to capitalize on an unprepared target.  What do I have to loose you might think, but think again.  You may have financial assets, bank accounts, intellectual property, credit cards, protected personal information, or even your business reputation at risk.

While you may believe that none of this matters, the turmoil created by a breach is a nightmare to remediate taking months or longer to recover from.  Some incidents carry on undetected for years and end in court cases with the compromised business as a defendant fighting lawsuits and regulatory fines. Not withstanding the legal challenges you may find your business suffering from reputational harm or an inability to recover funds from a financial hack.

When business magazines such as Forbes and Inc. are writing about small business being targets you know things have reached a tipping point.  For further information check out the list of identified firms compromised so far this year at the Identify Theft Resource Center.

So why is small business a prime candidate for data breaches, the answer is simple.  Small businesses typically have weak information security programs.  The technology deployments are limited and improperly configured; management and employees are not security aware; the ability to detect most compromises early on is non-existent; and the business is information and asset rich to a would be attacker.  Business owners compound the problems being technology averse, believing that it’s all too complex and all too costly to manage.  So the task gets delegated, underfunded, or left to chance, none of which are viable in the long term.

Pragmatic solutions are available that won’t disrupt business operations or strain company budgets.  Employees and management can become better stewards and learn simple security best practices and the reasoning behind them.  A robust program integrates technology, business practices, operational procedures and point insurance products.  A well-crafted security program protects the business from financial, reputational, legal and regulatory issues.  Integrated within the business operation the security program is generally simple to maintain and effective in its objectives.

Ensuring that you engage the appropriate resources, as part of your security strategy is key.  Most small companies don’t have the internal resources to commit to develop and maintain the security program and hiring such resources can be costly.  Utilizing a managed service provider is an excellent cost affective approach to identify business requirements, develop solutions and maintain the program ongoing.

About Network Management Solutions

Network Management Solutions (NMS) has been helping companies address their business and technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia.

Please contact NMS to schedule a no obligation, consultation to discuss your concerns.  We will provide expert advice in simple business terms on how to best meet your business needs.  NMS can be reached by phone or email at 908-232-0100 or info@nmscorp.com.  More information on Network Management Solutions can be found at www.nmscorp.com.

Investing in Your Business Infrastructure

Your business provides products or services that are important to its customers. As a viable entity the business provides investors, owners, management and employees an income and is vital to the financial well being of those involved. Every business is part of a commercial ecosystem and a micro economy in itself. In an effort to compete and stay viable why do so many business owners ignore the need for good information technology and security practices?

Admittedly for most it’s not a great topic of discussion. Information security and information technology in general is considered by most individuals too complex, too foreign, and best left to computer geeks to sort out. Well if you are in a position of responsibility within your organization you might agree, but it would be a dereliction of your duties not to be involved in defining overall technology objectives while reviewing outcomes ongoing.

Why? The operation of business today depends on information technology and information security. There may be some companies out there that still get by with pens and paper but they are very few. Most business relies on email, the web, databases, online banking, and perhaps some computer automation. A breakdown or breach of IT systems can be very disruptive and costly.  Ever contacted a business to order something when their systems were down?  How well did they meet your needs?

Most small business owners ignore the importance of information technology in their business planning.  This leaves the company prone to inevitable breaches, outages, and data losses. Too often simple maintenance and upgrades are ignored for extended periods of time and ultimately the lack of oversight backfires. We have seen businesses shut down by outages.

By the time a crisis occurs all the perceived money saved is long spent in lost productivity and potential reputational harm to the business. You might think you can hide the weaknesses from your customers but they know through their ongoing service experience. Many times your employees will tell your customers of recurring problems before they tell you.

Building and maintaining pragmatic IT solutions is the most cost effective and efficient way to operate. That’s not always easy to do as the latest technology is like a drug to some staff, and the vendor supplying it wants to move as much of the latest greatest as possible. Your involvement and the use of outside consulting are critical in developing, and maintaining your best interests.

Business objectives should be clearly defined with an IT plan supporting each objective in plain English.  There is no need for all the tech jargon. A simple question like how do we ensure data security should drive clearly defined objectives and an information technology roadmap that meets each point, which any layperson can understand.  Keep it simple, stay involved, your business depends on it.

About Network Management Solutions

Since 1996 Network Management Solutions (NMS) has been helping companies best meet their business objectives with pragmatic solutions.  Please contact us with your concerns we are here to help.  Network Management Solutions can be reached at 908-232-0100 or by email at info@nmscorp.com.  Further information can be found at our website, www.nmscorp.com

Facing The Realities Of A Data Breach

Most small to mid-sized business don’t consider themselves to be a data breach target and therefore never develop an incident response plan.  Having to respond to a data breach in real time without a plan can be challenging at best.  Some would call it a nightmare.

Your obligations and approach can vary widely depending on your business and the type of information you maintain.  Has data been destroyed or deleted, have passwords and accounts been compromised, have financial accounts been accessed and funds diverted, or has a database containing credit card or other sensitive information been inappropriately accessed?  How do you know?  A plan helps you to sort out the questions and set a direction to meet your business obligations and move systematically towards recovery.

How did you become aware?  Did an external source notify you such as your bank or law enforcement?  Do you believe that the incident was triggered by an internal or external event, was it intentional?  Often errors by internal staff can create an exposure of sensitive information that is then utilized by an outside source or it can be a calculated collaborative effort between the two.  An external hack may be the result of a targeted effort or weakness that is exploited through non-solicited emails, or a web or application interface.  Regardless of what has happened and how it happened still requires action.

So what are the steps to recovery and whom do you notify? A general approach might be as follows:

Build A Team: Form a team that will be tasked with specific events addressing legal, information security, management, public relations and other concerns.

Discuss Events and Develop Approach: Identifying timelines and events leading up to the incident can be key in establishing a direction and approach for remediating and investigating the breach.

Discuss Legal and Public Relations Requirements: Understanding your business obligations is critical as this will determine what steps you must take to address any legal or regulatory concerns.  Effective public relations will help preserve your business name.

Engage Appropriate Resources: This may include your financial institution, law enforcement, incident response resources, legal counsel, among others.

Commence Data Collection and Analysis:  Collection of computer data, log records and other digital forensic evidence is key to any investigation.  Professionals are required to ensure proper protocol and preservation of evidence. Many untrained computer personnel destroy evidence or miss the breach source so the compromise continues.

Address Legal and Regulatory Requirements: Based on your analysis you may be legally obligated to notify regulatory bodies and affected entities.  Timely response is of great importance. Your business partners may need to be engaged.

Notify Affected Parties: Those affected by the breach may need to be notified by law and the protocol may vary state to state.  This includes individuals that may have had credit card information, or personal and private information exposed.  Others such as business partners may need to know to ensure that they too are not affected.

Assuming that law enforcement will investigate is highly unlikely.  Unless your compromise a matter of national concern or has a multi million-dollar impact or you can pinpoint insiders there is little aw enforcement will do.  You will need to manage the investigation largely on your own.

Maintaining a robust information security program will greatly reduce the likelihood and severity of a data breach.  Having an incident response plan will provide the roadmap to address a data breach in a timely and concise manner protecting both your business and its reputation.

Please contact Network Management Solutions for more information.  We can be reached at 908-232-0100 or info@nmscorp.com.  Our website can be reached at www.nmscorp.com.

A Critical Need for Strong Information Security Practices

Who is responsible for your information security practices and why?  If you are the business owner, CEO, or other key executive have you discussed with the individual or organization what your information security goals are?  I am not talking about a technical discussion but rather a discussion in business terms.  Are there defined security standards to which the organization adheres?  Is information security become part of the business culture?

Too many business leaders don’t find a discussion necessary and assume that their input is not necessary or the conversation too painful to manage.  Having spent a career dealing with information technology and security personnel I can relate.  However when your input is not part of the conversation don’t assume that anything is secure.  Don’t believe what your “expert” tells you unless its been verified.

Now perhaps you are a large organization and as the CEO you are too busy to deal with the techies.  Your CIO or CISO are boring and you believe you’d be more productive painting your dog’s nails.  Well there is a long list of CEO’s and board members that might wish they were more involved.  The Target Corp and Neiman Marcus are more of the same.

Hackers are sophisticated and operate in ways most organizations don’t understand.  Their probing, testing and theft happens over long periods of time.  It’s not like a theft at a storefront or bank.  Hackers rely on being stealth and their activities can last months or even years.  They are operating within your company walls from far off places on the other side of the world and your security operations staff has no idea this is occurring.

Most organizations find out about their compromise from law enforcement as they investigate criminal activity on a global scale.  However it’s still your problem. Unless your hack is a matter of national security the amount of cooperation you receive from the FBI or USSS will be negligible and may be non-existent.  Its not that they don’t want to help but these agencies are focused on national security and money supply and their resources are stretched.

So you’re a small business and you believe that you are off the grid, out of the loop.  Well that is not the case.  Depending on how events are tracked and who is reporting statics show that about one-third of all attacks involve small business

and sometimes these “attacks” come from inside the organization.  That may be shocking to a small business owner but small business is easy prey.  As a small business owner you should be asking all the right questions since your banking accounts, operation, customer information and reputation are at risk.

Often the hacker can penetrate a small organization because the architecture is flawed, devices are not properly maintained, patches are not applied, and no one is being held accountable.  As a small business owner you must be involved and must be asking the right questions.

Network Management Solutions has been helping companies address business driven technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia.

Please contact NMS to schedule a free one-hour no obligation consultation to discuss your concerns.  We will provide expert advice in simple business terms on how to best address your issues through NMS or another provider.  NMS can be reached by phone or email at 908-232-0100 or info@nmscorp.com.  More information on Network Management Solutions can be found at www.nmscorp.com.