Small Business A Prime Data Breach Candidate

Has the news reached your computer?  Small business is a prime candidate for hackers looking to capitalize on an unprepared target.  What do I have to loose you might think, but think again.  You may have financial assets, bank accounts, intellectual property, credit cards, protected personal information, or even your business reputation at risk.

While you may believe that none of this matters, the turmoil created by a breach is a nightmare to remediate taking months or longer to recover from.  Some incidents carry on undetected for years and end in court cases with the compromised business as a defendant fighting lawsuits and regulatory fines. Not withstanding the legal challenges you may find your business suffering from reputational harm or an inability to recover funds from a financial hack.

When business magazines such as Forbes and Inc. are writing about small business being targets you know things have reached a tipping point.  For further information check out the list of identified firms compromised so far this year at the Identify Theft Resource Center.

So why is small business a prime candidate for data breaches, the answer is simple.  Small businesses typically have weak information security programs.  The technology deployments are limited and improperly configured; management and employees are not security aware; the ability to detect most compromises early on is non-existent; and the business is information and asset rich to a would be attacker.  Business owners compound the problems being technology averse, believing that it’s all too complex and all too costly to manage.  So the task gets delegated, underfunded, or left to chance, none of which are viable in the long term.

Pragmatic solutions are available that won’t disrupt business operations or strain company budgets.  Employees and management can become better stewards and learn simple security best practices and the reasoning behind them.  A robust program integrates technology, business practices, operational procedures and point insurance products.  A well-crafted security program protects the business from financial, reputational, legal and regulatory issues.  Integrated within the business operation the security program is generally simple to maintain and effective in its objectives.

Ensuring that you engage the appropriate resources, as part of your security strategy is key.  Most small companies don’t have the internal resources to commit to develop and maintain the security program and hiring such resources can be costly.  Utilizing a managed service provider is an excellent cost affective approach to identify business requirements, develop solutions and maintain the program ongoing.

About Network Management Solutions

Network Management Solutions (NMS) has been helping companies address their business and technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia.

Please contact NMS to schedule a no obligation, consultation to discuss your concerns.  We will provide expert advice in simple business terms on how to best meet your business needs.  NMS can be reached by phone or email at 908-232-0100 or info@nmscorp.com.  More information on Network Management Solutions can be found at www.nmscorp.com.

Investing in Your Business Infrastructure

Your business provides products or services that are important to its customers. As a viable entity the business provides investors, owners, management and employees an income and is vital to the financial well being of those involved. Every business is part of a commercial ecosystem and a micro economy in itself. In an effort to compete and stay viable why do so many business owners ignore the need for good information technology and security practices?

Admittedly for most it’s not a great topic of discussion. Information security and information technology in general is considered by most individuals too complex, too foreign, and best left to computer geeks to sort out. Well if you are in a position of responsibility within your organization you might agree, but it would be a dereliction of your duties not to be involved in defining overall technology objectives while reviewing outcomes ongoing.

Why? The operation of business today depends on information technology and information security. There may be some companies out there that still get by with pens and paper but they are very few. Most business relies on email, the web, databases, online banking, and perhaps some computer automation. A breakdown or breach of IT systems can be very disruptive and costly.  Ever contacted a business to order something when their systems were down?  How well did they meet your needs?

Most small business owners ignore the importance of information technology in their business planning.  This leaves the company prone to inevitable breaches, outages, and data losses. Too often simple maintenance and upgrades are ignored for extended periods of time and ultimately the lack of oversight backfires. We have seen businesses shut down by outages.

By the time a crisis occurs all the perceived money saved is long spent in lost productivity and potential reputational harm to the business. You might think you can hide the weaknesses from your customers but they know through their ongoing service experience. Many times your employees will tell your customers of recurring problems before they tell you.

Building and maintaining pragmatic IT solutions is the most cost effective and efficient way to operate. That’s not always easy to do as the latest technology is like a drug to some staff, and the vendor supplying it wants to move as much of the latest greatest as possible. Your involvement and the use of outside consulting are critical in developing, and maintaining your best interests.

Business objectives should be clearly defined with an IT plan supporting each objective in plain English.  There is no need for all the tech jargon. A simple question like how do we ensure data security should drive clearly defined objectives and an information technology roadmap that meets each point, which any layperson can understand.  Keep it simple, stay involved, your business depends on it.

About Network Management Solutions

Since 1996 Network Management Solutions (NMS) has been helping companies best meet their business objectives with pragmatic solutions.  Please contact us with your concerns we are here to help.  Network Management Solutions can be reached at 908-232-0100 or by email at info@nmscorp.com.  Further information can be found at our website, www.nmscorp.com

A Critical Need for Strong Information Security Practices

Who is responsible for your information security practices and why?  If you are the business owner, CEO, or other key executive have you discussed with the individual or organization what your information security goals are?  I am not talking about a technical discussion but rather a discussion in business terms.  Are there defined security standards to which the organization adheres?  Is information security become part of the business culture?

Too many business leaders don’t find a discussion necessary and assume that their input is not necessary or the conversation too painful to manage.  Having spent a career dealing with information technology and security personnel I can relate.  However when your input is not part of the conversation don’t assume that anything is secure.  Don’t believe what your “expert” tells you unless its been verified.

Now perhaps you are a large organization and as the CEO you are too busy to deal with the techies.  Your CIO or CISO are boring and you believe you’d be more productive painting your dog’s nails.  Well there is a long list of CEO’s and board members that might wish they were more involved.  The Target Corp and Neiman Marcus are more of the same.

Hackers are sophisticated and operate in ways most organizations don’t understand.  Their probing, testing and theft happens over long periods of time.  It’s not like a theft at a storefront or bank.  Hackers rely on being stealth and their activities can last months or even years.  They are operating within your company walls from far off places on the other side of the world and your security operations staff has no idea this is occurring.

Most organizations find out about their compromise from law enforcement as they investigate criminal activity on a global scale.  However it’s still your problem. Unless your hack is a matter of national security the amount of cooperation you receive from the FBI or USSS will be negligible and may be non-existent.  Its not that they don’t want to help but these agencies are focused on national security and money supply and their resources are stretched.

So you’re a small business and you believe that you are off the grid, out of the loop.  Well that is not the case.  Depending on how events are tracked and who is reporting statics show that about one-third of all attacks involve small business

and sometimes these “attacks” come from inside the organization.  That may be shocking to a small business owner but small business is easy prey.  As a small business owner you should be asking all the right questions since your banking accounts, operation, customer information and reputation are at risk.

Often the hacker can penetrate a small organization because the architecture is flawed, devices are not properly maintained, patches are not applied, and no one is being held accountable.  As a small business owner you must be involved and must be asking the right questions.

Network Management Solutions has been helping companies address business driven technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia.

Please contact NMS to schedule a free one-hour no obligation consultation to discuss your concerns.  We will provide expert advice in simple business terms on how to best address your issues through NMS or another provider.  NMS can be reached by phone or email at 908-232-0100 or info@nmscorp.com.  More information on Network Management Solutions can be found at www.nmscorp.com.

Are Shadow Cloud Services In Use Within Your Business?

Shadow Cloud Services are unsanctioned networks and services that are subscribed to by individuals and business groups without the involvement or knowledge of Information Technology, Security, Compliance Groups, or others.  These services can pose serious risks to the business including data leakage, data integrity, business continuity, and regulatory compliance issues. This is a formidable exposure for both the small business owner and the larger enterprise.

The ability for an individual or group to procure services for collaboration or individual use at a low cost price point makes it an attractive way for some to bypass IT and do things “on their own”.  Services that fall under this can include collaboration software, remote storage, customer relationship and human resources applications.

There may be considerable financial implications in larger enterprises due to duplication of services.  However, there are business risks that can far outweigh operating costs, including loss of intellectual property and trade secrets, regulated data exposures and the breach of rules pertaining to data handling, along with business continuity problems.  For the small business owner a rogue employee(s) utilizing personal cloud storage could lead to serious issues.

In a survey, conducted by Frost and Sullivan, of 300 IT employees and 300 business unit managers 80% of respondents reported using SaaS (Software as a Service) applications that were not approved by IT.  This is the equivalent of business units running non-sanctioned manufacturing facilities, offices, or lines of business.

Skyhigh Networks recently conducted a study of 200,000 public sector employees with various organizations in the U.S. and Canada.  The study found that the use of shadow cloud services was on average 10 times greater than the applications that IT was running within these government organizations.  A copy of the report can be downloaded here.  This is a serious issue that must be addressed if the government is to protect our personal information and control costs.

The ability to identify unsanctioned or rogue usage can be a complex issue to solve for most organizations large and small.  The outcome however can be well worth the effort and potentially avert serious issues.

About Network Management Solutions

Network Management Solutions (NMS) has been helping companies address their business and technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia. For more information please contact us.

Securing Your Desktop Computers

Perhaps you were aware that support for your business computers using the Windows XP operating system was being discontinued as of April 8, 2014, maybe not.   Were you able to compile an inventory of the Windows XP machines in use at your business or in virtual home offices of your employees and upgrade them?  Why as a business owner, office manager, or IT support person should you care and be motivated to come up with a plan if you have yet to?

Your business is vulnerable.  According to global security solutions provider Symantec, over 30% of targeted spear phishing attacks during 2013 were aimed at companies with less than 250 employees.  End of life support by Microsoft for the Windows XP operating system eliminates critical support updates that help ensure the security and reliability of the operating system as well as on-line technical information updates that help techies resolve issues when PCs have problems.  If you think that your virus software will protect your XP computers, you are mistaken.

Cyber criminals target organizations to steal and or store stolen information.  Small businesses are targets since stealth attacks or the storage of stolen information can persist for long periods of time without detection.  Targeted attacks result in malware being planted within an unsuspecting company that then provides hackers access to the target company’s computers.

As a business, you may have both legal and regulatory compliance issues, if you process credit cards and or store personal and private information such as social security numbers, driver’s license numbers, bank and credit/debit card numbers, healthcare records, etc.  Even if you don’t have such information, the loss or compromise of your company intellectual property and bank accounts, client data, and other sensitive information can lead to significant reputational harm, financial losses, and legal problems.

In an article published earlier this year titled “Why Your Small Business Is at Risk of a Hack Attack” Entrepreneur provides an overview of what is happening with the world of cyber crime.  This is a quick worthwhile read if you want to learn more of how and why your business may be a target.

Network Management Solutions has been helping companies address business driven technology issues since 1996.  We are currently serving a variety of customers within New Jersey, New York, and the surrounding metro areas of New York and Philadelphia.

You may contact NMS to schedule a free one-hour no obligation consultation to discuss your concerns.  We will provide expert advice in simple business terms on how to best address your issues through NMS or another provider.  NMS can be reached by phone or email at 908-232-0100 or info@nmscorp.com.  More information on Network Management Solutions can be found at www.nmscorp.com.

 

Financial Fitness For Your Business

You are always on the lookout to fine-tune your business finances. Have you thought about how Information Technology (IT) fits in that picture?  It’s likely you’ve made some significant investments in computers, servers, and networks, but perhaps at the time you didn’t consider it an investment so much as a necessary expense.   The fact is IT can and should make your business much better at what it does.  Not only by providing a utility function, but also serving as a business enabler.  Let’s focus, for instance, on what proper maintenance might do to provide a financial gain right now.

For starter, is scheduled maintenance really necessary for your IT?  Absolutely! Consider your IT as analogous to your car. Most people don’t need the frustrating experience of a roadside breakdown to understand that high-tech equipment functions much better and more reliably with regular checking and attention.  Just like your car, IT that is maintained will serve your needs better, last longer, and hold its value over time.

Not sure?  Consider what a server failure or network outage cost your business in terms of lost opportunity, employee expense or otherwise. For some business owners there is an immediate and quantifiable number obtained.

Less tangibly, but very important to assess, is what does an IT slow-down cost?  That’s a bit tougher to answer, but if your systems are non-productive, so are your employees and that is reflected in the business, including customer satisfaction.

An important final consideration in evaluating the protective benefits of scheduled IT maintenance should be the financial and even legal impacts of losing customer or project data due to a theft or crash.  Properly maintained systems enable the business to do what it does best, deliver on the promise of your brand.

So, in summary, here are the business benefits that scheduled IT maintenance provides:

  • maximum up-time of your systems
  • reduction of unnecessary slow-downs
  • insurance that sensitive information is best protected from data theft
  • certainty that your business can recover systems and information in the event of a failure

Making sound technology investments and maintaining the IT infrastructure is clearly one of the smartest things you can do for the financial success of your business.

 

Superstorm Sandy Tested Business Continuity Plans

Superstorm Sandy ripped through the Northeast at the end of October creating significant damage throughout New York and New Jersey.  Many residents and businesses were without power for days and in many instances weeks. The storm damaged coastal homes and properties and in certain cases devastated entire towns.

How did your business fare during and after the storm? If you were not seriously impacted was it due to being prepared or were you lucky? Were you prepared in that you had a Business Continuity Plan (BCP) in place to call on, or were you lucky that you were able to scramble for alternatives, or were there no significant service disruptions experienced? Did your prior planning ensure that redundancy was available and alternate measures in place to sustain business operations and that those who could not get to work had designees in place to take over in the interim?

Now is the time to take stock of your preparedness and assess what went well and how you might have done better. Many times an outage will expose weaknesses in a company’s BCP and Disaster Recovery Planning.  We heard from numerous businesses that felt the effects of Sandy and realized they were not prepared.  Equipment damage, data losses and long standing service outages and an inability to rapidly provide alternate resources hurt those businesses.

Companies that prepared plans and tested their viability ongoing did remarkably well.  Critical services were available and key business activities continued. The effort to develop, execute and manage the plan was well worth it to those who prepared.

Network Management Solutions provides Business Continuity and Disaster Recovery Planning.  For more information please contact us.

 

Understanding the Cost of IT Outages

You insure your business, home, auto, life, health, maybe even purchase some sort of insurance for information technology.  Utilizing insurance as a tool to mitigate financial risk is common practice. Much of the insurance we purchase we don’t think twice about as we may be mandated to comply or it just makes good logical sense when considering the potential downside.

The same logic however many times does not seem to apply when considering what the cost of an IT outage means to a particular business and what the organization can do to better prepare to mitigate the risk.  Many small to mid-sized businesses knowingly have significant IT risks due to weak implementations and poor operational management and choose to act only when crisis erupts, deferring the obvious believing this is some how sensible.  Many times a major IT disruption severely impacts the business and its ability to operate for an extended period leading to both financial and long-lasting reputational harm.

Perhaps many businesses are not thinking about the daily cost of slow downs, minor outages, and other nuisances which make the staff and business inefficient.  There is a quantifiable cost and in most cases it far exceeds the cost to maintain the right equipment and operational support. Beyond that, proper maintenance ensures that the likelihood of major disruptions are significantly reduced.

Most small to mid sized businesses are experts in areas other then information technology.  Even organizations that properly fund IT initiatives may find it difficult to hire, retain and manage the area. Managed Services Providers can be a beneficial resource to expand technical expertise, oversee key areas, reduce the cost of operations while improving service levels.

For further information about how Network Management Solutions can assist your organization in improving services while effectively managing technology spend please contact us.

 

 

Bring Your Own Device – App Crazy

Information loss happens in a variety of ways.

This can be through cyber theft, unintentional action exposing sensitive data, loss of a device, and a host of other ways.  Many organizations find it hard to consider that there is sensitive information within the company that is of value to others and beyond that perhaps targeted by outsiders and or insiders.

Since the organization rarely considers its “information assets” there is no strategy in place to monitor and mange the exchange of company information.  Not until such time that there is a crisis do many organizations stop and think, “how did this happen”?

The growing acceptance of a “bring your own device to work” is increasing organizational susceptibility to information loss.  iPads, iPhones, Androids, all are welcome.   Compounding the issue is allowing the end user of the device to install whatever apps they might choose.  All apps are not created the same nor appear to be what they are at all times.

Malicious applications, improperly coded apps that contain vulnerabilities, and applications granted permissions on install to sensitive data stores by unknowable users, are all considerable avenues for data loss.

When data losses occur how does the organization know?  If a personal device is lost that contains sensitive information, how is the organization notified?  Are they?  How is the data secured, retrieved, or wiped?

Its too late when business owners face ex-employess who become competitors, or sensitive communications wind up in the hands of competitors, or data losses lead to legal and or PR nightmares.

Clearly any organization that moves forward with BYOD or any mobile strategy without a clear cut plan that is supported by the necessary tools, process and procedures is broadening its potential for data loss.

Bring your own device to work, install your own apps, that’s crazy!

 

 

Ten IT Tips to Protect Your Business

Strong IT practices are essential to the success of any business.  Lacking IT oversight can directly contribute to computer outages, lost data, data thefts, reduced employee productivity and ultimately business losses.  Many organizations struggle with the costs of IT or ignore proper practices until a catastrophic event occurs that threatens the viability of the business.

Break fix service providers, limited in-house resources, lacking tools or manpower to monitor activity do not provide the critical oversight necessary to protect the business.  Extended damages can occur when routine tasks are not managed properly.

Many small to mid sized business owners do not become aware of lacking IT practices until there is a crisis.  While other areas of the business may undergo risk review and mitigation, the information technology area is many times overlooked.  This critical mistake can cost the organization dearly. Lacking attention and oversight of IT  is unwise.  Here are a few tips to help management conduct some oversight of information technology.

1. Set a strategy and framework to guide all activity and ensure  an ongoing dialogue

2. Identify key company data and segment access on a need to know basis

3. Ensure that proper backups are run on a daily basis and that the data is securely stored

4. Ensure that OS updates are reviewed and applied on a regular basis.  Update Antivirus daily.

5. Implement software based firewalls that control application behavior on desktops and servers

6. Implement outbound filtering on network layer firewalls

7. Implement a web based email filtering service and  content filtering service for web browsing

8. Control the use of personal devices for remote access and remote desktop programs like LogMeIn

9. Baseline and monitor the availability, performance and security of your environment ongoing

10. Conduct regular third party reviews of IT practices, business processes, and compensating controls

Most important is to have the proper professionals engaged to manage the infrastructure, protect information assets, provide oversight, and reduce risk within your business. Network Management Solutions provides robust solutions, expertise and resources to complement and support your business objectives.  Please contact us for further information.