Small Business A Prime Data Breach Candidate

Has the news reached your computer?  Small business is a prime candidate for hackers looking to capitalize on an unprepared target.  What do I have to loose you might think, but think again.  You may have financial assets, bank accounts, intellectual property, credit cards, protected personal information, or even your business reputation at risk.

While you may believe that none of this matters, the turmoil created by a breach is a nightmare to remediate taking months or longer to recover from.  Some incidents carry on undetected for years and end in court cases with the compromised business as a defendant fighting lawsuits and regulatory fines. Not withstanding the legal challenges you may find your business suffering from reputational harm or an inability to recover funds from a financial hack.

When business magazines such as Forbes and Inc. are writing about small business being targets you know things have reached a tipping point.  For further information check out the list of identified firms compromised so far this year at the Identify Theft Resource Center.

So why is small business a prime candidate for data breaches, the answer is simple.  Small businesses typically have weak information security programs.  The technology deployments are limited and improperly configured; management and employees are not security aware; the ability to detect most compromises early on is non-existent; and the business is information and asset rich to a would be attacker.  Business owners compound the problems being technology averse, believing that it’s all too complex and all too costly to manage.  So the task gets delegated, underfunded, or left to chance, none of which are viable in the long term.

Pragmatic solutions are available that won’t disrupt business operations or strain company budgets.  Employees and management can become better stewards and learn simple security best practices and the reasoning behind them.  A robust program integrates technology, business practices, operational procedures and point insurance products.  A well-crafted security program protects the business from financial, reputational, legal and regulatory issues.  Integrated within the business operation the security program is generally simple to maintain and effective in its objectives.

Ensuring that you engage the appropriate resources, as part of your security strategy is key.  Most small companies don’t have the internal resources to commit to develop and maintain the security program and hiring such resources can be costly.  Utilizing a managed service provider is an excellent cost affective approach to identify business requirements, develop solutions and maintain the program ongoing.

About Network Management Solutions

Network Management Solutions (NMS) has been helping companies address their business and technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia.

Please contact NMS to schedule a no obligation, consultation to discuss your concerns.  We will provide expert advice in simple business terms on how to best meet your business needs.  NMS can be reached by phone or email at 908-232-0100 or info@nmscorp.com.  More information on Network Management Solutions can be found at www.nmscorp.com.

Investing in Your Business Infrastructure

Your business provides products or services that are important to its customers. As a viable entity the business provides investors, owners, management and employees an income and is vital to the financial well being of those involved. Every business is part of a commercial ecosystem and a micro economy in itself. In an effort to compete and stay viable why do so many business owners ignore the need for good information technology and security practices?

Admittedly for most it’s not a great topic of discussion. Information security and information technology in general is considered by most individuals too complex, too foreign, and best left to computer geeks to sort out. Well if you are in a position of responsibility within your organization you might agree, but it would be a dereliction of your duties not to be involved in defining overall technology objectives while reviewing outcomes ongoing.

Why? The operation of business today depends on information technology and information security. There may be some companies out there that still get by with pens and paper but they are very few. Most business relies on email, the web, databases, online banking, and perhaps some computer automation. A breakdown or breach of IT systems can be very disruptive and costly.  Ever contacted a business to order something when their systems were down?  How well did they meet your needs?

Most small business owners ignore the importance of information technology in their business planning.  This leaves the company prone to inevitable breaches, outages, and data losses. Too often simple maintenance and upgrades are ignored for extended periods of time and ultimately the lack of oversight backfires. We have seen businesses shut down by outages.

By the time a crisis occurs all the perceived money saved is long spent in lost productivity and potential reputational harm to the business. You might think you can hide the weaknesses from your customers but they know through their ongoing service experience. Many times your employees will tell your customers of recurring problems before they tell you.

Building and maintaining pragmatic IT solutions is the most cost effective and efficient way to operate. That’s not always easy to do as the latest technology is like a drug to some staff, and the vendor supplying it wants to move as much of the latest greatest as possible. Your involvement and the use of outside consulting are critical in developing, and maintaining your best interests.

Business objectives should be clearly defined with an IT plan supporting each objective in plain English.  There is no need for all the tech jargon. A simple question like how do we ensure data security should drive clearly defined objectives and an information technology roadmap that meets each point, which any layperson can understand.  Keep it simple, stay involved, your business depends on it.

About Network Management Solutions

Since 1996 Network Management Solutions (NMS) has been helping companies best meet their business objectives with pragmatic solutions.  Please contact us with your concerns we are here to help.  Network Management Solutions can be reached at 908-232-0100 or by email at info@nmscorp.com.  Further information can be found at our website, www.nmscorp.com

Are Shadow Cloud Services In Use Within Your Business?

Shadow Cloud Services are unsanctioned networks and services that are subscribed to by individuals and business groups without the involvement or knowledge of Information Technology, Security, Compliance Groups, or others.  These services can pose serious risks to the business including data leakage, data integrity, business continuity, and regulatory compliance issues. This is a formidable exposure for both the small business owner and the larger enterprise.

The ability for an individual or group to procure services for collaboration or individual use at a low cost price point makes it an attractive way for some to bypass IT and do things “on their own”.  Services that fall under this can include collaboration software, remote storage, customer relationship and human resources applications.

There may be considerable financial implications in larger enterprises due to duplication of services.  However, there are business risks that can far outweigh operating costs, including loss of intellectual property and trade secrets, regulated data exposures and the breach of rules pertaining to data handling, along with business continuity problems.  For the small business owner a rogue employee(s) utilizing personal cloud storage could lead to serious issues.

In a survey, conducted by Frost and Sullivan, of 300 IT employees and 300 business unit managers 80% of respondents reported using SaaS (Software as a Service) applications that were not approved by IT.  This is the equivalent of business units running non-sanctioned manufacturing facilities, offices, or lines of business.

Skyhigh Networks recently conducted a study of 200,000 public sector employees with various organizations in the U.S. and Canada.  The study found that the use of shadow cloud services was on average 10 times greater than the applications that IT was running within these government organizations.  A copy of the report can be downloaded here.  This is a serious issue that must be addressed if the government is to protect our personal information and control costs.

The ability to identify unsanctioned or rogue usage can be a complex issue to solve for most organizations large and small.  The outcome however can be well worth the effort and potentially avert serious issues.

About Network Management Solutions

Network Management Solutions (NMS) has been helping companies address their business and technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia. For more information please contact us.

Superstorm Sandy Tested Business Continuity Plans

Superstorm Sandy ripped through the Northeast at the end of October creating significant damage throughout New York and New Jersey.  Many residents and businesses were without power for days and in many instances weeks. The storm damaged coastal homes and properties and in certain cases devastated entire towns.

How did your business fare during and after the storm? If you were not seriously impacted was it due to being prepared or were you lucky? Were you prepared in that you had a Business Continuity Plan (BCP) in place to call on, or were you lucky that you were able to scramble for alternatives, or were there no significant service disruptions experienced? Did your prior planning ensure that redundancy was available and alternate measures in place to sustain business operations and that those who could not get to work had designees in place to take over in the interim?

Now is the time to take stock of your preparedness and assess what went well and how you might have done better. Many times an outage will expose weaknesses in a company’s BCP and Disaster Recovery Planning.  We heard from numerous businesses that felt the effects of Sandy and realized they were not prepared.  Equipment damage, data losses and long standing service outages and an inability to rapidly provide alternate resources hurt those businesses.

Companies that prepared plans and tested their viability ongoing did remarkably well.  Critical services were available and key business activities continued. The effort to develop, execute and manage the plan was well worth it to those who prepared.

Network Management Solutions provides Business Continuity and Disaster Recovery Planning.  For more information please contact us.